[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114880629B - Content copyright protection method for distributed open environment - Google Patents

Content copyright protection method for distributed open environment Download PDF

Info

Publication number
CN114880629B
CN114880629B CN202210508197.4A CN202210508197A CN114880629B CN 114880629 B CN114880629 B CN 114880629B CN 202210508197 A CN202210508197 A CN 202210508197A CN 114880629 B CN114880629 B CN 114880629B
Authority
CN
China
Prior art keywords
content
user
node
key
license
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210508197.4A
Other languages
Chinese (zh)
Other versions
CN114880629A (en
Inventor
朱先忠
师文轩
辛慧洋
吴光硕
黄德军
王卓君
常文超
王文鹏
郭东爽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nankai University
Original Assignee
Nankai University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nankai University filed Critical Nankai University
Publication of CN114880629A publication Critical patent/CN114880629A/en
Application granted granted Critical
Publication of CN114880629B publication Critical patent/CN114880629B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a content copyright protection method of a distributed open environment, which is characterized in that an authentication permission node of a content chain generates corresponding keys according to key requests from different requesters and distributes the corresponding keys to the corresponding requesters, and the different requesters utilize the distributed keys to carry out encryption and decryption operations according to the attribute of the distributed keys; the key comprises a content encryption key, a user identity public and private key, a device public and private key and a node public and private key; when readers purchase content object data by the release system, the release system uses a content encryption key encrypted by a user public key to form a user content license, and a license authentication node uses a device public key to encrypt the user content license to form a user reading content license; when the user wants to acquire the purchased content object data, the license authentication node verifies the transaction record of the user and issues the user reading content license, and the user decrypts the reading by reading the content license by the user. The invention greatly improves the security of the content copyright stored in the distributed open environment.

Description

Content copyright protection method for distributed open environment
Technical Field
The invention relates to the technical field of copyright protection, in particular to a content copyright protection method of a distributed open environment.
Background
In the traditional content copyright protection method, content is stored in a server, a client can only acquire the content in real time, and due to single control of a platform on user copyright content, when the server fails or a copyright company corresponding to the platform stops serving, the purchased copyright content of the user cannot be ensured.
In order to solve the above problems, some technologies apply a distributed autonomous network to the field of content rights, and perform distributed management on the content rights, so as to protect the content rights from being damaged. However, the content object data itself is open-access, available to anyone, and few research schemes for solving the content copyright protection for the whole flow from content distribution, content acquisition to content reading are available.
In addition, the security and integrity of the content and its key during storage and the security of the content encryption key during transmission are challenges in content copyright protection;
Therefore, in view of the above problems, it is necessary to propose a distributed content copyright protection method.
Disclosure of Invention
The invention aims at overcoming the technical defects in the prior art and provides a content copyright protection method of a distributed open environment.
The technical scheme adopted for realizing the purpose of the invention is as follows:
A content copyright protection method of distributed open environment, the authentication permit node of the content chain responds to the key request from different requesters, produce the corresponding key and distribute to the correspondent requester, the different requesters utilize the key that is distributed to encrypt, decrypt the operation according to its attribute; the key includes:
a content encryption key for encrypting copyrighted content object data;
The user identity public-private key is used for authenticating the identity of a reader when the reader reads and authorizing the reader, the user public key is used for encrypting the content encryption key, and if the reader has the right to use certain content object data, the content encryption key is decrypted by using the user private key, and the content object data is decrypted and read;
the public and private keys of the device are used for authenticating and authorizing the device for reading the copyrighted content by the user, the authorized device can read the copyrighted content, the public key of the device is used for encrypting the content encryption key, and when the reader reads by using the reading device, the device passing the authentication by the permission authentication node can decrypt the content encryption key by using the private key of the device;
The node public key is used for signing and verifying the transaction, the node public key is used for verifying the transaction, the node private key signs transaction information when the node initiates the transaction, and the transaction information of readers buying content object data is synchronized to the permission authentication node by other nodes of the content chain;
meanwhile, when readers purchase the content object data by the issuing system, the issuing system uses the content encryption key encrypted by the user public key to form a user content license, and the license authentication node uses the equipment public key to encrypt the user content license to form a user reading content license.
After the secret key is generated, different storage strategies are adopted to realize safe storage; the key storage strategy is as follows:
User identity public-private key: the reader is stored personally, a user name and a password of a user are adopted to generate a symmetric key, and the symmetric key is used for encrypting and storing the public and private keys of the user identity in an authentication permission node;
Node public-private key, device public-private key: the public and private keys of the node and the public and private keys of the equipment are respectively stored by the node and the equipment, and meanwhile public keys of the node and the equipment are stored in the authentication node in a permission mode;
content encryption key: the method comprises the steps of storing by a release system;
User content permissions: is maintained by the license authentication node.
The key distribution strategy is as follows:
User identity public and private key distribution: when a reader user registers, a public and private key of the user identity is applied to a permission authentication node; when a reader reads, if no user private key exists in the reader, the user private key is applied to the permission authentication node, and after the permission authentication node successfully verifies the user identity, the user private key is returned to the reader;
node public and private key distribution: when other nodes of the content chain join the content chain, a node authentication request is sent to a permission authentication node, the permission authentication node generates a node public and private key for the content chain node to be joined, and the node public and private key is returned to the content chain node;
and (5) distributing public and private keys of equipment: when a user uses a new reading device, the reading terminal applies a public and private key of the device to a permission authentication node, at the moment, the permission authentication node authenticates the new reading device, and after the authentication is passed, the public and private key of the device is returned to the new reading terminal;
Content encryption key distribution: when a publisher uploads the content, a publishing node in a content chain connected with the publishing system applies a content encryption key to a permission authentication node, the permission authentication node returns the content encryption key to the publishing node after receiving the request, and the publishing node returns the content encryption key to the publishing system;
user content license distribution: when readers purchase the content object data, the issuing system generates user content permissions and sends the user content permissions to a permission authentication node for storage through an issuing node connected with the issuing system;
User read content license distribution: when readers read purchased content object data, the license authentication node generates a user reading content license and returns the user reading content license to the readers.
When the receiving end receives the key, the public key of the license authentication node is used for verifying the received key so as to verify whether the key is distributed by the license authentication node.
When the publishing node publishes the content object data, the received content encryption key is used for encrypting the copyrighted content object data, the copyrighted content object data is stored in the publishing node, and the copyrighted content object data is backed up and stored in the nodes of the other two content links, so that the same content object data is stored in three nodes of the content links in a distributed mode in a three-backup mode.
Wherein when the user wants to acquire the purchased content object data, the license authentication node verifies the transaction record of the user and distributes the user reading content license, and the user decrypts the reading by reading the content license by the user.
Wherein the step of the user obtaining the purchased content object data comprises the steps of:
Acquisition permission header: the reader initiates a request for acquiring the license header to the license authentication node, after the license authentication node receives the request, the license authentication node verifies whether the user has the acquisition authority according to the transaction data synchronized from other nodes in the content chain, after the verification is passed, the user content license corresponding to the content is asymmetrically encrypted by using the device public key, the user content license is obtained, and the user content license is returned to the reader as the license header;
Obtaining a licence body: the reader acquires content object data from a content node of a content chain, firstly acquires a node id of a stored content from the content node, and then accesses a corresponding content node according to the node id to acquire encrypted content object data;
After receiving the license header, the user decrypts the license header by using the device private key and the user private key to obtain an original content encryption key, and decrypts the content object data in the license body by using the content encryption key.
The interaction flow of the permission authentication node with the reader, the user, other nodes of the content chain, the database and the release node is specifically as follows:
1) When the reader user registers, submitting the registration information form to a permission authentication node for registration and authentication; the reader acquires a user private key from the permission authentication node; the reader initiates device license authentication to the license authentication node; when a reader reads the content, under the condition that the content permission is not available, a reader initiates a content permission authentication request to a permission authentication node;
2) The license authentication node verifies the user information, checks whether the user information meets the registration requirement, and returns the public and private keys of the user identity to the user; after the license authentication node verifies the user information, returning the user private key; after the permission authentication of the equipment, returning the public and private keys of the equipment; the license authentication node verifies whether the user has the content license rights according to the transaction record, and returns the public and private keys of the content read by the user after the verification is passed;
3) The other nodes of the content chain apply for the public and private keys of the nodes from the permission authentication node, and synchronize the transaction record to the permission authentication node; the license authentication node encrypts the generated node public and private key and returns the encrypted node public and private key to other nodes of the content chain;
4) The license authentication node adds and deletes the public and private keys of the user identity, the public and private keys of the node, the public and private keys of the equipment, the content encryption key and the user content license information to the database; the database executes corresponding operation and returns the result;
5) When a publisher publishes the content, a publishing node connected with the publishing system applies for a content ID and a content encryption key from a permission authentication node; the license authentication node generates a corresponding content ID and a content encryption key, and then returns the corresponding content ID and the content encryption key to the issuing node, and the issuing node returns the content ID and the content encryption key to the connected issuing system, so that the issuing system stores the content ID and the content encryption key.
The content copyright protection method of the distributed open environment solves the problem of single control of a platform on user copyright content by distributing and storing the copyright content.
The invention provides a safe key management mechanism for managing related keys in the content copyright protection process, wherein the keys comprise a user identity public and private key, a node public and private key, a device public and private key, a content encryption key, a user content license and a user reading content license.
The invention provides a safe key storage and distribution mechanism, ensures the safety and reliability of the key in the storage and transmission process by adopting different storage strategies, and ensures that the key is generated in a centralized mode (namely a permission authentication node), and all sites share the key, thereby solving the defect of weak security of the key generation of the distributed site.
The invention realizes the security and reliability of the content itself by encrypting and storing the content object data and verifying the integrity; through the content license authentication method, the user is ensured to use the content after being authorized.
Drawings
FIG. 1 is a diagram illustrating interaction of a license authentication node with other nodes according to an embodiment of the present invention.
Fig. 2 is a block diagram of license authentication node key storage and distribution according to an embodiment of the present invention.
Fig. 3 is a content license authentication flow chart of an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the specific examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In the embodiment of the invention, the nodes represent a plurality of unit structures which are mutually communicated and connected to form a digital content chain network, and the unit structures which form the content chain are mutually communicated to form a network structure, and are different from the meanings of the nodes which are sequentially arranged in the traditional blockchain.
The content copyright protection method of the distributed open environment in the embodiment of the invention is realized by a content chain which is a service network facing to content distribution and absorbing the advantages of a distributed autonomous network, the content chain comprises a permission authentication node and other nodes, such as a content node for storing content object data, the other nodes in the content chain synchronize transaction records to the permission authentication node, and the permission authentication node verifies whether a user has content permission or not according to the transaction records.
In the content chain, a set-up content node stores rights content object data, which can be stored in the content node in the form of three backups. The metadata of the copyrighted content and the content node id for storing the object data of the copyrighted content are stored in the blocks of the nodes in a mode of achieving consensus in a content chain, so that the distributed storage of the copyrighted content is realized.
The distributed content copyright protection method of the embodiment of the invention realizes the effective protection of the distributed stored copyright content based on the license authentication node in the content chain.
In order to effectively protect the content copyrights of the distributed open environment, the embodiment of the invention provides a key protection mechanism, which comprises the following key and permissions of several types:
User identity public-private key: the public and private keys of the user identity are asymmetric keys, the public key in the public and private keys of the user identity is called the public key of the user, and the private key in the public and private keys of the user identity is called the private key of the user.
Node public-private key: the public and private keys of the nodes are asymmetric keys, and are composed of public and private key pairs of other nodes in the content chain, wherein the public key in the public and private keys of the nodes is called the public key of the nodes, and the private key in the public and private keys of the nodes is called the private key of the nodes.
Device public-private key: the public keys of the devices are asymmetric keys, the public keys in the public keys of the devices are called device public keys, and the private keys in the public keys of the devices are called device private keys.
Content encryption key: the content chain encryption key is a symmetric key used to encrypt content object data.
User content permissions: the result after encrypting the content encryption key using the user public key is referred to as a content user license.
The user reads the content license: the result after encrypting the user content license using the device public key is referred to as the user reading the content license.
The content encryption key is a symmetric key which has high encryption speed and is suitable for encrypting a large amount of data, and the copyright content object data is symmetrically encrypted when the copyright content object data is stored. The public and private keys of the user and the equipment are used for selecting asymmetric keys with higher security, the public keys of the user and the equipment are used for encrypting the content encryption keys, the private keys of the user and the equipment are used for readers with rights and equipment to decrypt the content encryption keys, and the decrypted content encryption keys are used for decrypting and reading copyrighted content; the public and private keys of the nodes are also selected as asymmetric keys, the private keys are used for signing the transaction information when the nodes initiate the transaction, and the public keys are used for signing the transaction information.
The content encryption key is used for encrypting the copyrighted content object data, so that the security of the copyrighted content object data in the storage and transmission processes is ensured;
The user identity public and private key is used for authenticating the identity of the reader when the user reads, authorizing the reader, and if the reader has the use right for certain content object data, decrypting and reading the content object data by using the user private key, thereby playing a role in protecting the content copyright.
The public and private keys of the equipment are used for authenticating and authorizing the equipment used for reading the copyrighted content by the user, the authorized equipment can read the copyrighted content, unauthorized equipment is prevented from maliciously acquiring the copyrighted content, and the security of the copyrighted content is protected. When a reader reads by using the reading device, the device passing through the authentication is authenticated by the licensed authentication node, and the content encryption key can be decrypted by using the device private key.
The public and private keys of the nodes are used for identity authentication of the content link nodes in the consensus process, the nodes sign and verify transactions, the nodes joining the content link are ensured to be safe and reliable, and the transaction information of readers purchasing the content is synchronized to the permission authentication nodes by other nodes of the content link, so that the safety and reliability of the transaction information of users are ensured.
In the embodiment of the invention, the interaction flow between the license authentication node and each role (including reader, user, other nodes of the content chain except the license authentication node, database and publishing node) related to the content chain is shown in figure 1:
1) When the reader user registers, submitting the registration information form to a permission authentication node for registration authentication; the reader acquires a user private key from the permission authentication node; the reader initiates device license authentication to the license authentication node; when the reader reads the content, the reader initiates a content license authentication request to a license authentication node under the condition that the content license is not available.
2) The license authentication node verifies the user information, checks whether the user information meets the registration requirement, and returns the public and private keys of the user identity to the user; after the license authentication node verifies the user information, returning the user private key; after license authentication is carried out on the equipment, returning the public and private keys of the equipment; and the license authentication node verifies whether the user has the content license right according to the transaction record, and returns the public and private keys of the user reading the content after the verification is passed.
3) Other nodes of the content chain apply for a public and private key of the node to the permission authentication node; the other nodes of the content chain synchronize the transaction records to the license authentication node.
4) And the license authentication node encrypts the generated node public and private key and returns the encrypted node public and private key to other nodes of the content chain.
5) The license authentication node adds and deletes the information such as the user identity public and private key, the node public and private key, the equipment public and private key, the content encryption key, the user content license and the like to the database.
6) The database performs the corresponding operation and returns the result.
7) When a publisher publishes the content, a publishing node connected with the publishing system applies for the content ID and the content encryption key from the permission authentication node.
8) After generating the corresponding content ID and the key, the license authentication node returns to the issuing node, and the issuing node returns the content ID and the content encryption key to the connected issuing system to be saved by the issuing system.
The publishing node is one node used for publishing the content in other nodes of the content chain connected with the publishing system. The publishing node and the node that is backed up to store the content object data may be referred to as a content node, i.e., a node that stores the content object data.
In the embodiment of the invention, the license authentication node manages related keys in the content copyright protection process, including a user identity public and private key, a node public and private key, a device public and private key and a content encryption key.
In the embodiment of the invention, corresponding secret keys are generated for copyrighted content, users, equipment and nodes by the license authentication nodes according to different requirements in the content copyright protection.
In the embodiment of the invention, aiming at different keys, different storage strategies are adopted after the keys are generated, so that safe and stable storage is realized, and the security problem of public and private key storage is ensured.
The different key storage strategies are as follows:
User identity public-private key: after the reader obtains the public and private keys of the user identity, the reader personally stores the public and private keys of the user identity locally, and the private keys of the user may have a risk of losing. The public and private keys of the user identity of the reader are stored in the permission authentication node, and the database may have potential safety hazards, so that the authentication permission node needs to encrypt and store the public and private keys when storing the public and private keys. Specifically, the specific storage method of the public and private keys of the user identity is as follows: and generating a symmetric key by adopting a user name and a password of the user, encrypting the public and private keys of the user identity by using the symmetric key, and storing the public and private keys of the user identity in an authentication permission node.
Node public-private key, device public-private key: the public and private keys of the nodes and the public and private keys of the equipment are stored in the nodes and the equipment in a non-personal way, so that the public keys of the nodes and the equipment are not easy to lose, and only the public keys of the nodes and the equipment are needed to be stored in the permission authentication nodes.
Content encryption key: when the content encryption key is distributed to the distribution system, the distribution system can autonomously decide to distribute, sell and put off the shelf of the content, and meanwhile, in order to avoid huge loss to content object data caused by leakage of the content encryption key when the license authentication node is attacked, the license authentication node stores the content encryption key by the distribution system after generating the content encryption key.
User content permissions: when readers purchase content object data in the release system, the release system sends the content encryption key encrypted by the user public key to the license authentication node through the connected release node as user content license, and the license authentication node stores the content license.
In the embodiment of the invention, in order to realize effective protection, after the authentication permission node generates the corresponding key, the key distribution is carried out through the following processes: each module or each end requests a key from the license authentication node, the license authentication node verifies, if the key exists, the key is read from the database, the result is returned, otherwise, the corresponding key is generated according to the rule, and the result is returned.
Specifically, the key distribution strategy is as follows:
user identity public and private key distribution: when a reader user registers, a public and private key of the user identity is applied to a permission authentication node; when a reader reads, if no user private key exists in the reader, the user private key needs to be applied to the permission authentication node, and after the permission authentication node successfully verifies the user identity, the user private key is returned to the reader.
Node public and private key distribution: when other nodes of the content chain are to join the content chain, a node authentication request is sent to a permission authentication node, the permission authentication node generates a node public and private key for the content chain node, and the node public and private key is returned to the content chain node.
And (5) distributing public and private keys of equipment: when a user uses a new reading device, the reading terminal needs to apply a public and private key of the device to the permission authentication node, the permission authentication node authenticates the device, and the public and private key of the device is returned to the reading terminal after the authentication is passed.
Content encryption key distribution: when the publisher uploads the content, the publishing system applies for the content encryption key from the license authentication node through the connected publishing node, and the license authentication node returns the content encryption key after receiving the request.
User content license distribution: when readers purchase the content object data, the issuing system generates user content permissions and sends the generated user content permissions to the permission authentication node through an issuing node connected with the issuing system for storage.
User read content license distribution: when the reader reads the purchased content object data, the license authentication node generates a user reading content license and returns it to the reader.
In the embodiment of the invention, when the key is distributed, the license authentication node signs the generated key by using the private key of the license authentication node, and after the receiving end receives the key, the public key of the license authentication node can be used for verifying the received key so as to ensure that the key is distributed by the license authentication node and ensure the reliability of the key.
Through the key distribution technology, when different modules need corresponding keys, the license authentication node sends the keys to the corresponding modules according to different key distribution strategies, so that a safe and rapid key distribution method is realized, and the safety in the transmission process of the license keys is ensured.
In the embodiment of the invention, when the copyrighted content object data is stored in an encrypted manner, the content encryption key generated by the license authentication node is used for carrying out the encrypted storage in a three-backup mode, so that the security of the content object data is ensured.
Specifically, the copyrighted content object data is stored in a distributed manner by using a content encryption key in a symmetric encryption manner. When the publishing system publishes the content, the publishing node connected with the publishing system requests a content encryption key from the permission authentication node; after the license authentication node generates the content encryption key, the content encryption key is sent to the release node, the release node sends the content encryption key to the connected release system, the release system stores the content encryption key, encrypts the copyrighted content by using the content encryption key, and the copyrighted content is distributed and stored in a content chain in a three-backup mode. When a reader purchases a certain content, the issuing system encrypts a content encryption key of the content by using a user public key to form a user content license, and the user content license is sent to a license authentication node for storage through a connected issuing node.
In the embodiment of the invention, when the user wants to acquire the purchased content object data, the license authentication node verifies the transaction record of the user and issues the user reading content license, and the user decrypts the reading through the user reading content license. Specifically, when the user acquires purchased content, a license authentication node is requested for the content license, and the specific flow is shown in fig. 3, and the process includes the steps of acquiring a license header and acquiring a license body.
The acquisition permission header, i.e., the reader, initiates a request to the permission authentication node to acquire the permission header. At this time, after receiving the request, the license authentication node verifies whether the user has the acquisition right according to the transaction data synchronized from other nodes in the content chain, and after the verification, the user content license corresponding to the content is asymmetrically encrypted by using the device public key to obtain the user content license, and the user content license is returned to the reader as a license header so as to ensure the key security.
The acquisition licence, i.e. the reader, acquires the content object data from the content nodes of the content chain. The reader firstly acquires the node id of the stored content from the content link node, and then accesses the corresponding content node according to the node id to acquire the encrypted content object data.
After receiving the license header, the user decrypts the license header by using the device private key and the user private key to obtain an original content encryption key, and decrypts the content object data in the license body by using the content encryption key.
While the fundamental and principal features of the invention and advantages of the invention have been shown and described, it will be apparent to those skilled in the art that the invention is not limited to the details of the foregoing exemplary embodiments, but may be embodied in other specific forms without departing from the spirit or essential characteristics thereof;
the present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Furthermore, it should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is provided for clarity only, and that the disclosure is not limited to the embodiments described in detail below, and that the embodiments described in the examples may be combined as appropriate to form other embodiments that will be apparent to those skilled in the art.

Claims (7)

1. The content copyright protection method of the distributed open environment is characterized in that an authentication permission node of a content chain responds to key requests from different requesters, corresponding keys are generated and distributed to corresponding requesters, and the different requesters utilize the distributed keys to carry out encryption and decryption operations according to the attribute of the keys; the key includes:
a content encryption key for encrypting copyrighted content object data;
The user identity public-private key is used for authenticating the identity of a reader when the reader reads and authorizing the reader, the user public key is used for encrypting the content encryption key, and if the reader has the right to use certain content object data, the content encryption key is decrypted by using the user private key, and the content object data is decrypted and read;
the public and private keys of the device are used for authenticating and authorizing the device for reading the copyrighted content by the user, the authorized device can read the copyrighted content, the public key of the device is used for encrypting the content encryption key, and when the reader reads by using the reading device, the device passing the authentication by the permission authentication node can decrypt the content encryption key by using the private key of the device;
The node public key is used for signing and verifying the transaction, the node public key is used for verifying the transaction, the node private key signs transaction information when the node initiates the transaction, and the transaction information of readers buying content object data is synchronized to the permission authentication node by other nodes of the content chain;
Meanwhile, when readers purchase content object data by the release system, the release system uses a content encryption key encrypted by a user public key to form a user content license, and a license authentication node uses a device public key to encrypt the user content license to form a user reading content license;
The interaction flow of the license authentication node with the reader, the user, other nodes of the content chain, the database and the publishing node is specifically as follows:
1) When the reader user registers, submitting the registration information form to a permission authentication node for registration and authentication; the reader acquires a user private key from the permission authentication node; the reader initiates device license authentication to the license authentication node; when a reader reads the content, under the condition that the content permission is not available, a reader initiates a content permission authentication request to a permission authentication node;
2) The license authentication node verifies the user information, checks whether the user information meets the registration requirement, and returns the public and private keys of the user identity to the user; after the license authentication node verifies the user information, returning the user private key; after the permission authentication of the equipment, returning the public and private keys of the equipment; the license authentication node verifies whether the user has the content license rights according to the transaction record, and returns the public and private keys of the content read by the user after the verification is passed;
3) The other nodes of the content chain apply for the public and private keys of the nodes from the permission authentication node, and synchronize the transaction record to the permission authentication node; the license authentication node encrypts the generated node public and private key and returns the encrypted node public and private key to other nodes of the content chain;
4) The license authentication node adds and deletes the public and private keys of the user identity, the public and private keys of the node, the public and private keys of the equipment, the content encryption key and the user content license information to the database; the database executes corresponding operation and returns the result;
5) When a publisher publishes the content, a publishing node connected with the publishing system applies for a content ID and a content encryption key from a permission authentication node; the license authentication node generates a corresponding content ID and a content encryption key, and then returns the corresponding content ID and the content encryption key to the issuing node, and the issuing node returns the content ID and the content encryption key to the connected issuing system, so that the issuing system stores the content ID and the content encryption key.
2. The method for protecting content copyrights in a distributed open environment according to claim 1, wherein after said key is generated, secure storage is implemented using different storage policies; the key storage strategy is as follows: user identity public-private key: the reader is stored personally, a user name and a password of a user are adopted to generate a symmetric key, and the symmetric key is used for encrypting and storing the public and private keys of the user identity in an authentication permission node;
Node public-private key, device public-private key: the public and private keys of the node and the public and private keys of the equipment are respectively stored by the node and the equipment, and meanwhile public keys of the node and the equipment are stored in the authentication node in a permission mode;
content encryption key: the method comprises the steps of storing by a release system;
User content permissions: is maintained by the license authentication node.
3. The method for protecting content copyrights in a distributed open environment according to claim 1, wherein said key distribution strategy is as follows: user identity public and private key distribution: when a reader user registers, a public and private key of the user identity is applied to a permission authentication node; when a reader reads, if no user private key exists in the reader, the user private key is applied to the permission authentication node, and after the permission authentication node successfully verifies the user identity, the user private key is returned to the reader;
node public and private key distribution: when other nodes of the content chain join the content chain, a node authentication request is sent to a permission authentication node, the permission authentication node generates a node public and private key for the content chain node to be joined, and the node public and private key is returned to the content chain node;
and (5) distributing public and private keys of equipment: when a user uses a new reading device, the reading terminal applies a public and private key of the device to a permission authentication node, at the moment, the permission authentication node authenticates the new reading device, and after the authentication is passed, the public and private key of the device is returned to the new reading terminal;
Content encryption key distribution: when a publisher uploads the content, a publishing node in a content chain connected with the publishing system applies a content encryption key to a permission authentication node, the permission authentication node returns the content encryption key to the publishing node after receiving the request, and the publishing node returns the content encryption key to the publishing system;
user content license distribution: when readers purchase the content object data, the issuing system generates user content permissions and sends the user content permissions to a permission authentication node for storage through an issuing node connected with the issuing system;
User read content license distribution: when readers read purchased content object data, the license authentication node generates a user reading content license and returns the user reading content license to the readers.
4. A content copyright protection method in a distributed open environment according to claim 3, wherein, at the time of key distribution, the license authentication node signs the generated key with its own private key, and after the receiving end receives the key, verifies the received key with the public key of the license authentication node to verify whether the key is distributed by the license authentication node.
5. The method according to claim 1, wherein the distribution node encrypts the rights content object data using the received content encryption key and stores the rights content object data in the distribution node and the copies of the rights content object data in the nodes of the other two content links when distributing the content object data, thereby realizing distributed storage of the same content object data in three nodes of the content links in the form of three copies.
6. The method for protecting content copyrights in a distributed open environment according to claim 1, wherein when a user wants to acquire purchased content object data, the license authentication node verifies the user's transaction record and distributes the user's read content license, and the user decrypts the read by the user's read content license.
7. The method for protecting content copyrights in a distributed open environment as recited in claim 6, wherein the step of a user acquiring purchased content object data comprises: acquisition permission header: the reader initiates a request for acquiring the license header to the license authentication node, after the license authentication node receives the request, the license authentication node verifies whether the user has the acquisition authority according to the transaction data synchronized from other nodes in the content chain, after the verification is passed, the user content license corresponding to the content is asymmetrically encrypted by using the device public key, the user content license is obtained, and the user content license is returned to the reader as the license header;
Obtaining a licence body: the reader acquires content object data from a content node of a content chain, firstly acquires a node id of a stored content from the content node, and then accesses a corresponding content node according to the node id to acquire encrypted content object data;
After receiving the license header, the user decrypts the license header by using the device private key and the user private key to obtain an original content encryption key, and decrypts the content object data in the license body by using the content encryption key.
CN202210508197.4A 2022-03-07 2022-05-11 Content copyright protection method for distributed open environment Active CN114880629B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2022102159676 2022-03-07
CN202210215967 2022-03-07

Publications (2)

Publication Number Publication Date
CN114880629A CN114880629A (en) 2022-08-09
CN114880629B true CN114880629B (en) 2024-07-30

Family

ID=82676428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210508197.4A Active CN114880629B (en) 2022-03-07 2022-05-11 Content copyright protection method for distributed open environment

Country Status (1)

Country Link
CN (1) CN114880629B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610148A (en) * 2009-07-08 2009-12-23 李伟 A kind of reciprocity internet digital literary property protection method
KR20130021774A (en) * 2011-08-23 2013-03-06 주식회사 스마트솔루션 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160162897A1 (en) * 2014-12-03 2016-06-09 The Filing Cabinet, LLC System and method for user authentication using crypto-currency transactions as access tokens
CN113158143B (en) * 2020-01-22 2022-05-20 区块链新科技(广州)有限公司 Key management method and device based on block chain digital copyright protection system
CN112364305B (en) * 2020-11-11 2024-03-15 北京大学 Digital content copyright protection method and device based on blockchain platform

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610148A (en) * 2009-07-08 2009-12-23 李伟 A kind of reciprocity internet digital literary property protection method
KR20130021774A (en) * 2011-08-23 2013-03-06 주식회사 스마트솔루션 Method for providing security service based on digital certificate and system for providing security service based on digital certificate

Also Published As

Publication number Publication date
CN114880629A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
CN112989415B (en) Private data storage and access control method and system based on block chain
US9424400B1 (en) Digital rights management system transfer of content and distribution
US7971261B2 (en) Domain management for digital media
EP1942430B1 (en) Token Passing Technique for Media Playback Devices
JP4680596B2 (en) Method and system for securely escrowing private keys within public key infrastructure
CN110519049A (en) A kind of cloud data protection system based on credible performing environment
US20130268749A1 (en) Digital rights management system and methods for provisioning content to an intelligent storage
CN112364305B (en) Digital content copyright protection method and device based on blockchain platform
JP2004509398A (en) System for establishing an audit trail for the protection of objects distributed over a network
KR100502580B1 (en) Method for distrubution of copyright protected digital contents
KR20090000624A (en) Method for mutual authenticating with host device and system thereof
US20090199303A1 (en) Ce device management server, method of issuing drm key by using ce device management server, and computer readable recording medium
CN111818000B (en) Block chain-based distributed Digital Rights Management (DRM) system
US11258601B1 (en) Systems and methods for distributed digital rights management with decentralized key management
JPH07123086A (en) Literary work communication control system using ic card
CN115567312B (en) Alliance chain data authority management system and method capable of meeting various scenes
JP2000113048A (en) Contents receiver group and ic card to be used for the same
KR100656402B1 (en) Method and apparatus for the secure digital contents distribution
CN114880629B (en) Content copyright protection method for distributed open environment
WO2024120051A1 (en) Permission control method for software program, and device
CN112836240A (en) Block chain-based electronic medical data security sharing method, system and medium
Fan et al. A new usage control protocol for data protection of cloud environment
CN112702170A (en) Management method, management system, viewing method and viewing terminal for vehicle data
CN101107610A (en) A method for discouraging illegal distribution of content within a drm system for commercial and personal content
Payne A cryptographic access control architecture secure against privileged attackers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant