CN105303070A - Copyright protection method for offline data - Google Patents
Copyright protection method for offline data Download PDFInfo
- Publication number
- CN105303070A CN105303070A CN201410330910.6A CN201410330910A CN105303070A CN 105303070 A CN105303070 A CN 105303070A CN 201410330910 A CN201410330910 A CN 201410330910A CN 105303070 A CN105303070 A CN 105303070A
- Authority
- CN
- China
- Prior art keywords
- data
- line
- key
- intelligent terminal
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
A copyright protection method for offline data is invented for protecting the data security of offline data. The design idea is that multilevel encryption is performed on a key, and it is ensure that a key that is used by each intelligent terminal and that is used to decrypt same encrypted offline data is unique; and to prevent a key/data from being leaked or being used by an unauthorized application, encrypted offline data can only be used on an authorized intelligent terminal and by a data application that is allowed to use content of the encrypted offline data.
Description
Technical field
The present invention relates to data encryption/decryption field, is by making carbon copies memory device to copy the digital literary property protection method of form distribution of digital content.
Background technology
Along with the fast development of digitizing and memory technology, the price can making carbon copies Large Copacity movable storage device (portable hard drive, SD card, USB flash disk, solid state hard disc) constantly declines, and the development of the technology such as USB3.0 and eSATA technology, improve the message transmission rate of Large Copacity movable storage device, make Large Volume Data content immediately issue (when there being distribution demand, being just copied to and can making carbon copies memory device distribution by issued content) and become possibility.And use the distribution can making carbon copies memory device distribution of digital content compared to using CD to carry out digital content, more meet the industry goal of energy-conserving and environment-protective.But lack at present the technical method of protection off-line digital content, make off-line data content once issue, pirate immediately.This problem annoyings digital content provider and digital content publisher always.The copy-right protection method of off-line data of the present invention just in order to protect off-line digital content, stopping piracy, avoid off-line digital content to be used when there is no legal authorization, and invention.
In existing patented technology; there is the digital copyright protection technology being directed to optical disk system; below draw from publication No. be the patented technology of CN101770794A; to be combined with the large factory of Hollywood Pictures by information, the household electrical appliances such as IBM, Intel, Microsoft, Panasonic, SONY, Toshiba, Disney and Warner and formulated copyright protection technology-AACS (AdvancedAccessContentSystem), its core technology realizes key management with the binary tree structure of " NNLtree " by name.
But AACS technology faces three large realistic problems in the application of China:
1. information security issue, AACS adopts technology to be controlled by foreign vendor completely, is applied directly to as safety technique the national information safety policy that China does not meet China;
2. cost issues: the patent that AACS technology relates to and system rest in foreign staff completely, needs expensive patent royalty and overhead cost licensing of China;
3. limitation problem is managed: AACS technology does not relate to the empowerment management to replication business system.
Prior art; digital literary property protection method and the management devices thereof of publication No. to be the patented technology of CN101770794A be a kind of digital versatile disk system; the blank of China that this technology is filled up, and solve the problems involved by AACS technical system, but still face four large realistic problems:
1. propagation medium problem: do not break away from the distribution system that CD is medium, the decruption key of programme content is identified by CD anti-copying and program key binding process draws, it is the distribution system of medium that such whole system cannot be broken away from CD, and be that the distribution system of medium itself has many problems: limited storage space with CD, easily cause a large amount of plastic garbages and the serviceable life of CD player also relevant to the read-write number of times of laser head.
2. problem is produced in batches: batch production cannot be realized, it is strict that according to authorizing the mode of playback equipment to issue, advantage that CD makes CD originally can copy reduction cost of manufacture in enormous quantities becomes history, can only make a unique CD for client film also makes publisher remain normally poor-performed, limits the popularization of patent CN101770794A.
3. administrative vulnerability problem: although carry out to replication business management in CN101770794A that some are perfect, but movie and television contents is not encrypted when entering replication business system and be stored in replication business system, there are the security breaches that replication business copies non-encrypted movie and television contents.And in actual life, the function of publisher and publisher is distinguished to some extent, the management only for replication business produces managerial leak.
4. the restricted problem of system: comprise all replication business keys and the corresponding relation of replication business ID in the system key packet described in CN101770794A, and this packet is built in playback equipment, and because actual operation mode is constantly grown up and development in reality, replication business is constantly updated and eliminates, therefore the phenomenon needing the built-in system data bag of continuous upgrading playback terminal just can meet the daily viewing demand of consumer can be caused, be called the restricted problem of system, limit the convenience of use, with the operation of the method in society and popularization.
Above patented technology only protects the data content based on optical disc storage; and lack the method for the data content that other memory device of protection stores; and lack flexible, easy implementation method, and to the technical method using the application of off-line data to limit.In addition, the means of some conventional protection off-line datas are also had, wherein:
1, software is relied on---off-line data uses special format to store, and must use specially for the data-application of this form exploitation could be resolved; Multi-layer security (feature that off-line uses causes key together must be kept on intelligent terminal with off-line data) is carried out to off-line data.But in said method the parsing special format of special exploitation data-application or to the key after off-line data multi-layer security once be illegally accessed and disclose and (obtain the data-application of the parsing special format developed specially; or find the key preserved in intelligent terminal---this is almost without any technical threshold), off-line data just loses protection.
2, hardware is relied on---adopt hardware device (such as: " softdog "), realize the copy-right protection method of off-line data.But this this method, has: the shortcoming such as use cost high (needing to buy hardware device), dependence hardware device, not easily upgrading (hardware device can only support the operating system of the intelligent terminal of particular version).
The copy-right protection method of off-line data is the safety in order to protect off-line data, and avoid above problem and the method for inventing, it needs to rely on following technology simultaneously:
1, the development of encryption/decryption technique.
2, the development of the memory technology of Large Copacity, high transfer rate.
Summary of the invention
The present invention is the copy-right protection method of off-line data.In the embodiment using described method to build, protection off-line digital content is not illegally used, and stops the Piracy issues (copying) to this digital content.
Of the present invention, intelligent terminal includes but not limited to: computer, smart mobile phone, PAD etc., terminal device; The ID of described intelligent terminal must have uniqueness.
The copy-right protection method of off-line data, in order to protect the data security of off-line data to invent, its mentality of designing carries out multi-layer security to key and what guarantee that each intelligent terminal uses is unique for deciphering the key of same encrypted off-line data; Leaking for preventing key/data, being used by undelegated application program, encrypted off-line data can only on authorized intelligent terminal, be allowed to use the data-application of its content to use.Concrete grammar is:
1, protected clear data being encrypted as enciphered data copies in the storage space of memory device or intelligent terminal;
2, by the decruption key of this enciphered data, obtain off-line key with allowing to use the ID of the intelligent terminal of this data content to be encrypted, off-line key is together copied in the storage space of memory device or intelligent terminal with enciphered data---namely: the off-line key using the different intelligent terminal of same enciphered data to use is different;
3, before each intelligent terminal installation data application program, this data-application all will be added into a digital signature, the content of this digital signature is the ID of the intelligent terminal that this application program is installed---namely: same data-application is installed in different intelligent terminals, its digital signature is also different;
4, data-application is when using this enciphered data, to the deciphering of data deciphering PROGRAMMED REQUESTS, and obtains protected clear data:
(1), data deciphering program, the data-application that the ID of the intelligent terminal only installed to digital signature and its is consistent provides data deciphering service;
(2), data deciphering program, first decipher off-line key with the ID of intelligent terminal and obtain encryption key, then by this enciphered data of encryption key decryption, so far decrypt encrypted data is protected clear data and is supplied to data-application to use.
In sum, the technology of the present invention's protection off-line data more in the past, compare and there is following advantage:
1, the security of off-line data is strengthened: special data form need not be adopted in the mode of restricting data application program to protect off-line data, as long as any data-application digital signature correct (consistent with the ID of the intelligent terminal that it is installed) just can apply for using off-line data; Although off-line key and off-line data are together kept on intelligent terminal, the off-line key of each intelligent terminal is not identical, even if the off-line key/off-line data of certain intelligent terminal leaks also cannot use this off-line data on other intelligent terminal; Strengthen the security of off-line data.
2, improve the efficiency of distribution (copying): in advance Integratively encryption is carried out to clear data, in distribution (copying) process, be only again encrypted protection for decruption key---use intelligent terminal ID to generate corresponding off-line key.
3, the scope of application is added: do not rely on any hardware device.
The present invention is characterized in:
1, method of the present invention is the protection for off-line data, will the clear data of protection be needed to be encrypted as enciphered data, then is off-line key by the decryption key encryption of this enciphered data;
2, off-line key is generated by the unique identification ticket encryption of the intelligent terminal licensing this off-line data;
(1), the off-line key of same enciphered data is relevant to the intelligent terminal using the data-application of its content to install, and the off-line key of different intelligent terminals is also different;
(2), each off-line key can only use on a specific intelligent terminal;
3, use the data-application of off-line data, have digital signature, the content of its digital signature is the unique identification mark of the intelligent terminal that it is installed;
4, data deciphering program, the request of the deciphering off-line data of a data-application that responding digital signature is consistent with the unique identification mark of the intelligent terminal that it is installed;
5, data deciphering program, first uses the unique identification mark of its intelligent terminal installed, is decrypted acquisition decruption key to off-line key, then uses decruption key to be clear data by decrypt encrypted data.
Below in conjunction with the drawings and specific embodiments, the invention will be further described.
Accompanying drawing explanation
Following accompanying drawing is used to provide a further understanding of the present invention, and forms a part for instructions, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the basic flow sheet of the complete off-line data content distribution/displaying of the embodiment using the technology of the present invention to create.
Fig. 2 is the basic flow sheet that the data-application of the embodiment using the technology of the present invention to create is downloaded.
Fig. 3 is the basic flow sheet that the off-line data of the embodiment using the technology of the present invention to create is downloaded.
Fig. 4 is the basic flow sheet of the off-line data deciphering of the embodiment using the technology of the present invention to create.
Referring to Fig. 1, it is the basic flow sheet of off-line data content distribution/displaying complete in the embodiment of the present invention.Illustrate and data deciphering program is installed with under the prerequisite of data-application (its digital signature is identical with the ID of intelligent terminal) at intelligent terminal, clear data is encrypted, distribution (copying) uses this intelligent terminal to show the flow process of this off-line data content to intelligent terminal, terminal user, wherein:
Step 101, data content publisher, by clear data d1, uses decruption key k1 by DEU data encryption unit, is encrypted as enciphered data d2.
Step 102, data content publisher, by enciphered data d2 and decruption key k1 thereof, is saved to data issuance unit.
Step 103, data content publisher, when there being distribution demand, by the storage unit of enciphered data d2 distribution (copying) to intelligent terminal, and obtains the ID of this intelligent terminal.
Step 104, data content publisher, is encrypted as off-line key k2 by secret key encryption unit by the ID of this intelligent terminal obtained in decruption key previous step.
Step 105, data content publisher, issues (copying) storage unit to intelligent terminal by off-line key k2.
Step 106, data content user, when using the market demand unit (data-application) be arranged on this intelligent terminal to show the enciphered data d2 downloaded, market demand unit (data-application) is decrypted to decryption unit request enciphered data d2.
Step 107, data content user, after data decryption unit (data deciphering program) judges that the digital signature of market demand unit (data-application) is consistent with the ID of intelligent terminal, from storage unit, obtain enciphered data d2 and off-line key k2 thereof; The ID of intelligent terminal is used to be decruption key k1 by off-line key k2 deciphering; Decruption key k1 is used to be clear data d1 by enciphered data d2 deciphering.
Step 108, data content user, data decryption unit (data deciphering program) transmits clear data d1 to market demand unit (data-application), and market demand unit (data-application) shows its content.
Referring to Fig. 2, it is the basic flow sheet that in the embodiment of the present invention, data-application is downloaded.Intelligent terminal is correctly downloaded and the flow process of installation data application program (digital signature of installation data application program is consistent with the ID of intelligent terminal), wherein:
Step 201, intelligent terminal, submits its ID to application download server and asks downloading data application A 1.
Step 202, application download server, judge whether to allow intelligent terminal downloading data application A 1, if allowed, order performs following step, otherwise redirect performs step 207.
Step 203, application download server, submits the ID of intelligent terminal to application signature server, and request is signed to data application A 1.
Step 204, application signature server, uses the ID of this intelligent terminal to sign to data application A 1, generates a data-application installation kit A11.
Step 205, application signature server, submits to application download server by the data-application installation kit A11 after signature.
Step 206, application download server, allows intelligent terminal downloading data application program installation kit A11; Intelligent terminal is downloaded and is installed this data-application installation kit A11, completes and downloads and the flow process of installation data application program.
Step 207, application download server, the request of refusal intelligent terminal downloading data application A 1.
Referring to Fig. 3, it is the basic flow sheet that in the embodiment of the present invention, intelligent terminal obtains off-line data by web download.Intelligent terminal has been provided with data deciphering program with under the prerequisite of data-application (its digital signature is identical with the ID of intelligent terminal), and the flow process of the off-line key k2 of the off-line data d2 after the encryption of clear data d1 and correspondence thereof is downloaded in intelligent terminal request.Wherein:
Step 301, intelligent terminal, submits its ID to data download server and asks downloading data d2.
Step 302, data download server, judges whether to allow intelligent terminal downloading data d2; If allowed, order performs following step, otherwise redirect performs step 308.
Step 303, data download server, allows intelligent terminal downloading data d2.
Step 304, data download server, submits ID, the decruption key k1 of intelligent terminal to, asks decruption key k1 to be encrypted as off-line key k2 to key encryption server.
Step 305, key encryption server, uses the ID of intelligent terminal that decruption key k1 is encrypted as off-line key k2.
Step 306, key encryption server, submits off-line key k2 to data download server.
Step 307, data download server, issues off-line key k2 to intelligent terminal, completes the flow process downloading off-line data.
Step 308, data download server, the request of refusal intelligent terminal downloading data d2.
Referring to Fig. 4, it is the basic flow sheet of off-line data deciphering in the embodiment of the present invention.Intelligent terminal has been provided with data deciphering program and data-application (its digital signature is identical with the ID of intelligent terminal), and under correctly having downloaded the prerequisite of off-line key k2 of the off-line data d2 after the encryption of clear data d1 and its correspondence.Data-application obtains the flow process of clear data d1 to decrypted program application deciphering off-line data d2.Wherein:
Step 401, data-application, to data deciphering program application deciphering off-line data d2.
Step 402, data deciphering program, checks the digital signature of data-application; If it is consistent with the ID of the intelligent terminal that data deciphering program is installed to sign, order performs following step, otherwise redirect performs step 407.
Step 403, data deciphering program, finds the off-line key k2 of off-line data d2 and this off-line data in this locality; If find the off-line key k2 of off-line data d2 and this off-line data, order performs following step, otherwise redirect performs step 408.
Step 404, data deciphering program, uses the ID of intelligent terminal to be decruption key k1 by off-line key k2 deciphering.
Step 405, data deciphering program, uses decruption key k1 to be clear data d1 by off-line data d2 deciphering.
Step 406, data deciphering program, submits clear data d1 to data-application, completes off-line data deciphering flow process.
Step 407, data deciphering program, refusal data-application proposes the request of decryption services.
Step 408, data deciphering program, refusal data-application proposes the decoding request to off-line data d2.
The above is only the flow process of specific embodiment of the invention method and some basic embodiments, and its content, just for the ease of understanding ultimate principle of the present invention and flow process, is not intended to limit the present invention.Process flow diagram only presents the main logic order of the embodiment of the present invention, and the logical order that not all may exist.Any personnel having certain related-art technology knowledge, under the premise without departing from the principles of the invention, can also make some modifications and variations in implementation detail and flow process, these modifications and variations also should be considered as protection scope of the present invention.In addition, the present invention sets forth each function element and step can realize with general-purpose calculating appts, and they can concentrate on single calculation element, also can be distributed in the network of multiple calculation element composition; They can perform executable program code by calculation element and realize, and also independent the or multiple function element in them or step can be made as integrated circuit to realize.The present invention does not limit any combination thereof.
Claims (6)
1. the copy-right protection method of off-line data, in order to protect the data security of off-line data to invent, its mentality of designing carries out multi-layer security to key and what guarantee that each intelligent terminal uses is unique for deciphering the key of same encrypted off-line data; Leaking for preventing key/data, being used by undelegated application program, encrypted off-line data can only on authorized intelligent terminal, be allowed to use the data-application of its content to use.
2. the method according to right 1, is characterized in that, will the clear data of protection be needed to be encrypted as enciphered data, then is off-line key by the decryption key encryption of this enciphered data.
3. the method according to right 1, is characterized in that, off-line key, is to be generated by the unique identification ticket encryption of the intelligent terminal licensing this off-line data;
(1), the off-line key of same enciphered data is relevant to the intelligent terminal using the data-application of its content to install, and the off-line key of different intelligent terminals is also different;
(2), each off-line key can only use on a specific intelligent terminal.
4. the method according to right 1, is characterized in that, use the data-application of off-line data, have digital signature, the content of its digital signature is the unique identification mark of the intelligent terminal that it is installed.
5. the method according to right 1, is characterized in that, data deciphering program, the request of the deciphering off-line data of a data-application that responding digital signature is consistent with the unique identification of the intelligent terminal that it is installed.
6. the method according to right 1, is characterized in that, data deciphering program, first uses the unique identification mark of its intelligent terminal installed, is decrypted acquisition decruption key to off-line key, then uses decruption key to be clear data by decrypt encrypted data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410330910.6A CN105303070A (en) | 2014-07-09 | 2014-07-09 | Copyright protection method for offline data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410330910.6A CN105303070A (en) | 2014-07-09 | 2014-07-09 | Copyright protection method for offline data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105303070A true CN105303070A (en) | 2016-02-03 |
Family
ID=55200332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410330910.6A Pending CN105303070A (en) | 2014-07-09 | 2014-07-09 | Copyright protection method for offline data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105303070A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561025A (en) * | 2004-03-03 | 2005-01-05 | 北京北大方正电子有限公司 | Method of binding digital contents and hardware with hardward adaptive |
| US20080022134A1 (en) * | 2006-07-24 | 2008-01-24 | Michael Sujue Wang | Secure Data Storage for Protecting Digital Content |
| CN101142599A (en) * | 2004-09-17 | 2008-03-12 | 英华达股份有限公司 | Digital rights management system based on hardware identification |
| CN101282214A (en) * | 2007-06-14 | 2008-10-08 | 北京大学 | Method for protection of encipherment of digital document as well as client terminal equipment |
| CN102404337A (en) * | 2011-12-13 | 2012-04-04 | 华为技术有限公司 | Data encryption method and device |
| CN102495986A (en) * | 2011-12-15 | 2012-06-13 | 上海中标凌巧软件科技有限公司 | Calling control method for avoiding embezzlement of enciphered data in computer system |
| CN103235906A (en) * | 2013-03-27 | 2013-08-07 | 广东欧珀移动通信有限公司 | Method and device for encrypting and decrypting application program |
-
2014
- 2014-07-09 CN CN201410330910.6A patent/CN105303070A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1561025A (en) * | 2004-03-03 | 2005-01-05 | 北京北大方正电子有限公司 | Method of binding digital contents and hardware with hardward adaptive |
| CN101142599A (en) * | 2004-09-17 | 2008-03-12 | 英华达股份有限公司 | Digital rights management system based on hardware identification |
| US20080022134A1 (en) * | 2006-07-24 | 2008-01-24 | Michael Sujue Wang | Secure Data Storage for Protecting Digital Content |
| CN101282214A (en) * | 2007-06-14 | 2008-10-08 | 北京大学 | Method for protection of encipherment of digital document as well as client terminal equipment |
| CN102404337A (en) * | 2011-12-13 | 2012-04-04 | 华为技术有限公司 | Data encryption method and device |
| CN102495986A (en) * | 2011-12-15 | 2012-06-13 | 上海中标凌巧软件科技有限公司 | Calling control method for avoiding embezzlement of enciphered data in computer system |
| CN103235906A (en) * | 2013-03-27 | 2013-08-07 | 广东欧珀移动通信有限公司 | Method and device for encrypting and decrypting application program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103210396B (en) | Comprise the method and apparatus of the framework for the protection of sensitive code and data | |
| KR101135145B1 (en) | Secure Multimedia Card, Rights object issue method and apparatus for using digital contents | |
| JP5786670B2 (en) | Information processing apparatus, information storage apparatus, information processing system, information processing method, and program | |
| RU2452007C2 (en) | Device and method for backup of rights objects | |
| EP1630998A1 (en) | User terminal for receiving license | |
| JP2009266248A (en) | Content security method for providing long-term renewable security, device thereof and computer readable storage medium | |
| WO2008085917A2 (en) | Token passing technique for media playback devices | |
| KR20110055510A (en) | Backing up digital content that is stored in a secured storage device | |
| CN102461114A (en) | Method for performing double domain encryption a memory device | |
| CN101578608B (en) | Methods and apparatuses for accessing content based on a session ticket | |
| US9390030B2 (en) | Information processing device, information storage device, information processing system, information processing method, and program | |
| CN109145617B (en) | Block chain-based digital copyright protection method and system | |
| KR101447194B1 (en) | Apparatus and method for Sharing DRM Agents | |
| CN101923616A (en) | Service provision device in copyright protection, user terminal and copyright protection method | |
| CN103888475A (en) | Method and device for protecting multimedia data | |
| KR20020070689A (en) | The Installing and Executing Method To Use The Chiper Key | |
| JP2013109399A (en) | Information processing device, information storage device, information processing system, and information processing method, and program | |
| CN102063590B (en) | Copyright protecting method and device for publishing digital film and television by reproducible storage equipment | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN101123105B (en) | Device and system for host | |
| CN105303070A (en) | Copyright protection method for offline data | |
| KR20020081762A (en) | Security service method for digital content and system therefor | |
| KR20090063383A (en) | Digital rights management conversion system and controlling method for the same | |
| KR20040061827A (en) | Compact disc software protecting system and method therefor | |
| KR20130094155A (en) | System and method for digital right management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160203 |
|
| WD01 | Invention patent application deemed withdrawn after publication |