CN1728262A - Systme, device and method of providing encryption content via network and decryption to such content - Google Patents

Systme, device and method of providing encryption content via network and decryption to such content Download PDF

Info

Publication number
CN1728262A
CN1728262A CNA2004100557702A CN200410055770A CN1728262A CN 1728262 A CN1728262 A CN 1728262A CN A2004100557702 A CNA2004100557702 A CN A2004100557702A CN 200410055770 A CN200410055770 A CN 200410055770A CN 1728262 A CN1728262 A CN 1728262A
Authority
CN
China
Prior art keywords
key
deciphering
decrypted
encryption
encrypted content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2004100557702A
Other languages
Chinese (zh)
Inventor
彭杨
金盛
何达华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Koninklijke Philips NV
Original Assignee
Koninklijke Philips Electronics NV
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics NV filed Critical Koninklijke Philips Electronics NV
Priority to CNA2004100557702A priority Critical patent/CN1728262A/en
Priority to EP05758468A priority patent/EP1774696A1/en
Priority to PCT/IB2005/052205 priority patent/WO2006013477A1/en
Priority to JP2007523180A priority patent/JP2008508763A/en
Priority to CNA2005800252586A priority patent/CN1989728A/en
Priority to KR1020077004468A priority patent/KR20070039157A/en
Priority to TW094123394A priority patent/TW200704092A/en
Publication of CN1728262A publication Critical patent/CN1728262A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • H04N21/23476Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption by partially encrypting, e.g. encrypting the ending portion of a movie
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • H04N21/44055Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption by partially decrypting, e.g. decrypting a video stream that has been partially encrypted
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8352Generation of protective data, e.g. certificates involving content or source identification data, e.g. Unique Material Identifier [UMID]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17318Direct or substantially direct transmission and handling of requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

A system being used to provide ciphering content through network comprises server including receiver for receiving content download request, generator for generating the first cipher key, ciphering device for providing the ciphering content and for providing the first ciphered key and transmitter for transmitting the ciphering content and the first ciphered key. The equipment used to decipher ciphering content consists of application unit for receiving said content and the first ciphered key through network and cipher key management unit for obtaining the second special cipher key from storage media.

Description

A kind of system of encrypted content being provided and this content is decrypted by network of being used for, equipment and method
Technical field
The present invention relates to a kind of Apparatus and method for that the encrypted content that receives via network is decrypted of being used for.The invention still further relates to a kind of system of encrypted content being provided and this content is decrypted by network of being used for, this system comprises the server of the Web content that is used to provide encryption, the storage medium that is used for the equipment that the Web content of encrypting is decrypted and is used to provide decruption key (for example, record carrier or recording medium), and corresponding method and software program.
Background technology
Now, by CD or internet when content distributed, content protecting becomes one of problem of content provider's major concern for example.The Sapphire system provides accurate protection mechanism, and is introduced into the CD2 standard.In the Sapphire system, the content on the dish (being A/V stream, file or the like) is encrypted, and in Sapphire keylockers (key locker), the decruption key of correspondence is stored as asset key (Asset Key).
No. 03102257.7 european patent application described and has been used to utilize the above-mentioned Sapphire system protection mechanism of mentioning to read disk player (disc player), record carrier and method with the protecting network data, and wherein network data is relevant with the data in being stored in record carrier.
Fig. 1 is the schematic block diagram that illustrates the system of the disk player, dish and the server that comprise No. 03102257.7 patented claim.The system of Fig. 1 comprises disk player 11, dish (disc) 12 and network element 13 (for example, server), shown in network element be used for providing the network data relevant with the dish data 122 that are stored in dish 12.This network element 13 is connected with disk player 11 via the internet.As being shown specifically among 2 figure, except that dish data 122, also store keylockers 121 on the dish 12.Fig. 2 shows the table that illustrates the keylockers content.In the Sapphire system, this keylockers 121 normally comprises the tables of four row, and four classify as: as the sign of the application program of disk player operation and be used to limit application program ID to the visit of keylockers subclass; Be used as with same key Asset ID (Asset ID) that encrypt and that have the sign of identical usufructuary (one group) file; As the asset key of decruption key, this key need be maintained secrecy to the public; And right character string (rightstring), it has undefined format and variable-length.In the system shown in Fig. 1, the right character string comprises the network identifier as the URL of network element 13, and comprises the asset key with the decruption key of doing network data is decrypted.
Disk player 11 comprises two parts: be used for driver 111 and applying unit (Application unit) 112 from record carrier 12 reading of data.Applying unit 112 is made up of check element, access element and deciphering element.In this european patent application, the request that the access element of applying unit 112 at first sends the particular network data from network element 13.Then, driver 111 is retrieved the right character string according to its application program ID from record carrier, and sends the right character string that retrieves to applying unit 112.The check of the check element of applying unit 112 be stored in the right character string URL whether with the URL coupling of the specific network unit 13 that network data is provided.If so, the deciphering element of applying unit 112 is decrypted the refined net data that network element 13 provides with the decruption key that is stored in the right character string.Driver 111 will be retrieved the right character string once more, and will carry out whole process as above again if not so.
By prior art as can be seen, applying unit uses the decruption key identical with asset key that Web content is decrypted.Usually, applying unit is a hardware that is used for carrying out (software) application program, and this application program is similar to the situation of operating system of moving on computers (OS) or software.In this case, the application program of moving in the applying unit is open to attack/invasion, as the hacker software of operation is on computers done.Therefore, the access decryption key is relatively easy, and decruption key is used for Web content is decrypted by applying unit, and should maintain secrecy to the public, and prevents that key is disclosed.
Summary of the invention
Therefore, one object of the present invention is to provide a kind of system of encrypted content being provided and this content is decrypted by network of being used for, equipment and method, and it can reduce key possibility under attack effectively.
According to a first aspect of the invention, this purpose realizes the equipment that the encrypted content that receives via network is decrypted by a kind of being used for is provided, this equipment comprises: applying unit, be used for receiving first key of encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; And cipher key management unit, be used for obtaining the second special-purpose key, and utilize the second special-purpose key that first key of encrypting is decrypted, so that provide first key to come encrypted content is decrypted to applying unit from storage medium.
According to a second aspect of the invention, a kind of system of encrypted content being provided and this encrypted content being decrypted of being used to is provided, this system comprises the server that is used to provide encrypted content, be used for equipment and storage medium that encrypted content is decrypted, wherein, server also is set to comprise: receiver is used for from the equipment received content download request that is used to decipher; Generator is used for response request and generates first key; Encryption equipment is used to utilize first key to come content-encrypt so that encrypted content is provided, and utilizes the second special-purpose key to come first secret key encryption so that first key of encryption is provided; And transmitter, be used to send first key of encrypted content and encryption; And the equipment that is used for that encrypted content is decrypted also is set to comprise: applying unit, be used for receiving first key of encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; And cipher key management unit, be used for obtaining the second special-purpose key, and utilize the second special-purpose key that first key of encrypting is decrypted, so that provide first key so that encrypted content is decrypted to applying unit from storage medium.
According to a third aspect of the invention we, a kind of method that the content that receives via network is decrypted is provided, this method may further comprise the steps: first key that receives encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; From storage medium, obtain the second special-purpose key; And utilize the second special-purpose key that first key of encrypting is decrypted, so that provide first key so that encrypted content is decrypted to applying unit.
According to a forth aspect of the invention, a kind of computer program that the content that receives via network is decrypted is provided, this computer program comprises: first software section, be used for receiving first key of encrypted content and encryption via network, wherein first key is associated with the encryption of content, and the second special-purpose key is associated with the encryption of first key; Second software section is used for obtaining the second special-purpose key from storage medium, and utilizes the second special-purpose key that first key of encrypting is decrypted, so that provide first key so that encrypted content is decrypted to applying unit.
The applicant notices, cipher key management unit (for example, driver) is parts that use by equipment basically, consistance rule with himself (for example, the rule of abideing by the Sapphire system), and have interface between itself and the applying unit via secure authenticated channel (SAC), secure authenticated channel is pre-defined by the Sapphire system.Therefore, as the extremely difficult attack that is subjected to resembling applying unit takes place of the cipher key management unit of single parts.
According to decryption system of the present invention, equipment and method, second key (promptly, asset key) maintains secrecy to using the unit, applying unit only uses the response contents download request and first key that generates at random, and cipher key management unit is to know the only element of asset key, and this is more comparatively safe and more stable than applying unit.Given this, equipment of the present invention and method prevent that more effectively content protecting key (for example, asset key) is under attack.
Description of drawings
Referring now to accompanying drawing embodiments of the invention are discussed by way of example, wherein identical drawing reference numeral relates to identical part, and wherein:
Fig. 1 is the structural representation block diagram that illustrates the system that network data is decrypted according to prior art, and wherein system comprises disk player, server and record carrier;
Fig. 2 shows the table of the keylockers on the record carrier that is stored in Fig. 1;
Fig. 3 is the structural representation block diagram that illustrates the system that network data is decrypted according to first embodiment of the invention, and wherein system comprises disk player, server and record carrier; And
Fig. 4 is the structural representation block diagram that illustrates the system that network data is decrypted according to second embodiment of the invention, and wherein system comprises disk player, server and record carrier.
Embodiment
In Fig. 3, show according to first embodiment of the invention be used to provide network data and the structure of system that network data is decrypted.This system comprises the server 31 that is used to provide encrypted content, be used for disk player 32 that encrypted content is decrypted, and the dish 33 that is used to store keylockers 121 as shown in Figure 2 and coils data 122, wherein disk player 32 is connected with server 31 via network, and server is shared the relevant information that is stored in the keylockers on the dish.Server also comprises the receiver (not shown), be used for receiving the request of downloading the Web content relevant with the dish data from disk player, wherein preferably, on dish, stored under the situation of various dish application programs (for example a plurality of java application bag), this request comprises application program ID (for example, the application program ID 2 in the keylockers of Fig. 2); Generator 311 is used for generating password (pass phase) randomly in response to request; Encryption equipment 312, be used to utilize password that the Web content of being asked is encrypted, this Web content is stored in the content library 313, use then from dish cipher key shared case the asset key selected, asset key ASDF1234 in the keylockers for example shown in Figure 2, password encrypted (, below this asset key is called dedicated asset key (dedicated asset key) in order to distinguish the other assets key that is stored in the keylockers.Can also select this dedicated asset key that the password that other generate is at random encrypted); And transmitter, be used to send the password of encrypted content, encryption and the Asset ID that is associated with dedicated asset key, for example Asset ID among Fig. 2 80.
Disk player 32 comprises applying unit 321, is used to receive the encrypted content that comes from server 31, the password and the related Asset ID of encryption, and is used to utilize password that encrypted content is decrypted; Driver 322 is used for retrieving dedicated asset key according to the Asset ID of association from the keylockers 121 that is stored in dish 33, and utilizes dedicated asset key that the password of encrypting is decrypted, so that provide password to applying unit.
Applying unit 322 also comprises access element, is used to receive the encrypted content that comes from server, the password and the Asset ID of encryption, sends the password of encryption and the password of the deciphering that reception comes from driver to driver; And the deciphering element, be used to use the password of deciphering that encrypted content is decrypted.Driver 322 also comprises access element, is used for retrieving dedicated asset key according to Asset ID from the keylockers that is stored on the dish, and the password of deciphering is sent to applying unit via secure authenticated channel (SAC); And the deciphering element, the dedicated asset key that is used to utilize retrieval is decrypted the password of the encryption that receives from applying unit.
The process that the system of first embodiment of the invention provides network data and network data is decrypted will be described below:
At first, the access element of applying unit sends content download request to server.Then, server generates password randomly in response to this request.Here, content download request is optionally for the generative process of random password, and server can be that the basis generates password with time.Then, the server by utilizing password is encrypted the Web content of being asked, and utilizes dedicated asset key that password is encrypted.
To comprise that the password of Asset ID, encryption and the data of encrypted content send to applying unit, wherein the password with Asset ID and encryption sends to driver.Driver receives password and the Asset ID of encrypting from applying unit, then according to retrieving asset key the keylockers of Asset ID from dish.Then, the asset key of driver utilization retrieval is decrypted password, and sends the password of deciphering to applying unit via SAC.At last, applying unit uses the password of the deciphering that is sent by driver that encrypted content is decrypted.
From above description as can be seen, in the whole process that the content that receives via network is decrypted, applying unit is not directly to preserve and handle asset key.On the contrary, applying unit uses the password that generates at random that Web content is decrypted.Therefore, the possibility that can retrieve asset key from applying unit is zero basically.In addition, because the above embodiment of the present invention is not used the right character string field in the keylockers that is stored on the dish, so the row of right character string are empty.Whether use right character string field to depend on each application program.
Figure 4 illustrates according to second embodiment of the invention be used to provide network data and the structure of system that network data is decrypted.Difference between Fig. 3 and 4 the system is: the generator 311 of the applying unit 421 of Fig. 4 also generate meet the predefined data structure cycle tests (promptly, bit sequence), definition such as sequence length, certain bits, and applying unit 421 also comprises retrieve element, is used to deciphering element retrieve password so that Web content is decrypted.
To describe below according to process second embodiment of the invention, that network data is provided and network data is decrypted by the system of Fig. 4.
In Fig. 4, the access element of applying unit 421 sends content download request to server 31.Then, the generator 311 of server produces password and cycle tests randomly in response to this request.As mentioned above, this request is optionally for the generation of password, and generator can be that the basis generates data with time.The encryption element 312 of server utilizes the password that generates that the content that is stored in the content library 313 is encrypted, utilize dedicated asset key that password and cycle tests are encrypted then, this dedicated asset key is from electing the 33 cipher key shared case information with dish.The transmitter of server (not shown among Fig. 4) sends the password and the cycle tests of encrypted content, encryption to disk player 32.
The access element of the applying unit 421 of disk player is passed on password and the cycle tests of encrypting to driver 322.Read all asset key in the clauses and subclauses that are associated with application program ID the keylockers 121 of the access element of driver 322 on being stored in dish 33, and the asset key that is read comprises dedicated asset key, and this dedicated asset key is selected so that password and cycle tests are encrypted by server.Then, the deciphering element of driver utilizes each asset key that reads that password and cycle tests are decrypted, so as to applying unit 421 provide with respect to each asset key many to the deciphering password and cycle testss.The access element of applying unit 421 was received many passwords and cycle tests to deciphering from driver after, the retrieve element of applying unit 421 was retrieved the password and the cycle tests of a pair of deciphering, and wherein Xie Mi cycle tests meets predefined data structure.Then, the deciphering element of applying unit uses the password of retrieval that the encrypted content of receiving from server is decrypted.
That summarizes says, discloses to be used to provide network data and the system that network data is decrypted, equipment and method.It should be understood that those skilled in the art can make any modification, interpolation and additional to the present invention, these contents all fall within the protection domain that requires in the appended claims.
For instance, according to second embodiment, the encryption element of server 31 utilizes dedicated asset key that cycle tests is encrypted.Yet those skilled in the art can suspect encryption element and can also utilize password that cycle tests is encrypted.In this case, the deciphering element of driver 322 only utilizes each asset key that reads that the password of encrypting is decrypted, and the password of a plurality of deciphering is provided to the access element of applying unit 421.Then, the deciphering element of applying unit utilizes the password of each deciphering that the cycle tests of encrypting is decrypted, and provide many cycle tests and passwords to deciphering to retrieve element, so that retrieve the cycle tests and the password of a pair of deciphering, wherein cycle tests meets predefined data structure.Then, the password of the deciphering element utilization of applying unit retrieval is decrypted the encrypted content from downloaded.
In addition, in all embodiment of the present invention, by password Web content is encrypted, and password is encrypted by dedicated asset key.It will be understood by those skilled in the art that and to use any alternative to carry out encryption Web content and password.For example; Web content is not all to encrypt by content protecting key (for example dedicated asset key); and just part is encrypted; for example have only that file headers/important parameters/or specific part is encrypted; password not only comprises encrypted content protection key simultaneously, but also comprises that some shows the data which partial content is encrypted.
In addition, in an embodiment, being used for the equipment that network data is decrypted is disk player.Yet all those skilled in the art can be contemplated to other equipment, such as having the computing machine that is used to read the driver that is stored in the data on the storage medium.The cipher key management unit that the driver functions of disk player can also utilize compression to dodge card (for example smart card or usb memory stick) form realizes, perhaps utilizes the chip (chip on the so-called dish " Chip-in-Disc " technology) that is attached to record carrier to realize.

Claims (18)

1. one kind is used for equipment that the encrypted content that receives via network is decrypted, comprising:
Applying unit is used for receiving via described network first key of described encrypted content and encryption, and wherein said first key is associated with the encryption of described content, and the second special-purpose key is associated with the encryption of described first key; And
Cipher key management unit, be used for obtaining second key of described special use from storage medium, and second key that utilizes described special use is decrypted first key of described encryption, so that provide described first key that described encrypted content is decrypted to described applying unit.
2. equipment as claimed in claim 1, wherein said applying unit also are set to via described network reception hint.
3. equipment as claimed in claim 2, wherein said index are the data corresponding to second key of described special use.
4. equipment as claimed in claim 3, wherein said cipher key management unit also are set to retrieve from described storage medium according to described index second key of described special use.
5. equipment as claimed in claim 4, wherein said applying unit comprises:
First access element is used for receiving via described network first key and the described index of described encrypted content, described encryption, and first key and the described index of described encryption is transmitted to described cipher key management unit; And
The first deciphering element is used to utilize described first key that comes from described cipher key management unit that described encrypted content is decrypted.
6. equipment as claimed in claim 5, wherein said driver comprises:
Second access element is used for according to described index from the described private key of described storage medium retrieval;
The second deciphering element, second key that is used to utilize the described special use that comes from described second access element is decrypted first key of described encryption, and provides described first key to described second access element, so that it is transmitted to described applying unit.
7. equipment as claimed in claim 2, wherein said index is a ciphered data, the predefined data structure of this data fit.
8. equipment as claimed in claim 7, wherein said cipher key management unit also is set to read a plurality of second keys from described storage medium, wherein said a plurality of second key comprises second key of described special use, and utilize each described second key that first key and the described index of described encryption are decrypted, so that provide many to first key of deciphering and the index of deciphering.
9. equipment as claimed in claim 8, wherein said applying unit also is set to according to described predefined data structure, the index of a pair of deciphering of retrieval from described cipher key management unit and first key of deciphering, and utilizes first key of described retrieval that described encrypted content is decrypted.
10. equipment as claimed in claim 9, wherein said applying unit comprises:
First access element, be used for receiving first key and the described index of described encrypted content, described encryption via described network, first key and the described index of described encryption are transmitted to described cipher key management unit, and reception comes from the described many to the index of deciphering and first key of deciphering of described cipher key management unit; And
First retrieve element is used for retrieving the index of a pair of deciphering and first key of deciphering according to described predefined data structure; And
The first deciphering element is used to utilize first key of described retrieval that described encrypted content is decrypted.
11. as the equipment of claim 10, wherein said cipher key management unit comprises:
Second access element is used for reading a plurality of second keys from described storage medium; And
The second deciphering element, be used to utilize each first key of described a plurality of second keys to be decrypted to described encryption, and provide described many to first key of deciphering and the index of deciphering, so that it is transmitted to described applying unit to described second access element.
12. equipment as claimed in claim 7, wherein said applying unit also is set to utilize first key of the described a plurality of deciphering that come from the described cipher key management unit that described index is decrypted, so that provide many to the index of deciphering and first key of deciphering, retrieve the index of a pair of deciphering and first key of deciphering according to described predefined data structure, and utilize first key of described retrieval that described encrypted content is decrypted.
13. equipment as claimed in claim 12, wherein said applying unit comprises:
First access element, be used for receiving first key and the described index of described encrypted content, described encryption via described network, first key of described encryption is transmitted to described cipher key management unit, and receives first key of a plurality of deciphering that come from described cipher key management unit;
The first deciphering element is used to utilize first key of the described a plurality of deciphering that come from described cipher key management unit that described index is decrypted, so that provide many to the index of deciphering and first key of deciphering; And
First retrieve element is used for retrieving the index of a pair of deciphering and first key of deciphering according to described predefined data structure, so that the described first deciphering element utilizes first key of described retrieval that described encrypted content is decrypted.
14. equipment as claimed in claim 13, wherein said cipher key management unit comprises:
Second access element is used for reading described a plurality of second key from described storage medium; And
The second deciphering element is used to utilize each first key to described encryption of described a plurality of second keys to be decrypted, and provides first key of described a plurality of deciphering to described second access element, so that it is transmitted to described applying unit.
15. one kind is used for computer program that the encrypted content that receives via network is decrypted, comprises:
First software section is used for receiving via described network first key of described encrypted content and encryption, and wherein said first key is associated with the encryption of described content, and the second special-purpose key is associated with the encryption of described first key; And
Second software section, be used for obtaining second key of described special use from storage medium, and second key that utilizes described special use is decrypted first key of described encryption, so that provide described first key so that described encrypted content is decrypted to described applying unit.
16. record carrier that comprises computer program as claimed in claim 15.
17. one kind is used to the system that encrypted content is provided and described encrypted content is decrypted, and comprise the server that is used to provide described encrypted content, be used for equipment and storage medium that described encrypted content is decrypted, wherein,
Described server also comprises:
Receiver is used to receive the content download request from described decryption device;
Generator is used for generating first key in response to described request;
Encryption equipment is used to utilize described first key described content to be encrypted so that described encrypted content is provided, and utilizes the second special-purpose key described first key to be encrypted so that first key of encryption is provided; And
Transmitter is used to send first key of described encrypted content and described encryption; And
Described decryption device is as described in arbitrary claim among the claim 1-14.
18. the method that the encrypted content that receives via network is decrypted may further comprise the steps:
Receive first key of described encrypted content and encryption via described network, wherein said first key is associated with the encryption of described content, and the second special-purpose key is associated with the encryption of described first key;
Obtain second key of described special use from storage medium; And
Second key that utilizes described special use is decrypted first key of described encryption, so that provide described first key so that described encrypted content is decrypted to described applying unit.
CNA2004100557702A 2004-07-29 2004-07-29 Systme, device and method of providing encryption content via network and decryption to such content Pending CN1728262A (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
CNA2004100557702A CN1728262A (en) 2004-07-29 2004-07-29 Systme, device and method of providing encryption content via network and decryption to such content
EP05758468A EP1774696A1 (en) 2004-07-29 2005-07-04 Device and method for providing and decrypting encrypted network content using a key encryption key scheme
PCT/IB2005/052205 WO2006013477A1 (en) 2004-07-29 2005-07-04 Device and method for providing and decrypting encrypted network content using a key encryption key scheme
JP2007523180A JP2008508763A (en) 2004-07-29 2005-07-04 Apparatus and method for providing and decrypting network content encrypted using key encryption key scheme
CNA2005800252586A CN1989728A (en) 2004-07-29 2005-07-04 System, device and method for providing encrypted content and decrypting said content by network
KR1020077004468A KR20070039157A (en) 2004-07-29 2005-07-04 Device and method for providing and decrypting encrypted network content using a key encryption key scheme
TW094123394A TW200704092A (en) 2004-07-29 2005-07-11 Device and method for providing and decrypting encrypted network content

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2004100557702A CN1728262A (en) 2004-07-29 2004-07-29 Systme, device and method of providing encryption content via network and decryption to such content

Publications (1)

Publication Number Publication Date
CN1728262A true CN1728262A (en) 2006-02-01

Family

ID=34972552

Family Applications (2)

Application Number Title Priority Date Filing Date
CNA2004100557702A Pending CN1728262A (en) 2004-07-29 2004-07-29 Systme, device and method of providing encryption content via network and decryption to such content
CNA2005800252586A Pending CN1989728A (en) 2004-07-29 2005-07-04 System, device and method for providing encrypted content and decrypting said content by network

Family Applications After (1)

Application Number Title Priority Date Filing Date
CNA2005800252586A Pending CN1989728A (en) 2004-07-29 2005-07-04 System, device and method for providing encrypted content and decrypting said content by network

Country Status (6)

Country Link
EP (1) EP1774696A1 (en)
JP (1) JP2008508763A (en)
KR (1) KR20070039157A (en)
CN (2) CN1728262A (en)
TW (1) TW200704092A (en)
WO (1) WO2006013477A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856322A (en) * 2012-11-28 2014-06-11 英飞凌科技股份有限公司 Methods and systems for securely transferring embedded code and/or data designed for device to customer
CN107534559A (en) * 2015-04-07 2018-01-02 Divx有限责任公司 Use the dialogue-based watermark of the media content of stream of encrypted content
CN109040107A (en) * 2018-08-29 2018-12-18 百度在线网络技术(北京)有限公司 Data processing method, server, unmanned equipment and readable storage medium storing program for executing

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105471832A (en) * 2014-10-22 2016-04-06 航天恒星科技有限公司 Processing method and device of IP packet in satellite communication
CN105337954A (en) * 2014-10-22 2016-02-17 航天恒星科技有限公司 Method and device for encryption and decryption of IP message in satellite communication
US10601588B2 (en) 2014-11-18 2020-03-24 Nokia Technologies Oy Secure access to remote data
DE102019212959B3 (en) * 2019-08-28 2021-03-04 Volkswagen Aktiengesellschaft Method for protected communication between a vehicle and an external server, device for carrying out key derivation in the method and vehicle

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4078802B2 (en) * 2000-12-26 2008-04-23 ソニー株式会社 Information processing system, information processing method, information processing apparatus, information recording medium, and program recording medium
DE60202568T8 (en) * 2001-08-08 2005-10-20 Matsushita Electric Industrial Co., Ltd., Kadoma Copyright protection system, recording device, and playback device
EP1501304A1 (en) * 2003-07-23 2005-01-26 Axalto S.A. Procedure for monitoring the usage of a broadcasted content

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856322A (en) * 2012-11-28 2014-06-11 英飞凌科技股份有限公司 Methods and systems for securely transferring embedded code and/or data designed for device to customer
CN103856322B (en) * 2012-11-28 2018-09-14 英飞凌科技股份有限公司 Method and system for the embedded code and/or data safety that are designed for equipment to be sent to client
CN107534559A (en) * 2015-04-07 2018-01-02 Divx有限责任公司 Use the dialogue-based watermark of the media content of stream of encrypted content
CN107534559B (en) * 2015-04-07 2019-06-04 Divx公司 The method of dialogue-based watermark for media content
CN109040107A (en) * 2018-08-29 2018-12-18 百度在线网络技术(北京)有限公司 Data processing method, server, unmanned equipment and readable storage medium storing program for executing

Also Published As

Publication number Publication date
WO2006013477A1 (en) 2006-02-09
TW200704092A (en) 2007-01-16
EP1774696A1 (en) 2007-04-18
JP2008508763A (en) 2008-03-21
KR20070039157A (en) 2007-04-11
CN1989728A (en) 2007-06-27

Similar Documents

Publication Publication Date Title
US7155745B1 (en) Data storage device provided with function for user's access right
US8694799B2 (en) System and method for protection of content stored in a storage device
US20060149683A1 (en) User terminal for receiving license
US20130346492A1 (en) Content Reading System and Method
JP4167476B2 (en) Data protection / storage method / server
CN1771487A (en) Method and apparatus for limiting number of times contents can be accessed using hashing chain
CN1263305A (en) Digital data file scrambler and its method
CN1820482A (en) Method for generating and managing a local area network
CN1783102A (en) Method and device for copy protection
EP1320796A2 (en) Protect by data chunk address as encryption key
WO2009010985A2 (en) Method and apparatus for securing data and communication
CN1989728A (en) System, device and method for providing encrypted content and decrypting said content by network
CN101345624A (en) Document access system and method
KR101036701B1 (en) System for binding secrets to a computer system having tolerance for hardware changes
US8281155B1 (en) Content protection using block reordering
JP2002539545A (en) Anonymization method
Babatunde et al. Information security in health care centre using cryptography and steganography
JP2009122731A (en) System for safely transmitting and/or managing file
US20100293390A1 (en) Secure movie download
CN1223946C (en) Method for safety managing information of data base
CN1826569A (en) Record carrier, read-out device and method for reading carrier data and network data
CN212969708U (en) Campus network safety protection system
WO2004114122A2 (en) Secure number generator and content distribution network employing the same
US20150371013A1 (en) Method and system for locking content
JP6919484B2 (en) Cryptographic communication method, cryptographic communication system, key issuing device, program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication