TWI313995B - Content protection method - Google Patents

Description

MODIFICATION 1313995 IX. DESCRIPTION OF THE INVENTION: TECHNICAL FIELD OF THE INVENTION The present invention relates to a digital content protection method, and _ refers to a kind of sound image data that can be used to make a bottle of water. Fang II. [Prior Art] As the Internet continues to increase, the number of content providers providing ship-to-shippers is increasing, and users are using the technical format to smash these multiple ships instead of

Load - the whole is difficult. However, this __ sent to the town has a record of reduction and face 拙.蓟. For example, the 'network_road connection' has a sufficient amount of material to transmit, and the insufficient bandwidth usually causes delays in video playback. In addition, if there is a non-secure channel, the transferer can communicate with the content user and the content client. The replay attack is an attacker who records the communication data in the - segment connection phase, and then the attacker falsely touches the ship and transmits the previously recorded data to the content client in the other connection phase. . If the attacker successfully records the media content and can disguise the dog as a content server, the content provider will lose the possibility of passing the media content to the user's possible Nabu/, and in addition, the contents of these ships may be The existence of sensitive, confidential information, private business secrets, or face to a specific user __ capacity, lack of practical implementation may cause media content to fall into the hands of inappropriate others. Only those media can do it, once 14 media content is not easily controlled by the content provider, it can be easily re-distributed. Therefore, when multimedia data is transmitted through an unsecured channel, it is necessary to protect multimedia content. ^ [Summary of the Invention] In order to achieve the object and other advantages of the present invention, the disadvantages of the traditional method of the present invention are the specific and extensive bribery of this invention. (4) provides a set of content protection system 1313995 Securely deliver voice/video data to content clients from content servers via non-secure channels. The content ship and content client can be hardware or software modules. If the channel is not a secure channel, the attacker can weave all the communication between the content ship and the content client. The system of the present invention not only prevents the attacker from obtaining the plaintext data, but also the replay attack. For each connection phase, the present invention is composed of two steps. The first phase is the client-server end mutual authentication and establishing the connection phase key = in this step 'content server Verify the legitimacy of each other with the content client, and at the same time, the door exchanges information 'by both the server and the client can calculate/obtain the same connection phase ^ Yu. In the second step, the sound/image data is used by the content feeder to use the connection stage to perform the pure, and the fine account to decrypt the Lai Weilu. The present invention employs a symmetric encryption and decryption algorithm as its component. The advantage of this content protection system is that it is a well-known encryption and decryption algorithm rather than a design_a new algorithm'. For example, the 128-bit AES encryption and decryption algorithm can be used, because its security has been widely trusted, and it can be implemented in software and can perform high-speed operations, as well as low-status hardware. Implementation. In addition, this encryption and decryption algorithm can also be replaced by its: block encryption and decryption algorithm [such as DES, Blowfish or RC4 and so on. In addition, if a version of the server or client is found to be successfully attacked, its identification number will be placed in the blacklist. Each server and client have a blacklist. This list will be periodically. To update, if the ship is found - the identification number for the station is in this blacklist, it will end the connection phase; if a user finds that the identification code of the H is in the black towel, it will End the second paragraph of the connection. The following is a detailed description of the specific embodiments with the accompanying drawings, when the purpose of the invention, the technical capabilities, characteristics and the effects achieved. BRIEF DESCRIPTION OF THE DRAWINGS [Embodiment] The specific embodiment of the present invention will be described in detail below with reference to the accompanying drawings, and the same reference numerals will be used in the drawings and the description of FIG. 1313995 to represent the same or similar parts. Please refer to FIG. 1A, which is a schematic diagram of an embodiment of a communication flow between a user end and a feeder end in the present invention, and refers to FIG. 1B, which is a true diagram of the verification procedure in the present invention. Grasping the content of the invention, the protection system is based on the "end of the household, the birth certificate and the connection stage, and the challenge/response procedure is as follows = the server 50 and the user terminal 6 are mutually interacting with each other. Verification, and also establish a P0b segment of gold. The ship used in this program of towels is defined according to the following: -

11 connection

φ XOR

Rl A string of 128-bit random numbers generated by the server.

Rz A string of 128-bit random numbers generated by the client. X1 Κχ2 A set of 128-bit secret keys that the feeder and client will use to exchange data between mutual authentication and protection during the connection phase key generation. Both the server and the client will have this set of keys built into it. IDs

IDc

Εκχΐ() Εκχ2() EcO A string of 128-bit server identification numbers. The server provides this number to the client to let the client know that it is communicating with that server. Each version of the server has a unique identification number, and all servers of the same version share the same set of identification numbers. A string of 128-bit client identification numbers, the client provides this number to the server 'to let the server know which set of secret keys to use. Each version of the client has a unique identification number, and all users of the same version share the same identification number. Use A·ι's AES encryption program. Use the AES encryption program of Κχ2. Using the common AES encryption program, the common record is a string of 1313995. The fixed version of the server and the client know the fixed 128-bit length of gold. Ksi A string of 128-bit random numbers generated by the server, used as part of the connection stage record. KS2 A string of 128-bit random numbers generated by the client to serve as part of the connection phase key. The Ks connection stage key is as shown in FIG. 1A and FIG. 1B. The steps of the authentication procedure 1包含 include: Step 105: The feeder 50 notifies the client 60 to start the authentication procedure; Step 110 The server 50 transmits the random number 1 and Ec (丨Ds 十 Ri) to the client 6〇; Step 112 The client 60 decrypts Ec using the common key (丨s(IDs®Ri), and then takes out the IDs; Step 113 The client 60 uses the |DS to query the secret record group Heart 1 and heart 2; Step 115 Client 60 generates random numbers R2 and Ks2. The client 6 uses AES encryption to generate a sequence called EC (IDC X R2) | 丨Ε κ χ 2 (ΡΗ | Κ 32), and transmits it to the server. Step 120: The server 50 uses the common gold input to decrypt Ec (丨Dc0R2) into (IDC ten R2), and then takes out 丨Dc; Step 125 The feeder 50 uses |DC to query the secret gold input group Κχι and & Step 130 The server 50 uses Κχ2 to decrypt Ekx^D into (8), 丨丨KS2,); Step 135 Right Rl is not equal to R1, then the authentication fails 'and the server 50 terminates the connection phase; Step 140 Server 50 Generate a set of random numbers Ksi; Step 145 Server 50 AES Plus Bribe County Encryption (R2丨丨Ksi) II KS1) 'and send it to the client 6〇; Step 150 The client 60 uses the secret gold wheel Κχι to Ekxi (R2丨丨Ks tear correction 1313995 is (R2' 丨| Ksi,); Step 160 if R2 'Not equal to R2, the authentication fails and the client 6〇 will terminate this connection phase. Please refer to Figure 1C, which is a connection stage key establishment procedure in the invention. After the B1B rides the miscellaneous power, the scaled axis segment is not terminated by the server or the client. ' Mutual authentication has been successful. In order to establish the connection phase, the key 'server' and the client will perform the following steps: Step 165 The server calculates the connection phase key as Ks=Ksi ten Ks2; Step 170 The user calculates the connection phase key as Ks, =Ks1, ten KS2, KS, which should be equal to Ks. ~ Alternatively, the server can be KS = EKs1 ( KS2,) Calculate the connection phase key, and the user knows that KS = EKs1' (KS2) can be used to calculate the connection stage, and KS should be equal to KS. Figure 2A shows the encryption of digital content in the present invention. Flowchart of one embodiment of the decryption process 2. In Figure 1B and Figure 1C After the authentication procedure 1 and the connection stage key establishment process 160 are successfully completed, 'the sound/image transmission can be started, and the φ program 200 of the compact/decryption is combined according to the following steps: Step 205: The server encrypts the sound/image data by using the connection stage Jins Ks and the 128-bit AES encryption and decryption algorithm; Step 210 The user uses the connection stage key Ks to decrypt the sound/image data. In order to provide a quality image, such as an HDTV, it is necessary to provide a relatively high resolution image such as 1920x1080 x 30fps. In this case, the bitrate of the uncompressed video stream will be very high, about 120 MByte/ Sec. Therefore, the packet content encryption method described in Figure 2A will require strong computing power on the server side and the client side. 'Only a fast CPU may not be enough'. The GPUs on the display card may not be fast enough to use AES decryption. To decrypt the data of i20Mbytes per second. 1313995 Amendment Thus, in an embodiment of the present invention, another method is used to encrypt the image packet content 'for each image frame' to generate a 128-bit digital KFi according to the following method, and Kr will be used as To encrypt the frame key of the jth video frame. A =^(1), for i -1 KFi Two KFi-' ® EKs, KFi for i > 1 The encryption/decryption method 22 described in Figure 2B is a combination of the following steps: Step 225 Decide i Step 230 For each i value, if i =1, the server encrypts the entire video frame using Κπ; Step 235 If 丨> 1, the server uses Kr to encrypt the entire video frame. In the embodiment, the method of using the KR encrypted video frame is the RC4 stream encryption and decryption algorithm for encrypting the entire image frame, and the RC4 is several times faster than the AES. The advantage of the method is that the RC4 is trusted and quite perfect. The encryption and decryption algorithm. Furthermore, in order to avoid the RC4 method being fast enough, the present invention employs another method of encrypting an image frame. As shown in FIG. 2C, 'this is a flowchart of an embodiment of the encryption/decryption process 24 of digital content in the present invention. In this method, the image frame is cut into complex macro-blocks. Each macro block has 16χ16 pixels. In the embodiment, the following symbols are defined as follows:

Mi is the i-th macro block in this video frame. W The width of the image frame, in pixels. The height of the 5th image frame, in pixels. P is a prime number, which is also compatible with (W/16). S(Mi) uses a lightweight algorithm to scramble Mi, for example, 3 CPUcycle/byte 〇 Encryption method 240 is composed of the following steps: Step 245 decides i; 1313995 Correct this step 250 for each threshold, If I (mod PH, use RC4 encryption from; step 255 if i (mod 1, then encrypt Mi to: eve (in LG-1) / #尸+1) ten from i this method will use RC4 to encrypt than all The method of image is about p times faster. Please refer to Figure 3, which is a flow chart of the process of destroying the digital content in the present invention. If the version of the feeder or the client is deemed to be harmful, The identification number will be placed in a blacklist. Each server and client has this blacklist. This list will be updated regularly. The destruction procedure 300 described in Figure 3 consists of the following steps. Combination: into: 〇 Step 305 Step 310 Step 315 Step 320 The client receives the IDS from the server; the client determines whether the IDs are in the blacklist; if 4丨Ds is in the blacklist, the client ends the connection phase The feeding device receives the 丨Dc from the user end; the step 325 determines the 丨Dg Whether it is in the blacklist; Step 330 If the 丨Dc is in the blacklist, the player ends the connection phase.

The client will check the blacklist before transmitting the data to the server, as described in step 1B of Figure 1B, and the ship is inspected by the client, as described in step 140. 1 Tai Gong's nickname encryption and decryption algorithm is used as its component, but it must be noted that the algorithm is used, for example, to make the bit AES = Gu 疋 广 广 广 广 安全 安全 security and 'software The implementation can be carried out ί=^=Meidei S, 8丨_material^, etc. The scope of the invention is implemented. Therefore, the embodiment is not used to limit the essence and/or repair 11 1313995 BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1A is a schematic diagram of an embodiment of a communication flow between a client and a server in the present invention. FIG. 1B is a flow chart of an authentication procedure in the present invention. FIG. 1C is a connection stage gold in the present invention. Fig. 2A to Fig. 2C are diagrams showing the digital content plus = map in the present invention. Fig. 3 is a flow chart of the destruction procedure in the present invention. The flow diagram of the miscellaneous sequence. [Description of main component symbols]. Server 60 client

12

Claims (1)

Amendment 1313995 X. Patent application scope: A digital content protection method, comprising: a client-server mutual authentication procedure, comprising the following steps: The server notifies the user to start the authentication procedure; the server sends the random numbers R1 and Ec (丨Ds®Ri) to the client, where Ec uses a public key for encryption, and IDs identifies the number for one of the servers; the client uses the public key to decrypt EcODseRi) to (IDs Ten Ri), and The IDs are obtained from the client; the client finds the encrypted record pair Κχ and Κχ2 through 丨Ds; the user generates the random number R2 and KS2; the client uses the encryption method to generate r2丨丨Ec (IDc10 R2) to be sent to the server | Ekx2(R1 |丨Ks2) ' IDC is the identification number of one of the clients, and Εκχ2 is encrypted with the secret gold correction 2; the server decrypts Ec (IDc ten R2) into (IDc ten R2) using the public key, and obtains 丨Dc from it. The feeding device finds the encryption key pair Κχι and Κχ2 through 丨Dc; the server decrypts Εκχ2(Ρ^丨| Ks2) by Κχ2 (Ri, 丨| Ks2,); wherein, if R1' is not equal to R1, then The certificate fails and the server terminates; the server generates a chaotic number Ksi; 5H server uses the encryption method to encrypt the latch 2 to get the 2Ks1) to be sent to the server. 'This Ε χ χ 1 system uses the secret The key kx1 is encrypted; the server decrypts Ekxi (R2丨丨Ksi) by using the secret key Km (R2, 丨丨Ks1,); wherein, if R2' is not equal to R2, the authentication procedure fails, and the client terminates; And a connection stage gold record establishing procedure, which comprises the following steps: the feeding machine calculates Ks1 ten KS2 to obtain the connection stage gold record Ks; and the user end calculates Ks1' Θ Ks/ to obtain the connection stage key Ks; wherein Ks' That is Ks. 13 Amendment 1313995 The digital content dumping method described in item 1 of the patent system, a data encryption and decryption program, comprising the following steps: g stage key KS and a password to encrypt the video material; and 3" sister Stage money KS' job sound/image data decryption 凊 Patent range Fangyuan first item digital content protection party 5: its series 6·=:=:=^r method, the _ _ bit content protection method 'TM One of the 128-bit numbers KR in each video frame is generated by: KF, =^(1), for i = 1 f〇rj > j frames - the frame is KR, "^ The first ith frame uses the digital content protection method described in item 6, wherein the sound/shadow 8_such as Shen, Li, and a 4-stream password encrypts an entire image frame. Like her method of wire protection in the sixth item, the sound/shadow of the towel is encrypted with an AES password. The digital content protection method according to Item 6, wherein the sound/image is encrypted by the following steps: dividing each image frame into a plurality of macro blocks (macro_bl〇cks); If i (mod P) = 1, use RC4 to encrypt Mi; and right 丨 (m〇d 1, then Mi is encrypted as follows: 1313995 Amendment eve (from Lg-ivpJxp+i) Ten Wind · The Mi system For the jth macroblock in the image frame, w is the width of the image frame, in pixels, and the height of the image frame is in pixels; Ρ is a prime number, which is also (W/16) mutual quality, and S (M〇 uses a lightweight algorithm to disrupt Mi. 10_, as described in claim 9, the digital content protection method, wherein each of the macro frames contains 16. 6 pixels. 11. The digital content protection method described in claim 1 of the patent scope further includes: a destruction procedure, using a blacklist of servers and users that cause harm, the destruction procedure comprising the following steps: Receiving the ID of the server; the client determines whether the old s is in the blacklist; The IDs are in the blacklist, the client terminates the connection with the server; the server receives the old end of the client; the server determines whether the IDC is in the blacklist; and if the 丨Dc is in the blacklist The server terminates the connection with the client. 12_ - A digital content protection method, comprising: a client-server mutual authentication program, comprising the following steps: the server notifies the user to start the authentication procedure; the server sends out Random numbers R1 and Ec (IDs ten R1) to the client, where Ec uses the _ public key for encryption, and IDs is the identification number of one of the servers; the user generates random numbers R2 and KS2; the client uses the encryption method Generate R2丨丨Ec(丨Dce R2) II Ekx2(R1丨丨Ks2) to be sent to the server, IDc is one of the identification numbers of the client, and Εκχ2 is encrypted by the secret gold record ;2; the server uses the public gold The key decrypts Ec(丨Dce Rz) into (丨Dc@A) and obtains IDc from it; 15 Fix this 1313995 server to find the encryption key pair 匕 与 and ^ through 丨Dc; the server uses Κχ2 to Ekx2 (R1丨丨Ks2) decrypted (%, 丨丨 KS2,); where 'If R·!' is not equal to &, the authentication procedure fails, and the server terminates; the server generates a random number KS1; 'The server uses the add-on method to R2|| Ks*i encryption gets Ekx1 (R2丨丨Ksi) to be sent to the feeding device. 'This Ε χΐ is encrypted with the secret key κχ1; the server decrypts Εκχ# |丨Ks1) using the secret key Κχ1 (r2,丨丨Ksi,); wherein, if R2' is not equal to R2, the authentication procedure fails, and the client terminates; and a connection phase record creation procedure, which includes the following steps: The server calculates Ks1 Θ Ks2 to obtain the connection phase gold Yu Ks; the client calculates Ks1 'Ten Ks2' to get the connection stage key|<s,; where Ks' is Ks; and a data encryption and decryption program, which includes the following steps: The server will sound/image data One of the connection stage key Ks and the electronic code book mode: and the user uses the connection stage key KS to solve the sound/image data. Digital content protection method In this. The mountain system uses AES encryption to generate R2 || EC (IDC Θ R2) 丨丨 Ekx2 (Ri 丨, 丨 Ks = terminal 14), as described in claim 12, the H i ^ system Encryption of 丨| Ks〇 by AES encryption into EKx1 (R2丨丨Ksi):,...1 server 15. The digital content protection method described in item 2 of the patent application, the image data is a 128-bit image AES password is used to encrypt.,, sound / 16 · The digital content protection method described in claim 12, the image data is encrypted using the following steps: , 5 hai sound / one of each video frame The 128-bit number KFi is generated by the following formula. 16 Revision KFi, and the ith frame is encrypted by using 1313995 (1), for f〇r, where the frame of the ith frame is Kr. Ίΐί: The digital content protection method according to the item 12, wherein the sound/~俅 is encrypted by the RC4 stream password.岑: The digital content protection method described in item 12 of the C range, wherein the sound, such as the asset system, is encrypted using an AES password. 19. The digital content protection method of claim 12, wherein the sound and image data are encrypted by the following steps: dividing the second image frame into a plurality of macro-blocks; For a value, if mod p = i, then RC4 will be used for encryption; and if i (mod ρμ !, then Mi will be encrypted as follows: $(崎(,_1)/p +1) Ten% The Mi is the ith macroblock in the image frame, and W is the width of the image frame 'in pixels'. The height of the image frame is in pixels; p is one. The prime number 'is also compatible with (w/16), and s(Mi) uses a lightweight algorithm to disrupt Mi. 2〇_If applying for the number (4) capacity protection method described in item 19 of Wei Wei, Each of the macro frames contains 16*16 pixels. 21_ The digital content protection method described in claim 12 of the patent application further includes: a destruction procedure to utilize a server and a client that will cause harm The blacklist, the destruction procedure includes the following steps: The server receives the IDC of the client; the feeder determines whether the IDC is in the black name If the IDC is in the blacklist, the server suspends the connection with the client; the client receives the IDS of the server; 17 1313995 corrects that the client determines whether the IDS is in the blacklist; The 丨Ds is in the blacklist', then the client terminates the connection with the server. 22. A digital content protection method, comprising: a client and a vocabulary mutual authentication program, comprising the following steps: Notifying the client to start the authentication procedure; the server sends a random number 1 and 匕 (丨Ds0R1) to the client, wherein the system uses a public key for encryption, and the 丨Ds identifies the number of the server; The end generates random numbers R2 and KS2; the client uses the encryption method to generate R2丨丨Ec to be sent to the server (丨Dc φ is called|丨Ekx2(Ri II Ks2)' IDc is one of the identification numbers of the client, Εκχ2 Then use the secret gold transmission 2 encryption; the server uses the public key to decrypt Ec (IDc0 R2) to (IDc ten R2), and obtain 丨Dc from it; the server finds the encryption key pair 匕 与 and ^ through the IDC; Using KX2 will be similar (8)|| KS2) decrypted to get (FV || KS2,); where, right Rl' is not equal to Rl, the authentication procedure fails, and the server terminates; the feeding device generates random number KS1; Sx feeding device uses encryption method R2丨| Ks<|Encryption gets E=(R2 II KS1) to be sent to the feeding device, and this Εκχΐ is encrypted with the secret key κχ1; the user terminal ^ uses the secret gold record Κχι to decrypt Ekxi (R2 π Μ ( R2, H Ks, where the right 13⁄4 is not equal to R2, the authentication procedure fails, and the client terminates; the phase plane establishment procedure includes the following steps: calculating the KS1 ten heart 2 connection phase Jin Yu Ks; and the client computing Ks1 , 10 Ks2, get the connection stage gold 鍮Ks,; 'Ks' is ks; a data encryption and decryption program, which includes the following steps: 5 将 将 曰 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像 影像This mode 18 1313995 one of the electronic code book mode encryption; and the user side uses the connection stage key KS to decrypt the sound/image data; and a destruction procedure, using a server that will cause harm And the blacklist of the client The destruction program comprising the steps of: the server receiving the client IDC; server determines whether the IDC in the blacklist; If the 丨Dc is in the blacklist, the server suspends the connection with the client; the client receives the ID of the server; the client determines whether the IDs are in the blacklist; and if the 丨DS is In the blacklist, the connection between the client and the device is suspended. If you apply for the number 22 of the special fiber, you can use AES encryption to generate R2 n Ec (IDce R2) N EMRi" κ (five). The digital content protection method of claim 22, wherein the server invokes AES encryption to encrypt (r2 丨丨 KS1) into Ekx1 (R2 丨丨 Ksi). 25_ Digital content protection method as described in claim 22 of the patent application. The image data is encrypted with an AES password of -128 bits. Λ曰 26. If you apply for a special _ 22 tearing number of fairy Image 2 is encrypted using the following steps: ~中丝曰/ K One of the 128-bit numbers KFi in each image frame is generated by: Ά(ΚηJ, far i > 1 of which: the iM Frame - frame key A KFi' and 帛ith frame is used to encrypt. 27·2 Ϊ copper fan _ 22 items (four) Rong dumping, its towel the sound / 28 2 2 system utilization One and four stream ciphers encrypt an entire video frame. The method described in Item 22, wherein the sound/V is encrypted with an AES cipher. Five hearts (1), for i = 1 Amendment 1313995 29 · The digital content protection method described in item 22 of the patent application scope, the image data is encrypted by the following steps: ^ 分割 split a shirt image frame into a plurality of macro blocks (macr〇- b|〇Cks); For each value, 'If mod P = 1, then use RC4 to encrypt Mi; and if i (mod P)9t 1, then encrypt the following: The hh macroblock in the image frame, where w is the width of the image frame, in pixels, and the height of the image frame is in pixels. ; P is a prime number, which is also relatively prime (W/16), and S (M〇 uses a lightweight algorithm to disrupt Mi. 30. The digital content protection method described in claim 29, Each of the macro frames contains 16*16 pixels. Amendment 1313995 VII. Designated representative map: (1) The representative map of the case is: (1) map. (2) Simple description of the symbol of the representative figure : 50 server 60 client terminal 8. If there is a chemical formula in this case, please disclose the chemical formula that best shows the characteristics of the invention: