WO2007025998A2 - Method and system for resource encryption and decryption - Google Patents

Method and system for resource encryption and decryption Download PDF

Info

Publication number
WO2007025998A2
WO2007025998A2 PCT/EP2006/065862 EP2006065862W WO2007025998A2 WO 2007025998 A2 WO2007025998 A2 WO 2007025998A2 EP 2006065862 W EP2006065862 W EP 2006065862W WO 2007025998 A2 WO2007025998 A2 WO 2007025998A2
Authority
WO
WIPO (PCT)
Prior art keywords
peer
resource
slices
encrypted
time
Prior art date
Application number
PCT/EP2006/065862
Other languages
French (fr)
Other versions
WO2007025998A3 (en
Inventor
Zhiyuan Chen
Chun You Gao
Xiao Hu He
Yan Nie
Original Assignee
Nokia Siemens Networks Gmbh & Co. Kg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Gmbh & Co. Kg filed Critical Nokia Siemens Networks Gmbh & Co. Kg
Publication of WO2007025998A2 publication Critical patent/WO2007025998A2/en
Publication of WO2007025998A3 publication Critical patent/WO2007025998A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/605Copy protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1074Peer-to-peer [P2P] networks for supporting data block transmission mechanisms
    • H04L67/1078Resource delivery mechanisms
    • H04L67/1082Resource delivery mechanisms involving incentive schemes

Definitions

  • the present invention relates to a method for resource encryption and decryption, and more particularly, to a method for resource encryption and decryption in a peer-to-peer (P2P) network, and a system for resource encryption and decryption using said method.
  • P2P peer-to-peer
  • Peer-to-peer network technology has gained increasing attention in recent years.
  • the shared resources in a peer-to- peer network are distributed in each peer of the network.
  • no central node such as a server, exists to centrally store the shared resources, and each peer is a network node peering in logic, and resources sharing will be directly performed among each peer in the network, thus breaking the bottleneck problem of resources sharing in the centralized network caused by centralized storing by means of the central node.
  • P2P technology is mainly applied to file (mostly large multimedia files) sharing, as a matter of fact, the P2P system has already become the most popular file sharing system on the Internet.
  • security is a significant problem.
  • the three essential factors to establish trust are: authentication, authorization and encryption.
  • Authentication means that in a network (such as the Internet) a peer proves itself to be the peer it claims to other peers.
  • Authorization is a process to authorize an authenticated peer to implement some action or access certain resources.
  • Encryption is a process to transfer the intelligible information (plaintext) into a form (ciphertext) indecipherable for an unauthorized person or system. Decryption is its inverse process.
  • An obvious use of encryption is protecting information flowing among peers in an unsafe network (such as the Internet) . Combined with the authentication of each peer, this ensures data exchange against being intercepted during communication.
  • the problem is how to ensure the rewards of the resource promoter and uploader. After downloading one resource, a certain user in an iP2P system can transmit it to other users by getting around the iP2P system, and another user can upload the resource again, that is to say, another user who does not download the resource can also provide a resource uploading service, and thus get rewarded.
  • the problem is to ensure the transaction security during resource purchasing.
  • There are some possible unsafe factors such as spoofing and impersonating during the transaction process of the iP2P system.
  • resource 1 is downloaded from user B by a downloading user, but the fees settlement platform is told that resource 1 is downloaded from user C, and then the fees settlement platform will give the reward to user C instead of user B.
  • the main object of the present invention is to provide a method for resource encryption and decryption which can effectively ensure the integrity and security of resource transaction based on the P2P network, and can also ensure the copyright of the originator and reasonable rewards for the resource promoter and uploader.
  • a method for resource encryption in a distributed P2P network said distributed P2P network including at least one peer and at least one Central Service Unit, said method includes the following steps: (1) said peer encrypts a resource on said peer for the first time;
  • Said Central Service Unit generates said private key for said peer and stores said private key when said peer registers on said Central Service Unit. Said private key is then downloaded to said peer when said peer logs into said Central Service Unit, and said original resource is encrypted for the first time by said private key.
  • said encrypted resource is sliced by said peer.
  • Private keys are generated respectively by said Central Service Unit for said at least one peer, and said slices are encrypted for the second time by each respective private key of said at least one peer.
  • a method for resource decryption in a distributed P2P network said distributed P2P network including at least one peer and at least one Central Service Unit, and said method includes the following steps:
  • said peer decrypts at least one encrypted slice received by said peer for the first time; (2) assembles said decrypted slices;
  • the Central Service Unit generates a public key for the peer and stores the public key when the peer registers on the Central Service Unit.
  • said encrypted slices are decrypted respectively for the first time by the peer using the public key generated by said Central Service Unit for the peer which encrypts said slices.
  • the peer After the peer decrypts at least one encrypted slice received by said peer for the first time, it first verifies the integrity of said slice according to the information of said decrypted slices, and then assembles said resulting decrypted slices. Said assembled resource is decrypted for the second time by the peer using the public key generated by said Central Service Unit for the peer which encrypts resources.
  • said peer searches said resource in said distributed P2P network; (2) said peer acquires a list of peers where said resource is located;
  • said peer sends a request respectively to the peers on said list, and downloads said encrypted slices from the peers on said list.
  • a system using said method for resource encryption said system includes at least one peer and at least one Central Service Unit, wherein said system encrypts a resource on said peer for the first time; then slices said encrypted resource; and said system encrypts said slices for the second time.
  • a system using said method for resource decryption said system includes at least one peer and at least one Central Service Unit, wherein said system decrypts the at least one received encrypted slice for the first time, then assembles said decrypted slices, and said system decrypts said assembled resource for the second time.
  • a method for providing a resource based on a distributed P2P network said distributed P2P network including at least one peer and at least one Central Service Unit, wherein:
  • the present invention employs a double encryption method, in which the first encryption (that is originator encryption) can ensure that all downloading and uploading of the resources by peers (terminal user) be authorized by the originator, thus the originator in an iP2P system need not worry about piracy, and the copyright of the originator is protected. Furthermore, the Central Service Unit (central server) of iP2P can track and record the resources relevant to the transaction, thus the originator can acquire corresponding rewards according to said record.
  • the originator will become a holder after issuing the resources, and the shared resources uploaded by a holder are double encrypted as a result, i.e. the originator encrypts and each holder respectively encrypts each slice.
  • This process ensures that the shared resources are only valid for their own holders, and the peer (terminal user) can only be a holder of the resources if it has downloaded the resources, otherwise it is impossible for any other peer (terminal user) to be a holder of the resources. That is to say, to be an uploader of the resources he must first be a consumer of the resources, which protects the copyright of the originator in another way.
  • the Central Service Unit (central server) of iP2P can track and record the uploading of the sliced resources, thus the promoter (person recommending resources) and the uploader of the sliced resources can acquire their corresponding rewards according to said record.
  • Each sliced resource downloaded by a downloader is signed by its holder (i.e. is encrypted for the second time by the private keys of the holder) , the downloader can acquire the decrypted public keys from the Central Service Unit only after the Central Service Unit is told who is the holder of the downloaded slice, and such a mechanism can avoid the possible unsafe factors, such as spoofing and impersonating, during the downloading process.
  • the present invention ensures that the downloader can acquire resources based on the iP2P system in an official and legitimate way.
  • the present invention can stop the service provider of the iP2P system worrying about the copyright protection and transaction security when establishing an electrical market, and all the resources in the transaction will be tracked and recorded, and the rewards of the originator, holder, uploader and promoter can be ensured.
  • Figure 1 is a schematic diagram of the resource encryption and decryption process in the embodiment of the present invention .
  • Figure 2 is a schematic diagram of the log-in process of one peer in the embodiment of the present invention.
  • Figure 3 is a schematic diagram of the resource issuing process in the embodiment of the present invention.
  • Figure 4 is a schematic diagram of the resource downloading process in the embodiment of the present invention.
  • Figure 5 is a schematic diagram of the resource reassembling process in the embodiment of the present invention.
  • FIG. 1 is a schematic diagram of the resource encryption and decryption process in the embodiment of the present invention.
  • the present invention employs the double encryption and double decryption method.
  • the original resource of an originator which is on a peer is first encrypted, and becomes an encrypted resource, and said encrypted resource is sliced into different slices by the peers, and then the slices are encrypted by the same or different peers, and become encrypted slices.
  • the received encrypted slices are first decrypted, and become decrypted slices, said decrypted slices are assembled by the peers to become an encrypted resource which is then decrypted by the peers, thus the original resource is acquired. Said process of resource encryption and decryption will be described in detail.
  • Step 1 if one peer wants to join an existing iP2P system, this peer must firstly register on said iP2P system server. After registration, said iP2P system server generates a specific private key and a specific public key for said peer according to the RSA algorithm of asymmetric key encryption which is named after the names of the three inventors: Ron Rivest, Adi Shamir and Leonard Adleman, and the private key and the public key are both stored in the server of the iP2P system.
  • Step 2 said peer can log into said iP2P system after registering on the iP2P system server, as shown in Figure 2. After the iP2P system server confirms that said peer is a registered and valid peer, said peer will retrieve its private key (Private Key A, Prikey-A) from the iP2P system server .
  • Prikey-A private key
  • Step 3 after said peer logs into the iP2P system server, the original resource on said peer is issued, so that other peers in the iP2P system can search said original resource.
  • the issuing process is as shown in Figure 3.
  • the peer with the original resource thereon generates an original resource HASH information (Source HASH_INFO) based on SHA (Secure Hash Algorithm) for the original resource, and said original resource HASH information is the unique ID of said original resource.
  • the originator will also give out information about the original resource such as descriptor and price.
  • said peer encrypts said original resource with its private key, thus the original resource becomes an encrypted resource.
  • the descriptor of encrypted resource is provided by the peer.
  • said peer divides the encrypted resource into three slices (Slice 1, Slice 2, Slice 3) according to fixed length, and generates different slice HASH information (Slice 1 HASH_INFO, Slice 2 HASH_INFO, Slice 3 HASH_INFO) and slice descriptor for different slices based on SHA.
  • slice HASH information Slice 1 HASH_INFO, Slice 2 HASH_INFO, Slice 3 HASH_INFO
  • slice descriptor for different slices based on SHA.
  • each slice is added to respective header information, and said information indicates the order of the slices.
  • said peer generates for the original resource basic descriptor information (Meta-info) according to the original resource HASH information, slice HASH information, size of the slice, originator information and price information etc., and said Meta-info is disclosed in the iP2P system, for example, is disclosed in a webpage of a website. After said Meta-info is disclosed, the role of the originator is changed and it becomes a holder.
  • Methoda-info original resource basic descriptor information
  • Peer A encrypts said slices with its private key, whilst said header information is not encrypted. After the encrypted slices are encrypted, two circumstances may occur. The first one is, all the encrypted slices are located on peer A, thus peer A becomes an uploader. The second one is, if a peer B wants to obtain one of the slices, for example Slice 2, peer B first downloads said Meta-info (for example downloads from said public webpage) , then downloads the encrypted Slice 2 from peer A, and a copy of Slice 2 is still saved on peer A. Peer B first acquires the public key of peer A on request from iP2P system server, and then decrypts the downloaded encrypted Slice 2 with the public key of peer A.
  • Meta-info for example downloads from said public webpage
  • Peer B still computes a new HASH_INFO for the decrypted Slice 2 with SHA, and then this HASH_INFO is compared with the HASH_INFO of Slice 2 in the Meta-info, if the two are identical, it indicates that the downloaded Slice 2 is the correct and unchanged slice; if the two are different, it indicates that the downloaded Slice 2 is not Slice 2 on peer A, or some error occurred during the downloading process which entails downloading again.
  • peer B After verifying said integrity of Slice 2, peer B encrypts Slice 2 with its private key.
  • a peer C wants to obtain Slice 3
  • its procedure is similar to that of peer B obtaining Slice 2.
  • peer C After verifying said integrity of Slice 3, peer C encrypts Slice 3 with its private key.
  • peer B and peer C After downloading different slices and encrypting said slices with each private key, peer B and peer C also become uploaders .
  • the list of said uploaders can be saved on any peer of said iP2P system.
  • Step 4 after said original resource is disclosed, other peers can search and purchase said resource.
  • the purchaser must download all the encrypted resources from at least one peer. If the bandwidth of the network connecting peer A is wide enough, the purchaser can download three slices from peer A. However, usually when there are many downloaders, the bandwidth of the network connecting peer A is too narrow to support so many downloaders, thus a more popular method is downloading different encrypted slices respectively from peer A, peer B and peer C.
  • ADSL Asymmetric Digital Subscriber Line
  • up-stream is low rate transmission
  • downstream high rate transmission.
  • peer M sends a request to the iP2P server, as shown in Figure 4(1) .
  • the iP2P server finds the list of the uploaders and informs peer M of said list (including peer A, peer B, peer C), as shown in Figure 4(2) .
  • peer M sends a download request to peer A, and then downloads the encrypted Slice 1 from peer A, as shown in Figure 4(3) .
  • peer M sends a download request to peer B, and then downloads the encrypted Slice 2 from peer B, as shown in Figure 4(4) .
  • peer M sends a download request to peer C, and then downloads the encrypted Slice 3 from peer B, as shown in Figure 4(5) .
  • all the resource slices are already downloaded on peer M.
  • Step 5 resources downloaded on peer M are reassembled. Since the downloaded slices have header information, peer M can assemble said slices in sequence based on said header information. Since the resources downloaded by peer M are encrypted slices, the slices should be decrypted under the control of the iP2P server, and then the decrypted slices are reassembled to become an encrypted resource, and said encrypted resource is decrypted, thus the original resource is recovered.
  • the resource reassembling process is shown in Figure 5.
  • peer M sends the list of uploaders to the iP2P server, as shown in Figure 5(1) .
  • the iP2P server saves the list and passes the public key (PubKey-A, PubKey-B, PubKey-C) of each peer in the list to peer M, as shown in Figure 5(2) .
  • peer M decrypts corresponding encrypted slices for the first time with the public keys of different uploaders, and Slice 1, Slice 2 and Slice 3 are acquired respectively, and then peer M computes the HASH_INFO of each slice with SHA, and then the HASH_INFO of each slice is compared with the HASH_INFO of each slice in the META-INFO to verify the integrity of the corresponding slice, as shown in Figure 5(3) .
  • peer M reassembles said decrypted slices into a complete encrypted resource, as shown in Figure 5(4) .
  • peer M requests the public key of the originator from the iP2P server, as shown in Figure 5(5) .
  • the iP2P server passes the public key of the originator to peer M, as shown in Figure 5(6) .
  • Peer M decrypts the reassembled encrypted resource with the public key of the originator, and verifies the integrity of the original resource with the original HASH INFO, as shown in Figure 5(7), thus the original resource on peer M is recovered, as shown in Figure 5(8) .
  • Step 6 after the original resource is recovered, said resource transaction process is finished.
  • peer M as a downloader (purchaser) , thinks said resource is good, then it will recommend the resource to other peers.
  • peer N obtains the recommended information of peer M, and thinks it is worthy of downloading, peer N will click the URL (Uniform Resource Location) recommended by peer M to download the resource.
  • peer N needs to give rewards to peer M, i.e. peer M as a promoter acquires its rewards.
  • peer M after peer M downloads said resource as a downloader (purchaser), peer M itself can become an uploader. After another peer, for example peer X, downloads the resource from peer M, peer M can also acquire corresponding rewards as an uploader. When said peer M is an uploader, after peer M decrypts the downloaded encrypted slices for the first time, Slice 1, Slice 2 and Slice 3 are acquired, and the integrity of the corresponding slices is verified with the HASH_INFO of different slices, and then peer M encrypts said Slice 1, Slice 2 and Slice 3 with its private key. If peer X downloads (purchases) said resource from peer M, peer X needs to acquire the public key of peer M from the Central Service Unit to decrypt the slice resource encrypted by peer M.
  • the method of the present invention for encryption and decryption can solve the copyright and the reward problems of the originator during the establishment of an electrical market using the iPSP system. Meanwhile, the present invention also ensures that the resource promoter and uploader obtain their corresponding rewards. The present invention can prevent the possible unsafe factors during the resource transaction process, such as spoofing, impersonating.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Multi Processors (AREA)

Abstract

This invention relates to a method for resource encryption and decryption for resource encryption in a distributed peer- to-peer (P2P) network, the distributed P2P network including at least one peer and at least one Central Service Unit. The encryption process comprises first the peer encrypting an original resource on said peer for the first time, then the encrypted resource is sliced, and the slices are encrypted for the second time. The decryption process comprises first a peer decrypting at least one encrypted slice which is received by said peer for the first time; then the decrypted slices are assembled and the peer decrypts said assembled resource for the second time. This invention can solve the problems associated with the copyright of the originator and the problems of rewards of the resource originator, promoter, uploader and service provider. Furthermore, it can prevent safety problems emerging during transaction processes, such as spoofing, personating, etc.

Description

Method and System for Resource Encryption and Decryption
(I) TECHNICAL FIELD
The present invention relates to a method for resource encryption and decryption, and more particularly, to a method for resource encryption and decryption in a peer-to-peer (P2P) network, and a system for resource encryption and decryption using said method.
(II) TECHNICAL BACKGROUND
Peer-to-peer network technology has gained increasing attention in recent years. The shared resources in a peer-to- peer network are distributed in each peer of the network. In the network, no central node, such as a server, exists to centrally store the shared resources, and each peer is a network node peering in logic, and resources sharing will be directly performed among each peer in the network, thus breaking the bottleneck problem of resources sharing in the centralized network caused by centralized storing by means of the central node.
With extensive computer network use and the abundance of multimedia resources, P2P technology is mainly applied to file (mostly large multimedia files) sharing, as a matter of fact, the P2P system has already become the most popular file sharing system on the Internet. However, in such a distributed environment as a P2P system, security is a significant problem. Generally speaking, in all distributed systems, including the P2P system, the three essential factors to establish trust are: authentication, authorization and encryption. Authentication means that in a network (such as the Internet) a peer proves itself to be the peer it claims to other peers. Authorization is a process to authorize an authenticated peer to implement some action or access certain resources. Encryption is a process to transfer the intelligible information (plaintext) into a form (ciphertext) indecipherable for an unauthorized person or system. Decryption is its inverse process. An obvious use of encryption is protecting information flowing among peers in an unsafe network (such as the Internet) . Combined with the authentication of each peer, this ensures data exchange against being intercepted during communication.
Being applied to file sharing makes it possible for said P2P system to establish an electrical market with comparatively low investment, and introducing an incentive P2P mechanism derived from said P2P concept provides a healthy business model for establishing such an electrical market. Each peer in an iP2P system can process selling, promoting, purchasing and uploading of electrical resources such as MP3 music, DVD video, electrical books and so on. Meanwhile, iP2P must also give reasonable rewards to the resource originator, promoter, uploader and service provider according to their respective contributions .
At present, with the concept of said iP2P electrical market being proposed, there are the following several problems to be solved:
First, in an existing P2P system, since resources are shared, the resources of the originator are free of charge, and thus no protection is available for the copyright of the originator. If an electrical market is established with an iP2P system, it is necessary to solve the problems associated with the copyright and reward of the originator. Second, the problem is how to ensure the rewards of the resource promoter and uploader. After downloading one resource, a certain user in an iP2P system can transmit it to other users by getting around the iP2P system, and another user can upload the resource again, that is to say, another user who does not download the resource can also provide a resource uploading service, and thus get rewarded.
Third, the problem is to ensure the transaction security during resource purchasing. There are some possible unsafe factors such as spoofing and impersonating during the transaction process of the iP2P system. For example, resource 1 is downloaded from user B by a downloading user, but the fees settlement platform is told that resource 1 is downloaded from user C, and then the fees settlement platform will give the reward to user C instead of user B.
Said problems restrict the application of the iP2P system greatly, and up until now there has been no efficient solution for such problems.
(Ill) Summary of the invention
Therefore, the main object of the present invention is to provide a method for resource encryption and decryption which can effectively ensure the integrity and security of resource transaction based on the P2P network, and can also ensure the copyright of the originator and reasonable rewards for the resource promoter and uploader.
To achieve said object, the technical solution of the present invention can be implemented as follows: a method for resource encryption in a distributed P2P network, said distributed P2P network including at least one peer and at least one Central Service Unit, said method includes the following steps: (1) said peer encrypts a resource on said peer for the first time;
(2) slices said encrypted resource;
(3) encrypts said slices for the second time.
Said Central Service Unit generates said private key for said peer and stores said private key when said peer registers on said Central Service Unit. Said private key is then downloaded to said peer when said peer logs into said Central Service Unit, and said original resource is encrypted for the first time by said private key.
After the first encryption, said encrypted resource is sliced by said peer. Private keys are generated respectively by said Central Service Unit for said at least one peer, and said slices are encrypted for the second time by each respective private key of said at least one peer.
A method for resource decryption in a distributed P2P network, said distributed P2P network including at least one peer and at least one Central Service Unit, and said method includes the following steps:
(1) said peer decrypts at least one encrypted slice received by said peer for the first time; (2) assembles said decrypted slices;
(3) said peer decrypts said assembled resource for the second time.
The Central Service Unit generates a public key for the peer and stores the public key when the peer registers on the Central Service Unit. During decryption, said encrypted slices are decrypted respectively for the first time by the peer using the public key generated by said Central Service Unit for the peer which encrypts said slices.
After the peer decrypts at least one encrypted slice received by said peer for the first time, it first verifies the integrity of said slice according to the information of said decrypted slices, and then assembles said resulting decrypted slices. Said assembled resource is decrypted for the second time by the peer using the public key generated by said Central Service Unit for the peer which encrypts resources.
The following steps can also be carried out before the peer performs the decryption for the first time:
(1) said peer searches said resource in said distributed P2P network; (2) said peer acquires a list of peers where said resource is located;
(3) said peer sends a request respectively to the peers on said list, and downloads said encrypted slices from the peers on said list.
A system using said method for resource encryption, said system includes at least one peer and at least one Central Service Unit, wherein said system encrypts a resource on said peer for the first time; then slices said encrypted resource; and said system encrypts said slices for the second time.
A system using said method for resource decryption, said system includes at least one peer and at least one Central Service Unit, wherein said system decrypts the at least one received encrypted slice for the first time, then assembles said decrypted slices, and said system decrypts said assembled resource for the second time.
A method for providing a resource based on a distributed P2P network, said distributed P2P network including at least one peer and at least one Central Service Unit, wherein:
(1) said peer provides the resource;
(2) said peer decrypts the resource according to the method as claimed in claim 7.
It can be seen that the method for resource encryption and decryption which is provided by the present invention has the following advantages and characteristics: (1) The present invention employs a double encryption method, in which the first encryption (that is originator encryption) can ensure that all downloading and uploading of the resources by peers (terminal user) be authorized by the originator, thus the originator in an iP2P system need not worry about piracy, and the copyright of the originator is protected. Furthermore, the Central Service Unit (central server) of iP2P can track and record the resources relevant to the transaction, thus the originator can acquire corresponding rewards according to said record.
(2) The originator will become a holder after issuing the resources, and the shared resources uploaded by a holder are double encrypted as a result, i.e. the originator encrypts and each holder respectively encrypts each slice. This process ensures that the shared resources are only valid for their own holders, and the peer (terminal user) can only be a holder of the resources if it has downloaded the resources, otherwise it is impossible for any other peer (terminal user) to be a holder of the resources. That is to say, to be an uploader of the resources he must first be a consumer of the resources, which protects the copyright of the originator in another way. Moreover, the Central Service Unit (central server) of iP2P can track and record the uploading of the sliced resources, thus the promoter (person recommending resources) and the uploader of the sliced resources can acquire their corresponding rewards according to said record.
(3) Each sliced resource downloaded by a downloader is signed by its holder (i.e. is encrypted for the second time by the private keys of the holder) , the downloader can acquire the decrypted public keys from the Central Service Unit only after the Central Service Unit is told who is the holder of the downloaded slice, and such a mechanism can avoid the possible unsafe factors, such as spoofing and impersonating, during the downloading process. (4) The present invention ensures that the downloader can acquire resources based on the iP2P system in an official and legitimate way. There is a chance for the downloader to become an uploader after downloading the resources, and then acquire the rewards as an uploader; or after downloading the resources, the downloader can recommend the resources to other peers (terminal user) as a promoter, which can also acquire reasonable rewards as a promoter. (5) The present invention can stop the service provider of the iP2P system worrying about the copyright protection and transaction security when establishing an electrical market, and all the resources in the transaction will be tracked and recorded, and the rewards of the originator, holder, uploader and promoter can be ensured.
(IV) BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a schematic diagram of the resource encryption and decryption process in the embodiment of the present invention .
Figure 2 is a schematic diagram of the log-in process of one peer in the embodiment of the present invention.
Figure 3 is a schematic diagram of the resource issuing process in the embodiment of the present invention.
Figure 4 is a schematic diagram of the resource downloading process in the embodiment of the present invention. Figure 5 is a schematic diagram of the resource reassembling process in the embodiment of the present invention.
(V) DETAILED DESCRIPTION OF THE EMBODIMENTS
The present invention will now be described in detail with reference to the attached drawings and embodiments, such embodiments are illustrative and not limiting.
Figure 1 is a schematic diagram of the resource encryption and decryption process in the embodiment of the present invention. The present invention employs the double encryption and double decryption method. The original resource of an originator which is on a peer is first encrypted, and becomes an encrypted resource, and said encrypted resource is sliced into different slices by the peers, and then the slices are encrypted by the same or different peers, and become encrypted slices. While for the downloader, the received encrypted slices are first decrypted, and become decrypted slices, said decrypted slices are assembled by the peers to become an encrypted resource which is then decrypted by the peers, thus the original resource is acquired. Said process of resource encryption and decryption will be described in detail.
Step 1, if one peer wants to join an existing iP2P system, this peer must firstly register on said iP2P system server. After registration, said iP2P system server generates a specific private key and a specific public key for said peer according to the RSA algorithm of asymmetric key encryption which is named after the names of the three inventors: Ron Rivest, Adi Shamir and Leonard Adleman, and the private key and the public key are both stored in the server of the iP2P system.
Step 2, said peer can log into said iP2P system after registering on the iP2P system server, as shown in Figure 2. After the iP2P system server confirms that said peer is a registered and valid peer, said peer will retrieve its private key (Private Key A, Prikey-A) from the iP2P system server .
Step 3, after said peer logs into the iP2P system server, the original resource on said peer is issued, so that other peers in the iP2P system can search said original resource. The issuing process is as shown in Figure 3. (1) First, the peer with the original resource thereon generates an original resource HASH information (Source HASH_INFO) based on SHA (Secure Hash Algorithm) for the original resource, and said original resource HASH information is the unique ID of said original resource. Furthermore, the originator will also give out information about the original resource such as descriptor and price.
(2) Second, said peer encrypts said original resource with its private key, thus the original resource becomes an encrypted resource. For said encrypted resource, the descriptor of encrypted resource is provided by the peer.
(3) Furthermore, said peer divides the encrypted resource into three slices (Slice 1, Slice 2, Slice 3) according to fixed length, and generates different slice HASH information (Slice 1 HASH_INFO, Slice 2 HASH_INFO, Slice 3 HASH_INFO) and slice descriptor for different slices based on SHA. When said peer divides the slices, each slice is added to respective header information, and said information indicates the order of the slices. (4) Then, said peer generates for the original resource basic descriptor information (Meta-info) according to the original resource HASH information, slice HASH information, size of the slice, originator information and price information etc., and said Meta-info is disclosed in the iP2P system, for example, is disclosed in a webpage of a website. After said Meta-info is disclosed, the role of the originator is changed and it becomes a holder.
(5) Peer A encrypts said slices with its private key, whilst said header information is not encrypted. After the encrypted slices are encrypted, two circumstances may occur. The first one is, all the encrypted slices are located on peer A, thus peer A becomes an uploader. The second one is, if a peer B wants to obtain one of the slices, for example Slice 2, peer B first downloads said Meta-info (for example downloads from said public webpage) , then downloads the encrypted Slice 2 from peer A, and a copy of Slice 2 is still saved on peer A. Peer B first acquires the public key of peer A on request from iP2P system server, and then decrypts the downloaded encrypted Slice 2 with the public key of peer A. Peer B still computes a new HASH_INFO for the decrypted Slice 2 with SHA, and then this HASH_INFO is compared with the HASH_INFO of Slice 2 in the Meta-info, if the two are identical, it indicates that the downloaded Slice 2 is the correct and unchanged slice; if the two are different, it indicates that the downloaded Slice 2 is not Slice 2 on peer A, or some error occurred during the downloading process which entails downloading again. After verifying said integrity of Slice 2, peer B encrypts Slice 2 with its private key.
Similarly, if a peer C wants to obtain Slice 3, its procedure is similar to that of peer B obtaining Slice 2. After verifying said integrity of Slice 3, peer C encrypts Slice 3 with its private key. After downloading different slices and encrypting said slices with each private key, peer B and peer C also become uploaders .
Under the two circumstances, the list of said uploaders can be saved on any peer of said iP2P system.
Step 4, after said original resource is disclosed, other peers can search and purchase said resource. The purchaser must download all the encrypted resources from at least one peer. If the bandwidth of the network connecting peer A is wide enough, the purchaser can download three slices from peer A. However, usually when there are many downloaders, the bandwidth of the network connecting peer A is too narrow to support so many downloaders, thus a more popular method is downloading different encrypted slices respectively from peer A, peer B and peer C. For example, the extensively used ADSL (Asymmetric Digital Subscriber Line) is a typical technology transmitting data with an asymmetric up-down rate (bandwidth) ; up-stream is low rate transmission, while downstream is high rate transmission. The downloading process is shown in Figure 4.
First, once peer M has searched the public resources from the webpage, it sends a request to the iP2P server, as shown in Figure 4(1) . Second, the iP2P server finds the list of the uploaders and informs peer M of said list (including peer A, peer B, peer C), as shown in Figure 4(2) . Furthermore, peer M sends a download request to peer A, and then downloads the encrypted Slice 1 from peer A, as shown in Figure 4(3) . Then, peer M sends a download request to peer B, and then downloads the encrypted Slice 2 from peer B, as shown in Figure 4(4) . Finally, peer M sends a download request to peer C, and then downloads the encrypted Slice 3 from peer B, as shown in Figure 4(5) . Thus, all the resource slices are already downloaded on peer M.
Step 5, resources downloaded on peer M are reassembled. Since the downloaded slices have header information, peer M can assemble said slices in sequence based on said header information. Since the resources downloaded by peer M are encrypted slices, the slices should be decrypted under the control of the iP2P server, and then the decrypted slices are reassembled to become an encrypted resource, and said encrypted resource is decrypted, thus the original resource is recovered. The resource reassembling process is shown in Figure 5.
First, peer M sends the list of uploaders to the iP2P server, as shown in Figure 5(1) . Second, the iP2P server saves the list and passes the public key (PubKey-A, PubKey-B, PubKey-C) of each peer in the list to peer M, as shown in Figure 5(2) . Furthermore, peer M decrypts corresponding encrypted slices for the first time with the public keys of different uploaders, and Slice 1, Slice 2 and Slice 3 are acquired respectively, and then peer M computes the HASH_INFO of each slice with SHA, and then the HASH_INFO of each slice is compared with the HASH_INFO of each slice in the META-INFO to verify the integrity of the corresponding slice, as shown in Figure 5(3) . Then, peer M reassembles said decrypted slices into a complete encrypted resource, as shown in Figure 5(4) . Subsequently, peer M requests the public key of the originator from the iP2P server, as shown in Figure 5(5) . The iP2P server passes the public key of the originator to peer M, as shown in Figure 5(6) . Peer M decrypts the reassembled encrypted resource with the public key of the originator, and verifies the integrity of the original resource with the original HASH INFO, as shown in Figure 5(7), thus the original resource on peer M is recovered, as shown in Figure 5(8) .
Step 6, after the original resource is recovered, said resource transaction process is finished. If peer M, as a downloader (purchaser) , thinks said resource is good, then it will recommend the resource to other peers. Suppose peer N obtains the recommended information of peer M, and thinks it is worthy of downloading, peer N will click the URL (Uniform Resource Location) recommended by peer M to download the resource. After completing the download process, peer N needs to give rewards to peer M, i.e. peer M as a promoter acquires its rewards.
Alternatively, after peer M downloads said resource as a downloader (purchaser), peer M itself can become an uploader. After another peer, for example peer X, downloads the resource from peer M, peer M can also acquire corresponding rewards as an uploader. When said peer M is an uploader, after peer M decrypts the downloaded encrypted slices for the first time, Slice 1, Slice 2 and Slice 3 are acquired, and the integrity of the corresponding slices is verified with the HASH_INFO of different slices, and then peer M encrypts said Slice 1, Slice 2 and Slice 3 with its private key. If peer X downloads (purchases) said resource from peer M, peer X needs to acquire the public key of peer M from the Central Service Unit to decrypt the slice resource encrypted by peer M.
Therefore, it can be seen from said above embodiment, that the method of the present invention for encryption and decryption can solve the copyright and the reward problems of the originator during the establishment of an electrical market using the iPSP system. Meanwhile, the present invention also ensures that the resource promoter and uploader obtain their corresponding rewards. The present invention can prevent the possible unsafe factors during the resource transaction process, such as spoofing, impersonating.

Claims

1. A method for resource encryption in a distributed peer- to-peer (P2P) network, said distributed P2P network including at least one peer and at least one Central Service Unit, wherein said method includes the following steps:
(1) said peer encrypts a resource on said peer for the first time ;
(2) slices said encrypted resource; (3) encrypts said slices for the second time.
2. The method for resource encryption as claimed in claim 1, wherein said slices are encrypted for the second time by at least one said peer.
3. The method for resource encryption as claimed in claim
1, wherein said original resource is encrypted for the first time by a private key generated by said Central Service Unit for said peer.
4. The method for resource encryption as claimed in claim
2, wherein said slices are encrypted for the second time by respective private keys which are generated by said Central Service Unit for said at least one peer.
5. The method for resource encryption as claimed in claim 3 or 4, wherein said Central Service Unit generates said private keys for said peer and stores these private keys when said peer registers on said Central Service Unit.
6. The method for resource encryption as claimed in claim 3 or 4, wherein said private keys are downloaded to said peer when said peer logs into said Central Service Unit.
7. A method for resource decryption in a distributed peer- to-peer (P2P) network, said distributed P2P network including at least one peer and at least one Central Service Unit, wherein said method includes the following steps: (1) said peer decrypts at least one encrypted slice received by said peer for the first time;
(2) assembles said decrypted slices;
(3) said peer decrypts said assembled resource for the second time.
8. The method for resource decryption as claimed in claim 7, wherein said encrypted slices are decrypted respectively for the first time by the public key generated by said Central Service Unit for the peer which encrypts said encrypted slices.
9. The method for resource decryption as claimed in claim 7, wherein said assembled resource is decrypted for the second time by the public key generated by said Central Service Unit for the peer which encrypts resources.
10. The method for resource decryption as claimed in claim 8 or 9, wherein said Central Service Unit generates said public key for said peer and stores said public key when said peer registers on said Central Service Unit.
11. The method for resource decryption as claimed in claim 7, wherein the following steps are carried out before said peer performs said decryption for the first time:
(1) said peer searches said resource in said distributed P2P network;
(2) said peer acquires a list of peers where said resource is located; (3) said peer sends a request respectively to the peers on said list, and downloads said encrypted slices from the peers on said list.
12. The method for resource decryption as claimed in claim 7, wherein after said peer decrypts at least one encrypted slice received by said peer for the first time, the integrity of said slices is verified according to the information of the decrypted slices, and then said decrypted slices are assembled.
13. A system using said method for resource encryption, said system includes at least one peer and at least one Central
Service Unit, wherein said system encrypts a resource on said peer for the first time, then slices said encrypted resource, and said system encrypts said slices for the second time.
14. A system using said method for resource decryption, said system includes at least one peer and at least one Central Service Unit, wherein said system decrypts the at least one received encrypted slice for the first time, then assembles said decrypted slices, and said system decrypts said assembled resource for the second time.
15. A method for providing a resource based on a distributed peer-to-peer (P2P) network, said distributed P2P network including at least one peer and at least one Central Service Unit, wherein:
(1) said peer provides the resource;
(2) said peer decrypts the resource according to the method as claimed in claim 7.
PCT/EP2006/065862 2005-08-31 2006-08-31 Method and system for resource encryption and decryption WO2007025998A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200510093609 CN1925388A (en) 2005-08-31 2005-08-31 Resource encrypting and deencrypting method and system
CN200510093609.9 2005-08-31

Publications (2)

Publication Number Publication Date
WO2007025998A2 true WO2007025998A2 (en) 2007-03-08
WO2007025998A3 WO2007025998A3 (en) 2007-10-04

Family

ID=37691793

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/065862 WO2007025998A2 (en) 2005-08-31 2006-08-31 Method and system for resource encryption and decryption

Country Status (2)

Country Link
CN (1) CN1925388A (en)
WO (1) WO2007025998A2 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2444343A (en) * 2006-12-01 2008-06-04 David Irvine Encryption system for peer-to-peer networks in which data is divided into chunks and self-encryption is applied
EP2079033A1 (en) * 2008-01-04 2009-07-15 Irdeto Access B.V. Method and system for secure peer-to-peer communication
CN101699464B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Electronic signature supporting continuous endorsement on media including electronic components
CN101699466B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Electronic signature for endorsing electronic paper through external security part
CN101699468B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Electronic signature for continuously endorsing electronic paper through support of external security part
CN102664740A (en) * 2012-05-02 2012-09-12 四川建设网有限责任公司 Remote-authorization-based bidding document encryption and decryption method
US8769686B2 (en) 2010-02-26 2014-07-01 Futurewei Technologies, Inc. System and method for securing wireless transmissions

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034120B (en) * 2009-10-23 2012-07-25 北京派瑞根科技开发有限公司 Electronic seal for information medium signature containing electronic component
CN101699465B (en) * 2009-10-23 2012-03-07 北京派瑞根科技开发有限公司 Electronic signature for endorsing and signing information medium containing electronic component
CN101763492B (en) * 2009-10-23 2012-03-21 北京派瑞根科技开发有限公司 Signature method on information medium comprising electronic components
CN101763615B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Method for endorsing electronic paper
CN101763614B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Method for endorsing and signing on mixed electronic bill
CN101697202B (en) * 2009-10-23 2012-08-01 北京派瑞根科技开发有限公司 Electronic seal supporting endorsement of external safety component
CN101945125A (en) * 2010-08-30 2011-01-12 北京邮电大学 Method and device for transmitting documents
CN102868912A (en) * 2012-08-16 2013-01-09 北京视博数字电视科技有限公司 Method and system for media content transmission based on CDN (Content Distribution Network) and P2P (Peer to Peer) converged infrastructure
CN108683747B (en) * 2018-06-11 2020-11-27 华为技术有限公司 Resource obtaining, distributing and downloading method, device, equipment and storage medium
CN109391936B (en) * 2018-09-19 2021-04-06 四川长虹电器股份有限公司 OTA upgrade package encryption downloading method
CN109949472A (en) * 2019-02-28 2019-06-28 阿里巴巴集团控股有限公司 System, method and apparatus for ballot
CN110266733A (en) * 2019-07-25 2019-09-20 群淂数码科技(上海)有限公司 Data ciphering method and its system
CN111680307A (en) * 2020-04-23 2020-09-18 平安科技(深圳)有限公司 Distributed data encryption method and device, cloud storage server and storage medium
CN111741022A (en) * 2020-08-03 2020-10-02 南京科讯次元信息科技有限公司 Ultra-large file return based on one-way data import equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002001271A1 (en) * 2000-06-29 2002-01-03 Koninkl Philips Electronics Nv Multiple encryption of a single document providing multiple level access privileges
US20050060538A1 (en) * 2003-09-15 2005-03-17 Intel Corporation Method, system, and program for processing of fragmented datagrams

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002001271A1 (en) * 2000-06-29 2002-01-03 Koninkl Philips Electronics Nv Multiple encryption of a single document providing multiple level access privileges
US20050060538A1 (en) * 2003-09-15 2005-03-17 Intel Corporation Method, system, and program for processing of fragmented datagrams

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MENEZES,VANSTONE,OORSCHOT: "Handbook of Applied Cryptography" 1997, CRC PRESS LLC , USA , XP002445846 page 505 *
WILLIAN STALLINGS: "CRYPTOGRAPHY AND NETWORK SECURITY: PRINCIPLES AND PRACTICE" 1997, PRENTICE-HALL , USA , XP002445845 page 402 - page 418 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2444343A (en) * 2006-12-01 2008-06-04 David Irvine Encryption system for peer-to-peer networks in which data is divided into chunks and self-encryption is applied
GB2446200A (en) * 2006-12-01 2008-08-06 David Irvine Encryption system for peer-to-peer networks which relies on hash based self-encryption and mapping
GB2444343B (en) * 2006-12-01 2012-04-18 David Irvine Self encryption
EP2079033A1 (en) * 2008-01-04 2009-07-15 Irdeto Access B.V. Method and system for secure peer-to-peer communication
CN101699464B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Electronic signature supporting continuous endorsement on media including electronic components
CN101699466B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Electronic signature for endorsing electronic paper through external security part
CN101699468B (en) * 2009-10-23 2011-11-02 北京派瑞根科技开发有限公司 Electronic signature for continuously endorsing electronic paper through support of external security part
US8769686B2 (en) 2010-02-26 2014-07-01 Futurewei Technologies, Inc. System and method for securing wireless transmissions
CN102664740A (en) * 2012-05-02 2012-09-12 四川建设网有限责任公司 Remote-authorization-based bidding document encryption and decryption method

Also Published As

Publication number Publication date
WO2007025998A3 (en) 2007-10-04
CN1925388A (en) 2007-03-07

Similar Documents

Publication Publication Date Title
WO2007025998A2 (en) Method and system for resource encryption and decryption
CN109462588B (en) Decentralized data transaction method and system based on block chain
US9922207B2 (en) Storing user data in a service provider cloud without exposing user-specific secrets to the service provider
Taban et al. Towards a secure and interoperable DRM architecture
US7165050B2 (en) Media on demand via peering
JP5626816B2 (en) Method and apparatus for partial encryption of digital content
US10621520B2 (en) Interoperable keychest
US8806208B2 (en) Apparatuses and methods for enabling a user to consume protected contents of a content provider
US20070106805A1 (en) System and method for peer-to-peer digital content sharing
US8675878B2 (en) Interoperable keychest for use by service providers
US8948398B2 (en) Universal file packager for use with an interoperable keychest
EP2118808A2 (en) Maidsafe.net
WO2007076685A1 (en) A method for extending the url applicable to the streaming media system
EP2273409A2 (en) Interoperable keychest
EP1890827A2 (en) Method and apparatus for authorizing rights issuers in a content distribution system
CN114329529A (en) Asset data management method and system based on block chain
Lee et al. A secure and mutual-profitable DRM interoperability scheme
US9305144B2 (en) Digital receipt for use with an interoperable keychest
CN115412568A (en) Distributed data transmission method, device and system
KR100989371B1 (en) DRM security mechanism for the personal home domain
Banerjee et al. Reliable, fair and decentralized marketplace for content sharing using blockchain
Davidson et al. Content sharing schemes in DRM systems with enhanced performance and privacy preservation
CN116938917A (en) Block chain-based data sharing method, device and system
Gaber et al. Analyzing the digital license reselling problem and its impact on e-commerce

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06793100

Country of ref document: EP

Kind code of ref document: A2