CN107241620A - Digital copyright management method, drm agent and the service end of media content - Google Patents
Digital copyright management method, drm agent and the service end of media content Download PDFInfo
- Publication number
- CN107241620A CN107241620A CN201610185037.5A CN201610185037A CN107241620A CN 107241620 A CN107241620 A CN 107241620A CN 201610185037 A CN201610185037 A CN 201610185037A CN 107241620 A CN107241620 A CN 107241620A
- Authority
- CN
- China
- Prior art keywords
- drm
- execution unit
- media content
- content
- drm agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title description 86
- 238000013475 authorization Methods 0.000 claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 52
- 239000003795 chemical substances by application Substances 0.000 claims description 281
- 238000004422 calculation algorithm Methods 0.000 claims description 56
- 238000004891 communication Methods 0.000 claims description 46
- 238000012545 processing Methods 0.000 claims description 25
- 230000006978 adaptation Effects 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 19
- 238000001727 in vivo Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000012217 deletion Methods 0.000 claims description 5
- 230000037430 deletion Effects 0.000 claims description 5
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 claims description 5
- 238000012937 correction Methods 0.000 claims description 3
- 238000010977 unit operation Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 16
- 230000006870 function Effects 0.000 description 15
- 238000005516 engineering process Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 235000013399 edible fruits Nutrition 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 241001269238 Data Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000000452 restraining effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8358—Generation of protective data, e.g. certificates involving watermark
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Facsimile Image Signal Circuits (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses the digital copyright management of media content (DRM) method, drm agent, drm service end, terminal device and DRM server, digital copyright management (DRM) method includes:Drm agent receives the call request of media application, therefrom obtains the unique mark of media content to be played;DRM authorization request is sent to drm service end to obtain Content-Authorize execution unit, the mark comprising media content and the essential information of drm agent in DRM authorization request;And, Content-Authorize execution unit is run in drm agent running environment to realize DRM authorization function.Using technical scheme, flexible protection can be provided for media content, so as to improve the safe coefficient of media content.
Description
Technical field
The present invention relates to digital copyright management (DRM) technology, more particularly, to media content
Digital copyright management (DRM) method, drm agent, drm service end, terminal device, with
And DRM server.
Background technology
Currently, the smart machine such as intelligent television has come into huge numbers of families, is increasingly becoming that user is daily to be obtained
Take the important way of the media contents such as audio frequency and video data and documentation.In the world headed by Hollywood
Content supplier is actively disposing the operation of 4K ultra high-definition media contents, and Japanese NHK TV stations are very
To the industrialization for having been realized in 8K research contents and display device, domestic mainstream content provider centre
Depending on, Jiangsu TV station etc. all in the record and broadcast and operation of positive deployment ultra high-definition media content, Jiang Sutai
Across year party carried out by the way of ultra high-definition it is live, ultra high-definition media content operation epoch
Arrive.The cost of manufacture of ultra high-definition media content is high, value is high, is considered as under media industry
One growth point, the guarantor for ultra high-definition media content such as domestic mainstream content provider and Hollywood
The attention of shield also especially, ultra high-definition media content runs higher, it is necessary to frequently to the demand of copyright protection
Replacing content protection algorithm to improve security, in the urgent need to existing content protection technology carry out
Upgrading iteration, to build the ecological technical support that provides of healthy ultra high-definition media content with ensureing.
Existing Digital Rights Management Technology (DRM, Digital Rights Management), leads to
Often digital media content is encrypted encapsulation, the business rules set according to operator are by content-encrypt
Information is according to certain key and DRM authorities (such as Content-Authorize license and restrictive condition)
Grammer is packaged into Content-Authorize licensing, passes through drm agent and the drm service end of terminal device
Interaction Content-Authorize licensing is sent to drm agent, drm agent is according to Content-Authorize
The decryption that rule as defined in license and restrictive condition in licensing carries out content is played.
But existing DRM technology system can not be calculated for the content-encrypt of media content setting individual
Method, authorization rule etc., cause the degree of protection to media content not high.In existing DRM technology, such as
Fruit needs to modify to content encryption algorithm, authorization rule etc., it is necessary to simultaneously to drm service end system
System and drm agent system, which carry out overall upgrading, to be realized, it is impossible to according to the demand of commercial operation
With demand for security neatly, change content encryption algorithm, authorization rule etc. in real time, this is unfavorable for pair
The high strength safe protection of media content.
In the case of based on credible performing environment, the Core Feature such as decryption decoding of drm agent
It will run, if upgraded to drm agent, need simultaneously in credible performing environment
Whole credible performing environment is also upgraded, this potentially affects other non-in credible performing environment
The normal of DRM functions is used.
In addition, the mode that the license of existing Content-Authorize licensing is parsed and performed with restrictive condition, right
The restraining force of drm agent is poor, easily occur perform leak, for example occur drm agent not by
Go to decrypt according to license and the requirement of restrictive condition and play the leaks such as content.
The content of the invention
It is an object of the present invention to provide a kind of new technical scheme of digital copyright management, at least can
Enough solve one of above-mentioned technical problem.
There is provided a kind of digital copyright management of media content (DRM) according to the first aspect of the invention
Method, is implemented in the terminal device for being mounted with drm agent, comprises the following steps:
Step 1:The drm agent receives the call request of the media application of the terminal device,
Therefrom obtain the unique mark of media content to be played;
Step 2:The drm agent sends DRM authorization request to obtain to drm service end
Content-Authorize execution unit, the mark comprising the media content and institute in the DRM authorization request
State the essential information of drm agent;
Wherein, the Content-Authorize execution unit is according to the DRM by the drm service end
Authorization requests inquiry obtain the content encryption algorithm and contents encryption key that the media content uses, with
And the drm agent is to the DRM authorities of the media content, further according to the media content
Mark, the content encryption algorithm of media content use and contents encryption key, DRM visitors
The DRM permission builds of the essential information at family end and the drm agent to the media content;
Step 3:The drm agent runs the content in drm agent running environment and awarded
Execution unit is weighed, it is described to verify whether terminal operating environment meets by the Content-Authorize execution unit
Drm agent is to the DRM authorities of the media content, according to the content-encrypt if meeting
Algorithm and contents encryption key decrypt the media content.
Preferably, the Content-Authorize execution unit be by the drm service end signed after again
It is handed down to the drm agent;The drm agent is obtained after the Content-Authorize execution unit,
First the signature of the Content-Authorize execution unit is verified, the content of being reruned after passing through is verified
Authorization execution unit.
Preferably, in the step 2, the drm agent runs ring in drm agent
Operation communication execution unit in border, is sent by the communication execution unit to the drm service end
The DRM authorization request.
Preferably, between the step 1 and the step 2, in addition to the communication execution is obtained
The step of unit:The drm agent is sent to communication execution unit to the drm service end
Request is to obtain the communication execution unit, comprising described in the request of described pair of communication execution unit
The essential information of drm agent;The communication execution unit is according to institute by the drm service end
State the essential information generation of drm agent.
Preferably, it is described communication execution unit be by the drm service end signed after issue again
To the drm agent;The drm agent is obtained after the communication execution unit, first to institute
The signature for stating communication execution unit is verified, and verifies the communication execution unit that reruned after passing through.
Preferably, the drm agent includes playing institute to the DRM authorities of the media content
The digital watermarking of the media content must be verified when stating media content;The Content-Authorize execution unit
The drm agent operation digital watermarking execution unit is notified, the drm agent is in DRM
The digital watermarking execution unit is run in client running environment, list is performed by the digital watermarking
Member verifies digital watermarking embedded in the media content in the playing process of the media content, such as
Fruit verification is not by stopping then playing the media content;Wherein, the digital watermarking unit is by institute
State drm agent to be notified according to described, the media content correspondence is asked to the drm service end
Digital watermarking unit and obtain.
Preferably, the digital watermarking of the media content contains the content providers pair of the media content
The information that the limitation of the playing environment of the media content is required;The digital watermarking execution unit is in institute
Judge whether terminal operating environment meets the content of the media content in the playing process for stating media content
Limitation requirement of the provider to the playing environment of the media content, stops playing institute if not meeting
State media content.
Preferably, the drm agent includes playing institute to the DRM authorities of the media content
The digital watermarking for following the trail of the media content must be embedded in when stating media content;The Content-Authorize
Execution unit notifies the drm agent operation digital watermarking execution unit, the drm agent
The digital watermarking execution unit is run in drm agent running environment, passes through the digital water
Print execution unit embedded number for being used to follow the trail of the media content in the playing process of the media content
Word watermark;Wherein, the digital watermarking unit is to be notified by the drm agent according to described,
The corresponding digital watermarking unit of the media content is asked to the drm service end and is obtained.
Preferably, the digital watermarking execution unit be by the drm service end signed after again
It is handed down to the drm agent;The drm agent is obtained after the digital watermarking execution unit,
First the signature of the digital watermarking execution unit is verified, the numeral of being reruned after passing through is verified
Watermark execution unit.
Preferably, the drm agent running environment includes execution unit engine and terminal operation system
System adaptation module;The drm agent by the engine-operated execution unit of the execution unit, with
And the execution unit engine is fitted to by terminal operation system by the terminal operating system adaptation module
On system.
Preferably, the execution unit engine provide memory management interfaces for the operation of execution unit, it is outer
Portion's storage management interface, network management interface, cryptographic algorithm interface, play control interface and defeated
Go out control interface;The drm agent is held by the terminal operating system adaptation module by described
The memory management interfaces of row unit engine, external storage management interface, network management interface, password are calculated
Method interface, broadcasting control interface and output control interface are fitted to the corresponding of terminal operating system and connect
On mouth.
Preferably, the drm agent running environment also includes execution unit dispatching management module;
The drm agent dispatched by the execution unit dispatching management module, manage each performs list
Member, including execution unit is dispatched to operation in execution unit engine, and increase, deletion, renewal
Execution unit.
There is provided a kind of digital copyright management of media content (DRM) according to the second aspect of the invention
Method, is implemented in drm service end, comprises the following steps:
Step 1:The drm service end receives the DRM authorization request that drm agent is sent,
Unique mark comprising the media content and the drm agent in DRM authorization request
Essential information;
Step 2:The drm service end obtains the media according to the DRM authorization requesting query
The content encryption algorithm and contents encryption key and the drm agent that content is used are to described
The DRM authorities of media content;
Step 3:The drm service end is according to the identifying of the media content, the media content
The content encryption algorithm and contents encryption key that use, the essential information of the drm agent, with
And the drm agent is to the DRM permission build Content-Authorize execution units of the media content;
Wherein, the Content-Authorize execution unit is configured in drm agent running environment and transported
Whether row meets the DRM visitors with the terminal operating environment of terminal device where verifying drm agent
Calculated to the DRM authorities of the media content, and if meeting according to the content-encrypt at family end
Method and contents encryption key decrypt the media content;
Step 4:The Content-Authorize execution unit of generation is handed down to described in the drm service end
Drm agent.
Preferably, between the step 3 and step 4, in addition to the drm service end is to life
Into Content-Authorize execution unit signed the step of.
Preferably, in the step 3, the drm service end is according to the mark of the media content
Know or the corresponding content of the content encryption algorithm lookup media content of media content use is awarded
Weigh execution unit template;Or, also comprising media content correspondence in the DRM authorization request
DRM version numbers and the drm service end according to the corresponding DRM versions of the media content
Number search the corresponding Content-Authorize execution unit template of the media content;The drm service end is
Content-Authorize execution unit described in the Content-Authorize execution unit template generation obtained according to searching.
Preferably, scheduled digital is contained in the corresponding Content-Authorize execution unit template of the media content
The step of watermark execution unit;The drm service end receives the drm agent to the media
The request of the corresponding digital watermarking execution unit of content, the drm agent is to the media content
The request of corresponding digital watermarking execution unit is that the drm agent is held according to the Content-Authorize
The step of row cell scheduling digital watermarking execution unit and produce;The drm service end is according to described
The corresponding digital watermarking unit template of media content described in the identifier lookup of media content is simultaneously obtained according to lookup
The digital watermarking unit template generation digital watermarking execution unit obtained;The drm service end will be generated
Digital watermarking execution unit be handed down to the drm agent.
Preferably, in the step 2, the drm service end is according to the media content
The AES and content-encrypt that mark obtains the media content use from key management system inquiry are close
Key.
Preferably, in the step 2, the drm service end is according to the media content
Mark and the essential information of the drm agent obtain the DRM client from OSS inquiry
Hold the DRM authorities to the media content.
According to the third aspect of the invention we there is provided a kind of drm agent, it is arranged at and is mounted with intelligence
In the terminal device of energy operating system, the drm agent includes media application interface, performs list
First acquisition module, Content-Authorize execution unit;
The media application interface, the call request of the media application for receiving the terminal device,
Therefrom obtain the unique mark of media content to be played;
The execution unit acquisition module, for drm service end send DRM authorization request with
The Content-Authorize execution unit is obtained, the media content is included in the DRM authorization request
The essential information of mark and the drm agent;
The Content-Authorize execution unit, for verifying whether terminal operating environment meets the DRM
Client is to the DRM authorities of the media content, according to the content encryption algorithm if meeting
The media content is decrypted with contents encryption key;
Wherein, the Content-Authorize execution unit is according to the DRM by the drm service end
Authorization requests inquiry obtain the content encryption algorithm and contents encryption key that the media content uses, with
And the drm agent is to the DRM authorities of the media content, further according to the media content
Mark, the content encryption algorithm of media content use and contents encryption key, DRM visitors
The DRM permission builds of the essential information at family end and the drm agent to the media content.
Preferably, the drm agent also includes being used for the label to the Content-Authorize execution unit
The execution unit signature check module that name is verified.
Preferably, the drm agent includes playing institute to the DRM authorities of the media content
The digital watermarking of the media content must be verified when stating media content;The drm agent is also wrapped
Include digital watermarking execution unit;The Content-Authorize execution unit, is additionally operable to notify the execution unit
Acquisition module obtains the digital watermarking execution unit;The execution unit acquisition module, is additionally operable to root
Notified according to described, the corresponding digital watermarking unit of the media content is asked to the drm service end;
The digital watermarking execution unit, for verifying the media in the playing process of the media content
Embedded digital watermarking in content, does not stop playing the media content if verification if.
Preferably, the digital watermarking of the media content contains the content providers pair of the media content
The information that the limitation of the playing environment of the media content is required;The digital watermarking execution unit, also
For judging whether terminal operating environment meets in the media in the playing process of the media content
Limitation requirement of the content providers of appearance to the playing environment of the media content, stops if not meeting
Only play the media content.
Preferably, the drm agent includes playing institute to the DRM authorities of the media content
The digital watermarking for following the trail of the media content must be embedded in when stating media content;The DRM visitors
Family end also includes digital watermarking execution unit;The Content-Authorize execution unit, is additionally operable to notify described
Execution unit acquisition module obtains the digital watermarking execution unit;The execution unit acquisition module,
It is additionally operable to be notified according to described, the corresponding numeral of the media content is asked to the drm service end
Watermark unit;The digital watermarking execution unit, for embedding in the playing process of the media content
Enter the digital watermarking for following the trail of the media content.
Preferably, the drm agent also includes execution unit engine and terminal operating system is adapted to
Module;The execution unit engine, for running execution unit;The terminal operating system is adapted to mould
Block, for the execution unit engine to be fitted into terminal operating system.
Preferably, the execution unit engine, provides memory management for the operation for execution unit and connects
Mouth, external storage management interface, network management interface, cryptographic algorithm interface, play control interface,
And output control interface;The terminal operating system adaptation module, for the execution unit to be drawn
The memory management interfaces held up, external storage management interface, network management interface, cryptographic algorithm interface,
Play control interface and output control interface is fitted on the corresponding interface of terminal operating system.
Preferably, the drm agent also includes execution unit dispatching management module;It is described to perform
Cell scheduling management module, is dispatched for dispatching, managing each execution unit, including by execution unit
Run into execution unit engine, and increase, deletion, renewal execution unit.
There is provided a kind of drm service end, including DRM message according to the fourth aspect of the invention
The related DRM information acquisition module of receiving module, media content, execution unit generation module and
Execution unit issues module;
The DRM message reception modules, the DRM authorization for receiving drm agent transmission please
Ask, the unique mark comprising the media content and the DRM client in the DRM authorization request
The essential information at end;
The related DRM information acquisition module of the media content, for being asked according to the DRM authorization
Ask and inquire about the content encryption algorithm and contents encryption key that obtain the media content use and described
DRM authority of the drm agent to the media content;
The execution unit generation module, for according in the identifying of the media content, the media
Hold use content encryption algorithm and contents encryption key, the essential information of the drm agent,
And the drm agent is corresponding according to the media content to the DRM authorities of the media content
Content-Authorize execution unit template generation Content-Authorize execution unit;Wherein, the Content-Authorize is held
Row unit, which is configured in drm agent running environment, to be run to verify drm agent institute
Whether meet the drm agent to the media content in the terminal operating environment of terminal device
DRM authorities, and according to the content encryption algorithm and contents encryption key decryption institute if meeting
State media content;
The execution unit issues module, described for the Content-Authorize execution unit to be handed down to
Drm agent.
Preferably, the drm service end also includes execution unit signature blocks;The execution unit
Signature blocks, for being issued in the execution unit before module issues the Content-Authorize execution unit
The Content-Authorize execution unit is signed.
Preferably, the drm service end also includes execution unit template management module, for managing
Content-Authorize execution unit template, including increase, renewal, deletion Content-Authorize execution unit template.
Preferably, the drm service end also includes cipher key management interface;The media content DRM
Data obtaining module, for being communicated by the cipher key management interface with key management system, root
Inquired about according to the mark of the media content from key management system and obtain the encryption that the media content is used
Algorithm and contents encryption key.
Preferably, the drm service end also includes operation support interface;
The media content DRM information acquisition module, be additionally operable to by the operation support interface with
OSS is communicated, according to the mark and the base of the drm agent of the media content
This information obtains DRM of the drm agent to the media content from OSS inquiry
Authority.
According to the fifth aspect of the invention there is provided a kind of drm agent, it is arranged at and is mounted with intelligence
In the terminal device of energy operating system, the drm agent includes media application interface, performs list
First dispatching management module, execution unit engine and terminal operating system adaptation module;
The media application interface, the call request of the media application for receiving the terminal device,
Therefrom obtain the unique mark of media content to be played;
The execution unit dispatching management module, for being searched according to the call request in the media
Hold corresponding execution unit, and start the engine-operated execution unit of the execution unit to realize pair
The DRM authorization of the media content;And if search perform corresponding less than the media content
Unit, then sending DRM message to drm service end, the media content is corresponding to perform list to obtain
Member, is verified to judge the legitimacy of execution unit, Ran Houqi to the signature of the execution unit of acquisition
The engine-operated execution unit of DRM execution units is moved to realize the DRM authorization to media content;
The terminal operating system adaptation module, for realizing the DRM execution units engine and end
Hold the adaptation of operating system.
Preferably, the execution unit engine, provides memory management for the operation for execution unit and connects
Mouth, external storage management interface, network management interface, cryptographic algorithm interface, play control interface,
And output control interface;The terminal operating system adaptation module, for the execution unit to be drawn
The memory management interfaces held up, external storage management interface, network management interface, cryptographic algorithm interface,
Play control interface and output control interface is fitted on the corresponding interface of terminal operating system.
There is provided a kind of drm service end, including DRM message according to the sixth aspect of the invention
Processing module, execution unit template management module, execution unit template and execution unit generation mould
Block;
The DRM message processing modules, the DRM message for receiving drm agent transmission,
Mark comprising media content and the essential information of the drm agent in the DRM message;Root
Select corresponding execution unit template according to the DRM message, call execution unit generation module according to
The execution unit template generation execution unit of selection, the execution unit is configured in DRM visitors
Run to realize the DRM authorization to media content in the running environment of family end;The execution unit is given birth to
The execution unit generated into module is signed;Execution unit after signature is handed down to the DRM visitors
Family end;
The execution unit template management module, for managing execution unit template.
Preferably, the execution unit administrative template includes Content-Authorize execution unit template;It is described
DRM message processing modules, for call execution unit generation module according to the mark of the media content,
Content encryption algorithm and contents encryption key that the media content is used, the drm agent
Essential information and the drm agent are to the DRM authorities of the media content according to selection
Content-Authorize execution unit template generation Content-Authorize execution unit;Wherein, the Content-Authorize is performed
Unit, which is configured in drm agent running environment, to be run to verify drm agent place
Whether the terminal operating environment of terminal device meets the drm agent to the media content
DRM authorities, and according to the content encryption algorithm and contents encryption key decryption institute if meeting
State media content.
Preferably, the drm service end also includes cipher key management interface and operation support interface;Institute
DRM message processing modules are stated, are additionally operable to enter by the cipher key management interface and key management system
Row communication, it is corresponding from the key management system inquiry media content according to the mark of the media content
AES and contents encryption key;The DRM message processing modules, are additionally operable to by the fortune
Battalion's support interface is communicated with OSS, according to the mark of the media content and described
The essential information of drm agent inquires about the drm agent in the media from OSS
The DRM authorities of appearance.
According to the seventh aspect of the invention, a kind of terminal device, including any one institute as before are additionally provided
The drm agent stated.
Preferably, the drm agent operate in the intelligent operating system of the terminal device or
Person is operated in the credible performing environment of the terminal device.
According to the eighth aspect of the invention, a kind of DRM server is additionally provided, including it is such as preceding any
Drm service end described in.
The present invention is changed by way of Content-Authorize licensing carries out Content-Authorize, DRM client
Termination is received after the call request of media application, and the DRM to media content is asked to drm service end
Authorize, drm service end is according to the AES and contents encryption key of media content, and DRM
Client generates Content-Authorize execution unit to DRM authorities of media content etc. and is handed down to DRM visitors
Family end, drm agent directly runs Content-Authorize execution unit in drm agent running environment
The decryption to media content is realized, using technical scheme, spirit can be provided for media content
Protection living, so as to strengthen the safe coefficient of media content.
By referring to the drawings to the detailed description of the exemplary embodiment of the present invention, of the invention its
Its feature and its advantage will be made apparent from.
Brief description of the drawings
The accompanying drawing for being combined in the description and constituting a part for specification shows the reality of the present invention
Example is applied, and together with the principle that its explanation is used to explain the present invention.
Fig. 1 is the schematic block diagram that media content provided in an embodiment of the present invention runs related system.
Fig. 2 is the step schematic diagram for the digital copyright management method that first embodiment of the invention is provided.
Fig. 3 is the drm agent that first embodiment of the invention is provided and the block diagram at drm service end.
Fig. 4 is the drm agent and drm service end that second and third embodiment of the invention is provided
Block diagram.
Fig. 5 is the drm agent that fourth embodiment of the invention is provided and the block diagram at drm service end.
Fig. 6 shows the schematic block diagram of terminal device provided in an embodiment of the present invention.
Embodiment
The various exemplary embodiments of the present invention are described in detail now with reference to accompanying drawing.It should be noted that:
Unless specifically stated otherwise, the part that otherwise illustrates in these embodiments and step it is positioned opposite,
Numerical expression and numerical value are not limited the scope of the invention.
The description only actually at least one exemplary embodiment is illustrative below, is never made
For to the present invention and its application or any limitation used.
It may not make to beg in detail for technology, method and apparatus known to person of ordinary skill in the relevant
By, but in the appropriate case, the technology, method and apparatus should be considered as a part for specification.
In shown here and discussion all examples, any occurrence should be construed as merely example
Property, not as limitation.Therefore, other examples of exemplary embodiment can have different
Value.
It should be noted that:Similar label and letter represents similar terms, therefore, one in following accompanying drawing
It is defined, then it need not be carried out further in subsequent accompanying drawing in a certain Xiang Yi accompanying drawing of denier
Discuss.
The present invention proposes a kind of digital rights management scheme of media content, is related to offer DRM clothes
The drm service end of business and the drm agent of subscriber terminal equipment.
Terminal device is to be provided with intelligent operating system (to be such as Android, WINDOWS, IOS
System) intelligent electronic device, such as computer, smart mobile phone, PAD.
Drm agent is made up of drm agent running environment and execution unit.Execution unit be by
It is that drm service end is generated according to the demand of drm agent, can be in drm agent running environment
The entity of middle operation, such as program, sentence, instruction, code.Drm agent running environment is
Refer to the internal operating environment that drm agent 100 provides for execution unit.Execution unit runs on DRM
In client running environment, not directly with being contacted outside drm agent, but by DRM visitors
The running environment offer of family end is docked with terminal operating system.
Drm agent is realized to matchmaker by running execution unit in drm agent running environment
The rational delegation of power held in vivo.Execution unit of the present invention include but is not limited to communication execution unit,
Content-Authorize execution unit, digital watermarking execution unit etc..
The related system runed with reference to Fig. 1 media contents for introducing the embodiment of the present invention, says on the whole
Bright technical scheme:
Media content to be reached the standard grade is sent to content encryption system 3 and is encrypted by Content Management System 4,
After media content is encrypted content encryption system 3, the media content after encryption is sent to operation
Support system 6 waits user's program request, and contents encryption key is sent into key management system 5 and deposited
Storage management, is sent to DRM server 2 by the essential information of media content and is stored.In media
The essential information of appearance should at least include the unique mark of media content, can also further include media
The other information such as filename, size, duration, the corresponding DRM version numbers of content.Content-encrypt
System 3 AES that encrypted media content is used can also be sent to key management system 5 and/or
DRM server 2 is stored.Signified contents encryption key refers to encrypted content key in the present invention
Key, media content is encrypted using content key.
Drm service end 200 can perform list using the AES generation Content-Authorize of media content
Content-Authorize execution unit template in meta template, or drm service end 200 can be by content
Encryption system 3 or OSS 6 are handed down to DRM server 2.Content-Authorize execution unit
Template is used to generate the Content-Authorize execution unit that can directly run in drm agent running environment,
Content-Authorize execution unit can carry the authorization message of drm agent and judge that terminal operating environment is
No IF statement for meeting DRM authorization rule etc., for example, need to verify the local certificate of terminal device, school
Test and play media content etc. by can just decrypt.Those skilled in the art can be to content Authorization execution unit
Template carries out a variety of settings, and the present invention is repeated no more.It can also include in drm service end 200 other
The execution unit template of type, such as communication execution unit template, digital watermarking execution unit template
Deng the template type that according to runing setting can be needed new.
Operation has intelligent operating system 11, media application 12 and DRM client in terminal device 1
End 100.Media application 11 is, for example, media player or media APP, and user can be answered by media
11 on-demand media contents are used, further, user can also be bought by media application 11, be downloaded
Media content.Media application 11 obtains media content by OSS 6 and is presented to user.
When user asks media content by media application 11 to OSS 6, media should
With 11 unique marks that media content will be got from OSS 6, it can also further obtain
To the information such as the corresponding DRM version numbers of the media content and drm service end address, subsequent media should
Drm agent 100 is called with 11, it is therefore an objective to realize to the DRM authorization of media content to carry out
The operation such as broadcasting.
After drm agent 100 is called by media application 11, DRM is sent to drm service end 200
Message, drm service end 200 is received after DRM message, selects corresponding according to DRM message
Drm agent 100, drm agent 100 are handed down to after execution unit template generation execution unit
Execution unit is run in drm agent running environment, is realized by the operation of execution unit to matchmaker
The mandate held in vivo.Signified DRM message in the present invention, including but not limited to DRM authorization are asked,
It can also be request to the execution unit that communicates etc..
Drm service end 200 can be according to changing execution unit template the need for operation, according to performing list
The execution unit of meta template generation, which is sent to after drm agent 100, directly to be transported in drm agent
Performed in row environment, if to increase new DRM functions or the new authorization rule of increase, it is only necessary to
To increase new execution unit template in drm service end 2.
Drm agent 100 may operate in the intelligent operating system of terminal device 1, can also
In the credible performing environment for operating in terminal device 1.Drm agent 100 operates in trusted end-user and held
When in row environment, if content encryption algorithm etc. needs to update, it is only necessary at drm service end 200
The new Content-Authorize of generation performs template, and drm service end 200 performs template according to new Content-Authorize
It is sent to drm agent 100 after generation Content-Authorize execution unit and runs, it is to avoid to DRM visitor
The problem of family end 100 is frequently upgraded.
<First embodiment>
Referring to figs. 2 and 3 it is shown explanation first embodiment of the invention provide digital copyright management method,
Drm agent 100 and drm service end 200.Drm agent 100 includes media application
Interface 101, execution unit acquisition module 108, execution unit signature check module 109, execution unit
Engine 106, terminal operating system adaptation module 107 and execution unit dispatching management module are (in figure
It is not shown).Drm service end 200 include operation support interface 205, cipher key management interface 206,
The related DRM information acquisition module 208 of DRM message reception modules 207, media content, perform list
First generation module 204, execution unit signature blocks 210, execution unit issue module 209 and held
Row unit template management module 203.
The media that S101, drm agent 100 pass through the receiving terminal apparatus of media application interface 101
The call request of application, therefrom obtains the essential information of media content to be played.The base of media content
This information should at least include the unique mark of media content, can also further include media content
The other information such as filename, size, duration, corresponding DRM version numbers.
S102, drm agent 100 are by execution unit acquisition module 108 to drm service end
200 send DRM authorization request, and the mark of media content should be at least included in DRM authorization request
With the essential information of drm agent 100, it can also further include the corresponding DRM of media content
Version number information.The essential information of drm agent 100 should at least include drm agent 100
ID, the information such as address information, version number, certificate of drm agent 100 can also be included.
S103, drm service end 200 receive the DRM by DRM message reception modules 207
Authorization requests, are asked by the related DRM information acquisition module 208 of media content according to DRM authorization
Obtain content encryption algorithm and contents encryption key and drm agent 100 that media content is used
To the DRM authorities of media content, then by mark of the execution unit generation module 204 according to media content
Content encryption algorithm and contents encryption key, the base of drm agent 100 that knowledge, media content are used
This information and drm agent 100 are performed to the DRM permission builds Content-Authorize of media content
Unit 104.Module 209 is finally issued by the Content-Authorize execution unit 104 of generation by execution unit
It is handed down to drm agent 100.
S104, drm agent 100 receive Content-Authorize by execution unit acquisition module 108 and held
Row unit 104, Content-Authorize execution unit 104 is run in drm agent running environment, is passed through
Whether the checking of Content-Authorize execution unit 104 terminal operating environment meets drm agent 100 to matchmaker
The DRM authorities held in vivo, are decrypted if meeting according to content encryption algorithm and contents encryption key
Media content, controls the broadcasting of media content.For example:Drm agent 100 is to media content
DRM authorities are that drm agent can just decrypt broadcasting media content between the point of evening 8. -12,
Content-Authorize execution unit 104 can judge whether terminal operating environment is between the point of evening 8. -12, such as
Fruit terminal operating environment meets this restrictive condition between the point of evening 8. -12, then Content-Authorize performs list
First 104 pairs of media contents are decrypted, and control the broadcasting of media content.
In order to further improve the security of media content, in step s 103, execution unit generation
After the generation Content-Authorize execution unit of module 204, first signed by execution unit signature blocks 210,
Then module 209 is issued by the Content-Authorize execution unit after signature by execution unit again and is handed down to DRM
Client.In step S104, drm agent is obtained after Content-Authorize execution unit 104, first
The signature of content Authorization execution unit 104 is verified, verified after passing through again in drm agent
Content-Authorize execution unit 104 is run in running environment.
Wherein, execution unit generation module 204 can be according to the mark and/or media content of media content
Media content correspondence is searched by the corresponding DRM version numbers of content encryption algorithm and/or media content of use
Content-Authorize execution unit template, according to search obtain Content-Authorize execution unit template generation in
Hold Authorization execution unit 104.
Wherein, the execution unit acquisition module 108 of drm agent 100 can also be a communication
Execution unit.Drm agent 100 is received after the call request of media application, to drm service
End 200 sends the request to the execution unit that communicates, to should at least be wrapped in the request for the execution unit that communicates
The essential information of drm agent 100 is included, further can also the mark comprising media content and matchmaker
Hold corresponding DRM version number informations in vivo.DRM message reception modules 207 receive DRM client
It is logical according to described pair by execution unit generation module 204 after the request of the 100 pairs of communication execution units in end
Believe the request of execution unit to search communication execution unit template, list is performed according to the communication for searching acquisition
Meta template generation communication execution unit.Execution unit signature blocks 210 are to execution unit generation module 204
The communication execution unit of generation is signed, and execution unit issues module 209 and holds the communication after signature
Row unit is handed down to drm agent 100.Drm agent 100 is obtained after communication execution unit,
First the signature for the execution unit that communicates is verified, verification runs ring in drm agent again after passing through
Operation communication execution unit in border.Wherein, execution unit generation module 204 can be according to media content
Mark and/or the essential information of the corresponding DRM version numbers of media content and/or drm agent look into
Look for communication execution unit template.
Wherein, drm service end 200 can also include execution unit template management module 203, be used for
Execution unit template is managed, including downloads, increase, update, delete execution unit template etc..
Wherein, the related DRM information acquisition module 208 of media content passes through cipher key management interface 206
Communicated, obtained according to the mark of media content from key management system inquiry with key management system
AES and contents encryption key that media content is used.Or, media content correlation DRM letters
Breath acquisition module 208 obtains the content-encrypt of media content out of DRM server 2 storage region
Algorithm.
Wherein, the related DRM information acquisition module 208 of media content passes through operation support interface 205
Communicated with OSS, according to the mark of media content and the essential information of drm agent
DRM authority of the drm agent to media content is obtained from OSS inquiry.
Wherein, drm agent running environment is fitted including execution unit engine 106, terminal operating system
With module 107 and execution unit dispatching management module.Drm agent 100 passes through execution unit
Dispatching management module is dispatched, manages each execution unit, including execution unit is dispatched into execution unit
Run in engine 106, and increase, deletion, renewal execution unit.Drm agent 100 passes through
Execution unit engine 106 is fitted in terminal operating system by terminal operating system adaptation module 107.
Execution unit engine 106 also provides memory management interfaces, external storage management for the operation of execution unit
Interface, network management interface, cryptographic algorithm interface, broadcasting control interface and output control interface,
Terminal operating system adaptation module 107 deposits the memory management interfaces of execution unit engine 106, outside
Store up management interface, network management interface, cryptographic algorithm interface, broadcasting control interface and output control
Interface processed is fitted on the corresponding interface of terminal operating system.
<Second embodiment>
Illustrate digital copyright management method, DRM that second embodiment of the invention is provided with reference to shown in Fig. 4
Client 100 and drm service end 200.Second embodiment increases on the basis of first embodiment
The function of digital watermark is added, specifically:
If being embedded with digital watermarking in media content to be played, drm agent 100 is in media
The DRM authorities of appearance include that when playing media content the digital watermarking of media content must be verified, the matchmaker
Hold the step of containing scheduled digital watermark execution unit in corresponding Content-Authorize execution unit template in vivo.
Content-Authorize execution unit 104 is run in drm agent running environment, notifies DRM
Client 100 needs to start digital watermarking execution unit, then execution unit acquisition module 204 is according to this
Notify digital watermarking unit corresponding to the request media content of drm service end 200, this pair numeral water
In the request of impression member can the mark containing media content and drm agent 100 essential information.
Drm service end 200 receives drm agent 100 to the corresponding digital watermarking of media content
After the request of execution unit, by identifier lookup matchmaker of the execution unit generation module 204 according to media content
Hold corresponding digital watermarking unit template in vivo and according to the corresponding digital watermarking unit template of media content
Digital watermarking execution unit is generated, then by execution unit signature blocks 210 to digital watermarking execution unit
Signed, execution unit issues module 209 and issues the digital watermarking execution unit 105 after signature
To drm agent 100.
Drm agent 100 is received after digital watermarking execution unit 105, first by execution unit label
Name correction verification module 109 is verified to the signature of digital watermarking execution unit 105, is verified after passing through again
Digital watermarking execution unit 105, digital watermarking execution unit are run in drm agent running environment
105 verify digital watermarking embedded in media content in the playing process of media content, if verification
Not by then stopping playing media content.
Further, if the digital watermarking of media content contains the content providers of media content to matchmaker
The information that the limitation of the playing environment held in vivo is required, digital watermarking execution unit 105 is in media content
Playing process in need to judge whether terminal operating environment meets the content providers of media content to matchmaker
The limitation requirement of the playing environment held in vivo, stops playing media content if not meeting.The present invention
In the content providers that are related to can be content original provider, such as certain video display company is responsible for shooting
Film, then the video display company is exactly the original provider of content, the film that video display company shoots to it
Playing environment may have particular/special requirement, for example require the film must be played on intelligent television and can not
Played on smart mobile phone, then video display company can be embedded in the limit being loaded with to playing environment in the film
The digital watermarking of require information processed, the operation authority rear line that operator buys the film provides the electricity
Shadow, when user watches the film, the DRM requirements except operator to be met to the film will also
The requirement of the video display company to playing environment is met, can decrypt and play the film.
<3rd embodiment>
Illustrate digital copyright management method, DRM that third embodiment of the invention is provided with reference to shown in Fig. 4
Client 100 and drm service end 200.3rd embodiment increases on the basis of first embodiment
The function of digital watermark is added, specifically:
Drm agent must be embedded in when including to the DRM authorities of media content and play media content
Digital watermarking for following the trail of media content, the corresponding Content-Authorize execution unit template of the media content
In contain scheduled digital watermark execution unit the step of.
Content-Authorize execution unit 104 is run in drm agent running environment, notifies DRM
Client 100 needs to start digital watermarking execution unit, then execution unit acquisition module 204 is according to this
Notify digital watermarking unit corresponding to the request media content of drm service end 200, this pair numeral water
In the request of impression member can the mark containing media content and drm agent 100 essential information.
Drm service end 200 receives drm agent 100 to the corresponding digital watermarking of media content
After the request of execution unit, by identifier lookup matchmaker of the execution unit generation module 204 according to media content
Hold corresponding digital watermarking unit template in vivo and according to the corresponding digital watermarking unit template of media content
Digital watermarking execution unit is generated, then by execution unit signature blocks 210 to digital watermarking execution unit
Signed, execution unit issues module 209 and issues the digital watermarking execution unit 105 after signature
To drm agent 100.
Drm agent 100 is received after digital watermarking execution unit 105, first by execution unit label
Name correction verification module 109 is verified to the signature of digital watermarking execution unit 105, is verified after passing through again
Digital watermarking execution unit 105, digital watermarking execution unit are run in drm agent running environment
The 105 embedded digital watermarkings for being used to follow the trail of media content in the playing process of media content.
In other embodiments, Content-Authorize execution unit 104 notifies drm agent 100 to need
When starting digital watermarking execution unit, the essential information of digital watermarking execution unit can be included in notice.
The essential information of signified digital watermarking unit in the present invention, at least including digital watermarking execution unit
ID, further can be with information such as the start contexts of digital watermarking.In this case, execution unit
Acquisition module 108 to drm service end 200 ask media content corresponding digital watermarking unit when,
Can the essential information containing digital watermarking unit and DRM in the request to digital watermark unit
The essential information of client 100.Drm service end 200 receives drm agent 100 to media
After the request of the corresponding digital watermarking execution unit of content, by execution unit generation module 204 according to number
The essential information of word watermark unit finds out digital watermarking execution unit template, according to the numeral found out
Watermark execution unit template generation digital watermarking execution unit.
<Fourth embodiment>,
Illustrate digital copyright management method, DRM that fourth embodiment of the invention is provided with reference to shown in Fig. 5
Client 100 and drm service end 200.Drm agent 100 includes media application interface
1001st, execution unit dispatching management module 1002, execution unit engine 1006 and terminal operation system
System adaptation module 1007.Drm service end 200 includes operation support interface 2005, key management and connect
Mouth 2006, DRM message scheduling modules 2001, DRM message processing modules 2002, execution unit
Generation module 2004 and execution unit template management module 2003.
The media that S201, drm agent 100 pass through the receiving terminal apparatus of media application interface 101
The call request of application, therefrom obtains the essential information of media content to be played.The base of media content
This information should at least include the unique mark of media content, can also further include media content
The other information such as filename, size, duration, corresponding DRM version numbers.
S202, execution unit dispatching management module 1002 are according to the mark of the media content and/or the matchmaker
Hold whether corresponding DRM version numbers inquiry has available communication execution unit 1003 in vivo, if then
Dispatch DRM execution units engine 1006 and run communication execution unit 1003.
S203, communication execution unit 1003 send DRM authorization request to drm service end 200,
DRM authorization request at least should comprising media content mark and drm agent 100 it is basic
Information, can also further include the corresponding DRM version number informations of media content.Drm agent
100 essential information should at least include the ID of drm agent 100, can also include DRM visitors
The information such as address information, version number, the certificate at family end 100.
S204, the DRM message scheduling modules 2001 at drm service end 200 receive DRM authorization
After request, according to the running situation at drm service end 200, some DRM message processing module 2002 is called
Carry out DRM authorization request processing.
S205, DRM message processing module 2002 is by cipher key management interface 2006, according to media content
Mark the corresponding AES of the media content is inquired from key management system and content-encrypt is close
Key;By operation support interface 2005, according to the basic of the mark of media content and drm agent 100
Information inquires about DRM authority of the drm agent 100 to media content from OSS;According to
The mark of media content inquires about corresponding Content-Authorize from DRM execution units template management module 2003
Execution unit template.
S206:DRM message processing modules 2002 use the mark of media content, media content
Content encryption algorithm and contents encryption key, the essential information of drm agent 100, DRM client
The DRM authorities of 100 pairs of end media content and the Content-Authorize execution unit template found are sent
To DRM execution units generation module 2004.
S207, DRM execution unit generation module 2004 is according to the Content-Authorize execution unit mould found
Plate, the content encryption algorithm and contents encryption key used according to the mark of media content, media content,
DRM of the essential information and drm agent 100 of drm agent 100 to media content
The corresponding Content-Authorize execution unit of permission build.
2002 pairs of generation Content-Authorize execution units of S208, DRM message processing module are signed, will
Content-Authorize execution unit after signature is handed down to drm agent 100.
S209, drm agent receive Content-Authorize execution unit 1004 by the execution unit 1003 that communicates,
Communication execution unit 1003, which is received, is notified that execution unit dispatching management module after Content-Authorize execution unit
1002。
S210, execution unit dispatching management module 1002 first verify the signature of Content-Authorize unit 1004
Legitimacy, verification pass through after again Scheduling content Authorization execution unit 1004 run to execution unit engine 1006;
S211, Content-Authorize execution unit 1004 will determine that whether checking terminal operating environment meets DRM
Client 100 is obtained to the DRM authorities of media content if meeting to content encryption key decryption
Content key, decrypts media content according to content key and content encryption algorithm and controls to play.
In step S202, if execution unit dispatching management module 1002 does not find corresponding lead to
Believe execution unit, then execution unit dispatching management module 1002 is held to the request communication of drm service end 200
Row unit, drm service end 200 is received after the request, will inquire communication execution unit template, root
Execution unit and carried out according to communication execution unit template generation communication according to the essential information of drm agent
Signature, drm agent 100 is sent to by the communication execution unit after signature.Drm agent 100
Obtain after communication execution unit, execution unit dispatching management module 1002 first verifies that the communication execution unit
Signature legitimacy, after being proved to be successful will communication execution unit storage, it is engine-operated logical by execution unit
Letter execution unit interacts to obtain other execution units such as Content-Authorize execution unit with drm service end 200.
From figure 5 it can be seen that drm agent 100 also includes digital watermarking execution unit 1005,
The principle of digital watermarking execution unit 1005 can be similar with second, third embodiment with function, in media
Hold the step of containing scheduled digital watermark execution unit in corresponding Content-Authorize execution unit template,
Drm agent 100 produces according to the operation of Content-Authorize execution unit 1004 and digital watermarking is performed
Search the corresponding digital watermarking unit template of the media content in the request of unit, drm service end 200
And according to template generation digital watermarking execution unit 1005, digital watermarking execution unit 1005 is issued
To drm agent 100.
Execution unit dispatching management module 1002 be responsible for the download of management and running execution unit, checking, installation,
Update, inquire about, perform and terminate, execution unit dispatching management module 1002 is drawn by starting execution unit
Hold up the loading operation of 1006 carry out execution units.
With reference to above-described embodiment, the invention also provides the terminal device with above-mentioned drm agent,
And the DRM server with above-mentioned drm service end.
Terminal device 1 provided in an embodiment of the present invention, including memory 3020 and place are introduced with reference to Fig. 6
Device 3010 is managed, wherein, the memory 3020 is used for store instruction, and the instruction is used at control
Reason device 3010 carries out corresponding operating with the digital copyright management method for the media content for realizing the present invention.
Terminal device 1 also include interface arrangement 3030, communicator 3040, display device 3050,
Input unit 3060, loudspeaker 3070, microphone 3080, etc..
Processor 3010 is such as can be central processor CPU, Micro-processor MCV.Storage
Device 3020 is for example including ROM (read-only storage), RAM (random access memory), such as
Nonvolatile memory of hard disk etc..Interface arrangement 3030 is for example including USB interface, earphone interface
Deng.Communicator 3040 can for example carry out wired or wireless communication.Display device 3050 is, for example,
LCDs, touch display screen etc..Input unit 3060 is such as can include touch-screen, keyboard.
User can pass through loudspeaker 3070 and the inputting/outputting voice information of microphone 3080.
Terminal device shown in Fig. 6 is only explanatory, and never be intended to limitation the present invention,
It is applied or purposes.Although it will be appreciated by those skilled in the art that figure 6 illustrates multiple devices,
But, the present invention can only relate to partial devices therein.Those skilled in the art can be according to this hair
Bright disclosed conceptual design instruction, how control processor progress operation is techniques well known for instruction,
Therefore be not described in detail herein.
The present invention is changed by way of Content-Authorize licensing carries out Content-Authorize, DRM client
Termination is received after the call request of media application, and the DRM to media content is asked to drm service end
Authorize, drm service end is according to the AES and contents encryption key of media content, and DRM
Client generates Content-Authorize execution unit to DRM authorities of media content etc. and is handed down to DRM visitors
Family end, drm agent directly runs Content-Authorize execution unit in drm agent running environment
Realize the decryption to media content.
In the inventive solutions, because the execution unit that drm service end is generated is sent to
It can be performed after drm agent directly in drm agent running environment, therefore some can be directed to
Content encryption algorithm, authorization rule of media content setting individual etc., it is only necessary in drm service
End provides corresponding execution unit template.
It can frequently be upgraded using technical scheme or change content encryption algorithm, especially fitted
Protection for ultra high-definition content, it is to avoid the problem of frequently upgrading to drm agent.
Using technical scheme, new DRM functions can also be increased or increase is new awards
Power rule, it is only necessary to corresponding execution unit template is provided at drm service end, while also not
Need to carry out overall upgrading to drm agent and drm service end, be conducive to commercial operation.
As can be seen that using technical scheme, can neatly administrative protection media content,
So that the security of media content is higher.
The drm agent of the present invention may operate in trusted end-user performing environment, based on credible
In the case of performing environment, the renewal to content protection algorithm etc. only needs the generation of drm service end not
Same execution unit is sent to drm agent operation, does not interfere with other in credible performing environment
The normal of the function of non-drm agent is used.
Drm agent runs execution unit in drm agent running environment, passes through execution unit
Operation realize mandate to media content, and execution unit is issued by drm agent, because
This can be avoided drm agent from not going to decrypt according to license and the requirement of restrictive condition and play interior
Hold, solve leak and drawback that the mode of existing parsing Content-Authorize licensing is brought.
The present invention can be system, method and/or computer program product.Computer program product can be with
Including computer-readable recording medium, containing for making processor realize various aspects of the invention
Computer-readable program instructions.
Computer-readable recording medium can keep and store to be used by instruction execution equipment
The tangible device of instruction.Computer-readable recording medium, which for example can be ,-- but is not limited to-and-electricity deposits
Store up equipment, magnetic storage apparatus, light storage device, electromagnetism storage device, semiconductor memory apparatus or
Above-mentioned any appropriate combination.The more specifically example of computer-readable recording medium is (non exhaustive
List) include:Portable computer diskette, hard disk, random access memory (RAM), read-only deposit
Reservoir (ROM), erasable programmable read only memory (EPROM or flash memory), static random
Access memory (SRAM), Portable compressed disk read-only storage (CD-ROM), numeral many
Functional disc (DVD), memory stick, floppy disk, mechanical coding equipment, for example it is stored thereon with instruction
Punch card or groove internal projection structure and above-mentioned any appropriate combination.Meter used herein above
Calculation machine readable storage medium storing program for executing is not construed as instantaneous signal in itself, such as radio wave or other freedom
The electromagnetic wave of propagation, the electromagnetic wave propagated by waveguide or other transmission mediums are (for example, pass through optical fiber
The light pulse of cable) or the electric signal that is transmitted by electric wire.
Computer-readable program instructions as described herein can be downloaded from computer-readable recording medium
To each calculating/processing equipment, or by network, such as internet, LAN, wide area network and/
Or wireless network downloads to outer computer or External memory equipment.Network can include copper transmission cable,
Optical fiber is transmitted, is wirelessly transferred, router, fire wall, interchanger, gateway computer and/or edge take
Business device.Adapter or network interface in each calculating/processing equipment receive computer from network
Readable program instructions, and the computer-readable program instructions are forwarded, for being stored in each calculating/processing
In computer-readable recording medium in equipment.
Can be assembly instruction, instruction set architecture for performing the computer program instructions that the present invention is operated
(ISA) instruction, machine instruction, machine-dependent instructions, microcode, firmware instructions, state set number
According to or with one or more programming languages any combination source code or object code write, institute
Programming language of the programming language including object-oriented-Smalltalk, C++ etc. is stated, and it is conventional
Procedural programming languages-such as " C " language or similar programming language.Computer-readable program instructions
It fully can on the user computer perform, partly perform on the user computer, as one
Independent software kit is performed, part on the user computer part perform on the remote computer or
Performed completely on remote computer or server.In the situation of remote computer is related to, long-range meter
Calculation machine can be by the network of any kind-include LAN (LAN) or wide area network (WAN)-connection
To subscriber computer, or, it may be connected to outer computer (is for example provided using Internet service
Business comes by Internet connection).In certain embodiments, by using computer-readable program instructions
Status information come personalized customization electronic circuit, such as PLD, field programmable gate
Array (FPGA) or programmable logic array (PLA), the electronic circuit can perform computer can
Reader is instructed, so as to realize various aspects of the invention.
Referring herein to method according to embodiments of the present invention, device (system) and computer program product
Flow chart and/or block diagram describe various aspects of the invention.It should be appreciated that flow chart and/or block diagram
Each square frame and flow chart and/or block diagram in each square frame combination, can be by computer-readable journey
Sequence instruction is realized.
These computer-readable program instructions can be supplied to all-purpose computer, special-purpose computer or other
The processor of programmable data processing unit, so as to produce a kind of machine so that these instructions are logical
When crossing the computing device of computer or other programmable data processing units, implementation process figure is generated
And/or one or more of the block diagram device of function/action specified in square frame.These can also be counted
Calculation machine readable program instructions store in a computer-readable storage medium, these instruct cause computer,
Programmable data processing unit and/or other equipment work in a specific way, so that, be stored with instruction
Computer-readable medium then includes manufacture, and it includes one in implementation process figure and/or block diagram
Or the instruction of the various aspects of function/action specified in multiple square frames.
Computer-readable program instructions can also be loaded into computer, other programmable datas processing dress
Put or miscellaneous equipment on so that in computer, other programmable data processing units or miscellaneous equipment
Upper execution series of operation steps, to produce computer implemented process so that computer,
The instruction implementation process figure and/or block diagram performed in other programmable data processing units or miscellaneous equipment
One or more of function/action specified in square frame.
Flow chart and block diagram in accompanying drawing show system, the method for multiple embodiments according to the present invention
With architectural framework in the cards, function and the operation of computer program product.At this point, flow
Each square frame in figure or block diagram can represent a module, program segment or a part for instruction, described
Module, program segment or a part for instruction are used to realize defined logic function comprising one or more
Executable instruction.In some realizations as replacement, the function of being marked in square frame can also be with not
The order for being same as being marked in accompanying drawing occurs.For example, two continuous square frames can essentially substantially simultaneously
Perform capablely, they can also be performed in the opposite order sometimes, this is depending on involved function.
It is also noted that in each square frame and block diagram and/or flow chart in block diagram and/or flow chart
The combination of square frame, can be with function as defined in execution or the special hardware based system of action come real
It is existing, or can be realized with the combination of specialized hardware and computer instruction.For people in the art
For member it is well known that, realized by hardware mode, realized by software mode and by software and
It is all of equal value that the mode of combination of hardware, which is realized,.
It is described above various embodiments of the present invention, described above is exemplary, and exhaustive
Property, and it is also not necessarily limited to disclosed each embodiment.In the model without departing from illustrated each embodiment
Enclose and spirit in the case of, many modifications and changes for those skilled in the art
It will be apparent from.The selection of term used herein, it is intended to best explain the original of each embodiment
Reason, practical application or the technological improvement to the technology in market, or make the other general of the art
Logical technical staff is understood that each embodiment disclosed herein.The scope of the present invention by appended claims Lai
Limit.
Claims (39)
1. a kind of digital copyright management of media content (DRM) method, is implemented on and is mounted with DRM
In the terminal device of client, it is characterised in that comprise the following steps:
Step 1:The drm agent receives the call request of the media application of the terminal device,
Therefrom obtain the unique mark of media content to be played;
Step 2:The drm agent sends DRM authorization request to obtain to drm service end
Content-Authorize execution unit, the mark comprising the media content and institute in the DRM authorization request
State the essential information of drm agent;
Wherein, the Content-Authorize execution unit is according to the DRM by the drm service end
Authorization requests inquiry obtain the content encryption algorithm and contents encryption key that the media content uses, with
And the drm agent is to the DRM authorities of the media content, further according to the media content
Mark, the content encryption algorithm of media content use and contents encryption key, DRM visitors
The DRM permission builds of the essential information at family end and the drm agent to the media content;
Step 3:The drm agent runs the content in drm agent running environment and awarded
Execution unit is weighed, it is described to verify whether terminal operating environment meets by the Content-Authorize execution unit
Drm agent is to the DRM authorities of the media content, according to the content-encrypt if meeting
Algorithm and contents encryption key decrypt the media content.
2. according to the method described in claim 1, it is characterised in that the Content-Authorize performs list
Member be by the drm service end signed after be handed down to the drm agent again;
The drm agent is obtained after the Content-Authorize execution unit, first to the Content-Authorize
The signature of execution unit is verified, and verifies the Content-Authorize execution unit that reruned after passing through.
3. according to the method described in claim 1, it is characterised in that in the step 2, institute
State drm agent and communication execution unit is run in drm agent running environment, by described logical
Believe that execution unit sends the DRM authorization to the drm service end and asked.
4. method according to claim 3, it is characterised in that in the step 1 and described
Between step 2, in addition to obtain it is described communication execution unit the step of:The drm agent to
The drm service end sends the request to the execution unit that communicates to obtain the communication execution unit,
The essential information of the drm agent is included in the request of described pair of communication execution unit;
The communication execution unit is the base by the drm service end according to the drm agent
This information is generated.
5. method according to claim 4, it is characterised in that the communication execution unit is
By the drm service end signed after be handed down to the drm agent again;
The drm agent is obtained after the communication execution unit, first to the communication execution unit
Signature verified, verification is reruned the communication execution unit after passing through.
6. according to the method described in claim 1, it is characterised in that the drm agent is to institute
Stating the DRM authorities of media content includes that when playing the media content media content must be verified
Digital watermarking;
The Content-Authorize execution unit notifies the drm agent operation digital watermarking execution unit,
The drm agent runs the digital watermarking execution unit in drm agent running environment,
Verified by the digital watermarking execution unit in the playing process of the media content in the media
Embedded digital watermarking in appearance, does not stop playing the media content if verification if;
Wherein, the digital watermarking unit is to be notified by the drm agent according to described, to institute
Drm service end is stated to ask the corresponding digital watermarking unit of the media content and obtain.
7. method according to claim 6, it is characterised in that the digital water of the media content
Limitation requirement of content providers of the print containing the media content to the playing environment of the media content
Information;
The digital watermarking execution unit judges terminal operating in the playing process of the media content
Whether environment meets the limit of the content providers of the media content to the playing environment of the media content
System is required, stops playing the media content if not meeting.
8. according to the method described in claim 1, it is characterised in that the drm agent is to institute
It must be embedded in when stating the DRM authorities of media content including playing the media content described for following the trail of
The digital watermarking of media content;
The Content-Authorize execution unit notifies the drm agent operation digital watermarking execution unit,
The drm agent runs the digital watermarking execution unit in drm agent running environment,
It is used to follow the trail of institute by the way that the digital watermarking execution unit is embedded in the playing process of the media content
State the digital watermarking of media content;
Wherein, the digital watermarking unit is to be notified by the drm agent according to described, to institute
Drm service end is stated to ask the corresponding digital watermarking unit of the media content and obtain.
9. the method according to claim any one of 6-8, it is characterised in that the digital water
Print execution unit be by the drm service end signed after be handed down to the drm agent again;
The drm agent is obtained after the digital watermarking execution unit, first to the digital watermarking
The signature of execution unit is verified, and verifies the digital watermarking execution unit that reruned after passing through.
10. the method according to claim any one of 1-9, it is characterised in that the DRM
Client running environment includes execution unit engine and terminal operating system adaptation module;
The drm agent is by the engine-operated execution unit of the execution unit, and passes through institute
State terminal operating system adaptation module the execution unit engine is fitted in terminal operating system.
11. method according to claim 10, it is characterised in that the execution unit engine
For execution unit operation provide memory management interfaces, external storage management interface, network management interface,
Cryptographic algorithm interface, broadcasting control interface and output control interface;
The drm agent is drawn the execution unit by the terminal operating system adaptation module
The memory management interfaces held up, external storage management interface, network management interface, cryptographic algorithm interface,
Play control interface and output control interface is fitted on the corresponding interface of terminal operating system.
12. method according to claim 10, it is characterised in that the drm agent fortune
Row environment also includes execution unit dispatching management module;
The drm agent dispatched by the execution unit dispatching management module, manage each holds
Row unit, including by execution unit be dispatched in execution unit engine run, and increase, delete,
Update execution unit.
13. a kind of digital copyright management of media content (DRM) method, is implemented on drm service
In end, it is characterised in that comprise the following steps:
Step 1:The drm service end receives the DRM authorization request that drm agent is sent,
Unique mark comprising the media content and the drm agent in DRM authorization request
Essential information;
Step 2:The drm service end obtains the media according to the DRM authorization requesting query
The content encryption algorithm and contents encryption key and the drm agent that content is used are to described
The DRM authorities of media content;
Step 3:The drm service end is according to the identifying of the media content, the media content
The content encryption algorithm and contents encryption key that use, the essential information of the drm agent, with
And the drm agent is to the DRM permission build Content-Authorize execution units of the media content;
Wherein, the Content-Authorize execution unit is configured in drm agent running environment and transported
Whether row meets the DRM visitors with the terminal operating environment of terminal device where verifying drm agent
Calculated to the DRM authorities of the media content, and if meeting according to the content-encrypt at family end
Method and contents encryption key decrypt the media content;
Step 4:The Content-Authorize execution unit of generation is handed down to described in the drm service end
Drm agent.
14. method according to claim 13, it is characterised in that in the step 3 and step
Between rapid 4, in addition to the drm service end is signed to the Content-Authorize execution unit of generation
The step of.
15. method according to claim 13, it is characterised in that in the step 3,
The drm service end is used according to the mark of the media content or the media content
Content encryption algorithm searches the corresponding Content-Authorize execution unit template of the media content;Or,
In DRM authorization request also comprising the corresponding DRM version numbers of the media content and
The drm service end media content is searched according to the corresponding DRM version numbers of the media content
Corresponding Content-Authorize execution unit template;
The drm service end is described in the Content-Authorize execution unit template generation obtained according to searching
Content-Authorize execution unit.
16. method according to claim 15, it is characterised in that the media content correspondence
Content-Authorize execution unit template in contain scheduled digital watermark execution unit the step of;
The drm service end receives the drm agent to the corresponding numeral of the media content
The request of watermark execution unit, the drm agent is to the corresponding digital watermarking of the media content
The request of execution unit is the drm agent according to the Content-Authorize execution unit scheduled digital
The step of watermark execution unit and produce;
Drm service end media content according to the identifier lookup of the media content is corresponding
Digital watermarking unit template and the digital watermarking unit template generation digital watermarking execution obtained according to searching
Unit;
The drm service end digital watermarking execution unit of generation is handed down to the DRM client
End.
17. method according to claim 13, it is characterised in that in the step 2,
The drm service end is to be inquired about to obtain institute from key management system according to the mark of the media content
State the AES and contents encryption key of media content use.
18. method according to claim 13, it is characterised in that in the step 2,
The drm service end is the mark and the basic letter of the drm agent according to the media content
Breath obtains DRM authority of the drm agent to the media content from OSS inquiry.
19. a kind of drm agent, is arranged in the terminal device for being mounted with intelligent operating system,
Characterized in that, the drm agent include media application interface, execution unit acquisition module,
Content-Authorize execution unit;
The media application interface, the call request of the media application for receiving the terminal device,
Therefrom obtain the unique mark of media content to be played;
The execution unit acquisition module, for drm service end send DRM authorization request with
The Content-Authorize execution unit is obtained, the media content is included in the DRM authorization request
The essential information of mark and the drm agent;
The Content-Authorize execution unit, for verifying whether terminal operating environment meets the DRM
Client is to the DRM authorities of the media content, according to the content encryption algorithm if meeting
The media content is decrypted with contents encryption key;
Wherein, the Content-Authorize execution unit is according to the DRM by the drm service end
Authorization requests inquiry obtain the content encryption algorithm and contents encryption key that the media content uses, with
And the drm agent is to the DRM authorities of the media content, further according to the media content
Mark, the content encryption algorithm of media content use and contents encryption key, DRM visitors
The DRM permission builds of the essential information at family end and the drm agent to the media content.
20. drm agent according to claim 19, it is characterised in that the DRM
Client also includes the execution unit label for being used to verify the signature of the Content-Authorize execution unit
Name correction verification module.
21. drm agent according to claim 19, it is characterised in that the DRM
Client must verify institute when including to the DRM authorities of the media content and play the media content
State the digital watermarking of media content;The drm agent also includes digital watermarking execution unit;
The Content-Authorize execution unit, is additionally operable to notify the execution unit acquisition module is obtained described
Digital watermarking execution unit;
The execution unit acquisition module, is additionally operable to be notified according to described, to the drm service end
Ask the corresponding digital watermarking unit of the media content;
The digital watermarking execution unit, it is described for being verified in the playing process of the media content
Embedded digital watermarking in media content, does not stop playing the media content if verification if.
22. drm agent according to claim 21, it is characterised in that in the media
The digital watermarking of appearance contains playing environment of the content providers to the media content of the media content
Limitation require information;
The digital watermarking execution unit, is additionally operable to judge eventually in the playing process of the media content
Whether end running environment meets broadcasting ring of the content providers to the media content of the media content
The limitation requirement in border, stops playing the media content if not meeting.
23. drm agent according to claim 19, it is characterised in that the DRM
Client must be embedded in use when including to the DRM authorities of the media content and play the media content
In the digital watermarking for following the trail of the media content;The drm agent also includes digital watermarking and performed
Unit;
The Content-Authorize execution unit, is additionally operable to notify the execution unit acquisition module is obtained described
Digital watermarking execution unit;
The execution unit acquisition module, is additionally operable to be notified according to described, to the drm service end
Ask the corresponding digital watermarking unit of the media content;
The digital watermarking execution unit, is used for for embedded in the playing process of the media content
Follow the trail of the digital watermarking of the media content.
24. the drm agent according to claim any one of 19-23, it is characterised in that
The drm agent also includes execution unit engine and terminal operating system adaptation module;
The execution unit engine, for running execution unit;
The terminal operating system adaptation module, for the execution unit engine to be fitted into terminal behaviour
Make in system.
25. drm agent according to claim 24, it is characterised in that the execution list
First engine, for the operation for execution unit provide memory management interfaces, external storage management interface,
Network management interface, cryptographic algorithm interface, broadcasting control interface and output control interface;
The terminal operating system adaptation module, for the memory management of the execution unit engine to be connect
Mouth, external storage management interface, network management interface, cryptographic algorithm interface, play control interface,
And output control interface is fitted on the corresponding interface of terminal operating system.
26. drm agent according to claim 24, it is characterised in that the DRM
Client also includes execution unit dispatching management module;
The execution unit dispatching management module, for dispatching, managing each execution unit, including will
Execution unit is dispatched in execution unit engine and run, and increase, deletion, renewal execution unit.
27. a kind of drm service end, it is characterised in that including DRM message reception modules, matchmaker
Hold related DRM information acquisition module, execution unit generation module and execution unit in vivo to issue
Module;
The DRM message reception modules, the DRM authorization for receiving drm agent transmission please
Ask, the unique mark comprising the media content and the DRM client in the DRM authorization request
The essential information at end;
The related DRM information acquisition module of the media content, for being asked according to the DRM authorization
Ask and inquire about the content encryption algorithm and contents encryption key that obtain the media content use and described
DRM authority of the drm agent to the media content;
The execution unit generation module, for according in the identifying of the media content, the media
Hold use content encryption algorithm and contents encryption key, the essential information of the drm agent,
And the drm agent is corresponding according to the media content to the DRM authorities of the media content
Content-Authorize execution unit template generation Content-Authorize execution unit;Wherein, the Content-Authorize is held
Row unit, which is configured in drm agent running environment, to be run to verify drm agent institute
Whether meet the drm agent to the media content in the terminal operating environment of terminal device
DRM authorities, and according to the content encryption algorithm and contents encryption key decryption institute if meeting
State media content;
The execution unit issues module, described for the Content-Authorize execution unit to be handed down to
Drm agent.
28. drm service end according to claim 27, it is characterised in that the DRM
Service end also includes execution unit signature blocks;The execution unit signature blocks, for being held described
Row unit is issued before module issues the Content-Authorize execution unit to the Content-Authorize execution unit
Signed.
29. drm service end according to claim 27, it is characterised in that the DRM
Service end also includes execution unit template management module, for managing Content-Authorize execution unit template,
Including increase, renewal, delete Content-Authorize execution unit template.
30. drm service end according to claim 27, it is characterised in that the DRM
Service end also includes cipher key management interface;
The media content DRM information acquisition module, for by the cipher key management interface with it is close
Key management system is communicated, and is obtained according to the mark of the media content from key management system inquiry
AES and contents encryption key that the media content is used.
31. drm service end according to claim 27, it is characterised in that the DRM
Service end also includes operation support interface;
The media content DRM information acquisition module, be additionally operable to by the operation support interface with
OSS is communicated, according to the mark and the base of the drm agent of the media content
This information obtains DRM of the drm agent to the media content from OSS inquiry
Authority.
32. a kind of drm agent, is arranged in the terminal device for being mounted with intelligent operating system,
Characterized in that, the drm agent includes media application interface, execution unit management and running mould
Block, execution unit engine and terminal operating system adaptation module;
The media application interface, the call request of the media application for receiving the terminal device,
Therefrom obtain the unique mark of media content to be played;
The execution unit dispatching management module, for being searched according to the call request in the media
Hold corresponding execution unit, and start the engine-operated execution unit of the execution unit to realize pair
The DRM authorization of the media content;And if search perform corresponding less than the media content
Unit, then sending DRM message to drm service end, the media content is corresponding to perform list to obtain
Member, is verified to judge the legitimacy of execution unit, Ran Houqi to the signature of the execution unit of acquisition
The engine-operated execution unit of DRM execution units is moved to realize the DRM authorization to media content;
The terminal operating system adaptation module, for realizing the DRM execution units engine and end
Hold the adaptation of operating system.
33. drm agent according to claim 32, it is characterised in that the execution list
First engine, for the operation for execution unit provide memory management interfaces, external storage management interface,
Network management interface, cryptographic algorithm interface, broadcasting control interface and output control interface;
The terminal operating system adaptation module, for the memory management of the execution unit engine to be connect
Mouth, external storage management interface, network management interface, cryptographic algorithm interface, play control interface,
And output control interface is fitted on the corresponding interface of terminal operating system.
34. a kind of drm service end, it is characterised in that including DRM message processing modules, hold
Row unit template management module, execution unit template and execution unit generation module;
The DRM message processing modules, the DRM message for receiving drm agent transmission,
Mark comprising media content and the essential information of the drm agent in the DRM message;Root
Select corresponding execution unit template according to the DRM message, call execution unit generation module according to
The execution unit template generation execution unit of selection, the execution unit is configured in DRM visitors
Run to realize the DRM authorization to media content in the running environment of family end;The execution unit is given birth to
The execution unit generated into module is signed;Execution unit after signature is handed down to the DRM visitors
Family end;
The execution unit template management module, for managing execution unit template.
35. drm service end according to claim 34, it is characterised in that the execution list
First administrative template includes Content-Authorize execution unit template;
The DRM message processing modules, for calling execution unit generation module according to the media
It is content encryption algorithm and contents encryption key that the identifying of content, the media content are used, described
The DRM of the essential information of drm agent and the drm agent to the media content
Authority according to selection Content-Authorize execution unit template generation Content-Authorize execution unit;
Wherein, the Content-Authorize execution unit is configured in drm agent running environment
Whether middle operation meets described with the terminal operating environment of terminal device where verifying drm agent
Drm agent is to the DRM authorities of the media content, and according to the content if meeting
AES and contents encryption key decrypt the media content.
36. drm service end according to claim 35, it is characterised in that the DRM
Service end also includes cipher key management interface and operation support interface;
The DRM message processing modules, are additionally operable to by the cipher key management interface and key management
System is communicated, and is inquired about according to the mark of the media content from key management system in the media
Hold corresponding AES and contents encryption key;
The DRM message processing modules, are additionally operable to by the operation support interface and operation support
System is communicated, according to the media content mark and the drm agent essential information from
OSS inquires about DRM authority of the drm agent to the media content.
37. a kind of terminal device, it is characterised in that including according to claim 19-26,32-33
Drm agent described in any one.
38. terminal device according to claim 28, it is characterised in that the DRM client
Hold in the intelligent operating system for operating in the terminal device or operate in the credible of the terminal device
In performing environment.
39. a kind of DRM server, it is characterised in that including according to claim 27-31,34-36
Drm service end described in any one.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610185037.5A CN107241620B (en) | 2016-03-29 | 2016-03-29 | Digital rights management method of media content, DRM client and server |
PCT/CN2017/077552 WO2017167077A1 (en) | 2016-03-29 | 2017-03-21 | Digital rights management method for media content, drm client and serving end |
EA201891890A EA035157B1 (en) | 2016-03-29 | 2017-03-21 | Digital rights management method for media content, drm client and serving end |
SG11201808404PA SG11201808404PA (en) | 2016-03-29 | 2017-03-21 | Digital rights management method of media content, drm client and server side |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610185037.5A CN107241620B (en) | 2016-03-29 | 2016-03-29 | Digital rights management method of media content, DRM client and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107241620A true CN107241620A (en) | 2017-10-10 |
CN107241620B CN107241620B (en) | 2020-03-24 |
Family
ID=59963453
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610185037.5A Active CN107241620B (en) | 2016-03-29 | 2016-03-29 | Digital rights management method of media content, DRM client and server |
Country Status (4)
Country | Link |
---|---|
CN (1) | CN107241620B (en) |
EA (1) | EA035157B1 (en) |
SG (1) | SG11201808404PA (en) |
WO (1) | WO2017167077A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109168085A (en) * | 2018-08-08 | 2019-01-08 | 福州瑞芯微电子股份有限公司 | A kind of device clients video flowing hardware protection method |
CN109325363A (en) * | 2018-09-26 | 2019-02-12 | 平安普惠企业管理有限公司 | Management method, device, computer equipment and the storage medium of authority information |
CN110348177A (en) * | 2018-04-03 | 2019-10-18 | 福建省天奕网络科技有限公司 | The copy-right protection method and its system of media file |
US20200228347A1 (en) * | 2019-01-14 | 2020-07-16 | Alibaba Group Holding Limited | Data Security Processing and Data Source Tracing Method, Apparatus, and Device |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110875820A (en) * | 2018-09-03 | 2020-03-10 | 国家广播电视总局广播电视科学研究院 | Management method and system for multimedia content protection key and key agent device |
US20200242213A1 (en) * | 2019-01-28 | 2020-07-30 | Blackberry Limited | Method and system for digital rights management |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050066353A1 (en) * | 2003-09-18 | 2005-03-24 | Robert Fransdonk | Method and system to monitor delivery of content to a content destination |
CN1873652A (en) * | 2005-06-01 | 2006-12-06 | 富士施乐株式会社 | Device and method for protecting digit content, and device and method for processing protected digit content |
CN101350918A (en) * | 2008-09-05 | 2009-01-21 | 清华大学 | Method for protecting copyright of video content |
CN101719205A (en) * | 2009-12-25 | 2010-06-02 | 国家广播电影电视总局电影数字节目管理中心 | Digital copyright management method and system |
CN103841469A (en) * | 2014-03-19 | 2014-06-04 | 国家广播电影电视总局电影数字节目管理中心 | Digital film copyright protection method and device |
-
2016
- 2016-03-29 CN CN201610185037.5A patent/CN107241620B/en active Active
-
2017
- 2017-03-21 SG SG11201808404PA patent/SG11201808404PA/en unknown
- 2017-03-21 EA EA201891890A patent/EA035157B1/en unknown
- 2017-03-21 WO PCT/CN2017/077552 patent/WO2017167077A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050066353A1 (en) * | 2003-09-18 | 2005-03-24 | Robert Fransdonk | Method and system to monitor delivery of content to a content destination |
CN1873652A (en) * | 2005-06-01 | 2006-12-06 | 富士施乐株式会社 | Device and method for protecting digit content, and device and method for processing protected digit content |
CN101350918A (en) * | 2008-09-05 | 2009-01-21 | 清华大学 | Method for protecting copyright of video content |
CN101719205A (en) * | 2009-12-25 | 2010-06-02 | 国家广播电影电视总局电影数字节目管理中心 | Digital copyright management method and system |
CN103841469A (en) * | 2014-03-19 | 2014-06-04 | 国家广播电影电视总局电影数字节目管理中心 | Digital film copyright protection method and device |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110348177A (en) * | 2018-04-03 | 2019-10-18 | 福建省天奕网络科技有限公司 | The copy-right protection method and its system of media file |
CN110348177B (en) * | 2018-04-03 | 2022-06-07 | 福建省天奕网络科技有限公司 | Copyright protection method and system for media file |
CN109168085A (en) * | 2018-08-08 | 2019-01-08 | 福州瑞芯微电子股份有限公司 | A kind of device clients video flowing hardware protection method |
CN109168085B (en) * | 2018-08-08 | 2021-01-08 | 瑞芯微电子股份有限公司 | Hardware protection method for video stream of equipment client |
CN109325363A (en) * | 2018-09-26 | 2019-02-12 | 平安普惠企业管理有限公司 | Management method, device, computer equipment and the storage medium of authority information |
US20200228347A1 (en) * | 2019-01-14 | 2020-07-16 | Alibaba Group Holding Limited | Data Security Processing and Data Source Tracing Method, Apparatus, and Device |
Also Published As
Publication number | Publication date |
---|---|
WO2017167077A1 (en) | 2017-10-05 |
EA201891890A1 (en) | 2019-03-29 |
CN107241620B (en) | 2020-03-24 |
EA035157B1 (en) | 2020-05-06 |
SG11201808404PA (en) | 2018-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107241620A (en) | Digital copyright management method, drm agent and the service end of media content | |
CN108197891B (en) | Electronic signing device and method based on block chain | |
CN105391840B (en) | Automatically create destination application | |
CN106845160B (en) | A kind of digital copyright management for intelligent operating system(DRM)Method and system | |
CN108595970A (en) | Configuration method, device, terminal and the storage medium of processing component | |
CN101156448B (en) | Method and system for securing media content in a multimedia processor | |
CN105981327A (en) | Method and apparatus for secured communication and multimedia device adopting the same | |
CN103597492A (en) | Improved security function-based cloud service system and method for supporting same | |
CN107231490A (en) | Dynamic updates method, client and the server of IOS system applications | |
CN109255210A (en) | The method, apparatus and storage medium of intelligent contract are provided in block chain network | |
CN110290146A (en) | Share generation method, device, server and the storage medium of password | |
CN105101147B (en) | A kind of method and system of orientation flow that realizing mobile app | |
CN104506504B (en) | A kind of storage method and safety device of card-free terminal classified information | |
CN104503780A (en) | Method and device for providing application channel packet | |
CN109471740A (en) | Built-in system and third party system software interconnection method, device and terminal device | |
CN108737092A (en) | Mobile terminal administration server, mobile terminal, business cloud platform and application system | |
CN102799815B (en) | A kind of method and apparatus of safe loading procedure storehouse | |
CN107896227A (en) | A kind of data calling method, device and device data cloud platform | |
CN109358859A (en) | The method, apparatus and storage medium of intelligent contract are installed in block chain network | |
CN102047239A (en) | Defining, distributing and presenting device experiences | |
CN107967424A (en) | A kind of verification method of plug-in unit, device, terminal device and storage medium | |
CN100517357C (en) | Secure license key method and system | |
CN108055585A (en) | Data processing method, set top box upgrading method, terminal and set-top box | |
CN106020868B (en) | A kind of smart card firmware update and system | |
CN109769024A (en) | Internet of Things construction method and device based on data trade block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100866 Fuxing door street, Xicheng District, Xicheng District, Beijing Applicant after: Research Institute of Radio and Television Science, State Administration of Radio and Television Address before: 100866 Fuxing door street, Xicheng District, Xicheng District, Beijing Applicant before: National news publishes broadcast research institute of General Bureau of Radio, Film and Television |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |