CN1859246A - Copyright managing method for digit household network and digital household network system - Google Patents

Copyright managing method for digit household network and digital household network system Download PDF

Info

Publication number
CN1859246A
CN1859246A CN 200510101063 CN200510101063A CN1859246A CN 1859246 A CN1859246 A CN 1859246A CN 200510101063 CN200510101063 CN 200510101063 CN 200510101063 A CN200510101063 A CN 200510101063A CN 1859246 A CN1859246 A CN 1859246A
Authority
CN
China
Prior art keywords
group key
resident devices
equipment
home gateway
devices
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200510101063
Other languages
Chinese (zh)
Other versions
CN100452737C (en
Inventor
夏南
李祥辉
左明雷
王晓芸
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005101010637A priority Critical patent/CN100452737C/en
Publication of CN1859246A publication Critical patent/CN1859246A/en
Application granted granted Critical
Publication of CN100452737C publication Critical patent/CN100452737C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides digit home network copyright management method and digit home network system, said home network including home gateway and said home-attached device. Said method includes said home gateway issuing group key to device; said device utilizing said group key to make device authenticating and content switch; said group key having large version number and small version number, same large version number group key being one way function chain dependent on small version number. The present invention utilizes one way function chain realized group key to make device authenticating and content sharing, raising device authenticating efficiency; to make off line device capable of mutually authenticating and content switch, ensuring different gradation device access content security.

Description

Copyright managing method in the digital home network and digital family network system
Technical field
The invention belongs to the digital home network field, relate in particular to copyright managing method and a kind of digital family network system in a kind of digital home network.
Background technology
Digital copyright management (DRM; Digital Rights Management) when guaranteeing that user legal, that have authority is to normal uses such as digital information such as digital picture, audio frequency, videos, protection digital information creator and owner's copyright and the legal income that obtains according to copyright.At present, digital copyright management has obtained using and having obtained success at the aspects such as copyright protection of network program request, DVD (Digital Versatile Disk, Digital video disc) broadcast, artistic work.DRM not only refers to copyright protection; the one cover total solution such as transmission, management and distribution of digital media content also is provided simultaneously; therefore DRM is a system concept, comprises digital rights information and uses the management of digital media content protected by copyright and distribution.
What initial copyright management solution adopted is that content is bundled on the equipment of program request, and the user can only consume content corresponding on this equipment.But this and people are accustomed to buying content, and the traditional mode of sharing with kith and kin with the household is different then.Especially at IPTV (Internet Protocol Television, the Internet transmission TV) in the application, TV is that family is that unit buys, so system need guarantee that the user is that unit buys content with family or small-sized mechanism, then content can be legal in home-ranges, use freely.
Existing home network rights management scheme uses the authenticated domain technology to realize that authenticated domain is a safe term, and one family or a small office can become an authenticated domain.Authenticated domain is the method that a kind of control figure content electronic of DVB (Digital Video Broadcasting, digital video broadcasting alliance) definition is propagated.In family is the authenticated domain of unit, consumer's access freely and these contents of transmission, and the authority in the input and output territory by strictness comes control content not copied between unrestricted region simultaneously, guarantees that content supplier and service provider's right is not abused.In authenticated domain, for each equipment can be authenticated mutually, realize that simultaneously content is shared, the method that often has is to create and distributed key.
XCP (eXtensible Content Protection, the extendible content protecting) scheme that IBM Corporation proposes based on the broadcasting password, proposes the home domain management mode of end-to-end equity.In the xCP scheme, equipment is divided into a lot of bunches, bunch be recording and playback equipment of a network of a dynamic set of formation, these equipment can be shared content under a unified Content Management mechanism, this way to manage is with storage coffret and protocol-independent, content by key bindings to bunch on.The all devices of this bunch of the inside of scheme assurance can be visited and be encrypted or decipher needed key of shielded content and data.Each equipment can calculate a bunch of cipher key shared separately, and each bunch cipher key shared all is different.
Efficient based on the Binding key of broadcast key in the xCP scheme is higher, but because group key is based on broadcast key, equipment can be read managing keys from MKB, it is upright that this supposes that is that all right in most of consumer devices, so the practicality of this scheme is not high.In addition, the authentication mode of this scheme can not be supported off-line device, because behind the equipment off-line, Binding key is along with the adding of new equipment and withdraw from and will change, and the Binding key that has of off-line device can not change thereupon, therefore off-line device can not be read content, can not authenticate exchanging contents mutually with miscellaneous equipment.
SmartRight is the total solution at protection of the family digital network copyright and Content Management of being taken the lead to design and develop by Thomson company.As conditional access system and system for numeral copyright management one is replenished; SmartRight provides a persistent end-to-end content protecting solution by combining with these two systems; to create a value-added business model for content owner and content distribution person, and also can allow the consumer benefit from it simultaneously.
SmartRight is under the pattern of unsymmetrical key and certificate, supported to come authenticating device and carry out content and share in the mode of netkey, but the regular update of netkey is difficulty relatively, and the equipment of cancelling also is difficult to carry out, and can not support off-line device or some to enter the equipment of family temporarily.In addition, use unsymmetrical key to be used as netkey, too big to the amount of calculation of household consumption equipment, efficient is lower, responds very slow.
Summary of the invention
It is unreasonable to the objective of the invention is to solve the group key design that exists in the prior art, is difficult to satisfy the problem of home network actual needs.
In order to realize goal of the invention, the invention provides the copyright managing method in a kind of home network, described home network comprises home gateway, and the equipment that is connected with described home gateway, described method comprises:
Described home gateway is to described equipment issue group key;
The described group key of described equipment utilization carries out device authentication and content exchange;
Described group key has major release and minor release/point release, and the group key that major release is identical is an one-way function chain that depends on minor release/point release.
Described group key is the one-way Hash function chain.
Described group key comprises the resident devices group key, distributes to resident devices in the home network by home gateway; And roaming equipment group key, distribute to roaming equipment in the home network by home gateway;
The resident devices group key that major release is identical is a reverse one-way function chain that depends on minor release/point release;
The roaming equipment group key that major release is identical is a forward one-way function chain that depends on minor release/point release;
The roaming equipment group key of major release is the one-way function chain of resident devices group key.
Described home gateway further comprises to the step of described equipment issue group key:
When first resident devices added home network, home gateway calculated the resident devices group key, sent to described resident devices after described group key being used the public key encryption of described resident devices;
When having resident devices to add home network, home gateway uses the current resident devices group key of public key encryption, the version number of group key and the version number of current roaming equipment group key of adding equipment, sends to described adding equipment at every turn.
Described home gateway further comprises to the step of described equipment issue group key:
When resident devices was left home network, described home gateway upgraded the resident devices group key, uses old group key to encrypt new group key, sends to all online resident devices; Simultaneously, described home gateway upgrades roaming equipment group key, changes the major release and the minor release/point release of group key, uses the old group key of roaming equipment to encrypt the new group key of roaming equipment;
When resident devices reentered home network, home gateway sent to described resident devices with current resident devices group key and current roaming equipment group key behind the public key encryption with described resident devices.
Described home gateway further comprises to the step of described equipment issue group key:
When resident devices withdrawed from home network, home gateway upgraded the resident devices group key, use the described resident devices group key of public key encryption of online resident devices after, send to online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release of update group key and minor release/point release, and send to online resident devices after using the public key encryption roaming equipment group key of online resident devices; Simultaneously, home gateway uses described resident devices group key to encrypt and enclose message authentication code again the Title Key of all the elements.
Described home gateway further comprises to the step of described equipment issue group key:
Home gateway regularly upgrades the resident devices group key, uses the old group key of resident devices to encrypt new group key, is broadcast to all online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release and the minor release/point release of change group key, and use the old group key of roaming equipment to encrypt new group key.
Described home gateway further comprises to the step of described equipment issue group key:
When first roaming equipment enters home network, home gateway is issued first roaming equipment group key, to roam with the PKI of described roaming equipment and to send to described roaming equipment after the equipment group key is encrypted, and send all resident devices after using current resident devices group key to encrypt described roaming equipment group key;
When having roaming equipment to enter home network, home gateway upgrades the minor release/point release of the former group key of roaming equipment at every turn, obtains the new group key of roaming equipment; Home gateway sends to described initiate roaming equipment after using the new group key of the described roaming equipment of the public key encryption of described initiate roaming equipment.
Described home gateway further comprises to the step of described equipment issue group key:
When roaming equipment left home network, home gateway upgraded the major release of roaming equipment group key, used the public key encryption of the roaming equipment that does not leave home network newly to roam the equipment group key, and broadcast to the equipment in the home network; The content of former roaming equipment group key being encrypted storage is encrypted again with new roaming equipment group key simultaneously.
The step that the described group key of described equipment utilization carries out device authentication and content exchange further comprises:
When make a start resident devices and receiving end resident devices were all online, the described resident devices of making a start sent to the receiving end resident devices with the identifier of device id, the media information that needs and random number after with current resident devices group key encryption;
The receiving end resident devices uses current resident devices group key to be decrypted, and random number is added after one send to the resident devices of making a start after Title Key with media information encrypts with current resident devices group key, sends the content of encrypting with Title Key simultaneously.
The step that the described group key of described equipment utilization carries out device authentication and content exchange further comprises:
When making a start resident devices and the equal off-line of receiving end resident devices, the resident devices of making a start sends to the receiving end resident devices with the version number of its group key together with the random number of encrypting with group key;
The receiving end resident devices extracts the version number of group key, whether the version number of judging the receiving end resident devices is newly in the resident devices of making a start, be that then the receiving end resident devices uses old group key decrypt to obtain random number, after random number added one, the random number of making a start the resident devices group key and add after is sent to the resident devices of making a start with old group key encryption; Otherwise by authentication of receiving end resident devices initiating equipment again and content exchange.
In order to realize goal of the invention better, the present invention further provides a kind of domestic network system, comprise home gateway, and the equipment that is connected with described home gateway, described home gateway is used for to described devices allocation group key; The described group key of described equipment utilization carries out device authentication and content exchange; Described group key has major release and minor release/point release, and the group key that major release is identical is an one-way function chain that depends on minor release/point release.
Described group key is the one-way Hash function chain.
Described group key comprises the resident devices group key, distributes to resident devices in the home network by home gateway; And roaming equipment group key, distribute to roaming equipment in the home network by home gateway;
The resident devices group key that major release is identical is a reverse one-way function chain that depends on minor release/point release;
The roaming equipment group key that major release is identical is a forward one-way function chain that depends on minor release/point release;
The roaming equipment group key of major release is the one-way function chain of resident devices group key.
When first resident devices added home network, home gateway calculated the resident devices group key, sent to described resident devices after described group key being used the public key encryption of described resident devices;
When having resident devices to add home network, home gateway uses the current resident devices group key of public key encryption, the version number of group key and the version number of current roaming equipment group key of adding equipment, sends to described adding equipment at every turn.
When resident devices was left home network, described home gateway upgraded the resident devices group key, uses old group key to encrypt new group key, sends to all online resident devices; Simultaneously, described home gateway upgrades roaming equipment group key, changes the major release and the minor release/point release of group key, uses the old group key of roaming equipment to encrypt the new group key of roaming equipment;
When resident devices reentered home network, home gateway sent to described resident devices with current resident devices group key and current roaming equipment group key behind the public key encryption with described resident devices.
When resident devices withdrawed from home network, home gateway upgraded the resident devices group key, use the described resident devices group key of public key encryption of online resident devices after, send to online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release of update group key and minor release/point release, and send to online resident devices after using the public key encryption roaming equipment group key of online resident devices; Simultaneously, home gateway uses described resident devices group key to encrypt and enclose message authentication code again the Title Key of all the elements.
Home gateway regularly upgrades the resident devices group key, uses the old group key of resident devices to encrypt new group key, is broadcast to all online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release and the minor release/point release of change group key, and use the old group key of roaming equipment to encrypt new group key.
When first roaming equipment enters home network, home gateway is issued first roaming equipment group key, to roam with the PKI of described roaming equipment and to send to described roaming equipment after the equipment group key is encrypted, and send all resident devices after using current resident devices group key to encrypt described roaming equipment group key;
When having roaming equipment to enter home network, home gateway calculates new roaming equipment group key at every turn, and home gateway sends to described initiate roaming equipment after using the new group key of the described roaming equipment of the public key encryption of described initiate roaming equipment.
When roaming equipment left home network, home gateway upgraded the major release of roaming equipment group key, used the public key encryption of the roaming equipment that does not leave home network newly to roam the equipment group key, and broadcast to the equipment in the home network; The content of former roaming equipment group key being encrypted storage is encrypted again with new roaming equipment group key simultaneously.
When make a start resident devices and receiving end resident devices were online, the described resident devices of making a start sent to the receiving end resident devices with the identifier of device id, the media information that needs and random number after with current resident devices group key encryption;
The receiving end resident devices uses current resident devices group key to be decrypted, and random number is added after one send to the resident devices of making a start after Title Key with media information encrypts with current resident devices group key, sends the content of encrypting with Title Key simultaneously.
When making a start resident devices and the equal off-line of receiving end resident devices, the resident devices of making a start sends to the receiving end resident devices with the version number of its group key together with the random number of encrypting with group key;
The receiving end resident devices extracts the version number of group key, whether the version number of judging the receiving end resident devices is newly in the resident devices of making a start, be that then the receiving end resident devices uses old group key decrypt to obtain random number, after random number added one, the random number of making a start the resident devices group key and add after is sent to the resident devices of making a start with old group key encryption; Otherwise by authentication of receiving end resident devices initiating equipment again and content exchange.
The group key that the present invention utilizes the one-way function chain to realize carries out the authentication and the content of equipment to be shared, improved device authentication efficient, make equipment off-line also can authenticate mutually and content exchange, and the fail safe can guarantee different levels device access content the time, can satisfy the actual needs of home network.
Description of drawings
Fig. 1 is system's pie graph of home network;
Fig. 2 is that online equipment utilization group key authenticates realization flow figure with content exchange mutually among the present invention;
Fig. 3 is that off-line device utilizes group key to authenticate realization flow figure with content exchange mutually among the present invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Fig. 1 shows the structure of home network, and home gateway is as the center of home network, and equipment, user, the interior perhaps authority of home domain managed.Equipment is by family lan or Internet links to each other with home gateway and interconnection each other, realizes that the content in the home network is shared.
Equipment is the content of consumption terminal, comprises the equipment that is connected with home gateway by family lan, as television set, mobile phone, PC or PDA (Personal Digital Assistant, personal digital assistant) etc.; The remote access product that is connected with home gateway by Internet is as the PC in the villa; Off-line device is as portable machine etc.Content delivery between equipment and the equipment realizes based on DTCP (DigitalTransmission Content Protection, DTCP) agreement.
Equipment is divided into resident devices and roaming equipment two classes.Resident devices is mobile device commonly used etc., i.e. permanent plant in the family and mobile device commonly used in mobile device commonly used or the villa in immovable equipment, the family in immovable equipment, the villa in the family for example.The feature of roaming equipment is " passing by " home network, may be even take over once or several times limited in certain life cycle, and carry the portable computer, the user that come such as the guest and go on business and use equipment that the hotel provides etc.
In the present invention, each equipment in the home network all has the group key that the one family gateway distributes, and is used for mutual authentication and content exchange between the equipment.
After equipment entered home network, home gateway was distributed to group key of equipment, and group key comprises resident devices group key and roaming equipment group key.The resident devices group key is distributed to resident devices in the home network by home gateway, and roaming equipment group key is distributed to roaming equipment in the home network by home gateway.In the present invention, group key has version number, and version number comprises major release and minor release/point release.
The length of the major release of resident devices group key is 16bit, and the length of minor release/point release also is 16bit.The resident devices group key is the one-way function chain, and first group key is K, and the 2nd is H (K) ..., H n(K).As one embodiment of the present of invention, H () is a Hash (Hash) function.For resident devices, the use order of one-way function chain is reverse, i.e. H n(K), H N-1(K) ..., H (K).
The group key that major release is identical, it is a reverse one-way function chain that depends on minor release/point release, just can calculate the group key of front as long as know newer group key, for example version number is arranged is 16.6 group key to certain equipment, so this equipment just can calculated version number be all group keys of 16.n (n=1....6).After an one-way function chain used up, the major release of group key was changed.
The version number of roaming equipment group key is made up of 16bit, and front 8bit represents major release, and back 8bit represents minor release/point release.For the identical roaming equipment group key of major release, the group key of its minor release/point release is a forward one-way function chain.Just can calculate the group key of back as long as know older group key, for example version number is arranged is 16.2 group key to equipment, so this equipment just can calculated version number be that 16.n (n=3, change up to major release by all group keys 4....).
The roaming equipment group key of major release is the one-way function chain of the current group key of resident devices.If the resident devices group key is P now, so big edition number roaming equipment group key is respectively reverse one-way function chain G n(P), G N-1(P) ..., G (P).
If the major release of roaming equipment is Q, its minor release/point release is respectively forward one-way function chain F (Q) so, F 2(Q) ... F n(Q).
H (K), G (P) are respectively different one-way functions with F (Q).
When first resident devices added home network, home gateway calculated an one-way function chain, takes out last H then n(K) as group key, use this group key of public key encryption of this equipment, send to this equipment.When later on each resident devices had the home network of adding, home gateway no longer recomputated group key, used the current resident devices group key and the version number of public key encryption of equipment, and the current version number of subsidiary roaming equipment group key, passed to new adding equipment.New adding equipment can utilize the group key of current resident devices and version number and roaming equipment group key version number to calculate roaming equipment group key.
When resident devices was left home network, equipment was not notified home gateway, but home gateway can the slave unit state table in discovering device off-line.At this moment, home gateway is issued next group key, uses old group key to encrypt new group key, sends to all online resident devices.The file of storing on all devices does not need to encrypt again.And home gateway also needs to upgrade roaming equipment group key, changes the major release and the minor release/point release of roaming equipment group key, uses old roaming equipment group key to encrypt new roaming equipment group key.
After resident devices reenters home network, home gateway finds that this equipment is online in can the slave unit state table, sends to this resident devices behind the public key encryption of group key with this resident devices of home gateway with the group key of the current use of other online resident devices and the current use of roaming equipment.
If there is resident devices to withdraw from home network, issue next group key, send to online resident devices after using this group key of public key encryption of online resident devices.Home gateway also needs to issue again roaming equipment group key, upgrades the major release and the minor release/point release of roaming equipment group key, and sends to each online resident devices after using this group key of public key encryption of each online resident devices.
Simultaneously, this withdraws from resident devices can decipher the content of visit in the past, therefore the TitleKey of all the elements need be encrypted and enclose message authentication code again with the new resident devices group key of issuing.
Home gateway regularly upgrades the resident devices group key, uses old resident devices group key to encrypt new resident devices group key, is broadcast to all online resident devices, and the file of storing on all devices need not be encrypted again.Accordingly, home gateway also will upgrade roaming equipment group key, more the major release and the minor release/point release of Device keys roamed in reorganization, and uses old roaming equipment group key to encrypt new roaming equipment group key, and resident devices can calculate this new roaming equipment group key.
When first roaming equipment enters home network, home gateway is issued first roaming equipment group key, send to this roaming equipment after with the PKI of this roaming equipment group key being encrypted, and use the current group key of resident devices to encrypt all resident devices of transmission behind this roaming equipment group key.
Have roaming equipment to enter home network later on, home gateway need calculate new roaming equipment group key at every turn, and this group key is identical with the major release of the group key of the current use of other roaming equipment, the minor release/point release difference.Home gateway uses the public key encryption of this initiate roaming equipment newly to roam the equipment group key and sends to this roaming equipment.Other roaming equipment and resident devices can use former roaming equipment group key to calculate new roaming equipment group key.At this moment, the content that the roaming equipment that newly enters has on can not decrypted original roaming equipment.
If roaming equipment leaves home network, be equivalent to cancelling of the equipment of roaming, continue to decipher the content of new encryption for fear of the roaming equipment that leaves home network, home gateway will upgrade the major release of roaming equipment group key.Home gateway uses the PKI in the certificate of the roaming equipment do not leave home network to encrypt new roaming equipment group key respectively, and information broadcast is gone out.After roaming equipment is received message, extract the part with the public key encryption of this equipment, deciphering obtains new roaming equipment group key.In addition, the roaming equipment group key known of the reversed roaming equipment content of encrypting storage need be encrypted again with new roaming equipment group key.Resident devices can calculate new roaming equipment group key from the version number of roaming equipment group key.
Below the process of device logs home network is described.
When equipment requirements login home network, after home gateway Authentication devices certificate is legal, equipment is added home network, send one by home gateway private key E to equipment then PrSUnique device id and the timestamp (Timestamp) of this equipment in home network and the group key (Group Key) that comprises current home network encrypted, and with the PKI E of this equipment PuAEncrypt.
E PuA(Group?Key‖E PrS(ID‖Timestamp))
After equipment is received the message of home gateway transmission, at first authenticate the private key of home gateway,, use the private key decrypt E of home gateway if authentication is passed through PuA(Group Key ‖ E PrS(ID ‖ Timestamp)), thus the device id that group key and home gateway distribute obtained.
Below the process of utilizing group key to authenticate mutually with content exchange between the equipment is described, wherein g is the group key in the home network, ID ABe the identifier of device A in home network, MediaID is the identifier of the media content of device A requirement, and Random is a random number, E Titlekey(Content) be the content of encrypting with Title key.
Suppose that device A needs the information of depositing on the B equipment, when device A, B are all online, as shown in Figure 2:
1. device A sends to equipment B with the identifier and the random number of the media information of its device id, needs afterwards with the group key encryption.
2. after equipment B is received, use group key to be decrypted, random number is added after one send to device A after Title Key with media information encrypts with group key, send the content of encrypting simultaneously with Title Key.
When device A, B off-line, because its off-line time may be different, the problem of the group key of an equipment than other one group key management can appear.But owing to be related between the group key different editions number, so can authenticate and carry out group key management and content exchange mutually between the off-line device.
As shown in Figure 3, as off-line device A, when B meets:
1. device A sends to equipment B with the version number of its group key together with the random number of encrypting with group key.
2. after equipment B is received message, at first extract the version number of group key, if the version number of equipment B is newer than the version of the group key of device A, equipment B just uses the group key decrypt of legacy version to obtain random number and add one, then just its oneself group key with add random number after one and encrypt with old group key and send to device A afterwards, device A just can obtain newer group key after receiving message, and device A, B just can utilize newer group key to carry out content exchange like this.
If the version number of equipment B is older than the version number of device A, just initiate to re-execute said process by equipment B.
In the process, the Title Key of content needs the protection of equipment PKI in the above, and the preservation form is Epr[Titlekey].When each equipment carries out content exchange, all can be Title Key deciphering, with new conversation group's secret key encryption of consulting.Title Key is encrypted by the group key of different editions all the time, and its preservation form is Version ‖ MAC Groupkey[Version] ‖ Eg[Title key], when needs transmitted, device decrypts Title group key was encrypted with present group key then and is sent miscellaneous equipment to.
In the present invention, in order to guarantee the safety of content in the home network, two roaming equipment or roaming equipment and resident devices do not allow any mutual under off-line state, promptly do not have group key management not have content exchange yet.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.

Claims (22)

1, the copyright managing method in a kind of digital home network, described home network comprises home gateway, and the equipment that is connected with described home gateway, it is characterized in that described method comprises:
Described home gateway is to described equipment issue group key;
The described group key of described equipment utilization carries out device authentication and content exchange;
Described group key has major release and minor release/point release, and the group key that major release is identical is an one-way function chain that depends on minor release/point release.
2, copyright managing method as claimed in claim 1 is characterized in that, described group key is the one-way Hash function chain.
3, copyright managing method as claimed in claim 1 is characterized in that, described group key comprises the resident devices group key, distributes to resident devices in the home network by home gateway; And roaming equipment group key, distribute to roaming equipment in the home network by home gateway;
The resident devices group key that major release is identical is a reverse one-way function chain that depends on minor release/point release;
The roaming equipment group key that major release is identical is a forward one-way function chain that depends on minor release/point release;
The roaming equipment group key of major release is the one-way function chain of resident devices group key.
4, copyright managing method as claimed in claim 3 is characterized in that, described home gateway further comprises to the step of described equipment issue group key:
When first resident devices added home network, home gateway calculated the resident devices group key, sent to described resident devices after described group key being used the public key encryption of described resident devices;
When having resident devices to add home network, home gateway uses the current resident devices group key of public key encryption, the version number of group key and the version number of current roaming equipment group key of adding equipment, sends to described adding equipment at every turn.
5, copyright managing method as claimed in claim 3 is characterized in that, described home gateway further comprises to the step of described equipment issue group key:
When resident devices was left home network, described home gateway upgraded the resident devices group key, uses old group key to encrypt new group key, sends to all online resident devices; Simultaneously, described home gateway upgrades roaming equipment group key, changes the major release and the minor release/point release of group key, uses the old group key of roaming equipment to encrypt the new group key of roaming equipment;
When resident devices reentered home network, home gateway sent to described resident devices with current resident devices group key and current roaming equipment group key behind the public key encryption with described resident devices.
6, copyright managing method as claimed in claim 3 is characterized in that, described home gateway further comprises to the step of described equipment issue group key:
When resident devices withdrawed from home network, home gateway upgraded the resident devices group key, use the described resident devices group key of public key encryption of online resident devices after, send to online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release of update group key and minor release/point release, and send to online resident devices after using the public key encryption roaming equipment group key of online resident devices; Simultaneously, home gateway uses described resident devices group key to encrypt and enclose message authentication code again the Title Key of all the elements.
7, copyright managing method as claimed in claim 3 is characterized in that, described home gateway further comprises to the step of described equipment issue group key:
Home gateway regularly upgrades the resident devices group key, uses the old group key of resident devices to encrypt new group key, is broadcast to all online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release and the minor release/point release of change group key, and use the old group key of roaming equipment to encrypt new group key.
8, copyright managing method as claimed in claim 3 is characterized in that, described home gateway further comprises to the step of described equipment issue group key:
When first roaming equipment enters home network, home gateway is issued first roaming equipment group key, to roam with the PKI of described roaming equipment and to send to described roaming equipment after the equipment group key is encrypted, and send all resident devices after using current resident devices group key to encrypt described roaming equipment group key;
When having roaming equipment to enter home network, home gateway calculates new roaming equipment group key at every turn, upgrades the minor release/point release of former roaming equipment group key; Home gateway sends to described initiate roaming equipment after using the new group key of the described roaming equipment of the public key encryption of described initiate roaming equipment.
9, copyright managing method as claimed in claim 3 is characterized in that, described home gateway further comprises to the step of described equipment issue group key:
When roaming equipment left home network, home gateway upgraded the major release of roaming equipment group key, used the public key encryption of the roaming equipment that does not leave home network newly to roam the equipment group key, and broadcast to the equipment in the home network; The content of former roaming equipment group key being encrypted storage is encrypted again with new roaming equipment group key simultaneously.
10, copyright managing method as claimed in claim 3 is characterized in that, the step that the described group key of described equipment utilization carries out device authentication and content exchange further comprises:
When make a start resident devices and receiving end resident devices were all online, the described resident devices of making a start sent to the receiving end resident devices with the identifier of device id, the media information that needs and random number after with current resident devices group key encryption;
The receiving end resident devices uses current resident devices group key to be decrypted, and random number is added after one send to the resident devices of making a start after Title Key with media information encrypts with current resident devices group key, sends the content of encrypting with Title Key simultaneously.
11, copyright managing method as claimed in claim 3 is characterized in that, the step that the described group key of described equipment utilization carries out device authentication and content exchange further comprises:
When making a start resident devices and the equal off-line of receiving end resident devices, the resident devices of making a start sends to the receiving end resident devices with the version number of its group key together with the random number of encrypting with group key;
The receiving end resident devices extracts the version number of group key, whether the version number of judging the receiving end resident devices is newly in the resident devices of making a start, be that then the receiving end resident devices uses old group key decrypt to obtain random number, after random number added one, the random number of making a start the resident devices group key and add after is sent to the resident devices of making a start with old group key encryption; Otherwise by authentication of receiving end resident devices initiating equipment again and content exchange.
12, a kind of digital family network system comprises home gateway, and the equipment that is connected with described home gateway, it is characterized in that:
Described home gateway is used for to described devices allocation group key;
The described group key of described equipment utilization carries out device authentication and content exchange;
Described group key is for having major release and minor release/point release, and the group key that major release is identical is an one-way function chain that depends on minor release/point release.
13, domestic network system as claimed in claim 12 is characterized in that, described group key is the one-way Hash function chain.
14, domestic network system as claimed in claim 12 is characterized in that, described group key comprises the resident devices group key, distributes to resident devices in the home network by home gateway; And roaming equipment group key, distribute to roaming equipment in the home network by home gateway;
The resident devices group key that major release is identical is a reverse one-way function chain that depends on minor release/point release;
The roaming equipment group key that major release is identical is a forward one-way function chain that depends on minor release/point release;
The roaming equipment group key of major release is the one-way function chain of resident devices group key.
15, domestic network system as claimed in claim 14, it is characterized in that, when first resident devices added home network, home gateway calculated the resident devices group key, sent to described resident devices after described group key being used the public key encryption of described resident devices;
When having resident devices to add home network, home gateway uses the current resident devices group key of public key encryption, the version number of group key and the version number of current roaming equipment group key of adding equipment, sends to described adding equipment at every turn.
16, domestic network system as claimed in claim 14 is characterized in that, when resident devices was left home network, described home gateway upgraded the resident devices group key, uses old group key to encrypt new group key, sends to all online resident devices; Simultaneously, described home gateway upgrades roaming equipment group key, changes the major release and the minor release/point release of group key, uses the old group key of roaming equipment to encrypt the new group key of roaming equipment;
When resident devices reentered home network, home gateway sent to described resident devices with current resident devices group key and current roaming equipment group key behind the public key encryption with described resident devices.
17, domestic network system as claimed in claim 14, it is characterized in that when resident devices withdrawed from home network, home gateway upgraded the resident devices group key, after using the described resident devices group key of public key encryption of online resident devices, send to online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release of update group key and minor release/point release, and send to online resident devices after using the public key encryption roaming equipment group key of online resident devices; Simultaneously, home gateway uses described resident devices group key to encrypt and enclose message authentication code again the Title Key of all the elements.
18, domestic network system as claimed in claim 14 is characterized in that, home gateway regularly upgrades the resident devices group key, uses the old group key of resident devices to encrypt new group key, is broadcast to all online resident devices; Simultaneously, home gateway upgrades roaming equipment group key, the major release and the minor release/point release of change group key, and use the old group key of roaming equipment to encrypt new group key.
19, domestic network system as claimed in claim 14, it is characterized in that, when first roaming equipment enters home network, home gateway is issued first roaming equipment group key, to roam with the PKI of described roaming equipment and to send to described roaming equipment after the equipment group key is encrypted, and send all resident devices after using current resident devices group key to encrypt described roaming equipment group key;
When having roaming equipment to enter home network, home gateway calculates new roaming equipment group key at every turn, and home gateway sends to described initiate roaming equipment after using the new group key of the described roaming equipment of the public key encryption of described initiate roaming equipment.
20, domestic network system as claimed in claim 14, it is characterized in that, when roaming equipment leaves home network, home gateway upgrades the major release of roaming equipment group key, use the public key encryption of the roaming equipment that does not leave home network newly to roam the equipment group key, and broadcast to the equipment in the home network; The content of former roaming equipment group key being encrypted storage is encrypted again with new roaming equipment group key simultaneously.
21, domestic network system as claimed in claim 14, it is characterized in that, when make a start resident devices and receiving end resident devices were online, the described resident devices of making a start sent to the receiving end resident devices with the identifier of device id, the media information that needs and random number after with current resident devices group key encryption;
The receiving end resident devices uses current resident devices group key to be decrypted, and random number is added after one send to the resident devices of making a start after Title Key with media information encrypts with current resident devices group key, sends the content of encrypting with Title Key simultaneously.
22, domestic network system as claimed in claim 14 is characterized in that, when making a start resident devices and the equal off-line of receiving end resident devices, the resident devices of making a start sends to the receiving end resident devices with the version number of its group key together with the random number of encrypting with group key;
The receiving end resident devices extracts the version number of group key, whether the version number of judging the receiving end resident devices is newly in the resident devices of making a start, be that then the receiving end resident devices uses old group key decrypt to obtain random number, after random number added one, the random number of making a start the resident devices group key and add after is sent to the resident devices of making a start with old group key encryption; Otherwise by authentication of receiving end resident devices initiating equipment again and content exchange.
CNB2005101010637A 2005-11-02 2005-11-02 Copyright managing method for digit household network and digital household network system Active CN100452737C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005101010637A CN100452737C (en) 2005-11-02 2005-11-02 Copyright managing method for digit household network and digital household network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005101010637A CN100452737C (en) 2005-11-02 2005-11-02 Copyright managing method for digit household network and digital household network system

Publications (2)

Publication Number Publication Date
CN1859246A true CN1859246A (en) 2006-11-08
CN100452737C CN100452737C (en) 2009-01-14

Family

ID=37298111

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005101010637A Active CN100452737C (en) 2005-11-02 2005-11-02 Copyright managing method for digit household network and digital household network system

Country Status (1)

Country Link
CN (1) CN100452737C (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008148275A1 (en) * 2007-06-07 2008-12-11 Guan, Haiying Method and system for encoding and decoding the digital message
CN101814990A (en) * 2010-04-15 2010-08-25 华中科技大学 Home network-oriented digital rights certificate management system
WO2018177143A1 (en) * 2017-03-31 2018-10-04 华为技术有限公司 Identity authentication method and system, server and terminal
CN113596004A (en) * 2021-07-22 2021-11-02 支付宝(杭州)信息技术有限公司 Identity authentication method and device in multi-party security computing

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5081677A (en) * 1990-08-31 1992-01-14 International Business Machines Corp. Crypotographic key version control facility
CN1180566C (en) * 2002-08-26 2004-12-15 联想(北京)有限公司 Method of realizing safe and reliable interconnection between network equipments
EP1676281B1 (en) * 2003-10-14 2018-03-14 Selander, Göran Efficient management of cryptographic key generations

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008148275A1 (en) * 2007-06-07 2008-12-11 Guan, Haiying Method and system for encoding and decoding the digital message
CN101814990A (en) * 2010-04-15 2010-08-25 华中科技大学 Home network-oriented digital rights certificate management system
WO2018177143A1 (en) * 2017-03-31 2018-10-04 华为技术有限公司 Identity authentication method and system, server and terminal
CN108667780A (en) * 2017-03-31 2018-10-16 华为技术有限公司 A kind of identity authentication method, system and server and terminal
US11165767B2 (en) 2017-03-31 2021-11-02 Huawei Technologies Co., Ltd. Identity authentication method and system, server, and terminal
CN113596004A (en) * 2021-07-22 2021-11-02 支付宝(杭州)信息技术有限公司 Identity authentication method and device in multi-party security computing
CN113596004B (en) * 2021-07-22 2023-06-20 支付宝(杭州)信息技术有限公司 Identity authentication method and device in multiparty security calculation

Also Published As

Publication number Publication date
CN100452737C (en) 2009-01-14

Similar Documents

Publication Publication Date Title
CN105190660B (en) The safety and key management of digital content
US7864953B2 (en) Adding an additional level of indirection to title key encryption
US8767961B2 (en) Secure live television streaming
US7689825B2 (en) Systems and methods for device registration using optical transmission
EP2605168B1 (en) System and method for preventing the unauthorized playback of content
CN102356640B (en) Safe IPTV service is sent to PC platform
US8751800B1 (en) DRM provider interoperability
CN1258898C (en) Method for managing symmetrical secret key in communication network, and device for carrying out such method
KR100769674B1 (en) Method and System Providing Public Key Authentication in Home Network
US8996862B2 (en) Client device and local station with digital rights management and methods for use therewith
US20130297936A1 (en) Method, device, and system for securely sharing media content from a source device
JP2008524914A (en) Digital Rights Management Method for Broadcast / Multicast Service
MX2009000389A (en) Method and apparatus for securely moving and returning digital content.
EP1547369A2 (en) Certificate based authorized domains
CN1777277A (en) Apparatus, system, and method for transmitting content in home network
US8054975B2 (en) Method and system for managing key of home device in broadcast encryption (BE) system
RU2011113688A (en) METHOD FOR ENSURING THE FULFILLMENT OF ACCESS RULES FOR THE TRANSFERRED PRODUCT IMPLEMENTED BY THE MANAGING CENTER
CN1859245A (en) Power managing method in digital household network and household network system
CA2586172A1 (en) System and method for providing authorized access to digital content
CN1859246A (en) Copyright managing method for digit household network and digital household network system
CN1863041A (en) Method for implementing network television programme preview
US20100251348A1 (en) Generation of self-certified identity for efficient access control list management
CN1744706A (en) Method for protecting broadband video-audio broadcasting content
CN101087188B (en) MBS authentication secret key management method and system in wireless network
EP3044953B1 (en) Persistent household keys for in-home media content distribution

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant