[go: up one dir, main page]

CN101211395A - Method and system for realizing permission object sharing - Google Patents

Method and system for realizing permission object sharing Download PDF

Info

Publication number
CN101211395A
CN101211395A CNA2006101682588A CN200610168258A CN101211395A CN 101211395 A CN101211395 A CN 101211395A CN A2006101682588 A CNA2006101682588 A CN A2006101682588A CN 200610168258 A CN200610168258 A CN 200610168258A CN 101211395 A CN101211395 A CN 101211395A
Authority
CN
China
Prior art keywords
permission object
terminal
digital content
unit
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2006101682588A
Other languages
Chinese (zh)
Other versions
CN100592318C (en
Inventor
刘道斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Petevio Institute Of Technology Co ltd
Original Assignee
Potevio Institute of Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Potevio Institute of Technology Co Ltd filed Critical Potevio Institute of Technology Co Ltd
Priority to CN200610168258A priority Critical patent/CN100592318C/en
Publication of CN101211395A publication Critical patent/CN101211395A/en
Application granted granted Critical
Publication of CN100592318C publication Critical patent/CN100592318C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供了一种实现权限对象共享的方法,包括:将与数字内容关联的权限对象保存在便携式存储设备中,终端从便携式存储设备中获取权限对象,并按照获取的权限对象使用数字内容。同时,本发明还提供了一种实现权限对象共享的系统,包括:终端和便携式存储设备,其中,便携式存储设备,用于保存与数字内容关联的权限对象;终端,用于从便携式存储设备中获取权限对象,并按照获取的权限对象使用数字内容。本发明中的整个共享过程无需服务器的参与,即使是在离线状态下也可以很方便地实现在多个用户终端上共享RO,从而实现了在保证数字内容版权不被侵犯的前提下,用户又能很方便地使用数字内容。

Figure 200610168258

The invention provides a method for realizing rights object sharing, including: saving the rights object associated with the digital content in a portable storage device, the terminal obtains the rights object from the portable storage device, and uses the digital content according to the obtained rights object. At the same time, the present invention also provides a system for sharing rights objects, including: a terminal and a portable storage device, wherein the portable storage device is used to save rights objects associated with digital content; Obtain a rights object, and use the digital content according to the obtained rights object. The entire sharing process in the present invention does not require the participation of the server, and even in an offline state, it is convenient to share ROs on multiple user terminals, thereby realizing that the user and Can easily use digital content.

Figure 200610168258

Description

实现权限对象共享的方法及系统 Method and system for realizing permission object sharing

技术领域 technical field

本发明涉及数字版权管理(DRM,Digital Rights Management)技术,尤其涉及实现权限对象共享的方法及系统。The present invention relates to digital rights management (DRM, Digital Rights Management) technology, in particular to a method and system for realizing sharing of rights objects.

背景技术 Background technique

随着宽带网络技术的迅速发展,现在越来越多的用户通过网络下载音乐、影视、在线教育课程等数字内容进行使用。数字内容的特点是易于复制、分发和处理,传统的网络下载方式无法实现对这些数字内容的版权保护。但是,由于数字内容提供商生产数字内容是需要一定成本的,如果数字内容未经允许就被任意复制、分发和使用,那么,数字内容提供商的利益就会遭受损失。With the rapid development of broadband network technology, more and more users now download digital content such as music, film and television, and online education courses through the Internet for use. The characteristic of digital content is that it is easy to copy, distribute and process, and the traditional network download method cannot realize the copyright protection of these digital content. However, since digital content providers need certain costs to produce digital content, if digital content is copied, distributed and used arbitrarily without permission, the interests of digital content providers will suffer.

数字版权管理DRM是保护数字内容免受未经授权复制和使用的一种方法。它为内容提供商保护其私有音乐或其他数据免受非法复制和使用提供了一种手段。DRM技术通过对数字内容进行加密和附加使用规则对数字内容进行保护,其中,使用规则可以判断用户是否符合使用数字内容的条件,一般可以防止内容被复制或者限制内容的播放次数。Digital Rights Management DRM is a method of protecting digital content from unauthorized copying and use. It provides a means for content providers to protect their proprietary music or other data from illegal copying and use. DRM technology protects digital content by encrypting digital content and attaching usage rules. The usage rules can determine whether a user meets the conditions for using digital content, and generally prevent content from being copied or limit the number of times the content can be played.

受DRM技术保护的数字内容是被加密的,任何用户都可以自由访问加密的数字内容,用户也可以将加密的数字内容转发给家人或者朋友共享。但是,用户如果要使用数字内容,就必须购买与该内容相关联的权限对象(RO)。数字内容的使用是严格按照购买的权限对象来执行的,用户不能做到越权使用。The digital content protected by DRM technology is encrypted, and any user can freely access the encrypted digital content, and the user can also forward the encrypted digital content to family members or friends for sharing. However, if a user wants to use digital content, he must purchase a rights object (RO) associated with the content. The use of digital content is carried out strictly according to the purchased permission object, and users cannot use it beyond their rights.

在传统的DRM技术中,虽然数字内容可以自由传播,但数字内容的权限对象RO却不能随意转发。也就是说,如果用户将购买的RO下载到了某个终端设备上,那么用户则只能在该终端上使用数字内容。用户若想在其它终端上使用数字内容,就必须重新下载RO。另外,虽然数字内容的自由传播性使得用户能够将加密的数字内容转发给家人或者朋友共享,但传统的DRM技术不允许用户之间共享执行内容所需的RO,数字内容的接收者在没有获得与该内容关联的RO之前无法使用接收到的数字内容。可见,传统的DRM技术虽然保护了数字内容提供商的利益,但对于用户使用数字内容却极为不便。In the traditional DRM technology, although the digital content can be freely disseminated, the rights object RO of the digital content cannot be forwarded arbitrarily. That is to say, if the user downloads the purchased RO to a terminal device, the user can only use the digital content on the terminal device. If the user wants to use the digital content on other terminals, he must re-download the RO. In addition, although the free dissemination of digital content enables users to forward encrypted digital content to family members or friends for sharing, traditional DRM technology does not allow users to share the RO required to execute the content, and the recipients of digital content do not have access to The RO associated with the content was previously unable to use the received digital content. It can be seen that although the traditional DRM technology protects the interests of digital content providers, it is extremely inconvenient for users to use digital content.

日本的公开号为200358657的专利申请提出了一种用于与其它用户共享使用数字内容许可即RO的方法。该方法主要包括:在许可信息服务器的专用区域中为每个用户或终端存储关于内容许可的信息;当接收到分配者发送的请求时,创建加密密钥,使用该密钥加密关于许可的信息,并将加密后的信息从专用区域移到公共区域,然后将加密密钥发给分配者;分配者将已发行的加密密钥传送给受让者后,当受让者请求传递许可时,检查受让者是否拥有已发行给分配者的加密密钥来验证受让者;验证时,用受让者发送的密钥解密关于许可的信息,并为受让者将解密信息从公共区域移到专用区域。Japanese Patent Application Publication No. 200358657 proposes a method for sharing a license to use digital content, RO, with other users. The method mainly includes: storing information about content licenses for each user or terminal in a dedicated area of the license information server; when receiving a request sent by a distributor, creating an encryption key, and using the key to encrypt information about licenses , and move the encrypted information from the private area to the public area, and then send the encryption key to the distributor; after the distributor transmits the issued encryption key to the transferee, when the transferee requests permission, Verify the transferee by checking that the transferee possesses the encryption key issued to the assignor; when verifying, decrypt the information about the license with the key sent by the transferee, and move the decrypted information from the public domain for the transferee to a dedicated area.

该方法可以使持有内容许可的用户将许可传递给其他用户,实现多个用户之间共享权限对象。但是,该方法需要许可信息服务器的参与,也就是说,只有在在线状态下才能实现权限对象的共享。另外,为了将内容许可传递给受让者,分配者必须先从许可信息服务器接收加密密钥,将收到的加密密钥传送给受让者,然后许可信息服务器再用加密密钥来验证受让者,整个过程非常复杂繁琐。The method can enable the user holding the content license to transfer the license to other users, so as to realize the sharing of rights objects among multiple users. However, this method requires the participation of the license information server, that is to say, the sharing of rights objects can only be realized in an online state. In addition, in order to transfer the content license to the transferee, the distributor must first receive the encryption key from the license information server, transmit the received encryption key to the transferee, and then the license information server uses the encryption key to authenticate the recipient. Otherwise, the whole process is very complicated and cumbersome.

发明内容 Contents of the invention

有鉴于此,本发明的主要目的在于提供一种实现权限对象共享的方法及系统,在离线状态下方便地实现权限对象的共享。In view of this, the main purpose of the present invention is to provide a method and system for realizing the sharing of rights objects, which can conveniently realize the sharing of rights objects in an offline state.

为达到上述目的,本发明提供的实现权限对象共享的方法如下:In order to achieve the above-mentioned purpose, the method for realizing permission object sharing provided by the present invention is as follows:

将与数字内容关联的权限对象保存在便携式存储设备中,终端从便携式存储设备中获取权限对象,并按照获取的权限对象使用数字内容。The rights object associated with the digital content is stored in the portable storage device, and the terminal obtains the rights object from the portable storage device, and uses the digital content according to the obtained rights object.

其中,所述终端从便携式存储设备中获取权限对象包括:Wherein, the terminal obtaining the rights object from the portable storage device includes:

A、终端向便携式存储设备发送获取权限对象的请求,该请求中携带数字内容的内容标识及终端请求的使用权限;A. The terminal sends a request to the portable storage device to acquire a permission object, and the request carries the content identifier of the digital content and the usage permission requested by the terminal;

B、便携式存储设备收到来自终端的请求后,读取与该请求中携带的内容标识相对应的权限对象,并在该权限对象的限制内根据终端请求的使用权限重新创建权限对象,再将重新创建的权限对象发送给终端。B. After the portable storage device receives the request from the terminal, it reads the rights object corresponding to the content identifier carried in the request, and recreates the rights object according to the use rights requested by the terminal within the limits of the rights object, and then The recreated permission object is sent to the terminal.

所述步骤B之后进一步包括:Further comprising after the step B:

便携式存储设备根据终端请求的使用权限,对自身保存的、与所述内容标识相对应的权限对象进行更新。The portable storage device updates the rights object stored by itself and corresponding to the content identifier according to the usage rights requested by the terminal.

所述步骤A之前进一步包括:Further include before the step A:

终端与便携式存储设备相互进行身份认证,并生成相同的会话密钥。The terminal and the portable storage device authenticate each other and generate the same session key.

步骤B所述将重新创建的权限对象发送给终端包括:便携式存储设备使用生成的会话密钥对重新创建的权限对象进行加密,并将加密的权限对象发送给终端;The sending of the re-created rights object to the terminal in step B includes: the portable storage device uses the generated session key to encrypt the re-created rights object, and sends the encrypted rights object to the terminal;

所述终端按照获取的权限对象使用数字内容之前进一步包括:终端收到便携式存储设备发送来的加密的权限对象后,使用生成的会话密钥对收到的加密的权限对象进行解密,恢复出权限对象明文。Before the terminal uses the digital content according to the acquired rights object, it further includes: after receiving the encrypted rights object sent by the portable storage device, the terminal uses the generated session key to decrypt the received encrypted rights object to restore the rights Object plaintext.

所述终端按照获取的权限对象使用数字内容包括:The use of digital content by the terminal according to the acquired rights object includes:

终端使用获取的权限对象中包含的解密密钥对所述数字内容进行解密,恢复出数字内容明文,并按照获取的权限对象中包含的数字内容使用权限使用数字内容。The terminal decrypts the digital content by using the decryption key included in the obtained rights object, recovers the plaintext of the digital content, and uses the digital content according to the digital content usage rights included in the obtained rights object.

所述终端按照获取的权限对象使用数字内容之后进一步包括:After the terminal uses the digital content according to the acquired rights object, it further includes:

终端使用获取的权限对象中包含的加解密密钥对所述数字内容进行加密并保存。The terminal encrypts and saves the digital content using the encryption and decryption key included in the acquired rights object.

本发明提供的实现权限对象共享的系统包括:终端和便携式存储设备,其中,便携式存储设备,用于保存与数字内容关联的权限对象;The system for sharing rights objects provided by the present invention includes: a terminal and a portable storage device, wherein the portable storage device is used to store rights objects associated with digital content;

终端,用于从便携式存储设备中获取权限对象,并按照获取的权限对象使用数字内容。The terminal is used to obtain the rights object from the portable storage device, and use the digital content according to the obtained rights object.

所述终端包括:权限对象获取单元和数字内容使用单元,其中,The terminal includes: a rights object acquiring unit and a digital content using unit, wherein,

权限对象获取单元,用于向便携式存储设备发送携带数字内容的内容标识及请求的使用权限的获取权限对象请求,并用于接收来自便携式存储设备的权限对象,将获取的权限对象发送给数字内容使用单元;The rights object obtaining unit is used to send the request for obtaining the rights object carrying the content identification of the digital content and the requested use right to the portable storage device, and is used to receive the rights object from the portable storage device, and send the obtained rights object to the digital content for use unit;

数字内容使用单元,用于按照收到的权限对象使用数字内容;a digital content usage unit, configured to use the digital content according to the received rights object;

所述便携式存储设备包括:权限对象存储单元和权限对象创建单元,其中,The portable storage device includes: a rights object storage unit and a rights object creation unit, wherein,

权限对象存储单元,用于保存与数字内容关联的权限对象;a rights object storage unit, configured to store rights objects associated with digital content;

权限对象创建单元,用于接收来自终端的获取权限对象请求,从权限对象存储单元中读取与该请求中携带的内容标识相对应的权限对象,并在该权限对象的限制内根据所述请求中携带的终端请求的使用权限重新创建权限对象,将重新创建的权限对象发送给终端。A rights object creation unit, configured to receive a request for acquiring a rights object from the terminal, read the rights object corresponding to the content identifier carried in the request from the rights object storage unit, and perform the request within the limits of the rights object The permission object carried by the terminal is recreated with the permission requested by the terminal, and the recreated permission object is sent to the terminal.

所述便携式存储设备进一步包括:权限对象更新单元,The portable storage device further includes: a rights object update unit,

所述权限对象创建单元,进一步用于将终端请求的使用权限发送给权限对象更新单元;The authority object creation unit is further configured to send the use authority requested by the terminal to the authority object update unit;

权限对象更新单元,用于根据收到的终端请求的使用权限对权限对象存储单元中保存的与所述内容标识相对应的权限对象进行更新。A rights object updating unit, configured to update the rights object stored in the rights object storage unit corresponding to the content identifier according to the received usage rights requested by the terminal.

所述便携式存储设备进一步包括:加密单元,The portable storage device further includes: an encryption unit,

所述权限对象创建单元,用于将重新创建的权限对象发送给加密单元;The rights object creation unit is configured to send the re-created rights object to the encryption unit;

所述加密单元,用于对收到的权限对象进行加密,并将加密后的权限对象发送给终端;The encryption unit is configured to encrypt the received rights object, and send the encrypted rights object to the terminal;

所述终端进一步包括:解密单元,The terminal further includes: a decryption unit,

所述权限对象获取单元,用于将获取的权限对象发送给解密单元;The authority object acquisition unit is configured to send the acquired authority object to the decryption unit;

所述解密单元,用于对收到的权限对象进行解密,并将解密后的权限对象发送给数字内容使用单元。The decryption unit is used to decrypt the received rights object, and send the decrypted rights object to the digital content usage unit.

另外,本发明还提供了一种存储设备,能够实现对权限对象的管理。In addition, the present invention also provides a storage device capable of realizing the management of rights objects.

该存储设备包括:权限对象存储单元和权限对象创建单元,其中,The storage device includes: a permission object storage unit and a permission object creation unit, wherein,

权限对象存储单元,用于保存与数字内容关联的权限对象;a rights object storage unit, configured to store rights objects associated with digital content;

权限对象创建单元,用于接收来自终端的获取权限对象请求,从权限对象存储单元中读取与该请求中携带的内容标识相对应的权限对象,并在该权限对象的限制内根据所述请求中携带的终端请求的使用权限重新创建权限对象,将重新创建的权限对象发送给终端。A rights object creation unit, configured to receive a request for acquiring a rights object from the terminal, read the rights object corresponding to the content identifier carried in the request from the rights object storage unit, and perform the request within the limits of the rights object The permission object carried by the terminal is recreated with the permission requested by the terminal, and the recreated permission object is sent to the terminal.

该存储设备进一步包括:权限对象更新单元,The storage device further includes: a rights object updating unit,

所述权限对象创建单元,进一步用于将终端请求的使用权限发送给权限对象更新单元;The authority object creation unit is further configured to send the use authority requested by the terminal to the authority object update unit;

权限对象更新单元,用于根据收到的终端请求的使用权限对权限对象存储单元中保存的与所述内容标识相对应的权限对象进行更新。A rights object updating unit, configured to update the rights object stored in the rights object storage unit corresponding to the content identifier according to the received usage rights requested by the terminal.

该存储设备进一步包括:加密单元,The storage device further includes: an encryption unit,

所述权限对象创建单元,用于将重新创建的权限对象发送给加密单元;The rights object creation unit is configured to send the re-created rights object to the encryption unit;

所述加密单元,用于对收到的权限对象进行加密,并将加密后的权限对象发送给终端。The encryption unit is configured to encrypt the received rights object, and send the encrypted rights object to the terminal.

另外,本发明还提供了一种终端,通过从便携式存储设备获取权限对象来使用数字内容。In addition, the present invention also provides a terminal for using digital content by acquiring a rights object from a portable storage device.

该终端包括:权限对象获取单元和数字内容使用单元,其中,The terminal includes: a rights object acquiring unit and a digital content using unit, wherein,

权限对象获取单元,用于从便携式存储设备中获取权限对象,并将获取的权限对象发送给数字内容使用单元;a rights object obtaining unit, configured to obtain the rights object from the portable storage device, and send the obtained rights object to the digital content use unit;

数字内容使用单元,用于按照收到的权限对象使用数字内容。The digital content usage unit is configured to use the digital content according to the received rights object.

该终端进一步包括:解密单元,The terminal further includes: a decryption unit,

所述权限对象获取单元,用于将获取的权限对象发送给解密单元;The authority object acquisition unit is configured to send the acquired authority object to the decryption unit;

所述解密单元,用于对收到的权限对象进行解密,并将解密后的权限对象发送给数字内容使用单元。The decryption unit is used to decrypt the received rights object, and send the decrypted rights object to the digital content usage unit.

由此可见,本发明通过具有DRM功能的便携式存储设备来管理RO,实现多用户之间或者多个用户终端之间权限对象的共享。用户若要在其它终端上使用数字内容、或者是与其他用户共享使用数字内容,则只需从所述便携式存储设备中获取相应的RO即可。整个共享过程无需服务器的参与,即使是在离线状态下,也可以很方便地实现在多个用户终端上共享RO。从而实现了在保证数字内容版权不被侵犯的前提下,用户又能很方便地使用数字内容。It can be seen that the present invention manages ROs through a portable storage device with a DRM function, and realizes the sharing of rights objects among multiple users or between multiple user terminals. If the user wants to use the digital content on other terminals, or share the digital content with other users, he only needs to obtain the corresponding RO from the portable storage device. The entire sharing process does not require the participation of the server, even in an offline state, it is very convenient to share ROs on multiple user terminals. Therefore, under the premise of ensuring that the copyright of the digital content is not infringed, the user can use the digital content conveniently.

附图说明 Description of drawings

图1为本发明实施例中终端从便携式存储设备中获取RO,并按照获取的RO使用数字内容的过程示意图。FIG. 1 is a schematic diagram of a process in which a terminal acquires an RO from a portable storage device and uses digital content according to the acquired RO in an embodiment of the present invention.

图2为本发明中实现权限对象共享的系统结构示意图。FIG. 2 is a schematic structural diagram of a system for realizing permission object sharing in the present invention.

图3为本发明一实施例中实现权限对象共享的系统结构示意图。FIG. 3 is a schematic structural diagram of a system for realizing permission object sharing in an embodiment of the present invention.

图4为本发明另一实施例中实现权限对象共享的系统结构示意图。FIG. 4 is a schematic structural diagram of a system for implementing rights object sharing in another embodiment of the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案及优点更加清楚明白,下面参照附图并举实施例,对本发明作进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples.

本发明提供的实现权限对象共享的方法的基本思想是:将与数字内容关联的权限对象RO保存在便携式存储设备中,终端从便携式存储设备中获取权限对象,并按照获取的权限对象使用数字内容。The basic idea of the method for realizing rights object sharing provided by the present invention is: save the rights object RO associated with the digital content in the portable storage device, and the terminal obtains the rights object from the portable storage device, and uses the digital content according to the obtained rights object .

具体而言即,数字内容提供商将加密后的数字内容放在内容分发服务器上供用户自由下载,并将与数字内容关联的RO放在权限分发服务器上;用户从内容分发服务器下载数字内容到自身的终端后,若要在终端中使用该数字内容,则必须购买与该数字内容关联的RO,从权限分发服务器下载该RO到终端;如果用户希望也能够在其它终端上使用下载的数字内容,则用户可以通过终端从权限分发服务器下载与该数字内容关联的权限对象RO到具有DRM功能的便携式存储设备中并保存,并将下载的数字内容通过拷贝或者其它方式转移到其它终端上,当用户要在其它终端上使用该数字内容时,用户可以将所述保存有RO的便携式存储设备插到欲使用该数字内容的终端上,该终端从所述便携式存储设备中获取RO,并按照获取的RO使用该数字内容。Specifically, the digital content provider puts the encrypted digital content on the content distribution server for users to download freely, and puts the RO associated with the digital content on the authority distribution server; the user downloads the digital content from the content distribution server to the If you want to use the digital content in your own terminal, you must purchase the RO associated with the digital content, and download the RO from the rights distribution server to the terminal; if the user wants to use the downloaded digital content on other terminals , then the user can download the rights object RO associated with the digital content from the rights distribution server through the terminal, store it in a portable storage device with DRM function, and transfer the downloaded digital content to other terminals by copying or other methods. When the user wants to use the digital content on other terminals, the user can insert the portable storage device that stores the RO into the terminal that wants to use the digital content, and the terminal obtains the RO from the portable storage device, and obtains according to the The RO uses this digital content.

也就是说,本发明通过具有DRM功能的便携式存储设备来管理RO,实现多用户之间或者多个用户终端之间权限对象的共享。用户若要在其它终端上使用数字内容、或者是与其他用户共享使用数字内容,则只需从所述便携式存储设备中获取相应的RO即可。整个共享过程无需服务器的参与,即使是在离线状态下,也可以很方便地实现在多个用户终端上共享RO。从而实现了在保证数字内容版权不被侵犯的前提下,用户又能很方便地使用数字内容。That is to say, the present invention manages ROs through a portable storage device with a DRM function, and realizes the sharing of rights objects among multiple users or between multiple user terminals. If the user wants to use the digital content on other terminals, or share the digital content with other users, he only needs to obtain the corresponding RO from the portable storage device. The entire sharing process does not require the participation of the server, even in an offline state, it is very convenient to share ROs on multiple user terminals. Therefore, under the premise of ensuring that the copyright of the digital content is not infringed, the user can use the digital content conveniently.

其中,所述终端为计算机、移动电话、PDA等用户使用的设备;所述便携式存储设备为移动存储卡、U盘、移动硬盘等存储设备。Wherein, the terminal is a device used by users such as computers, mobile phones, and PDAs; and the portable storage device is a storage device such as a mobile memory card, a U disk, and a mobile hard disk.

所述RO主要包括用来加解密数字内容的加解密密钥及数字内容使用权限。数字内容使用权限相当于背景技术中所述的使用规则,主要用来判断用户是否符合使用数字内容的条件,比如用户是否具有复制权限、用户播放内容的次数是否已经达到上限值等等。用户必须严格按照RO中的使用权限来使用数字内容。The RO mainly includes encryption and decryption keys used to encrypt and decrypt digital content and digital content use rights. Digital content use rights are equivalent to the use rules described in the background technology, and are mainly used to determine whether a user meets the conditions for using digital content, such as whether the user has copy rights, whether the number of times the user has played the content has reached the upper limit, and so on. Users must strictly follow the usage rights in RO to use digital content.

Figure A20061016825800121
Figure A20061016825800121

表1Table 1

表1所示为RO结构的一示范性实例。Table 1 shows an exemplary RO structure.

其中,第一项为用来标识数字内容的内容标识(ID);第二项为对应所示内容ID的数字内容的使用权限;第三项为对应所示内容ID的数字内容的加解密密钥。内容提供商使用所述加解密密钥对数字内容进行加密,终端使用所述加解密密钥对加密后的数字内容进行解密。Among them, the first item is the content identification (ID) used to identify the digital content; the second item is the usage authority of the digital content corresponding to the indicated content ID; the third item is the encryption and decryption of the digital content corresponding to the indicated content ID key. The content provider uses the encryption and decryption key to encrypt the digital content, and the terminal uses the encryption and decryption key to decrypt the encrypted digital content.

关于约束条件的存在形式有很多种。比如参见表2所示的约束条件结构,以播放权限为例,数字内容提供商既可以通过计次的方式限制用户的播放次数,又可以通过累计时间的方式限制用户的播放时间,或者通过规定起止时间的方式限制用户的播放时段等等。There are many forms of constraints. For example, refer to the constraint condition structure shown in Table 2. Taking playback rights as an example, digital content providers can limit the user’s playback times by counting times, limit the user’s playback time by accumulating time, or limit the user’s playback time by specifying The way of starting and ending time limits the user's playing period and so on.

Figure A20061016825800131
Figure A20061016825800131

表2Table 2

在本发明中,当用户要通过终端使用数字内容时,则必须先从所述具有DRM功能的保存有RO的便携式存储设备中获取与该数字内容关联的RO。为更加清楚起见,下面以便携式存储设备为移动存储卡(简称存储卡)为例,对终端从便携式存储设备中获取RO,并按照获取的RO使用数字内容的过程进行详细说明。In the present invention, when the user wants to use the digital content through the terminal, the RO associated with the digital content must first be obtained from the portable storage device with the DRM function that stores the RO. For more clarity, the following takes the portable storage device as a removable storage card (memory card for short) as an example, and describes in detail the process in which the terminal acquires the RO from the portable storage device and uses the digital content according to the acquired RO.

参见图1所示,该过程主要包括以下步骤:Referring to Figure 1, the process mainly includes the following steps:

步骤101:当用户要使用终端上的数字内容时,用户将保存有RO的存储卡插到终端上,终端与存储卡之间相互进行身份认证,并且终端与存储卡双方生成相同的会话密钥。Step 101: When the user wants to use the digital content on the terminal, the user inserts the memory card with the RO stored in the terminal, the terminal and the memory card authenticate each other, and both the terminal and the memory card generate the same session key .

比如,终端和存储卡分别产生一个随机数,并将各自产生的随机数发送给对方,终端/存储卡收到对方发送来的随机数后,将收到的随机数与自身产生的随机数进行模2运算,生成相同的会话密钥。For example, the terminal and the memory card respectively generate a random number and send the random number generated by each to the other party. After receiving the random number sent by the other party, the terminal/memory card compares the received random number with the random number generated by itself. Modulo 2 operation to generate the same session key.

步骤102:终端与存储卡相互身份认证成功之后,用户可以通过点击终端中的数字内容或通过其它方式,向终端发送使用数字内容的请求,终端收到用户的使用请求后,读取该数字内容的内容ID,并向存储卡发送获取与该内容关联的RO的请求,该请求中包含该数字内容的内容ID。Step 102: After the mutual identity authentication between the terminal and the memory card is successful, the user can send a request to the terminal to use the digital content by clicking on the digital content in the terminal or by other means, and the terminal reads the digital content after receiving the user's use request the content ID of the digital content, and send a request to the memory card to obtain the RO associated with the content, and the request includes the content ID of the digital content.

另外,终端在发送获取RO的请求的同时,还要将请求的使用权限发送给存储卡,比如终端请求的使用权限是播放该数字内容1次。In addition, when the terminal sends the request for obtaining the RO, it also needs to send the requested usage permission to the memory card, for example, the terminal requests the usage permission to play the digital content once.

步骤103:存储卡收到终端发送来的获取RO的请求后,读取与其中携带的内容ID相对应的RO,并在该RO的限制内根据终端请求的使用权限创建新的RO。Step 103: After receiving the RO acquisition request from the terminal, the memory card reads the RO corresponding to the content ID carried therein, and creates a new RO within the limits of the RO according to the use rights requested by the terminal.

比如,当终端请求的使用权限是播放该数字内容1次时,新创建的RO中包括的使用权限内容就是播放,且约束条件为1次,而不再包括其它的使用权限内容。For example, when the usage right requested by the terminal is to play the digital content once, the content of the usage right included in the newly created RO is to play, and the constraint condition is one time, and no other content of the usage right is included.

步骤104:存储卡使用步骤101中生成的会话密钥对重新创建的RO进行加密,如通过DES/3DES或AES等对称加密算法进行加密,然后将加密后的RO发送给终端。Step 104: The memory card uses the session key generated in step 101 to encrypt the re-created RO, such as using a symmetric encryption algorithm such as DES/3DES or AES, and then sends the encrypted RO to the terminal.

步骤105:存储卡在向终端发送新创建的RO之后,根据终端请求的使用权限对自身保存的、与所述内容ID相对应的RO中的数字内容使用权限进行更新。Step 105: After sending the newly created RO to the terminal, the memory card updates the digital content use right stored in the RO corresponding to the content ID according to the use right requested by the terminal.

比如,当终端请求的使用权限是播放该数字内容1次时,在向终端发送新创建的RO之后,存储卡就会从自身保存的、与该数字内容关联RO中数字内容使用权限的约束条件中扣除终端所请求的使用权限的量值,即将约束条件中的播放次数减少1次。For example, when the usage permission requested by the terminal is to play the digital content once, after sending the newly created RO to the terminal, the memory card will save the digital content usage permission constraints in the RO associated with the digital content. The value of the usage permission requested by the terminal is deducted from , that is, the number of times of playback in the constraint condition is reduced by 1.

如果存储卡中存储的、与某数字内容相应的使用权限中约束条件的量值减少到0,那么当下次终端再向存储卡请求该数字内容的使用权限时,就会被存储卡拒绝。只有在用户重新购买了该数字内容的使用权限后,才能恢复对该数字内容的使用。If the value of the constraints in the usage permission corresponding to a certain digital content stored in the memory card is reduced to 0, the next time the terminal requests the usage permission of the digital content from the storage card, it will be rejected by the storage card. The use of the digital content can only be resumed after the user re-purchases the use right of the digital content.

步骤106:终端收到存储卡发送过来的加密后的RO后,使用步骤101中生成的会话密钥对收到的加密的RO进行解密,恢复出RO明文。Step 106: After receiving the encrypted RO sent by the memory card, the terminal uses the session key generated in step 101 to decrypt the received encrypted RO, and recover the RO plaintext.

步骤107:终端使用RO中包含的加解密密钥对加密的数字内容进行解密,恢复出数字内容明文。Step 107: The terminal decrypts the encrypted digital content using the encryption and decryption key included in the RO, and recovers the plaintext of the digital content.

步骤108:终端按照RO中所包含的数字内容使用权限使用数字内容,比如播放数字内容1次。Step 108: The terminal uses the digital content according to the digital content usage authority included in the RO, for example, plays the digital content once.

步骤109:数字内容使用结束后,终端使用RO中包含的加解密密钥对数字内容进行加密并保存。Step 109: After the digital content is used, the terminal encrypts and saves the digital content using the encryption and decryption key included in the RO.

对应本发明提供的方法,本发明还提供了一种实现权限对象共享的系统,参见图2所示,该系统主要包括:终端和便携式存储设备。其中,便携式存储设备,用于保存与数字内容关联的权限对象;终端,用于从便携式存储设备中获取权限对象,并按照获取的权限对象使用数字内容。Corresponding to the method provided by the present invention, the present invention also provides a system for realizing rights object sharing, as shown in FIG. 2 , the system mainly includes: a terminal and a portable storage device. Wherein, the portable storage device is used to save the rights object associated with the digital content; the terminal is used to obtain the rights object from the portable storage device, and use the digital content according to the obtained rights object.

参见图3所示,所述终端具体可包括:权限对象获取单元和数字内容使用单元。其中,权限对象获取单元,用于向便携式存储设备发送携带数字内容的内容标识及请求的使用权限的获取权限对象请求,并用于接收来自便携式存储设备的权限对象,将获取的权限对象发送给数字内容使用单元;数字内容使用单元,用于按照收到的权限对象使用数字内容。Referring to FIG. 3 , the terminal may specifically include: a rights object acquisition unit and a digital content use unit. Wherein, the rights object obtaining unit is used to send the request for obtaining the rights object carrying the content identification of the digital content and the requested use right to the portable storage device, and is used to receive the rights object from the portable storage device, and send the obtained rights object to the digital A content use unit; a digital content use unit, used for using digital content according to the received rights object.

所述便携式存储设备具体可包括:权限对象存储单元和权限对象创建单元。其中,权限对象存储单元,用于保存与数字内容关联的权限对象;权限对象创建单元,用于接收来自终端的获取权限对象请求,从权限对象存储单元中读取与该请求中携带的内容标识相对应的权限对象,并在该权限对象的限制内根据所述请求中携带的终端请求的使用权限重新创建权限对象,将重新创建的权限对象发送给终端。The portable storage device may specifically include: a rights object storage unit and a rights object creation unit. Wherein, the rights object storage unit is used to save the rights object associated with the digital content; the rights object creation unit is used to receive the request from the terminal to obtain the rights object, and read the content identification carried in the request from the rights object storage unit corresponding rights object, and within the limits of the rights object, recreate the rights object according to the usage rights requested by the terminal carried in the request, and send the recreated rights object to the terminal.

参见图4所示,所述便携式存储设备可进一步包括:权限对象更新单元。权限对象创建单元将终端请求的使用权限发送给权限对象更新单元;权限对象更新单元用于根据收到的终端请求的使用权限对权限对象存储单元中保存的与所述内容标识相对应的权限对象进行更新。Referring to Fig. 4, the portable storage device may further include: a rights object updating unit. The rights object creation unit sends the use rights requested by the terminal to the rights object update unit; the rights object update unit is used to update the rights object corresponding to the content identifier stored in the rights object storage unit according to the received use rights requested by the terminal to update.

所述便携式存储设备还可进一步包括:加密单元。权限对象创建单元将重新创建的权限对象发送给加密单元;加密单元用于对收到的权限对象进行加密,并将加密后的权限对象发送给终端。The portable storage device may further include: an encryption unit. The rights object creation unit sends the re-created rights object to the encryption unit; the encryption unit is used to encrypt the received rights object and send the encrypted rights object to the terminal.

对应地,所述终端进一步包括:解密单元。权限对象获取单元将获取的权限对象发送给解密单元;解密单元用于对收到的权限对象进行解密,并将解密后的权限对象发送给数字内容使用单元。Correspondingly, the terminal further includes: a decryption unit. The rights object obtaining unit sends the obtained rights object to the decryption unit; the decryption unit is used to decrypt the received rights object, and sends the decrypted rights object to the digital content usage unit.

另外,本发明还提供了一种存储设备及一种终端,它们的基本结构以及进一步的结构分别如图3、图4所示,这里不再一一赘述。In addition, the present invention also provides a storage device and a terminal. Their basic structures and further structures are respectively shown in FIG. 3 and FIG. 4 , which will not be repeated here.

以上所述对本发明的目的、技术方案和有益效果进行了进一步的详细说明,所应理解的是,以上所述并不用以限制本发明,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The purpose, technical solutions and beneficial effects of the present invention have been further described in detail above. It should be understood that the above description is not intended to limit the present invention. Any modification, equivalent replacement, improvement, etc. shall be included in the protection scope of the present invention.

Claims (16)

1. method that realizes that permission object is shared is characterized in that this method comprises:
The permission object related with digital content is kept in the portable memory apparatus, and terminal is obtained permission object from portable memory apparatus, and uses digital content according to the permission object that obtains.
2. method according to claim 1 is characterized in that, described terminal is obtained permission object and comprised from portable memory apparatus:
A, terminal send the request of obtaining permission object to portable memory apparatus, carry the content identification of digital content and the rights of using of terminal request in this request;
After B, portable memory apparatus receive the request of self terminal, read with this request in the corresponding permission object of content identification that carries, and in the restriction of this permission object according to the rights of using of terminal request create right object again, the permission object that will create again sends to terminal again.
3. method according to claim 2 is characterized in that, further comprises after the described step B:
Portable memory apparatus is according to the rights of using of terminal request, self is preserved, upgrade with the corresponding permission object of described content identification.
4. according to claim 2 or 3 described methods, it is characterized in that, further comprise before the described steps A:
Terminal and portable memory apparatus carry out authentication mutually, and generate identical session key.
5. method according to claim 4 is characterized in that,
The described permission object that will create again of step B sends to terminal and comprises: portable memory apparatus uses the session key that generates that the permission object of creating is again encrypted, and the encrypted rights object is sent to terminal;
Described terminal further comprises before using digital content according to the permission object that obtains: after terminal is received the encrypted rights object that portable memory apparatus sends, use the session key that generates that the encrypted rights object of receiving is decrypted, recover permission object expressly.
6. according to claim 1,2,3 or 5 described methods, it is characterized in that described terminal uses digital content to comprise according to the permission object that obtains:
Terminal uses the decruption key that comprises in the permission object that obtains that described digital content is decrypted, and recovers digital content expressly, and uses digital content according to the digital content rights of using that comprise in the permission object that obtains.
7. method according to claim 6 is characterized in that, described terminal further comprises after using digital content according to the permission object that obtains:
Terminal uses the encryption and decryption key that comprises in the permission object that obtains that described digital content is encrypted and preserved.
8. system that realizes that permission object is shared is characterized in that this system comprises: terminal and portable memory apparatus, wherein,
Portable memory apparatus is used to preserve the permission object related with digital content;
Terminal is used for obtaining permission object from portable memory apparatus, and uses digital content according to the permission object that obtains.
9. system according to claim 8 is characterized in that,
Described terminal comprises: permission object acquiring unit and digital content are used the unit, wherein,
The permission object acquiring unit, be used for sending the permission object request of obtaining of the rights of using of the content identification carry digital content and request to portable memory apparatus, and be used to receive permission object from portable memory apparatus, the permission object that obtains is sent to digital content use the unit;
Digital content is used the unit, is used for using digital content according to the permission object of receiving;
Described portable memory apparatus comprises: permission object storage unit and permission object creating unit, wherein,
The permission object storage unit is used to preserve the permission object related with digital content;
The permission object creating unit, be used to receive the permission object request of obtaining of self terminal, from the authority object-storage unit, read with this request in the corresponding permission object of content identification that carries, and the rights of using of the terminal request of in the restriction of this permission object, carrying in according to described request create right object again, the permission object of creating is again sent to terminal.
10. system according to claim 9 is characterized in that, described portable memory apparatus further comprises: the permission object updating block,
Described permission object creating unit is further used for the rights of using of terminal request are sent to the permission object updating block;
The permission object updating block is used for according to upgrading with the corresponding permission object of described content identification that the rights of using of the terminal request of receiving are preserved the permission object storage unit.
11., it is characterized in that described portable memory apparatus further comprises according to claim 9 or 10 described systems: ciphering unit,
Described permission object creating unit, the permission object that is used for creating again sends to ciphering unit;
Described ciphering unit be used for the permission object of receiving is encrypted, and the permission object after will encrypting sends to terminal;
Described terminal further comprises: decryption unit,
Described permission object acquiring unit, the permission object that is used for obtaining sends to decryption unit;
Described decryption unit is used for the permission object of receiving is decrypted, and the permission object after will deciphering sends to digital content use unit.
12. a memory device is characterized in that, this equipment comprises: permission object storage unit and permission object creating unit, wherein,
The permission object storage unit is used to preserve the permission object related with digital content;
The permission object creating unit, be used to receive the permission object request of obtaining of self terminal, from the authority object-storage unit, read with this request in the corresponding permission object of content identification that carries, and the rights of using of the terminal request of in the restriction of this permission object, carrying in according to described request create right object again, the permission object of creating is again sent to terminal.
13. memory device according to claim 12 is characterized in that, this memory device further comprises: the permission object updating block,
Described permission object creating unit is further used for the rights of using of terminal request are sent to the permission object updating block;
The permission object updating block is used for according to upgrading with the corresponding permission object of described content identification that the rights of using of the terminal request of receiving are preserved the permission object storage unit.
14., it is characterized in that this memory device further comprises according to claim 11 or 12 described memory devices: ciphering unit,
Described permission object creating unit, the permission object that is used for creating again sends to ciphering unit;
Described ciphering unit be used for the permission object of receiving is encrypted, and the permission object after will encrypting sends to terminal.
15. a terminal is characterized in that, this terminal comprises: permission object acquiring unit and digital content are used the unit, wherein,
The permission object acquiring unit is used for obtaining permission object from portable memory apparatus, and the permission object that obtains is sent to digital content use unit;
Digital content is used the unit, is used for using digital content according to the permission object of receiving.
16. terminal according to claim 15 is characterized in that, this terminal further comprises: decryption unit,
Described permission object acquiring unit, the permission object that is used for obtaining sends to decryption unit;
Described decryption unit is used for the permission object of receiving is decrypted, and the permission object after will deciphering sends to digital content use unit.
CN200610168258A 2006-12-28 2006-12-28 Method, system and storage device for realizing permission object sharing Expired - Fee Related CN100592318C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200610168258A CN100592318C (en) 2006-12-28 2006-12-28 Method, system and storage device for realizing permission object sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200610168258A CN100592318C (en) 2006-12-28 2006-12-28 Method, system and storage device for realizing permission object sharing

Publications (2)

Publication Number Publication Date
CN101211395A true CN101211395A (en) 2008-07-02
CN100592318C CN100592318C (en) 2010-02-24

Family

ID=39611416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610168258A Expired - Fee Related CN100592318C (en) 2006-12-28 2006-12-28 Method, system and storage device for realizing permission object sharing

Country Status (1)

Country Link
CN (1) CN100592318C (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101826140A (en) * 2009-02-25 2010-09-08 富士通株式会社 Content management device with rights
WO2017088471A1 (en) * 2015-11-26 2017-06-01 乐视控股(北京)有限公司 User-based data processing method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101826140A (en) * 2009-02-25 2010-09-08 富士通株式会社 Content management device with rights
WO2017088471A1 (en) * 2015-11-26 2017-06-01 乐视控股(北京)有限公司 User-based data processing method and device

Also Published As

Publication number Publication date
CN100592318C (en) 2010-02-24

Similar Documents

Publication Publication Date Title
US9342701B1 (en) Digital rights management system and methods for provisioning content to an intelligent storage
US9424400B1 (en) Digital rights management system transfer of content and distribution
KR101043336B1 (en) Method and apparatus for acquiring and removing informations of digital right objects
US7493291B2 (en) System and method for locally sharing subscription of multimedia content
US8875299B2 (en) User based content key encryption for a DRM system
CN100552793C (en) Method and apparatus and pocket memory based on the Digital Right Management playback of content
US10417392B2 (en) Device-independent management of cryptographic information
CN101094062B (en) Method for implementing safe distribution and use of digital content by using memory card
WO2004109972A1 (en) User terminal for receiving license
CN1392700A (en) System and method for protecting content data
US8347098B2 (en) Media storage structures for storing content, devices for using such structures, systems for distributing such structures
JP2009176293A (en) Method and system for secure peer-to-peer communication
US9311492B2 (en) Media storage structures for storing content, devices for using such structures, systems for distributing such structures
CN100518060C (en) Encryption protection method and client device for digital document
JP2003298565A (en) Contents distribution system
CN101211395A (en) Method and system for realizing permission object sharing
JP5139045B2 (en) Content distribution system, content distribution method and program
CN104809365A (en) Digital rights management system, management method and its information transmission system and method
JP2004135021A (en) Storage device and server device
CN108076352A (en) A kind of video theft preventing method and system
CN100468436C (en) Method and system of content protection
JP2005149002A (en) Method and device for managing content circulation
JP2008060802A (en) Content management system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: CHINA POTEVIO CO., LTD.

Free format text: FORMER OWNER: PUTIAN IT TECH INST CO., LTD.

Effective date: 20130926

C41 Transfer of patent application or patent right or utility model
C56 Change in the name or address of the patentee

Owner name: PUTIAN IT TECH INST CO., LTD.

Free format text: FORMER NAME: PUTIAN INST. OF INFORMATION TECHNOLOGY

CP03 Change of name, title or address

Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Patentee after: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd.

Address before: 100085, No. two, 2 street, base of information industry, Beijing

Patentee before: POTEVIO Institute of Information Technology

TR01 Transfer of patent right

Effective date of registration: 20130926

Address after: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District

Patentee after: CHINA POTEVIO CO.,LTD.

Address before: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Patentee before: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd.

ASS Succession or assignment of patent right

Owner name: PUTIAN IT TECH INST CO., LTD.

Free format text: FORMER OWNER: CHINA POTEVIO CO., LTD.

Effective date: 20131210

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20131210

Address after: 100080 Beijing, Haidian, North Street, No. two, No. 6, No.

Patentee after: PETEVIO INSTITUTE OF TECHNOLOGY Co.,Ltd.

Address before: 100080, No. two, 2 street, Zhongguancun science and Technology Park, Beijing, Haidian District

Patentee before: CHINA POTEVIO CO.,LTD.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100224

Termination date: 20211228