CN114223176A - 一种证书管理方法及装置 - Google Patents
一种证书管理方法及装置 Download PDFInfo
- Publication number
- CN114223176A CN114223176A CN201980099456.9A CN201980099456A CN114223176A CN 114223176 A CN114223176 A CN 114223176A CN 201980099456 A CN201980099456 A CN 201980099456A CN 114223176 A CN114223176 A CN 114223176A
- Authority
- CN
- China
- Prior art keywords
- key
- digital certificate
- private key
- identification information
- transport
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims description 269
- 238000000034 method Methods 0.000 claims abstract description 78
- 230000006870 function Effects 0.000 claims description 61
- 230000005540 biological transmission Effects 0.000 claims description 53
- 238000003860 storage Methods 0.000 claims description 36
- 238000004590 computer program Methods 0.000 claims description 14
- 238000013475 authorization Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 abstract description 17
- 238000013461 design Methods 0.000 description 45
- 101150050163 CERT1 gene Proteins 0.000 description 32
- 230000008569 process Effects 0.000 description 29
- 238000010586 diagram Methods 0.000 description 25
- 238000009826 distribution Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 11
- FCKYPQBAHLOOJQ-UHFFFAOYSA-N Cyclohexane-1,2-diaminetetraacetic acid Chemical compound OC(=O)CN(CC(O)=O)C1CCCCC1N(CC(O)=O)CC(O)=O FCKYPQBAHLOOJQ-UHFFFAOYSA-N 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 8
- 101100171184 Arabidopsis thaliana DRMH1 gene Proteins 0.000 description 4
- 101150053091 DRM2 gene Proteins 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 101150115391 DRM1 gene Proteins 0.000 description 2
- 101150117307 DRM3 gene Proteins 0.000 description 2
- 239000000306 component Substances 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- SPBWHPXCWJLQRU-FITJORAGSA-N 4-amino-8-[(2r,3r,4s,5r)-3,4-dihydroxy-5-(hydroxymethyl)oxolan-2-yl]-5-oxopyrido[2,3-d]pyrimidine-6-carboxamide Chemical compound C12=NC=NC(N)=C2C(=O)C(C(=O)N)=CN1[C@@H]1O[C@H](CO)[C@@H](O)[C@H]1O SPBWHPXCWJLQRU-FITJORAGSA-N 0.000 description 1
- 102100021677 Baculoviral IAP repeat-containing protein 2 Human genes 0.000 description 1
- 102100021662 Baculoviral IAP repeat-containing protein 3 Human genes 0.000 description 1
- 102100037024 E3 ubiquitin-protein ligase XIAP Human genes 0.000 description 1
- 101000896157 Homo sapiens Baculoviral IAP repeat-containing protein 2 Proteins 0.000 description 1
- 101000896224 Homo sapiens Baculoviral IAP repeat-containing protein 3 Proteins 0.000 description 1
- 101000804865 Homo sapiens E3 ubiquitin-protein ligase XIAP Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/101—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
一种证书管理方法及装置,以解决DRM客户端的数字证书和私钥管控效率低的问题。具体采用的方案是:将对客户端应用相关的数据处理的功能,以及数字证书/私钥的写入/读取的功能,通过不同的模块来实现,用于负责数字证书和私钥的写入和存储的功能模块称为密钥管理TA,用于负责客户端应用相关的数据处理的功能模块为业务TA。不同的客户端的数字证书和私钥,均由密钥管理TA负责写入和存储,由密钥管理TA统一管理。密钥管理TA针对不同的客户端的数字证书和私钥采用通行密钥来加密,并且对加密后的数字证书和私钥通过不同的标识信息来关联保存。
Description
PCT国内申请,说明书已公开。
Claims (35)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2019/101450 WO2021031087A1 (zh) | 2019-08-19 | 2019-08-19 | 一种证书管理方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114223176A true CN114223176A (zh) | 2022-03-22 |
CN114223176B CN114223176B (zh) | 2024-04-12 |
Family
ID=74659760
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201980099456.9A Active CN114223176B (zh) | 2019-08-19 | 2019-08-19 | 一种证书管理方法及装置 |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP4016921A4 (zh) |
CN (1) | CN114223176B (zh) |
WO (1) | WO2021031087A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114301597B (zh) * | 2021-12-13 | 2024-02-09 | 零信技术(深圳)有限公司 | 密钥验证方法、设备及可读存储介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007073623A1 (fr) * | 2005-12-29 | 2007-07-05 | Zte Corporation | Procede de telechargement d'une certification et d'une cle numeriques |
US20120303951A1 (en) * | 2011-05-27 | 2012-11-29 | General Instrument Corporation | Method and system for registering a drm client |
US20160254904A1 (en) * | 2015-02-27 | 2016-09-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
CN106033503A (zh) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | 在数字内容设备中在线写入应用密钥的方法、装置及*** |
CN106851351A (zh) * | 2015-12-03 | 2017-06-13 | 国家新闻出版广电总局广播科学研究院 | 一种支持数字版权管理(drm)的媒体网关/终端实现方法及其设备 |
CN107743067A (zh) * | 2017-11-30 | 2018-02-27 | 美的智慧家居科技有限公司 | 数字证书的颁发方法、***、终端以及存储介质 |
-
2019
- 2019-08-19 EP EP19942074.6A patent/EP4016921A4/en active Pending
- 2019-08-19 CN CN201980099456.9A patent/CN114223176B/zh active Active
- 2019-08-19 WO PCT/CN2019/101450 patent/WO2021031087A1/zh unknown
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007073623A1 (fr) * | 2005-12-29 | 2007-07-05 | Zte Corporation | Procede de telechargement d'une certification et d'une cle numeriques |
US20120303951A1 (en) * | 2011-05-27 | 2012-11-29 | General Instrument Corporation | Method and system for registering a drm client |
US20160254904A1 (en) * | 2015-02-27 | 2016-09-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
CN106033503A (zh) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | 在数字内容设备中在线写入应用密钥的方法、装置及*** |
CN106851351A (zh) * | 2015-12-03 | 2017-06-13 | 国家新闻出版广电总局广播科学研究院 | 一种支持数字版权管理(drm)的媒体网关/终端实现方法及其设备 |
CN107743067A (zh) * | 2017-11-30 | 2018-02-27 | 美的智慧家居科技有限公司 | 数字证书的颁发方法、***、终端以及存储介质 |
Non-Patent Citations (1)
Title |
---|
ERICSSON等: "Security Architecture developed by 5G-ENSURE project", 《3GPP TSG SA WG3 (SECURITY) MEETING #88 S3-171907》 * |
Also Published As
Publication number | Publication date |
---|---|
EP4016921A1 (en) | 2022-06-22 |
WO2021031087A1 (zh) | 2021-02-25 |
CN114223176B (zh) | 2024-04-12 |
EP4016921A4 (en) | 2022-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110784491B (zh) | 一种物联网安全管理*** | |
US11218323B2 (en) | Method and system for producing a secure communication channel for terminals | |
US8953790B2 (en) | Secure generation of a device root key in the field | |
EP1942430B1 (en) | Token Passing Technique for Media Playback Devices | |
CN110249336B (zh) | 使用签名密钥对可信执行环境的寻址 | |
US8462955B2 (en) | Key protectors based on online keys | |
EP3025226B1 (en) | Media client device authentication using hardware root of trust | |
EP2954448B1 (en) | Provisioning sensitive data into third party network-enabled devices | |
US20140281502A1 (en) | Method and apparatus for embedding secret information in digital certificates | |
CN106464485A (zh) | 用于保护在清单文件中输送的内容密钥的***和方法 | |
US8538890B2 (en) | Encrypting a unique cryptographic entity | |
EP3732821B1 (en) | Secure provisioning of keys | |
JP5954609B1 (ja) | 電子署名トークンの私有鍵のバックアップ方法およびシステム | |
JP2010514000A (ja) | 電子装置にプログラム状態データをセキュアに記憶するための方法 | |
CN103546289A (zh) | 一种基于USBKey的安全传输数据的方法及*** | |
CN110235134B (zh) | 使用洁净室供应来寻址可信执行环境 | |
JP2009543211A (ja) | 汎用管理構造を使用するコンテンツ管理システムおよび方法 | |
EP3361737A1 (en) | Protecting media content | |
JP2009543208A5 (zh) | ||
JP2009543208A (ja) | 証明書連鎖を使用するコンテンツ管理システムおよび方法 | |
CN114223176B (zh) | 一种证书管理方法及装置 | |
JP4972165B2 (ja) | アイデンティティオブジェクトを使用する制御システムおよび方法 | |
CN112448810A (zh) | 一种认证方法以及装置 | |
US8095793B1 (en) | Digital rights management apparatus and method | |
US20230376574A1 (en) | Information processing device and method, and information processing system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |