TW200527208A - File access controlling method and file access controlling system for digital rights management - Google Patents

File access controlling method and file access controlling system for digital rights management Download PDF

Info

Publication number
TW200527208A
TW200527208A TW93132986A TW93132986A TW200527208A TW 200527208 A TW200527208 A TW 200527208A TW 93132986 A TW93132986 A TW 93132986A TW 93132986 A TW93132986 A TW 93132986A TW 200527208 A TW200527208 A TW 200527208A
Authority
TW
Taiwan
Prior art keywords
file
module
access control
item
access
Prior art date
Application number
TW93132986A
Other languages
Chinese (zh)
Other versions
TWI266190B (en
Inventor
Yi-Lin Wu
I-Ta Wu
Original Assignee
Yizai Internat Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yizai Internat Corp filed Critical Yizai Internat Corp
Priority to TW93132986A priority Critical patent/TWI266190B/en
Publication of TW200527208A publication Critical patent/TW200527208A/en
Application granted granted Critical
Publication of TWI266190B publication Critical patent/TWI266190B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

A file access controlling method applied to a network for controlling access of a file transferred via a predetermined transmission scheme. The file access controlling method includes obtaining a characteristic data corresponding to the file, and comparing a look-up table with the characteristic data, wherein if the look-up table includes a record corresponding to the characteristic data, an access limitation is imposed on the file according to the record to control access of the file.

Description

200527208 九、發明說明: 【發明所屬之技術領域】 本發明提供一種控制檔案存取的方法與系統,尤指一種應用 於數位版權管理的播案存取控管方法及槽案存取控管系統。 【先前技術】 一般來說,在電腦網路中,檔案的分享方式大致可劃分成兩 個架構··主從式(Client-server)架構與點對點架構。如 業界所習知’域式架構包含有—彳·器(⑽而)以及至少一個 使用端(client),飼服器與使用端之_藉由資料傳輸媒介(譬如 有線網路或無_路)來傳遞訊息,錢_之間職案交換均需 經由伺服器來進行。舉例來說,# —第—使用端想要分享某個槽 案的時候’第-使用端_先把其欲分享的職上傳至饲服器, =-方面,當-第二使用端要取得伺服器由第一使用端所分享的 稽案時’第二使用端必須把檔案從鑛財下載下來。 這樣的主從式轉擁有—.些伽,其中由於所有的槽案交換 均而要透過概ϋ來完成,因此,對於齡的控管非常方便。舉 200527208 例來說,細健只S要從伺㈣上着—分⑽料資料或程 式軟體’則·端就沒有騎侧服紅面獲_分享的影音資 料或程式軟體;又或者是恤器藉由一習知數位版權管理卿W nghts _gement,DRM)的操作’來對一影音資料或程式軟體施加 存取限希J 口此’使用%只能得到經過伺服器處理過後的影音 資料(譬如試聽曲目)或程式軟體(譬如軟體試用版),如此一來, 習知主從式架構便可以確實達到檔案控管的目的。 然而’在擁有這些優點_時,主從式架構也必然承擔了一 些缺點。舉例來說’伺服器的服務提供者必須要花費大量的人力 與物力來册職的控紅作,此外,於使用端與舰器建立連 線時’服務提供者必須使伺服器具有足夠的頻寬以使使用端可順 利地存取伺服益,當使用端的數目相當龐大時,則頻寬的使用量 也大件駕人’而且由於資料幾乎都儲存於飼服器中,服務提供者 也必姑提供大里的儲存空間,然而,當儲存空間因為成本考量 而有所限制的時候,服務提供者勢必需筛選儲存於伺服器中的資 料,如此便使得資料的流通量大幅減少。 因此,習知點對點(peer_t〇_peer)架構遂應運而生,在此一架構 ^ ’所有分旱的資料都是由使用端所提供,換句話說,當一使用 端想要某-特定職的時候,會由另—使用端來提供該特定檔 200527208 案,並將該特定檔案傳輪至該使用端。如此一來,頻寬的需求跟 儲存空間的成本便能分散至使用端,此外,資料的流通性也大大 增加(不受伺服器之儲存空間限制),因此,服務提供者只需要提供 點對點傳輸的相關程式,其不再需要付出大筆的成本,對使用端 以及服務提供者都是一大福音。 不過,同樣地,點對點架構也會有相對應的缺點,一般而言, 點對點架構是餘在使用端彼此間的資料交換,亦即資料交換不 需經由伺服器來控制,因此對於檔案的控管上便具有一定的難 度。舉例綠,沒魏_倾歧料資料可魏糾地在網 路上散播’而在資料錢無遠絲的_,合法的健供應商或 是電視媒體業者便沒有辦法受到版權的賴,因此造成了莫大的 問題。 、 【發明内容】 因此本發曰月之主要目的之-在於提供—種檔案存取控管方法 與樓案存取控管純,哺決習知點對點_+無法做 管的問題。 根據本翻之㈣專利細,其简露__轉取控管方 200527208 法。該播雜取控管方法係應用於-網路,絲管⑽-預定檔 木傳輸方式傳輸之—檔案之存取。該槽案存取控管方法包含有: 、子”表X儲存複數個紀錄,每一紀錄係對應一特定存取限 制條件’、#&特徵資料,·取得對應該標案之—特徵資料,·以及 比較該取得之特徵資料與該對照表,若該對照表中包含有對應該 特徵貝料之—紀錄,職魏紀賴賴案施加-存取限制條件 以控管該檔案之存取。 〜此外’本發明另财一種播案存取控管系統。該槽案存取控 ^統係朗於1路,絲管制以—預定職傳輸方式傳輸之 t案之存取。該餘存取控管系統包含有:—第—記憶模組, 用來館存—對照表,其中該對照表係儲存複數她錄,每-紀錄 係對應-特定存取限制條件與—特定特徵資料;—檢測模組,用 對應案之—概以及—鮮触,減於該第 心隐模組無檢聰組,絲比較該取得之特徵資料與該對照 2其中若鱗絲巾包含錢應該舰㈣之—域,則雜 4組根翁紀錄_職施加—存祕娜件啸管該槽 存取。 ” 正墟ί㈣所揭露的檔案存取控管方法以及檔案存取控管系統可 控管在網路上所傳播的龍或播案,對沒有經過授權的樓案 200527208 2料施加^定處理,使得原本在輯點_巾,盜版資料或 疋影音媒體無法控管的情形可大為改善。 【實施方式】 在以下的揭露之中,雜用點對點的傳輸方絲作為說明, 在此睛注意’點對點傳輸方式健只為本發明的較佳實施例,而 非本發明的限制條件。 立切參閱第1圖’第旧為本發明槽案存取控管系統_的示 f圖。如第1圖所示’播案存取控管系統觸包含有-中介舰 态⑽’傳廷端120用來傳送一檔案,以及一接收端13〇用來接 收傳送端12〇所輸出的檔案。中介伺服器ιι〇包有一記憶模組 2來儲存對照表112。傳送端12〇包含一雜凑值師㈣ 產生模組121,—加密模組124,以及一記憶模組122,用來儲存 一絲函柄(hashfimeti()n⑺de)123,以及—崎程式碼125。接 收端130包合—檢測模組131,—控管模組132,-解密模組137, 以及-記憶模組133用來儲存一檢測程式碼134,一控管程式碼 人乂及解进程式石馬138,此外,本實施例中,控管程式碼135 ’、 數位版權管理(digital rights management, DRM )程式 馬 祂案存取控管系統100的功能與運作將於下詳述。 200527208 圖所不之赌存取控管系統1〇〇 。槽案存取控管系統100的運作 請參閱第2圖,第2圖為第j 進行槽案存取控管的操作流程圖 包含有下列步驟·· 步驟200 :開始; 步驟201 ·傳送端120加密一欲傳輸之播案; 步雜:傳送請根據該檔案的内容,產生—雜凑值並附加該 雜湊值至該權案中,· 步驟204 :傳送端120將該檔案傳送至接收端13〇 ; 步驟206 :接收端13〇取得對應該檔案之雜凑值; 步驟208:接收端 干乂以職賴-對照表,若該對照表中^ 含有對應該雜湊值之-紀錄,則根據該紀錄__ 施加-數錄鮮_作,崎定—麵限制條= 進一步地控管該檔案之存取; 步驟209 ··接收端130解密該槽案;以及 步驟210 :結束。 首先,接收端130依據點對點的傳輸機制來向 求—⑻下載-檔案,而傳送端⑽在輪出接收端二 的槽案之前(步_),傳送端120内部的加密模組124合執; 200527208 儲存於記憶模組122中的+ 俨安,在此4立Μ赞函式碼125 (步驟2〇1),以加密該 寺田木在此研,主思,檔案的加 另贅述。 饵在方式已為業界所習知,在此不 接著,傳送端12G内部的雜凑值產生模組m會執行儲存於 記憶模組122中的雜湊函式 轨仃縣於 > 123,以根據該槽案的内容與-雜凑 轉值,細蝴 (步驟202),在此請注音,施* 豐mu μ 〜雜凑函式以及雜湊值的方式已為 業界所習知,故其詳_顯舰在此不另贅述,理論上 :=謝啊目_祕,嫩說,嶋織 關疋—對—的對顧係,曝雜湊值的目的係在於使 ===_雜_細繼_收的播案類 禮、接者傳运端120便將該檔案經由網路(有線網路或無線網路)· 送至接收端130 (步驟2〇4),而當接收端13〇順利地接收該檔 案後,接收端130就會利用内部的檢測模組⑶,來執行儲存於記 憶模組133的檢測程式碼134以取得該雜凑值(步驟施),並且 接收端130同時會利用内部的控管模組m來執行控管程式碼’ ⑶’以比較該雜湊值與儲存於中介飼服㈣1〇〇中記憶模組⑴裡 的對照表112,本實施例中,若對照表112中包含有對應該雜凑值 11 200527208 之-紀錄,則控管模組135便會依據該紀錄來執行控管程式碼⑶ 中的數位版權管理程式碼136,以進_步地對該_施加—存取限 制條件以控管該檔案之存取(步驟208)。 當前述之步驟進行完畢之後,接收端130内部的解密模組137 會執行儲存於記憶模組133中的解密函式碼138 (步驟2〇ι),以 解欲該槽案’至此,職存取控H統觸便完成整個標案存取 控管的操作(步驟210)。 在此另舉一實例以附加說明如何控管檔案的存取,一般來 說’服務提供者會提供一特定軟體予傳送端120與接收端13〇,而 傳送端120與接收端130則必須安裝該特定軟體才能達到點對點 的傳輸目的,進而交換欲分享的檔案;此外,服務提供者為了維 濩s去軟體或是影音媒體的版權,其會先與合法的版權擁有者協 商出—特定的軟體控管方式,譬如對於一唱片公司所出版的音樂 歌曲’該唱片公司只容許使用端可試聽三次,或者,對於一軟體 業者所發行的軟體,該軟體業者僅僅只允許使用端可試用3〇天, 當然亦可採用更複雜的控管方式,譬如,針對某位歌手演唱的歌 曲或是針對某些特殊的應用軟體,會施加更多的存取限制。因此, 服務提供者最後就會根據這些協商後的控管方式,在中介伺服器 110上面建立起相對應的對照表U2 ’並將對照表U2儲存在中介 12 200527208 伺服器的記憶模組in裡面。 在此請參照第3圖,第3圖為第i _示之對照表⑴的示 意圖。如前所述,由於-個檔案經由雜凑函式竭⑵所對應的雜 凑函式處理後會對應-個特定的雜驗’因此只要_對照表 112,就可以知道對應該難的存取關條件㈣㈣,舉例來^, 如果-預定檔案的雜凑值是8163 ’而且服務提供者與該槽案的版 權擁有者協商出該預定槽案的控管方式係為,,試用3〇天,,,那麼對痛 照表m巾就會包含有相職的紀軸供接下來的步驟使用。 如先前所述,傳送端120與接收端130會安裝支 輸的特定軟體’而該特定軟體包含有前述的加密程式仙$、解密 程式碼Π8、雜湊函式碼123、檢測程式碼m、控管程式碼比 以及數位版權管理程式碼136,並且傳送端⑽與接收端⑽的處 理器會分別執行上述的各個程式碼以達到各項功能,舉例來說,籲 在傳送端120傳送-檔案至接收端13〇之前,傳送端12〇的處理 器(在此可視為絲做生做12〇之-實_)會猜該特定軟 體’因此便會執行該特定軟體巾的加練式碼125,以加密該檔 案以及執行雜凑函式碼⑵,以根據該槽案的内容將該檔案經過 一雜凑函式的運算,產生一雜湊值(例如前述的雜湊值”咖”)並附 加該雜湊值機鶴,接著,傳送端m便經細路傳送該標案 13 200527208 至接收端130。接收端130的處理器(在此可視為檢測模組13ι以 及控管模組132的-實酬)也會執行轉錄體來触該槽案, 因此該特定軟體中的檢測程式碼134及控管程式碼135就在此時 被執行,亦即,檢測程式碼134會先轉對應該檔案的雜凑值, 而控管程式碼135會進-步地比較檢測程式碼m所取得的雜渗 值與中介伺服器no中所儲存的對照表112,若對照表112中包含 有對應該雜雜之紀錄⑽如前述的”_ 3G天”),那麼接收端⑽ 的處理n就會麻_姆錄魏錄縣理財碼i36,以進 -步地對該檔案施加__數位版權管理的操作,換言之,數位版權 管理程式碼丨36會對該難奴翁,期3G天”的存取限制條 件;最後,接《 m的處理ϋ會執行該特定軟體中的解密程式 碼138,以將已加密的該檔案還原回原本未加密的該播案,以供後 績的使用者使用。 *在此請注意,本發明的檔案存取控管系統係由硬體配合軟體# 實知’然r?ij,貫際上健柳硬體亦可加以實施,在以上的揭露 之中’硬體配合軟體的做法健只用以·,而縣發_限制。 此外,在對照表112中,本發明僅僅只需要能夠用來區別不 :棺案的特徵資料即可,並不—定要利雜凑值才可實施,舉例 “兒本么月亦可利用该檔案的檔案名稱或檔案建立時間等資料 14 200527208 來建立所需的對照表112,換句話說,上述實施例中,利用雜湊值 的做法僅僅只為本發明的說明,而非本發明的限制。因此,請注 意,本發明雜湊值產生模組121以及雜湊函式碼123係配合雜湊 值來使用,換句話說’如果如前所述,本發明可不利用雜凑值的 . 方式予以實施,那麼本發明便不需使用雜湊值產生模組以及 , 雜湊函式碼123,換言之,雜湊值產生模組121以及雜凑函式碼 123係為選擇性(〇pti〇nal)的元件,並非本發明的限制。 在此請另注意,為了防止接收端130的使用者,為了逃避本 發明的槽案存取控管方法’而惡意中斷接收端⑽與中介伺服器 110之連線,致使本發_控管模、组132無法完鱗照表112與前 述的特徵值的比對,因此本發明於傳送該檔案前加密該槽案,並 且在控管模組I32完成崎並對該齡施加—存取關後,解密 該槽案,如此便可防止前述的問題;然而,加解密操作並非為本 發明的限制,亦即本發明的槽案存取控管系統以及檔案存取控管Φ =法無須附加前述的加解密操作亦可實施,換言之,於前述的揭 f之中,加密模組124,加密程式碼125,解密模組137,以及解 岔程式碼138皆為本發明的選擇^_生裝置,並非本發明的限制條件。- 在此請另注意,本發明的對照表112係儲存於中介舰器ιι〇 中,但是實際上也可以紀錄於傳送端12〇或接收端13〇,並且由服 15 200527208 務提供者來加以更新,如此亦不違背本發明的精神。再者,如第1 圖所示,本發明檔案存取控管系統1㈨係分別由傳送端120,接收 端130以及中介伺服器11〇來共同完成檔案存取的控管,然而, 實際上也可由單一傳送端120或是單一接收端13〇來控管檔案的 存取’舉例來說,傳送端120先計算出該檔案的雜湊值,並且於 傳送之刖δ貝取對照表112而直接對該檔案施加該數位版權管理的 操作,接著,傳送端12〇便將處理後的齡傳送至接收端⑽,此 時’接收端130戶、專責接收該檑案而不需進行額外的槽案存取控鲁 管,另-方面,亦可由接收端13〇來完成前述動作,亦即傳送端 120僅專責傳送該檔案而不需進行額外的標案存取控冑,上述變化 均屬本發明之範轉。 相較於習知技術’本發明所揭露的檔案存取控管方法以及槽案 存取控管系統可正確控管在網路上所傳播的資料或權案,對沒有 經過授權的擋案或資料施加一預定處理,使得原本在點對點架構# 中,盜版資料或是影音媒體無法控管的情形可大為改善。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範 圍所作之均等變化與修飾’皆應屬本發明之涵蓋範圍。 【圖式簡單說明】 16 200527208 第1圖為本發明檔案存取控管系統的示意圖。 第2圖為第1圖所示之檔案存取控管系統進行檔案存取控管的操 作流程圖。 第3圖為第1圖所示之對照表的示意圖。 【主要元件符號說明】 100 檔案存取控管系統 110 中介伺服器 120 傳送端 130 接收端 111、122、133 記憶模組 112 對照表 m, 雜湊值產生模組 123 雜凑函式碼 124 加密模組 125 加密程式碼 131 檢測模組 132 控管模組 134 檢測程式碼 135 控管程式碼 136 數位版權管理程式碼 137 解密模組 138 解密程式碼200527208 IX. Description of the invention: [Technical field to which the invention belongs] The present invention provides a method and system for controlling file access, especially a paging case access control method and slot case access control system for digital copyright management. . [Previous technology] Generally, in a computer network, file sharing methods can be roughly divided into two architectures: a client-server architecture and a peer-to-peer architecture. As is known in the industry, the domain architecture includes-a device (and) and at least one client, the feeder and the user _ through a data transmission medium (such as a wired network or wireless network) ) To pass the message, the exchange of money between the cases must be done through the server. For example, # — 第 —When the user wants to share a case, the "first-user__ first uploads the job he wants to share to the feeder, =-aspect, when-the second user needs to obtain When the server is shared by the first client, the second client must download the file from the mine. This kind of master-slave transfer to own — some Jia, in which all the exchange of the case is completed through the outline, so it is very convenient to control the age. For example, 200527208, for example, Xingjian only needs to start from the server-divide the data or program software, then there is no video data or program software shared by the red side of the server; or Through the operation of a digital copyright management secretary (Wnghts_gement, DRM), to impose access restrictions on an audiovisual data or program software. J. This' use% can only obtain audiovisual data processed by the server (such as Audition tracks) or program software (such as a software trial version), so that the master-slave architecture can be used to achieve the purpose of file control. However, in the possession of these advantages, the master-slave architecture must also bear some disadvantages. For example, 'the server's service provider must spend a lot of manpower and material resources to register the work of controlling the work, in addition, when the user establishes a connection with the ship', the service provider must make the server have sufficient frequency Wide so that users can access the servo benefits smoothly. When the number of users is quite large, the use of bandwidth is also a big driver. And because the data is almost stored in the feeder, the service provider must also Dali provides storage space. However, when the storage space is limited due to cost considerations, the service provider must screen the data stored in the server, which greatly reduces the circulation of data. Therefore, the conventional peer-to-peer (peer_t〇_peer) architecture emerged at the historic moment. In this architecture ^ 'all drought-splitting data is provided by the user, in other words, when a user wants a specific job At that time, the other user will provide the specific file 200527208, and the specific file will be transferred to the user. In this way, the bandwidth requirements and the cost of storage space can be spread to the user. In addition, the data circulation is greatly increased (not limited by the storage space of the server). Therefore, the service provider only needs to provide point-to-point transmission. Related programs, which no longer need to pay a large cost, is a big gospel for users and service providers. However, similarly, the peer-to-peer architecture will also have corresponding disadvantages. Generally speaking, the peer-to-peer architecture is the data exchange between the remaining users, that is, the data exchange does not need to be controlled by the server. There is a certain degree of difficulty. For example, green, without Wei _ dumped materials can be distributed on the Internet '' and there is no far-reaching _ in the data, legitimate health suppliers or television media operators can not be relying on copyright, which caused Great question. [Summary of the Invention] Therefore, the main purpose of this month is to provide a method of file access control and pure access control, to solve the problem that the point-to-point _ + cannot be managed. According to the patent details of this translation, its brief disclosure __ transfer to the controlling party 200527208 method. This method for controlling access to broadcasts is applied to-network, wire management-predetermined file transmission-file access. The slot case access control method includes: The "table" table X stores a plurality of records, each record corresponds to a specific access restriction condition ', # & feature data, and obtains the feature data corresponding to the subject matter-feature data , And compare the obtained characteristic data with the comparison table, if the comparison table contains a record corresponding to the characteristic material, the Wei Wei Lai Lai case imposed an access restriction condition to control the access of the file ~ In addition, the present invention provides another type of case access control system. The slot case access control system is on the 1st line, and it controls the access of the case transmitted by the scheduled transmission method. The remaining deposit The access control management system includes:-the first-memory module, which is used to store-a comparison table, where the comparison table stores a plurality of records, each of which corresponds to-specific access restrictions and-specific characteristic data;- The detection module, which is the same as that of the corresponding case, is reduced to the non-detection group of the first hidden module, and the obtained characteristic data is compared with the control. 2 If the scale scarf contains money, it should be used. -Domain, then miscellaneous 4 groups of root records The access to the slot is controlled by the channel. "The file access control method and file access control system disclosed by Zhengxu ㈣ can control the spread of dragons or broadcasts on the Internet. For unauthorized building cases 200527208 2 The processing of materials is greatly improved, which can greatly improve the situation that the original media, pirated materials or audiovisual media cannot be controlled. [Embodiment] In the following disclosure, a point-to-point transmission square wire is used as an illustration, and it is noted here that the point-to-point transmission method is only a preferred embodiment of the present invention, and not a limitation of the present invention. Liqie refers to FIG. 1 ', which is a diagram showing the storage access control system of the present invention. As shown in Fig. 1, the 'Podcast access control system contains-intermediary ship state 传' Passing end 120 is used to transmit a file, and a receiving end 13 is used to receive the file output by the transmitting end 120. . The intermediary server ιο includes a memory module 2 to store the look-up table 112. The transmitting end 120 includes a hash value generating module 121, an encryption module 124, and a memory module 122, which are used to store a hashfimeti () hash code 123 and a saki code 125. The receiving end 130 includes a detection module 131, a control module 132, a decryption module 137, and a memory module 133 to store a detection code 134, a control code, and a process solution. Shima 138. In addition, in this embodiment, the functions and operations of the control code 135 ', the digital rights management (DRM) program, and the access control system 100 will be described in detail below. 200527208 The access control system 100 is not as shown in the figure. For the operation of the slot case access control system 100, please refer to FIG. 2. FIG. 2 is the operation flow chart of performing the slot case access control in the jth process, which includes the following steps: Step 200: Start; Step 201; Transmission end 120 Encrypt a broadcast case to be transmitted. Steps: Send according to the content of the file, generate a hash value and append the hash value to the case. Step 204: The transmitting end 120 transmits the file to the receiving end 13 〇 Step 206: The receiving end 13 obtains the hash value corresponding to the file; Step 208: The receiving end dries the job-reference table. If the comparison table ^ contains a record corresponding to the hash value, according to the Record __ impose-digital record fresh_work, Qi Ding-surface restriction bar = further control access to the file; Step 209 · · Receiver 130 decrypts the slot case; and Step 210: End. First, the receiving end 130 seeks-downloads-files according to the point-to-point transmission mechanism, and the transmitting end ⑽ before the rotation of the receiving end 2 slot (step _), the encryption module 124 inside the transmitting end 120 is in compliance; + 俨 安 stored in the memory module 122, and here the 4 MM praise function code 125 (step 201) is used to encrypt the Terada wood here. The main idea is to add additional details to the file. The method of bait is already known in the industry, and here is not continued. The hash value generation module m inside the transmitting end 12G will execute the hash function stored in the memory module 122. Orbit County> 123, according to The contents of this slot case and the hash conversion value, thin butterfly (step 202), please note here, Shi * feng mu μ ~ hash function and the method of hash value are well-known in the industry, so its details_ Xian Jian will not go into details here, in theory: = 谢 啊 目 _ 秘, Nen said that the anti-correspondence system of 嶋 Zhiguan 疋 — 对 — the purpose of exposing the hash value is to make === _ 杂 _ 细 继 _ After receiving the broadcast ceremony, the receiver 120 will send the file to the receiver 130 via the network (wired or wireless network) (step 204), and the receiver 13 will successfully After receiving the file, the receiving end 130 will use the internal detection module CU to execute the detection code 134 stored in the memory module 133 to obtain the hash value (step application), and the receiving end 130 will also use the internal Control module m to execute the control code '⑶' to compare the hash value with that stored in the intermediary feeding service (100 memory module) Comparison table 112, in this embodiment, if the comparison table 112 contains a record corresponding to the hash value 11 200527208, the control module 135 will execute the digital copyright in the control code ⑶ according to the record The management code 136 applies the access restriction condition to the file to control the access of the file (step 208). After the foregoing steps are completed, the decryption module 137 inside the receiving end 130 will execute the decryption function code 138 (step 2) stored in the memory module 133 to solve the case. Taking control of H to complete the entire project access control operation (step 210). Here is another example to explain how to control access to files. Generally speaking, a service provider will provide specific software to the transmitting end 120 and the receiving end 130, and the transmitting end 120 and the receiving end 130 must be installed. This specific software can achieve the purpose of point-to-point transmission, and then exchange the files to be shared. In addition, in order to maintain the copyright of the software or audiovisual media, the service provider will first negotiate with the legitimate copyright owner-specific software Control methods, for example, for a music song published by a record company 'The record company allows only three trials by the client, or for software released by a software vendor, the software operator only allows the client to try for 30 days Of course, more complicated control methods can also be adopted. For example, for a singer singing a song or for some special application software, more access restrictions will be imposed. Therefore, the service provider will finally establish a corresponding comparison table U2 'on the intermediary server 110 according to these negotiated control methods and store the comparison table U2 in the memory module in of the intermediary 12 200527208 server. . Please refer to FIG. 3, which is the schematic diagram of the comparison table (i_). As mentioned earlier, since a file is processed by a hash function corresponding to a hash function, it will correspond to a specific hash test. Therefore, as long as the table 112 is matched, you can know that it should be difficult to access. Regarding the conditions, for example, if the hash value of the predetermined file is 8163 'and the service provider negotiates with the copyright owner of the slot case, the control method of the predetermined slot case is, trial for 30 days, , Then the m towel on the pain photo table will contain the appropriate axis for the next step. As mentioned earlier, the transmitting end 120 and the receiving end 130 will install specific software for delivery, and the specific software includes the aforementioned encryption program cent $, decryption code Π8, hash function code 123, detection code m, control Control the code ratio and the digital rights management code 136, and the processors of the transmitting terminal and the receiving terminal respectively execute the above-mentioned codes to achieve various functions, for example, calling on the transmitting terminal 120 to send a file to- Before the receiving end 13, the processor 12 of the transmitting end (which can be regarded as a silk-made 12-20-real _) will guess the specific software 'so it will execute the training code 125 of the specific software towel, The file is encrypted and a hash function code is executed to perform a hash function operation on the file according to the contents of the slot to generate a hash value (such as the aforementioned hash value "coffee") and append the hash The check-in crane, then, the transmitting end m transmits the bid 13 200527208 to the receiving end 130 via a thin route. The processor at the receiving end 130 (which can be regarded as the detection module 13ι and the control module 132 here) will also execute the transcript to touch the slot. Therefore, the detection code 134 and the control module in the specific software The code 135 is executed at this time, that is, the detection code 134 will first be converted to the hash value of the file, and the control code 135 will further compare the osmotic value obtained by the detection code m. With the comparison table 112 stored in the intermediary server no, if the comparison table 112 contains miscellaneous records (such as "_ 3G days" above), then the processing n at the receiving end will be numb_mulu Weilu County Wealth Management Code i36 applies the __digital copyright management operation to the file further, in other words, the digital rights management code 36 will restrict access to this hard slave for 3G days "; Finally, the processing of "m" will execute the decryption code 138 in the specific software to restore the encrypted file back to the original unencrypted version of the broadcast for future users. * Please here Note that the file access control system of the present invention is implemented by hardware and software # 'R? Ij, in the past, Jianliu hardware can also be implemented. In the above disclosure, the practice of hardware and software is only used for ·, and the county issued _ restrictions. In addition, in the comparison table 112 The present invention only needs to be able to distinguish the characteristic data of the coffin case, and it is not necessary to implement the hash value. For example, "Children's Month can also use the file name or file creation of the file The data such as time 14 200527208 are used to establish the required comparison table 112. In other words, the use of the hash value in the above embodiment is only the description of the present invention and not a limitation of the present invention. Therefore, please note that the hash value generation module 121 and the hash function code 123 of the present invention are used in conjunction with the hash value, in other words, 'If the present invention can be implemented without using the hash value as described above, then The present invention does not need to use a hash value generation module and a hash function code 123. In other words, the hash value generation module 121 and the hash function code 123 are optional components, and are not the invention. limits. Please note here that, in order to prevent the user of the receiving end 130 from maliciously interrupting the connection between the receiving end ⑽ and the intermediary server 110 in order to avoid the slot access control method of the present invention, this issue _ control management module The group 132 cannot complete the comparison of the scale photo table 112 with the aforementioned eigenvalues, so the present invention encrypts the slot before transmitting the file, and after the control module I32 completes the saki and applies the access threshold to the age To decrypt the slot case, this can prevent the aforementioned problems; however, the encryption and decryption operation is not a limitation of the present invention, that is, the slot case access control system and file access control system of the present invention Φ = method without the foregoing The encryption and decryption operations can also be implemented. In other words, in the foregoing disclosure, the encryption module 124, the encryption code 125, the decryption module 137, and the fork code 138 are all options of the present invention. It is not a limitation of the present invention. -Please also note here that the comparison table 112 of the present invention is stored in the intermediary vessel ιιο, but it can actually be recorded on the transmitting end 12 or the receiving end 13 °, and it is provided by the service provider 15 200527208 Update, so does not violate the spirit of the present invention. Furthermore, as shown in FIG. 1, the file access control system 1 of the present invention is jointly controlled by the transmitting end 120, the receiving end 130, and the intermediary server 110. However, actually, it also A single transmitting end 120 or a single receiving end 13 can control the access of the file. For example, the transmitting end 120 first calculates the hash value of the file, and obtains the comparison table 112 directly at the transmission δδ. The file applies this digital copyright management operation. Then, the transmitting end 120 transmits the processed age to the receiving end. At this time, the 'receiving end 130 households are solely responsible for receiving the case without additional slot access. Controlling the management, on the other hand, the aforementioned action can also be completed by the receiving end 130, that is, the transmitting end 120 is only responsible for transmitting the file without performing additional project access control. The above changes are all within the scope of the present invention. turn. Compared with the conventional technology, the file access control method and slot case access control system disclosed in the present invention can correctly control the data or rights transmitted on the network. A predetermined process is imposed, so that in the peer-to-peer architecture #, the situation that pirated materials or audiovisual media cannot be controlled can be greatly improved. The above description is only a preferred embodiment of the present invention, and any equivalent changes and modifications made according to the patent application scope of the present invention shall fall within the scope of the present invention. [Schematic description] 16 200527208 Figure 1 is a schematic diagram of the file access control system of the present invention. Figure 2 is a flowchart of the operation of file access control by the file access control system shown in Figure 1. FIG. 3 is a schematic diagram of the comparison table shown in FIG. 1. [Description of main component symbols] 100 File access control system 110 Intermediate server 120 Transmitting end 130 Receiving end 111, 122, 133 Memory module 112 Refer to table m, Hash value generation module 123 Hash function code 124 Encryption mode Group 125 encryption code 131 detection module 132 control module 134 detection code 135 control code 136 digital rights management code 137 decryption module 138 decryption code

1717

Claims (1)

200527208 十、申請專利範園: 1· 一種權案存取控管方、、去 定檔案傳輸方式傳輪之係應用於—網路,用來管制以-預 含有·· ~檔案之紅,域案存雜管方法包、 ⑻建立-_表叫200527208 X. Patent application park: 1. A type of access control authority for the right case, and a file transfer method to determine the file transfer system is applied to-the network, used to control the pre-contained files ... Case storage miscellaneous pipe method package, ⑻ establishment-_ table called 取限制條件與1定特徵=;,母一紀錄係對應一特定存 (b)取得對應該檔案之—特徵資料;以及 (C)比=取狀特徵資料與該對照表,若該對照表中包含有對 心特徵資料之—紀錄,則根據該紀錄對該檔案施加一存 取限制條件以控管該標案之存取。 2.如申請專利範_項所述之檔案存取控管方法,其中該存取 限制條件係經由執行一數位版權管理(digitalrightsmanagement, drm)夂操作所設定。 3·如申凊專利範圍第1項所述之槽案存取控管方法,其中該特徵 負料係為一雜湊值(hash value)。 4·如申請專利範圍第3項所述之檔案存取控管方法,其另包含有·· 根據該槽案之内容’產生該雜凑值並附加該雜湊值至該播案 18 200527208 中。 5.如申請專利範圍第3項所述之播案存取控f方法,其中該雜凑 值與该檔案之對應_、係為—對一對應。 6·如申請翻範圍第丨項所述之齡存取控管方法,其中該預定 才虽案傳輸方式係為一點對點&eert〇peer)傳輸。 7·如申請專利範圍第i項所述之槽案存取控管方法,其係執行於 一用來輸出該檔案之傳送端(transmitter)。 8·如申請專利範圍第i項所述之槽案存取控管方法,其係執行於 一用來接收該檔案之接收端(receiver)。 9·如申請專利範圍第1項所述之檔案存取控管方法,其另包含有: 加密該檔案;以及 於執行步驟(c)後,解密該檔案。 10· —種檔案存取控管系統,其係應用於一網路,用來管制以一預 定檔案傳輸方式傳輸之一檔案之存取,該檔案存取控管系統包 含有: 19 200527208 弟一 5己憶模組,用也紗十 數個紀錄,每絲’其巾她_存複 特徵資料;、錢鱗應-航存取限懈件與-特定 制模組’用來取得對應該難之-特徵資料;以及 “柄組,_於該第—記憶模組與該檢測模 該取得之特輸彻瓣,其巾編懈H 職雜徵資料之—紀錄,職控管模組根據該紀錄對該 插案施加—存取限制條件來控管該檔案之存取。 11.如申轉利細第1G項所述之觀存取控管系統,其中該檢 測柄組以及δ亥控官模組均設置於一處理器中,該檔案存取控管 系、、先另包含有一第二記憶模組用來儲存一檢測程式碼以及一控 官程式碼,該檢測模組係執行該檢測程式碼以取得對應該檔案 之該特徵資料,以及該控管模組係執行該控管程式碼以比較該 取得之該特徵資料與該對照表來施加該存取限制條件以控管該籲 槽案之存取。 12·如申請專利範圍第u項所述之檔案存取控管系統,其中該存 取限制條件係經由該控管模組執行該控管程式碼以啟動一數位 版權管理(digital rights management, DRM)之操作所設定。 20 200527208 檔案存取控管系統,其另包含 13·如申請專利範圍第1〇項所述之 有: 一加密模組 一解密模組 以解密該檔案。 用來加密該檔案;以及 用於該控管做比對崎徵餅與靖照表後, 14.如憎專利範圍第13項所述之檔案存取控管系統,其中該檢 測核、、且雜官模組、以及該解密模組触置於—處理器中, 該槽案存取控管祕另包含有—第二記賴蝴來儲存一檢測 =碼、-控管程式碼以及一解密程式碼,該檢測模組係執行 該檢測程式碼以取得對應該檔案之該特徵資料,該控管模組係 執订該控錄式顧比較該取得之該特徵資料與該對照表來施 加赫取限罐件以控管鋪案之存取,以及該解密模組係執 行該解密程式碼以解密該檔案。 15·如申請專利範圍第10項所述之檔案存取控管系統,其t該特 徵ΐ料係為一雜湊值value)。 16·如申請專利範圍第13項所述之檔案存取控管系統,其中該標 案存取控管系統另包含有: 一雜湊值產生模組,用來根據該檔案之内容產生該雜湊值並附 21 200527208 加該雜湊值至該檔案中。 π.如申請專利範圍第I6項所述之槽案存取控管系統,其中該雜 湊值產生模組係設置於一用來輸出該檔案之傳送端 ” (transmitter),以及該檢測模組與該控管模組係設置於一用來 接收該檔案之接收端(receiver)。 18·如申請專利範圍第π項所述之檔案存取控管系統,其中該第籲 一記憶模組係設置於一中介伺服器或該接收端中。 19·如申請專利範圍第16項所述之檔案存取控管系統,其中該雜 湊值產生模組,該檢測模組,以及該控管模組均設置於一用來 輸出該槽案之傳送端(transmitter )。 20·如申請專利範圍第17項所述之檔案存取控管系統,其中該第 一記憶模組係設置於一中介伺服器或該傳送端中。 21·如申請專利範圍第16項所述之檔案存取控管系統,其中該雜 湊值產生模組,該檢測模組,以及該控管模組均設置於一用來 接收该槽案之接收端(receiver)。 22 200527208 22·如申請專利範圍第19項所述之檔案存取控管系统,其中 一記憶模組係設置於一中介伺服器或該接收端中。 〆第 23·如申請專利範圍第14項所述之檔案存取控管系統,其另包含 有一第三記憶模組,用來儲存一雜湊函式(hashflmction)碼,其 中該雜湊值產生模組係設置於一處理器中,且依據該檔案執行 该雜溱函式碼來產生該雜湊值。 24.如申明專利範圍第13項所述之檔案存取控管系統,其中該雜 湊值與該檔案之對應關係係為一對一對應。 申明專利範圍第10項所述之槽案存取控管系統,其中該預 疋才田案傳輸方式係為一點對點(peer to peer)傳輸。 Η^一、圖式: 23Take the limiting conditions and 1 set of characteristics = ;, the parent-record is corresponding to a specific storage (b) to obtain the-characteristic data corresponding to the file; and (C) ratio = take the characteristic data and the comparison table, if the comparison table A record that contains the characteristic data of the center, according to the record, an access restriction condition is imposed on the file to control the access of the project. 2. The file access control method according to the patent application, wherein the access restriction condition is set by performing a digital right management (drm) operation. 3. The method of access control of a slot as described in item 1 of the patent application scope, wherein the characteristic negative material is a hash value. 4. The file access control method as described in item 3 of the scope of the patent application, further comprising: generating the hash value according to the contents of the slot case and appending the hash value to the broadcast case 18 200527208. 5. The method for controlling access to a case as described in item 3 of the scope of patent application, wherein the hash value corresponds to the file, and the correspondence is a one-to-one correspondence. 6. The age-based access control method as described in item 丨 of the application, wherein the scheduled transmission method is a point-to-point & peer transmission. 7. The slot access control method as described in item i of the patent application scope, which is executed on a transmitter for outputting the file. 8. The slot access control method as described in item i of the scope of patent application, which is executed at a receiver for receiving the file. 9. The file access control method according to item 1 of the scope of patent application, further comprising: encrypting the file; and decrypting the file after performing step (c). 10 · —A file access control system, which is applied to a network to control access to a file transmitted by a predetermined file transmission method. The file access control system includes: 19 200527208 5 Ji Yi module, with dozens of records, each silk 'its towel her _ store complex characteristics data ;, money scale should be-air access limited parts and-specific system module' used to obtain the corresponding difficult -Characteristic data; and "handle set, _ in the first-the memory module and the detection module should obtain the special input flaps, its towels are compiled H records of miscellaneous data-records, occupation control module according to the The record imposes —access restrictions on the accession to control access to the file. 11. The access control system described in item 1G of the Sentence of Interest, where the detection handle group and the delta controller The modules are all set in a processor. The file access control system first includes a second memory module to store a test code and a controller code. The test module performs the test. Code to obtain the characteristic data corresponding to the file, and the control module is implemented The control code applies the access restriction condition to control the access of the appeal case by comparing the obtained characteristic data with the comparison table. 12. File access as described in item u of the scope of patent application Control management system, wherein the access restriction condition is set by the control module executing the control code to start a digital rights management (DRM) operation. 20 200527208 file access control system, It also contains 13. As described in item 10 of the scope of patent application, there are: an encryption module and a decryption module to decrypt the file. It is used to encrypt the file; After Jingzhao watch, 14. The file access control system as described in item 13 of the patent scope, wherein the detection core, the miscellaneous module, and the decryption module are placed in the processor, the The storage case access control secret also includes a second record to store a test code, a control code, and a decryption code. The test module executes the test code to obtain the corresponding file. The characteristic data, the control module Is to order the control-logging Gu to compare the obtained characteristic data with the comparison table to impose a limit-limit tank to control the access of the case, and the decryption module executes the decryption code to decrypt the file 15. The file access control system described in item 10 of the scope of the patent application, which feature is a hash value). 16. The file access control described in item 13 of the scope of patent application Management system, in which the project access control management system further includes: a hash value generating module for generating the hash value according to the content of the file, and attaching 21 200527208 to adding the hash value to the file. Π. Such as The slot access control system according to item I6 of the patent application scope, wherein the hash value generating module is disposed at a transmitter for outputting the file, and the detection module and the control module The module is set on a receiver for receiving the file. 18. The file access control system according to item π of the patent application scope, wherein the first memory module is set in an intermediary server or the receiving end. 19. The file access control system according to item 16 of the scope of patent application, wherein the hash value generation module, the detection module, and the control module are all arranged in a transmission for outputting the slot case. End (transmitter). 20. The file access control system according to item 17 of the scope of patent application, wherein the first memory module is disposed in an intermediate server or the transmitting end. 21 · The file access control system according to item 16 of the scope of patent application, wherein the hash value generation module, the detection module, and the control module are all disposed in a receiver for receiving the slot case. End (receiver). 22 200527208 22. The file access control system according to item 19 of the scope of patent application, wherein a memory module is set in an intermediate server or the receiving end. 〆23. The file access control system described in item 14 of the scope of patent application, which further includes a third memory module for storing a hashflmction code, wherein the hash value generation module It is set in a processor and executes the hash function code according to the file to generate the hash value. 24. The file access control system according to item 13 of the declared patent scope, wherein the correspondence between the hash value and the file is a one-to-one correspondence. The slot case access control system described in item 10 of the declared patent scope, wherein the transmission method of the preliminary case is a peer-to-peer transmission. Η ^ 一 、 Schematic: 23
TW93132986A 2004-02-10 2004-10-29 File access controlling method and file access controlling system for digital rights management TWI266190B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW93132986A TWI266190B (en) 2004-02-10 2004-10-29 File access controlling method and file access controlling system for digital rights management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TW40201868 2004-02-10
TW93132986A TWI266190B (en) 2004-02-10 2004-10-29 File access controlling method and file access controlling system for digital rights management

Publications (2)

Publication Number Publication Date
TW200527208A true TW200527208A (en) 2005-08-16
TWI266190B TWI266190B (en) 2006-11-11

Family

ID=38191520

Family Applications (1)

Application Number Title Priority Date Filing Date
TW93132986A TWI266190B (en) 2004-02-10 2004-10-29 File access controlling method and file access controlling system for digital rights management

Country Status (1)

Country Link
TW (1) TWI266190B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI563838B (en) * 2013-08-26 2016-12-21 Digital Action Inc Digital contents encoding and decoding system and the method thereof

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012084071A (en) 2010-10-14 2012-04-26 Toshiba Corp Digital content protection method, decryption method, reproducing device, memory medium and cryptographic device
US8661527B2 (en) 2011-08-31 2014-02-25 Kabushiki Kaisha Toshiba Authenticator, authenticatee and authentication method
JP5275432B2 (en) 2011-11-11 2013-08-28 株式会社東芝 Storage medium, host device, memory device, and system
JP5100884B1 (en) 2011-12-02 2012-12-19 株式会社東芝 Memory device
JP5112555B1 (en) 2011-12-02 2013-01-09 株式会社東芝 Memory card, storage media, and controller
JP5204290B1 (en) 2011-12-02 2013-06-05 株式会社東芝 Host device, system, and device
JP5204291B1 (en) 2011-12-02 2013-06-05 株式会社東芝 Host device, device, system
JP5275482B2 (en) 2012-01-16 2013-08-28 株式会社東芝 Storage medium, host device, memory device, and system
US9201811B2 (en) 2013-02-14 2015-12-01 Kabushiki Kaisha Toshiba Device and authentication method therefor
US8984294B2 (en) 2013-02-15 2015-03-17 Kabushiki Kaisha Toshiba System of authenticating an individual memory device via reading data including prohibited data and readable data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI563838B (en) * 2013-08-26 2016-12-21 Digital Action Inc Digital contents encoding and decoding system and the method thereof

Also Published As

Publication number Publication date
TWI266190B (en) 2006-11-11

Similar Documents

Publication Publication Date Title
JP4149150B2 (en) Transmission distribution system and transmission distribution method under license offline environment
JP4912406B2 (en) Transfer of digital license from the first platform to the second platform
EP2474933B1 (en) Digital rights management provision server and method
JP3657396B2 (en) Key management system, key management apparatus, information encryption apparatus, information decryption apparatus, and storage medium storing program
KR100694064B1 (en) Method and Apparatus for converting DRM
KR100809292B1 (en) Apparatus and method for Digital Rights Management
US20050091173A1 (en) Method and system for content distribution
EP1775672A1 (en) Method and system for providing DRM license
JPWO2006092840A1 (en) Content distribution system
US8347098B2 (en) Media storage structures for storing content, devices for using such structures, systems for distributing such structures
JP4614377B2 (en) ENCRYPTED DATA MANAGEMENT SYSTEM AND METHOD, STORAGE MEDIUM
TW201220122A (en) Software authorization system and method
JP5399268B2 (en) Access to documents with encrypted control
TW200527208A (en) File access controlling method and file access controlling system for digital rights management
JP2005129058A (en) Method and device for managing digital copyright using portable storage device
EP1480410B1 (en) System and method for dynamically enabling components to implement data transfer security mechanisms
KR20090002392A (en) Method and system for sharing contents with removable storage
WO2013075673A1 (en) Method, system, and server for digital copyright management
US20050177873A1 (en) File access controlling method and file access controlling system for digital rights management
JP2008271564A (en) Transmission distribution system and transmission distribution method under off-line environment of license
CN109040087A (en) File encryption and decryption method and device
JPH09270784A (en) Ciphering/decoding/digital signature generating/ verification device
JP2007194887A (en) Delivering method for equipment bound content, content storage device, and program
JP2009135721A (en) Content distribution system, and content distribution method and program
JP2009514322A (en) Operation method of DRM gateway for providing contents between terminals supporting different DRM systems, and DRM gateway adopting this method

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees