【作者】 杨玚；

【导师】 李世鹏； 俞能海；

【作者基本信息】 中国科学技术大学 ， 信号与信息处理， 2008， 博士

【摘要】 随着数字技术和互联网工业的快速发展,越来越多的多媒体内容能够通过网络进行发布和传输。许多类型的多媒体数据采用了可伸缩性编码,把原始内容根据不同的准则编码成在质量、空间、时间上渐进的形式,从而能够有选择地丢弃码流中的部分数据来适应当前的带宽条件以及设备的处理和显示能力。另一方面,数字内容极容易复制的特性使得多媒体内容的盗版成为非常严重的问题,由此产生的DRM系统是管理数字内容的授权许可和访问控制的一整套技术。本文以JPEG 2000和Motion JPEG 2000为实例,为可伸缩性编码的多媒体内容设计了一个“所见即所购”的DRM原型系统。首先,我们提出了一种与原码流语法兼容、并保持其可伸缩性的加密方案。语法兼容使普通的播放器也可以对加密码流正常解码而不会造成崩溃;如果合理选择加密范围就可以为免费用户提供原始内容的预览。在加密码流中保持原码流的所有可伸缩性使得网络传输路径上的某些处理结点能够根据需要直接对加密码流进行转码,得到适合实际需要的子码流,这个过程既不需要解密密钥,也不要求网络结点是受信任的。这种特性可以称为“一次加密,多种方式解密”。和其它一些有代表性的方案相比,我们的加密方案具有精细的可伸缩性粒度支持,优越的运算速度,良好的比特错误弹性,以及可以忽略的存储空间开销。然后,我们提出了一种通用、灵活而便捷的密钥管理方案。我们把所有可伸缩性划分为两大类,分别用全序集和偏序集表示。整个多媒体内容就表示为所有全序集和偏序集的笛卡尔积,它仍然为一个偏序集,可以用具有单个根顶点的Hasse图表示。对可伸缩性多媒体的访问控制就等价于对这个偏序集的访问控制。借助一种基于散列函数的密钥推导方法,每个顶点的访问密钥可以由它的父顶点密钥和一些公开辅助信息生成,而散列函数的单向性保证了从所有子顶点密钥也无法得到父顶点密钥。这样,原始码流只需要被加密一次,用户可以自由选择不同可伸缩性参数组合对应的定制版本,每个版本只需要一个子根顶点密钥和相关的公开辅助信息就可以推导出所有数据结点的解密密钥。这种特性可以称为“一次保护,多种方式访问”。最后,综合上述的加密方案和密钥管理方案,我们基于微软的WMRM框架实现了自己的DRM原型系统。其中,用户根据定制版本“按需”支付费用,对于用户的每次访问请求,DRM服务器只要发送一个访问密钥,其它密钥都可以由用户端DRM模块使用一些公开辅助信息生成。DRM服务器不要求有很强的存储和处理能力,大大提高了它的稳定性和可访问性。更多还原

【Abstract】 With rapid advances of digital technologies and the Intemet industry,more and more multimedia contents are released and distributed over the Internet.Many types of multimedia data are encoded in a scalable manner,i.e.,the original contents are encoded with respect to various criterions into a progressive manner in quality,space,or time. This allows part of the codestream to be discarded to fit into the current channel bandwidth or the device’s processing and display capability.On the other side,the fact that digital contents are very easy to copy makes piracy across the Internet a vital problem. This gives birth to the DRM system,a suite of technologies that manages licensing and access control of digital contents.In this paper we design a"What You See Is What You Buy" DRM prototype system for scalable multimedia contents,exemplified by JPEG 2000 and Motion JPEG 2000.We first propose a syntax-compliant encryption scheme that fully preserves the scalabilities of the original multimedia content.Syntax compliance allows a normal player to successfully decode the cipherstream,especially without being crashed.If selected parts of the codestream get properly encrypted,users may be able to get a free preview of the original content.With all scalabilities preserved,the cipherstream can be directly transcoded by some intermediate processing node along the transmission path with no need of the decryption key.The node even doesn’t have to be trusted.This is called "encrypt once,decrypt many ways".Compared with other typical encryption schemes,our method features fine granularity of scalability,superior processing speed, excellent bit-error resilience,and negligible file-size overhead.Then we propose a general key management scheme that is flexible and convenient. All kinds of scalabilities are assorted into two common types,represented by toset and poset,respectively.The entire multimedia content is modeled as the Cartesian product of all tosets and posets,which is a poset itself and can be represented by a Hasse diagram. Access control of the scalable multimedia content is equivalent to access control of the product poset.With the help of a hash-based key derivation method,the decryption key for each vertex can be calculated from the key of its parent vertex and some public auxiliary information.The one-wayness of the hash function ensures key derivation can’t be inverted.Users can freely choose and combine the scalability parameters to get a custom version of the original content.For each version a single sub-root key is required to derive all child keys.This is called "protect once,access many ways".Lastly,we combine the encryption scheme and the key scheme to implement our DRM prototype system on top of Microsoft’s WMRM DRM framework.A user only has to pay for what he would like to access.For each access.request from the user, the DRM license server only has to calculate and send a single access key.All keys for child vertices can be derived from the access key and some public auxiliary information. The DRM server doesn’t need large storage or powerful processing capability,which in return enhances its reliability and availability.更多还原