[go: up one dir, main page]

CN1320797C - A method for large-scale living broadcast of digital content - Google Patents

A method for large-scale living broadcast of digital content Download PDF

Info

Publication number
CN1320797C
CN1320797C CNB2004100339981A CN200410033998A CN1320797C CN 1320797 C CN1320797 C CN 1320797C CN B2004100339981 A CNB2004100339981 A CN B2004100339981A CN 200410033998 A CN200410033998 A CN 200410033998A CN 1320797 C CN1320797 C CN 1320797C
Authority
CN
China
Prior art keywords
digital content
user
module
unique identifier
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2004100339981A
Other languages
Chinese (zh)
Other versions
CN1571331A (en
Inventor
赵黎
李彬
杨士强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CNB2004100339981A priority Critical patent/CN1320797C/en
Publication of CN1571331A publication Critical patent/CN1571331A/en
Application granted granted Critical
Publication of CN1320797C publication Critical patent/CN1320797C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明涉及一种数字内容大规模直播的方法,属于信息传播技术领域。首先接收数字内容,进行加密处理;接收用户个人注册信息,生成身份标识符;用户从发布模块获取调度模块地址;用户发送调度请求;调度模块将调度结果发至客户端,客户端选取一个直播模块,向其发起服务请求;直播模块发送数字内容至客户端;客户端向许可证签发模块请求许可证,并根据许可证再现数字内容。本发明的方法,可用于向用户提供直播服务,通过加密直播的数字内容或者在直播的数字内容中加入水印的方式,使得用户无法从经过加密处理后的数字内容直接得到原始数字内容,通过签发许可证的方式,使得内容所有者能够控制管理用户对该内容的使用,防止用户对该内容的非法使用。

The invention relates to a method for large-scale live broadcast of digital content, belonging to the technical field of information dissemination. First receive the digital content and perform encryption processing; receive the user's personal registration information and generate an identity identifier; the user obtains the address of the scheduling module from the publishing module; the user sends a scheduling request; the scheduling module sends the scheduling result to the client, and the client selects a live module , initiate a service request to it; the live broadcast module sends digital content to the client; the client requests a license from the license issuing module, and reproduces the digital content according to the license. The method of the present invention can be used to provide live broadcast services to users. By encrypting the live digital content or adding a watermark to the live digital content, the user cannot directly obtain the original digital content from the encrypted digital content. The way of licensing enables content owners to control and manage users' use of the content and prevent users from illegally using the content.

Description

一种数字内容大规模直播的方法A method for large-scale live broadcast of digital content

技术领域technical field

本发明涉及一种数字内容大规模直播的方法,尤其涉及一种用于大规模直播下数字内容的数字权利管理的方法,属于信息传播技术领域。The invention relates to a method for large-scale live broadcast of digital content, in particular to a method for digital rights management of digital content under large-scale live broadcast, and belongs to the technical field of information dissemination.

背景技术Background technique

数字技术的出现使得大量内容以数字化形式出现和发布。数字技术使得数字内容的拷贝变得速度快,代价低,失真小。伴随着互联网的发展,数字内容数据传播变得非常容易,很多的数字内容数据被非法复制传播,得不到控制和管理,从而损害内容所有者的利益。大规模直播作为一种数字内容的快速传播方式,正得到越来越广泛的应用。大规模直播下的数字内容的控制和管理成为一个很重要的问题。大规模直播由于规模宏大,参与直播的各方之间的交互关系非常复杂,现有的一些方法不适用于大规模直播。传统的加密或加扰的方法,只能控制和管理数字内容的传输过程,一旦数字内容到达用户手里,就失去了对数字内容的控制和管理,而且传统的加密或加扰的方法对内容的控制和管理只有用户可以使用和不可以使用两种可能,选择性差。The emergence of digital technology has resulted in the emergence and distribution of a large amount of content in digital form. Digital technology makes the copying of digital content faster, cheaper and less distorted. With the development of the Internet, the dissemination of digital content data has become very easy. Many digital content data are illegally copied and disseminated without control and management, thus harming the interests of content owners. Large-scale live broadcasting, as a method of rapid dissemination of digital content, is becoming more and more widely used. The control and management of digital content under large-scale live broadcast has become a very important issue. Due to the large scale of large-scale live broadcasting, the interaction between the parties participating in the live broadcasting is very complicated, and some existing methods are not suitable for large-scale live broadcasting. The traditional encryption or scrambling method can only control and manage the transmission process of digital content. Once the digital content reaches the user, it loses the control and management of the digital content, and the traditional encryption or scrambling method has no effect on the content. There are only two possibilities for the control and management of the user to use and not to use, and the selectivity is poor.

发明内容Contents of the invention

本发明的目的是提出一种数字内容大规模直播的方法,通过加密直播的数字内容或者在直播的数字内容中加入水印的方式,使得用户无法从经过加密处理后的数字内容直接得到原始数字内容,通过签发许可证的方式,使得内容所有者能够控制管理不同用户对该内容的不同方式的使用,防止用户对该内容的非法使用。The purpose of the present invention is to propose a method for large-scale live broadcast of digital content. By encrypting the live digital content or adding a watermark to the live digital content, the user cannot directly obtain the original digital content from the encrypted digital content. , by issuing a license, the content owner can control and manage the use of the content by different users in different ways, and prevent users from illegally using the content.

本发明提出的数字内容大规模直播的方法,包括以下步骤:The method for large-scale live broadcast of digital content proposed by the present invention comprises the following steps:

(1)数字内容处理模块接收数字内容,对数字内容进行加密处理,以得到三路信号,其中第一路为加密后的数字内容,发送至直播模块,第二路为数字内容的内容简介、数字内容的唯一标识符以及与该唯一标识符相对应的调度模块地址,发送至发布模块,第三路为数字内容的唯一标识符以及与该加密后的数字内容相对应的直播模块地址,发送至调度模块;(1) The digital content processing module receives the digital content and encrypts the digital content to obtain three signals, the first of which is the encrypted digital content, which is sent to the live broadcast module, and the second is the content introduction of the digital content, The unique identifier of the digital content and the address of the scheduling module corresponding to the unique identifier are sent to the publishing module, and the third channel is the unique identifier of the digital content and the address of the live broadcast module corresponding to the encrypted digital content, which is sent to to the scheduling module;

(2)注册模块接收用户的个人注册信息,生成一个该用户的唯一标识符,将该用户标识符与个人注册信息中的公开信息相结合,生成该用户的身份标识符;(2) The registration module receives the user's personal registration information, generates a unique identifier for the user, and combines the user identifier with the public information in the personal registration information to generate the user's identity identifier;

(3)用户通过客户端从上述发布模块检索数字内容简介,并根据数字内容简介获取所需的数字内容的唯一标识符以及与该唯一标识符相对应的调度模块地址;(3) The user retrieves the introduction of the digital content from the publishing module through the client, and obtains the unique identifier of the required digital content and the address of the scheduling module corresponding to the unique identifier according to the introduction of the digital content;

(4)用户根据上述步骤(3)的调度模块地址向该调度模块发出调度请求,并向其发送数字内容的唯一标识符和用户自己的身份标识符;(4) The user sends a scheduling request to the scheduling module according to the scheduling module address of the above step (3), and sends the unique identifier of the digital content and the user's own identity identifier to it;

(5)调度模块收到调度请求后,将用户的身份标识符发送至注册模块,注册模块对其进行验证,并将验证结果回送至调度模块;(5) After the scheduling module receives the scheduling request, it sends the user's identity identifier to the registration module, and the registration module verifies it, and sends the verification result back to the scheduling module;

(6)调度模块检查验证结果,若验证结果为不通过,则调度模块拒绝用户请求,若验证结果为通过,则调度模块根据接收到的数字内容的唯一标识符进行调度,并将与该数字内容的唯一标识符相对应的加密后的数字内容所在的直播模块地址发送至客户端,同时保存调度结果;(6) The scheduling module checks the verification result. If the verification result is not passed, the scheduling module rejects the user request. If the verification result is passed, the scheduling module performs scheduling according to the unique identifier of the received digital content, and will match the digital content The address of the live broadcast module where the encrypted digital content corresponding to the unique identifier of the content is sent to the client, and the scheduling result is saved at the same time;

(7)客户端根据上述直播模块地址向直播模块发起服务请求,同时将用户身份标识符和数字内容的唯一标识符发送至该直播模块,以获取数字内容;(7) The client initiates a service request to the live broadcast module according to the address of the above live broadcast module, and at the same time sends the user identity identifier and the unique identifier of the digital content to the live broadcast module to obtain the digital content;

(8)直播模块将收到的用户的身份标识符和数字内容的唯一标识符发送至调度模块,调度模块将其与上述步骤(6)保存的调度结果比对,并把比对的结果返回至直播模块;(8) The live broadcast module sends the received user's identity identifier and the unique identifier of the digital content to the scheduling module, and the scheduling module compares it with the scheduling result saved in the above step (6), and returns the comparison result to the live broadcast module;

(9)直播模块检查收到的比对结果,若比对结果为不通过,则直播模块拒绝客户端的请求,若比对结果为通过,则根据接收到的数字内容的唯一标识符提供加密后的数字内容给客户端;(9) The live broadcast module checks the received comparison result. If the comparison result is not passed, the live broadcast module rejects the request of the client. If the comparison result is passed, the encrypted content is provided according to the unique identifier of the received digital content. digital content to the client;

(10)客户端接收到加密后的数字内容后,查找与该数字内容相对应许可证,若无许可证,则用户通过客户端向许可证签发模块发起签发许可证请求,同时将自己的身份标识符、请求使用权利和数字内容的唯一标识符发送至许可证签发模块;(10) After the client receives the encrypted digital content, it searches for the license corresponding to the digital content. If there is no license, the user initiates a license issuance request to the license issuance module through the client, and at the same time sends his identity The identifier, the requested use right and the unique identifier of the digital content are sent to the license issuing module;

(11)许可证签发模块将收到的用户身份标识符发送至注册模块,注册模块对其进行验证,并将验证结果回送至许可证签发模块;(11) The license issuing module sends the received user identity identifier to the registration module, and the registration module verifies it, and returns the verification result to the license issuing module;

(12)许可证签发模块检查收到的验证结果,若验证结果为不通过,则许可证签发模块拒绝用户的请求,若验证结果为通过,则根据用户发送过来的身份标识符、请求的使用权利和数字内容的唯一标识符签发许可证,并将签发的许可证副本发送至客户端,同时保存该许可证;(12) The license issuing module checks the received verification result. If the verification result is not passed, the license issuing module rejects the user's request. Issue a license with the unique identifier of the rights and digital content, send a copy of the issued license to the client, and save the license at the same time;

(13)客户端在许可证中许可的权利下根据用户的实际需要再现收到的加密后的数字内容。(13) The client reproduces the received encrypted digital content according to the user's actual needs under the rights permitted in the license.

上述方法中的加密处理包括:The encryption processing in the above method includes:

(1)使用密钥种子生成加密密钥序列;(1) Generate an encrypted key sequence using the key seed;

(2)使用密钥序列中的密钥按照加密算法对数字内容进行加密,而且在用某个密钥对一固定长度的数字内容加密后,换成另一个密钥对下一固定长度的数字内容进行加密,以加强对数字内容的保护。(2) Use the key in the key sequence to encrypt the digital content according to the encryption algorithm, and after encrypting a fixed-length digital content with a certain key, replace it with another key to the next fixed-length number Content is encrypted for added protection of digital content.

上述方法中的个人注册信息包括:姓名、地址、密码、电子邮件、固定电话号码、身份证号、手机号、信用卡号,其中姓名、地址、电子邮件、固定电话号码属于公开信息,密码、身份证号、手机号、信用卡号属于不公开信息。The personal registration information in the above method includes: name, address, password, email, landline phone number, ID number, mobile phone number, and credit card number, among which name, address, email, and landline phone number are public information, and password, identity The certificate number, mobile phone number, and credit card number are not public information.

上述方法中生成用户身份标识符的方法,包括如下步骤:The method for generating the user identity identifier in the above method includes the following steps:

(1)从用户的个人注册信息中选取公开信息;(1) Select public information from the user's personal registration information;

(2)每个用户生成一个唯一的标识符;(2) Each user generates a unique identifier;

(3)把步骤(1)中的公开信息和步骤(2)中的唯一标识符组成新的序列;(3) Composing the public information in step (1) and the unique identifier in step (2) into a new sequence;

(4)使用散列算法散列步骤(3)中的序列,得到一串散列值;(4) using a hash algorithm to hash the sequence in step (3) to obtain a string of hash values;

(5)使用注册模块设定的私钥对散列值加密,得到密文;(5) Use the private key set by the registration module to encrypt the hash value to obtain the ciphertext;

(6)将步骤(3)的序列与步骤(5)的密文拼在一起,得到用户身份标识符。(6) Put together the sequence of step (3) and the ciphertext of step (5) to obtain the user identity identifier.

上述方法中的用户使用权利为:观看数字内容的时间、观看数字内容的次数、能否保存收到的数字内容、能否将保存的数字内容复制给他人、能否将保存的数字内容复制到另一设备或能否分发保存的数字内容中的任何一种或多种。The user rights in the above method are: time to watch digital content, number of times to watch digital content, whether to save received digital content, whether to copy saved digital content to others, whether to copy saved digital content to Another device or the ability to distribute any one or more of the stored digital content.

上述方法中生成许可证的方法,包括如下步骤:The method for generating a license in the above method includes the following steps:

(1)生成与该用户相关的唯一的水印信息;(1) Generate unique watermark information related to the user;

(2)用许可证签发模块的公钥对步骤(1)的水印信息进行加密,得到水印密文;(2) Encrypt the watermark information in step (1) with the public key of the license issuance module to obtain the watermark ciphertext;

(3)将用户的身份标识符、数字内容的唯一标识符、用于生成加密数字内容的密钥序列的密钥种子、用户的使用权利、许可证的有效期与上述水印密文组成序列;(3) The identity identifier of the user, the unique identifier of the digital content, the key seed used to generate the key sequence of the encrypted digital content, the user's right to use, the validity period of the license and the above-mentioned watermark ciphertext form a sequence;

(4)使用散列算法散列步骤(3)的序列,得到一串散列值;(4) using a hash algorithm to hash the sequence of step (3) to obtain a string of hash values;

(5)使用许可证签发模块的私钥对散列值加密,得到密文;(5) Use the private key of the license issuing module to encrypt the hash value to obtain the ciphertext;

(6)将上述步骤(3)的序列与步骤(5)的密文拼在一起,成为用户许可证。还可以生成一个许可证副本,并向客户端发送。许可证签发模块只是把签发的许可证的副本发送至客户端,许可证的副本与许可证的正本有差别,副本的有效期可能比正本的有效期短,这跟用户的使用权利有关,而且副本与客户端相关,发送给一个客户端的副本不能在另一个客户端上使用。(6) Put together the sequence of the above step (3) and the ciphertext of the step (5) to become a user license. A copy of the license can also be generated and sent to the client. The license issuance module only sends a copy of the issued license to the client. The copy of the license is different from the original license. The validity period of the copy may be shorter than the validity period of the original, which is related to the user's right to use, and the copy is different from the original license. Client dependent, a copy sent to one client cannot be used on another client.

本发明提出的数字内容大规模直播的方法,用于向用户提供直播服务,在服务过程中,对直播的数字内容进行加密,使得用户无法从经过加密处理后的数字内容直接得到原始数字内容,通过签发许可证的方式,使得内容所有者能够控制管理用户对该内容的使用,防止用户对该内容的非法使用。并在用户保存数字内容时加入用户相关的唯一的水印,用以跟踪数字内容。使用密钥序列对数字内容加密,使得加密后的数字内容更加鲁棒耐攻击。许可证的使用提供给用户更多的选择,可以选择用较低的代价购买较少的权利,也可以选择用较多的代价购买较多的权利。The method for large-scale live broadcast of digital content proposed by the present invention is used to provide live broadcast services to users. During the service process, the live digital content is encrypted, so that users cannot directly obtain the original digital content from the encrypted digital content. By issuing a license, the content owner can control and manage the user's use of the content, and prevent the user from illegally using the content. And when the user saves the digital content, a unique watermark related to the user is added to track the digital content. The digital content is encrypted using a key sequence, making the encrypted digital content more robust and resistant to attacks. The use of licenses provides users with more choices. They can choose to purchase fewer rights at a lower price, or they can choose to purchase more rights at a higher price.

附图说明Description of drawings

图1是本发明方法的流程框图。Fig. 1 is a block flow diagram of the method of the present invention.

图中,1是数字内容送往加密处理模块;2是加密处理模块对收到的原始内容进行处理,生成加密后的内容,然后送往直播模块,同时生成内容的简要信息等送往发布模块,和唯一标识符送往调度模块;3是用户通过客户端向注册模块注册身份,以获得一个标识该用户在系统中的身份标识符;4是注册模块向客户端返回用户的身份标识符;5是用户通过客户端向发布模块获取直播信息;6是发布模块向客户端返回直播信息;7是用户通过客户端向调度模块请求调度服务;8是调度模块把用户通过客户端送过来的身份标识符送往注册模块验证;9是注册模块把验证的结果送回给调度模块;10是调度模块进行调度,并把调度的结果传回给客户端;11是用户通过客户端向直播模块请求服务;12是直播模块向调度模块查证该用户,看是否是调度模块调度的结果;13是调度模块向直播模块返回查证的结果;14是直播模块向客户端提供服务;15是用户通过客户端向许可证签发模块请求许可证;16是许可证签发模块向注册模块请求验证用户的身份;17是注册模块向许可证签发模块返回验证的结果;18是许可证签发模块签发许可证给用户;19客户端根据用户购买的许可证来再现受保护的内容。In the figure, 1 is that the digital content is sent to the encryption processing module; 2 is that the encryption processing module processes the received original content, generates encrypted content, and then sends it to the live broadcast module, and at the same time generates brief information about the content and sends it to the publishing module , and the unique identifier are sent to the scheduling module; 3 is that the user registers the identity with the registration module through the client to obtain an identity identifier that identifies the user in the system; 4 is that the registration module returns the user's identity identifier to the client; 5 is the user obtains the live broadcast information from the publishing module through the client; 6 is the publishing module returns the live broadcast information to the client; 7 is the user requests the scheduling service from the scheduling module through the client; 8 is the identity sent by the scheduling module to the user through the client The identifier is sent to the registration module for verification; 9 is that the registration module sends the verification result back to the scheduling module; 10 is that the scheduling module performs scheduling and sends the scheduling result back to the client; 11 is that the user requests the live broadcast module through the client service; 12 is that the live broadcast module checks the user to the scheduling module to see if it is the result of scheduling by the scheduling module; 13 is that the scheduling module returns the verification result to the live broadcast module; 14 is that the live broadcast module provides services to the client; 15 is that the user passes through the client Request a license to the license issuing module; 16, the license issuing module requests the registration module to verify the identity of the user; 17, the registration module returns the verification result to the license issuing module; 18, the license issuing module issues a license to the user; 19 The client reproduces the protected content according to the license purchased by the user.

具体实施方式Detailed ways

本发明提出的数字内容大规模直播的方法,其流程框图如图1所示,包括以下步骤:The method for large-scale live broadcast of digital content proposed by the present invention has a flow chart as shown in Figure 1, including the following steps:

数字内容加密处理模块接收数字内容,对数字内容进行加密处理,以得到三路信号,其中第一路为加密后的数字内容,发送至直播模块,第二路为数字内容的内容简介、数字内容的唯一标识符以及与该唯一标识符相对应的调度模块地址,发送至发布模块,第三路为数字内容的唯一标识符以及与该加密后的数字内容相对应的直播模块地址,发送至调度模块;数字内容处理模块,直播模块,调度模块和发布模块的数目都是可扩展的,可以是一个,可以是多个,可以根据具体的负载情况决定。数字内容处理模块对数字内容的加密是采用密钥序列加密的方式,不是简单地使用同一个密钥加密整个的数字内容,而是使用一系列密钥,将整个的数字内容分成固定时间长度的段,每一段使用不同的密钥进行加密。例如,一个数字内容A,它的长度为1小时,那么可能每隔10分钟,就换一次密钥,这样,加密数字内容A总共需要用6个密钥。对数字内容的加密可以灵活地采用各种算法,例如,对图像中的宏块的DC系数用3DES加密算法进行加密。The digital content encryption processing module receives the digital content and encrypts the digital content to obtain three channels of signals, the first channel is the encrypted digital content, which is sent to the live broadcast module, and the second channel is the content introduction and digital content of the digital content The unique identifier of the unique identifier and the address of the scheduling module corresponding to the unique identifier are sent to the publishing module, and the third channel is the unique identifier of the digital content and the address of the live broadcast module corresponding to the encrypted digital content, which is sent to the scheduling module Module; the number of digital content processing module, live broadcast module, scheduling module and publishing module is scalable, can be one, can be multiple, and can be determined according to specific load conditions. The digital content processing module encrypts the digital content by means of key sequence encryption. It does not simply use the same key to encrypt the entire digital content, but uses a series of keys to divide the entire digital content into fixed time-length segments. segments, each encrypted with a different key. For example, if a digital content A has a length of 1 hour, then the keys may be changed every 10 minutes. In this way, a total of 6 keys are needed to encrypt digital content A. Encryption of digital content can flexibly adopt various algorithms, for example, encrypt the DC coefficient of the macroblock in the image with 3DES encryption algorithm.

注册模块接收用户的个人注册信息,生成一个该用户的唯一标识符,将该用户标识符与个人注册信息中的公开信息相结合,生成该用户的身份标识符。首先在客户端和注册模块之间建立一个安全通道,通过安全通道,客户端将用户的个人注册信息发送至注册模块,注册模块为用户生成一个系统中唯一的标识符,为用户生成唯一的标识符是为了区分用户,因为不同的用户可能具有相同的公开信息,从而造成签发出来的用户的身份标识符一样,无法有效区分用户。个人注册信息包括姓名、地址、电子邮件、固定电话、密码、身份证号、手机号、信用卡号等。其中姓名、地址、电子邮件、固定电话属于公开信息,密码、身份证号、手机号、信用卡号属于不公开信息。例如,用户A的个人注册信息为:姓名=a,地址=b,电子邮件=c,固定电话=d,密码=e,身份证号=f,手机号=g,信用卡号=h;那么用户A的公开信息为a,b,c,d;注册系统为用户A生成的唯一标识符为i;公开信息和唯一标识符按照某种格式(例如用下划线分开)组成的序列j为:a_b_c_d_i;使用散列算法MD5散列序列j,得到散列值k为:5f5d201f211ff7984814129b80a44ff5,用私钥采用3DES加密算法加密散列值k得到密文1,把序列j和密文1按照某种格式(例如用下划线分开)拼在一起,就得到用户身份标识符j_1。发送用户身份标识符给注册的用户的时间距离用户注册的时间有一定的延迟,其间要验证用户注册信息的真实性,只有注册信息是真实的,才生成并发送用户的身份标识符给用户。The registration module receives the user's personal registration information, generates a unique identifier of the user, and combines the user identifier with the public information in the personal registration information to generate the user's identity identifier. First, a secure channel is established between the client and the registration module. Through the secure channel, the client sends the user's personal registration information to the registration module. The registration module generates a unique identifier in the system for the user, and generates a unique identifier for the user. The purpose of the identifier is to distinguish users, because different users may have the same public information, resulting in the same identity identifier of the issued user, which cannot effectively distinguish users. Personal registration information includes name, address, email, fixed phone number, password, ID number, mobile phone number, credit card number, etc. Among them, names, addresses, emails, and landline telephone numbers are public information, while passwords, ID numbers, mobile phone numbers, and credit card numbers are non-public information. For example, the personal registration information of user A is: name=a, address=b, email=c, landline=d, password=e, ID number=f, mobile phone number=g, credit card number=h; then the user The public information of A is a, b, c, d; the unique identifier generated by the registration system for user A is i; the sequence j composed of public information and unique identifiers in a certain format (for example, separated by underscores) is: a_b_c_d_i; Using the hash algorithm MD5 hash sequence j, the hash value k obtained is: 5f5d201f211ff7984814129b80a44ff5, use the private key to encrypt the hash value k with the 3DES encryption algorithm to obtain ciphertext 1, and sequence j and ciphertext 1 according to a certain format (for example, use Separated by underscores) together to get the user identity identifier j_1. There is a certain delay between the time of sending the user ID to the registered user and the time of user registration. During this period, the authenticity of the user registration information must be verified. Only when the registration information is true can the user ID be generated and sent to the user.

用户检索发布模块所拥有的数字内容的内容简介。发布模块接收数字内容加密处理模块传递过来的数字内容的内容简介、数字内容的唯一标识符以及与该唯一标识符相对应的调度模块地址。直接呈现给用户的只有数字内容的内容简介。如果用户对某个数字内容感兴趣,那么发布模块就把与该数字内容相对应的数字内容的唯一标识符以及与该唯一标识符相对应的调度模块地址发送给客户端。The user retrieves the content profile of the digital content owned by the distribution module. The publishing module receives the brief introduction of the digital content, the unique identifier of the digital content and the address of the scheduling module corresponding to the unique identifier delivered by the digital content encryption processing module. A content brief that presents only digital content directly to the user. If the user is interested in a certain digital content, the publishing module sends the unique identifier of the digital content corresponding to the digital content and the address of the scheduling module corresponding to the unique identifier to the client.

客户端得到数字内容的唯一标识符以及与该唯一标识符相对应的调度模块地址后,就向该调度模块发起调度请求,同时把用户的身份标识符和数字内容的唯一标识符发送至调度模块,请求调度模块为其调度拥有该数字内容的直播模块。After the client obtains the unique identifier of the digital content and the address of the scheduling module corresponding to the unique identifier, it initiates a scheduling request to the scheduling module, and at the same time sends the user's identity identifier and the unique identifier of the digital content to the scheduling module , requesting the scheduling module to schedule the live broadcast module that owns the digital content.

调度模块接收到用户的请求后,它把收到的用户身份标识符传递给注册模块,请求注册模块验证用户的身份。注册模块验证用户的身份,并把验证结果返回给调度模块。After the scheduling module receives the user's request, it passes the received user ID to the registration module, requesting the registration module to verify the user's identity. The registration module verifies the identity of the user and returns the verification result to the scheduling module.

调度模块检查收到的验证结果,如果验证结果为不通过,说明用户不是合法用户,则调度模块拒绝用户的请求,如果验证结果为通过,说明用户是合法用户,则调度模块根据收到的数字内容唯一标识符,依照调度算法来进行调度,并把调度的结果传回给用户,同时将调度的结果保存起来。The scheduling module checks the verification result received, if the verification result is not passed, it means that the user is not a legal user, then the scheduling module rejects the user's request, if the verification result is passed, it means that the user is a legal user, then the scheduling module The content unique identifier is scheduled according to the scheduling algorithm, and the scheduling result is sent back to the user, and the scheduling result is saved at the same time.

客户端收到调度结果后,就根据选取算法,从调度结果中选择合适的直播模块,然后向选定的直播模块发起服务请求,同时把用户的身份标识符和数字内容唯一标识符发送至直播模块。After receiving the scheduling result, the client selects the appropriate live broadcast module from the scheduling result according to the selection algorithm, then initiates a service request to the selected live broadcast module, and at the same time sends the user's identity identifier and digital content unique identifier to the live broadcast module.

直播模块收到用户的请求后,它把收到的用户身份标识符和数字内容唯一标识符传递给调度模块,请求调度模块验证。调度模块简单地把收到的用户身份标识符和数字内容唯一标识符和保存的调度结果比对,如果有,则比对结果为通过,如果没有,则比对结果为不通过,然后把比对结果返回给直播模块。After the live broadcast module receives the user's request, it passes the received user identity identifier and digital content unique identifier to the scheduling module, and requests the scheduling module to verify. The scheduling module simply compares the received user identity identifier and digital content unique identifier with the saved scheduling result, if there is, the comparison result is passed, if not, the comparison result is not passed, and then compares The result is returned to the live module.

直播模块检查比对结果,若比对结果为不通过,则拒绝用户的请求,若比对结果为通过,则直播模块就把加密后的数字内容发送给客户端。The live broadcast module checks the comparison result, and if the comparison result is not passed, the user's request is rejected; if the comparison result is passed, the live broadcast module sends the encrypted digital content to the client.

客户端收到加密后的数字内容后,首先检查有没有与该数字内容相对应的许可证,如果没有,则用户通过客户端向许可证签发模块发出签发许可证的请求,同时将用户的身份标识符、请求的使用权利和数字内容唯一标识符发送至许可证签发模块。After the client receives the encrypted digital content, it first checks whether there is a license corresponding to the digital content. If not, the user sends a request for issuing a license to the license issuing module through the client, and at the same time sends the user's identity The identifier, the requested usage rights and the digital content unique identifier are sent to the license issuing module.

许可证签发模块收到用户的请求后,它把收到的用户身份标识符发送至注册模块,请求注册模块验证用户的身份。注册模块验证用户的身份,并把验证结果返回给许可证签发模块。After the license issuance module receives the user's request, it sends the received user ID to the registration module, requesting the registration module to verify the user's identity. The registration module verifies the identity of the user, and returns the verification result to the license issuance module.

许可证签发模块检查收到的验证结果,若验证结果为不通过,说明用户不是合法用户,则许可证签发模块拒绝用户的请求,若验证结果为通过,说明用户是合法用户,则根据用户发送过来的身份标识符、请求的使用权利和数字内容的唯一标识符来签发许可证。The license issuance module checks the verification result received, if the verification result is not passed, it means that the user is not a legitimate user, then the license issuance module rejects the user's request, if the verification result is passed, it means that the user is a legitimate user, then according to the user sent The license is issued based on the incoming identifier, the requested usage rights, and the unique identifier of the digital content.

生成许可证的方法为,首先生成与该用户相关的唯一的水印信息;用许可证签发模块的公钥对水印信息进行加密,得到水印密文;将用户的身份标识符、数字内容的唯一标识符、用于生成加密数字内容的密钥序列的密钥种子、用户的使用权利、许可证的有效期与上述水印密文组成序列;使用散列算法散列上述序列,得到一串散列值;使用许可证签发模块的私钥对散列值加密,得到密文;将序列与密文拼在一起,成为用户许可证。许可证可以为正本和副本。The method of generating the license is as follows: firstly generate the unique watermark information related to the user; encrypt the watermark information with the public key of the license issuing module to obtain the watermark ciphertext; symbol, the key seed used to generate the key sequence for encrypting digital content, the user's right to use, the validity period of the license and the above watermark ciphertext form a sequence; use a hash algorithm to hash the above sequence to obtain a series of hash values; Use the private key of the license issuing module to encrypt the hash value to obtain the ciphertext; combine the sequence and the ciphertext to form a user license. Licenses may be originals and copies.

许可证正本包括如下内容:1)与用户相关的唯一的水印信息的密文;2)用户的身份标识符;3)数字内容的唯一标识符;4)用于解密加密后的数字内容的密钥的种子;5)用户的使用权利;6)许可证的有效期;7)上述六项内容的数字签名。许可证副本与许可证正本相比,多了一项内容——客户端的特定信息。许可证的副本跟许可证的正本相比,副本的有效期可能比正本的有效期短,这跟用户的使用权利有关,而且副本与客户端相关,发送给一个客户端的副本不能在另一个客户端上使用。签发完许可证之后,许可证签发模块保存许可证的正本和许可证的副本,同时把许可证的副本返回给客户端。The original copy of the license includes the following contents: 1) the ciphertext of the unique watermark information related to the user; 2) the user's identity identifier; 3) the unique identifier of the digital content; 4) the password used to decrypt the encrypted digital content 5) the user's use rights; 6) the validity period of the license; 7) the digital signature of the above six items. Compared with the original license, the copy of the license has one more content-client-specific information. Compared with the original copy of the license, the copy of the license may have a shorter validity period than the original copy, which is related to the user's use rights, and the copy is related to the client. A copy sent to one client cannot be on another client. use. After the license is issued, the license issuing module saves the original copy of the license and the copy of the license, and returns the copy of the license to the client at the same time.

客户端收到许可证后,就在许可证中许可的权利下根据用户的实际需要来再现收到的加密后的数字内容。在默认情况下,客户端只是根据许可证中许可的权利,解码收到的加密后的内容,显示给用户。如果用户要求对收到的加密后的数字内容做进一步的处理,他得向客户端提出请求。客户端收到用户的请求后,它会检查许可证中有没有许可给用户相应的权利,如果有,则执行用户的请求,如果没有,则拒绝用户的请求。例如,用户拥有一张许可证,该许可证中许可给用户的权利只有观看的权利,那么如果用户要求客户端把数字内容保存起来,由于许可证中没有许可给用户这项权利,客户端在收到用户的请求后,检查该许可证,发现没有这项权利,那么客户端就会拒绝用户的请求。After the client receives the license, it reproduces the received encrypted digital content according to the actual needs of the user under the rights permitted in the license. By default, the client only decodes the received encrypted content and displays it to the user according to the rights granted in the license. If the user requires further processing of the received encrypted digital content, he has to make a request to the client. After the client receives the user's request, it checks whether the license grants the corresponding rights to the user, and if so, executes the user's request, and if not, rejects the user's request. For example, the user owns a license, and the rights granted to the user in the license are only the right to watch. If the user asks the client to save the digital content, since the license does not grant the user this right, the client will After receiving the user's request, check the license and find that there is no such right, then the client will reject the user's request.

根据如上所述的方法,通过加密直播的数字内容或者在直播的数字内容中加入水印的方式,使得用户无法从经过加密处理后的数字内容直接得到原始数字内容,通过签发许可证的方式,使得内容所有者能够控制管理用户对该内容的使用,防止用户对该内容的非法使用。According to the above method, by encrypting the live digital content or adding a watermark to the live digital content, the user cannot directly obtain the original digital content from the encrypted digital content, and by issuing a license, the The content owner can control and manage the use of the content by the user, and prevent the illegal use of the content by the user.

Claims (7)

1, the extensive live method of a kind of digital content is characterized in that this method may further comprise the steps:
(1) digital content processing module receiving digital contents, digital content is carried out encryption, to obtain three road signals, wherein the first via is the digital content after encrypting, be sent to live module, the second the tunnel be digital content brief introduction, digital content unique identifier and with the corresponding scheduler module of this unique identifier address, be sent to release module, Third Road be digital content unique identifier and with this encryption after the corresponding live module's address of digital content, be sent to scheduler module;
(2) Registering modules receives user's individual log-on message, generates this user's unique identifier, and this user identifier is combined with public information in the individual log-on message, generates this user's identification identifier;
(3) user by client from the brief introduction of above-mentioned release module key numbers, and according to digital content brief introduction obtain required digital content unique identifier and with the corresponding scheduler module of this unique identifier address;
(4) user sends dispatch request according to the scheduler module address of above-mentioned steps (3) to this scheduler module, and sends the unique identifier of digital content and user's oneself identification identifier to it;
(5) after scheduler module is received dispatch request, user's identification identifier is sent to Registering modules, Registering modules is verified it, and will be verified that the result is recycled to scheduler module;
(6) scheduler module is checked and verified the result, if the result is not for passing through in checking, scheduler module refusing user's request then, if the result is for passing through in checking, then scheduler module is dispatched according to the unique identifier of the digital content that receives, and will be sent to client with the live module's address at digital content place after the corresponding encryption of the unique identifier of this digital content, preserve scheduling result simultaneously;
(7) client is initiated service request according to above-mentioned live module's address to live module, and the unique identifier with User Identity symbol and digital content is sent to this live module simultaneously, to obtain digital content;
(8) live module is sent to scheduler module with the user's that receives the identification identifier and the unique identifier of digital content, the scheduling result comparison that scheduler module is preserved itself and above-mentioned steps (6), and the result of comparison is back to live module;
(9) comparison result received of live module check, if comparison result is not for passing through, the request of then live module refusal client, if comparison result is for passing through, then the unique identifier of the digital content that receives of basis provides digital content after the encryption to client;
(10) after client receives digital content after the encryption, search corresponding licence with this digital content, if no licence, then the user initiates to sign and issue license request by client to the licensing module, uses the unique identifier of right and digital content to be sent to the licensing module oneself identification identifier, request simultaneously;
(11) the licensing module is sent to Registering modules with the User Identity symbol of receiving, Registering modules is verified it, and will be verified that the result is recycled to the licensing module;
(12) the checking result that receives of licensing module check, if the result is not for passing through in checking, the then request of licensing module refusing user's, if the result is for passing through in checking, then the use right of the identification identifier that sends over according to the user, request and the unique identifier of digital content are signed and issued licence, and the licence copy of signing and issuing is sent to client, preserve this licence simultaneously;
(13) reproduce digital content after the encryption of receiving according to user's actual needs under the client right of in licence, permitting.
2, the method for claim 1 is characterized in that the encryption of step (1) comprising:
2.1 use key seed to generate encryption key sequence;
2.2 the key in the use key sequence is encrypted digital content according to cryptographic algorithm;
3, the method for claim 1 is characterized in that individual log-on message comprises in the step (2): name, address, password, Email, landline telephone, identification card number, cell-phone number, credit number.
4, the method for claim 1 is characterized in that the method that generates the User Identity symbol in the step (2) comprises the steps:
4.1 from user's individual log-on message, choose public information;
4.2 each user generates a unique identifier;
4.3 public information in the step 4.1 and the unique identifier in the step 4.2 are formed new sequence;
4.4 use the sequence in the hashing algorithm Hash step 4.3, obtain a string hashed value;
4.5 the private key that uses Registering modules to set is encrypted hashed value, obtains ciphertext;
4.6 the sequence of step 4.3 and the ciphertext of step 4.5 are stitched together, obtain the User Identity symbol.
5, the method for claim 1 is characterized in that the user in the step (10) uses right to be: watch digital content time, watch digital content number of times, can preserve the digital content received, the digital content of preserving can be duplicated, the digital content of preserving can be copied to another equipment and maybe can distribute any or multiple in the digital content of preservation to other people.
6, the method for claim 1 is characterized in that the method that generates licence in the step (12) comprises the steps:
6.1 generate and this user-dependent unique watermark information;
6.2 the PKI with the licensing module is encrypted the watermark information of step 6.1, obtains the watermark ciphertext;
6.3 with the unique identifier of user's identification identifier, digital content, be used to generate the key seed of the key sequence of encrypted digital content, user's use right, the term of validity and the above-mentioned watermark ciphertext composition sequence of licence;
6.4 use the sequence of hashing algorithm Hash step 6.3, obtain a string hashed value;
6.5 occupancy permit is signed and issued the private key of module hashed value is encrypted, and obtains ciphertext;
6.6 the sequence of above-mentioned steps 6.3 and the ciphertext of step 6.5 are stitched together, become user license.
7, method as claimed in claim 6 is characterized in that also comprising: generate a licence copy, and send to client.
CNB2004100339981A 2004-04-23 2004-04-23 A method for large-scale living broadcast of digital content Expired - Fee Related CN1320797C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2004100339981A CN1320797C (en) 2004-04-23 2004-04-23 A method for large-scale living broadcast of digital content

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2004100339981A CN1320797C (en) 2004-04-23 2004-04-23 A method for large-scale living broadcast of digital content

Publications (2)

Publication Number Publication Date
CN1571331A CN1571331A (en) 2005-01-26
CN1320797C true CN1320797C (en) 2007-06-06

Family

ID=34481443

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100339981A Expired - Fee Related CN1320797C (en) 2004-04-23 2004-04-23 A method for large-scale living broadcast of digital content

Country Status (1)

Country Link
CN (1) CN1320797C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1710969A1 (en) * 2005-04-08 2006-10-11 Siemens Aktiengesellschaft A method and system for enabling a first party to provide a second party with personalized digital content
KR100724935B1 (en) * 2005-09-15 2007-06-04 삼성전자주식회사 Method and device for interworking objects for contents protection and system
CN101207794B (en) * 2006-12-19 2010-06-16 中兴通讯股份有限公司 Digital Rights Management Encryption and Decryption Method for IPTV System
CN102088443B (en) * 2009-12-02 2015-04-01 北大方正集团有限公司 Method and system for subscribing digital periodical with copyright protection
CN112257038A (en) * 2020-11-19 2021-01-22 创盛视联数码科技(北京)有限公司 Courseware anti-theft method, courseware anti-theft system, electronic equipment and storage medium
CN117459763B (en) * 2023-12-22 2024-03-01 杭州海康威视数字技术股份有限公司 Audio and video safety protection method, equipment and system based on dynamic arrangement

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1335557A (en) * 2000-07-03 2002-02-13 株式会社日立制作所 Data display method and system
WO2003058876A2 (en) * 2002-01-11 2003-07-17 Koninklijke Philips Electronics N.V. Generation of a watermark being unique to a receiver of a multicast transmission of multimedia

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1335557A (en) * 2000-07-03 2002-02-13 株式会社日立制作所 Data display method and system
WO2003058876A2 (en) * 2002-01-11 2003-07-17 Koninklijke Philips Electronics N.V. Generation of a watermark being unique to a receiver of a multicast transmission of multimedia

Also Published As

Publication number Publication date
CN1571331A (en) 2005-01-26

Similar Documents

Publication Publication Date Title
CN103189872B (en) Method and apparatus for secure and effective content screening in a networked environment
CA2456400C (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (drm) system
US8578157B2 (en) System and method for digital rights management with authorized device groups
CN1937495B (en) Digital copyright protection method and system for media network application
CN1961270A (en) License management in a privacy preserving information distribution system
CN1708941A (en) Digital-rights management system
CN1815482A (en) Method for obtaining and verifying credentials
CN119172054B (en) A data sharing method and system based on blockchain
AU2004200471A1 (en) Publishing digital content within a defined universe such as an organization in accordance with a digital rights management (DRM) system
CN101573910A (en) Apparatus and method for generating and distributing access permissions to digital objects
CN1761926A (en) User identity privacy in authorization certificates
CN1956449A (en) Data resource anti-duplication encryption transmission method and equipment system
CN101185122A (en) Homomorphic encryption for secure watermarks
CN1771487A (en) Method and apparatus for limiting number of times contents can be accessed using hashing chain
CN101189633B (en) Method and equipment for carrying out authorizing rights issuers in content delivering system
CN1320797C (en) A method for large-scale living broadcast of digital content
CN118827186A (en) Data processing method, device, server and medium
CN1784643A (en) Method and system for controlling information disclosure time
CN100343775C (en) Licensing file generating method, software product protection method and system
CN1645797A (en) Method for optimizing safety data transmission in digital copyright managing system
CN102349076B (en) For protecting the method for the content protective system of personal content, device and computer program
CN112597117B (en) File sharing method, related device and file sharing system
CN1859149A (en) Method for realizing stream medium business service
Mishra An accountable privacy architecture for digital rights management system
CN1851606A (en) Copyright information treating method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070606

Termination date: 20170423