Digital Video Copyright Management System Based on Smart Card
0 Preface 1.2 Application Model and Protocol Design Wherein, the "‖" operator indicates concatenation, and the KeyID is the key number, which is used to associate the segment of the movie with the key in the key list: the data header of each encrypted data block in the movie content contains the segment encryption key. The KeyID corresponding to the key, and the corresponding KC decryption movie content is found according to the KeyID during playback. The reason why the content of the video is encrypted by the symmetric encryption method is that the digital movie playback has high requirements on real-time performance. Although the symmetric encryption algorithm is not as strong as the asymmetric encryption algorithm, the symmetric encryption algorithm is small in computation and is played from digital movies. Real-time requirements are considered to be superior to asymmetric encryption algorithms. The security assumption here is that the MES encryption algorithm is secure and the content key is not stolen. The first security assumption can be satisfied because the security of the 128-bit AES encryption algorithm has reached the standard for protecting confidential information in terms of design structure and key length, and has been used by the US government to encrypt confidential documents. Therefore, the security of the content key is the top priority of the digital cinema DRM system design, and its design will be reflected in the terminal broadcast user subscription and authorization. Where {{} indicates that the smart card signs the subscription message. (4.2) After the terminal receives the message, the user first checks whether the signature is correct. After the authentication, the user decrypts the message with his private key SK to obtain rand and rand card, and judges rand card. After correct, take out rand, encrypt it with license management public key and sign the message with your private key and send it to the license management server. (4.3) After the license management server receives the message, it checks the signature and decrypts the rand1. If both are correct, it confirms that the terminal plays the user's identity and the authentication is completed. Among them, KL is the key list of the movie, the content is as shown. (3) The terminal playing user obtains the KDM and authenticates the signature and then decrypts it with the private key sK, obtains the LM and parses out the movieID1 (validdate [lvaliddate lIKE] is written into the smart card as a license information. Fresnel Screen Ust,Fresnel Screen,Fixed Frame Projector Screen,Alr Projector Screen Ust Dongguan Aoxing Audio Visual Equipment CO.,Ltd , https://www.aoxing.net
Digital cinema has reduced the cost of distribution, breaking through the geographical restrictions of distribution and screening, making the film's picture clear without scratches, swaying and spots, and there is no longer any interference from fading, ghosting and patching. It is a movie. Major innovations in the industry. However, the advent of the digital age has brought a huge boost to the film industry, but also has a strong impact on traditional copyright concepts and copyright protection methods. Therefore, how to protect the copyright of digital movies has become an important hot issue and difficult issue. The digital rights management (DRM) system is created to solve this problem. It enables digital film distribution and screening within the authority granted by the copyright owner to provide protection and management for digital film copyright. It plays a key role in the orderly development of the entire film industry. DCI - American Digital Cinema Initiative (a body jointly developed by Disney, 20th Century Fox, Paramount and other American film industry giants to draft and develop digital film technical specifications and conduct relevant tests and evaluations) As the most important reference document for the development of digital cinema and unified digital cinema technology formats, the digital cinema technology specification has clearly pointed out that it is necessary to establish a set of video content usage rules through the DRM system, which is important for the security management of digital cinema content. means.
DRM not only refers to copyright management, but a system concept that provides a complete solution for the transmission, management, distribution and use control of digital media content. Since the birth of DRM technology, a lot of research has been done in industry and academia. Foreign research institutions include Harvard University, Stanford University, Microsoft, IBM, Apple, etc., such as the Institute of Computing Technology of the Chinese Academy of Sciences, etc., Yu has done a lot of research work in the field of digital rights management technology. However, the above studies are not sufficient for the copyright protection of digital movies.
Some researchers have proposed a digital rights management system for Danning Cinema based on the research of DRM technology and the security requirements of digital cinema, which provides ideas for the design of digital cinema DRM system. However, the literature does not cover the agreement. For the case where the terminal broadcast user and the playback device manufacturer jointly attack the DRM system, the research does not involve related precautions to prevent the attacker from stealing the content key stored in the device. In addition, the current DRM system is not Can provide good support for user privacy protection and rights transfer.
In order to solve the above problems, this paper proposes a smart card-based digital cinema DRM system, which utilizes the security of the smart card and the security of the designed protocol to meet the security requirements of digital movie copyright protection and prevent the terminal from playing the user and the playback device. The manufacturer jointly obtains the rights to play the video illegally, and can meet the security requirements such as the user rights transfer and privacy protection of the terminal.
1 Smart card-based digital cinema DRM system
1.1 System components
The architecture of the smart card-based digital cinema DRM system proposed in this paper is shown in Figure 1.
(1) Video Content Encryption Publisher: The Video Content Encryption Publisher is responsible for encrypting and distributing digital movies protected by the DRM system. It generates a symmetric key to AES encrypt the digital movie content, and distributes the encrypted movie online or offline to provide the user with the encrypted digital movie content package.
(2) License management server: The license management server itself is a CA center, which is responsible for generating RSA key pairs and issuing device certificates for each user smart card, customizing and managing user identity authentication and users' digital movie playing licenses, and Issue license information.
(3) Terminal playing user: The terminal plays a playing device with a smart card and a device equipped with a card reading and writing device, and requires the terminal to play a user identity authentication for the user to use the PIN for authorization and playback. .jpg)
1.2.1 Terminal Play User Registration
When the terminal plays the user registration, the license management server will use the RSA asymmetric algorithm to generate a unique public key PK and the corresponding private key SK for the user, and use the key pair to issue the x509 digital certificate with the basic information of the smart card for the user. Cert. The public key PK, the private key SK and the digital certificate are stored in the smart card. At the same time, the terminal playing user sets a password for the smart card as the PIN. In this way, the terminal playing user can obtain a smart card containing the unique PK and SK after registration, and the license management server stores the smart card unique ID ID - digital certificate cert and password PIN in the database as the identity authentication of the terminal playing user. recording.
1.2.2 Digital Cinema Encryption Distribution
The distribution process is as follows:
(1) The digital cinema content encryption distribution module first randomly generates a 128-bit AES content key Kc, and uses Kc to AES encrypt the content, and audio, video, and subtitles use different keys. In order to improve the encryption strength, a block encryption mechanism can also be adopted for video files and audio files, and different data blocks use different keys. Finally, the digital movie content C is encrypted to C' .jpg){kind=small}
(2) The video content encryption distribution server places the encrypted content C' in a distributable directory, and distributes the encrypted video to the terminal to play the user online or offline.
(3) Forming a key list for all the keys used in the movie .jpg){kind=small}
(4) Using the public key encryption key list of the license management server KL forming a key message KDM C2L is sent to the license management database, which is decrypted by the license management server and stored in the content key store. .jpg){kind=small}
1.2.3 User Order
The ordering process is as follows:
(1) Terminal playback The user ordering process requires card insertion, that is, the client is required to have a card reader installed. The terminal playing user inputs the user password PIN from the client, and the smart card authentication password is correct before ordering.
(2) The user chooses to order the movie and the schedule.
(3) The smart card generates a random number rand card, and then uses the license management public key to perform RSA encryption on the smart card number cardID, the movie number movielD, the schedule start time validdate start, the schedule end time validdate start, the cent card, and the rand card, together with the smart card. The private key signature forms the order information ODM and is sent to the license management server. .jpg)
(4) The license management server first checks the signature, and then uses its own private key to decrypt the subscription message and authenticates the cardlD and cert card. Pass the challenge response certification after passing:
(4.1) Parse out the randcard and generate the random number randcard, encrypt the two keys using the smart card's public key PK and sign the message with its own private key and send it to the terminal to play the user. .jpg){kind=small}
.jpg)
(5) After the license management server confirms that the user has paid, the movie number movieID and the schedule start time validdatestart obtained according to the ODM parsing. , the end of the schedule period validdatestart. Generate authorization information LM. .jpg){kind=small}
1.2.4 User Authorization
The terminal player needs to obtain the license of the license management server before playing the movie. This process also needs to be inserted into the card. The specific steps are as follows:
(1) Terminal Playback The user first connects to the license management server and performs challenge response authentication (authentication process such as 1-2.3), and enters a PIN for user identity authentication. After passing the certification, the license management server finds the license of the terminal playing user in the database, and verifies the validity of the license, whether it has the required rights within the validity period.
(2) After the verification is passed, the license management server will encrypt the authorization information using the user's smart card public key P, and sign the server private key SK to form a key distribution information KDM to be sent to the user. .jpg){kind=small}
12.5 User playback
The terminal playing user inserts the smart device into the playing device, enters the user password PIN, and the smart card authentication password is correct before continuing operation. The user operates the playback device to select a movie play, and the playback device obtains the movielD from the header information of the encrypted movie content c' and associates it with the corresponding license information through the movieID index. After verifying the validity of the license information, the content decryption C is performed using the KL therein, and C can be restored and played.
1.2.6 Transfer of rights
Here, the transfer of rights refers to the transfer of the license from one playback device to another by the terminal playback user, and the transfer of the user from one terminal to another to play the user. For the former, since the user's license remains on the smart card, when it is necessary to transfer to another playback device, only the new device needs to re-acquire the encrypted movie content C' from the movie content encryption distribution server. For the latter, for example, the terminal playing user A needs to transfer the license to the terminal to play user B, as follows:
(1) User A first completes the authentication process of 1.2-3 with the license management server, and then enters the PIN for authentication to prevent theft of the smart card for rights transfer.
(2) The user selects the movie license to be transferred.
(3) If the video license information to be transferred is an authorized video in the card, go to step 4; if the transferred video license is not authorized, go to step 5.
(4) The LM information of the movie in the client read card is transmitted back to the license management server, and the smart card number of the user B is transmitted to the server. After verifying that the user B exists, the server firstly uses the LM information in the user A card. Cancel, and then generate corresponding license information for User B.
(5) User A transmits the smart card number of User B to the license management server. After verifying that User B exists, the server revokes the corresponding license information in the database and generates corresponding license information for User B.
(6) At this point, User B can authorize the movie and play the movie.
1.2.7 Smart Card Loss
If the user's smart card is stolen, the user can provide the corresponding cardlD and PIN to the server, encrypt it with the license management public key, and then transmit it to the server. After decrypting the private key, the server performs PIN verification. After verification, the device certificate of the smart card number is revoked and added to the certificate revocation list. The playback license purchased by the playback terminal will be safely saved to the prohibited distribution list until the playback terminal user re-registers to obtain a new card before processing. This can ensure that the digital movie playing license purchased by the user is not used by the attacker, and the legitimate rights and interests of the user are protected.
1.3 Comparison with existing systems
This section compares the smart card-based digital cinema DRM system proposed in this paper with the DRM system of Wushu et al. and two well-known commercial DRM systems that are bundled with the device: the Microsoft DRM system used on the PC and Apple system for iPod terminals. The comparison results are shown in Table 1.
Table 1 Comparison of several DRM systems .jpg)
At present, there are few researches on DRM systems for digital cinema. More mature DRM systems, such as Microsoft's WMRM, InterTrust DigiBox, Apple's iTune, and Adobe's content server, are not designed to provide copyright protection for digital movies. . For example, Microsoft's DRM system only supports video file type ".wmv" and audio file type ".wma" for Microsoft Windows operating platform. Apple's iTunes solution is only available for audio files. The newer domestic research is the digital cinema DRM system proposed by Wu Hao and others. The DRM system combines security technologies such as encryption technology, authorization management and distribution technology to protect the confidentiality and integrity of digital cinema. The comparison between the smart card-based digital cinema DRM system and the DRM system shows that the smart card-based digital cinema DRM system will rely on the object transfer from the device to the smart card, which not only meets the security requirements of digital cinema content protection, but also provides privacy protection for users. And the function of rights transfer.
2 Security analysis
The system solves the security problem raised by the introduction by converting the dependence on the playback device into the dependence on the smart card and using the smart card information as the basis for the user authentication.
(1) Third-party authentication and controllable smart cards are security carriers for keys. Since the CPU of the smart card has an arithmetic function, the decryption operation in the system is completed inside the smart card, ensuring that the key does not go out of the card, and the attacker cannot use the software to steal the confidential information in the card; in addition, the hardware manufacturing of the smart card is unique. The process can resist physical, electronic, and chemical attacks, preventing attackers from using hardware to steal information from the card. The security of the software and hardware ensures that the video content key is not stolen by an attacker. When the player of the playback device manufacturer or the player of the playback device becomes an attacker, the third-party authentication and controllable smart card can protect the copyright from being infringed.
(2) The smart card cannot be forged by an attacker. Each smart card has a unique digital certificate for identity authentication when the user communicates with the license management server, and a user-defined password PIN. On the one hand, since the digital certificate is issued by the license management server, it is difficult for an attacker to know that the format of the digital certificate is difficult to forge; on the other hand, in the communication process, the digital certificate of the smart card is encrypted by the license management public key. Even if the attacker intercepts the data during the communication process, the digital certificate cannot be parsed due to the lack of the license management private key necessary for decryption, thereby forging the smart card with the back door.
(3) Loss of password PIN provides a fault-tolerant protection mechanism for the digital cinema DRM system. After the attacker steals the user's smart card, if the PIN is not known, the smart card and the DRM server cannot be used for authorization, and the authorized one cannot be played. Movies, terminal broadcast users can also report their smart cards to the license management server to prevent the attacker from decrypting the PIN and authorize the terminal to play the videos and games purchased by the user. After receiving the request, the DRM server will cancel the corresponding smart card device certificate. .
(4) The security of the protocol ensures that the attacker cannot attack the system by eavesdropping on the communication process. In the communication process between the playing terminal user and the license management server, the public key of the receiving party is used for data encryption, and the receiving party decrypts the card through the private key stored in the smart card, so that the eavesdropper cannot intercept the data. Parse out the plaintext.
(5) The smart card-based digital cinema DRM system provides protection for the privacy of the playback terminal user, and its use is also secure. When the user is registered, a card lD and a pair of RSA random keys are generated and stored in the smart card. Through the control of the license management server, the card ID and the key of each smart card are unique. After the registration, each terminal user identity authentication is based on the information of the smart card, and the specific information of the user is not required to be leaked to the license management server, so that the privacy of the user is not caused.
3 Conclusion
This paper proposes a smart card-based DRM system suitable for digital movie copyright protection. It elaborates the security protocol and application model of the system. It improves the security of the DRM system by using the characteristics of the protocol and smart card, and satisfies the copyright protection of digital movies. The demand prevents the terminal from playing a security threat such as a joint attack between the user and the device manufacturer, and at the same time satisfies the needs of the terminal to play user rights transfer and privacy protection. Compared with the other three DRM systems, the smart card-based digital cinema DRM system proposed in this paper is more suitable for copyright protection of digital movies.
(Text/1. School of Electronic Information Engineering, Beihang University, 2. Film Digital Program Management Center of the State Administration of Radio, Film and Television, 3. China University of Mining and Technology, Huang Zhaoting, Liu Yiguang, Zhang Chonggang, Gao Qiang)