[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114880629B - Content copyright protection method for distributed open environment - Google Patents

Content copyright protection method for distributed open environment Download PDF

Info

Publication number
CN114880629B
CN114880629B CN202210508197.4A CN202210508197A CN114880629B CN 114880629 B CN114880629 B CN 114880629B CN 202210508197 A CN202210508197 A CN 202210508197A CN 114880629 B CN114880629 B CN 114880629B
Authority
CN
China
Prior art keywords
content
node
user
license
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210508197.4A
Other languages
Chinese (zh)
Other versions
CN114880629A (en
Inventor
朱先忠
师文轩
辛慧洋
吴光硕
黄德军
王卓君
常文超
王文鹏
郭东爽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nankai University
Original Assignee
Nankai University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nankai University filed Critical Nankai University
Publication of CN114880629A publication Critical patent/CN114880629A/en
Application granted granted Critical
Publication of CN114880629B publication Critical patent/CN114880629B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开一种分布式开放环境的内容版权保护方法,由内容链的认证许可结点应来自不同请求方的密钥请求生成相应的密钥分发给对应的请求方,不同的请求方利用分到的密钥根据其属性进行加密、解密操作;所述密钥包括内容加密密钥、用户身份公私钥、设备公私钥、结点公私钥;读者在发布系统购买内容对象数据时,发布系统使用用户公钥加密后的内容加密密钥形成用户内容许可,许可认证结点使用设备公钥对用户内容许可加密后形成用户阅读内容许可;当用户想获取已购买的内容对象数据时,由许可认证结点验证用户的交易记录并放发用户阅读内容许可,用户通过用户阅读内容许可来解密阅读。本发明使得分布式开放环境存储的内容版权的安全性大大提升。

The present invention discloses a content copyright protection method for a distributed open environment. The authentication and licensing node of a content chain generates corresponding keys in response to key requests from different requesting parties and distributes them to corresponding requesting parties. Different requesting parties use the keys allocated to them to perform encryption and decryption operations according to their attributes. The keys include content encryption keys, user identity public and private keys, device public and private keys, and node public and private keys. When a reader purchases content object data in a publishing system, the publishing system uses the content encryption key encrypted by the user public key to form a user content license. The license authentication node uses the device public key to encrypt the user content license to form a user reading content license. When a user wants to obtain the purchased content object data, the license authentication node verifies the user's transaction record and issues the user reading content license. The user decrypts and reads the content through the user reading content license. The present invention greatly improves the security of content copyright stored in a distributed open environment.

Description

一种分布式开放环境的内容版权保护方法A content copyright protection method for distributed open environment

技术领域Technical Field

本发明涉及版权保护技术领域,特别是涉及一种分布式开放环境的内容版权保护方法。The present invention relates to the technical field of copyright protection, and in particular to a content copyright protection method in a distributed open environment.

背景技术Background technique

在传统内容版权保护方法,内容存储在服务端,客户端只能实时获取内容,且由于平台对用户版权内容的单一控制,当服务端出现故障或者平台所对应的版权公司停止服务时,用户已购买的版权内容得不到保证。In traditional content copyright protection methods, content is stored on the server side, and the client can only obtain content in real time. In addition, due to the platform's sole control over user copyright content, when the server side fails or the copyright company corresponding to the platform stops providing services, the copyright content purchased by the user cannot be guaranteed.

为了解决以上问题,现有一些技术将分布式自治网络应用于内容版权领域,对内容版权进行分布式管理,以此来保护内容版权不受侵害。然而,内容对象数据本身是开放存取的,任何人都可获取到,且针对从内容发布、内容获取到内容阅读整个流程来解决内容版权保护的研究方案较少。In order to solve the above problems, some existing technologies apply distributed autonomous networks to the field of content copyright and manage content copyright in a distributed manner to protect content copyright from infringement. However, the content object data itself is open access and can be obtained by anyone, and there are few research solutions to solve the content copyright protection problem in the entire process from content publishing, content acquisition to content reading.

除此之外,内容及其密钥在存储时的安全性与完整性以及内容加密密钥在传输过程中的安全性也是在内容版权保护中面临的挑战;In addition, the security and integrity of content and its encryption keys during storage, as well as the security of content encryption keys during transmission, are also challenges faced in content copyright protection;

因此,针对以上问题,有必要提出一种分布式内容版权保护方法。Therefore, in response to the above problems, it is necessary to propose a distributed content copyright protection method.

发明内容Summary of the invention

本发明的目的是针对现有技术中存在的技术缺陷,而提供一种分布式开放环境的内容版权保护方法。The purpose of the present invention is to provide a content copyright protection method in a distributed open environment in view of the technical defects existing in the prior art.

为实现本发明的目的所采用的技术方案是:The technical solution adopted to achieve the purpose of the present invention is:

一种分布式开放环境的内容版权保护方法,由内容链的认证许可结点响应来自不同请求方的密钥请求,生成相应的密钥分发给对应的请求方,不同的请求方利用分到的密钥根据其属性进行加密、解密操作;所述密钥包括:A content copyright protection method in a distributed open environment, wherein the authentication and permission node of the content chain responds to key requests from different requesters, generates corresponding keys and distributes them to the corresponding requesters, and different requesters use the keys to perform encryption and decryption operations according to their attributes; the keys include:

内容加密密钥,用于对版权内容对象数据加密;Content encryption key, used to encrypt copyright content object data;

用户身份公私钥,用于用户阅读时对读者身份认证,对读者授权,用户公钥用于加密内容加密密钥,若读者拥有对某一内容对象数据的使用权,则使用用户私钥解密出内容加密密钥,对内容对象数据解密阅读;The user's public and private keys are used to authenticate the reader's identity and authorize the reader when reading. The user's public key is used to encrypt the content encryption key. If the reader has the right to use a certain content object data, the user's private key is used to decrypt the content encryption key and decrypt the content object data for reading;

设备公私钥,用于对用户阅读版权内容的设备认证、授权,被授权的设备可对版权内容阅读,设备公钥用于加密内容加密密钥,读者使用阅读设备阅读时,许可认证结点认证通过的设备使用设备私钥可解密内容加密密钥;The public and private keys of the device are used to authenticate and authorize the device that the user uses to read copyrighted content. The authorized device can read copyrighted content. The public key of the device is used to encrypt the content encryption key. When the reader uses the reading device to read, the device that has passed the authentication of the license authentication node can use the device private key to decrypt the content encryption key.

结点公私钥,用于内容链结点在共识过程中的身份认证,包括结点对交易进行签名以及验证,结点公钥用于对交易验证,结点私钥在结点发起交易时对交易信息进行签名,读者购买内容对象数据的交易信息由内容链其他结点同步至许可认证结点;The node public and private keys are used for identity authentication of content chain nodes in the consensus process, including signing and verifying transactions by nodes. The node public key is used to verify transactions, and the node private key is used to sign transaction information when the node initiates a transaction. The transaction information of readers purchasing content object data is synchronized from other nodes in the content chain to the license authentication node;

同时,读者在发布系统购买内容对象数据时,发布系统使用用户公钥加密后的内容加密密钥形成用户内容许可,许可认证结点使用设备公钥对用户内容许可加密后形成用户阅读内容许可。At the same time, when readers purchase content object data in the publishing system, the publishing system uses the content encryption key encrypted with the user's public key to form a user content license, and the license authentication node uses the device public key to encrypt the user content license to form a user reading content license.

其中,所述密钥生成后,采用不同存储策略,实现安全存储;密钥存储策略如下:After the key is generated, different storage strategies are adopted to achieve secure storage; the key storage strategies are as follows:

用户身份公私钥:由读者个人保存,同时采用用户的用户名及口令生成对称密钥,使用该对称密钥对用户身份公私钥加密存储于认证许可结点;User identity public and private keys: saved by the reader personally, and a symmetric key is generated using the user's username and password. The symmetric key is used to encrypt the user identity public and private keys and store them in the authentication permission node;

结点公私钥、设备公私钥:结点公私钥、设备公私钥分别由结点以及设备保存,同时许可认证结点中存储结点及设备的公钥;Node public and private keys, device public and private keys: Node public and private keys, device public and private keys are stored by the node and device respectively, and the public keys of the node and device are stored in the authentication node;

内容加密密钥:由发布系统保存;Content encryption key: saved by the publishing system;

用户内容许可:由许可认证结点保存。User content permission: saved by the permission authentication node.

其中,所述的密钥分发策略如下:The key distribution strategy is as follows:

用户身份公私钥分发:阅读器用户注册时,向许可认证结点申请用户身份公私钥;读者阅读时,阅读器中若无用户私钥,向许可认证结点申请发送用户私钥,许可认证结点验证用户身份成功后,将用户私钥返回给阅读端;User identity public and private key distribution: When a reader user registers, he/she applies for the user identity public and private keys from the license authentication node; when the reader reads, if there is no user private key in the reader, he/she applies to the license authentication node to send the user private key. After the license authentication node successfully verifies the user identity, it returns the user private key to the reader;

结点公私钥分发:当内容链其他结点加入内容链时,向许可认证结点发送结点认证请求,许可认证结点为要加入的内容链结点生成结点公私钥,并将结点公私钥返回给内容链结点;Node public and private key distribution: When other nodes in the content chain join the content chain, they send a node authentication request to the license authentication node. The license authentication node generates node public and private keys for the content chain node to be added, and returns the node public and private keys to the content chain node;

设备公私钥分发:用户使用新阅读设备时,阅读端向许可认证结点申请设备公私钥,此时许可认证结点对新阅读设备认证,认证通过后将设备公私钥返回给新阅读端;Distribution of device public and private keys: When a user uses a new reading device, the reading terminal applies for the device public and private keys from the license authentication node. At this time, the license authentication node authenticates the new reading device and returns the device public and private keys to the new reading terminal after the authentication is passed;

内容加密密钥分发:发布者上传内容时,发布系统连接的内容链中的发布结点向许可认证结点申请内容加密密钥,许可认证结点接受请求后将内容加密密钥返回给发布结点,发布结点再将内容加密密钥返回给发布系统;Content encryption key distribution: When a publisher uploads content, the publishing node in the content chain connected to the publishing system applies to the license authentication node for the content encryption key. After accepting the request, the license authentication node returns the content encryption key to the publishing node, and the publishing node returns the content encryption key to the publishing system.

用户内容许可分发:读者购买内容对象数据时,发布系统生成用户内容许可,并将此用户内容许可通过发布系统连接的发布结点发送给许可认证结点保存;User content license distribution: When a reader purchases content object data, the publishing system generates a user content license and sends the user content license to the license authentication node for storage through the publishing node connected to the publishing system;

用户阅读内容许可分发:读者阅读已购买的内容对象数据时,许可认证结点生成用户阅读内容许可并将用户阅读内容许可返回给读者。Distribution of user reading content permission: When a reader reads the purchased content object data, the permission authentication node generates a user reading content permission and returns the user reading content permission to the reader.

其中,在密钥分发时,许可认证结点将生成的密钥使用自身的私钥进行签名,当接收端收到密钥之后,使用许可认证结点的公钥对收到的密钥验证,以验证该密钥是否由许可认证结点分发。Among them, when distributing keys, the license authentication node will sign the generated key with its own private key. When the receiving end receives the key, it uses the public key of the license authentication node to verify whether the key is distributed by the license authentication node.

其中,发布结点在对内容对象数据发布时,利用收到的内容加密密钥对版权内容对象数据进行加密,并将版权内容对象数据存储于发布结点中,并将版权内容对象数据备份存储于另外两个内容链的结点中,实现以三备份的形式将同一内容对象数据分布式存储在内容链的三个结点中。Among them, when the publishing node publishes the content object data, it uses the received content encryption key to encrypt the copyright content object data, and stores the copyright content object data in the publishing node, and stores the copyright content object data in the nodes of the other two content chains, thereby realizing the distributed storage of the same content object data in the three nodes of the content chain in the form of three backups.

其中,当用户想获取已购买的内容对象数据时,由许可认证结点验证用户的交易记录并分发用户阅读内容许可,用户通过用户阅读内容许可来解密阅读。When a user wants to obtain the purchased content object data, the license authentication node verifies the user's transaction record and distributes the user's content reading license, and the user decrypts and reads the content through the user's content reading license.

其中,用户获取已购买的内容对象数据的步骤,包括:The step of the user obtaining the purchased content object data includes:

获取许可头:阅读器向许可认证结点发起获取许可头的请求,许可认证结点接收到请求后,根据从内容链中其他结点同步的交易数据,验证用户是否有获取权限,验证通过后,将内容对应的用户内容许可利用设备公钥进行非对称加密,得到用户阅读内容许可,作为许可头返回给阅读器;Get the license header: The reader initiates a request to the license authentication node to obtain the license header. After receiving the request, the license authentication node verifies whether the user has the access permission based on the transaction data synchronized from other nodes in the content chain. After the verification is passed, the user content license corresponding to the content is asymmetrically encrypted using the device public key to obtain the user's content reading permission, which is returned to the reader as the license header;

获取许可体:阅读器从内容链的内容结点中获取内容对象数据,阅读器首先从内容链结点中获取存储内容的结点id,然后根据结点id访问对应的内容结点,获取加密后的内容对象数据;Obtaining the license body: The reader obtains the content object data from the content node of the content chain. The reader first obtains the node ID of the content storage from the content chain node, and then accesses the corresponding content node according to the node ID to obtain the encrypted content object data;

用户收到许可头之后,使用设备私钥及用户私钥进行解密,得到原始的内容加密密钥,用该内容加密密钥来解密许可体中的内容对象数据。After receiving the license header, the user uses the device private key and the user private key to decrypt it, obtains the original content encryption key, and uses the content encryption key to decrypt the content object data in the license body.

其中,许可认证结点与阅读器、用户、内容链其它结点、数据库、发布结点的交互流程具体是:The specific interaction process between the license authentication node and the reader, user, other nodes in the content chain, database, and publishing node is:

1)阅读器用户注册时,将注册信息表单提交给许可认证结点注册认证;阅读器向许可认证结点获取用户私钥;阅读器向许可认证结点发起设备许可认证;读者在阅读端读取内容时,没有内容许可的情况下,向许可认证结点发起内容许可认证请求;1) When the reader user registers, the registration information form is submitted to the license authentication node for registration authentication; the reader obtains the user's private key from the license authentication node; the reader initiates device license authentication to the license authentication node; when the reader reads content at the reading end, if there is no content license, it initiates a content license authentication request to the license authentication node;

2)许可认证结点验证用户信息,查看是否符合注册要求并将用户身份公私钥返回给用户;许可认证结点验证用户信息后,将用户私钥返回;对设备许可认证后,将设备公私钥返回;许可认证结点根据交易记录验证用户是否具有内容许可权限,验证通过,将用户阅读内容公私钥返回;2) The license authentication node verifies the user information, checks whether it meets the registration requirements and returns the user's public and private keys to the user; after verifying the user information, the license authentication node returns the user's private key; after verifying the device license, the device public and private keys are returned; the license authentication node verifies whether the user has the content license authority based on the transaction record, and if the verification is successful, the user's public and private keys for reading content are returned;

3)内容链其他结点向许可认证结点申请结点公私钥,并将交易记录同步给许可认证结点;许可认证结点将生成的结点公私钥加密返回给内容链其他结点;3) Other nodes in the content chain apply to the license authentication node for the node public and private keys, and synchronize the transaction records to the license authentication node; the license authentication node encrypts the generated node public and private keys and returns them to other nodes in the content chain;

4)许可认证结点向数据库增删改查用户身份公私钥、结点公私钥、设备公私钥、内容加密密钥、用户内容许可信息;数据库执行对应操作并将结果返回;4) The license authentication node adds, deletes, modifies, and queries the user identity public and private keys, node public and private keys, device public and private keys, content encryption keys, and user content license information to the database; the database performs the corresponding operations and returns the results;

5)发布者发布内容时,发布系统连接的发布结点向许可认证结点申请内容ID和内容加密密钥;许可认证结点生成对应内容ID和内容加密密钥后,返回给发布结点,发布结点再将内容ID及内容加密密钥返回给连接的发布系统,由发布系统进行保存。5) When the publisher publishes content, the publishing node connected to the publishing system applies for the content ID and content encryption key from the licensing authentication node; after the licensing authentication node generates the corresponding content ID and content encryption key, it returns them to the publishing node, and the publishing node then returns the content ID and content encryption key to the connected publishing system, which will be saved by the publishing system.

本发明提供的分布式开放环境的内容版权保护方法,通过对版权内容分布式存储,解决平台对用户版权内容的单一控制。The content copyright protection method in a distributed open environment provided by the present invention solves the problem of a platform's single control over user copyright content by distributing the copyright content.

本发明提供安全的钥管理机制,管理内容版权保护过程中相关的密钥,包括用户身份公私钥、结点公私钥、设备公私钥、内容加密密钥、用户内容许可、用户阅读内容许可。The present invention provides a secure key management mechanism to manage the relevant keys in the content copyright protection process, including user identity public and private keys, node public and private keys, device public and private keys, content encryption keys, user content licenses, and user content reading licenses.

本发明提供安全的密钥保存和分发机制,通过采用不同存储策略,保证密钥在存储和传输过程中安全可靠,且密钥生成采用集中方式(即许可认证结点)生成,所有站点共享,解决分布式站点密钥生成安全性弱的不足。The present invention provides a secure key storage and distribution mechanism. By adopting different storage strategies, it ensures that the key is safe and reliable during storage and transmission. The key is generated in a centralized manner (i.e., a licensed authentication node) and shared by all sites, thus solving the problem of weak security of key generation in distributed sites.

本发明通过对内容对象数据进行加密存储以及完整性验证,实现了内容本身的安全性与可靠性;通过内容许可认证方法,保证了用户必须获得授权后才能使用内容。The present invention realizes the security and reliability of the content itself by encrypting and storing the content object data and verifying its integrity; and ensures that the user can use the content only after obtaining authorization through the content license authentication method.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明实施例的许可认证结点与其他结点交互图。FIG. 1 is a diagram showing the interaction between a license authentication node and other nodes according to an embodiment of the present invention.

图2是本发明实施例的许可认证结点密钥存储及分发结构图。FIG. 2 is a diagram showing a structure of storage and distribution of license authentication node keys according to an embodiment of the present invention.

图3是本发明实施例的内容许可认证流程图。FIG. 3 is a flow chart of content license authentication according to an embodiment of the present invention.

具体实施方式Detailed ways

以下结合附图和具体实施例对本发明作进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention and are not used to limit the present invention.

本发明实施例中,结点表示相互通信连接而形成数字内容链网络的多个单元结构,多个构成内容链的单元结构间相互通信,形成网络结构,与传统区块链中顺序排列的节点的含义存在区别。In the embodiment of the present invention, a node represents a plurality of unit structures that are interconnected to form a digital content chain network. The plurality of unit structures constituting the content chain communicate with each other to form a network structure, which is different from the meaning of the sequentially arranged nodes in the traditional blockchain.

本发明实施例的分布式开放环境的内容版权保护方法,通过一个内容链实现,该内容链是一个吸收了分布式自治网络优点的、面向内容分发的服务网络,该内容链包括有许可认证结点以及其它结点,如用于存储内容对象数据的内容结点,内容链中的其他结点向许可认证结点同步交易记录,许可认证结点根据交易记录验证用户是否具有内容许可权限。The content copyright protection method of the distributed open environment of the embodiment of the present invention is implemented through a content chain, which is a service network oriented to content distribution and absorbs the advantages of a distributed autonomous network. The content chain includes a license authentication node and other nodes, such as a content node for storing content object data. Other nodes in the content chain synchronize transaction records with the license authentication node, and the license authentication node verifies whether the user has content licensing authority based on the transaction records.

在该内容链中,设立内容结点存储版权内容对象数据,版权内容对象数据可以三备份的形式存储在内容结点中。版权内容元数据以及存储版权内容对象数据的内容结点id,通过在内容链中达成共识的方式存储在结点的区块中,从而实现版权内容的分布式存储。In the content chain, content nodes are set up to store copyright content object data, and the copyright content object data can be stored in the content node in the form of three copies. Copyright content metadata and content node IDs storing copyright content object data are stored in the node blocks by reaching a consensus in the content chain, thereby realizing distributed storage of copyright content.

本发明实施例的分布式内容版权保护方法,基于上述的内容链中的许可认证结点进行实现对分布式存储的版权内容的有效保护。The distributed content copyright protection method of the embodiment of the present invention implements effective protection of distributed stored copyright content based on the license authentication node in the above-mentioned content chain.

为了实现有效保护这种分布式开放环境的内容版权,本发明实施例提供一种密钥保护机制,包括以下几种类型的密钥及许可:In order to effectively protect the content copyright in such a distributed open environment, an embodiment of the present invention provides a key protection mechanism, including the following types of keys and licenses:

用户身份公私钥:用户身份公私钥是非对称密钥,用户身份公私钥中的公钥称为用户公钥,用户身份公私钥中的私钥称为用户私钥。User identity public and private keys: User identity public and private keys are asymmetric keys. The public key in the user identity public and private keys is called the user public key, and the private key in the user identity public and private keys is called the user private key.

结点公私钥:结点公私钥是非对称密钥,由内容链其他结点的公私钥对组成,结点公私钥中的公钥称为结点公钥,结点公私钥中的私钥称为结点私钥。Node public and private keys: Node public and private keys are asymmetric keys, consisting of the public and private key pairs of other nodes in the content chain. The public key in the node public and private keys is called the node public key, and the private key in the node public and private keys is called the node private key.

设备公私钥:设备公私钥是非对称密钥,设备公私钥中的公钥称为设备公钥,设备公私钥中的私钥称为设备私钥。Device public and private keys: Device public and private keys are asymmetric keys. The public key in the device public and private keys is called the device public key, and the private key in the device public and private keys is called the device private key.

内容加密密钥:内容链加密密钥为对称密钥,用于对内容对象数据加密。Content encryption key: The content chain encryption key is a symmetric key used to encrypt content object data.

用户内容许可:将使用用户公钥对内容加密密钥进行加密之后的结果称为内容用户许可。User content license: The result of encrypting the content encryption key with the user's public key is called a content user license.

用户阅读内容许可:将使用设备公钥对用户内容许可加密之后的结果称为用户阅读内容许可。User content reading permission: The result of encrypting the user content permission using the device public key is called the user content reading permission.

其中,内容加密密钥选取加密速度快,适合于加密大量数据的对称密钥,在版权内容对象数据存储时对版权内容对象数据进行对称加密。用户及设备公私钥选取安全性更高的非对称密钥,用户及设备公钥用于加密内容加密密钥,用户及设备私钥则用于具有权限的读者及设备解密出内容加密密钥,并使用解密出的内容加密密钥对版权内容进行解密阅读;结点公私钥同样选取非对称密钥,私钥用于结点发起交易时对交易信息进行签名,公钥则用于对交易信息进行验签。Among them, the content encryption key selects a symmetric key with fast encryption speed and suitable for encrypting large amounts of data, and symmetrically encrypts the copyright content object data when the copyright content object data is stored. The user and device public and private keys select asymmetric keys with higher security. The user and device public keys are used to encrypt the content encryption key, and the user and device private keys are used by authorized readers and devices to decrypt the content encryption key, and use the decrypted content encryption key to decrypt and read the copyright content; the node public and private keys also select asymmetric keys. The private key is used to sign the transaction information when the node initiates the transaction, and the public key is used to verify the signature of the transaction information.

其中,内容加密密钥用于对版权内容对象数据加密,保证版权内容对象数据在存储与传输过程中的安全性;The content encryption key is used to encrypt copyright content object data to ensure the security of copyright content object data during storage and transmission;

其中,用户身份公私钥用于用户在阅读时对读者进行身份认证,对读者进行授权,若读者拥有对某一内容对象数据的使用权,则可以使用用户私钥对内容对象数据进行解密阅读,从而起到对内容版权保护的作用。Among them, the user's public and private keys are used to authenticate the reader's identity and authorize the reader when reading. If the reader has the right to use a certain content object data, the user's private key can be used to decrypt and read the content object data, thereby protecting the content copyright.

其中,设备公私钥用于对用户用于阅读版权内容的设备进行认证、授权,被授权的设备可对版权内容进行阅读,防止未授权的设备恶意获取版权内容,保护版权内容的安全性。读者使用阅读设备进行阅读时,经许可认证结点认证通过的设备,使用设备私钥可解密内容加密密钥。Among them, the public and private keys of the device are used to authenticate and authorize the device used by the user to read the copyrighted content. The authorized device can read the copyrighted content, preventing unauthorized devices from maliciously obtaining the copyrighted content and protecting the security of the copyrighted content. When readers use the reading device to read, the device that has been authenticated by the license authentication node can use the device private key to decrypt the content encryption key.

其中,结点公私钥用于内容链结点在共识过程中的身份认证,包括结点对交易进行签名以及验证,保证加入内容链的结点安全可靠,由于读者购买内容的交易信息由内容链其他结点同步至许可认证结点,因此保证了用户交易信息的安全可靠。Among them, the node public and private keys are used for identity authentication of content chain nodes in the consensus process, including signing and verifying transactions by nodes, to ensure the safety and reliability of nodes joining the content chain. Since the transaction information of readers purchasing content is synchronized from other nodes in the content chain to the licensing authentication node, the safety and reliability of user transaction information is guaranteed.

本发明实施例中,许可认证结点与内容链的有关各个角色(包括阅读器、用户、除许可认证结点外的内容链其它结点、数据库、发布结点)之间的交互流程如图1所示:In the embodiment of the present invention, the interaction process between the license authentication node and various roles related to the content chain (including readers, users, other nodes of the content chain except the license authentication node, database, and publishing node) is shown in FIG1:

1)阅读器用户注册时,将注册信息表单提交给许可认证结点进行注册认证;阅读器向许可认证结点获取用户私钥;阅读器向许可认证结点发起设备许可认证;读者在阅读端读取内容时,在没有内容许可的情况下,向许可认证结点发起内容许可认证请求。1) When a reader user registers, the registration information form is submitted to the license authentication node for registration authentication; the reader obtains the user's private key from the license authentication node; the reader initiates device license authentication to the license authentication node; when the reader reads content at the reading end, if there is no content license, it initiates a content license authentication request to the license authentication node.

2)许可认证结点验证用户信息,查看是否符合注册要求并将用户身份公私钥返回给用户;许可认证结点验证用户信息后,将用户私钥返回;对设备进行许可认证后,将设备公私钥返回;许可认证结点根据交易记录验证用户是否具有内容许可权限,验证通过,将用户阅读内容公私钥返回。2) The license authentication node verifies the user information, checks whether it meets the registration requirements and returns the user's public and private keys to the user; after verifying the user information, the license authentication node returns the user's private key; after authenticating the device, the device's public and private keys are returned; the license authentication node verifies whether the user has content licensing authority based on transaction records, and if the verification is successful, the user's public and private keys for reading content are returned.

3)内容链其他结点向许可认证结点申请结点公私钥;内容链其他结点将交易记录同步给许可认证结点。3) Other nodes in the content chain apply to the license authentication node for the node public and private keys; other nodes in the content chain synchronize the transaction records to the license authentication node.

4)许可认证结点将生成的结点公私钥加密返回给内容链其他结点。4) The license authentication node encrypts the generated node public and private keys and returns them to other nodes in the content chain.

5)许可认证结点向数据库增删改查用户身份公私钥、结点公私钥、设备公私钥、内容加密密钥、用户内容许可等信息。5) The license authentication node adds, deletes, modifies and queries user identity public and private keys, node public and private keys, device public and private keys, content encryption keys, user content licenses and other information to the database.

6)数据库执行对应操作并将结果返回。6) The database executes the corresponding operation and returns the result.

7)发布者发布内容时,发布系统连接的发布结点向许可认证结点申请内容ID和内容加密密钥。7) When the publisher publishes content, the publishing node connected to the publishing system applies for the content ID and content encryption key from the license authentication node.

8)许可认证结点生成对应内容ID和密钥后,返回给发布结点,发布结点再将内容ID及内容加密密钥返回给连接的发布系统,由发布系统进行保存。8) After the license authentication node generates the corresponding content ID and key, it returns it to the publishing node. The publishing node then returns the content ID and content encryption key to the connected publishing system, which will be saved by the publishing system.

其中,所述发布结点为发布系统连接的内容链其它结点中用于发布内容的一个结点。发布结点与备份存储内容对象数据的结点可以称为内容结点,即存储内容对象数据的结点。The publishing node is a node for publishing content among other nodes in the content chain connected to the publishing system. The publishing node and the node for backing up and storing content object data can be called content nodes, that is, nodes for storing content object data.

其中,本发明实施例中,许可认证结点管理内容版权保护过程中相关的密钥,包括用户身份公私钥、结点公私钥、设备公私钥以及内容加密密钥。Among them, in the embodiment of the present invention, the license authentication node manages the relevant keys in the content copyright protection process, including user identity public and private keys, node public and private keys, device public and private keys and content encryption keys.

本发明实施例中,根据内容版权保护中的不同需求,由许可认证结点为版权内容、用户、设备、结点生成对应的上述密钥。In the embodiment of the present invention, according to different requirements in content copyright protection, the license authentication node generates the corresponding keys for copyright content, users, devices, and nodes.

本发明实施例中,针对不同的密钥,在密钥生成后,采用不同存储策略,实现安全稳定存储,来保证公私钥存储的安全性问题。In the embodiment of the present invention, for different keys, different storage strategies are adopted after the keys are generated to achieve safe and stable storage to ensure the security of public and private key storage.

不同的密钥存储策略如下:The different key storage strategies are as follows:

用户身份公私钥:读者获取到用户身份公私钥后,由读者个人存储在本地,此时用户私钥可能存在丢失风险。在许可认证结点中存储读者的用户身份公私钥,而数据库可能存在安全性隐患,因此认证许可结点存储公私钥时需加密存储。具体的,用户身份公私钥的具体存储方法为:采用用户的用户名及口令生成对称密钥,使用该对称密钥对用户身份公私钥进行加密存储于认证许可结点。User identity public and private keys: After the reader obtains the user identity public and private keys, the reader stores them locally. At this time, the user private key may be lost. The reader's user identity public and private keys are stored in the license authentication node, and the database may have security risks. Therefore, the authentication and permission nodes need to encrypt the public and private keys when storing them. Specifically, the specific storage method of the user identity public and private keys is: use the user's username and password to generate a symmetric key, and use the symmetric key to encrypt the user identity public and private keys and store them in the authentication and permission node.

结点公私钥、设备公私钥:由于结点公私钥以及设备公私钥非个人保存,存储于结点及设备,不易丢失,因此在许可认证结点中只需存储结点及设备的公钥即可。Node public and private keys, device public and private keys: Since node public and private keys and device public and private keys are not kept by individuals but stored in nodes and devices and are not easily lost, only the public keys of nodes and devices need to be stored in the licensing authentication node.

内容加密密钥:当内容加密密钥分发给发布系统后,发布系统可自主决定对内容的发布、出售及下架,同时为了避免当许可认证结点遭受攻击时,内容加密密钥的泄露对内容对象数据带来巨大的损失,许可认证结点在生成内容加密密钥后,由发布系统保存内容加密密钥。Content encryption key: After the content encryption key is distributed to the publishing system, the publishing system can independently decide on the publication, sale and removal of the content. At the same time, in order to avoid the leakage of content encryption keys when the license authentication node is attacked, which will cause huge losses to the content object data, the content encryption key is saved by the publishing system after the license authentication node generates it.

用户内容许可:当读者在发布系统购买内容对象数据时,发布系统通过连接的发布结点将使用用户公钥加密后的内容加密密钥作为用户内容许可发送给许可认证结点,由许可认证结点进行保存。User content license: When a reader purchases content object data in the publishing system, the publishing system will send the content encryption key encrypted with the user's public key as the user content license to the license authentication node through the connected publishing node, which will be saved by the license authentication node.

本发明实施例中,为了实现有效保护,在认证许可结点生成相应的密钥后,通过以下流程进行密钥分发:各模块或各端向许可认证结点请求密钥,许可认证结点验证,如果密钥已存在,从数据库中读取密钥,将结果返回,否则按规则生成相应的密钥并将结果返回。In an embodiment of the present invention, in order to achieve effective protection, after the authentication and permission node generates the corresponding key, the key is distributed through the following process: each module or each end requests a key from the permission authentication node, and the permission authentication node verifies it. If the key already exists, the key is read from the database and the result is returned; otherwise, the corresponding key is generated according to the rules and the result is returned.

具体的,密钥分发策略如下:Specifically, the key distribution strategy is as follows:

用户身份公私钥分发:阅读器用户注册时,向许可认证结点申请用户身份公私钥;读者阅读时,阅读器中若无用户私钥,需向许可认证结点申请发送用户私钥,许可认证结点验证用户身份成功后,将用户私钥返回给阅读端。Distribution of user identity public and private keys: When a reader user registers, he/she applies for the user identity public and private keys from the license authentication node; when the reader reads, if there is no user private key in the reader, he/she needs to apply to the license authentication node to send the user private key. After the license authentication node successfully verifies the user identity, it returns the user private key to the reader.

结点公私钥分发:当内容链其他结点要加入内容链时,向许可认证结点发送结点认证请求,许可认证结点为内容链结点生成结点公私钥,并将结点公私钥返回给内容链结点。Node public and private key distribution: When other nodes in the content chain want to join the content chain, they send a node authentication request to the licensing authentication node. The licensing authentication node generates node public and private keys for the content chain node and returns the node public and private keys to the content chain node.

设备公私钥分发:用户使用新阅读设备时,阅读端需向许可认证结点申请设备公私钥,此时许可认证结点对设备进行认证,认证通过后将设备公私钥返回给阅读端。Distribution of device public and private keys: When a user uses a new reading device, the reading end needs to apply for the device public and private keys from the licensing authentication node. At this time, the licensing authentication node authenticates the device and returns the device public and private keys to the reading end after the authentication is passed.

内容加密密钥分发:发布者上传内容时,发布系统通过连接的发布结点向许可认证结点申请内容加密密钥,许可认证结点接受请求后将内容加密密钥返回。Content encryption key distribution: When the publisher uploads content, the publishing system applies for the content encryption key from the license authentication node through the connected publishing node. The license authentication node returns the content encryption key after accepting the request.

用户内容许可分发:读者购买内容对象数据时,发布系统生成用户内容许可,并将生成的用户内容许可通过发布系统连接的发布结点发送给许可认证结点进行保存。User content license distribution: When a reader purchases content object data, the publishing system generates a user content license and sends the generated user content license to the license authentication node through the publishing node connected to the publishing system for storage.

用户阅读内容许可分发:当读者阅读已购买的内容对象数据时,许可认证结点生成用户阅读内容许可,并将其返回给读者。Distribution of user reading content permission: When a reader reads the purchased content object data, the permission authentication node generates a user reading content permission and returns it to the reader.

需要说明的是,本发明实施例中,在密钥分发时,许可认证结点将生成的密钥使用自身的私钥进行签名,当接收端收到密钥之后,可使用许可认证结点的公钥对收到的密钥验证,以确保该密钥是由许可认证结点分发,保证密钥的可靠性。It should be noted that, in the embodiment of the present invention, when distributing keys, the license authentication node will sign the generated key using its own private key. After the receiving end receives the key, it can use the public key of the license authentication node to verify the received key to ensure that the key is distributed by the license authentication node, thereby ensuring the reliability of the key.

通过以上的密钥分发技术,当不同模块需要相应密钥时,许可认证结点根据不同的密钥分发策略向对应模块发送密钥,实现安全快捷的密钥分发方法,保证许密钥传输过程中的安全性。Through the above key distribution technology, when different modules need corresponding keys, the license authentication node sends keys to the corresponding modules according to different key distribution strategies, realizing a safe and fast key distribution method and ensuring the security of the license key transmission process.

本发明实施例中,在版权内容对象数据加密存储时,使用许可认证结点生成的内容加密密钥以三备份的形式进行加密存储,保证内容对象数据本身的安全性。In the embodiment of the present invention, when the copyrighted content object data is encrypted and stored, the content encryption key generated by the license authentication node is used to encrypt and store in the form of three backups to ensure the security of the content object data itself.

具体的,版权内容对象数据使用内容加密密钥采用对称加密的方式进行分布式存储。发布系统在发布内容时,通过连接的发布结点向许可认证结点请求内容加密密钥;许可认证结点生成内容加密密钥后,将内容加密密钥发送至发布结点,发布结点再将其发送给连接的发布系统,发布系统保存该内容加密密钥,并使用该内容加密密钥对版权内容进行加密,将版权内容以三备份的形式分布式存储在内容链中。当读者购买某一内容时,发布系统使用用户公钥对该内容的内容加密密钥进行加密,形成用户内容许可,通过连接的发布结点将用户内容许可发送至许可认证结点进行存储。Specifically, copyrighted content object data is distributedly stored using symmetric encryption using content encryption keys. When publishing content, the publishing system requests the content encryption key from the license authentication node through the connected publishing node; after the license authentication node generates the content encryption key, it sends the content encryption key to the publishing node, which then sends it to the connected publishing system. The publishing system saves the content encryption key and uses it to encrypt the copyrighted content, distributing the copyrighted content in the content chain in the form of three backups. When a reader purchases a piece of content, the publishing system uses the user's public key to encrypt the content encryption key of the content to form a user content license, and sends the user content license to the license authentication node through the connected publishing node for storage.

本发明实施例中,当用户想要获取已购买的内容对象数据时,由许可认证结点验证用户的交易记录并放发用户阅读内容许可,用户通过用户阅读内容许可来解密阅读。具体的,当用户获取已购买的内容时,向许可认证结点请求内容许可,具体流程如图3所示,此过程包括获取许可头以及获取许可体的步骤。In the embodiment of the present invention, when a user wants to obtain the purchased content object data, the license authentication node verifies the user's transaction record and issues the user's content reading license, and the user decrypts and reads the content through the user's content reading license. Specifically, when the user obtains the purchased content, the license authentication node is requested to obtain the content license. The specific process is shown in Figure 3. This process includes the steps of obtaining the license header and obtaining the license body.

获取许可头,即阅读器向许可认证结点发起获取许可头的请求。此时,许可认证结点接收到请求后,根据从内容链中其他结点同步的交易数据,验证用户是否有获取权限,验证通过后,将内容对应的用户内容许可利用设备公钥进行非对称加密,得到用户阅读内容许可,作为许可头返回给阅读器,以保证密钥安全性。Obtaining the license header means that the reader initiates a request to obtain the license header from the license authentication node. At this time, after receiving the request, the license authentication node verifies whether the user has the permission to obtain the content based on the transaction data synchronized from other nodes in the content chain. After the verification is passed, the user content license corresponding to the content is asymmetrically encrypted using the device public key to obtain the user's content reading permission, which is returned to the reader as the license header to ensure key security.

获取许可体,即阅读器从内容链的内容结点中获取内容对象数据。阅读器首先从内容链结点中获取存储内容的结点id,然后根据结点id访问对应的内容结点,获取加密后的内容对象数据。Obtaining the license body means that the reader obtains the content object data from the content node of the content chain. The reader first obtains the node ID of the content storage from the content link node, and then accesses the corresponding content node according to the node ID to obtain the encrypted content object data.

其中,用户收到许可头之后,使用设备私钥及用户私钥进行解密,得到原始的内容加密密钥,用该内容加密密钥来解密许可体中的内容对象数据。After receiving the license header, the user uses the device private key and the user private key to decrypt it, obtains the original content encryption key, and uses the content encryption key to decrypt the content object data in the license body.

以上显示和描述了本发明的基本原理和主要特征和本发明的优点,对于本领域技术人员而言,显然本发明不限于上述示范性实施例的细节,而且在不背离本发明的精神或基本特征的情况下,能够以其他的具体形式实现本发明;The basic principles and main features of the present invention and the advantages of the present invention are shown and described above. It is obvious to those skilled in the art that the present invention is not limited to the details of the above exemplary embodiments, and the present invention can be implemented in other specific forms without departing from the spirit or basic features of the present invention.

因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本发明的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化囊括在本发明内,不应将权利要求中的任何附图标记视为限制所涉及的权利要求。Therefore, no matter from which point of view, the embodiments should be regarded as illustrative and non-restrictive, and the scope of the present invention is limited by the appended claims rather than the above description. Therefore, it is intended that all changes falling within the meaning and scope of the equivalent elements of the claims are included in the present invention, and any figure signs in the claims should not be regarded as limiting the claims involved.

此外,应当理解,虽然本说明书按照实施方式加以描述,但并非每个实施方式仅包含一个独立的技术方案,说明书的这种叙述方式仅仅是为清楚起见,本领域技术人员应当将说明书作为一个整体,各实施例中的技术方案也可以经适当组合,形成本领域技术人员可以理解的其他实施方式。In addition, it should be understood that although the present specification is described according to implementation modes, not every implementation mode contains only one independent technical solution. This narrative method of the specification is only for the sake of clarity. Those skilled in the art should regard the specification as a whole. The technical solutions in each embodiment can also be appropriately combined to form other implementation modes that can be understood by those skilled in the art.

Claims (7)

1. The content copyright protection method of the distributed open environment is characterized in that an authentication permission node of a content chain responds to key requests from different requesters, corresponding keys are generated and distributed to corresponding requesters, and the different requesters utilize the distributed keys to carry out encryption and decryption operations according to the attribute of the keys; the key includes:
a content encryption key for encrypting copyrighted content object data;
The user identity public-private key is used for authenticating the identity of a reader when the reader reads and authorizing the reader, the user public key is used for encrypting the content encryption key, and if the reader has the right to use certain content object data, the content encryption key is decrypted by using the user private key, and the content object data is decrypted and read;
the public and private keys of the device are used for authenticating and authorizing the device for reading the copyrighted content by the user, the authorized device can read the copyrighted content, the public key of the device is used for encrypting the content encryption key, and when the reader reads by using the reading device, the device passing the authentication by the permission authentication node can decrypt the content encryption key by using the private key of the device;
The node public key is used for signing and verifying the transaction, the node public key is used for verifying the transaction, the node private key signs transaction information when the node initiates the transaction, and the transaction information of readers buying content object data is synchronized to the permission authentication node by other nodes of the content chain;
Meanwhile, when readers purchase content object data by the release system, the release system uses a content encryption key encrypted by a user public key to form a user content license, and a license authentication node uses a device public key to encrypt the user content license to form a user reading content license;
The interaction flow of the license authentication node with the reader, the user, other nodes of the content chain, the database and the publishing node is specifically as follows:
1) When the reader user registers, submitting the registration information form to a permission authentication node for registration and authentication; the reader acquires a user private key from the permission authentication node; the reader initiates device license authentication to the license authentication node; when a reader reads the content, under the condition that the content permission is not available, a reader initiates a content permission authentication request to a permission authentication node;
2) The license authentication node verifies the user information, checks whether the user information meets the registration requirement, and returns the public and private keys of the user identity to the user; after the license authentication node verifies the user information, returning the user private key; after the permission authentication of the equipment, returning the public and private keys of the equipment; the license authentication node verifies whether the user has the content license rights according to the transaction record, and returns the public and private keys of the content read by the user after the verification is passed;
3) The other nodes of the content chain apply for the public and private keys of the nodes from the permission authentication node, and synchronize the transaction record to the permission authentication node; the license authentication node encrypts the generated node public and private key and returns the encrypted node public and private key to other nodes of the content chain;
4) The license authentication node adds and deletes the public and private keys of the user identity, the public and private keys of the node, the public and private keys of the equipment, the content encryption key and the user content license information to the database; the database executes corresponding operation and returns the result;
5) When a publisher publishes the content, a publishing node connected with the publishing system applies for a content ID and a content encryption key from a permission authentication node; the license authentication node generates a corresponding content ID and a content encryption key, and then returns the corresponding content ID and the content encryption key to the issuing node, and the issuing node returns the content ID and the content encryption key to the connected issuing system, so that the issuing system stores the content ID and the content encryption key.
2. The method for protecting content copyrights in a distributed open environment according to claim 1, wherein after said key is generated, secure storage is implemented using different storage policies; the key storage strategy is as follows: user identity public-private key: the reader is stored personally, a user name and a password of a user are adopted to generate a symmetric key, and the symmetric key is used for encrypting and storing the public and private keys of the user identity in an authentication permission node;
Node public-private key, device public-private key: the public and private keys of the node and the public and private keys of the equipment are respectively stored by the node and the equipment, and meanwhile public keys of the node and the equipment are stored in the authentication node in a permission mode;
content encryption key: the method comprises the steps of storing by a release system;
User content permissions: is maintained by the license authentication node.
3. The method for protecting content copyrights in a distributed open environment according to claim 1, wherein said key distribution strategy is as follows: user identity public and private key distribution: when a reader user registers, a public and private key of the user identity is applied to a permission authentication node; when a reader reads, if no user private key exists in the reader, the user private key is applied to the permission authentication node, and after the permission authentication node successfully verifies the user identity, the user private key is returned to the reader;
node public and private key distribution: when other nodes of the content chain join the content chain, a node authentication request is sent to a permission authentication node, the permission authentication node generates a node public and private key for the content chain node to be joined, and the node public and private key is returned to the content chain node;
and (5) distributing public and private keys of equipment: when a user uses a new reading device, the reading terminal applies a public and private key of the device to a permission authentication node, at the moment, the permission authentication node authenticates the new reading device, and after the authentication is passed, the public and private key of the device is returned to the new reading terminal;
Content encryption key distribution: when a publisher uploads the content, a publishing node in a content chain connected with the publishing system applies a content encryption key to a permission authentication node, the permission authentication node returns the content encryption key to the publishing node after receiving the request, and the publishing node returns the content encryption key to the publishing system;
user content license distribution: when readers purchase the content object data, the issuing system generates user content permissions and sends the user content permissions to a permission authentication node for storage through an issuing node connected with the issuing system;
User read content license distribution: when readers read purchased content object data, the license authentication node generates a user reading content license and returns the user reading content license to the readers.
4. A content copyright protection method in a distributed open environment according to claim 3, wherein, at the time of key distribution, the license authentication node signs the generated key with its own private key, and after the receiving end receives the key, verifies the received key with the public key of the license authentication node to verify whether the key is distributed by the license authentication node.
5. The method according to claim 1, wherein the distribution node encrypts the rights content object data using the received content encryption key and stores the rights content object data in the distribution node and the copies of the rights content object data in the nodes of the other two content links when distributing the content object data, thereby realizing distributed storage of the same content object data in three nodes of the content links in the form of three copies.
6. The method for protecting content copyrights in a distributed open environment according to claim 1, wherein when a user wants to acquire purchased content object data, the license authentication node verifies the user's transaction record and distributes the user's read content license, and the user decrypts the read by the user's read content license.
7. The method for protecting content copyrights in a distributed open environment as recited in claim 6, wherein the step of a user acquiring purchased content object data comprises: acquisition permission header: the reader initiates a request for acquiring the license header to the license authentication node, after the license authentication node receives the request, the license authentication node verifies whether the user has the acquisition authority according to the transaction data synchronized from other nodes in the content chain, after the verification is passed, the user content license corresponding to the content is asymmetrically encrypted by using the device public key, the user content license is obtained, and the user content license is returned to the reader as the license header;
Obtaining a licence body: the reader acquires content object data from a content node of a content chain, firstly acquires a node id of a stored content from the content node, and then accesses a corresponding content node according to the node id to acquire encrypted content object data;
After receiving the license header, the user decrypts the license header by using the device private key and the user private key to obtain an original content encryption key, and decrypts the content object data in the license body by using the content encryption key.
CN202210508197.4A 2022-03-07 2022-05-11 Content copyright protection method for distributed open environment Active CN114880629B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2022102159676 2022-03-07
CN202210215967 2022-03-07

Publications (2)

Publication Number Publication Date
CN114880629A CN114880629A (en) 2022-08-09
CN114880629B true CN114880629B (en) 2024-07-30

Family

ID=82676428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210508197.4A Active CN114880629B (en) 2022-03-07 2022-05-11 Content copyright protection method for distributed open environment

Country Status (1)

Country Link
CN (1) CN114880629B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610148A (en) * 2009-07-08 2009-12-23 李伟 A kind of reciprocity internet digital literary property protection method
KR20130021774A (en) * 2011-08-23 2013-03-06 주식회사 스마트솔루션 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160162897A1 (en) * 2014-12-03 2016-06-09 The Filing Cabinet, LLC System and method for user authentication using crypto-currency transactions as access tokens
CN113158143B (en) * 2020-01-22 2022-05-20 区块链新科技(广州)有限公司 Key management method and device based on block chain digital copyright protection system
CN112364305B (en) * 2020-11-11 2024-03-15 北京大学 Digital content copyright protection method and device based on blockchain platform

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610148A (en) * 2009-07-08 2009-12-23 李伟 A kind of reciprocity internet digital literary property protection method
KR20130021774A (en) * 2011-08-23 2013-03-06 주식회사 스마트솔루션 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Also Published As

Publication number Publication date
CN114880629A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
CN108418680B (en) Block chain key recovery method and medium based on secure multi-party computing technology
US9424400B1 (en) Digital rights management system transfer of content and distribution
CN102685148B (en) Method for realizing secure network backup system under cloud storage environment
CN101159556B (en) Key Management Method in Shared Encrypted File System Based on Group Key Server
US8387154B2 (en) Domain management for digital media
CN101605137B (en) Safe distribution file system
CN103138939B (en) Based on the key access times management method of credible platform module under cloud memory module
CN109962890B (en) Block chain authentication service device and node admission and user authentication method
US11115208B2 (en) Protecting sensitive information from an authorized device unlock
CN114172735A (en) Dual-chain hybrid blockchain data sharing method and system based on smart contract
CN112349368A (en) Electronic health record authorization sharing and management system based on medical block chain
CN101286994B (en) Digital literary property management method, server and system for content sharing within multiple devices
CN101094062B (en) Method for implementing safe distribution and use of digital content by using memory card
CN110519049A (en) A kind of cloud data protection system based on credible performing environment
TW200828944A (en) Simplified management of authentication credientials for unattended applications
TW200949607A (en) Binding content licenses to portable storage devices
US20090199303A1 (en) Ce device management server, method of issuing drm key by using ce device management server, and computer readable recording medium
CN112364305A (en) Digital content copyright protection method and device based on block chain platform
US20240039709A1 (en) Method and apparatus for sharing encrypted data, and device and readable medium
TW200820037A (en) Content control system and method using certificate chains
CN103281180B (en) User is protected to access the bill generation method of privacy in a kind of network service
CN115913513B (en) Distributed trusted data transaction method, system and device supporting privacy protection
JP3896909B2 (en) Access right management device using electronic ticket
TW200823715A (en) Content control system and method using certificate revocation lists
US20240414155A1 (en) System for implementing multifactor authentication based on secure tokenization

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant