CN100544427C - A kind of conditional receiver system of digital television and application thereof - Google Patents

A kind of conditional receiver system of digital television and application thereof Download PDF

Info

Publication number
CN100544427C
CN100544427C CNB2007101765937A CN200710176593A CN100544427C CN 100544427 C CN100544427 C CN 100544427C CN B2007101765937 A CNB2007101765937 A CN B2007101765937A CN 200710176593 A CN200710176593 A CN 200710176593A CN 100544427 C CN100544427 C CN 100544427C
Authority
CN
China
Prior art keywords
digital television
authorization
smart card
encryption
authorization message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2007101765937A
Other languages
Chinese (zh)
Other versions
CN101141620A (en
Inventor
宿玉文
牛张力
熊彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sumavision Technologies Co Ltd
Original Assignee
Sumavision Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sumavision Technologies Co Ltd filed Critical Sumavision Technologies Co Ltd
Priority to CNB2007101765937A priority Critical patent/CN100544427C/en
Publication of CN101141620A publication Critical patent/CN101141620A/en
Application granted granted Critical
Publication of CN100544427C publication Critical patent/CN100544427C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The present invention relates to the digital television techniques field, a kind of conditional receiver system of digital television is disclosed, comprise: digital television CA S front terminal system, be used for after receiving authorization requests, generate current communication key, utilize this current communication key encryption authorization information, the authorization message that will encrypt by down going channel returns to digital television CA S terminal subsystem; Utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that will encrypt by down going channel is handed down to the last digital television CA S terminal subsystem that sends authorization requests, cancels the mandate of its acquisition; Digital television CA S terminal subsystem is used for after receiving the authorization message of encryption, deciphers the authorization message of this encryption and obtains the authorization, and after receiving the anti-authorization message of encryption, deciphers the last mandate that obtains of anti-authorization message cancellation of this encryption.Utilize the present invention, improved the fail safe of system, reduced the harm of pirate smart card.

Description

A kind of conditional receiver system of digital television and application thereof
Technical field
The present invention relates to Digital Television and computer communication technology field, relate to use cable television network (perhaps ground, satellite television net) as down going channel, use TCP/IP network or other can realize the conditional receiver system of digital television of the network of two-way communication as return path, relate in particular to a kind of conditional receiver system of digital television and application thereof that is used to take precautions against pirate smart card.
Background technology
In conditional receiver system of digital television based on one-way CATV network, if the smart card that terminal inserts is by bootlegging, then because authorized user message (EMM, Entitlement ManageMessage) is all broadcasted and issued, any terminal can receive.And, owing to there is not a feedback mechanism, conditional receiver system of digital television (Conditional Access System, CAS) front end and do not know currently all have which user watching program, so the program of genuine cards user purchase, pirate intelligent card subscriber can view for free.And concerning by pirate genuine cards of duplicating, without any the interests loss, this makes the genuine cards user might cooperate to carry out the work of pirate smart card with hacker, to seek interests.Even hacker oneself also can become a genuine cards user earlier, oneself carries out pirate smart card work then and speculates.
In order to address the above problem, in conjunction with current technical development situation, the present invention proposes a kind of conditional receiver system of digital television of taking precautions against pirate smart card that has, with effective raising security of system, reduce the harm of pirate smart card.
Summary of the invention
(1) technical problem that will solve
In view of this, one object of the present invention is to provide a kind of conditional receiver system of digital television, to improve security of system, reduces the harm of pirate smart card.
Another object of the present invention is to provide a kind of authorization method that is applied to conditional receiver system of digital television, to improve security of system, reduces the harm of pirate smart card.
(2) technical scheme
For reaching an above-mentioned purpose, the invention provides a kind of conditional receiver system of digital television, this system comprises:
Conditional receiver system of digital television CAS front terminal system, be used for after the authorization requests that receives digital television CA S terminal subsystem, generate current communication key, and this current communication key encryption authorization information of utilization, the authorization message that will encrypt by the down going channel of transmitted in both directions passage returns to the digital television CA S terminal subsystem that sends authorization requests; And, utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that to encrypt by the down going channel of transmitted in both directions passage is handed down to the last digital television CA S terminal subsystem that sends authorization requests, the mandate that the last digital television CA S terminal subsystem that sends authorization requests of cancellation obtains;
Digital television CA S terminal subsystem is used for after receiving the authorization message of encryption, deciphers the authorization message of this encryption and obtains the authorization, and after receiving the anti-authorization message of encryption, decipher the last mandate that obtains of anti-authorization message cancellation of this encryption.
In the such scheme, undertaken alternately by the transmitted in both directions passage between described digital television CA S terminal subsystem and the digital television CA S front terminal system; The data feedback channel of described transmitted in both directions passage is used for the authorization requests that transmitting digital TV CAS terminal subsystem sends to digital television CA S front terminal system, and the feedback information that transmitting digital TV CAS terminal subsystem is returned to digital television CA S front terminal system after digital television CA S terminal subsystem receives authorization message; The down going channel of described transmitted in both directions passage is used for encryption authorization information and the anti-authorization message of encryption that transmitting digital TV CAS front terminal system issues to digital television CA S terminal subsystem.
In the such scheme, described digital television CA S front terminal system has with digital TV subscriber management system SMS and carries out mutual command interface, provides related the be provided with interface of product with program, the data message of storage system.
In the such scheme, described digital television CA S front terminal system further has and provides the intermediate equipment of described transmitted in both directions passage to carry out mutual interface.
In the such scheme, the described intermediate equipment of transmitted in both directions passage that provides comprises: multiplexer, independent scrambler, modulator and frequency mixer; Or multiplexing scrambler, modulator and frequency mixer.
In the such scheme, the equipment of described multiplexing scrambler multiplexer that has been integrated and independent scrambler, described modulator is QAM modulator, qpsk modulator or DVB-T modulator.
In the such scheme, described digital television CA S terminal subsystem comprises at least:
Set-top box and smart card; Or
Set-top box, CAM card and smart card; Or
PC, Digital Television receiving card and smart card; Or
PC, Digital Television receiving card, CAM card and smart card.
For reaching above-mentioned another purpose, the present invention also provides a kind of authorization method that is applied to conditional receiver system of digital television, and this method comprises:
The smart card of A, digital television CA S terminal subsystem sends authorization requests to digital television CA S front terminal system when starting, the application authorization message;
After B, digital television CA S front terminal system receive authorization requests, generate current communication key, and this current communication key encryption authorization information of utilization, the authorization message that will encrypt by the down going channel of transmitted in both directions passage returns to the digital television CA S terminal subsystem that sends authorization requests; And, utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the last digital television CA S terminal subsystem that sends authorization requests;
C, digital television CA S terminal subsystem are after receiving the authorization message of encryption, generate described current communication key, and the authorization message of utilizing this current communication key to decipher this encryption is obtained the authorization, or after receiving the anti-authorization message of encryption, utilize the last communication key that generates to decipher the last mandate that obtains of anti-authorization message cancellation of this encryption.
In the such scheme, described digital television CA S terminal subsystem comprises set-top box and smart card at least, and described steps A comprises:
A1, set-top box find that in the back that powers on smart card exists, and after perhaps detecting smart card be inserted in running, are used for the data of uploading to digital television CA S front terminal system application authorization message to the smart card acquisition request;
After A2, smart card receive the request of set-top box, generate a random number a, and utilize this random number of secret key encryption a of digital television CA S front terminal system, the data of uploading that will comprise this encrypted random number a send to set-top box;
A3, set-top box send the authorization requests that comprises this encrypted random number a and smart card numbers to digital television CA S front terminal system.
In the such scheme, utilize this random number of secret key encryption a of digital television CA S front terminal system described in the steps A 2, adopt asymmetric encryption or symmetric cryptography, wherein,
Described asymmetric encryption uses the PKI of digital television CA S front terminal system to encrypt, and has only the private key of digital television CA S front terminal system to decipher;
Described symmetric cryptography uses the private key encryption of described smart card, and this key is kept in the smart card nonvolatile storage, and smart card does not externally provide and uses private cipher key deciphering interface.
In the such scheme, described digital television CA S terminal subsystem comprises set-top box and smart card at least, and described step B comprises:
After B1, digital television CA S front terminal system receive authorization requests, utilize the secret key decryption of self to obtain random number a, and generate random number b, utilize random number a and random number b to calculate and generate current communication key Session Key Cur
B2, digital television CA S front terminal system utilize the secret key encryption random number b of smart card, by set-top box encrypted random number b are handed down to smart card, and utilize this current communication key SessionKey CurEncryption authorization information, the authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the set-top box that sends authorization requests, and set-top box sends to smart card with the authorization message of encrypting; And the last communication key SessionKey that generates of utilization LastEncrypt anti-authorization message, the anti-authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the last set-top box that sends authorization requests, and the anti-authorization message that set-top box will be encrypted sends to corresponding smart card.
In the such scheme, after receiving authorization requests, the S of digital television CA described in step B1 front terminal system further comprises: the IP address of smart card numbers that the systems inspection of digital television CA S front terminal receives and transmission authorization requests, check judgment processing according to the restrictive condition that is provided with.
In the such scheme, the restrictive condition of described digital television CA S front terminal system setting comprises at least:
Identical smart card numbers only allows a connection, or
The IP address of identical transmission authorization requests only allows a connection, or
Bind smart card numbers and IP address, according to actual needs, carries out one to one, the binding of one-to-many, many-one or multi-to-multi.
In the such scheme, when described digital television CA S front terminal system is handed down to the set-top box that sends authorization requests with the authorization message of encrypting, the further employing specifies transmission number of times or maximum fixed time length to issue at most, send number of times or fixed time length at most in case reach described maximum appointment, just stop to issue after perhaps receiving feedback information.
In the such scheme, described digital television CA S front terminal system further comprises after the authorization message of encrypting is handed down to the set-top box that sends authorization requests: digital television CA S front terminal system log (SYSLOG) smart card numbers, send IP address, the current communication key Session Key of authorization requests CurRequest time is so that carry out statistical analysis to these data messages later on.
In the such scheme, described digital television CA S terminal subsystem comprises set-top box and smart card at least, and described step C comprises:
After smart card receives the authorization message of encryption, utilize the secret key decryption of self to obtain random number b, utilize random number a and random number b to calculate and generate current communication key Session Key Cur, utilize this current communication key Session Key then CurThe encryption authorization information that deciphering receives is obtained mandate; Perhaps
After smart card receives the anti-authorization message of encryption, utilize the last communication key SessionKey that generates LastDecipher this and encrypt anti-authorization message, the last mandate that obtains of cancellation.
In the such scheme, described smart card further comprises after obtaining mandate: the mandate that smart card will obtain is kept in the self EMS memory, and power down disappears, and needs application again after re-powering.
In the such scheme, the S of digital television CA described in step C terminal subsystem further comprises after obtaining the authorization: the smart card of digital television CA S terminal subsystem returns feedback information by the data feedback channel of transmitted in both directions passage to digital television CA S front terminal system, digital television CA S front terminal system receives feedback information, cancels issuing of corresponding encryption authorization information.
This method further comprises: digital television CA S front terminal system regularly generates new continuity authorization message, utilizes the current communication key SessionKey of intelligent card corresponding CurEncrypt this continuity authorization message, and the continuity authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to intelligent card corresponding;
Smart card receives the continuity authorization message of this encryption, utilizes current communication key SessionKey CurDeciphering obtains continuity and authorizes, the mandate concluding time in the updating memory, and return feedback information to digital television CA S front terminal system by the data feedback channel of transmitted in both directions passage.
In the such scheme, when the continuity authorization message that described digital television CA S front terminal system will encrypt is handed down to smart card, the further employing specifies transmission number of times or maximum fixed time length to issue at most, send number of times or fixed time length at most in case reach described maximum appointment, just stop to issue after perhaps receiving feedback information.
(3) beneficial effect
From technique scheme as can be seen, the present invention has following beneficial effect:
1, this conditional receiver system of digital television provided by the invention and method make full use of the characteristics of bidirectional communication network, and the fail safe that has improved system has reduced the harm of pirate smart card.
2, utilize this conditional receiver system of digital television provided by the invention, operator can in time find the existence of pirate smart card, and in time takes measures, and is handled, and greatly reduces the harm of pirate smart card.
Description of drawings
Fig. 1 is the structural representation of conditional receiver system of digital television provided by the invention;
The structural representation of the conditional receiver system of digital television that provides according to the embodiment of the invention is provided Fig. 2;
Fig. 3 is the authorization method flow chart that is applied to conditional receiver system of digital television provided by the invention;
Fig. 4 is for being applied to the sequential chart of conditional receiver system of digital television authorization method according to the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.
As shown in Figure 1, Fig. 1 is the structural representation of conditional receiver system of digital television provided by the invention, this system comprises: digital television CA S front terminal system 1, digital television CA S terminal subsystem 2, and the transmitted in both directions passage 3 that connects Digital Television CAS front terminal system 1 and digital television CA S terminal subsystem 2.
Wherein, digital television CA S front terminal system 1 is used for after the authorization requests that receives digital television CA S terminal subsystem, generate current communication key, and this current communication key encryption authorization information of utilization, the authorization message that will encrypt by the down going channel of transmitted in both directions passage returns to the digital television CA S terminal subsystem 2 that sends authorization requests; And, utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that to encrypt by the down going channel of transmitted in both directions passage is handed down to the last digital television CA S terminal subsystem 2 that sends authorization requests, the mandate that the last digital television CA S terminal subsystem 2 that sends authorization requests of cancellation obtains.
Digital television CA S terminal subsystem 2 is used for after receiving the authorization message of encryption, deciphers the authorization message of this encryption and obtains the authorization, and after receiving the anti-authorization message of encryption, decipher the last mandate that obtains of anti-authorization message cancellation of this encryption.
Undertaken alternately by the transmitted in both directions passage between above-mentioned digital television CA S terminal subsystem 2 and the digital television CA S front terminal system 1.The data feedback channel of described transmitted in both directions passage is used for the authorization requests that transmitting digital TV CAS terminal subsystem sends to digital television CA S front terminal system, and the feedback information that transmitting digital TV CAS terminal subsystem is returned to digital television CA S front terminal system after digital television CA S terminal subsystem receives authorization message.The down going channel of described transmitted in both directions passage is used for encryption authorization information and the anti-authorization message of encryption that transmitting digital TV CAS front terminal system issues to digital television CA S terminal subsystem.
Above-mentioned digital television CA S front terminal system has with digital TV subscriber management system SMS and carries out mutual command interface, provides related the be provided with interface of product with program, the data message of storage system.
Above-mentioned digital television CA S front terminal system further has and provides the intermediate equipment of described transmitted in both directions passage to carry out mutual interface.The described intermediate equipment of transmitted in both directions passage that provides includes but not limited to following form:
I, multiplexer, independent scrambler, modulator and frequency mixer; Or
Ii, multiplexing scrambler, modulator and frequency mixer.
Wherein, the equipment of described multiplexing scrambler multiplexer that has been integrated and independent scrambler, described modulator is QAM modulator, qpsk modulator or DVB-T modulator etc.
Above-mentioned digital television CA S terminal subsystem includes but not limited to following form:
I, set-top box and smart card; Or
Ii, set-top box, CAM card and smart card; Or
Iii, PC, Digital Television receiving card and smart card; Or
Iv, PC, Digital Television receiving card, CAM card and smart card.
As shown in Figure 2, the structural representation of the conditional receiver system of digital television that provides according to the embodiment of the invention is provided Fig. 2, and this system is made up of several parts such as digital television CA S front terminal system, multiplexer, independent scrambler, QAM modulator, frequency mixer and digital television CA S terminal subsystems.Wherein,
1, digital television CA S front terminal system includes but not limited to following function:
I, offer digital TV subscriber management system (Subscriber Management System, SMS) command interface;
Ii, provide the standard ECMG/EMMG interface with independent scrambler or multiplexing scrambler communication;
Iii, provide related the be provided with interface of product with program;
Iv, the data message that storage system is relevant;
The information that v, processing terminal are uploaded, and handle, the information that record is necessary provides necessary replying.
2, digital television CA S terminal subsystem refers to the terminal form that can use with the system support of digital television CA S front terminal include but not limited to following form:
I, set-top box and smart card;
Ii, set-top box, CAM card and smart card;
Iii, PC, Digital Television receiving card and smart card;
Iv, PC, Digital Television receiving card, CAM card and smart card;
3, other.Other parts of the technical program just as the contact channel of digital television CA S front terminal system and digital television CA S terminal subsystem, are not limited to listed equipment, such as:
I, multiplexer and independent scrambler also can be the forms of multiplexing scrambler.
Ii, QAM modulator also can be qpsk modulator, DVB-T modulator etc.
Based on the structural representation of conditional receiver system of digital television illustrated in figures 1 and 2, Fig. 3 shows the authorization method flow chart that is applied to conditional receiver system of digital television provided by the invention, and this method may further comprise the steps:
Step 301: the smart card of digital television CA S terminal subsystem sends authorization requests to digital television CA S front terminal system when starting, the application authorization message.
Step 302: after digital television CA S front terminal system receives authorization requests, generate current communication key, and this current communication key encryption authorization information of utilization, the authorization message that will encrypt by the down going channel of transmitted in both directions passage returns to the digital television CA S terminal subsystem that sends authorization requests; And, utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the last digital television CA S terminal subsystem that sends authorization requests.
Step 303: digital television CA S terminal subsystem is after receiving the authorization message of encryption, generate described current communication key, and the authorization message of utilizing this current communication key to decipher this encryption is obtained the authorization, or after receiving the anti-authorization message of encryption, utilize the last communication key that generates to decipher the last mandate that obtains of anti-authorization message cancellation of this encryption;
In this step, described digital television CA S terminal subsystem can further include after obtaining the authorization: the smart card of digital television CA S terminal subsystem returns feedback information by the data feedback channel of transmitted in both directions passage to digital television CA S front terminal system, digital television CA S front terminal system receives feedback information, cancels issuing of corresponding encryption authorization information.
The terminal subsystem of digital television CA S described in the above-mentioned steps 303 further comprises after obtaining the authorization: the smart card of digital television CA S terminal subsystem returns feedback information by the data feedback channel of transmitted in both directions passage to digital television CA S front terminal system, digital television CA S front terminal system receives feedback information, cancels issuing of corresponding encryption authorization information.
Above-mentioned digital television CA S terminal subsystem comprises set-top box and smart card at least, and described step 301 further comprises:
Step 3011: set-top box finds that in the back that powers on smart card exists, and after perhaps detecting smart card be inserted in running, is used for the data of uploading to digital television CA S front terminal system application authorization message to the smart card acquisition request.
Step 3012: after smart card receives the request of set-top box, generate a random number a, and utilize this random number of secret key encryption a of digital television CA S front terminal system, the data of uploading that will comprise this encrypted random number a send to set-top box;
In this step, described this random number of the secret key encryption a that utilizes digital television CA S front terminal system, adopt asymmetric encryption or symmetric cryptography, wherein, described asymmetric encryption uses the PKI of digital television CA S front terminal system to encrypt, and has only the private key of digital television CA S front terminal system to decipher; Described symmetric cryptography uses the private key encryption of smart card, and this key is kept in the smart card nonvolatile storage, and smart card does not externally provide and uses private cipher key deciphering interface.
Step 3013: set-top box sends the authorization requests that comprises this encrypted random number a and smart card numbers to digital television CA S front terminal system.
Above-mentioned digital television CA S terminal subsystem comprises set-top box and smart card at least, and described step 302 further comprises:
Step 3021: after digital television CA S front terminal system receives authorization requests, utilize the secret key decryption of self to obtain random number a, and generate random number b, utilize random number a and random number b to calculate and generate current communication key Session Key Cur
In this step, after receiving authorization requests, described digital television CA S front terminal system further comprises: the smart card numbers that the systems inspection of digital television CA S front terminal receives and send the IP address of authorization requests, check judgment processing according to the restrictive condition that is provided with.The restrictive condition of described setting can include but not limited to following form:
Identical smart card numbers only allows a connection, or
The IP address of identical transmission authorization requests only allows a connection, or
Bind smart card numbers and IP address, according to actual needs, carries out one to one, the binding of one-to-many, many-one or multi-to-multi.
Step 3022: digital television CA S front terminal system utilizes the secret key encryption random number b of smart card, by set-top box encrypted random number b is handed down to smart card, and utilizes this current communication key Session Key CurEncryption authorization information, the authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the set-top box that sends authorization requests, and set-top box sends to smart card with the authorization message of encrypting; And the last communication key SessionKey that generates of utilization LastEncrypt anti-authorization message, the anti-authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the last set-top box that sends authorization requests, and the anti-authorization message that set-top box will be encrypted sends to corresponding smart card.
In this step, when described digital television CA S front terminal system is handed down to the set-top box that sends authorization requests with the authorization message of encrypting, the further employing specifies transmission number of times or maximum fixed time length to issue at most, send number of times or fixed time length at most in case reach described maximum appointment, just stop to issue after perhaps receiving feedback information.
Above-mentioned digital television CA S front terminal system further comprises after the authorization message of encrypting is handed down to the set-top box that sends authorization requests: digital television CA S front terminal system log (SYSLOG) smart card numbers, send IP address, the current communication key Session Key of authorization requests CurRequest time is so that carry out statistical analysis to these data messages later on.
Above-mentioned digital television CA S terminal subsystem comprises set-top box and smart card at least, described step 303 further comprises: after smart card receives the authorization message of encryption, utilize the secret key decryption of self to obtain random number b, utilize random number a and random number b to calculate and generate current communication key SessionKey Cur, utilize this current communication key Session Key then CurThe encryption authorization information that deciphering receives is obtained mandate; After perhaps smart card receives the anti-authorization message of encryption, utilize the last communication key SessionKey that generates LastDecipher this and encrypt anti-authorization message, the last mandate that obtains of cancellation.
Above-mentioned smart card further comprises after obtaining mandate: the mandate that smart card will obtain is kept in the self EMS memory, and power down disappears, and needs application again after re-powering.
In addition, this authorization method that is applied to conditional receiver system of digital television provided by the invention can further include: digital television CA S front terminal system regularly generates new continuity authorization message, utilizes the current communication key SessionKey of intelligent card corresponding CurEncrypt this continuity authorization message, and the continuity authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to intelligent card corresponding; Smart card receives the continuity authorization message of this encryption, utilizes current communication key SessionKey CurDeciphering obtains continuity and authorizes, the mandate concluding time in the updating memory, and return feedback information to digital television CA S front terminal system by the data feedback channel of transmitted in both directions passage.
Above-mentioned when stating continuity authorization message that digital television CA S front terminal system will encrypt and being handed down to smart card, the further employing specifies transmission number of times or maximum fixed time length to issue at most, send number of times or fixed time length at most in case reach described maximum appointment, just stop to issue after perhaps receiving feedback information.
Based on the authorization method flow chart that is applied to conditional receiver system of digital television shown in Figure 3, Fig. 4 shows the sequential chart that is applied to the conditional receiver system of digital television authorization method according to the embodiment of the invention.According to the sequential chart that is applied to the conditional receiver system of digital television authorization method shown in Figure 4, licensing process provided by the invention is as follows:
1, initial authorization
A), initial authorization is meant the authority record that finally will be kept in the smart card memory, there is expired time in its mandate.Such as expired behind current time+5 hour.
B), terminal set top box finds that in the back that powers on smart card exists, after perhaps in running, detecting smart card and inserting for the first time, forward end application initial authorization automatically.
C), set-top box obtains one section to the smart card request and uploads data, these data are used for the application mandate to digital television CA S front terminal system.
D), generate random number a in the smart card, spue after the encryption to set-top box, this encryption will guarantee to have only digital television CA S front terminal system to decipher, any terminal intelligent card all can not be deciphered, this encryption includes but not limited to following form:
I, asymmetric encryption.Use digital television CA S front terminal system public key encryption, have only digital television CA S front terminal system private key to decipher.
Ii, symmetric cryptography.Use the private key encryption of smart card, this key is kept in the smart card nonvolatile storage, and smart card does not externally provide and uses private cipher key deciphering interface.
E), set-top box is uploaded to digital television CA S front terminal system with these data together with card number.
F), the systems inspection of digital television CA S the front terminal card number and the IP address of uploading, carry out necessary inspection judgment processing according to the restrictive condition of front end setting.The restrictive condition of front end setting can include but not limited to following form:
I, identical card number only allow a connection.
Ii, identical ip addresses only allow a connection.
Bind iii, card number and IP address, and according to actual needs, binding can be one to one, one-to-many, many-one, multi-to-multi.
G), digital television CA S front terminal system recovers a in internal memory, generate random number b, obtains current communication key SessionKey with two data computation of a, b Cur
H), digital television CA S front terminal system is with the secret key encryption b of intelligent card corresponding, transfers to smart card by duplex channel by set-top box.
I), key SessionKey interrogates with this cartoon of the last time of preserving in digital television CA S front terminal system LastEncryption issues anti-mandate, with current key SessionKey CurEncryption authorization, the Emmg module that this two segment data combines by the down going channel of duplex channel issues.Send predetermined number of times or fixed time length at most.
I, SessionKey wherein LastEncryption issues anti-mandate, is to have only a card to watch in order to ensure same card number of same time, helps the curb piracy smart card and watches or in time find pirate smart card.
Ii, consider following situation, have normal card A and pirate smart card B in the net simultaneously, B has applied for mandate, usefulness be SessionKey BEncrypt, the A application is authorized then, so at this moment SessionKey BBe exactly SessionKey Last, with the anti-mandate of this secret key encryption, from unidirectional, card B will receive, so card B will no longer include mandate, can't continue to watch program.If normally blocked the A first to file, pirate then smart card B applies for again, then can cause normally blocking A and can't continue to watch program, if A, B do not conspire like this, the user who holds A will can not watch program to operator's feedback, helps in time finding the existence of pirate smart card.
Iii, for normal card, this anti-authorization data is useless, separates secret meeting failure, but an emm bag deciphering failure, follow-up processing still can normally be carried out, except meeting has taken processing time of some cards, to not influence of normal function.
J), the smartcard internal decryption restoration goes out b, calculates current communication key SessionKey with a, b CurUse SessionKey CurDecryption restoration obtains the mandate of oneself, is kept in the internal memory of oneself, and these authorize power down to disappear, must be again to the application of digital television CA S front terminal system after re-powering.
K), information such as digital television CA S front terminal system log (SYSLOG) card number, IP, SessionKey request time.Be provided with the back these data are carried out statistical analysis, for in the expired time segment limit of initial authorization (such as 5 hours), repeatedly carry out the card of SessionKey request, and long-term (such as 1 month) there is this phenomenon, can suspects it is that terminal set top box is through the pirate pirate smart card of revising.
1), after smart card successfully receives mandate, provides feedback information to digital television CA S front terminal system by duplex channel.
M), after digital television CA S front terminal system receives feedback information, cancel the transmission of the corresponding emm of mandate.(if in the maximum times that is provided with or after the time, still do not receive feedback information, will cancel transmission)
N) if above-mentioned application initial authorization procedure failure, set-top box will provide prompting, and can not watch any scrambled program.
O), set-top box provides the menu of manual application initial authorization, for user's manual at any time application after application failure automatically.The process of manual application only triggered by user's choice menus, rather than system triggers automatically with application is in full accord automatically.
2, continuity is authorized
A), per 2 hours of digital television CA S front terminal system generates new continuity mandate, the mandate concluding time that at every turn generates new continuity mandate is after the current time 5 hours.These two times can be according to the actual conditions adjustment.
B), issue 1 on each card, the communication key SessionKey of the smart card that usefulness is corresponding by half-duplex channel (being EMMG) CurEncrypt, sending has maximum times or maximum time.
C), after the correct deciphering of smart card obtains continuity and authorize, the mandate concluding time in the updating memory, provide feedback information by the duplex channel forward end simultaneously.
D), after digital television CA S front terminal system receives feedback information, cancel the transmission of the corresponding emm of mandate.(if in the maximum times that is provided with or still do not receive feedback information after the time, will cancel transmission)
Characteristics of the present invention are:
1, communication key
A), the terminal intelligent card power on all at every turn will with communication key of digital television CA S front terminal system negotiates.
B), this communication key determined jointly by terminal and front end, even the each application of the same card is also different; Identical card A and card B (pirate smart card), the communication key of card A application, card B can't obtain.
C), this communication key only appears in the smart card memory power down disappearance in terminal.
2, authorization message
A), authorization message uses above-mentioned communication key encryption to issue.
B), authorization message also only appears in the internal memory power down disappearance in the terminal intelligent card.
C), the mandate in the smart card has necessarily ageingly, need regularly issue continuity by front end and authorize and prolong its effectual time.
D), front end sends authorization message and can undyingly not take turns and broadcast, and receiving the terminal feedback, perhaps reach maximum times or after the time, will no longer send.
3, above two can obtain following effect,
A), reproducible is not authorized simply to carry out pirate smart card.
B), it is authorized that the card of same identical card number of time can only have a card.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; be not limited to the present invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (20)

1, a kind of conditional receiver system of digital television is characterized in that, this system comprises:
Conditional receiver system of digital television CAS front terminal system, be used for after the authorization requests that receives digital television CA S terminal subsystem, generate current communication key, and this current communication key encryption authorization information of utilization, the authorization message that will encrypt by the down going channel of transmitted in both directions passage returns to the digital television CA S terminal subsystem that sends authorization requests; And, utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that to encrypt by the down going channel of transmitted in both directions passage is handed down to the last digital television CA S terminal subsystem that sends authorization requests, the mandate that the last digital television CA S terminal subsystem that sends authorization requests of cancellation obtains;
Digital television CA S terminal subsystem is used for after receiving the authorization message of encryption, deciphers the authorization message of this encryption and obtains the authorization, and after receiving the anti-authorization message of encryption, decipher the last mandate that obtains of anti-authorization message cancellation of this encryption.
2, conditional receiver system of digital television according to claim 1 is characterized in that, is undertaken alternately by the transmitted in both directions passage between described digital television CA S terminal subsystem and the digital television CA S front terminal system;
The data feedback channel of described transmitted in both directions passage is used for the authorization requests that transmitting digital TV CAS terminal subsystem sends to digital television CA S front terminal system, and the feedback information that transmitting digital TV CAS terminal subsystem is returned to digital television CA S front terminal system after digital television CA S terminal subsystem receives authorization message;
The down going channel of described transmitted in both directions passage is used for encryption authorization information and the anti-authorization message of encryption that transmitting digital TV CAS front terminal system issues to digital television CA S terminal subsystem.
3, conditional receiver system of digital television according to claim 1, it is characterized in that, described digital television CA S front terminal system has with digital TV subscriber management system SMS and carries out mutual command interface, provides related the be provided with interface of product with program, the data message of storage system.
According to claim 1 or 3 described conditional receiver system of digital television, it is characterized in that 4, described digital television CA S front terminal system further has and provides the intermediate equipment of described transmitted in both directions passage to carry out mutual interface.
5, conditional receiver system of digital television according to claim 4 is characterized in that, the described intermediate equipment of transmitted in both directions passage that provides comprises:
Multiplexer, independent scrambler, modulator and frequency mixer; Or
Multiplexing scrambler, modulator and frequency mixer.
6, conditional receiver system of digital television according to claim 5 is characterized in that, the equipment of described multiplexing scrambler multiplexer that has been integrated and independent scrambler, and described modulator is QAM modulator, qpsk modulator or DVB-T modulator.
7, conditional receiver system of digital television according to claim 1 is characterized in that, described digital television CA S terminal subsystem comprises at least:
Set-top box and smart card; Or
Set-top box, CAM card and smart card; Or
PC, Digital Television receiving card and smart card; Or
PC, Digital Television receiving card, CAM card and smart card.
8, a kind of authorization method that is applied to conditional receiver system of digital television is characterized in that, this method comprises:
The smart card of A, digital television CA S terminal subsystem sends authorization requests to digital television CA S front terminal system when starting, the application authorization message;
After B, digital television CA S front terminal system receive authorization requests, generate current communication key, and this current communication key encryption authorization information of utilization, the authorization message that will encrypt by the down going channel of transmitted in both directions passage returns to the digital television CA S terminal subsystem that sends authorization requests; And, utilize the last communication key that generates to encrypt anti-authorization message, the anti-authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the last digital television CA S terminal subsystem that sends authorization requests;
C, digital television CA S terminal subsystem are after receiving the authorization message of encryption, generate described current communication key, and the authorization message of utilizing this current communication key to decipher this encryption is obtained the authorization, or after receiving the anti-authorization message of encryption, utilize the last communication key that generates to decipher the last mandate that obtains of anti-authorization message cancellation of this encryption.
9, the authorization method that is applied to conditional receiver system of digital television according to claim 8 is characterized in that, described digital television CA S terminal subsystem comprises set-top box and smart card at least, and described steps A comprises:
A1, set-top box find that in the back that powers on smart card exists, and after perhaps detecting smart card be inserted in running, are used for the data of uploading to digital television CA S front terminal system application authorization message to the smart card acquisition request;
After A2, smart card receive the request of set-top box, generate a random number a, and utilize this random number of secret key encryption a of digital television CA S front terminal system, the data of uploading that will comprise this encrypted random number a send to set-top box;
A3, set-top box send the authorization requests that comprises this encrypted random number a and smart card numbers to digital television CA S front terminal system.
10, the authorization method that is applied to conditional receiver system of digital television according to claim 9, it is characterized in that, utilize this random number of secret key encryption a of digital television CA S front terminal system described in the steps A 2, adopt asymmetric encryption or symmetric cryptography, wherein
Described asymmetric encryption uses the PKI of digital television CA S front terminal system to encrypt, and has only the private key of digital television CA S front terminal system to decipher;
Described symmetric cryptography uses the private key encryption of described smart card, and this key is kept in the smart card nonvolatile storage, and smart card does not externally provide and uses private cipher key deciphering interface.
11, the authorization method that is applied to conditional receiver system of digital television according to claim 9 is characterized in that, described digital television CA S terminal subsystem comprises set-top box and smart card at least, and described step B comprises:
After B1, digital television CA S front terminal system receive authorization requests, utilize the secret key decryption of self to obtain random number a, and generate random number b, utilize random number a and random number b to calculate and generate current communication key Session Key Cur
B2, digital television CA S front terminal system utilize the secret key encryption random number b of smart card, by set-top box encrypted random number b are handed down to smart card, and utilize this current communication key SessionKey CurEncryption authorization information, the authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the set-top box that sends authorization requests, and set-top box sends to smart card with the authorization message of encrypting; And the last communication key SessionKey that generates of utilization LastEncrypt anti-authorization message, the anti-authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to the last set-top box that sends authorization requests, and the anti-authorization message that set-top box will be encrypted sends to corresponding smart card.
12, the authorization method that is applied to conditional receiver system of digital television according to claim 11 is characterized in that, further comprises after the S of digital television CA described in step B1 front terminal system receives authorization requests:
Judgment processing is checked according to the restrictive condition that is provided with in the IP address of smart card numbers that the systems inspection of digital television CA S front terminal receives and transmission authorization requests.
13, the authorization method that is applied to conditional receiver system of digital television according to claim 12 is characterized in that, the restrictive condition of described digital television CA S front terminal system setting comprises at least:
Identical smart card numbers only allows a connection, or
The IP address of identical transmission authorization requests only allows a connection, or
Bind smart card numbers and IP address, according to actual needs, carries out one to one, the binding of one-to-many, many-one or multi-to-multi.
14, the authorization method that is applied to conditional receiver system of digital television according to claim 11, it is characterized in that, when described digital television CA S front terminal system is handed down to the set-top box that sends authorization requests with the authorization message of encrypting, the further employing specifies transmission number of times or maximum fixed time length to issue at most, send number of times or fixed time length at most in case reach described maximum appointment, just stop to issue after perhaps receiving feedback information.
15, the authorization method that is applied to conditional receiver system of digital television according to claim 11 is characterized in that, described digital television CA S front terminal system further comprises after the authorization message of encrypting is handed down to the set-top box that sends authorization requests:
IP address, the current communication key Session Key of digital television CA S front terminal system log (SYSLOG) smart card numbers, transmission authorization requests CurRequest time is so that carry out statistical analysis to these data messages later on.
16, the authorization method that is applied to conditional receiver system of digital television according to claim 11 is characterized in that, described digital television CA S terminal subsystem comprises set-top box and smart card at least, and described step C comprises:
After smart card receives the authorization message of encryption, utilize the secret key decryption of self to obtain random number b, utilize random number a and random number b to calculate and generate current communication key Session Key Cur, utilize this current communication key Session Key then CurThe encryption authorization information that deciphering receives is obtained mandate; Perhaps
After smart card receives the anti-authorization message of encryption, utilize the last communication key SessionKey that generates LastDecipher this and encrypt anti-authorization message, the last mandate that obtains of cancellation.
17, the authorization method that is applied to conditional receiver system of digital television according to claim 16, it is characterized in that, described smart card further comprises after obtaining mandate: the mandate that smart card will obtain is kept in the self EMS memory, and power down disappears, and needs application again after re-powering.
18, the authorization method that is applied to conditional receiver system of digital television according to claim 8 is characterized in that, the S of digital television CA described in step C terminal subsystem further comprises after obtaining the authorization:
The smart card of digital television CA S terminal subsystem returns feedback information by the data feedback channel of transmitted in both directions passage to digital television CA S front terminal system, and digital television CA S front terminal system receives feedback information, cancels issuing of corresponding encryption authorization information.
19, the authorization method that is applied to conditional receiver system of digital television according to claim 8 is characterized in that, this method further comprises:
Digital television CA S front terminal system regularly generates new continuity authorization message, utilizes the current communication key SessionKey of intelligent card corresponding CurEncrypt this continuity authorization message, and the continuity authorization message that will encrypt by the down going channel of transmitted in both directions passage is handed down to intelligent card corresponding;
Smart card receives the continuity authorization message of this encryption, utilizes current communication key SessionKey CurDeciphering obtains continuity and authorizes, the mandate concluding time in the updating memory, and return feedback information to digital television CA S front terminal system by the data feedback channel of transmitted in both directions passage.
20, the authorization method that is applied to conditional receiver system of digital television according to claim 19, it is characterized in that, when the continuity authorization message that described digital television CA S front terminal system will encrypt is handed down to smart card, the further employing specifies transmission number of times or maximum fixed time length to issue at most, send number of times or fixed time length at most in case reach described maximum appointment, just stop to issue after perhaps receiving feedback information.
CNB2007101765937A 2007-10-31 2007-10-31 A kind of conditional receiver system of digital television and application thereof Expired - Fee Related CN100544427C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2007101765937A CN100544427C (en) 2007-10-31 2007-10-31 A kind of conditional receiver system of digital television and application thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007101765937A CN100544427C (en) 2007-10-31 2007-10-31 A kind of conditional receiver system of digital television and application thereof

Publications (2)

Publication Number Publication Date
CN101141620A CN101141620A (en) 2008-03-12
CN100544427C true CN100544427C (en) 2009-09-23

Family

ID=39193319

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007101765937A Expired - Fee Related CN100544427C (en) 2007-10-31 2007-10-31 A kind of conditional receiver system of digital television and application thereof

Country Status (1)

Country Link
CN (1) CN100544427C (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102523503B (en) * 2011-12-19 2014-08-20 华为技术有限公司 Video-on-demand control method and relative device and system
CN103546781A (en) * 2012-07-16 2014-01-29 航天信息股份有限公司 Security control method and device of set-top box terminal
CN103248920A (en) * 2013-04-28 2013-08-14 北京视博数字电视科技有限公司 Authorization system, method and device of digital television network
CN104468825B (en) * 2014-12-26 2018-06-26 湖南华凯文化创意股份有限公司 Remote-authorization method and system
CN107517206A (en) * 2017-08-18 2017-12-26 北京北信源软件股份有限公司 A kind of method, apparatus of secure communication, computer-readable recording medium and storage control
CN109040092B (en) * 2018-08-17 2019-06-28 北京海泰方圆科技股份有限公司 Data random encrypting method and device
CN111298305A (en) * 2020-02-18 2020-06-19 上海联影医疗科技有限公司 Data synchronization method and system

Also Published As

Publication number Publication date
CN101141620A (en) 2008-03-12

Similar Documents

Publication Publication Date Title
US7305555B2 (en) Smart card mating protocol
US8761393B2 (en) Method and apparatus for providing secure internet protocol media services
US7568111B2 (en) System and method for using DRM to control conditional access to DVB content
AU755892B2 (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
JP4913989B2 (en) Broadcast digital data reception system
CN100544427C (en) A kind of conditional receiver system of digital television and application thereof
AU2004288307B2 (en) System and method for using DRM to control conditional access to broadband digital content
US9277259B2 (en) Method and apparatus for providing secure internet protocol media services
US8804965B2 (en) Methods for decrypting, transmitting and receiving control words, recording medium and control word server to implement these methods
US8615650B2 (en) Control-word deciphering, transmission and reception methods, recording medium and server for these methods
CN101505400A (en) Bi-directional set-top box authentication method, system and related equipment
KR20100069373A (en) Conditional access system and method exchanging randon value
JP2006518134A (en) Pay television systems associated with decoders and smart cards, rights revocation methods in such systems, and messages sent to such decoders
CN201830399U (en) Front end and client of conditional access system
US20240056651A1 (en) Digital rights management using a gateway/set top box without a smart card
KR102286784B1 (en) A security system for broadcasting system
CN101873468A (en) Digital television conditional access system, equipment and method
JP4536091B2 (en) Processing apparatus and processing method for conditional access system
EP3158769A1 (en) Method and apparatus for providing secure internet protocol media services
JP2007036380A (en) Receiver, cas module and distribution method
MXPA06005389A (en) Systems and methods for delivering pre-encrypted content to a subscriber terminal
ZA200100325B (en) Method and apparatus for secure communication of information between a plurality of digital audiovisual devices.

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090923

Termination date: 20201031