Nothing Special   »   [go: up one dir, main page]

CN101827108B - Method for describing and acquiring right object of digital work in digital right management - Google Patents

Method for describing and acquiring right object of digital work in digital right management Download PDF

Info

Publication number
CN101827108B
CN101827108B CN201010169104A CN201010169104A CN101827108B CN 101827108 B CN101827108 B CN 101827108B CN 201010169104 A CN201010169104 A CN 201010169104A CN 201010169104 A CN201010169104 A CN 201010169104A CN 101827108 B CN101827108 B CN 101827108B
Authority
CN
China
Prior art keywords
right object
client
module
digitized works
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010169104A
Other languages
Chinese (zh)
Other versions
CN101827108A (en
Inventor
赵黎
翟宇轩
何行舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201010169104A priority Critical patent/CN101827108B/en
Publication of CN101827108A publication Critical patent/CN101827108A/en
Application granted granted Critical
Publication of CN101827108B publication Critical patent/CN101827108B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a method for describing and acquiring a right object of a digital work in digital rights management, which belongs to the field of digital right management. A client end registers with a registry module to establish information in a right issuing process, and then the client end sends a request for acquiring the right object to a digital work mark acquisition module to obtain the right object of the digital work. The right object of the digital work is constructed by a right object construction module according to the digital work sign after the communication among a content module, an authority module and a signature module. The method has the advantages of simplifying the method for describing and acquiring the right object, reducing the resource required by storage and transmission of the right object, improving the transmission and storage efficiency effectively and being better applicable to a system of which the bandwidth or transmission capacity, the resource and the processing capacity are limited.

Description

The method that the right object of Digitized Works is described and obtained in the digital copyright management
Technical field
The present invention relates to the right object description of Digitized Works in the digital copyright management (being designated hereinafter simply as DRM) and the method for obtaining; Be particularly related to the description of the right object in the DRM system and the design of obtaining agreement of right object, belong to the digital copyright management technical field.
Background technology
The appearance of digital technology makes lot of works occur and issue with digitized forms.This makes the works of digitized forms, and promptly the copy of the Digitized Works speed that becomes is fast, and cost is low, and distortion is little.Be accompanied by Internet development, Digitized Works are propagated and are become very easy, have caused a lot of Digitized Works to be propagated by bootlegging, can not get control and management, thus infringement content owner's interests.Digital copyright management turns the technology that article rationally use into as a kind of control and administering digital, through Digitized Works are carried out encipherment protection, has effectively safeguarded content owner's interests.Right object in the digital copyright management provides the information to the visit and the control of shielded Digitized Works, comprises the key that is used to visit shielded Digitized Works, the access rights that Digitized Works can use.Also just because of this, the digital copyright management technology has obtained application more and more widely.Right object important problem in the digital copyright management is just described and obtained to the description of right object and obtain the important part in the also digital copyright management technology just how.And traditional right object based on XML is described and is obtained in the agreement, and the transmission of data and service dispatch exist certain redundancy, is unfavorable in the limited system of resource and disposal ability, using.
Summary of the invention
The present invention seeks to propose the right object description of Digitized Works in the digital copyright management and the method for obtaining.Description and the right object of this method through simplifying right object obtain agreement, make the technology of digital copyright management that Digitized Works are controlled and managed can effectively apply among bandwidth or transmittability, resource and the disposal ability limited systems.
The present invention proposes the right object description of Digitized Works in the digital copyright management and the method for obtaining; It is characterized in that, this method be in the digital copyright management network as the right person's of signing and issuing server with realizing according to the following steps successively between the client in the computer equipment:
Step (1) initialization procedure;
Step (1.1) is settled following software module in described server: Registering modules, Digitized Works identifier acquisition module, right object make up module, content module, authority module, limiting module and signature blocks; Said Digitized Works sign is in digital copyright management, distributed by the sequencing of said digital copyright management network management by the network based Digitized Works of said digital copyright management, has uniqueness;
The information of step (1.2) said server of initialization in described Registering modules comprises the version of communication protocol between that the unique identification of said server, the third party who is used to prove certificate chain that said server law effectively forms by the link of some certificates, granting certificate that said server is trusted who is called as the certificate chain of said server, enciphering and deciphering algorithm that said server is supported and said server are supported and the said client; The mapping table of sign that in described Digitized Works identifier acquisition module, has version number and the Digitized Works of Digitized Works; Make up the partial information that has said server in the module at said right object, comprise the unique identification of said server and the certificate chain of said server; The mapping table of access key of sign and these Digitized Works of summary mapping table and Digitized Works that in said content module, has sign and these Digitized Works of Digitized Works; The mapping table of access rights that in said authority module, has sign and these Digitized Works of Digitized Works; The mapping table of restrict access that in said limiting module, has sign and these Digitized Works of Digitized Works; The mapping table of signature of right object that in said signature blocks, has sign and these Digitized Works of Digitized Works; The signature of said right object has comprised the summary, access key, access rights of these Digitized Works and object that restrict access constitutes and has described the integrality of the right object text that the back forms and the information of correctness through digitlization; The information of the said client of initialization in said client comprises the version of communication protocol between that the unique identification of said client, the third party who is used to prove certificate chain that said client law effectively forms by the link of some certificates, granting certificate that said client is trusted who is called as the certificate chain of said client, enciphering and deciphering algorithm that said client is supported and said client are supported and the described server;
The said client of step (2) is sent initiation requests to said Registering modules, has comprised the unique identification of the version of communication protocol between that said client is supported and the said server, said client and the enciphering and deciphering algorithm that said client is supported in the said initiation requests;
After the said Registering modules of step (3) is accepted the initiation requests of said client transmission; Send initial response to said client, comprised in the said initial response identify said initiation requests whether response of successful state, said server support and said client between version, the unique identification of said server, the enciphering and deciphering algorithm of said server support and the third party of the granting certificate that said server is trusted of communication protocol; If said initial responsive state is successfully, then representes the initiation requests of the said client of success response, and carry out step (4); If said initial responsive state is then represented the not initiation requests of the said client of success response for unsuccessful, said Registering modules will be refused the register requirement that will send after the said client, finish simultaneously with said client between communicate by letter;
After the said client of step (4) is accepted the initial response of said Registering modules transmission; Send register requirement to said Registering modules; Said register requirement has comprised the third party of the granting certificate that the certificate chain of said client, said client trust and the signature of said register requirement, and the signature of said register requirement has comprised the correctness of said register requirement and the information of integrality;
The said Registering modules of step (5) is accepted the register requirement that said client is sent; Certificate chain according to said client; Confirm said client be believable after; Send register response to said client, comprised in the said register response and identify said register requirement whether response of successful state, the certificate chain of said server and the signature of said register response, the signature of said register response has comprised the correctness of said register response and the information of integrality; If said register response state is successfully, then representes the register requirement of the said client of success response, and carry out step (6); If said register response state is then represented the not register requirement of the said client of success response for unsuccessful, said Registering modules will be refused the register requirement of said client;
The said client of step (6) is accepted the register response that said Registering modules sends; Certificate chain according to said server; Confirm said server be believable after; Set up a right and sign and issue the information of using in the process, comprise the certificate chain of the said client that the version of communication protocol between said client and the said server and the client described in the process that succeeds in registration are used, and store said right and sign and issue the information of using in the process;
The said client of step (7) is signed and issued the information of using in the process according to said right, sends the request of right object acquisition to said Digitized Works identifier acquisition module; Said right object obtain the unique identification that has comprised said client in the request, said client certificate chain, the version number and the said right object of Digitized Works of the right object that will obtain the signature of request, the signature that said right object obtains request has comprised the information that said right object obtains request correctness and integrality; Said Digitized Works identifier acquisition module is according to the certificate chain of said client; Confirm said client be believable after; From the mapping table of self, obtain the sign of Digitized Works, and the sign of said Digitized Works is sent to said right object structure module;
The said right object of step (8) makes up the sign that module is accepted the Digitized Works of said Digitized Works identifier acquisition module transmission; Make up the structural table of right object; Comprise each required field of structure right object in the structural table of said right object, comprised content field, rights field and signature field successively; The summary and the access key that have comprised said Digitized Works in the said content field; Said rights field has comprised the access rights of said Digitized Works and the restrict access of said Digitized Works; Said signature field has comprised signature length and signature contents, and said signature contents has comprised integrality and the information of correctness that the right object text of said right object is described in digitlization; The above each field makes up module by said right object and realizes according to the following steps successively respectively and between said content module, said authority module and the said signature blocks:
The said right object of step (8.1) makes up module is sent sign from said Digitized Works to said content module; Said content module is according to the sign of said Digitized Works; From the mapping table of self; Get access to the summary and the access key of said Digitized Works, construct the content field of the right object of said Digitized Works, and said content field is sent to said right object structure module;
After the said right object structure of step (8.2) module is accepted the content field of said content module transmission; Send the sign of said Digitized Works to said authority module; Said authority module is according to the sign of said Digitized Works; From the mapping table of self; Get access to the access rights of said Digitized Works; Comprise the restrict access that receives under quantity and the different rights type of the different rights type that the type of authority, said Digitized Works have, the type of said authority comprises: play the authority class, show the authority class, copy authority class, carry out the authority class and represent that said Digitized Works can be transferred to the derivation authority class of another digital copyright management network from a digital publishing rights supervising the network; Said restrict access is represented by limit field, and is to make up according to the following steps successively between said authority module and the said limiting module:
The said authority module of step (8.2.1) is sent sign from said Digitized Works to said limiting module;
The said limiting module of step (8.2.2) is according to the sign of said Digitized Works; From the mapping table of self; Get access to the restrict access of said Digitized Works; Comprise the type of restriction and the quantity of the different Limit Types that said Digitized Works have; Construct the limit field of the right object of said Digitized Works, comprise the parameter that type and corresponding types had of restriction, the type of said restriction comprises that the limit number word turns the restriction of article access times into, the restriction Digitized Works use the restriction of duration, the restriction that the restriction Digitized Works use the period, the restriction that the restriction Digitized Works use in what system; Said limiting module sends to said authority module with said limit field;
After the said authority module of step (8.3) is accepted the limit field of said limiting module transmission; Access rights according to said Digitized Works; Construct the rights field of the right object of the said Digitized Works that added said limit field, and said rights field is sent to said right object structure module;
After the said right object structure of step (8.4) module is accepted the rights field of said authority module transmission, the sign of sending said Digitized Works to said signature blocks; Said signature blocks is according to the sign of said Digitized Works; From the mapping table of self; Get access to the signature of the right object of said Digitized Works, construct the signature field of the right object of said Digitized Works, and said signature field is sent to said right object structure module;
After the said right object structure of step (9) module is accepted the signature field of said signature blocks transmission,, make up the right object of said Digitized Works according to said structural table.
The said right object of step (10) makes up module and sends the response of right object acquisition to said client; Said right object obtains the right object that comprised the said Digitized Works that build in the step (9) in the response, the said right object of sign and obtains and whether ask that the certificate chain and the said right object of response of successful state, the unique identification of said server, said server obtain the signature of response, and the signature that said right object obtains response has comprised said right object and obtained the correctness of response and the information of integrality; If it is successfully that said right object obtains responsive state, representes that then the right object of the said client of success response obtains request, and carry out step (11); If said right object obtains responsive state for unsuccessful, represent that then the right object of the said client of success response does not obtain request, said right object makes up module is not sent right object from said Digitized Works to said client;
The said client of step (11) receives after said right object obtains response, according to the certificate chain of said server, confirm said server be believable after, accept the right object of said Digitized Works, accomplish the acquisition process of right object.
The design that method of the present invention is described and obtained agreement through right object being carried out digitlization makes the technology of digital copyright management that Digitized Works are controlled and managed can effectively apply among bandwidth or transmittability, resource and the disposal ability limited systems.Through the information description right object of binary code representation, can effectively reduce the shared memory space of right object, reduce the required bandwidth of transmission right object simultaneously, and reduce the room and time of resolving the required resolution system of right object.Right object obtains the design of agreement and uses with respect to the content in the more easy string representation protocol transmission of XML, the efficient in the time of can effectively improving transmission.
Description of drawings
Fig. 1 is the FB(flow block) of the inventive method.
The practical implementation method
Among Fig. 1, the 1st, client is sent initiation requests and register requirement to Registering modules; The 2nd, the initiation requests and the register requirement of Registering modules customer in response end; The 3rd, client is sent the object acquisition request to the Digitized Works identifier acquisition module; 4 Digitized Works identifier acquisition module make up the sign that module is sent Digitized Works to right object; The 5th, right object makes up module is sent sign from Digitized Works to content module; The 6th, content module makes up the content field that module is sent right object to right object; The 7th, right object makes up module is sent sign from Digitized Works to authority module; The 8th, authority module is sent the sign of Digitized Works to limiting module; The 9th, limiting module is sent the limit field of right object to authority module; The 10th, authority module makes up the rights field that module is sent right object to right object; The 11st, right object makes up module is sent sign from Digitized Works to signature blocks; The 12nd, signature blocks makes up the signature field that module is sent right object to right object; The 13rd, the right object that right object makes up the module responds client obtains request.
The present invention proposes in the method that the right object of Digitized Works in the digital copyright management describes and obtain, and the communication process between each module comprises following content:
Agreement between said client and the said Registering modules is to be used for said client to initiate register requirement to said server, for said server provides foundation in the process of follow-up granting right object.At first, the unique identifier that said client can be through said client is initiated the initiation requests of beginning agreement to said Registering modules, if said Registering modules has been accepted the initiation requests of said client, said Registering modules can respond to said initiation requests.Then, said client can be sent register requirement to said Registering modules, has wherein comprised the information such as certificate chain of said client.The information such as certificate chain that said Registering modules of while can send said server to client are to respond the register requirement of said client.After said client and said server had been be sure of the other side's certificate, said client can be set up a right and sign and issue the information of using in the process.Said Registering modules can respond to the register requirement of said client, accomplishes the registration of said client.
Said client and said Digitized Works identifier acquisition module and said right object make up module and between agreement be to be used for said client to initiate right object to said server and obtain request.At first, the said client sign of sending the unique identification and the Digitized Works of said client to said Digitized Works identifier acquisition module.Said Digitized Works identifier acquisition module can send to the sign of said Digitized Works said right object and make up module.Said right object makes up module can be according to the sign of said Digitized Works; Through communicating by letter with said content module, said authority module and said signature blocks; Make up the right object of said Digitized Works; And said right object sent to said client, accomplish said client right object request responding.
Client of the inventive method and the communication between the Registering modules, and the communication between client and Digitized Works identifier acquisition module and the right object structure module all are to accomplish through Http request and Http response.The type of agreement is through the path representation among the URI.The particular content of protocol transmission is placed in the middle of the message body of Http message.Particular content is by string representation.Character string is shown by character string name and character string body surface, and is connected through "=".Pass through between the character string "; " cut apart.
In the said method, the communication process between client and the Registering modules comprises the steps:
(1) said client is to the initiation requests of said Registering modules transmission log-in protocol, and transmission thes contents are as follows:
The path of URI is " registration/hello ".
Theing contents are as follows of Http request message body:
The character string name Character string is described
Version The version of agreement
Device?ID The unique identifier of client
Supported?Algorithms The enciphering and deciphering algorithm of supporting
(2) said Registering modules responds the initiation requests of said client, and transmission thes contents are as follows:
Theing contents are as follows of Http response message body:
The character string name Character string is described
Status Whether ask the response of successful state
Selected?Version The protocol version that server is selected
RI?ID The unique identifier of server
Selected?Algorithms The enciphering and deciphering algorithm that server is selected
Trusted?Device?Authorities The third party system of the granting certificate of server trust
(3) said client is sent register requirement to said Registering modules, and transmission thes contents are as follows:
The path of URI is " registration/apply ".
Theing contents are as follows of Http request message body:
The character string name Character string is described
Certificate?Chain The certificate chain of client
Trusted?RI?Authorities The third party system of the granting certificate that client is trusted
Signature The signature of this Http request integrality and correctness
(4) said Registering modules responds the register requirement of said client, and transmission thes contents are as follows:
Theing contents are as follows of Http response message body:
The character string name Character string is described
?Status Whether ask the response of successful state
?Certificate?Chain The certificate chain of server
?Signature The signature of this Http response integrality and correctness
In the said method, client and and Digitized Works identifier acquisition module and right object make up the communication process between the module, comprise the steps:
(1) said client is sent the request of right object acquisition to said Digitized Works identifier acquisition module, and transmission thes contents are as follows:
The path of URI is " ro ".
Theing contents are as follows of Http request message body:
The character string name Character string is described
?Device?ID The unique identifier of client
?RI?ID The unique identifier of server
?RO?Info The information of right object, the i.e. sign of Digitized Works
?Certificate?Chain The certificate chain of client
?Signature The signature of this Http request integrality and correctness
(2) sign of said Digitized Works identifier acquisition module transmission Digitized Works makes up module for said right object.
(3) right object of the said client of said right object structure module responds obtains request, and transmission thes contents are as follows:
Theing contents are as follows of Http response message body:
The character string name Character string is described
?Status Whether ask the response of successful state
?Device?ID The unique identifier of client
?RI?ID The unique identifier of server
?Protected?ROs The right object of shielded Digitized Works
?Certificate?Chain The certificate chain of server
?Signature The signature of this Http response integrality and correctness
Right object acquisition module of the present invention and content module, authority module, signature blocks, and in the communicating by letter between authority module and the limiting module, the field in the right object that each module provided provides by binary coding.
In the said method, said right object makes up the structural table that module construction goes out right object.The right object structure is following:
The field title The type of field and length Field description
Content field digits Integer (1 byte) The quantity of content field in the right object of expression
Content field Character type (length is determined by the content field that represented value of content field digital section and content module provide jointly) The information that the Digitized Works that the right object that obtains from content module is controlled are relevant, specifying information is provided by the structure of content field hereinafter
The rights field number Integer (1 byte) The quantity of rights field in the right object of expression
Rights field Character type (length is determined by the rights field that represented value of rights field digital section and authority module provide jointly) The right object control appliance that obtains from authority module is to the information of Digitized Works access rights, and specifying information is provided by the structure of rights field hereinafter
Signature field Character type (length is provided by signature blocks) The integrality of the right object that obtains from signature blocks and the information of correctness, specifying information is provided by the structure of signature field hereinafter
In the said method, said right object makes up communicating by letter between module and the said content module, may further comprise the steps:
(1) said right object makes up module is sent sign from Digitized Works to said content module.
(2) said content module makes up the content field that module is sent the right object of Digitized Works to said right object.
The content field structure is following:
The field title The type of field and length Field description
Content field ID Character type (4 bytes) The identifier of content field in the right object
Content ID Character type (8 bytes) The identifier of the pairing Digitized Works of right object
Digest algorithm Integer (nybble) Definition the employed digest algorithm of summary of related Digitized Works
Summary length Integer (2 bytes) The length of clip Text
Clip Text Character type (the value decision that length summary length field is represented) The value of the summary of the pairing Digitized Works of content ID
AES Integer (nybble) Definition encrypt the employed AES of decruption key of related Digitized Works
Encryption key length Integer (2 bytes) The length of encryption key
Encryption key Character type (the value decision that length encryption key length field is represented) Through the key of encrypting that is used for the corresponding Digitized Works of decryption content ID
In the said method, said right object makes up communicating by letter between module and the said authority module, may further comprise the steps:
(1) said right object makes up module is sent sign from Digitized Works to said authority module.
(2) said authority module makes up the rights field that module is sent the right object of Digitized Works to said right object.The rights field structure is following:
The field title The type of field and length Field description
The related ID of authority Character type (4 bytes) The identifier that is associated with content field ID in the content field
The authority number Integer (1 byte) The quantity of authority in the expression right object
Permission type Integer (nybble) The type of the access rights of the Digitized Works that the expression right object is controlled comprises and plays the authority class, shows the authority class, copies the authority class, carries out the authority class and derive the authority class
The restricted codes hop count Integer (1 byte) The quantity of the rights field that certain permission type should have down in the expression right object
Limit field Character type (length is determined by the restricted codes hop count and the limit field of the represented value of authority digital section and permission type, corresponding authority type jointly) The right object control appliance that obtains from limiting module is to the information of Digitized Works restrict access, and specifying information is provided by the structure of limit field hereinafter
In the said method, said right object makes up communicating by letter between module and the said signature blocks, may further comprise the steps:
(1) said right object makes up module is sent information from right object to said signature blocks.
(2) said signature blocks makes up the signature field that module is sent the right object of Digitized Works to said right object, and the signature field structure is following:
The field title The type of field and length Field description
Signature algorithm Integer (nybble) Definition is used to provide the employed signature algorithm of signature of right object integrality and correctness
Signature length Integer (2 bytes) The length of signature
Signature Character type (length is by the represented value decision of signature length field) The integrality of the right object of expression Digitized Works and the signature of correctness
In the said method, communicating by letter between said authority module and the said limiting module may further comprise the steps:
(1) said authority module is sent the information of right object to said limiting module.
(2) said limiting module is to the limit field of the right object of said authority module transmission Digitized Works, and the limit field structure is following:
The field title The type of field and length Field description
Limit Type Integer (nybble) The type of restriction comprises that the number of times of restriction Digitized Works access times limits, limit number
Word turns article into and use the duration restriction of duration, the system constraint that the period of restriction Digitized Works use period limits, the restriction Digitized Works use in what system
Limiting parameter quantity Integer (1 byte) The number of parameters that this Limit Type is required
Limiting parameter Character type (length is determined by Limit Type and the represented value of limiting parameter amount field jointly) The value of the parameter of this Limit Type

Claims (1)

1. the method that the right object of Digitized Works is described and obtained in the digital copyright management; It is characterized in that, this method be in the digital copyright management network as the right person's of signing and issuing server with realizing according to the following steps successively between the client in the computer equipment:
Step (1) initialization procedure;
Step (1.1) is settled following software module in described server: Registering modules, Digitized Works identifier acquisition module, right object make up module, content module, authority module, limiting module and signature blocks; Said Digitized Works sign is in digital copyright management, distributed by the sequencing of said digital copyright management network management by the network based Digitized Works of said digital copyright management, has uniqueness;
The information of step (1.2) said server of initialization in described Registering modules comprises the version of communication protocol between that the unique identification of said server, the third party who is used to prove certificate chain that said server law effectively forms by the link of some certificates, granting certificate that said server is trusted who is called as the certificate chain of said server, enciphering and deciphering algorithm that said server is supported and said server are supported and the said client; The mapping table of sign that in described Digitized Works identifier acquisition module, has version number and the Digitized Works of Digitized Works; Make up the partial information that has said server in the module at said right object, comprise the unique identification of said server and the certificate chain of said server; The mapping table of access key of sign and these Digitized Works of summary mapping table and Digitized Works that in said content module, has sign and these Digitized Works of Digitized Works; The mapping table of access rights that in said authority module, has sign and these Digitized Works of Digitized Works; The mapping table of restrict access that in said limiting module, has sign and these Digitized Works of Digitized Works; The mapping table of signature of right object that in said signature blocks, has sign and these Digitized Works of Digitized Works; The signature of said right object has comprised the summary, access key, access rights of these Digitized Works and object that restrict access constitutes and has described the integrality of the right object text that the back forms and the information of correctness through digitlization; The information of the said client of initialization in said client comprises the version of communication protocol between that the unique identification of said client, the third party who is used to prove certificate chain that said client law effectively forms by the link of some certificates, granting certificate that said client is trusted who is called as the certificate chain of said client, enciphering and deciphering algorithm that said client is supported and said client are supported and the described server;
The said client of step (2) is sent initiation requests to said Registering modules, has comprised the unique identification of the version of communication protocol between that said client is supported and the said server, said client and the enciphering and deciphering algorithm that said client is supported in the said initiation requests;
After the said Registering modules of step (3) is accepted the initiation requests of said client transmission; Send initial response to said client, comprised in the said initial response identify said initiation requests whether response of successful state, said server support and said client between version, the unique identification of said server, the enciphering and deciphering algorithm of said server support and the third party of the granting certificate that said server is trusted of communication protocol; If said initial responsive state is successfully, then representes the initiation requests of the said client of success response, and carry out step (4); If said initial responsive state is then represented the not initiation requests of the said client of success response for unsuccessful, said Registering modules will be refused the register requirement that will send after the said client, finish simultaneously with said client between communicate by letter;
After the said client of step (4) is accepted the initial response of said Registering modules transmission; Send register requirement to said Registering modules; Said register requirement has comprised the third party of the granting certificate that the certificate chain of said client, said client trust and the signature of said register requirement, and the signature of said register requirement has comprised the correctness of said register requirement and the information of integrality;
The said Registering modules of step (5) is accepted the register requirement that said client is sent; Certificate chain according to said client; Confirm said client be believable after; Send register response to said client, comprised in the said register response and identify said register requirement whether response of successful state, the certificate chain of said server and the signature of said register response, the signature of said register response has comprised the correctness of said register response and the information of integrality; If said register response state is successfully, then representes the register requirement of the said client of success response, and carry out step (6); If said register response state is then represented the not register requirement of the said client of success response for unsuccessful, said Registering modules will be refused the register requirement of said client;
The said client of step (6) is accepted the register response that said Registering modules sends; Certificate chain according to said server; Confirm said server be believable after; Set up a right and sign and issue the information of using in the process, comprise the certificate chain of the said client that the version of communication protocol between said client and the said server and the client described in the process that succeeds in registration are used, and store said right and sign and issue the information of using in the process;
The said client of step (7) is signed and issued the information of using in the process according to said right, sends the request of right object acquisition to said Digitized Works identifier acquisition module; Said right object obtain the unique identification that has comprised said client in the request, said client certificate chain, the version number and the said right object of Digitized Works of the right object that will obtain the signature of request, the signature that said right object obtains request has comprised the information that said right object obtains request correctness and integrality; Said Digitized Works identifier acquisition module is according to the certificate chain of said client; Confirm said client be believable after; From the mapping table of self, obtain the sign of Digitized Works, and the sign of said Digitized Works is sent to said right object structure module;
The said right object of step (8) makes up the sign that module is accepted the Digitized Works of said Digitized Works identifier acquisition module transmission; Make up the structural table of right object; Comprise each required field of structure right object in the structural table of said right object, comprised content field, rights field and signature field successively; The summary and the access key that have comprised said Digitized Works in the said content field; Said rights field has comprised the access rights of said Digitized Works and the restrict access of said Digitized Works; Said signature field has comprised signature length and signature contents, and said signature contents has comprised integrality and the information of correctness that the right object text of said right object is described in digitlization; The above each field makes up module by said right object and realizes according to the following steps successively respectively and between said content module, said authority module and the said signature blocks:
The said right object of step (8.1) makes up module is sent sign from said Digitized Works to said content module; Said content module is according to the sign of said Digitized Works; From the mapping table of self; Get access to the summary and the access key of said Digitized Works, construct the content field of the right object of said Digitized Works, and said content field is sent to said right object structure module;
After the said right object structure of step (8.2) module is accepted the content field of said content module transmission; Send the sign of said Digitized Works to said authority module; Said authority module is according to the sign of said Digitized Works; From the mapping table of self; Get access to the access rights of said Digitized Works; Comprise the restrict access that receives under quantity and the different rights type of the different rights type that the type of authority, said Digitized Works have, the type of said authority comprises: play the authority class, show the authority class, copy authority class, carry out the authority class and represent that said Digitized Works can be transferred to the derivation authority class of another digital copyright management network from a digital publishing rights supervising the network; Said restrict access is represented by limit field, and is to make up according to the following steps successively between said authority module and the said limiting module:
The said authority module of step (8.2.1) is sent sign from said Digitized Works to said limiting module;
The said limiting module of step (8.2.2) is according to the sign of said Digitized Works; From the mapping table of self; Get access to the restrict access of said Digitized Works; Comprise the type of restriction and the quantity of the different Limit Types that said Digitized Works have; Construct the limit field of the right object of said Digitized Works, comprise the parameter that type and corresponding types had of restriction, the type of said restriction comprises that the limit number word turns the restriction of article access times into, the restriction Digitized Works use the restriction of duration, the restriction that the restriction Digitized Works use the period, the restriction that the restriction Digitized Works use in what system; Said limiting module sends to said authority module with said limit field;
After the said authority module of step (8.3) is accepted the limit field of said limiting module transmission; Access rights according to said Digitized Works; Construct the rights field of the right object of the said Digitized Works that added said limit field, and said rights field is sent to said right object structure module;
After the said right object structure of step (8.4) module is accepted the rights field of said authority module transmission, the sign of sending said Digitized Works to said signature blocks; Said signature blocks is according to the sign of said Digitized Works; From the mapping table of self; Get access to the signature of the right object of said Digitized Works, construct the signature field of the right object of said Digitized Works, and said signature field is sent to said right object structure module;
After the said right object structure of step (9) module is accepted the signature field of said signature blocks transmission,, make up the right object of said Digitized Works according to said structural table;
The said right object of step (10) makes up module and sends the response of right object acquisition to said client; Said right object obtains the right object that comprised the said Digitized Works that build in the step (9) in the response, the said right object of sign and obtains and whether ask that the certificate chain and the said right object of response of successful state, the unique identification of said server, said server obtain the signature of response, and the signature that said right object obtains response has comprised said right object and obtained the correctness of response and the information of integrality; If it is successfully that said right object obtains responsive state, representes that then the right object of the said client of success response obtains request, and carry out step (11); If said right object obtains responsive state for unsuccessful, represent that then the right object of the said client of success response does not obtain request, said right object makes up module is not sent right object from said Digitized Works to said client;
The said client of step (11) receives after said right object obtains response, according to the certificate chain of said server, confirm said server be believable after, accept the right object of said Digitized Works, accomplish the acquisition process of right object.
CN201010169104A 2010-05-12 2010-05-12 Method for describing and acquiring right object of digital work in digital right management Expired - Fee Related CN101827108B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010169104A CN101827108B (en) 2010-05-12 2010-05-12 Method for describing and acquiring right object of digital work in digital right management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010169104A CN101827108B (en) 2010-05-12 2010-05-12 Method for describing and acquiring right object of digital work in digital right management

Publications (2)

Publication Number Publication Date
CN101827108A CN101827108A (en) 2010-09-08
CN101827108B true CN101827108B (en) 2012-10-10

Family

ID=42690809

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010169104A Expired - Fee Related CN101827108B (en) 2010-05-12 2010-05-12 Method for describing and acquiring right object of digital work in digital right management

Country Status (1)

Country Link
CN (1) CN101827108B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101969440B (en) * 2010-10-28 2013-06-19 四川长虹电器股份有限公司 Software certificate generating method
CN107222479A (en) * 2017-05-27 2017-09-29 武汉斗鱼网络科技有限公司 Communication security strengthens method, device, communication means and user terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100367700C (en) * 2004-07-02 2008-02-06 清华大学 Large scale digital live broadcast method based on digital right management
US20060129496A1 (en) * 2004-12-14 2006-06-15 Motorola, Inc. Method and apparatus for providing digital rights management
KR100930695B1 (en) * 2007-08-06 2009-12-09 현대자동차주식회사 DLM system and DRM contents management method
KR20090022997A (en) * 2007-08-29 2009-03-04 삼성전자주식회사 Method and apparatus for managing drm rights object

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Yuxuan Zhai等.DRM Licensing Design for Interactive Rebuilding of DTV in China.《Consumer Communications and Networking Conference (CCNC), 2010 7th IEEE》.2010,1-5. *

Also Published As

Publication number Publication date
CN101827108A (en) 2010-09-08

Similar Documents

Publication Publication Date Title
CN101286994B (en) Digital literary property management method, server and system for content sharing within multiple devices
CN101682505B (en) Method and system for secure communication
CN101605137B (en) Safe distribution file system
CN101247232B (en) Encryption technique method based on digital signature in data communication transmission
KR102325725B1 (en) Digital certificate management method and device
CN1937495A (en) Digital copyright protection method and system for media network application
JP2020505849A (en) Digital certificate management method and device
CN103078858A (en) Web service and signature certificate-based software trial authorization method
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN101247407A (en) Network authentication service system and method
CN101090316A (en) Identify authorization method between storage card and terminal equipment at off-line state
CN100354788C (en) Digital copyright protection system and method
CN102467634A (en) Software authorization system and method
CN111262852B (en) Business card signing and issuing method and system based on block chain
CN106209373B (en) Key generation system, data stamped signature and encryption system and method
CN101997681A (en) Authentication method and system for multi-node path and relevant node equipment
JP2007226470A (en) Authority management server, authority management method, and authority management program
CN101753569A (en) Master terminal device for registering and managing the terminal device included in personal using scope, method and system for using the same
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
CN101252432B (en) Field managing server and system, digital authority managing method based on field
CN101916350A (en) Method and system for protecting terminal reading contents
CN107409043B (en) Distributed processing of products based on centrally encrypted stored data
KR20100114321A (en) Digital content transaction-breakdown the method thereof
CN101827108B (en) Method for describing and acquiring right object of digital work in digital right management
WO2015079004A1 (en) Method and apparatus for supporting verification of a contract

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20121010

Termination date: 20210512