CN101404573B - Authorization method, system and apparatus - Google Patents
Authorization method, system and apparatus Download PDFInfo
- Publication number
- CN101404573B CN101404573B CN200810225208.8A CN200810225208A CN101404573B CN 101404573 B CN101404573 B CN 101404573B CN 200810225208 A CN200810225208 A CN 200810225208A CN 101404573 B CN101404573 B CN 101404573B
- Authority
- CN
- China
- Prior art keywords
- client
- features information
- information type
- client features
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000013475 authorization Methods 0.000 title claims abstract description 29
- 239000000284 extract Substances 0.000 claims description 33
- 230000001681 protective effect Effects 0.000 claims description 19
- 238000000605 extraction Methods 0.000 claims description 18
- 238000005516 engineering process Methods 0.000 description 7
- 238000001514 detection method Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004321 preservation Methods 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000004064 recycling Methods 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an authorization method, a system and a device thereof which are used for realizing dynamic authorization to a client side for obtaining a key, causing more client sides to obtain the key for accessing the relevant contents, and satisfying the demand that the clients can obtain the same key at a plurality of the client sides. The authorization method provided by the invention comprises a server which receives a key request from the client side, and obtains the type of the client side characteristic information from the request; the server encrypts the key which is requested by the client side; the server generates a certificate of authorization using the type of the client side characteristic information and the encrypted key, and sends the certificate of authorization to the client side. The invention further provides a method and a device thereof which are used for obtaining the key.
Description
Technical field
The present invention relates to technical field of digital copyright protection, relate in particular to a kind of authorization method, system and device.
Background technology
Along with the development of network technology and universal, the quantity of the digital contents such as audio frequency, video, picture, document is more and more, uses also more and more extensive, the propagation of digital content and share the convenient and quick of change.But, because digital content has the feature that copies and propagate of being easy to, cause digital content illegal circulation, the digital content of utilizing great amount of cost and manpower to make is easy in unauthorized situation by bootlegging and propagation, thereby digital content right people's interests have been damaged, affect digital content creator's enthusiasm, thereby hinder the development of digital content business.
The technology occurring in order effectively to prevent bootlegging, propagation and the use of digital content, is called digital copyright management (DRM, Digital Rights Management) technology.In DRM application, conventionally can be by digital content be bound to guarantee with the characteristic information of client the fail safe that the download of digital content is used mutually.
The scheme of digital content and client binding is had a variety of, comprise digital content and the one or more hardware in a client, a client are bound etc. mutually.But in actual applications, a DRM system only adopts a kind of binding scheme conventionally.For example, the DRM system that is applied to cell phone apparatus is only bound digital content and cell-phone number mutually, is applied to the DRM system of PC equipment only by the binding of digital content and PC hard disk.
As can be seen here, there are following 2 deficiencies in the existing technology to the right of client granted access digital content:
One, the characteristic information of client has uniqueness, thereby may cause unique digital content authentication formula that DRM system limits to lose efficacy, thereby causes client cannot use the problem of digital content.For example, certain DRM system is to utilize hard disk sequence number and the net card number binding digital content of PC, yet be not the sequence number that the hard disk of all PC equipment can read self smoothly, if PC equipment does not have network interface card or net card number cannot obtain yet, this DRM system can not be applied on this PC equipment so, cause user cannot use the digital content needing.
Two, along with the development of digital content application, user often needs a DRM system can support the digital content authentication case of multiple client, yet in prior art, a DRM system only can realize digital content mandate to a kind of client.For example, DRM system for certain e-book, user buys after this e-book, user may wish can either be on PC equipment reading electronic book, can on mobile phone, read this e-book again, yet the DRM system of this e-book can only be supported a kind of digital content mandate of client device, cannot support the digital content mandate of PC equipment and cell phone apparatus simultaneously.
In sum, existing realization to client about obtaining the technology underaction for the key of access relevant content, cause some client cannot obtain the key for access relevant content, and cannot meet user and wish can both obtain for accessing the demand of the same key of identical content in a plurality of clients.
Summary of the invention
The embodiment of the present invention provides a kind of authorization method, system and device, in order to realize client about obtaining the dynamic authorization of key, and make more client obtain the key for access relevant content, meet user and can obtain the demand of same key in a plurality of clients.
A kind of authorization method that the embodiment of the present invention provides comprises:
Server receives the key request that a client sends, and therefrom obtains a client features information, and a client features information type; Or server receives the key request that a plurality of clients send, and therefrom obtains each client features information and each client features information type; Wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request;
Client features information described in described server by utilizing, or utilize described client features information and described client features information type, the key of described client-requested is encrypted;
Key described in described server by utilizing after client features information type and described encryption generates the certificate of authority, and this certificate of authority is sent to described client;
Wherein, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information.
A kind of key acquisition method that the embodiment of the present invention provides comprises:
When server only has a client, the certificate of authority that this client issues from server, obtain a client features information type and the key through encrypting; When server has a plurality of client, the certificate of authority that in described a plurality of clients, each client issues from server, obtain characteristic information type and the key through encrypting of each client in described a plurality of client; Wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request;
Described client is extracted client features information according to described client features information type, and utilizes this client features information, or utilizes this client features information and client features information type to described secret key decryption, the key after being deciphered;
Wherein, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information.
A kind of server that the embodiment of the present invention provides comprises:
Receive request unit, the key request sending for receiving a client, and therefrom obtain a client features information, and a client features information type, or, the key request sending for receiving a plurality of clients, and therefrom obtain each client features information and each client features information type, wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information,
Ciphering unit, for utilizing described client features information, or utilizes described client features information and described client features information type, and the key of described client-requested is encrypted;
Send certificate of authority unit, for utilizing the key after described client features information type and described encryption to generate the certificate of authority, and this certificate of authority is sent to described client.
A kind of client that the embodiment of the present invention provides comprises:
Certificate of authority unit, when only having a client at server, obtains a client features information type and the key through encrypting from server the certificate of authority issuing, or, for when server has a plurality of client, the certificate of authority issuing from server, obtain characteristic information type and the key through encrypting of each client in described a plurality of client, wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information,
Key acquiring unit, for extracting client features information according to described client features information type, and utilize this client features information, or utilize this client features information and client features information type to described secret key decryption, the key after being deciphered.
A kind of authoring system that the embodiment of the present invention provides comprises:
Server, the key request sending for receiving a client, and therefrom obtain a client features information, and a client features information type, or, the key request sending for receiving a plurality of clients, and therefrom obtain one or more client features information, and one or more client features information type, utilize described client features information, or utilize described client features information and described client features information type, the key of described client-requested is encrypted, utilize the key after described client features information type and described encryption to generate the certificate of authority, and this certificate of authority is sent to described client, wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information,
Client, obtains client features information type and the key through encrypting for the certificate of authority issuing from described server; By the key of client features Information generation, or the key generating by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after being deciphered.
The embodiment of the present invention, receives by server the key request that client sends, and therefrom obtains client features information type; Described server is encrypted the key of described client-requested; Key described in described server by utilizing after client features information type and described encryption generates the certificate of authority, and this certificate of authority is sent to described client, thereby realized server to client about obtaining the dynamic authorization of key, make more client can obtain the key for access relevant content, and can meet user and obtain for accessing the demand of the same key of identical content in a plurality of clients.
Accompanying drawing explanation
The structural representation of a kind of authoring system that Fig. 1 provides for the embodiment of the present invention;
The structural representation of a kind of server that Fig. 2 provides for the embodiment of the present invention;
The structural representation of a kind of client that Fig. 3 provides for the embodiment of the present invention;
The schematic diagram of the key of the Protective Key for encrypted digital content that utilizes three kinds of client features Information generations in the certificate of authority that Fig. 4 provides for the embodiment of the present invention;
The schematic flow sheet of a kind of authorization method that Fig. 5 provides for the embodiment of the present invention;
The schematic flow sheet of a kind of key acquisition method that Fig. 6 provides for the embodiment of the present invention.
Embodiment
The embodiment of the present invention provides a kind of authorization method, system and device, in order to realize client about obtaining the dynamic authorization of key, and make more client obtain the key for access relevant content, meet user and can obtain the demand of same key in a plurality of clients.
The key for access relevant content of the client-requested described in the embodiment of the present invention can be various keys, such as the Protective Key of domain key, digital content (as e-book etc.).
The embodiment of the present invention arranges the corresponding relation of client features information type and client features information in advance in client, for example, client features information type is hard disk, the sequence number that corresponding client features information is hard disk.The corresponding relation of client device type and client features information type further can also be set, make client by detection, learn after the device type of self, can find corresponding client features information type, thereby extract corresponding client features information according to this client features information type.If the corresponding a plurality of client features information types of the device type of a certain client, according to the selected a kind of client features information type of the priority of predefined client features information type.Described client features information is exactly for identifying the characteristic information of this client.Certainly, further can also in server, set in advance above-mentioned corresponding relation.
Below in conjunction with accompanying drawing, the embodiment of the present invention is elaborated.
Referring to Fig. 1, a kind of authoring system that the embodiment of the present invention provides comprises: server 11 and at least one client 12.
Server 11, the key request sending for receiving client 12, and therefrom obtain client features information type; Key to described client 12 requests is encrypted; Utilize the key after this client features information type and encryption to generate the certificate of authority, and this certificate of authority is sent to described client 12.
Client 12, obtains client features information type and the key through encrypting for the certificate of authority issuing from described server 11 according to user's request; By the key of client features Information generation, or the key generating by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after being deciphered.
Preferably, the key request that described server 11 further sends from described client 12, obtain client features information, utilize this client features information and/or described client features information type to be encrypted the key of described client 12 requests.When described server 11 receives the key of a plurality of clients 12 requests when identical, described server 11 utilizes the client features information of the plurality of client 12 and/or described client features information type to be encrypted the same key of the plurality of client 12 requests; Client features information and the client features information type of utilizing described a plurality of client 12 to submit to generate the certificate of authority.
Preferably, described server 11 adopts certain algorithm (as Message Digest 5 etc.) to generating encryption key after client features information processing; Or, adopt certain algorithm to process rear generation encryption key to client features information and client features information type;
Described server 11 adopts encryption key to be encrypted the key of described client 12 requests.
Preferably, the key request that described server 11 further sends from described client 12, obtain encryption key, utilize this encryption key to be encrypted the key of described client 12 requests.That is to say, after described client 12 adopts certain algorithm to client features information processing, generate encryption key; Or, adopt certain algorithm to process rear generation encryption key to client features information and client features information type, the encryption key of generation is sent to server 11.
Preferably, client 12, selectes client features information type according to user's request according to the priority of predefined client features information type, and extracts the client features information corresponding with this client features information type; This client features information and selected client features information type are sent to server 11.
Preferably, server 11 utilizes the client features information of a plurality of clients 12 to adopt complete public key broadcasts to encrypt scheduling algorithm the Protective Key of same digital content is encrypted, and makes wherein arbitrary client 12 can utilize the client features information of self to be decrypted the key obtaining from the certificate of authority; The key that server 11 utilizes after encrypting, and the client features information type that a plurality of clients 12 are submitted to generates the certificate of authority, that is to say the client features information type that the certificate of authority has comprised the key after encrypting and asked all clients submissions of same key.
Preferably, before the selected client features information type of client 12, first extract the device type of self, obtain the corresponding client features information type of self device type, the in the situation that of the corresponding a plurality of client features information type of equipment of itself type, according to the selected a kind of client features information type of the priority of predefined client features information type, and extract client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until extract the operation success of client features information.
Preferably, the client features information type that client 12 is obtained from the certificate of authority comprises multiple client features information type; From this multiple client features information type, select a kind of client features information type, and extract the client features information corresponding with this client features information type from self, if extracted unsuccessfully, from multiple client features information type, select another kind of client features information type, until extract the success of client features information.Wherein, while selecting a kind of client features information type in the multiple client features information type from the certificate of authority, can select according to the priority of the client features information type setting in advance.
Provide the concrete structure explanation of above-mentioned server 11 and client 12 below.
Referring to Fig. 2, preferably, described server 11 comprises:
Receive request unit 21, the key request sending for receiving client 12, and therefrom obtain client features information and client features information type.
Ciphering unit 22, for utilizing client features information to be encrypted the key of client 12 requests.
Send certificate of authority unit 23, for utilizing the key after client features information type and encryption to generate the certificate of authority, and this certificate of authority is sent to client 12.
Referring to Fig. 3, preferably, described client 12 comprises:
Information extraction unit 31, for selecting client features information type according to user's request according to the priority of predefined client features information type, and extracts the client features information corresponding with this client features information type.
Encryption key unit 32, for utilizing described client features information, or utilizes described client features information and described selected client features information type to generate encryption key.
Transmitting element 33, for by described selected client features information type, and described encryption key or described client features information send to described server 11.
Certificate of authority unit 34, obtains client features information type and the key through encrypting for the certificate of authority issuing from server 11 according to user's request.
Key acquiring unit 35, for extracting client features information according to client features information type, and utilizes this client features information to described secret key decryption, the key after being deciphered.
Provide several specific embodiments below.
Embodiment 1:
Certain electronic reader manufacturer need to the preset DRM of being subject to protection in a collection of reader that there is no an extension storage card digital content.First preset multinomial mandated program in general reader client and authorization server.The mandated program that priority is higher is: by the device number of electronic reader and card number that can extension storage card simultaneously and digital content binding, the mandated program that priority is lower is: digital content is only bound with device number.Authorization server is encrypted the Protective Key of digital content according to the characteristic information of this batch of client; In the certificate of authority, describe subsequently this batch of client characteristic information type and encrypt after content key.This certificate of authority can be for this batch of electronic reader.
Embodiment 2:
Apparatus characteristic information type and the corresponding apparatus characteristic information thereof with different priorities is set on an authorization server and on a plurality of PC equipment in advance, makes certain e-book DRM protection system can support the PC equipment that these are special.Due on PC, conventionally for the hardware of binding, as the equipment such as video card, network interface card all likely do not exist, hard disk sequence number may can not detect out yet, therefore need to possess for these features preset many covers on client software the feature information extraction scheme of priority.As preferential extraction hard disk, network interface card, video card, next extracts mainboard, CPU, internal memory, more secondly, above-mentioned 6 kinds of device numbers that utilization can be extracted, application is bound such as " hardware adaptive mechanism method ".For example, when certain user PC does not contain network interface card, user buys e-book by this PC.After obtaining RO voucher, client learns that by checkout equipment type equipment is PC, according to preset scheme, learn the client features information type that PC equipment is corresponding, and choose the client features information type that priority is higher (as being hard disk, network interface card, video card), and corresponding client features information is obtained in detection, this obtains failure, choose the client features information type (as being mainboard, CPU, internal memory) of the priority suboptimum that PC equipment is corresponding, and detect and obtain corresponding client features information, this obtains successfully.The digest value of this client features information and characteristic information type, client features information type (as are designated: PC hardware binding type 2), with RO voucher, send to together RO authorization server.RO server is after judgement RO voucher is effective; use client features information and characteristic information type as parameter; by generating the algorithm (as Message Digest 5) of key, calculate encryption key K1, and with this encryption key K1, the Protective Key Kc of digital content is encrypted, generate K2.In the certificate of authority, describe again client features information type and utilize the Protective Key K2 after K1 encrypts, as follows:
<bindtype>PC hardware binding type 2</bindtype>
<ECK>K2</ECK>
RO server returns to client by this certificate of authority.Client obtains after this certificate of authority, by its preservation.When user prepares to use e-book, client detects this certificate of authority, and gets corresponding client features information type and utilize the Protective Key after client features information encryption; Client is obtained corresponding client features information according to client features information type, uses client features Information generation decruption key, and Protective Key K2 is decrypted and obtains Kc.Recycling Kc deciphering e-book, thus make the user can reading electronic book.
Embodiment 3:
When certain e-book DRM protection system is also supported mobile phone except supporting PC equipment; client is after having obtained the RO voucher that server issues; by checkout equipment type, learn that equipment of itself is mobile phone; and learn according to predetermined scheme the client features information type that mobile phone is corresponding; and detect and to obtain corresponding client features information (as being SIM card number, cell phone apparatus number etc.), it is sent to RO authorization server together with RO voucher.RO authorization server is after the validity of judgement RO voucher; after the Protective Key of digital content being encrypted according to client features information; together with client features information type, add in the certificate of authority of generation, and this certificate of authority is returned to this mobile phone.This mobile phone has obtained after the certificate of authority, by its preservation.When user prepares to use e-book, this mobile phone detects this certificate of authority, and gets client features information type and the Protective Key after client features information encryption; Mobile phone obtains corresponding client features information according to client features information type, uses client features information to be decrypted Protective Key; Protective Key deciphering e-book after recycling deciphering, thus the e-book content that user needs obtained.
Embodiment 4:
When user wishes can read same e-book on 2 PC and a mobile phone.On first PC, client learns that by checkout equipment type equipment is PC, according to preset scheme, learn the client features information type (as being hard disk, network interface card) that preecedence requirement is obtained, and corresponding client features information is obtained in detection, obtain successfully, client features information, client features information type are sent to authorization server; On second PC, client learns that by checkout equipment type equipment is PC, according to preset scheme, learn the client features information type (as being hard disk, network interface card) that preecedence requirement is obtained, and corresponding client features information is obtained in detection, obtain failure, so search again the client features information type (as being mainboard, CPU, internal memory) of suboptimum in preset scheme corresponding to PC, and detect and obtain corresponding client features information, obtain successfully.This client features information, client features information type are sent to authorization server.On mobile phone, client learns that by checkout equipment type equipment is mobile phone, according to preset scheme, learn the client features information (as being cell phone apparatus ID) that preecedence requirement is obtained, and corresponding client features information is obtained in detection, obtain successfully, client features information, client features information type are sent to authorization server.Authorization server is after getting the client features information and client features information type of these 3 equipment; Protective Key by three's client features information encryption e-book; then the client features information type of these three clients being submitted to, the Protective Key after encryption are described in respectively in the certificate of authority; as shown in Figure 4; authorization server sends this certificate of authority to these three client devices of user, thereby makes user on these three equipment, by this certificate of authority, to read same e-book.
On first PC, client, by detecting successively client features information type on the certificate of authority, learns that the most preferred client features information type that PC is corresponding is hard disk, network interface card, obtains immediately corresponding client features information, obtains successfully; Use this client features decrypts information to obtain the Protective Key of e-book.
On second PC, client, by detecting successively client features information type on the certificate of authority, learns that the most preferred client features information type that PC is corresponding is hard disk, network interface card, obtains immediately corresponding client features information, obtains failure; Detecting the preferred client features information type of the next one corresponding to PC is mainboard, CPU, internal memory, obtains immediately corresponding client features information, obtains successfully; Use this client features decrypts information to obtain the Protective Key of e-book.
On mobile phone, client, by detecting successively client features information type on the certificate of authority, learns that the most preferred client features information type that mobile phone is corresponding is device id, obtains immediately corresponding client features information, obtains successfully; Use this client features decrypts information to obtain the Protective Key of e-book.
Obviously, the technical scheme that the embodiment of the present invention provides can also be applied in other field.For example, in the management process of territory, conventionally need to be by the same apparatus bound of territory certificate.When territory certificate need to be with special PC apparatus bound, client learns that by checkout equipment type equipment is PC, according to preset scheme, learn the most preferred client features information type that PC is corresponding (as being hard disk, network interface card), and corresponding client features information is obtained in detection, obtain failure, so choose the less preferred client features information type that PC is corresponding (as being mainboard, CPU, internal memory), and obtain corresponding client features information, obtain successfully.This client features information, client features information type are sent to field managing server.The client features information that field managing server is used client to send is encrypted domain key; In the certificate of territory, describe client features information type and utilize the domain key after client features information encryption, as follows:
<bindtype>PC hardware adaptive mechanism binding </bindtype>
<EDK>XXX</EDK>
Field managing server returns to client by this territory certificate.Client obtains after the certificate of territory, by its preservation.When user need to use this territory certificate, client is obtained the client features information type in this territory certificate and is utilized the domain key after client features information encryption; Client is obtained corresponding client features information according to client features information type, uses this client features information to be decrypted domain key.
Introduce the method that the embodiment of the present invention provides below.
Referring to Fig. 5, a kind of authorization method that the embodiment of the present invention provides comprises step:
S501, server receive the key request that client sends, and therefrom obtain client features information type.
S502, server are encrypted the key of client-requested.
Key after S503, server by utilizing client features information type and encryption generates the certificate of authority, and this certificate of authority is sent to client.
Referring to Fig. 6, a kind of key acquisition method that the embodiment of the present invention provides comprises step:
The certificate of authority that S601, client issue from server according to user's request, obtain client features information type and the key through encrypting.
S602, client are extracted client features information according to client features information type, and utilize this client features information to secret key decryption, the key for access relevant content after being deciphered.
In sum, the embodiment of the present invention receives by server the key request that client sends, and therefrom obtains client features information type; Server is encrypted the key of client-requested; Key after server by utilizing client features information type and encryption generates the certificate of authority, and this certificate of authority is sent to client, thereby realized server to client about obtaining the dynamic authorization of key, make more client can obtain the key for access relevant content, and can meet user and obtain for accessing the demand of the same key of identical content in a plurality of clients.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if within of the present invention these are revised and modification belongs to the scope of the claims in the present invention and equivalent technologies thereof, the present invention is also intended to comprise these changes and modification interior.
Claims (19)
1. an authorization method, is characterized in that, the method comprises:
Server receives the key request that a client sends, and therefrom obtains a client features information, and a client features information type; Or server receives the key request that a plurality of clients send, and therefrom obtains each client features information and each client features information type; Wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request;
Client features information described in described server by utilizing, or utilize described client features information and described client features information type, the key of described client-requested is encrypted;
Key described in described server by utilizing after client features information type and described encryption generates the certificate of authority, and this certificate of authority is sent to described client;
Wherein, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information.
2. method according to claim 1, it is characterized in that, when described server receives the key of a plurality of client-requested when identical, the client features information of the plurality of client of described server by utilizing, or the client features information type of utilizing the plurality of client features information and described a plurality of client to send is encrypted the same key of the plurality of client-requested;
Client features information and client features information type that described in described server by utilizing, a plurality of clients are submitted to generate the described certificate of authority.
3. method according to claim 1 and 2, is characterized in that, the step that client features information and client features information type are encrypted the key of described client-requested described in described server by utilizing comprises:
Described in described server by utilizing, client features information and described client features information type generate encryption key, adopt this encryption key to be encrypted the key of described client-requested.
4. method according to claim 1, is characterized in that, the key request that described server further sends from described client, obtains encryption key, utilizes this encryption key to be encrypted the key of described client-requested.
5. method according to claim 4, is characterized in that, described encryption key is to utilize client features information, or utilizes this client features information and client features information type to generate.
6. method according to claim 1, is characterized in that, the key of described client-requested is the Protective Key of domain key or digital content.
7. a key acquisition method, is characterized in that, the method comprises:
When server only has a client, the certificate of authority that this client issues from server, obtain a client features information type and the key through encrypting; When server has a plurality of client, the certificate of authority that in described a plurality of clients, each client issues from server, obtain characteristic information type and the key through encrypting of each client in described a plurality of client; Wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request;
Described client is extracted client features information according to described client features information type, and utilizes this client features information, or utilizes this client features information and client features information type to described secret key decryption, the key after being deciphered;
Wherein, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information.
8. method according to claim 7, is characterized in that, before described client is obtained described client features information type and key from the described certificate of authority, the method also comprises:
Described client is selected client features information type according to user's request according to the priority of predefined client features information type, and extracts the client features information corresponding with this client features information type;
Described client sends to described server by described client features information and described selected client features information type.
9. method according to claim 8, it is characterized in that, described client asks to extract the device type of self according to user, according to the corresponding relation of predefined device type and client features information type, obtain the corresponding alternative client features information type of self device type;
Described client, according to the priority of predefined client features information type, is selected client features information type from described alternative client features information type.
10. method according to claim 8 or claim 9, it is characterized in that, when described client is extracted the client features information failure corresponding with described selected client features information type, described client is according to the priority of described client features information type again selected client features information type, and the extraction client features information corresponding with this client features information type.
11. methods according to claim 7, is characterized in that, the client features information type that described client is obtained from the described certificate of authority comprises multiple client features information type;
Described client is selected a kind of client features information type from described multiple client features information type, and the extraction client features information corresponding with this client features information type, if extracted unsuccessfully, from described multiple client features information type, select another kind of client features information type, until extract the success of client features information.
12. methods according to claim 11, is characterized in that, described client, according to the priority of the client features information type setting in advance, is selected client features information type from described multiple client features information type.
13. methods according to claim 7, is characterized in that, the key that described client is obtained is the Protective Key of domain key or digital content.
14. 1 kinds of servers, is characterized in that, this server comprises:
Receive request unit, the key request sending for receiving a client, and therefrom obtain a client features information, and a client features information type, or, the key request sending for receiving a plurality of clients, and therefrom obtain each client features information and each client features information type, wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information,
Ciphering unit, for utilizing described client features information, or utilizes described client features information and described client features information type, and the key of described client-requested is encrypted;
Send certificate of authority unit, for utilizing the key after described client features information type and described encryption to generate the certificate of authority, and this certificate of authority is sent to described client.
15. 1 kinds of clients, is characterized in that, this client comprises:
Certificate of authority unit, when only having a client at server, obtains a client features information type and the key through encrypting from server the certificate of authority issuing, or, for when server has a plurality of client, the certificate of authority issuing from server, obtain characteristic information type and the key through encrypting of each client in described a plurality of client, wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information,
Key acquiring unit, for extracting client features information according to described client features information type, and utilize this client features information, or utilize this client features information and client features information type to described secret key decryption, the key after being deciphered.
16. clients according to claim 15, is characterized in that, this client also comprises:
Information extraction unit, for selecting client features information type according to user's request according to the priority of predefined client features information type, and extracts the client features information corresponding with this client features information type;
Encryption key unit, for utilizing described client features information, or utilizes described client features information and described selected client features information type to generate encryption key;
Transmitting element, for by described selected client features information type, and described encryption key or described client features information send to described server.
17. 1 kinds of authoring systems, is characterized in that, this system comprises:
Server, the key request sending for receiving a client, and therefrom obtain a client features information, and obtain a client features information type, or, the key request sending for receiving a plurality of clients, and therefrom obtain each client features information and each client features information type, utilize described client features information, or utilize described client features information and described client features information type, the key of described client-requested is encrypted, utilize the key after described client features information type and described encryption to generate the certificate of authority, and this certificate of authority is sent to described client, wherein, described client features information type, be by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user request, described by client according to the priority of predefined client features information type, selected client features information type from the corresponding client features information type of the device type of the client with user's request, comprise: client is according to the priority of predefined client features information type, first select the client features information type that priority is high, and extract corresponding client features information according to this client features information type, if extracted unsuccessfully, according to the client features information type of the selected suboptimum of the priority of client features information type, and the extraction client features information corresponding with this client features information type, until successfully extract client feature information,
Client, obtains client features information type and the key through encrypting for the certificate of authority issuing from described server; By the key of client features Information generation, or the key generating by this client features information and described client features information type is to the secret key decryption in the described certificate of authority, the key after being deciphered.
18. systems according to claim 17, is characterized in that, described client comprises:
Information extraction unit, for selecting client features information type according to the priority of predefined client features information type, and extracts the client features information corresponding with this client features information type;
Transmitting element, for sending to described server by described client features information and described selected client features information type;
Certificate of authority unit, obtains client features information type and the key through encrypting for the certificate of authority issuing from server;
Key acquiring unit, for extracting client features information according to described client features information type, and utilize the key of this client features Information generation, or pass through the key of this client features information and the generation of described client features information type to the secret key decryption in the described certificate of authority, the key after being deciphered.
19. according to the system described in claim 17 or 18, it is characterized in that, described server comprises:
Receive request unit, the key request sending for receiving client, and therefrom obtain client features information and client features information type;
Ciphering unit, for utilizing described client features information, or utilizes described client features information and described client features information type, and the key of described client-requested is encrypted;
Send certificate of authority unit, for utilizing the key after described client features information type and described encryption to generate the certificate of authority, and this certificate of authority is sent to described client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810225208.8A CN101404573B (en) | 2008-10-27 | 2008-10-27 | Authorization method, system and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810225208.8A CN101404573B (en) | 2008-10-27 | 2008-10-27 | Authorization method, system and apparatus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101404573A CN101404573A (en) | 2009-04-08 |
| CN101404573B true CN101404573B (en) | 2014-11-19 |
Family
ID=40538451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810225208.8A Expired - Fee Related CN101404573B (en) | 2008-10-27 | 2008-10-27 | Authorization method, system and apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101404573B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103034788A (en) * | 2011-10-10 | 2013-04-10 | 上海无戒空间信息技术有限公司 | Verification method and system of electronic readings, server, client and terminal |
| CN102868687B (en) * | 2012-09-05 | 2015-07-15 | 四川长虹电器股份有限公司 | Method for improving security of intelligent street lamp control system |
| CN103258151B (en) * | 2012-10-30 | 2016-01-20 | 中国科学院沈阳自动化研究所 | A kind of software License control method of real-time authorization |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1530791A (en) * | 2003-03-03 | 2004-09-22 | Long hard mark for computer system with software package bounded onto capacity changeable hardware | |
| CN101252432A (en) * | 2007-12-19 | 2008-08-27 | 北大方正集团有限公司 | Field managing server and system, digital authority managing method based on field |
-
2008
- 2008-10-27 CN CN200810225208.8A patent/CN101404573B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1530791A (en) * | 2003-03-03 | 2004-09-22 | Long hard mark for computer system with software package bounded onto capacity changeable hardware | |
| CN101252432A (en) * | 2007-12-19 | 2008-08-27 | 北大方正集团有限公司 | Field managing server and system, digital authority managing method based on field |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101404573A (en) | 2009-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11664984B2 (en) | Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content | |
| US8539233B2 (en) | Binding content licenses to portable storage devices | |
| US8417966B1 (en) | System and method for measuring and reporting consumption of rights-protected media content | |
| US20040039932A1 (en) | Apparatus, system and method for securing digital documents in a digital appliance | |
| US20070136202A1 (en) | Personal-information managing apparatus, method of providing personal information, computer product, and personal-information-providing system | |
| US20120303967A1 (en) | Digital rights management system and method for protecting digital content | |
| CN101355569A (en) | Control method, apparatus and system for downloading digital content | |
| EP1556748A2 (en) | Method and device for authorizing content operations | |
| JP2010537287A (en) | Apparatus and method for backup of copyright objects | |
| US7788728B2 (en) | Method and apparatus for limiting number of times contents can be accessed using hash chain | |
| CN109145617B (en) | Block chain-based digital copyright protection method and system | |
| CN105743903A (en) | Audio digital rights management method and system, intelligent terminal and authentication server | |
| WO2007086015A2 (en) | Secure transfer of content ownership | |
| CN101651714A (en) | Downloading method and related system and equipment | |
| CN109698935A (en) | Monitor video encrypting and decrypting method and device, equipment, storage medium, system | |
| KR20020067663A (en) | Data distribution system | |
| CN101578608A (en) | Methods and apparatuses for accessing content based on a session ticket | |
| US9734306B2 (en) | Information processing apparatus, information processing system, information processing method, and program | |
| WO2013075673A1 (en) | Method, system, and server for digital copyright management | |
| CN101404573B (en) | Authorization method, system and apparatus | |
| CN101399663B (en) | Method, system and device for digital content authentication | |
| GB2404828A (en) | Copyright management where encrypted content and corresponding key are in same file | |
| CN110955909B (en) | Personal data protection method and block link point | |
| KR101952139B1 (en) | A method for providing digital right management function in gateway server communicated with user terminal | |
| JP2008271564A (en) | Transmission distribution system and transmission distribution method under off-line environment of license |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220616 Address after: 100871 No. 5, the Summer Palace Road, Beijing, Haidian District Patentee after: Peking University Patentee after: New founder holdings development Co.,Ltd. Patentee after: FOUNDER APABI TECHNOLOGY Ltd. Address before: 100871 No. 5, the Summer Palace Road, Beijing, Haidian District Patentee before: Peking University Patentee before: PEKING UNIVERSITY FOUNDER GROUP Co.,Ltd. Patentee before: FOUNDER APABI TECHNOLOGY Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141119 |