Nothing Special   »   [go: up one dir, main page]

CN101442404A - Multilevel management system and method for license - Google Patents

Multilevel management system and method for license Download PDF

Info

Publication number
CN101442404A
CN101442404A CN 200810246628 CN200810246628A CN101442404A CN 101442404 A CN101442404 A CN 101442404A CN 200810246628 CN200810246628 CN 200810246628 CN 200810246628 A CN200810246628 A CN 200810246628A CN 101442404 A CN101442404 A CN 101442404A
Authority
CN
China
Prior art keywords
license
management unit
content
license management
proxy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200810246628
Other languages
Chinese (zh)
Other versions
CN101442404B (en
Inventor
陈普贵
肖正秀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING CE OPEN SOURCE SOFTWARE Co Ltd
Original Assignee
BEIJING CE OPEN SOURCE SOFTWARE Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING CE OPEN SOURCE SOFTWARE Co Ltd filed Critical BEIJING CE OPEN SOURCE SOFTWARE Co Ltd
Priority to CN 200810246628 priority Critical patent/CN101442404B/en
Publication of CN101442404A publication Critical patent/CN101442404A/en
Application granted granted Critical
Publication of CN101442404B publication Critical patent/CN101442404B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a license multilevel management system, which comprises a license management unit, a content packing unit, an encryption machine in a content packing unit and a decryption machine in a terminal. The system also comprises an agent license management unit, wherein the agent license management unit is used for applying for a license from the license management unit and acquiring the license, uniformly managing at least one terminal in a local area network according to authority information in the license, and realizing multilevel management of the license. The invention also discloses a method for multilevel management of the license. The method comprises the following steps: the agent license management unit applies for the license from the license management unit and acquires the license, uniformly manages at least one terminal in the local area network according to the authority information in the license, and realizes multilevel management of the license. With the system and the method, individual requirement of a user can be met, series of problems of succession, removal, transference, and multilevel license distribution of use right of digital content can be completed.

Description

License multilevel management system and method
Technical Field
The present invention relates to license management technologies, and in particular, to a system and a method for license multi-level management.
Background
Digital content services have become the fastest growing and most promising area of the entire information industry, however, the digital content of digital content services facilitates piracy and infringement. The copyright problem is becoming one of the bottlenecks that restrict the development of Digital content services, and accordingly, the research of Digital Rights Management (DRM) is vigorously developed. At present, the most widely used DRM technology, namely, public key cryptosystem and related encryption technology, is applied to better solve the security problem of copyright management.
The license management in the existing DRM solution is mainly the license management performed by an operator on a user, as shown in fig. 1, fig. 1 is a schematic diagram of a composition structure of an existing license management system. In fig. 1, the method includes: a license management unit of an operator operation center, a digital Certificate Authority (CA) server, a content packaging unit, and a terminal. The license management unit is used for issuing a license to the terminal; the CA server completes the CA digital certificate, the terminal and the content packaging unit respectively apply for certificate service to the CA server, and the CA server respectively provides the applied online certificate service to the terminal and the content packaging unit; the encryptor in the content packaging unit encrypts the digital content and sends the encrypted digital content to the terminal, and returns a key for encrypting the digital content and the right information to the license management unit, wherein the key for encrypting the digital content is a Content Encryption Key (CEK); the terminal receives the content license and the encrypted digital content, extracts the CEK from the content license by using a decryption machine located at the terminal, and decrypts the encrypted digital content.
In summary, with the existing DRM solution, the terminal can only be directly managed by the license management unit located in the operation center, and the online license service is provided, which has the limitation of single management and single service. However, with the complexity of the development of digital content service applications, users have raised more and higher personalized requirements, which relate to the problems of inheritance, migration, and transfer of usage rights of digital content services, and for these problems, the license management unit adopting the existing DRM solution cannot directly manage the terminal, and the existing technology of single management and single service cannot well meet the personalized requirements of users.
Disclosure of Invention
In view of the above, the present invention provides a license multi-level management system and method, which can meet the personalized requirements of users and can solve a series of problems of inheritance, migration, transfer and multi-level license distribution of usage rights of digital content.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
a license multi-level management system, the system comprising: the system further includes a license management unit, an encryptor in the content packaging unit, and a decryptor in the terminal: an agent license management unit; wherein,
and the proxy license management unit is used for applying for the license management unit and acquiring the license, uniformly managing at least one terminal in the local area network according to the authority information in the license, and realizing the multilevel management of the license.
The agent license management unit is deployed in the local area network, the number of the agent license management units is at least one, a multilevel management system is formed by the agent license management unit and the license management units, and the multilevel management system presents multilevel distribution of a tree structure in a node mode.
In the multi-level distribution management system which presents the tree structure in the mode of nodes, a license management unit is a root node, a superior proxy license management unit is a father node, and a subordinate proxy license management unit is a child node; the agent license management units belonging to a father node are brother nodes; the proxy license management units belonging to the same layer are brother nodes.
In the multi-level distribution management system, the license management unit is further configured to issue a root license to the second-level proxy license management unit; the second-level agent license management unit is further used for issuing a second-level license to the third-level agent license management unit; the issuance of licenses at each level takes a chain structure and is continued in the order of issuance.
The proxy license management unit is further configured to grant the authority information in the license to the terminal, and the authority information granted to the terminal by the current proxy license management unit is: the license management unit grants a subset of the rights information to the current proxy license management unit for use.
Wherein the system further comprises: a content management center and an agent content management center; wherein,
the license management unit is specifically used for generating a seed of a digital content encryption key and sending the seed to the encryption machine; generating a license and sending the license to the proxy license management unit;
the encryption machine is specifically used for applying for the license management unit and acquiring the seed and the content identification of the secret key; generating a key identification; establishing a corresponding table of the content identification and the key identification; generating a Content Encryption Key (CEK) according to the key identification and the seed; sending the encrypted digital content to the content management center, and returning the key identification, the corresponding table of the content identification and the key identification and the authority information of the content to the license management unit;
the corresponding table of the content identification and the key identification is used for ensuring that the encryption/decryption synchronization is realized on the two sides of the encryption machine and the decryption machine;
the agent license management unit is specifically used for acquiring the license from the upper-level license management unit and sending the content license required by the decryption machine; the content license includes the CEK and rights information for use;
the content management center is specifically used for pushing the encrypted digital content to the proxy content management center;
the agent content management center is specifically configured to push the encrypted digital content to the decryption machine in the terminal;
the decryptor is specifically configured to verify the rights information and decrypt the encrypted digital content according to the CEK.
The agent license management unit is also used for reporting logs and applying for license updating to the license management unit, and the license management unit is also used for auditing the reported logs and issuing license updating; the license management unit provides two management modes of online license service and offline license service for the registration terminal or the proxy license management unit.
Wherein the license management unit further includes: the system comprises a security manager, a content identifier management module, a key identifier management module, an agent license management module, a content license management module and a log management module; wherein,
the security manager is used for taking charge of the security of the license management unit and the security communication to the outside, and completing identity authentication, access control, copyright control and analysis, equipment security control and encryption and decryption of digital content;
the content identification management module is used for managing content identification;
the key identification management module is used for managing the key identification;
the agent license management module is used for storing and updating the agent license;
the content license management module is used for storing and updating the content license;
the updating comprises generating, deleting and modifying three items of content;
the log management module is used for carrying out integrity detection on the log submitted by the agent license management unit and auditing the operation of the agent license management unit; the log management module supports two management modes of online license service and offline license service.
The agent license management module is further used for generating the agent license according to the generation principle of the agent license; the generation principle of the proxy license is as follows: the principle that default is not limited to be allowed is adopted for the root license; the principle of no permission or prohibition is adopted for the secondary license and the subordinate licenses.
The content license management module is further used for generating the content license according to the generation principle of the content license; the generation principle of the content license is as follows: the principle that all the rights are not forbidden by default is adopted for all the rights; the principle that a right exists is not allowed or prohibited;
the content license generated is a subset of the rights information of the licensee and is a subset of the rights information in the proxy license at this level.
A method of license multi-level management, the method comprising: the agent license management unit applies for a license to the license management unit; and the agent license management unit acquires the applied license, uniformly manages at least one terminal in the local area network according to the authority information in the license and realizes the multilevel management of the license.
The method specifically comprises the following steps:
a1, the license management unit generates the seed of the digital content encryption key and sends the seed to the encryption machine;
a2, the encryption machine generates a key identification, and generates a CEK according to the key identification and the seed; the encryption machine returns the authority information of the content to the license management unit; the encryption machine sends the digital content encrypted by the CEK to a content management center;
a3, the agent license management unit reports the log to the license management unit and applies for the license, and the license management unit issues the updated license to the agent license management unit after the log is approved by the license management unit;
a4, the content management center sends the encrypted digital content to the terminal through the proxy content management center; the agent license management unit sends the content license required by the decryption machine to the terminal, wherein the content license required by the decryption machine comprises the license information used by the decryption machine and the CEK;
a5, the terminal verifies the authority information and decrypts the encrypted digital content according to the CEK.
Wherein, step A2 further includes: the encryption machine applies for and obtains the content identification from the license management unit, establishes a corresponding table of the content identification and the key identification and returns the table to the license management unit;
step a3 further includes: the license management unit issues the selected digital content and the corresponding table of the content identification and the key identification to the proxy license management unit, the proxy license management unit acquires the key identification according to the content identification corresponding to the selected digital content and the corresponding table of the content identification and the key identification, generates a CEK according to the seed and the key identification and provides the CEK for a decryption machine to decrypt, and encryption/decryption synchronization on two sides of the encryption machine and the decryption machine is completed.
When the license is a proxy license, in step a3, the generation process of the proxy license specifically includes the following steps:
a311, the license management unit verifies the identity and detects the validity and validity of the digital certificate of the terminal;
a312, the license management unit detects the security log and detects the validity and integrity of the security log provided by the terminal;
a313, the license management unit selects digital content, selects digital content issued to the proxy license management unit, and provides a correspondence table of content identification and key identification corresponding to the currently selected digital content;
a314, the license management unit verifies the authority and verifies the authority of the proxy license management unit;
a315, the license management unit encrypts the seed and encrypts the seed by using a public key in a digital certificate of the proxy license management unit;
a316, the license management unit generates the proxy license according to the open digital rights language template.
When the license is a content license, in step a3, the generation process of the content license specifically includes the following steps:
a321, the license management unit verifies identity, and detects the validity and validity of a digital certificate or an authority key of a terminal;
a322, selecting digital content by the license management unit, and selecting the digital content for issuing content licenses;
a323, the license management unit verifies the authority, and verifies the authority according to the generation principle of the content license;
a324, the license management unit generates a CEK, retrieves a corresponding key identification according to a content identification corresponding to the currently selected digital content, generates the CEK, and encrypts the CEK according to a public key in a terminal digital certificate or a right key of the terminal;
a325, the license management unit generates the content license according to the open digital rights language template.
Aiming at the system of the invention, the license management unit issues the license to the added proxy license management unit, and the proxy license management unit carries out diversified management on a plurality of terminals in the local area network and provides diversified services so as to meet the diversified and personalized requirements of users. Specifically, the agent license management unit and the plurality of terminals are deployed in the local area network, the terminals are separated from the direct management of the license management unit, the agent license management unit manages the management of the terminals in the corresponding management authority of the license agent, the unified management of the plurality of terminals in the local area network can be realized, the digital content among the plurality of terminals can be copied under the control of the agent license management unit, and the migration of the digital content is realized. And the terminal can be managed by the proxy license management unit in the isolated local area network, apart from the management of the license management unit, and the proxy license management unit can provide the terminal with offline license services in addition to the online license services. Since the added proxy license management unit realizes the issuing of the license, the usage right of the digital content can be inherited, transferred or secondarily distributed. Here, the usage right is still controlled after transfer, and the retrospection of the usage right can be realized; the secondary distribution is that the agent license management unit issues licenses and authorizations again to the agent license management unit of its subordinate. In addition, the issuing of a multi-level license can be realized between the license management unit and a plurality of different levels of proxy license management units.
Comparing the present invention with the prior art, it can be seen that, because the license management unit directly manages the terminal in the prior art, when license management is performed on a terminal in a local area network, such as an enterprise local area network or a cell local area network, a series of problems such as inheritance, migration, assignment, multi-level license distribution, and the like of digital content usage rights cannot be solved by using the prior art. The invention leads the terminal in the local area network to be separated from the direct management of the license management unit and be managed by the proxy license management unit in a unified way under the condition of obtaining the license issued by the license management unit through the proxy license management unit added in the local area network. The invention solves a series of problems of inheritance, migration, assignment and multilevel license distribution of digital content use rights, and simultaneously solves the problems of license management of the terminal by the proxy license management unit in an isolated local area network, for example, extra offline license service can be provided for the terminal through the control and management of the log, that is, when the proxy license management unit applies for updating the license, the log is submitted first, and the license management unit monitors the DRM proxy service level through the audit log, thereby realizing the control of the proxy license management unit.
Moreover, the invention is suitable for unified digital copyright management and digital copyright management of terminals in enterprise local area networks or cell local area networks, and is convenient for enterprises to use licenses and internally manage in the enterprise local area networks. Because the agent license management unit is arranged in the enterprise local area network or the cell local area network, and the license management unit grants the corresponding management authority of the agent license management unit license agent, the enterprise end user, namely the terminal of the enterprise local area network, can not be connected with the license management unit in real time, and can still ensure the control of the digital copyright. And the permission granted to the terminal by the proxy license management unit can only be a subset of the permission granted to the proxy license management unit by the license management unit and cannot be exceeded. Through the proxy license management unit, the enterprise can autonomously manage the terminals of the enterprise local area network and the license rights used by the terminals.
Drawings
FIG. 1 is a schematic diagram of a conventional license management system;
FIG. 2 is a schematic diagram of the structure of the system of the present invention;
FIG. 3 is a schematic diagram of the structure of the log record of the present invention;
FIG. 4 is a schematic diagram of an exemplary embodiment of a system according to the present invention;
fig. 5 is a schematic flow chart of the implementation of the method of the present invention.
Detailed Description
The core idea of the invention is as follows: the license management unit issues the licenses to the added proxy license management unit, and the proxy license management unit carries out diversified management on the terminals in the local area network and provides diversified services so as to meet the diversified and personalized requirements of users.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings by way of examples.
As shown in fig. 2, a license multilevel management system includes: the system further includes a license management unit, an encryptor in the content packaging unit, and a decryptor in the terminal: a proxy license management unit. The invention is characterized in that the license management unit, the encryption machine in the content packaging unit and the decryption machine in the terminal are all existing components, and the proxy license management unit is added to apply for and acquire the license from the license management unit, uniformly manage at least one terminal in the local area network according to the authority information in the license, and realize the multilevel management of the license.
Here, the proxy license management unit is disposed in a local area network such as an enterprise local area network or a cell local area network, and the proxy license management unit is one or more. The multi-level management system composed of the agent license management unit and the license management unit is as follows: the multi-level distribution management system of the tree structure is presented in a mode of nodes. In a multi-level distribution management system which presents a tree structure in a node mode, a license management unit is a root node, a superior proxy license management unit is a father node, and a subordinate proxy license management unit is a child node; the agent license management units belonging to a father node in the multi-level distribution management system are brother nodes; and the proxy license management units belonging to the same layer in the multi-level distribution management system are brother nodes.
Here, the proxy license management unit is further configured to grant the right information in the license to the terminal, and the right information granted to the terminal by the current proxy license management unit for use is: the license management unit grants a subset of the rights information to the current proxy license management unit for use.
It is noted here that although other components in the system are present in addition to the added license management unit, since the added license management unit needs to interact with other components in the system to achieve multi-level management of licenses. Therefore, the existing components in the system actually change in function and effect, and cooperate with the added license management unit to realize the multi-level management of the license.
The following is a detailed description of the various components of the system including existing components that vary in function and effect, and the added license management unit.
The multilevel management system of the license is as follows: the multi-level distribution management system of the tree structure is presented in a mode of nodes. For example, in the multi-level distribution management system, a license management unit and a proxy license management unit having a relationship between upper and lower levels are generally included. When the upper-level agent license management unit is a second-level agent license management unit, the lower-level agent license management unit is a third-level agent license management unit. Then, the license management unit is further used for issuing a root license to the secondary proxy license management unit; and the secondary proxy license management unit is further used for issuing a secondary license to the tertiary proxy license management unit. Specifically, the license management unit is defined as a primary, and is used for issuing a root license, which may also be referred to as a root license management unit; the agent license management unit applying for the license to the root license management unit is defined as a secondary agent license management unit, the agent license management unit applying for the license to the secondary agent license management unit is defined as a tertiary agent license management unit, and so on. Therefore, the root license management unit issues the root license to the secondary proxy license management unit, the secondary proxy license management unit issues the secondary license to the tertiary proxy license management unit, and so on. The issuance of licenses at each level takes a chain structure and is continued in the order of issuance.
As shown in fig. 2, the system further comprises: a content management center and a proxy content management center. The license management unit is specifically used for generating a seed of a digital content encryption key and sending the seed to the encryption machine; a license is generated and sent to the proxy license management unit. The encryption machine is specifically used for applying to the license management unit and acquiring the seed and the content identification of the secret key; generating a key identification; establishing a corresponding table of the content identification and the key identification; generating a CEK according to the key identification and the seed; and sending the encrypted digital content to a content management center, and returning the key identification, the corresponding table of the content identification and the key identification and the authority information of the content to the license management unit. The established corresponding table of the content identification and the key identification is used for ensuring that encryption/decryption synchronization is realized on two sides of the encryption machine and the decryption machine. The agent license management unit is specifically used for acquiring the license from the upper-level license management unit and sending the content license required by the decryption machine; the content license includes the rights information and the CEK for use. And the content management center is specifically used for pushing the encrypted digital content to the proxy content management center. And the agent content management center is specifically used for pushing the encrypted digital content to a decryption machine in the terminal. And the decryption machine is specifically used for verifying the authority information and decrypting the encrypted digital content according to the CEK.
Here, the proxy license management unit is further configured to report the log and apply for license update to the license management unit, and the license management unit is further configured to audit the reported log and issue the license update. The license management unit provides two management modes of online license service and offline license service for the registration terminal or the proxy license management unit.
Specifically, for the encryption device, the encryption device is located in the content packaging unit, and is used for encrypting the digital content, and the encryption of the digital content is a source for realizing license management, and is a key for realizing effective management of the digital content. Before the encryption machine encrypts the digital content, a security module in the encryption machine firstly verifies the identity of the encryption machine based on a digital certificate or an authority key, and then verifies the security of the equipment. The digital content is encrypted in a secure environment that passes security authentication. For the encryption and decryption synchronization of digital contents, effective management of CEKs used for encrypting the digital contents is required. The encryption machine needs to apply for the content identification to the license management unit; the encryption machine acquires the seed from the license management unit, and the seed needs to be kept secret; the encryption machine generates a key identification; establishing a corresponding table of the content identification and the key identification, and returning the key identification and the corresponding table of the content identification and the key identification to the license management unit; generating encrypted digital content according to the seed and the key identification, and encrypting the digital content; and at the same time, sends the rights information of the content to the license management unit. The corresponding table of the content identification and the key identification is used for ensuring that encryption/decryption synchronization is realized on two sides of the encryption machine and the decryption machine.
Here, the key identification, the content identification, and the CEK are explained separately. For the key Identifier, the key Identifier is a character string used for generating a key and identifying the key, has a length of 16 bytes, and adopts a globally Unique Identifier (UUID) encoding specification. If two digital contents are encrypted by the same CEK, one digital content can be encrypted by using a plurality of CEKs as long as the same key identification is specified, and the key identification used for identification in encryption can distinguish which CEK is used for encryption. For the content id, the content id is used to uniquely identify a file, i.e. Digital content, and adopts UUID encoding specification or Digital Object Identifier (DOI). For CEKs, the CEK is used to encrypt digital content and is generated within a security module of an encryptor to secure the CEK. The CEK is generated by the modulus congruence generator from the number of seeds and the key identification. And the same key identification can obtain a unique CEK, otherwise, the key identification cannot be deduced from the CEK. Thus, for security, the CEK need not be stored, and only the key identification and the secret seed need to be stored to obtain the CEK. When the license management unit generates the proxy license and the content license, the CEK may be calculated from the stored key identification and the secret seed, based on the correspondence table of the content identification and the key identification. Therefore, the encryption/decryption synchronization can be always kept, and the traceability and the security of the CEK are realized. The CEK generation adopts a modulus congruence algorithm, and the specific algorithm is as follows:
int GenRndKey(unsigned char *buf,int keylen,int seed,unsigned char *keyid)
here, the encryption of the digital content by the encryptor is performed in a security module of the encryptor by using a symmetric cryptography, and the CEK is cleared immediately after the encryption is completed to ensure the security of the encryption. And providing encryption interfaces with different encryption algorithms and different modes based on the algorithm numbers so as to meet different security requirements. The specific interfaces are as follows:
static int Arith(const unsigned int a_iArithID,const unsigned char* a_pInData,
const unsigned int a_iInDataLen,
uns igned char* a_pOutData,unsigned int*a_pOutLen,
cons t unsigned char* a_pKey=NULL,const unsigned int a_iKeyLen=0);
for the license management unit, the license management unit is a core of the multi-level license management, and adopts an Open Digital Rights Language (ODRL) template. The license management unit is mainly responsible for providing the content identification to the encryptor, generating the seed of the key, providing the license to the proxy license management unit, and the like. The license management unit includes: the system comprises a security manager, an agent license management module, a key identification management module, a content license management module and a log management module. Here, the proxy license management module is configured to store and update a proxy license, and to issue the updated proxy license to a subordinate proxy license management unit thereof according to a service policy or a license update request of the subordinate proxy license management unit. Here, the content license management module is configured to store and update the content license, and to issue the updated content license to a subordinate proxy license management unit thereof according to a business policy or a license update request of the subordinate proxy license management unit. Among them, the update includes generation, deletion, and modification of three items of content. Also, the license management unit provides a digital content service to the registered terminal or proxy license management unit, and provides a content license service and a proxy license service based on the digital certificate or the rights key of the terminal or proxy license management unit. And after the CA digital certificate passes the verification or the authority key passes the verification, the seed or the CEK in the license is encrypted by using the public key or the authority key in the digital certificate, and the license is sent to the proxy license management unit.
Here, the license management unit further includes: the system comprises a security manager, a content identification management module, a key identification management module, an agent license management module, a content license management module and a log management module.
The security manager is used for being responsible for the security of the license management unit and the security communication to the outside, and completing identity authentication, access control, copyright control and analysis, equipment security control and encryption and decryption of digital content. Moreover, the security manager is a security system based on a PKI digital certificate, the license management unit has a digital certificate of the license management unit, a root digital certificate and a digital certificate of a developer of the security manager, the developer carries out digital signature on a core module of the security manager, and the security manager can normally work after the license management unit guarantees security through prior certificate signature.
And the content identification management module is used for managing the content identification. And the key identifier management module is used for managing the key identifier. The source of the key identification management module and the content identification management module is an encryption machine, and the key identification management module and the content identification management module are respectively connected with the encryption machine.
And the agent license management module is used for storing and updating the agent license. And the content license management module is used for storing and updating the content license. The agent license management module and the content license management module are respectively connected with the agent license management unit and are respectively used for issuing the agent license and the content license updated by the license management unit according to the service policy or the license updating request of the lower-level agent license management unit. Wherein the updating comprises generating, deleting and modifying three items of content.
And the log management module is used for carrying out integrity detection on the log submitted by the agent license management unit and auditing the operation of the agent license management unit. The log management module is also connected with the agent license management unit and is used for distributing the content license and the agent license according to the log reported by the agent license management unit and the license updating request by calling the agent license management module and the content license management module. The log management module supports two management modes of online license service and offline license service. When the online license service is supported, the license management unit acquires the log of the proxy license management unit through the network; when the offline license service is supported, an import interface is provided.
In the management of the multi-level license, for the license managed and issued by the license management unit, the types of the license include: a proxy license and a content license. The agent license comprises a seed for generating a key and agent authority information; the content license includes the CEK of the encrypted digital content and content rights information.
Here, it should be noted that: for the right information, the right information includes right information and limitation information, and the right information in the license includes: played, used, or copied. The restriction information in the license includes: time or number of times. Wherein, the time is divided into a starting time or an ending time. The rights information and the restriction information in the license are shown with reference to the following tables 1 and 2.
The principle of generation of a proxy license in the proxy license management module of the license management unit and the principle of generation of a content license in the content license management module of the license management unit are explained below, respectively.
The agent license management module is further used for generating an agent license according to the generation principle of the agent license; the generation principle of the proxy license is as follows: the principle that default is not limited to be allowed is adopted for the root license; the principle of no permission or prohibition is adopted for the secondary license and the subordinate licenses. For the generation principle of the proxy license, for example, the root license management unit generates the root license to the secondary proxy license management unit, and the secondary proxy license management unit generates the secondary license to the tertiary proxy license management unit, so the generation principle of the proxy license is: in one aspect, the root license, i.e., the primary license, is not actually present, and if the primary license is assumed to be present, then any rights are allowed, and there is no limitation. That is, the principle of default to permission without limitation is adopted. On the other hand, the secondary license and its subordinate license are actually present, and the principle that the secondary license is not allowed or prohibited is adopted. That is, only the rights information allowed in the license can be executed, and execution is strictly in accordance with the requirements of the restriction information. As shown in table 1, rights information and restriction information corresponding to each level of license. It should be noted here that the right information and the limitation information of the lower level license can be only a subset of the right information and the limitation information of the present level license.
Figure A200810246628D00191
Figure A200810246628D00201
TABLE 1
The content license management module is further used for generating a content license according to the generation principle of the content license; the generation principle of the content license is as follows: the principle that all the rights are not forbidden by default is adopted for all the rights; the principle of not allowing or prohibiting is adopted for one right that exists. The generated content license is a subset of the rights information of the licensee and is a subset of the rights information in the present level proxy license. The rights information of the right holder means rights information and restriction information required in claims of the content right holder. The principle of generation of content licenses-in particular, each content has the rights and restrictions of its own right-then the principle of generation of content licenses is: in one aspect, if all rights are not present, all are not prohibited by default. On the other hand, if only one right exists, the principle that the permission is not allowed is adopted. As shown in table 2, is authority information of a content license. The root license management unit and each level of proxy license management unit which generate the content license have their own proxy license, the proxy license at the level has the authority information, and the generated content license is not only the subset of the authority information of the right holder, but also the subset of the authority information in the proxy license at the level. And the content license contains the rights information, the restriction information, and the CEK that encrypts the specific digital content, the content license has two states, i.e., a locally saved allowed state and a locally saved not allowed state.
Figure A200810246628D00202
Figure A200810246628D00211
TABLE 2
For the proxy license management unit, the proxy license management unit is mainly responsible for applying a license and a key identifier to the license management unit or the superior proxy license management unit, and providing the license to the subordinate proxy license management unit or a decryption machine of the terminal. The proxy license management unit is similar in construction to the license management unit, and includes: the system comprises a security manager, a lower-level agent license management module, a key identification management module, a content license management module and a log management module.
The security manager of the agent license management unit mainly performs secure communication, identity authentication, access control, clock detection, security logging, CEK generation, content license generation, and the like. The security manager of the proxy license management unit is different from the security manager of the license management unit, and clock detection and security logs are added, and besides, other functions are consistent with the security manager of the license management center.
Here, the clock detection module for clock detection has its own clock management, preventing the terminal from modifying the system clock. The security log is different from the log of the log management module, and the security log is a function of the security manager and is used for security protection of locally generated logs in storage and transmission so as to prevent log records from being changed or deleted. As shown in fig. 3, fig. 3 is a schematic diagram of a composition structure of a log record according to the present invention, where the composition structure of the log record adopts a hash chain method to provide control over the integrity of the log record.
In fig. 3, the composition structure of the log records needs to contain the following information to ensure the integrity of each log record and the continuity of all log records.
Content node hash value: the header node contains a hash value of the content node. This hash value may be used to verify the content node.
Number of log series: the header node contains a sequence number. Each agent sequences its log to detect and delete log records.
Hash value of previous log record: the header node contains the hash value of the header node of the log record preceding the same agent. This data allows for a signature chain such that once a log record is verified, all previous log records can be verified by simply comparing the hash value of the previous log record contained in each header with the hash value calculated for the previous log record header.
Digital signature: the digital signature is computed using the private key of the proxy license management center that generated the log and verified using the public key in the proxy license management unit digital certificate.
For the decryption machine, the main module of the decryption machine is a security manager, and the security manager is responsible for clock detection, content license management and digital content decryption. Here, for clock detection, before the license is parsed, clock synchronization detection is performed with the proxy license management unit to prevent the terminal from modifying the system clock. Here, the content license management includes: requesting a content license and applying for and receiving the content license from the proxy license management unit; detecting the content license and verifying the existence and validity of the content license; clearing the content license and clearing the expired content license; verifying the authority, taking out the authority information from the content license, and verifying whether the authority information is valid; the CEK is removed from the content license and the digital content is decrypted, which is cleared immediately after decryption is complete.
For the content management center, the content management center manages the content encrypted by the encryption machine and provides a plurality of distribution ways.
For the proxy content management center, the proxy content management center manages the encrypted content provided by the superior content management center and provides multiple distribution approaches.
Fig. 4 is a schematic diagram of a configuration of an embodiment of the system of the present invention, and fig. 4 is a schematic diagram of a configuration of a primary license issuing system. In fig. 4, the method includes: the system comprises a license management unit of an operator operation center, a CA server, a content packaging unit, an agent license management unit deployed in a cell local area network or an enterprise local area network and a plurality of terminals.
The license management unit is used as a root license management unit and used for issuing a primary license to the proxy license management unit, and the proxy license management unit issues a secondary license to the terminal so as to complete the unified management of the plurality of terminals. Here, the proxy license management unit grants the right information used by the terminal on the basis of the primary license it receives, and the right information granted to the terminal for use is: the license management unit grants a subset of primary license right information to be used by the proxy license management unit. In short, the terminal can be out of the control of the license management unit without acquiring an online license from the license management unit; instead, the license management unit is offline, and the proxy license management unit controls and acquires the license, which is equivalent to acquiring the offline license from the license management unit. The CA server completes the CA digital certificate and provides certificate service to the license management unit. The terminal, the proxy license management unit and the content packaging unit apply for and obtain certificate services from the CA server, respectively. The encryption machine positioned in the content packaging unit encrypts the digital content and then sends the encrypted digital content to the terminal, and returns a key and right information for encrypting the digital content to the license management unit, wherein the key for encrypting the digital content is the CEK; the terminal receives the license and the encrypted digital content, extracts the CEK from the license by using a decryption machine located at the terminal, and decrypts the encrypted digital content.
As shown in fig. 5, a license multilevel management method includes the steps of:
step 101, the proxy license management unit applies for a license to the license management unit.
And 102, the agent license management unit acquires the applied license, uniformly manages at least one terminal in the local area network according to the authority information in the license, and realizes the multi-level management of the license.
The method further comprises the steps of:
step 201, the license management unit generates a seed of a digital content encryption key and sends the seed to an encryption machine; the encryption machine generates a key identification and generates a CEK according to the key identification and the seed; the encryption machine returns the authority information of the content to the license management unit; and simultaneously, the encryption machine applies for and obtains the content identification from the license management unit, establishes a corresponding table of the content identification and the key identification and returns the corresponding table to the license management unit.
Here, the rights information of the content includes: rights information and restrictions information. Wherein the rights information includes: played, used, or copied. The restriction information includes: time or number of times, and time includes a start time or an end time.
Step 202, the encryption engine transmits the encrypted digital content to the content management center.
Step 203, the agent license management unit reports the log to the license management unit through a network or other transmission modes and applies for the license, and after the license management unit passes the log verification, the updated license is transmitted to the agent license management unit through the network or other transmission modes; and meanwhile, the license management unit transmits the selected digital content and the corresponding relation between the content identifier and the key identifier to the proxy license management unit through a network or other transmission modes, the proxy license management unit acquires the key identifier according to the content identifier corresponding to the selected digital content and the corresponding table of the content identifier and the key identifier, generates a CEK according to the seed and the key identifier and provides the CEK for a decryption machine to decrypt.
Here, in summary, the correspondence table of the content identification and the key identification ensures encryption/decryption synchronization on both sides of the encryptor and the decryptor.
Here, the license includes a proxy license and a content license. Wherein the proxy license includes: authority information of the agent and a seed for generating the key. Wherein the seed is encrypted using a public key in the proxy license management unit digital certificate; the content license includes: the CEK of the digital content and the rights information of the content are encrypted.
And step 204, the content management center pushes the encrypted digital content to the proxy content management center.
Step 205, the agent license management unit sends the content license required by the decryption machine to the terminal, and the content license required by the decryption machine includes: rights information used by the decryptor and the CEK.
Here, the CEK is encrypted using a public key or an authority key of the decryptor.
Step 206, the content management center sends the encrypted digital content to the terminal through the proxy content management center; the agent license management unit transmits a content license required by the decryption machine to the terminal, the content license required by the decryption machine including rights information and a CEK used by the decryption machine.
And step 207, the terminal verifies the authority information and decrypts the encrypted digital content according to the CEK.
Here, the license includes a proxy license and a content license, and the generation flow of the proxy license includes the following steps for the proxy license:
step 301, the license management unit verifies the identity and detects the validity and validity of the digital certificate of the terminal.
Step 302, the license management unit detects the security log and detects the validity and integrity of the security log provided by the terminal.
Step 303, the license management unit selects the digital content, selects the digital content issued to the proxy license management unit, and provides a correspondence table of the content identifier and the key identifier corresponding to the currently selected digital content.
Step 304, the license management unit reviews the rights and verifies the rights of the proxy license management unit.
Step 305, the license management unit encrypts the seed and encrypts the seed with the public key in the proxy license management unit digital certificate.
Step 306, the license management unit generates a proxy license according to the ODRL template.
For a content license, the generation flow of the content license includes the steps of:
step 401, the license management unit verifies the identity and detects the validity and validity of the digital certificate or the right key of the terminal.
Step 402, the license management unit selects digital content and selects digital content that issues a content license.
Step 403, the license management unit verifies the authority, and verifies the authority according to the generation principle of the content license.
Step 404, the license management unit generates a CEK, retrieves a corresponding key identifier according to a content identifier corresponding to the currently selected digital content, generates the CEK, and encrypts the CEK according to a public key in the terminal digital certificate or a rights key of the terminal.
Step 405, the license management unit generates a content license according to the ODRL template.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.

Claims (17)

1. A license multi-level management system, the system comprising: a license management unit, an encryptor in the content packaging unit, and a decryptor in the terminal, characterized by further comprising: an agent license management unit; wherein,
and the proxy license management unit is used for applying for the license management unit and acquiring the license, uniformly managing at least one terminal in the local area network according to the authority information in the license, and realizing the multilevel management of the license.
2. The system according to claim 1, wherein the proxy license management unit is deployed in the local area network, the proxy license management unit is at least one, and a multi-level management hierarchy is formed by the proxy license management unit and the license management unit, and the multi-level management hierarchy presents a multi-level distribution of a tree structure in a node manner.
3. The system according to claim 2, wherein in the multi-level distributed management system that presents a tree structure in a node manner, the license management unit is a root node, the upper-level proxy license management unit is a parent node, and the lower-level proxy license management unit is a child node; the agent license management units belonging to a father node are brother nodes; the proxy license management units belonging to the same layer are brother nodes.
4. The system of claim 2, wherein, in the multi-level distribution management hierarchy,
the license management unit is further used for issuing a root license to the secondary proxy license management unit; the second-level agent license management unit is further used for issuing a second-level license to the third-level agent license management unit; the issuance of licenses at each level takes a chain structure and is continued in the order of issuance.
5. The system of claim 1, wherein the proxy license management unit is further configured to grant the terminal with the right information in the license, and the right information granted to the terminal by the current proxy license management unit is: the license management unit grants a subset of the rights information to the current proxy license management unit for use.
6. The system of any one of claims 1 to 5, further comprising: a content management center and an agent content management center; wherein,
the license management unit is specifically used for generating a seed of a digital content encryption key and sending the seed to the encryption machine; generating a license and sending the license to the proxy license management unit;
the encryption machine is specifically used for applying for the license management unit and acquiring the seed and the content identification of the secret key; generating a key identification; establishing a corresponding table of the content identification and the key identification; generating a Content Encryption Key (CEK) according to the key identification and the seed; sending the encrypted digital content to the content management center, and returning the key identification, the corresponding table of the content identification and the key identification and the authority information of the content to the license management unit;
the corresponding table of the content identification and the key identification is used for ensuring that the encryption/decryption synchronization is realized on the two sides of the encryption machine and the decryption machine;
the agent license management unit is specifically used for acquiring the license from the upper-level license management unit and sending the content license required by the decryption machine; the content license includes the CEK and rights information for use;
the content management center is specifically used for pushing the encrypted digital content to the proxy content management center;
the agent content management center is specifically configured to push the encrypted digital content to the decryption machine in the terminal;
the decryptor is specifically configured to verify the rights information and decrypt the encrypted digital content according to the CEK.
7. The system of claim 6, wherein the agent license management unit is further configured to report a log and apply for license update to the license management unit, and the license management unit is further configured to audit the reported log and issue the license update; the license management unit provides two management modes of online license service and offline license service for the registration terminal or the proxy license management unit.
8. The system of claim 6, wherein the license management unit further comprises: the system comprises a security manager, a content identifier management module, a key identifier management module, an agent license management module, a content license management module and a log management module; wherein,
the security manager is used for taking charge of the security of the license management unit and the security communication to the outside, and completing identity authentication, access control, copyright control and analysis, equipment security control and encryption and decryption of digital content;
the content identification management module is used for managing content identification;
the key identification management module is used for managing the key identification;
the agent license management module is used for storing and updating the agent license;
the content license management module is used for storing and updating the content license;
the updating comprises generating, deleting and modifying three items of content;
the log management module is used for carrying out integrity detection on the log submitted by the agent license management unit and auditing the operation of the agent license management unit; the log management module supports two management modes of online license service and offline license service.
9. The system of claim 8, wherein the proxy license management module is further configured to generate the proxy license in compliance with the generation principle of the proxy license; the generation principle of the proxy license is as follows: the principle that default is not limited to be allowed is adopted for the root license; the principle of no permission or prohibition is adopted for the secondary license and the subordinate licenses.
10. The system of claim 8, wherein the content license management module is further configured to generate the content license in compliance with a generation principle of a content license; the generation principle of the content license is as follows: the principle that all the rights are not forbidden by default is adopted for all the rights; the principle that a right exists is not allowed or prohibited;
the content license generated is a subset of the rights information of the licensee and is a subset of the rights information in the proxy license at this level.
11. A method for license multi-level management, the method comprising: the agent license management unit applies for a license to the license management unit; and the agent license management unit acquires the applied license, uniformly manages at least one terminal in the local area network according to the authority information in the license and realizes the multilevel management of the license.
12. The method according to claim 11, characterized in that it comprises in particular the steps of:
a1, the license management unit generates the seed of the digital content encryption key and sends the seed to the encryption machine;
a2, the encryption machine generates a key identification, and generates a CEK according to the key identification and the seed; the encryption machine returns the authority information of the content to the license management unit; the encryption machine sends the digital content encrypted by the CEK to a content management center;
a3, the agent license management unit reports the log to the license management unit and applies for the license, and the license management unit issues the updated license to the agent license management unit after the log is approved by the license management unit;
a4, the content management center sends the encrypted digital content to the terminal through the proxy content management center; the agent license management unit sends the content license required by the decryption machine to the terminal, wherein the content license required by the decryption machine comprises the license information used by the decryption machine and the CEK;
a5, the terminal verifies the authority information and decrypts the encrypted digital content according to the CEK.
13. The method according to claim 12, wherein step a2 further comprises: the encryption machine applies for and obtains the content identification from the license management unit, establishes a corresponding table of the content identification and the key identification and returns the table to the license management unit;
step a3 further includes: the license management unit issues the selected digital content and the corresponding table of the content identification and the key identification to the proxy license management unit, the proxy license management unit acquires the key identification according to the content identification corresponding to the selected digital content and the corresponding table of the content identification and the key identification, generates a CEK according to the seed and the key identification and provides the CEK for a decryption machine to decrypt, and encryption/decryption synchronization on two sides of the encryption machine and the decryption machine is completed.
14. The method according to any one of claims 11 to 13, wherein when the license is a proxy license, in step a3, the generation process of the proxy license specifically includes the following steps:
a311, the license management unit verifies the identity and detects the validity and validity of the digital certificate of the terminal;
a312, the license management unit detects the security log and detects the validity and integrity of the security log provided by the terminal;
a313, the license management unit selects digital content, selects digital content issued to the proxy license management unit, and provides a correspondence table of content identification and key identification corresponding to the currently selected digital content;
a314, the license management unit verifies the authority and verifies the authority of the proxy license management unit;
a315, the license management unit encrypts the seed and encrypts the seed by using a public key in a digital certificate of the proxy license management unit;
a316, the license management unit generates the proxy license according to the open digital rights language template.
15. The method according to any one of claims 11 to 13, wherein when the license is a content license, in step a3, the generation process of the content license specifically includes the following steps:
a321, the license management unit verifies identity, and detects the validity and validity of a digital certificate or an authority key of a terminal;
a322, selecting digital content by the license management unit, and selecting the digital content for issuing content licenses;
a323, the license management unit verifies the authority, and verifies the authority according to the generation principle of the content license;
a324, the license management unit generates a CEK, retrieves a corresponding key identification according to a content identification corresponding to the currently selected digital content, generates the CEK, and encrypts the CEK according to a public key in a terminal digital certificate or a right key of the terminal;
a325, the license management unit generates the content license according to the open digital rights language template.
CN 200810246628 2008-12-30 2008-12-30 Multilevel management system and method for license Expired - Fee Related CN101442404B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810246628 CN101442404B (en) 2008-12-30 2008-12-30 Multilevel management system and method for license

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810246628 CN101442404B (en) 2008-12-30 2008-12-30 Multilevel management system and method for license

Publications (2)

Publication Number Publication Date
CN101442404A true CN101442404A (en) 2009-05-27
CN101442404B CN101442404B (en) 2013-02-06

Family

ID=40726665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810246628 Expired - Fee Related CN101442404B (en) 2008-12-30 2008-12-30 Multilevel management system and method for license

Country Status (1)

Country Link
CN (1) CN101442404B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938497A (en) * 2010-09-26 2011-01-05 深圳大学 Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof
CN103227719A (en) * 2011-06-20 2013-07-31 保护时知识产权控股有限公司 System and method for generating keyless digital multi-signatures
CN103380429A (en) * 2011-02-10 2013-10-30 汤姆逊许可公司 Method and device for controlling distribution of licenses
CN106407350A (en) * 2016-09-05 2017-02-15 广州视睿电子科技有限公司 Method and device for filtering error log information
CN107302434A (en) * 2016-04-15 2017-10-27 平安科技(深圳)有限公司 The method of calibration and system of Electronic Signature
CN109902450A (en) * 2019-03-14 2019-06-18 成都安恒信息技术有限公司 A kind of offline method for permitting to sign and issue management
CN109918869A (en) * 2019-02-13 2019-06-21 北京百分点信息科技有限公司 A kind of unified license control method based on template
CN110086619A (en) * 2019-04-29 2019-08-02 国网安徽省电力有限公司信息通信分公司 Key stream generating method and device
CN110224737A (en) * 2019-05-20 2019-09-10 南京控维通信科技有限公司 Multistage network control center implementation method towards satellite emergency communication system
CN113162762A (en) * 2021-04-16 2021-07-23 北京深思数盾科技股份有限公司 Key authorization method, encryption machine, terminal and storage medium
WO2022001418A1 (en) * 2020-06-30 2022-01-06 腾讯科技(深圳)有限公司 Data processing method and apparatus, and computer program and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030126086A1 (en) * 2001-12-31 2003-07-03 General Instrument Corporation Methods and apparatus for digital rights management
CN101103577A (en) * 2004-12-03 2008-01-09 美泰有限公司 Digital rights management compliance with portable digital media device
CN101118578B (en) * 2006-08-04 2011-04-13 华为技术有限公司 Method and system for interacting equipment with permission server

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101938497A (en) * 2010-09-26 2011-01-05 深圳大学 Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof
CN101938497B (en) * 2010-09-26 2013-01-30 深圳大学 Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof
CN103380429A (en) * 2011-02-10 2013-10-30 汤姆逊许可公司 Method and device for controlling distribution of licenses
CN103227719A (en) * 2011-06-20 2013-07-31 保护时知识产权控股有限公司 System and method for generating keyless digital multi-signatures
CN103227719B (en) * 2011-06-20 2016-12-21 保护时知识产权控股有限公司 Generate the system and method without key digital multi-signature
CN107302434A (en) * 2016-04-15 2017-10-27 平安科技(深圳)有限公司 The method of calibration and system of Electronic Signature
CN107302434B (en) * 2016-04-15 2021-08-24 平安科技(深圳)有限公司 Method and system for checking electronic signature
CN106407350A (en) * 2016-09-05 2017-02-15 广州视睿电子科技有限公司 Method and device for filtering error log information
CN109918869A (en) * 2019-02-13 2019-06-21 北京百分点信息科技有限公司 A kind of unified license control method based on template
CN109902450A (en) * 2019-03-14 2019-06-18 成都安恒信息技术有限公司 A kind of offline method for permitting to sign and issue management
CN109902450B (en) * 2019-03-14 2023-01-24 成都安恒信息技术有限公司 Method for off-line permission issuing management
CN110086619A (en) * 2019-04-29 2019-08-02 国网安徽省电力有限公司信息通信分公司 Key stream generating method and device
CN110086619B (en) * 2019-04-29 2020-10-30 北京邮电大学 Key stream generation method and device
CN110224737A (en) * 2019-05-20 2019-09-10 南京控维通信科技有限公司 Multistage network control center implementation method towards satellite emergency communication system
CN110224737B (en) * 2019-05-20 2020-08-11 南京控维通信科技有限公司 Method for realizing multi-stage network control center for satellite emergency communication system
WO2022001418A1 (en) * 2020-06-30 2022-01-06 腾讯科技(深圳)有限公司 Data processing method and apparatus, and computer program and storage medium
CN113162762A (en) * 2021-04-16 2021-07-23 北京深思数盾科技股份有限公司 Key authorization method, encryption machine, terminal and storage medium
CN113162762B (en) * 2021-04-16 2022-07-19 北京深思数盾科技股份有限公司 Key authorization method, encryption machine, terminal and storage medium

Also Published As

Publication number Publication date
CN101442404B (en) 2013-02-06

Similar Documents

Publication Publication Date Title
CN101442404B (en) Multilevel management system and method for license
KR102265652B1 (en) Blockchain-based digital rights management
US8464354B2 (en) Content cryptographic firewall system
US9866375B2 (en) Multi-level key management
US7975312B2 (en) Token passing technique for media playback devices
US7437771B2 (en) Rendering protected digital content within a network of computing devices or the like
JP4856169B2 (en) Domain context showing user and device based domain system and management method thereof
EP2293490A1 (en) Information processing device, encryption key management method, computer program and integrated circuit
US20060149683A1 (en) User terminal for receiving license
JP4168679B2 (en) Content usage management system, information processing apparatus or method for using or providing content, and computer program
KR100656402B1 (en) Method and apparatus for the secure digital contents distribution
KR20050074494A (en) Method and device for authorizing content operations
AU2004200468A1 (en) A method, system and computer-readable storage for a licensor to issue a digital license to a requestor
KR20050096796A (en) Method and apparatus for acquiring and removing informations of digital right objects
KR20080065661A (en) A method for controlling access to file systems, related system, sim card and computer program product for use therein
CN111181719B (en) Hierarchical access control method and system based on attribute encryption in cloud environment
WO2022148182A1 (en) Key management method and related device
KR101447194B1 (en) Apparatus and method for Sharing DRM Agents
CN107317823A (en) Encryption method and system in a kind of cloud storage system
KR101073836B1 (en) An efficient management and operation method of the license on the digtal rights management system
US20070220585A1 (en) Digital rights management system with diversified content protection process
KR100850929B1 (en) Encryption/Decryption System of AD DRM License and Method Thereof
Li et al. Key management for role hierarchy in distributed systems
Faniband et al. An Efficient Distributed Framework for Secured Multimedia Content Using Cloud Storage
Piechotta et al. Secure dynamic cloud-based collaboration with hierarchical access

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130206

Termination date: 20131230