CN101499867B - Method for ciphering multimedia broadcast content - Google Patents
Method for ciphering multimedia broadcast content Download PDFInfo
- Publication number
- CN101499867B CN101499867B CN2008100071694A CN200810007169A CN101499867B CN 101499867 B CN101499867 B CN 101499867B CN 2008100071694 A CN2008100071694 A CN 2008100071694A CN 200810007169 A CN200810007169 A CN 200810007169A CN 101499867 B CN101499867 B CN 101499867B
- Authority
- CN
- China
- Prior art keywords
- information
- key
- mtk
- mobile phone
- phone terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a multimedia broadcast content encrypting method and comprises the following steps: 1. a cellphone terminal establishes a shared key with a cellphone television platform; 2. a user subscribes multimedia broadcast business, and the cellphone terminal obtains business guideline information, creates SA information and uses the shared key for decryption to obtain business key information; 3. the cellphone television platform creates own SA information, uses key information in the SA as a media transmission key MTK and an SPI value as an MTK ID value, adopts the business key to encrypt the MTK and sends the MTK to the cellphone terminal; 4. the cellphone terminal uses the business key to decrypt the received MTK information, and saves the MTK and the MTK ID value to theown SA; and 5. the cellphone television platform uses an IPSEC protocol and an ESP way in transmission mode to encrypt media stream information and adopts a broadcast way for sending the media streaminformation to the cellphone terminal. The multimedia broadcast content encrypting method of the invention adopts the combination of the IPSEC protocol and a three-layer key system, thus realizing the encryption of the media stream.
Description
Technical field
The present invention relates to multimedia technology field, relate in particular to a kind of method of ciphering content of multimedia broadcast.
Background technology
Multi-media broadcasting service is different with the interactive service of point-to-point mode; particularly aspect service protection; professional because the communication link of point-to-point mode is set up and is needed in the process user is carried out authentication; avoid disabled user's access service system; and the business of broadcast mode; content of multimedia adopts broadcast mode to send to mobile phone terminal; system side can not be carried out authentication to the mobile phone terminal of receiving multimedia information; cause occurring the problem of service protection aspect; at present; the solution that most normal structures adopt is the mode of hierarchical encryption; the media content that broadcast mode sends is by secret key encryption; the user need obtain key could use this media content, need just can obtain by the authentication of system side and the user obtains this key.Now common way is to adopt three layers of cipher key system to reach the effect of service security, just: ground floor: and initial key, can adopt mode such as to set in advance and generate; The second layer: business cipher key, the user need be by the business cipher key information that just can obtain behind the authentication being encrypted by initial key; The 3rd layer: media stream cryptographic key, the media stream cryptographic key that system side adopts the broadcast mode timed sending to upgrade, media stream cryptographic key is encrypted by business cipher key.After adopting three layers of above cipher key system, safety of multimedia broadcast service is guaranteed preferably.
IPSEC (Internet Protocol Security, the Internet protocol security) is based on IP (the Internet Protocol that shares the key realization, Internet Protocol) transport layer encryption system, being correlated with can be with reference to RFC (Request for Comments, request note) 4301.Under three layers of cipher key system, how Media Stream being encrypted is unusual important problem.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method of ciphering content of multimedia broadcast, under three layers of cipher key system, realizes the encipherment protection to Media Stream.
In order to address the above problem, the invention provides a kind of method of ciphering content of multimedia broadcast, comprise the steps:
Step 1 is finished the foundation of sharing key between mobile phone terminal and the television platform;
Step 2, the user orders multi-media broadcasting service, mobile phone terminal obtains business guide information, wherein comprise security policy information and Session Description Protocol SDP information, mobile phone terminal also obtains to share the business cipher key of secret key encryption, mobile phone terminal is created security association SA information, and the shared key of used for mobile phone terminal obtains business cipher key to the business cipher key deciphering of described encryption;
Step 3, television platform self is created SA information, wherein comprise Security Parameter Index SPI value and key information, television platform with the key information in the SA information as media stream cryptographic key MTK, the SPI value is identified MTK ID as multimedia broadcasting and multicast (MBMS) transmission security key, adopt business cipher key to encrypt MTK, adopt the multi-media network key to generate agreement MIKEY agreement described encryption MTK is sent to mobile phone terminal;
Step 4, the used for mobile phone terminal business cipher key obtains MTK to described encryption MTK deciphering, and MTK, MTK ID are saved in the SA information of self, and wherein MTK is as key information, MTK ID is as the SPI value, and mobile phone terminal is preserved consistent SA information with television platform;
Step 5, television platform is used the Internet protocol security IPSEC agreement, the ESP ESP mode encrypted media streams of transmission mode, adopts broadcast mode that encrypted media stream is sent to mobile phone terminal.
Further, said method also can have following characteristics, adopts the general framework GBA mode that progressively realizes to finish the foundation of sharing key in the described step 1 between mobile phone terminal and the television platform.
Further, said method also can have following characteristics, and in the described step 2, security policy information comprises cryptographic algorithm, key length, initial parameter; Comprise destination address, port numbers that Media Stream sends in the SDP information; In the destination address that mobile phone terminal sends security policy information, Media Stream, the SA information that port numbers is kept at its establishment.
Further, said method also can have following characteristics, in the described step 3, also comprises destination address information, port numbers, security policy information that Media Stream sends in the SA information that television platform is created.
Further, said method also can have following characteristics, step 6, mobile phone terminal receives encrypted media stream, the destination address, the port numbers that send according to SPI value, Media Stream navigate to corresponding SA information, and according to IPSEC regulation decrypt media stream, decoding playing media content on mobile phone terminal.
Therefore the method for the invention adopts the IPSEC agreement to combine with three layers of cipher key system, has realized the encryption to Media Stream.
Description of drawings
Fig. 1 is three layers of cipher key system structural representation of the embodiment of the invention;
Fig. 2 adopts the IPSEC agreement to carry out the flow chart of media stream privacy in the embodiment of the invention.
Embodiment
Main design of the present invention is under three layers of key framework, to adopt the IPSEC agreement that Media Stream is encrypted.
The IPSEC agreement has multiple parameter aspect media protection, IPSEC agreement and three layers of cipher key system are combined closely and realized encryption to Media Stream among the present invention.
Below in conjunction with drawings and Examples method of the present invention is further described in detail.
Embodiment
In three layers of cipher key system structure as shown in Figure 1, there are three groups of identical logical levels respectively in mobile phone terminal 101 with television platform 102, and each level is handled different key informations.The initial key layer, guarantee to preserve identical key information between the initial key layer by certain mechanism, adopt GBA (Generic Bootstrapping Architecture in the present embodiment, the general framework of progressively realizing) mode, this mode is defined in 3GPP (3rd Generation Partnership Project, third generation partner program) TS 33.220 standards.After the initial key layer is set up initial key, television platform 102 generates business cipher key, adopt initial key secure service key, and the business cipher key of encrypting is transferred to mobile phone terminal 101, after the business cipher key layer of mobile phone terminal 101 is received this information, adopt the initial key deciphering to obtain business cipher key, finish the synchronous of business cipher key layer; Equally, television platform 102 adopts business cipher key encrypted media stream secrete key to be sent to mobile phone terminal 101, and mobile phone terminal 101 adopts the business cipher key deciphering to obtain media stream cryptographic key, finishes the synchronous of media stream cryptographic key layer.
On the synchronous basis of above-mentioned three levels, be integrated into the IPSEC relevant information, can above-mentioned three layers synchronously after, the very natural media stream privacy transmission of carrying out the IPSEC agreement.
As shown in Figure 2, in the present embodiment, adopt the IPSEC agreement to carry out media stream privacy and need adopt following steps:
Step 201 adopts the GBA mode between mobile phone terminal and the television platform, finish the foundation of sharing key;
Here share the initial key of the corresponding three layers of cipher key system of key.
Step 202, the user orders multi-media broadcasting service, mobile phone terminal obtains business guide (ServiceGuide, be called for short SG) information, wherein comprise security strategy (security policy) information and SDP (Session Description Protocol, Session Description Protocol) information, wherein security policy information comprises cryptographic algorithm, key length, initial parameter etc., comprises destination address that Media Stream sends, port numbers etc. in the SDP information; By service order, mobile phone terminal also obtains to share the business cipher key information of secret key encryption, and mobile phone terminal is created SA (security association) information that IPSEC uses, and destination address, port numbers that security policy information, Media Stream are sent are kept among the SA; Used for mobile phone terminal is shared secret key decryption and is obtained business cipher key information;
In the user subscribes service process, television platform will be shared business cipher key information MSK (the MBMS Service Key of secret key encryption, the Multimedia Broadcast Multicast Service key) sends to the mobile phone terminal user, adopt MIKEY (Multimedia Internet Keying, the multi-media network key generates) agreement, wherein do not comprise security policy information, mobile phone terminal is preserved the MSK information after the deciphering.
Step 203, television platform self is created SA information, wherein comprise destination address information, port numbers, SPI (Security Parameter Index that Media Stream sends, Security Parameter Index) value, security policy information, key information etc., television platform with the key among the SA as media stream cryptographic key MTK (multimedia broadcasting and multicast MBMS Traffic Key), and the SPI value is worth as MTK ID (MBMS Traffic Key sign), television platform adopts business cipher key to encrypt MTK, adopts the MIKEY agreement to send to mobile phone terminal;
Step 204, the deciphering of used for mobile phone terminal business cipher key obtains MTK information, and MTK, MTKID value are saved among the SA, and wherein MTK is as key information, and MTK ID is as the SPI value, and like this, mobile phone terminal is preserved consistent SA information with television platform;
Step 205, television platform is used the Internet protocol security IPSEC agreement, ESP (Encapsulating Security Payload, ESP) the mode encrypted media stream information of transmission mode, adopts broadcast mode to send to mobile phone terminal;
Step 206, mobile phone terminal receive encrypted media stream, navigate to corresponding SA information according to SPI value, Media Stream destination address, port numbers, and according to IPSEC regulation decrypt media stream information, decoding playing media content on mobile phone terminal.
Should be understood that; concerning the those of ordinary skill in field, the technology of the present invention place; can be equal to accordingly according to technical scheme of the present invention and design thereof and change or replace, and all these changes or replacement, all should belong to the protection range of claims of the present invention.
Claims (5)
1. the method for a ciphering content of multimedia broadcast is characterized in that, comprises the steps:
Step 1 is finished the foundation of sharing key between mobile phone terminal and the television platform;
Step 2, the user orders multi-media broadcasting service, mobile phone terminal obtains business guide information, wherein comprise security policy information and Session Description Protocol SDP information, mobile phone terminal also obtains to share the business cipher key of secret key encryption, mobile phone terminal is created security association SA information, and the shared key of used for mobile phone terminal obtains business cipher key to the business cipher key deciphering of described encryption;
Step 3, television platform self is created SA information, wherein comprise Security Parameter Index SPI value and key information, television platform with the key information in the SA information as media stream cryptographic key MTK, the SPI value is identified MTK ID as multimedia broadcasting and multicast (MBMS) transmission security key, adopt business cipher key to encrypt MTK, adopt the multi-media network key to generate agreement MIKEY agreement described encryption MTK is sent to mobile phone terminal;
Step 4, the used for mobile phone terminal business cipher key obtains MTK to described encryption MTK deciphering, and MTK, MTK ID are saved in the SA information of self, and wherein MTK is as key information, MTK ID is as the SPI value, and mobile phone terminal is preserved consistent SA information with television platform;
Step 5, television platform is used the Internet protocol security IPSEC agreement, the ESP ESP mode encrypted media streams of transmission mode, adopts broadcast mode that encrypted media stream is sent to mobile phone terminal.
2. the method for claim 1 is characterized in that:
Adopt the general framework GBA mode that progressively realizes to finish the foundation of sharing key in the described step 1 between mobile phone terminal and the television platform.
3. the method for claim 1 is characterized in that:
In the described step 2, security policy information comprises cryptographic algorithm, key length, initial parameter; Comprise destination address, port numbers that Media Stream sends in the SDP information; In the destination address that mobile phone terminal sends security policy information, Media Stream, the SA information that port numbers is kept at its establishment.
4. the method for claim 1 is characterized in that:
In the described step 3, also comprise destination address information, port numbers, security policy information that Media Stream sends in the SA information that television platform is created.
5. as claim 1,3 or 4 described methods, it is characterized in that, also comprise:
Step 6, mobile phone terminal receive encrypted media stream, and the destination address, the port numbers that send according to SPI value, Media Stream navigate to corresponding SA information, and according to IPSEC regulation decrypt media stream, decoding playing media content on mobile phone terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100071694A CN101499867B (en) | 2008-02-02 | 2008-02-02 | Method for ciphering multimedia broadcast content |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100071694A CN101499867B (en) | 2008-02-02 | 2008-02-02 | Method for ciphering multimedia broadcast content |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101499867A CN101499867A (en) | 2009-08-05 |
| CN101499867B true CN101499867B (en) | 2010-12-08 |
Family
ID=40946762
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100071694A Expired - Fee Related CN101499867B (en) | 2008-02-02 | 2008-02-02 | Method for ciphering multimedia broadcast content |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101499867B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859741A (en) * | 2005-12-07 | 2006-11-08 | 华为技术有限公司 | Method and system for providing digital broadcast to roaming users |
| CN1878399A (en) * | 2005-11-29 | 2006-12-13 | 华为技术有限公司 | Method for carrying out encryption transfer on 2833 information in CDMA |
| CN1925671A (en) * | 2005-09-01 | 2007-03-07 | 华为技术有限公司 | Method for realizing system switch in encryption mode |
| CN101110672A (en) * | 2006-07-19 | 2008-01-23 | 华为技术有限公司 | Method and system for establishing ESP security alliance in communication system |
-
2008
- 2008-02-02 CN CN2008100071694A patent/CN101499867B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925671A (en) * | 2005-09-01 | 2007-03-07 | 华为技术有限公司 | Method for realizing system switch in encryption mode |
| CN1878399A (en) * | 2005-11-29 | 2006-12-13 | 华为技术有限公司 | Method for carrying out encryption transfer on 2833 information in CDMA |
| CN1859741A (en) * | 2005-12-07 | 2006-11-08 | 华为技术有限公司 | Method and system for providing digital broadcast to roaming users |
| CN101110672A (en) * | 2006-07-19 | 2008-01-23 | 华为技术有限公司 | Method and system for establishing ESP security alliance in communication system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101499867A (en) | 2009-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2436162B1 (en) | Trust establishment from forward link only to non-forward link only devices | |
| JP4927330B2 (en) | Method and apparatus for secure data transmission in a mobile communication system | |
| CN102036230B (en) | Method for implementing local route service, base station and system | |
| WO2008086714A1 (en) | A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system | |
| CN104683291B (en) | Session key negotiation method based on IMS system | |
| CN102088441A (en) | Data encryption transmission method and system for message-oriented middleware | |
| CN109995512A (en) | A kind of mobile security application method based on quantum key distribution network | |
| CN102905199B (en) | A kind of multicast service realizing method and equipment thereof | |
| CN101820624B (en) | Method and apparatus for security in a data processing system | |
| CN100364332C (en) | Method for protecting broadband video-audio broadcasting content | |
| CN100484266C (en) | Method for mobile terminal using content of service of broadcast/multicast | |
| CN100571133C (en) | The implementation method of media flow security transmission | |
| CN101488850B (en) | Method for ciphering content of multimedia broadcast | |
| CN101222324B (en) | Method and apparatus for implementing end-to-end media stream safety | |
| CN101425862B (en) | Mobile multimedia broadcast service operation management system and method | |
| CN101499867B (en) | Method for ciphering multimedia broadcast content | |
| CN101383673B (en) | Controlling method and system for mobile multimedia broadcast service | |
| CN101087188B (en) | MBS authentication secret key management method and system in wireless network | |
| CN101247218A (en) | Safety parameter negotiation method and device for implementing media stream safety | |
| JP2008066882A (en) | Encryption key distribution apparatus, and encryption key distribution method | |
| CN103427985B (en) | A kind of method that data encryption key is distributed to telecommunication terminal | |
| CN101420688B (en) | System and method for sharing content of mobile multimedia broadcast | |
| CN101729535B (en) | Implementation method of media on-demand business | |
| CN101483808B (en) | Method for ensuring safety of multimedia broadcast service | |
| CN101499866B (en) | Service cipher key transmitting method in multimedia broadcast service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101208 Termination date: 20180202 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |