WO2010081267A1

WO2010081267A1 - E-book for protecting copyright

Info

Publication number: WO2010081267A1
Application number: PCT/CN2009/000655
Authority: WO
Inventors: 严正华; 赵海萍
Original assignee: 盛大计算机（上海）有限公司
Priority date: 2009-01-15
Filing date: 2009-06-15
Publication date: 2010-07-22
Also published as: CN101782949A

Abstract

An e-book for protecting copyright, the e-book is an electric data reading apparatus, which includes a processor, an internal memory module, and a memory module, display screen, network connecting module, a bus and a dynamic code generating module. The dynamic code generating module has a serial number and a dynamic code generating algorithm set inside it, and the dynamic code generating algorithm is a computing rule between the input and the output of the dynamic code generating module. The different dynamic code generating module has a different serial number, but has the same dynamic code generating algorithm. The input of the different dynamic code generating module at least includes the serial number of the dynamic code generating module.

Description

Copyright protection e-book

Technical field

The present invention relates to an electronic material reading apparatus, and more particularly to an electronic material reading apparatus capable of realizing copyright protection.

Background technique

With the development of networks and electronic products, the way traditional paper books are read can no longer meet the needs of people in the e-age. E-books (electronic data reading devices) are increasingly favored by young people because of their small size, portability, large storage capacity, fast and convenient storage and deletion, and the ability to add or delete electronic materials according to their needs. E-books have increasingly become an alternative to paper books.

The current e-books on the market are mostly ways to directly connect to the Internet to download electronic materials. The electronic data on the network can be downloaded and read as long as it meets the reading format requirements of the e-book, which brings many problems to the copyright protection of electronic materials.

Chinese invention patent specification CN1231852C (Announcement Date: December 14, 2005) An electronic book with a SIM card is opened. The e-book includes a SIM card socket and a SIM card, wherein the SIM card includes ID information and part of operating system information. In use, only the SIM card is on the SIM card socket, part of the operating system in the SIM card and some operating systems in the e-book can be combined to form a complete operating system, and the ID information in the SIM card is used to decrypt the content of the electronic data. This scheme can realize the copyright protection of electronic materials, but it is cumbersome in the design of the operating system. At the same time, if the ID information is stolen, the encryption of the electronic data can be easily cracked.

China Invention Patent Specification CN1200355C (Announcement Date: May 4, 2005) Public An encryption method for an e-book. The key of the e-book includes a fixed portion and a random portion. The key of the random part is at a certain position of the electronic data file, and the location information is determined in the header information of the electronic data file. When used, the electronic data can be decrypted and read only by combining the fixed part and the random part of the key to form a complete key. The scheme can also realize the copyright protection of electronic materials, but only decrypts the electronic data when it is read, and does not perform decryption verification when the electronic data is downloaded. This makes it possible for the random portion of the password to be cracked during the transmission of the electronic data file. Once the random part of the password is cracked, the entire password is exposed, so the solution still does not have high reliability and security. Summary of the invention

The technical problem to be solved by the present invention is to provide an electronic book for protecting copyright, which can effectively protect the copyright of electronic materials.

In order to solve the above technical problem, the copyright protected electronic book is an electronic data reading device, which comprises a processor, a memory module, a storage module, a display screen, a network connection module and a bus, and the electronic book further comprises a dynamic password generating module. The dynamic password generating module has a serial number and a built-in dynamic password generating algorithm, and the dynamic password generating algorithm is a calculation rule between input and output of the dynamic password generating module.

The invention can perform dynamic password verification in the process of downloading electronic materials, and decrypts twice during the access process, thereby effectively ensuring that the identity of the e-book user is unique and difficult to be cracked, and finally realizes copyright protection of the electronic material. DRAWINGS 1 is a schematic diagram of a hardware module of an electronic book for protecting copyrights according to the present invention;

2 is a flow chart of registering a copyright protected e-book to a server according to the present invention;

3 is a flow chart of downloading electronic materials from a server for protecting copyrighted electronic books according to the present invention; and FIG. 4 is a flow chart of accessing electronic materials of copyright protected electronic books according to the present invention.

The reference numerals in the figure are: 1-processor; 2-memory module; 3-memory module; 4-display; 5-network connection module; 6-dynamic password generation module;

Embodiments of the invention

The present invention will be further described in detail below in conjunction with the drawings and specific embodiments.

Please refer to FIG. 1. The electronic book of the present invention is an electronic data reading device, including:

- Processor 1, which can be used to manage and control all hardware modules and software systems of the e-book, such as a microprocessor, a single chip microcomputer, a PLC, or the like.

- Memory module 2, SRAM, ROM, etc. can be used. The data in memory module 2 usually disappears after a power failure, but it can also be retained after a power failure. In memory module 2, the memory of other processes cannot be accessed between different processes, so the memory being used can be considered safe and reliable.

- Memory module 3, SD card, Flash, etc. can be used. The data in enclosure 3 remains after power down. The storage module 3 includes a common storage area that allows the user to access and a restricted storage area that prohibits user access, and the division of the common storage area and the restricted storage area can be implemented by the firmware of the electronic book or by the software system of the electronic book. The restricted storage area means that the firmware or software system of the e-book neither provides a means for accessing the file/folder to the user, nor provides the user with a password-free login/debug means.

- Display 4, "electronic paper" can be used. The "electronic paper" refers to a thin and light, with a record Recalling the function (that is, the original display content can be maintained after the power is turned off), and the display system adopting the reflective display mode. The "electronic paper" technology includes bistable nematic liquid crystal display technology (Bi TNLCD), cholesteric liquid crystal display technology (Ch-LCD), electronic powder fluid display technology (QR-LPD), and/or electrophoretic display technology (EPD). .

- a network connection module 5, connecting the e-book to an external wired or wireless network, and performing bidirectional transmission of data.

- Dynamic password generation module 6, having a serial number and a built-in dynamic password generation algorithm, the dynamic password generation algorithm being a calculation rule between the input and output of the dynamic password generation module. Different dynamic password generation modules have different serial numbers but have the same dynamic password generation algorithm. The input of the dynamic password generating module includes at least the serial number of the dynamic password generating module and the challenge code sent by the server to the e-book.

- Bus 7, each hardware module of the e-book is connected to the bus 7, and data communication between any hardware modules is performed via the bus 7.

The e-book can also include an input module for the user to operate the e-book and the electronic information therein. The input module can be a button, a keyboard, or a touch screen (the touch screen is both a display screen and an input module).

The e-book also includes a software system, for example, an embedded operating system like Linux, which is responsible for all aspects of the use and operation of the e-book.

The use of the e-book includes the following three aspects: one is that the e-book is registered with the server, the other is that the e-book downloads the electronic material from the server, and the third is that the e-book accesses the downloaded electronic material.

The server includes or connects to a database, the database including a plurality of electronic materials, including electronic books, pictures, animations, audio, and/or video, each electronic The data has different numbers. The database also includes the serial number of all dynamic password generation modules. The server has the dynamic password generation algorithm and at least one asymmetric encryption algorithm.

The e-book can download electronic materials from the server only after the server registers. The e-book can access the downloaded electronic material locally in the e-book only after downloading the electronic material from the server.

Referring to FIG. 2, the e-book registration in the server includes the following steps: Step 1: The e-book issues a registration request to the server, where the registration request includes a serial number of the dynamic password generation module of the e-book. The serial number is a combination of a series of numbers. For example, the serial number can take a 9-digit decimal number.

In the second step, the server receives the registration request and queries the database for the serial number in the registration request.

If the serial number is in the database, the server randomly generates a challenge code and sends the challenge code to the e-book.

The challenge code is a combination of a string of numbers, letters, and/or symbols randomly generated by the server. For example, the challenge code can use a 64-bit binary number.

If the serial number is not available in the database, the server stops operating.

In step 3, the e-book receives the challenge code, and the dynamic password generation module of the e-book takes the challenge code and/or the serial number of the dynamic password generation module as an input, and outputs the password, and the e-book sends the password to the server. password.

The password is a combination of a series of numbers calculated by the dynamic password generation module. For example, the password can use a 64-bit binary number. Different dynamic password generation modules have different serial numbers, and the serial number is one of the input items of the dynamic password generation algorithm. Therefore, the passwords calculated by different dynamic password generation modules are always different. For the same dynamic password generation module, since the challenge code generated by the server is random, and the challenge code is also one of the inputs of the dynamic password generation algorithm, the password generated by the same dynamic password generation module is always different. of.

In step 4, the server receives the password and compares it with the results of the server itself calculating the challenge code and/or serial number as input based on the dynamic password generation algorithm.

If the password and the server are the same, the server generates a pair of asymmetric keys using an asymmetric encryption algorithm, and the asymmetric key includes a private key and a public key. The server stores the private key in the database and sends the public key to the e-book.

If the password and server result are different, the server stops operating.

In step 5, the e-book receives the public key and stores the public key in a restricted storage area. In the process of registering the above e-book, the following methods can be used: 1. The e-book connects to the server through the https protocol and communicates with the server. 2. The registration request, challenge code, password, and public key are transmitted in an XML format between the e-book and the server. 3. The asymmetric encryption algorithm uses an RSA algorithm.

Referring to FIG. 3, the downloading the electronic data from the server by the electronic book includes the following steps: Step 1: The electronic book sends a download request to the server, where the download request includes a serial number of the dynamic password generating module of the electronic book.

In the second step, the server receives the download request and queries the database for the serial number in the download request.

If the serial number is in the database, the server randomly generates a challenge code and sends the challenge code to the e-book. Send the challenge code.

In step 3, the e-book receives the challenge code, and the dynamic password generation module of the e-book takes the challenge code and/or the serial number of the dynamic password generation module as an input, and outputs the password, and the e-book sends the password to the server. The password and the number of the electronic material that requested the download.

In step 4, the server receives the password and the number of the electronic material requested for download, and compares the password with the result of the server itself calculating the challenge code as an input according to the dynamic password generation algorithm.

If the two are the same, the server queries the database for the downloaded electronic data according to the number of the electronic data downloaded in the request. When the server cannot find the electronic material requested to be downloaded in the database according to the number of the electronic data downloaded by the request, the server returns an error message to the electronic book.

The server also queries the database for the private key corresponding to the e-book based on the serial number of the dynamic password generating module of the e-book. When the server cannot find the private key corresponding to the e-book in the database according to the serial number of the dynamic password generating module of the e-book, the server returns information of "prompt registration" or "update certificate" to the e-book.

The server then compresses and encrypts the electronic data requested for download (either by compressing and then encrypting, or by compressing and encrypting simultaneously). When compressed, the server randomly generates an access certificate. The access certificate is a combination of a string of numbers randomly generated by the server. For example, an access certificate can use a binary number of 2080 bytes.

The encrypting includes encrypting the electronic data downloaded by the request with the access certificate as a key, and further encrypting the access certificate by using a private key corresponding to the electronic book as a key. The server will be encrypted The electronic data and access certificate are sent to the e-book.

If the two are different, the server stops operating.

In the fifth step, the e-book receives the encrypted electronic data and the access certificate, and stores the encrypted access certificate in the restricted storage area, and the encrypted electronic data can be stored in the common storage area and/or the restricted storage area.

In the process of downloading the electronic data from the server, the above-mentioned e-book can adopt the following methods: 1. The e-book connects and communicates with the server through the https protocol. 2. The download request, the challenge code, the password, the number of the electronic data requesting to download, the error message, the information of the "prompt registration" or "update certificate", the encrypted electronic data and the access certificate are all in the XML format in the e-book. Transfer between the server and the server. Third, the electronic data is usually a file or directory. If the server is a Linux/Unix or similar system, the compression and compression of the electronic data can be first compressed into the cramfs file system using the mkcramfs command, and then the loop_aes block device (block) Device, is a software) that encrypts the cramfs file system to obtain compressed and encrypted electronic data. The ioop-aes block device can be encrypted by AES128 or multikey-v3, and the encryption key used by the loop-aes block device is the access certificate. The server then encrypts the access certificate with the private key in the RSA algorithm.

Referring to FIG. 4, the e-book accessing the downloaded electronic material includes the following steps: Step 1: The e-book searches for an access certificate corresponding to the electronic data in the restricted storage area of the e-book according to the electronic material accessed by the user request. . When the e-book searches for an access certificate corresponding to the electronic material that is not requested to be accessed in the restricted storage area, the e-book displays an error message to the user.

In step 2, the e-book decrypts the access certificate using a public key in the restricted storage area. Solution The secret access certificate is only in memory. After the use, the e-book erases the decrypted access certificate from the memory.

In the third step, the e-book loads the electronic data requested to be accessed by using the decrypted access certificate as a key, and the loading point is in the restricted storage area, and the electronic book automatically decrypts and decompresses the electronic data requested to be accessed, and decrypts The decompressed electronic data is only mounted in the memory area.

The loading is to use a device, a file or a folder as a file system, and the file system is hung in a directory. After loading, the content of the directory is the content of the file system. Load point In the limit storage area, it means that the directory where the file system is mounted is the directory that restricts the storage area.

In step 4, the user uses the e-book to access the decrypted and decompressed electronic material clear text. In the fifth step, the user quits accessing the electronic material, and the electronic book erases the decrypted electronic data plaintext from the memory area, and unloads the electronic material requested to be accessed from the restricted storage area.

The uninstallation removes a file system from a directory. The content of the directory does not include the contents of the file system after uninstallation.

In the process of accessing the downloaded electronic material by the above e-book, the following manner may be adopted: 1. The electronic data and the corresponding access certificate are associated with each other in a checksum manner, for example, using a SHA1 checksum. Multiple electronic materials and multiple access certificates may be stored in the e-book. After receiving the decrypted electronic data and the encrypted access certificate, the electronic book first calculates a checksum for each encrypted electronic data, and encrypts the checksum with the encrypted electronic data. Corresponding and stored together in the restricted storage area. When the e-book needs to find a corresponding access certificate according to the electronic data, the checksum of the electronic data (encrypted state) requested to be accessed is first calculated, and then the corresponding access certificate is searched according to the checksum from the restricted storage area. Second, if the encrypted electronic data is encrypted by a loop-aes block device in Linux/Unix or similar systems. Cramfs file system, then only need a mount command to load the cramf s file system, the Linux / Unix or similar system will automatically decrypt and decompress the loaded file system. 3. If the e-book is a Linux/Unix or similar system, the decrypted and decompressed electronic data plaintext is only mounted in the efs mfs (memory file system) file system. Industrial applicability

Compared with the prior art, the copyright protection e-book of the present invention adds a dynamic password generation module to the hardware, and the dynamic password generation module can input the challenge code sent by the server and its serial number as input, and output the changing dynamics. password. In the process of registering the electronic book with the server and downloading the electronic data from the server, the server needs to verify the dynamic password of the electronic book; when the electronic book accesses the electronic data, the public key in the asymmetric key needs to be first Access to the certificate decryption, and then use the access certificate to decrypt the content of the electronic data, thus ensuring that the copyright of the electronic data is always protected.

Claims

Claim

1. An electronic book for protecting copyright, the electronic book being an electronic data reading device, characterized in that: the electronic book comprises a processor, a memory module, a storage module, a display screen, a network connection module, a bus and a dynamic password generation The module, the dynamic password generating module has a serial number and a built-in dynamic password generating algorithm, and the dynamic password generating algorithm is a calculation rule between input and output of the dynamic password generating module.

2. The copyright protected e-book according to claim 1, wherein: the different dynamic password generating modules have different serial numbers but have the same dynamic password generating algorithm.

3. The copyright-protected electronic book according to claim 1, wherein: the input of the dynamic password generating module includes at least a serial number of the dynamic password generating module and a challenge code sent by the server to the electronic book.

4. The copyright-protected electronic book according to claim 3, wherein: the output of the different dynamic password generating modules is always different;

The output of the different challenge codes sent by the same dynamic password generation module to the e-book by the server is also always different.

5. The copyright-protected electronic book according to claim 1, wherein: said storage module comprises a common storage area for allowing a user to access and a restricted storage area for prohibiting user access, by said firmware or software system of said electronic book. Division.