Perface
With the popularity of online streaming media applications, digital rights management of streaming media has become an increasingly concerning issue. The amount of streaming media data is large and the real-time requirements are high. How to achieve safe and real-time transmission of streaming media content has become a top priority in digital copyright management.
In response to the security issue of streaming media encryption, we borrowed the idea of streaming media encryption scheme applied in CA technology and improved it, and designed a new selective three-level key mechanism DRM encryption scheme, which has good Real-time, security, updateability and other characteristics, then I will introduce it to you next.
1. CA’s encryption method for streaming media
As shown in the figure, the principle is: scramble the compressed digital TV signal, and the scrambled control word required for descrambling is encrypted and transmitted to the user end. The user end uses the set-top box and IC smart card to decrypt the scrambled control word, and uses the scrambled Control words descramble digital television signals. Its core is actually the control of control word transmission. In a digital TV system using the MPEG-2 standard, there are two data streams related to control word transmission: ECM and EMM. The program needs to be scrambled before broadcasting, that is, the multiplexed TS is added modulo 2 to a pseudo-random scrambling sequence, and this pseudo-random sequence is the CW. The CW encrypted by the service key (SK) is transmitted in the ECM. The ECM also includes program information such as program source, time, content classification, and program price. In order to ensure that only authorized users can decode the control word, the authorization management message (EMM) is also transmitted through the TS.
EMM contains management information such as user name, address, smart card number, etc. It is encrypted and transmitted through the user's personal distribution key (PDK). At the user end, in order to regenerate the descrambling random sequence, the set-top box must obtain relevant conditional access control information. First, the set-top box finds the conditional access table CAT from the TS, finds the corresponding encrypted EMM in the CAT, and then decodes the EMM through the encryption system number and personal distribution key (PDK) in the smart card, and judges based on the decoded EMM information. Whether this smart card is authorized to watch this set of programs? If the smart card has been authorized, use the service key (SK) in the smart card to decrypt the encrypted ECM to obtain the CW. The CW is sent to the descrambler and the TS module to be descrambled. 2 plus to achieve descrambling.
Based on the encryption idea of CA, we improve it and select the TS packets that need to be scrambled before scrambling, forming a selective three-level key mechanism.
2. Selective three-level key mechanism DRM framework
1. Module function
The system mainly includes the following four modules:
The streaming media encryption module generates content keys and is responsible for encrypting streaming media; encrypts the content keys with business keys and sends the business keys to the key management system.
The key management module receives and manages business keys from the encryption module; provides business key queries for the authorization management system; any operations on business keys must be performed through the interface of the key management system. Key management does not interact with end users.
The authorization management module accepts the request from the DRM agent. After confirming that the user is a legal user, it obtains the business key from the key management system, packages and generates a license, encrypts the license and sends it to the DRM agent.
After confirming the legitimacy of the user, the DRM agent module obtains the license, decrypts the streaming media data, and sends it to the player for playback.
2. Working principle
The user requests to play a certain program through the DRM agent, and the DRM agent accepts the request and verifies the user's legitimacy. If it is a legitimate user, the DRM agent sends a request to the authorization management system to apply for a license. The authorization management system applies for the business key of the program from the key management system and packages it into a license, and then sends it to the DRM agent. At this time, the DRM receives the encrypted program stream and decrypts it, and then sends it to the player for playback.
3. Design of selective three-level key encryption mechanism
The security issue of streaming media encryption is the focus of DRM. Streaming media file encryption adopts a selective three-level key encryption mechanism.
This mechanism uses three keys: content key, business key, and license key. When scrambling the data stream with the content key, only a portion of the data packets are selected for scrambling.
1. Encryption process
In the first level of encryption, the content key generator generates a content key (CK) and sends the CK to the pseudo-random sequence generator, which will be used as the basis for generating a pseudo-random sequence. Use the obtained pseudo-random sequence to scramble the selected TS data packet (only the TS payload part is scrambled, not the TS packet header);
In the second level of encryption, the generated content key is encrypted with the business key (SK) and then sent to the key management table in the key management system for storage. The authorized system accesses the key management table to obtain the SK, and packages it and the user's viewing rights into a license;
The third level of encryption uses the license key to encrypt the license and pass it to the user.
A new module - packet selector - is added before the TS data stream scrambler. The data packet selector determines whether the data packet needs to be scrambled based on the PID number of the TS data packet. In this way, the data that needs to be scrambled can be reduced by half, greatly reducing the time for encryption and decryption, and improving the efficiency of encryption and decryption.
2. Decryption process
Use the license key to decrypt the license to obtain the service key; use the service key to decrypt the content key; use the content key to generate a pseudo-random sequence to descramble the TS data stream. Even if illegal users obtain the TS data stream, they cannot decrypt the license without the license key generated by the DRM agent, so they still cannot watch the program normally.
3. Key management
The relationship between the three keys is shown in the figure.
The content key is used to scramble the TS stream; the business key is used to encrypt the content key and is stored in the key management database; the license key is used to encrypt the license consisting of the business key and user rights.
-
1. The content key (CK) is generated by the content key generator and is a random sequence. It changes cyclically. The change cycle of the content key is the life cycle.
-
2. The service key (SK) collects the current program ID, time and other information through hash transformation to generate a fixed-length sequence, and uses this sequence as the service key. The life cycle of the service key is the user's usage period of the streaming media program. Once the user's usage period of the program expires, the service key will also expire.
-
3. The license key (RK) is generated and distributed by the DRM agent, and is divided into two parts: the license public key and the license private key. The license public key is used to encrypt the business key, and the license private key is used to decrypt the business key. Compared with the previous two types of keys, the life cycle is longer.
This article improves the real-time performance based on the CA encryption idea and adds a packet selector, which reduces the content that needs to be encrypted to half of the original, thus reducing the time required for scrambling.
Little knowledge about DRM
DRM, the full English name is Digital Rights Management, which can be translated as: content digital copyright encryption and protection technology. Due to the characteristics of digital information, there must be another unique technology to strengthen the protection of the copyright of these digital audio and video program contents. This technology is digital rights management technology-DRM (digital right management).