CN100435162C - Construction and Verification Method of Fingerprint in Digital Product and Digital Product Issuing System - Google Patents

Abstract

The invention relates to a method for constructing and verifying fingerprints in digital products. The construction method obtains purchase secret information from purchasers and constructs an unforgeable evidence fingerprint by a copyright server, and then the copyright issuing server combines the license issued by the copyright server with the The sales information is used to construct the identity fingerprint, and finally the fusion technology is used to construct a copy containing the fingerprint. The verification method is to extract the identity fingerprint stored in the digital product to verify the product license and identify the identity of the purchaser, and then rely on the similarity test of the evidence fingerprint to confirm the affiliation. Correspondingly, a digital product distribution system is provided, including a purchasing device, a copyright distribution server and a copyright server. The invention provides a user-friendly and simple and easy method for solving the problems of safe product distribution, permission management and copyright monitoring, and greatly improves the security and scalability of the existing system.

Description

Construction and Verification Method of Fingerprint in Digital Product and Digital Product Issuing System

technical field

The invention relates to a method for constructing and verifying digital fingerprints, in particular to a method for constructing and verifying fingerprints for digital products, and a digital product issuing system for realizing the method, belonging to the field of software technology.

Background technique

With the application and popularization of Internet and digital technology, the media industry based on e-commerce has developed rapidly. However, the characteristics of digital products that are easy to modify, copy and spread make piracy more and more rampant, and copyright protection is becoming more and more important. Moreover, in the existing digital product sales services on the Internet in e-commerce (such as MP3, books, software, movies, etc. download services), usually the copy of the digital product is directly transmitted to the buyer, so that the sales security cannot be guaranteed. The certificate cannot be monitored, and the copyright of digital products cannot be effectively controlled, so that genuine digital products can be downloaded and disseminated everywhere, which seriously damages the copyright interests of digital copyright owners (such as publishers).

Copyright protection techniques with copyright tracking, evidence acquisition, and low complexity are fundamental requirements for future digital distribution systems. There are various problems in the digital rights management technology adopted in the known prior art, and there is still a lack of effective copyright protection methods. For example, electronic currency and electronic transaction systems based on cryptographic technology can guarantee the security and confidentiality of data in sales, but cannot provide support for copyright protection; It is relatively effective, but it cannot be identified by pirates to deter piracy, nor can it provide effective evidence in court and achieve fairness and legitimacy in electronic transactions, especially the imperceptible watermark that has multiple watermark embedded copyrights. Controversial issues, limiting its use in copyright protection.

On the other hand, the existing e-commerce transactions have higher requirements on the computing and storage capabilities of the equipment used to purchase digital products, and even require the same capabilities as the distribution server. As far as the equipment actually used by buyers is concerned, the There are significant limitations in implementation. For example, using a mobile phone to download mp3 songs from a website through GPRS+WAP technology, the buyer's mobile phone can only perform simple calculations on the transaction, and there is not enough processing power and storage space for complex business and password protocols. The information provided by the user It is also extremely limited.

In short, copyright protection technology not only needs to achieve control access permission and copyright certification, but also needs to meet functional requirements such as tracking and trial of pirates, and convenient processing, and existing technologies are currently unable to meet these requirements.

Contents of the invention

In view of the above problems, the object of the present invention is to provide a method for constructing and verifying fingerprints in digital products, using hybrid fingerprint construction technology to construct a digital product containing the characteristic information, copyright license and verifiable information of the buyer of the digital product. Fingerprints, which are fused into digital product copies before distribution. Therefore, when a trusted digital product containing such fingerprints is illegally copied and distributed, the owner (purchaser) information of the trusted copy used to reproduce the illegal copy can be extracted from the illegally copied product, and verified Said owner (buyer) information, so as to realize tracking and identification of pirated products. The method can be used in e-commerce websites, portable devices (handheld computers, mobile phones, etc.), web browsers, or media players to realize the safe distribution of digital products such as audio, video, CD, software, text, etc. Security properties such as traceability, non-repudiation, non-deception, anonymity, etc., and improve the distribution efficiency of digital products.

To achieve the above purpose, the present invention firstly provides a method for constructing digital fingerprints, which is used in digital products. A digital fingerprint is a sequence of digital features that can distinguish similar objects and is processed by a computer. In essence, fingerprints are unique, so adding fingerprints to the same carrier can be used to distinguish them from each other. Fingerprints are also robust, and they serve the purpose of protecting the object by attaching it to the object to be protected. Fingerprint described in the present invention is characterized in that comprising:

A. Identity fingerprint: contains sales, ownership, license and other information, used to identify the copyright of digital products and identify the identity of the buyer;

B. Evidence fingerprint: Contains the buyer's secret information and unforgeable information, which is used to provide evidence of digital product sales or distribution, so as to prevent the publisher from framing the buyer or the buyer from denying the affiliation, and can also be used as a confirmation of treasonous users (ie Buyers who provide illegal copies) provide evidence of illegal copying.

The structural features of the above-mentioned fingerprints ensure that the fingerprints contain both product copyright information and the buyer's personal information. In the case that the evidence fingerprint is strictly confidential, it can play a role in credible proof of illegal behavior. These two fingerprints have different functions and different construction requirements. The evidence fingerprint requires that the fingerprint cannot be forged; the identity fingerprint further needs to embed extractable information in the fingerprint.

As shown in Figure 1, the construction method of fingerprint in the digital product provided by the present invention comprises steps:

1) Generating a purchase secret information string: the purchase device generates a purchase secret information string through a digest function algorithm according to the purchaser information; wherein, the purchaser information includes: time stamp, purchaser public key, purchaser identification and purchaser secret information, all The above-mentioned digest function algorithm can be any one of hash function, message authentication code, cryptographic one-way function, or random permutation algorithm.

2) Constructing a copyright mark sequence: the copyright server uses a fingerprint generation algorithm to construct a copyright mark sequence according to the randomly selected fingerprint seeds and the fingerprint parameters provided by the digital product publisher; the fingerprint parameters include: fingerprint type, fingerprint length, and value range , encoding type, anti-attack strength, detection error rate; the fingerprint generation algorithm can be sequence spread spectrum, key fingerprint algorithm, Boneh-Shaw code, algebraic geometry code, IPP code, FP code, TA code, or direct sequence Any of the spread spectrum.

3) Constructing the proof fingerprint of the purchaser: the copyright issuing server constructs the proof fingerprint of the purchaser through a secret mixing algorithm by using the purchase secret information string and the copyright mark sequence;

The secret mixing algorithm can be any one of a hybrid operation between data (that is, modulo addition and XOR between data), a homomorphic operation between encrypted ciphertexts or commitments, or random permutation; the evidence fingerprint Contains the buyer's secret information and unforgeable information, which is used to provide evidence for the sale or distribution of digital products; the fingerprint seed is a unique random number or sequence, and the fingerprint seed has a short length, which is convenient for exciting the pseudo-random number generator Features that generate sequences of pseudorandom numbers of arbitrary length.

4) Construct the identity fingerprint of the purchaser: the copyright issuing server selects the fingerprint seed, uses the fingerprint generation algorithm to construct the identity fingerprint of the purchaser according to the identity of the purchaser, license and copyright information; the identity fingerprint includes the sales of digital products Information, ownership information and license information used to identify product copyrights and purchaser identities;

5) Constructing a digital product copy with fingerprints: the copyright issuing server attaches the evidence fingerprint and identity fingerprint, or the information formed by encrypting the two fingerprints, to the digital product through fusion technology to generate a product copy containing the characteristics of the buyer , the fusion technology may be any one of video and audio digital watermarking technology, stealth coupling technology, key fingerprint technology, or DVD content scrambling technology. The hidden coupling technology uses the session key to encrypt the original work, and the session key is encrypted with the broadcast encryption algorithm and placed in the work or in the hidden area (partition) of the storage medium in a hidden form. decryption key for decryption.

Among them, the process of encrypting the two fingerprints can be: the copyright issuing server first randomly replaces the evidence fingerprints, and then combines the fingerprints containing the characteristics of the purchaser according to the identity fingerprints and the replaced evidence fingerprints. The specific process is: the copyright issuing server Firstly, the evidence fingerprint is randomly replaced to increase the randomness and security of fingerprint hiding, to ensure that different servers cannot obtain information from each other and to prevent the damage caused by the copyright server being breached; then, according to the identity fingerprint and the replaced Evidence fingerprints are combined to form a complete fingerprint containing the characteristics of the purchaser. The combination method can be mixed together in an overlapping manner or linked together in a non-overlapping manner, such as: identity fingerprint‖evidence fingerprint, where "‖" is a character string link symbol.

Using the method above, it is possible to provide a trusted copy containing the buyer information and product copyright information of the digital product. In the use of trusted copies, the copyright issuing server can restrict the purchaser's behavior according to the copyright information in the identity fingerprint and the use license, for example, control the number of times the license is played, and the product validity period. In addition, the information in the identity fingerprint can also be used as a tracking basis for observing product circulation and usage.

Another object of the present invention is to provide a method for verifying digital fingerprints, which is used to verify digital fingerprints in digital product copies, thereby realizing protection and tracking of digital product copyrights. The method includes steps:

1) The copyright issuing server extracts and decodes the identity fingerprint from the copy of the digital product containing the buyer's identity fingerprint and evidence fingerprint, obtains the buyer's identification, and transmits the seized evidence fingerprint to the arbitration server, wherein the extraction and decoding algorithm Corresponds to the algorithm used in the construction of the fingerprint;

2) The arbitration server requests the copyright server to publish the copyright mark sequence corresponding to the buyer's identification, confirms the authenticity of the copyright mark sequence, and synthesizes it with the purchase secret information to form an evidence fingerprint;

3) The arbitration server compares the evidence fingerprint seized in step 1) with the evidence fingerprint generated in step 2), and if the similarity exceeds the pre-set credibility level, it confirms that the copy of the digital product is related to the identity of the original purchaser . Among them, the similarity comparison method used can be the probability comparison of information error correction decoding, sequence correlation comparison, Viterbi optimal decoding, traitor tracking of key fingerprints, and polynomial-based fingerprint vector search methods. Any one; the credibility level includes parameters: correlation, credibility, discrimination, and collusion tolerance.

After the identity of the buyer of the verified copy of the digital product is confirmed, the buyer of the copy can also provide the buyer's secret information to verify the entire fingerprint construction and tracking process, and appeal for himself.

The technical effect of the above method is to provide a digital fingerprint construction method, which not only realizes copyright management functions such as copyright certification and license, but also meets the needs of source confirmation and credible evidence collection for infringement. The construction method adopts the method of separating the identity fingerprint and the evidence fingerprint, which further enhances the construction flexibility and the security and robustness of the fingerprint; in terms of scalability, the construction method is also convenient to be combined with other digital watermarking or concealment methods to form a A unified management mechanism for many media. The present invention also provides a verification method for digital fingerprints, and provides a user-friendly and simple digital product distribution, sales, and monitoring system for solving copyright disputes, license management, and copyright monitoring by legal means At the same time, this method can also provide certain evidence for court arbitration.

Yet another object of the present invention is to provide a digital product distribution system that implements the above method, including:

1) The purchase device is deployed on a computer terminal connected to the copyright issuing server. The computer terminal is loaded with software capable of realizing digital product purchase and playback functions, and is used to generate purchaser secret information and purchase vouchers. The purchase Credentials include: timestamp, purchaser public key, source IP address, purchase commitment;

2) Copyright issuance server, used to distribute digital products and manage product copyrights, including: sales module, used to process purchase requests and issue products; fingerprint authorization module, used for evidence fingerprint request, fingerprint generation, license issuance and copy with fingerprint The structure; the sales database is used to save sales records including identity fingerprint seeds, buyer information and copyright information, and the sales records include: sales record number, purchase voucher, license, identity fingerprint seeds.

3) The copyright server is deployed on the computer terminal connected to the copyright issuing server for user authentication and license issuance, including: user manager for identity authentication and key management; fingerprint manager for license authorization and evidence fingerprint structure; copyright database, used for copyright and fingerprint authorization information records, described copyright and fingerprint authorization information records include: copyright record number, vendor identification, sales record number, purchase certificate, license, evidence fingerprint seed, Publisher signature.

The copyright server can be built together with the copyright issuing server on the publisher's equipment, or can be built separately on the equipment of a trusted third-party arbitration institution.

Further, the above-mentioned digital product distribution system may also include: an arbitration server, deployed on a computer terminal connected to the copyright server, or a trusted third party separately provides an arbitration device, including: an arbitration service unit, used to The fingerprint evidence is collected during the behavior; the fingerprint identification unit is used to complete the similarity detection of fingerprint information.

Further, the system may also include several copyright tracking proxy servers deployed in the Internet, used to monitor network data flow and obtain pirated products, including copyright monitoring software.

The technical effect of the present invention is that the fingerprint construction method can effectively construct a detectable unique fingerprint sequence to achieve the purpose of distinguishing different users, and adopts random scrambling and similarity detection technology, and the anti-attack performance of fingerprints is comparable to that of verification. Reliability is enhanced; secondly, secure cryptographic operations are integrated into fingerprint generation to enhance fingerprint non-repudiation and non-fraud performance; in addition, digital watermarking and stealth technology are organically applied to fingerprint fusion technology, which not only realizes fingerprint concealment, but also The tracking of the infringer is realized; at the same time, the double-fingerprint technology combining the evidence fingerprint and the identity fingerprint is adopted to ensure the accuracy of the traitor tracking and the validity of the evidence. Using the system provided by the present invention can provide a user-friendly and simple digital product distribution, sales, and monitoring system and method for solving copyright disputes, license management, and copyright monitoring by legal means. At the same time, the method It can also provide certain evidence for court arbitration.

The technical effect of the above system is to provide a convenient and reliable copyright protection method for digital products. First of all, it realizes transparent purchase, that is, realizes the purchase of digital products without the purchaser knowing the existence of copyright information, and minimizes the calculation and storage costs of the purchaser; secondly, the introduction of copyright server satisfies the requirements of licensing rights Independence requirements are also conducive to the efficient realization of complex operations in fingerprint construction and fusion; in conjunction with homomorphic cryptographic systems, message authentication and signature schemes, pseudo-random generators, etc., the security and efficiency of fingerprint construction and corresponding systems are guaranteed.

Yet another feature of the present invention is to provide a method and system for secure copy distribution and copyright protection. While tracking down the traitors, because the fingerprints fused in the product contain the secret information of the purchaser, the publisher and the copyright server, these information are cryptographically secure, ensuring that the publisher cannot frame innocent users, Illegal traitors have the functions of undeniable criminal facts, complete (absence) trial without the participation of the defendant, and the defendant's appeal.

In summary, the method and system of the present invention provide better scalability and adaptability to meet various application needs. In terms of protected digital product categories, the present invention not only covers perceptual media such as video and audio, but also covers copyright protection of expressive media such as software, CDs, and text; in terms of protection forms, content-based data embedding methods can be used , the data covert coupling method based on structure can be adopted. In terms of application environment, the present invention is applicable to the construction of various e-commerce systems and copyright tracking systems, including electronic transactions based on browsers, video/audio on demand based on media players, product ordering on handheld computers, especially various computing , Electronic transactions of devices with limited storage (mobile phone ringtones/MMS services).

Description of drawings

Fig. 1 represents the structural structure figure of digital fingerprint among the present invention;

Fig. 2 represents the structural representation of the digital product issuing system of the preferred embodiment of the present invention;

Fig. 3 represents the digital product registration, sales and arbitration flow chart according to the method and system of the present invention;

Fig. 4 shows the schematic diagram of fingerprint sequence construction based on direct sequence spread spectrum technique;

Figure 5 shows a schematic diagram of linking and fusion of identity fingerprints and evidence fingerprints;

Fig. 6 shows a flow chart of the embodiment of the present invention in the application of copyright authentication and evidence extraction.

Detailed ways

A preferred embodiment of the present invention in the construction of a network media distribution system will be described in detail below with reference to the accompanying drawings.

In the network media distribution system constructed by this embodiment, relying on the correct provision of necessary personal information by the user, the purchase device loaded on the client end automatically executes the purchase behavior in the present invention, including the realization of private information generation, signature authentication, data download, and product decryption. (including format conversion) and other functions. On the one hand, it can ensure the convenience and safety of the user's purchase, and realize the generation of copies with user characteristics without the user's awareness; on the other hand, it can ensure the security of the publisher's sales and realize copyright management. The tracking process can be in The client software conducts a copyright inspection before playing the work. The inspection scope includes: the copyright of the work, the right to use the license, etc. If any infringement is found, it will be stopped and reported; it can also monitor the network flow on the key nodes of the network to monitor abnormal activities. Intercept and obtain pirated information. On this basis, this embodiment constructs a media player (reader) device with copyright management function that supports users' functions of ordering, downloading, playing and recording digital media.

Figure 2 shows a schematic diagram of the structure of the digital product distribution system and the information flow among the various components. The entities involved include: copyright issuing server M, purchase device B, copyright server FC, copyright tracking agent TA and arbitration server A, wherein the copyright server has key distribution and authentication functions in addition to copyright server functions. The buyer obtains commodity information from the sales module 205 of the copyright issuance server 204 through the product player 202 in the purchase device 201, starts the sales terminal process 203 to complete user information entry and purchase request packaging, and the request is sent to the copyright issuance server 204; After verifying the request, the sales module 205 sets up the sale event and forwards it to the fingerprint authorization module 206 to generate fingerprints. The fingerprint authorization module 206 first requests the copyright server 208 to issue copyright certificates and evidence fingerprints; Certificate generation and start fingerprint manager 209 completes evidence fingerprint construction, and interacts with purchasing device 201 to obtain buyer's signature on evidence fingerprint, finally issues certificate and fingerprint to copyright issuing server 204 and stores related records in copyright database 211; fingerprint authorization The module 206 generates the buyer's identity fingerprint according to the certificate and fuses it with the issued evidence fingerprint into the purchased product, and finally sends the fingerprinted product to the purchasing device 201 and stores the sales record in the sales server 207, thereby achieving copyright management in normal commodity purchases For the purpose of generating traceable fingerprints, see Figure 3 for the detailed purchase process.

In terms of copyright management and piracy tracking, multiple copyright tracking agents 213 can be deployed on key nodes of the Internet 212 to monitor network traffic, and suspicious data can be sent to the copyright monitoring server 214 for processing, relying on the copyright information extracted from the data, copyright monitoring Server 214 requests corresponding copyright issuing server 204 to confirm the validity of the copyright certificate; if illegal abuse is found, copyright issuing server 204 identifies the pirate by identity fingerprint, and proposes an arbitration application to arbitration server 215, and the arbitration server starts arbitration service unit 216 and submits an arbitration request to arbitration server 215. The copyright server 208 asks for the evidence fingerprint information of the pirate, compares the evidence fingerprint seized by the fingerprint identification unit 217 with the evidence fingerprint issued by the copyright server, and finally gives a ruling on the pirate, thereby realizing copyright monitoring and pirate identity Confirm the purpose, see Figure 3 for the detailed process.

有 $\left|Z_{n^2}^{*}\right|=\mathrm{\φ}\left(n^2\right)=\mathrm{n\φ}\left(n\right).$ 设g为

的生成元，在上的定义加密函数In order to realize the above functions, the embodiment adopts the Paillier cryptographic system with additive homomorphic properties. In addition, the Benaloh cipher and Naccache-Stern cipher can also meet the design requirements. Let n=pq, where p and q are safe prime numbers, let φ(n) and λ(n) denote Euler function and Carmichael function respectively, for example, by definition, φ(n)=(p-1)(q-1 ) and λ(n)=1cm(p-1, q-1), then the integer multiplication group composed of modulo n ²

have $\left|Z_{{\mathrm{no}}^2}^{*}\right|=\mathrm{\φ}\left({\mathrm{no}}^2\right)=\mathrm{n\φ}\left(\mathrm{no}\right).$ let g be

generator of Define the encryption function on

E(m, r) = g ^m r ⁿ mod n ² (1)

Wherein, m is the plaintext, r is a random number, and m, r<n, and the encryption public key is (n, g). Let L(u)=(u-1)/n, according to the decryption key λ, the plaintext can be obtained from the ciphertext c

$\mathrm{<span\; class="notranslate">\; m</span>}<span\; class="notranslate">\; =</span>\frac{\mathrm{<span\; class="notranslate">\; L</span>}<span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; c</span>}}^{\mathrm{<span\; class="notranslate">\; \&lambda;</span>}}\mathrm{<span\; class="notranslate">\; mod</span>}{\mathrm{<span\; class="notranslate">\; no</span>}}^{\mathrm{<span\; class="notranslate">\; 2</span>}}<span\; class="notranslate">\; )</span>}{\mathrm{<span\; class="notranslate">\; L</span>}<span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; g</span>}}^{\mathrm{<span\; class="notranslate">\; \&lambda;</span>}}\mathrm{<span\; class="notranslate">\; mod</span>}{\mathrm{<span\; class="notranslate">\; no</span>}}^{\mathrm{<span\; class="notranslate">\; 2</span>}}<span\; class="notranslate">\; )</span>}\mathrm{<span\; class="notranslate">\; mod</span>}\mathrm{<span\; class="notranslate">\; no</span>}<span\; class="notranslate">\; -</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; (</span>\mathrm{<span\; class="notranslate">\; 2</span>}<span\; class="notranslate">\; )</span>$

和

加密函数

在

上具有同态性质It can be seen that this cryptographic system is r-independent, and the security of the cryptographic system lies in the security of n decomposition. for any

and

encryption function

exist

is homomorphic on

E(m ₁ )·E(m ₂ ) mod n ² =E(m ₁ +m ₂ mod _n )(3)

Under the assumption of the Hensel-lifting difficulty problem, the RSA-Paillier cipher constructed by combining RSA and Paillier cipher is the first proven semantically secure RSA-type cryptosystem. Since it has a key similar to RSA, it is more convenient for the application in encryption and signature, and the 1024-bits length key is used here.

The digital signature in the embodiment adopts the Digital Signature Standard (DSS), and uses a large prime number p and a 160-bits prime number q to realize a 320-bits signature on a 160-bits plaintext. The hash function (Hash Function) adopts the 160-bits digest obtained by the secure Hash algorithm (SHA).

The above purchase process is shown in Figure 3. The whole process includes two parts: user registration and sales process:

In user registration, the purchase module first needs to send a registration request (A) to the copyright server before purchasing the product, and the registration center completes the registration, including the identity authentication of the legal purchaser and the issuance of the user key (pk _p , sk _p ) certificate , for various currency payment methods, such as bank account number, credit card, mobile phone bill, etc., also need to be completed in the registration stage, and then, the registration center will pass the issued key certificate back to the purchase device (B).

In the sales process, the copyright issue server 205 of the publisher first provides the required commodity information (C) to the purchasing device, and the purchaser starts the sales terminal process 203 after confirming the purchase, and this process enters various user information, including: time stamp, User ID, secret information, key certificate, etc., generate the buyer’s secret plaintext Text _B based on these, and then use the Hash function to obtain the 160-bits long abstract STR B of the buyer’s secret plaintext Text _B , and finally encrypt STR _{B and} Signature SIG _{S, B} gets a purchase commitment PRM _B that will be used to generate evidence fingerprints and serve as proof of the buyer's representation. The structure of the detailed purchase request entry is shown in the following table, where the unit of length is byte, and each byte is g-bits:

After obtaining the purchase commitment PRM _B , the sales terminal module packs the purchase certificate REQ _B , the user identification ID _B , the purchased product description Des and their signatures to form a purchase request message, wherein the purchase certificate REQ _B includes a time stamp, the buyer Public key, source IP address, purchase commitment, etc. Finally, encrypt the message and send it to the copyright issuing server (D). The structure of the purchase request message entry of the specific purchaser is shown in the following table:

After receiving the purchase request message, the sales module checks the validity of the information format, time stamp, etc., confirms the identity (if necessary, a trusted third party can be used to confirm the identity or achieve anonymity), and check the correctness of the request and payment information. Confirmation, such as checking the signature SIG _B of ES _B , etc. If verified, generate a purchase record by the sales management module and obtain the sales record number NO _M , and combine the seller identification, the sales record number, the purchase certificate, the signature of the copyright issuing server and the fingerprint parameter Params to form the issuer's request REQ _M (wherein, Params Including fingerprint structure information, such as fingerprint length, value range, etc.), the copyright issuing server then packs the fingerprint structure request REQ _M , and sends it to the copyright server (E) in encrypted form. The detailed publisher request package structure is as follows:

After receiving the publisher's request, the copyright server checks the validity of the request format, and then checks the authenticity of the publisher's identity ID _M and transmission information (through SIG _{M, R} ), including checking the signature SIG _B of ES _B and SIG _M , and then generate a unique fingerprint FING _B according to Params requirements. In this example, direct sequence spread spectrum (DSSS) technology is used to generate a pseudo-random sequence to construct a fingerprint sequence. The structure of the feedback shift register used is shown in Figure 4. The seed SEED _FC randomly selected by the copyright server is used as the initial state of the feedback shift register to control the pseudo-random PN sequence. The normal sequence of , input this PN sequence into the following function, as shown in Figure 4:

f(x)=2x-1(4)

Make it into a [-1, 1] sequence, and then multiply this sequence with a normal sequence (Figure 402). The properties of the normal sequence are determined by Params, and the properties include mean, variance, etc., and the result of the multiplication will be normal Distribute the fingerprint sequence FING _B . The copyright server then uses pk _B to encrypt each component in FING _B to obtain the ciphertext EF _B , which is calculated using the homomorphic property

${\mathrm{<span\; class="notranslate">\; E\; W</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; =</span>{\mathrm{<span\; class="notranslate">\; EF</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; \&CircleTimes;</span>{\mathrm{<span\; class="notranslate">\; ES</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}$

$<span\; class="notranslate">\; =</span>{\mathrm{<span\; class="notranslate">\; E.</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; FING</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; \&CirclePlus;</span>{\mathrm{<span\; class="notranslate">\; STR</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; (</span>\mathrm{<span\; class="notranslate">\; 5</span>}<span\; class="notranslate">\; )</span>$

为同态乘法运算。Obtain a fingerprint containing the characteristics of the buyer $W_B={\mathrm{FING}}_B\&CirclePlus;{\mathrm{STR}}_B$ The encrypted form of EW _B . in,

is a homomorphic multiplication operation.

As shown in Figure 3, _the copyright server first uses the Hash function to calculate the _{authentication} code HASH _W for EW _B , and signs it to obtain SIG _{W, FC} , and sends the message (ID _FC , HASH _W and SIG _{W, FC} ) to the purchaser in encrypted form, requesting the purchaser to sign the fingerprint EW _B (F); after receiving the message issued by the copyright server, the purchaser signs HASH on the purchaser ID _FC and authentication code _W conducts validity and authenticity authentication. If the authentication is passed, the buyer signs the fingerprint authentication code with the private key to obtain SIG _{W, B} , and returns the signature to the copyright server (G) through a secure channel; the copyright server receives the buyer After signing, check the signature SIG _{W and B.} If it passes the test, construct the copyright certificate EMB _FC . The detailed structure of the copyright certificate is as follows, where the length of the evidence fingerprint segment EW _B is given by LEN _B :

The copyright server sends the copyright certificate EMB _FC to the publisher's copyright issuing server (H) through a secure channel; after receiving the copyright certificate, the fingerprint authorization module checks the identity of the copyright server, the validity of the certificate, and the integrity of the data format, and then verifies The authenticity of EW _B is to authenticate the signatures SIG _{W, B} , SIG _{W, and FC} . If the authentication is passed, the issuing server will also sign EW _B to obtain the signature SIG _WM , and return SIG _WM to the copyright server through a secure channel: copyright server After receiving and verifying the signature of the copyright issuing server, save the necessary information to form the copyright record REC _FC , and the copyright server ends this operation. The detailed structure of the copyright record is as follows:

Data information (arranged in order of storage) length (bytes) meaning Copyright Record Number (NO_FC) 4 Serial number in copyright record Vendor ID (ID_M) 16 The unique identifier of the publisher Sales record number (NO_M) 4 Serial number in sales record Proof of purchase (REQ_M) 344 The purchaser's purchase certificate Copyright statement (CRC_FC) 102 Copyright Notice to Publisher Evidence Fingerprint Seed (SEED_FC) 8 Pseudo-random sequence generator input seed Publisher signature (SIG_W.M) 40 Publisher's signature on EW_B

Fig. 5 shows the construction of the copyright mark and the generation process of the copy with fingerprint of the copyright issuing server. After receiving the copyright certificate from the copyright server, the distribution server constructs an identity fingerprint V _B through fingerprint coding of the copyright information, the record number ID _B of this sale, and the license LIC _B. The fingerprint coding methods include Boneh-Shaw fingerprint model, IPP code (IdentifiableParent Property can confirm the parent code), FP code (Frameproof anti-framing code), TA code (Tracability traceable code), direct sequence spread spectrum fingerprint, etc. Here, the FP code in the Boneh-Shaw model is used to realize the identity fingerprint V _B , and use the buyer's public key pk _B to encrypt V _B and original work X to obtain EV _B and EX.

As shown in Figure 5, the copyright issuing server links the identity fingerprint EV _B (501) and the evidence fingerprint EW _B (502), using the link symbol ‖ to indicate that the two sequences are combined into one sequence (503), and through random The permutation operation obtains the encrypted form of the final fingerprint F _B (504), namely EF _B = π(EW _B ∥EV _B ), the permutation π is uniquely specified for a certain issuer, and is kept as a secret of the issuer to ensure that The servers of different publishers adopting the present invention cannot understand each other's information, so as to enhance security.

Different fusion methods are used for different media. For example, for media such as text and software, a "key fingerprint" fusion technology can be used, that is, a "fingerprint key block" is added to the head of the media, and a general encryption method is used to The media content is encrypted, and its encryption key can be obtained from the fingerprint key block, and this method of obtaining is determined by the fingerprint information (506), such as content scrambling system (CSS) in DVD, Fiat-Naor The broadcast encryption method of Chor-Fiat-Naor, the Traitor Tracing method of Chor-Fiat-Naor, etc.; for video and audio media, the digital watermark embedding method can be used, that is, the fingerprint information is embedded in the media content (507), such as the Cox method , DIM method, lowest bit embedding, etc. are relatively well-established watermark embedding technologies. In this embodiment, watermarking is used for illustration. For the encrypted forms EF _B and EX of F _B and X, according to the property of homomorphic encryption,

${\mathrm{<span\; class="notranslate">\; EX</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; =</span>\mathrm{<span\; class="notranslate">\; EX</span>}<span\; class="notranslate">\; \&CircleTimes;</span>{\mathrm{<span\; class="notranslate">\; EF</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}$

$<span\; class="notranslate">\; =</span>\mathrm{<span\; class="notranslate">\; E.</span>}<span\; class="notranslate">\; (</span>\mathrm{<span\; class="notranslate">\; x</span>}<span\; class="notranslate">\; \&CirclePlus;</span>{\mathrm{<span\; class="notranslate">\; f</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; -</span><span\; class="notranslate">\; (</span>\mathrm{<span\; class="notranslate">\; 6</span>}<span\; class="notranslate">\; )</span>$

$<span\; class="notranslate">\; =</span>\mathrm{<span\; class="notranslate">\; E.</span>}<span\; class="notranslate">\; (</span>\mathrm{<span\; class="notranslate">\; x</span>}<span\; class="notranslate">\; \&CirclePlus;</span>\mathrm{<span\; class="notranslate">\; \&pi;</span>}<span\; class="notranslate">\; (</span>{\mathrm{<span\; class="notranslate">\; W</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; |</span><span\; class="notranslate">\; |</span>{\mathrm{<span\; class="notranslate">\; V</span>}}_{\mathrm{<span\; class="notranslate">\; B</span>}}<span\; class="notranslate">\; )</span><span\; class="notranslate">\; )</span>$

That is, the encrypted form EX _B of the work X _B with the fingerprint F _B is obtained. Use the masking factor provided by masking technology to improve the hiding ability of fingerprints (optional, masking technology is a technology that hides information according to the perception characteristics of human vision and hearing, usually through human visual and auditory masking models, such as Johnston The visual model calculates the masking factor to control the embedding strength of the information to be hidden).

The copyright distribution server packs EX _B according to the standard format specified by the purchase module (such as various industry or enterprise media standards), and issues a product license, and then sends the packaged copy to the buyer through a secure channel (see Figure 3I). The buyer's point-of-sale terminal process receives the copy delivered from the distribution server and checks the file format, then checks the validity of the license in the file, and if it conforms to the license, uses the private key sk _p to EX _B to obtain the user's copy X _B .

Finally, the copyright issuing server checks whether the communication with the purchase module ends normally. If the communication channel is closed, it considers that the purchase has been successfully completed, and will keep information such as the current sales record REC _M , and end the operation. The detailed sales record content structure is as follows:

One function of this embodiment is to realize the copyright control of digital works and the tracking of pirates.

When the copyright tracking agent deployed in the key nodes of the Internet network, download servers, and client playback software finds suspicious works, it extracts the identity based on the identity fingerprint information provided by the publisher (including location in the media, replacement, copyright requirements, etc.) The content of the license in the fingerprint, if the license is found to be invalid, it indicates that there has been an illegal infringement event. The agent starts the corresponding traitor tracking process, as shown in Figure 3. First, the agent transmits these pirated works to the copyright owner, and the fingerprint authorization module in the copyright issuance server further checks the infringement of the license and copyright information, and finds the sales record of the product through the identity fingerprint, and extracts the evidence The fingerprint and the sales voucher SALE _M are sent to the arbitration server (a); after the arbitration server checks the various signatures in the sales voucher SALE _M to confirm the validity of the request, it sends an evidence fingerprint query request to the copyright server (b); the copyright server according to the query Command to find the copyright record REC _FC , and send the record back to the arbitration server in a secure manner (c); the arbitration server integrates the sales record and the copyright record to check the consistency of the data and the signature, and then detects the evidence fingerprint issued by the copyright server and the seized pirated product The consistency of the evidence fingerprints determines whether the pirate has illegally infringed. If the piracy is confirmed, then file a complaint with the buyer and submit evidence of appeal (d); the buyer sends the secret plaintext Text _B entered into the sales terminal process during purchase to the arbitration server as evidence of appeal (e); arbitration The server restores the entire sales process based on all these information, gives the final arbitration result, and sends the result back to the issuing server (f).

Figure 6 shows the detailed copyright control and pirate tracking process. The copyright issuing server first compares the pirated work X'601 with the original work X, and uses the fingerprint feature extraction algorithm 603 corresponding to the fingerprint fusion algorithm to extract the fingerprint feature sequence F' _B 604; then split it into identity fingerprint V Two parts ' _B 605 and evidence fingerprint W' _B 614; carry out license and copyright detection 606 on identity fingerprint V' _B , if authorization detection 608 passes, then identify as licensed product 608, end running; otherwise determine that there is piracy, and send The purchase serial number NO _M 609, the sales certificate SALE _M and the evidence fingerprint W' _B 611 after the random inverse permutation π ^-1 610 are sent to the arbitration server; after checking the validity of the sales certificate SALE _M , the arbitration server sends the copyright acquisition server to the copyright server. To mark the request of FING _B , the copyright server reconstructs the copyright mark FING _B 612 according to the sales record, and synthesizes the evidence fingerprint W _B 614 with the buyer's secret information STR _B 613 according to equation (5), and combines W _B with the sales The signature in the record is sent back to the quorum server over a secure channel. The arbitration server uses various signatures 615 in the sales records of the copyright issuing server to verify the correctness 616 of W _B transmitted by the copyright server. The similarity between _B and the evidence fingerprint W' _B in the pirated version, if the similarity can be confirmed, then the pirated version is confirmed 620, otherwise it indicates that the evidence provided by the issuing server is invalid 619.

Claims (16)

1. A method for constructing fingerprints in a digital product, comprising steps: 1) The purchase device generates a purchase secret information string through a summary function algorithm according to the purchaser's information, and provides the purchase information to the copyright issuing server; 2) The copyright server utilizes the fingerprint generation algorithm to construct the copyright mark sequence according to the fingerprint seeds selected at random and the fingerprint parameters provided by the digital product issuer; the fingerprint parameters include: fingerprint type, fingerprint length, and attack resistance strength; 3) The copyright issuing server uses the purchase secret information string and the copyright mark sequence to construct the buyer's evidence fingerprint through a secret mixing algorithm; the evidence fingerprint contains unforgeable information and is used to provide non-repudiation of digital product distribution and ownership evidence; 4) The copyright issuing server selects the fingerprint seed, and uses the fingerprint generation algorithm to construct the buyer's identity fingerprint according to the buyer's identification, license and copyright information; the identity fingerprint includes the sales information, ownership information and license of the digital product Information used to identify the copyright of the product and the identity of the purchaser; 5) The copyright issuing server attaches the evidence fingerprint and the identity fingerprint, or the information formed by encrypting the two fingerprints, to the digital product through fusion technology to generate a copy of the product containing the characteristics of the buyer. 2. The method according to claim 1, characterized in that, the process of encrypting the two fingerprints described in step 5) is: the copyright issuing server first randomly replaces the evidence fingerprint, and then according to the identity fingerprint and the replaced Evidence fingerprints are combined to form fingerprints containing the characteristics of the purchaser. 3. The method according to claim 1, wherein the digest function algorithm is a hash function, or a message authentication code, or a cryptographic one-way function, or a random permutation algorithm. 4. The method according to claim 1, wherein the purchase information includes: time stamp, purchaser public key, purchaser identification and purchase secret information string. 5. The method according to claim 1, wherein the fingerprint generation algorithm is sequence spread spectrum, or key fingerprint algorithm, or Boneh-Shaw code, or algebraic geometry code, or IPP code, or FP code , or TA code, or direct sequence spread spectrum. 6. The method according to claim 1, wherein the fingerprint seed is a unique random number or sequence. 7. The method according to claim 1, wherein the secret mixing algorithm is a hashing operation between data, a homomorphic operation between encrypted ciphertexts or commitments, or a random permutation. 8. The method according to claim 1, characterized in that the fusion technology is digital watermarking technology of video and audio, or stealth coupling technology, or key fingerprint technology, or DVD content scrambling technology. 9. A method for verifying fingerprints in digital products, comprising the steps of: 1) The copyright issuing server extracts and decodes the identity fingerprint from the copy of the digital product containing the buyer's identity fingerprint and evidence fingerprint, obtains the buyer's identity, and transmits the seized evidence fingerprint to the arbitration server; 2) The arbitration server requests the copyright server to publish the copyright mark sequence corresponding to the buyer's identification, confirms the authenticity of the copyright mark sequence, and synthesizes it with the purchase secret information to form an evidence fingerprint; 3) The arbitration server compares the evidence fingerprint seized in step 1) with the evidence fingerprint generated in step 2), and if the similarity exceeds the pre-set credibility level, it confirms that the copy of the digital product is the same as the original buyer There is a corresponding relationship between the identifiers. 10. The method according to claim 9, characterized in that the similarity comparison method is a probability comparison of information error correction decoding, or sequence correlation comparison, or Viterbi optimal decoding, or key Traitor Tracking of Fingerprints, or Polynomial-Based Fingerprint Vector Search. 11. The method according to claim 9, wherein the credibility level is: correlation, or differentiation, or credibility, or collusion tolerance. 12. A digital product distribution system, comprising: The purchase device is deployed on a computer terminal connected to the copyright issuance server, and is used to generate purchase secret information and a purchase certificate, and the purchase certificate includes: a time stamp, a purchaser public key, and a purchaser's commitment containing the purchase secret information string; The copyright server is deployed on the computer terminal connected to the copyright issuing server for user authentication and license issuance, including: user manager for identity authentication and key management; fingerprint manager for license authorization and evidence Fingerprint structure; copyright database, used for copyright and fingerprint authorization information records; Copyright issuance server for distributing digital products and managing product copyrights, including: a sales module for processing purchase requests and issuing products; a fingerprint authorization module for evidence fingerprint requests, fingerprint generation, license issuance and construction of copies with fingerprints ; Sales database, used to save sales records including identity fingerprint seeds, buyer information and copyright information; Wherein, the fingerprint manager in the copyright server uses the fingerprint generation algorithm to construct the copyright mark sequence according to the randomly selected fingerprint seeds and the fingerprint parameters provided by the digital product issuer; The fingerprint authorization module in the copyright issuance server uses the purchase secret information string and the copyright mark sequence to construct the buyer's evidence fingerprint through a secret mixing algorithm. The evidence fingerprint contains unforgeable information and is used to provide digital product distribution and ownership. The non-repudiation evidence of the relationship; the fingerprint authorization module in the copyright issuing server selects the fingerprint seed from the sales database, and uses the fingerprint generation algorithm to construct the identity fingerprint of the buyer according to the buyer's identification, license and copyright information. The identity fingerprint mentioned above includes the sales information, ownership information and license information of the digital product; the copyright issuance server attaches the evidence fingerprint and the identity fingerprint, or the information formed by encrypting the two fingerprints, to the digital product through fusion technology. Product, to generate a copy of the product with buyer characteristics. 13. The system according to claim 12, further comprising: an arbitration server, which is deployed on a computer terminal connected to the copyright server, or an arbitration device is independently provided by a trusted third party, and the arbitration server includes : Arbitration service unit for collecting fingerprint evidence in case of infringement; The fingerprint identification unit is used to complete the fingerprint information similarity detection. 14. The system according to claim 12, further comprising: a copyright tracking proxy server deployed on the Internet, including copyright monitoring software, used to monitor network data flow and obtain illegally copied digital products. 15. The system according to claim 12, wherein the copyright and fingerprint authorization information records include: copyright record number, seller identification, sales record number, purchase voucher, license, and evidence fingerprint seed. 16. The system according to claim 12, wherein said sales record includes: sales record number, purchase voucher, license, identity fingerprint seed.

Images