CN101729253B - Multimedia broadcasting system and method - Google Patents
Multimedia broadcasting system and method Download PDFInfo
- Publication number
- CN101729253B CN101729253B CN200810173629.0A CN200810173629A CN101729253B CN 101729253 B CN101729253 B CN 101729253B CN 200810173629 A CN200810173629 A CN 200810173629A CN 101729253 B CN101729253 B CN 101729253B
- Authority
- CN
- China
- Prior art keywords
- information
- signature
- characteristic
- secure broadcast
- broadcast
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a multimedia broadcasting system and method and in particular relates to a method for providing safe broadcasting information in multimedia broadcasting information. The method comprises the following steps: extracting broadcast channel control information and service content characteristic from the multimedia broadcasting information; generating service content characteristic signature information according to the service content characteristic; generating safe broadcasting signature information according to the broadcast channel control information and the service content characteristic signature information; and generating safe broadcasting information according to the safe broadcasting signature information and the service content characteristic signature information, wherein the safe broadcasting information is inserted into the multimedia broadcasting information based on certain rules. The invention only needs to carry out digital signature on the characteristic information of the broadcasting contents, thereby effectively reducing the data calculation amount of data signature.
Description
Technical field
The present invention relates to digital television techniques, particularly relate to a kind of digital television broadcasting system and method.
Background technology
Along with the development of science and technology, digital television techniques has the advantages such as transmission quality is high, scope is wide, speed is fast because of it, and is widely used gradually.But, be the fail safe of how guarantee information, integrality and real-time along with digital television techniques produced problem.
Digital signature is the technology being used for strengthening Information Security comparatively common at present.Digital signature technology, refers to and carries out mathematic(al) manipulation to message, produces one group of particular data.When these group data transmit together with message, recipient can verify the identity of sender of the message, reaches the effect that similar traditional sense is signed.Common digital signature technology general asymmetric cryptographic algorithm realizes.Asymmetric cryptographic algorithm, refers to that encrypting messages and decrypt use different keys.Digital signature technology make use of this feature: signer uses secret encryption key to be encrypted message or the characteristic information, and the ciphertext obtained sends together with digital signature and message itself.Decruption key is openly supplied to recipient's use by signer simultaneously.During certifying signature, if the result that decrypted signature obtains is consistent with message, so attestation-signatures is really produced by the signer grasping encryption key; If inconsistent, then attestation-signatures is not from the signer be known as.
This asymmetrical feature of digital signature is generally based on unidirectional difficult math question.Due to the difficulty of these mathematical problems, cannot encryption key being recovered by decruption key or other public informations, therefore when lacking encryption key, digital signature cannot be forged to the message through distorting.So digital signature, except traditional proof of identification function, can also ensure the integrality of message.
In multi-media broadcasting system, if need to differentiate broadcasted content, the transmitting terminal (or front end) of broadcast system can to broadcasted content, such as video flowing, audio stream carry out digital signature, again by digital signature and broadcasted content multiplexing after be sent to user terminal, user terminal can normal play broadcasted content after certifying digital signature.But because radio data system has very high requirement for real-time, if digital signature will be carried out to broadcasted content, high performance treatment facility so must be used to complete the mass data computing in digital signature procedure, thus make high expensive, the stability reduction of whole multi-media broadcasting system.Moreover, because digital signature is very responsive to error code, when the wireless broadcast channel transmitting multimedia contents using the error rate higher, easily because normal channel error code causes terminal to play.
Given this, be necessary that providing a kind of can reduce the amount of calculation of digital signature and differentiate protection system to the insensitive multimedia broadcasting of error code.
Summary of the invention
For solving the problem, the invention provides a kind of multi-media broadcasting system and method, it is more insensitive and do not need the data signature computing carrying out big data quantity to error code.
In multimedia broadcasting information, provide a method for secure broadcast information, it comprises: the content characteristic extracting broadcast channel control information and business in multimedia broadcasting information; Content characteristic according to described business produces business tine characteristic signature information; Secure broadcast signing messages is produced according to described broadcast channel control information and described business tine characteristic signature information; And produce described secure broadcast information according to described secure broadcast signing messages and described business tine characteristic signature information, wherein said secure broadcast information will be inserted in described multimedia broadcasting information with certain rule, it is any one or more that the content characteristic of described business comprises in the initial reproduction time of described business, video number sub-cells, audio frequency number sub-cells, video unit length and audio unit length, and described broadcast channel control information is stored in the control information table of multiplexed frame.
The present invention provides again a kind of for providing the equipment of secure broadcast in multi-media broadcasting system, and it comprises: secure broadcast signing messages generation module, for applying signature to produce secure broadcast signing messages to the broadcast channel control information received; Business tine characteristic signature information-generation module, extracts business tine feature in the multimedia broadcasting information that certainly receives, and applies signature to produce business tine characteristic signature information to described business tine feature; And secure broadcast information combination module, for producing described secure broadcast information according to described secure broadcast signing messages and described business tine characteristic signature information; Wherein, it is any one or more that the content characteristic of described business comprises in the initial reproduction time of described business, video number sub-cells, audio frequency number sub-cells, video unit length and audio unit length, and described broadcast channel control information is stored in the control information table of multiplexed frame.
The present invention only needs to carry out digital signature to the characteristic information of broadcasted content, effectively reduces the data amount of calculation of data signature, is conducive to reducing identification system to the sensitivity of broadcast channel error code, and reduces the computation complexity of front terminal system and terminal.
Accompanying drawing explanation
Fig. 1 display be the transmission frame-form schematic diagram of one embodiment of the invention;
Fig. 2 display be the multiplexed sub frame structural representation of one embodiment of the invention;
Fig. 3 display be the form schematic diagram of the timestamp of one embodiment of the invention;
What Fig. 4 showed is the flow chart producing secure broadcast information according to one embodiment of the invention;
Fig. 5 display be extract and the flow chart of authenticating security broadcast message according to one embodiment of the invention;
Fig. 6 display be the schematic block diagram of the front terminal system of the multi-media broadcasting system of one embodiment of the invention; And
Fig. 7 shows the schematic block diagram that is the terminal of the multi-media broadcasting system of one embodiment of the invention.
Embodiment
For above and other object of the present invention, feature and advantage can be become apparent, cited below particularly go out preferred embodiment, and coordinate institute's accompanying drawings, be described in detail as follows.
The front terminal system of the multi-media broadcasting system of one embodiment of the invention obtains business tine characteristic signature information by carrying out digital signature to the content characteristic of business.On the other hand, front terminal system also can sign to obtain a secure broadcast signing messages to the control information of broadcast channel.This secure broadcast signing messages and business tine characteristic signature information are inserted in the transmission frame of broadcast channel according to certain rule by front terminal system.Corresponding extraction and inspection machine is provided with, to pass through legitimacy and the integrality of secure broadcast signing messages and business tine characteristic signature Information Authentication broadcasted content in the terminal of multi-media broadcasting system.Because the present invention only needs to carry out signature computing to the control information of channel and the content characteristic of business change, and non-business content itself (such as video, audio frequency or data itself), thus can lower operand and error code susceptibility.
Fig. 1 display be the structure of a kind of transmission frame TF for bearing multimedia broadcast content.Transmission is detectd TF and can be comprised multiple multiplexed frame MFO to MFn, each multiplexed frame MFO-MFn includes multiplex frame head MFH, multiplexed frame payload MFP and filler cells MFS, as: multiplexed frame MFO comprises multiplex frame head MFH 0, multiplexed frame payload MFP 0 and filler cells MFS 0, multiplexed frame MFi comprises multiplex frame head MFH i, multiplexed frame payload MFP i and filler cells MFS i, and the structure of all the other multiplexed frames by that analogy.
The control information of multimedia broadcast contents, such as broadcast channel control information, generally be stored in the control information table CITO to CITk-1 of multiplexed frame MFO, concrete broadcasted content (business tine) is then placed in all the other multiplexed frames (also can be called traffic frame).For example, the control information table of this enforcement can comprise network information table, the multiplexing allocation list of sustained traffic, sustained traffic allocation list, short-period service duplexing configuration list and short time service allocation table.As persons skilled in the art understood, the channel of broadcast channel and multiplexing control information is contained in above-mentioned control information table, terminal is normal play broadcasted content if desired, the broadcast message that the channel in control information table and multiplexing control information must be used to come rectification and demultiplexing front terminal system send.The secure broadcast information that the present invention produces, can be used as a kind of special control information table to transmit in multiplexed frame MFO, as being placed in h control information table CITh, also transmit by other multiplexed frames, as being placed in the multiplexed sub frame SMFi of multiplexed frame payload MFPi.
Because the structure of the multiplexed frame (i.e. multiplexed frame MF1 ~ MFn) in transmission frame TF except multiplexed frame MFO is all identical, only illustrate for multiplexed frame MFi thus.Multiplexed frame MFi is made up of multiplex frame head MFHi, the quiet lotus MFPi of multiplexed frame and filling MFSi, and multiplexed frame quiet lotus MFPi includes multiple multiplexed sub frame, such as multiplexed sub frame SMFO ~ SMFn.Figure 2 shows that the structural representation of the multiplexed sub frame of one embodiment of the invention.Subframe head ZZH is comprised, video-data fragment ZZV, audio data section ZZA and data segment ZZD for the multiplexed sub frame SMFn shown in Fig. 1, multiplexed sub frame SMFn.Wherein subframe head ZZH can comprise the fields such as initial reproduction time, video-frequency band instruction, audio section instruction, data segment instruction and CRC.Video-frequency band instruction, audio section instruction and data segment instruction are respectively used to identify this multiplexed sub frame and whether comprise video information, audio-frequency information or clear data information.Video-data fragment ZZV is made up of the video unit VD of video paragraph header VH and carrying video data, audio data section ZZA is made up of the audio unit AD of audio frequency paragraph header AH and carrying voice data, and data segment ZZD then comprises the data cell DD of data segment header DH and carrying clear data content (such as condition reception information).Video unit VD, audio unit AD and data cell DD are all likely made up of multiple subelement.For example, video unit VD can include video subelement VDO ~ VDn.Furthermore, video paragraph header VH comprises the video-frequency band length VHO of length, the parameter VH1 of video unit and CRC (cyclic redundancy check (CRC) code) the field VH2 of mark video paragraph header.The video unit length VH10 of the length value of mark video unit VD is at least included and other are for identifying the parameter VH11 of the attribute of video unit in the parameter VH1 of video unit.Audio frequency paragraph header AH includes the audio frequency subelement number AH0 of the number of the subelement comprised for identification audio unit AD, the parameter AH1 of audio unit and crc field AH2.Wherein, the parameter AH1 of audio unit at least comprises audio unit length AH10 and is used for other parameter AH11 of other attributes of description audio section AH1.Similar with audio frequency paragraph header AH, data segment header DH includes data sub-element number DH0, the parameter DH1 of data cell and crc field DH2.The parameter DH1 of data cell includes data unit length DH10 and other parameter DH11.
In the present embodiment, the multiplexed sub frame that transmission frame TF comprises can be respectively used to the corresponding service carrying broadcasted content.For example, the multiplexed sub frame SMF0 ~ SMF2 of multiplexed frame MFi, is respectively used to carry the business 0 ~ 2 in broadcasted content, the TV programme of such as CCTV1, CCTV2 and CCTV3.Therefore, the business that each of the transmission frame TF of the present embodiment is used for carrying broadcasted content can have a corresponding business tine characteristic signature information, these business tine characteristic signature information can disperse to be placed in corresponding multiplexed sub frame, also can correspond to multiple business tine characteristic signature information aggregates of the multiplexed sub frame of same multiplexed frame together as the exclusive multiplexed sub frame of a particular service, or all business tine characteristic signature information aggregates are placed in secure broadcast information together transmit.The particular location of business tine characteristic signature information can define in control information table, or can carry out clear and definite specification by standard or industry standard, makes terminal can extract the business tine characteristic signature information of business to be broadcast to assigned address according to specification.Be known owing to placing business tine characteristic signature information relative to persons skilled in the art according to above-mentioned various mode, therefore no longer describe in detail.It should be noted that, no matter whether business tine characteristic signature information puts together with secure broadcast signing messages, and secure broadcast information logically can be interpreted as and comprise business tine characteristic signature information and secure broadcast signing messages.
In one embodiment of the invention; extract for convenience of terminal and checking business tine characteristic signature; this broadcasted content feature protection information to produce broadcasted content feature protection information, and is placed in the extra data segment of secure broadcast information and transmits by the business tine characteristic signature information of front terminal system in combination business.Secure broadcast information to one embodiment of the invention, broadcasted content feature protection information and business tine characteristic signature object are carried out exemplary explanation, better to understand technology contents of the present invention below.
In one embodiment of the invention, secure broadcast packets of information is containing signed by timestamp, secure broadcast configuration information, extra data segment attribute information and secure broadcast the secure broadcast signing messages and extra data segment that form.
Wherein, timestamp is for identifying the generation time of secure broadcast data, and concrete structure as shown in Figure 3.Wherein, the time calculated from 2000; Sequence number identifies the order of timestamp in same second, and terminal can use this timestamp to prevent Replay Attack.
Secure broadcast configuration information for describing attribute and the control information of this secure broadcast information, such as, can comprise: mark, for identifying secure broadcast information; Version number, for identifying the version number of secure broadcast information data structure; Network information table protection mark, should comprise network information table when representing and calculate digital signature, if be 0, then represent and do not comprise; Sustained traffic multiplexing allocation list protection mark, if this parameter is 1, should comprises sustained traffic multiplexing allocation list when representing and calculate digital signature, if be 0, then represent and do not comprise; Sustained traffic allocation list protection mark, if this parameter is 1, should comprises sustained traffic allocation list when representing and calculate digital signature, if be 0, then represent and do not comprise; Short-period service duplexing configuration list protection mark, if this parameter is 1, should comprises short-period service duplexing configuration list when representing and calculate digital signature, if be 0, then represent and do not comprise; Short time service allocation table protection mark, if this parameter is 1, should comprises short time service allocation table when representing and calculate digital signature, if be 0, then represent and do not comprise.
Extra data segment is usually located at the last part of secure broadcast information, is used for carrying other information except secure broadcast configuration information and timestamp, such as broadcasted content feature protection information.Extra data segment attribute information can comprise the sum being used to refer to additional information section additional information hop count amount, be used for the type identifying additional information section additional information segment identification and be used to refer to the additional information segment length of length of additional information section.
Secure broadcast signature is the result to control information table, secure broadcast configuration information, timestamp and extra data segment attribute information signature.Specifically need that signature is carried out to which control information table and can carry out concrete regulation by secure broadcast configuration information; such as only need to sign to network information table, the multiplexing allocation list of sustained traffic; network information table protection mark then in secure broadcast configuration information and sustained traffic protection are designated 1, and the protection of other three allocation lists is designated 0.
In one embodiment of the invention, the broadcasted content feature protection information including multiple business tine characteristic signature information puts into secure broadcast information as an extra data segment to transmit.Specifically, refer to shown in table 1, broadcasted content feature protection information can be made up of system protection configuration information, service protection configuration information and business tine characteristic signature.Wherein, service protection configuration information and business tine characteristic signature form business tine characteristic signature information jointly.In the present embodiment, system protection configuration information comprises: transmission frame postpones, identify the transmission frame corresponding to business tine characteristic signature information that this broadcasted content feature protection information section comprises, such as, if be 1, then identify the feature that this message segment is last transmission frame, the value that this transmission frame postpones can be set in the control information by configuration server; And number of services, represent the number of the business that described transmission frame carries, this information can obtain by the control information table of multiplexed frame MF0.Service protection configuration information is then for describing the attribute information of corresponding business respectively, and it can comprise: service identification, and which business is the information of mark thereafter described by each field correspond to; Initial reproduction time, represents the initial reproduction time of the multiplexed sub frame that this business is corresponding; As multiplexed sub frame frame head does not comprise initial reproduction time, this field should be 0, and this field is used for the content characteristic information of synchronized broadcasting content and business; Whether video protection mark, comprise video unit length list when mark calculates the business tine characteristic signature corresponding to this business, and 1 expression comprises, and 0 expression does not comprise; And audio frequency protection identifies, whether comprise audio unit length list when mark calculates the business tine characteristic signature corresponding to this business, 1 expression comprises, and 0 expression does not comprise.Table 1 is depicted as the composition of the broadcasted content feature protection information of one embodiment of the invention.
Table 1 broadcasted content feature protection information
| Grammer | Figure place |
| Broadcasted content feature protection information () |
| Retain transmission frame deferred traffic quantity (n) for (i=0; I < n; I++) { service identification initial reproduction time video protection identification audio protection mark retains if (video protection mark==1|| audio frequency protection mark==1) { business tine characteristic signature } } } | 448 1632116 is variable |
Business tine characteristic signature is used to the data integrity in terminal authentication corresponding business tine feature.In one embodiment of the invention; as shown in table 2, the object of the business tine characteristic signature of business can comprise: for the content characteristic of the timestamp of synchronous safety broadcast message and broadcasted content characteristic signature, system protection configuration information, service protection configuration information and this business.For example, system protection configuration information comprises transmission frame and postpones and number of services, and service protection configuration information comprises service identification, initial reproduction time, video protection mark and audio frequency protection mark.The content characteristic of business should be the information of the attribute of the content real-time change that can embody this business, the such as length of initial reproduction time, specific fields or the content etc. of specific fields, and concrete selection is carried out signature to which attribute information and can be set as required.In the present embodiment, the content characteristic of business includes: video number sub-cells, represents the sum of video subelement in the multiplexed sub frame that service identification is corresponding; Audio frequency number sub-cells, represents the sum of the multiplexed sub frame sound intermediate frequency subelement that service identification is corresponding; Video unit length, represent the length of video unit, unit is byte; And audio unit length, represent the length of audio unit, unit is byte.As shown in Figure 2, above-mentioned every terms of information by reading the video paragraph header of multiplexed sub frame corresponding to this business, audio frequency paragraph header obtains or carrying out simple operation according to the information of video paragraph header and audio frequency paragraph header can obtain.Table 2 is depicted as the signature object of the business tine characteristic signature of one embodiment of the invention.
Table 2 business tine characteristic signature object
| Grammer | Figure place |
| { timestamp retains transmission frame deferred traffic quantity (n) service identification initial reproduction time video protection identification audio protection mark and retains if (video protection mark==1) { video unit quantity (Vn) for (j=0 signature object (); J < Vn; J++) { video unit length | 404481632116 8 16 |
| If (audio frequency protection mark==1) { audio unit quantity (An) for (j=0; J < An; J++) { audio unit length } } } | 8 16 |
It should be noted that; the description of above-mentioned regarding safety broadcast message, broadcasted content feature protection information and business tine characteristic signature object is exemplary; in the application of reality, can reconfigure or do adaptive increase according to use situation or delete.For example, business tine characteristic signature object can not comprise initial reproduction time, timestamp, also can add the information that data sub-element number and audio unit length etc. could represent or reflect the content characteristic that corresponding service constantly changes.On the other hand, if the business tine characteristic signature information of each business is all separated in corresponding multiplexed sub frame, then can comprises system protection configuration information in business tine characteristic signature information and also can not comprise system protection configuration information.If do not comprise, then system protection configuration information can be placed in the extra data segment of secure broadcast information or be placed in control information table.
The flow process of one embodiment of the invention generation and authenticating security broadcast message is described below with reference to Fig. 4 and Fig. 5.
Fig. 4 illustrates that front terminal system inserts the flow chart of the step of secure broadcast information in broadcast service content.First, in step S401, front terminal system produces the timestamp shown in Fig. 3, to identify the generation time of secure broadcast data according to system's real-time clock.Then, in step S402, front terminal system acceptance broadcast channel control information (i.e. the above-mentioned control information table be carried in multiplexed frame MF0).Subsequently, in step S403, the first front end private key according to being stored in front terminal system carries out signature computing to produce secure broadcast signature to timestamp and broadcast channel control information.Certainly, secure broadcast signature object also can include secure broadcast configuration information, such as, indicate, the protection mark of version number and corresponding control information table.If adopt variable front end private key to carry out signature computing, then secure broadcast configuration information also should comprise the front end PKI index of the PKI that marking terminal should use when authenticating security broadcasting multisignatures, and front end PKI is normally transferred to terminal with the form of front-end certificate.In the present embodiment, front-end certificate can be carried in extra data segment and transfer to terminal.Owing to also needing composite service content characteristic to sign when producing secure broadcast information in the subsequent step of the present embodiment, thus secure broadcast signature object can also comprise the attribute information of extra data segment, such as extra data segment quantity, additional data segment length and additional data segment identification.Moreover, if business tine characteristic signature information and secure broadcast signing messages separated, then secure broadcast signature object can comprise and represent whether business tine characteristic signature information is packaged in the existence mark in extra data segment and represents the field of business tine characteristic information length.After acquisition secure broadcast signature, perform step S404, front terminal system extracts the content characteristic of each business in broadcast service content, the video number sub-cells of such as this business, audio frequency number sub-cells, video unit length and audio unit length.Then, in step S405, the second front end private key according to being stored in front terminal system carries out signature computing to produce multiple business tine characteristic signature to the content characteristic of each business respectively.In fact; as previously mentioned; the signature object of business tine characteristic signature can also comprise the timestamp, the system protection configuration information that produce in step S401 except the content characteristic of business; such as transmission frame delay and number of services and service protection configuration information, such as service identification, initial reproduction time, video protection mark, video protection mark etc.After step S405, front terminal system performs step S406, and assembly time stamp, secure broadcast signing messages and business tine characteristic signature information are to produce secure broadcast information.For persons skilled in the art; if readily understand, the signature object when step S403 and step S405 produces secure broadcast signature and business tine characteristic signature includes extra data segment attribute information and configuration information; i.e. secure broadcast configuration information, system protection configuration information and service protection configuration information; then also should combine above-mentioned configuration information when producing secure broadcast information, to make terminal can authenticating security broadcasting multisignatures and business tine characteristic signature.After step S406, front terminal system performs step S407, multiplexing and launch control information, secure broadcast information and broadcast service content.
Refer to Fig. 5, Fig. 5 is the flow chart of the step that terminal extraction and authenticating security broadcast message are described.
First, in step S501, the channel code stream that end-on receives carries out de-multiplex operation, to extract broadcast channel control information (step S502) and secure broadcast information (S503).Certainly, broadcast channel control information is not likely often change, thus can be preset at terminal or the broadcast channel control information of receive first transmission frame be stored upon actuation, and need not again extract from channel code stream.Then, terminal performs step S504, judges whether secure broadcast information exists and legal.In the present embodiment, from the following aspects, terminal can judge whether secure broadcast signing messages exists and legal: the frequency point information multiplexed frame and whether actual to receive frequency consistent; Whether secure broadcast information exists and form is correct; Whether the timestamp in secure broadcast information is later than the timestamp received; The time of reception interval of twice timestamp and the interval of timestamp own consistent; Timestamp and terminal system time do not have comparatively big error; And secure broadcast signature is correct.If above-mentioned any one verify unsuccessfully, then think secure broadcast information by verification.Whether when verifying secure broadcast signature and being correct, whether terminal can utilize the first front-end certificate including the first front end PKI to carry out authenticating security broadcasting multisignatures to match with secure broadcast signature object (i.e. broadcast channel control information and the secure broadcast information extracted).Specifically how to carry out authenticating security broadcasting multisignatures by above-mentioned three information, belong to the common practise of persons skilled in the art, no longer describe in detail herein.If by above-mentioned several verifications judge secure broadcast information exist and legal, then perform step S505, otherwise, then perform step S513, stop play broadcasted content.In step S505, terminal extracts business tine characteristic signature information in secure broadcast information or other message segments.In step S506, the business tine characteristic signature information that terminal judges extracts is (if comprise multiple business/program, then the business tine characteristic signature information of these business all should be extracted) whether comprise the business tine characteristic signature information of business to be played (program), namely judge whether to need in business tine characteristic signature information the service identification of play service and/or the business tine characteristic signature corresponding with this service identification.If the business tine characteristic signature packets of information extracted contains the business tine characteristic signature information of business to be played, then perform step S507, otherwise perform step S513, stop broadcast program.In step s 507, terminal extracts the content characteristic of program to be broadcast in the broadcast service content received, and the front terminal systems such as such as video number sub-cells, audio frequency number sub-cells, video unit length and audio unit length also need the content characteristic extracted when producing business tine characteristic signature.Subsequently, terminal performs step S508, S512 and S509, to verify the business tine characteristic signature information corresponding to program to be broadcast.Specifically, terminal is in step S508, CRC check is carried out to the content characteristic corresponding to this program to be broadcast, namely CRC check is carried out whether there is transmission error code in the content characteristic judging program to be broadcast to multiplexed sub frame head, video paragraph header, audio frequency paragraph header and data segment header.If CRC check mistake, then think this business content characteristic in there is transmission error code, and perform step S512, continue the error code judging whether to occur continuous certain hour (such as 3 seconds), if so, then perform step S513 and stop broadcast program.If in step S512, not yet there is the error code of continuous certain hour, then perform step S511, normal play program.If in step S508, there is not transmission error code in the content characteristic of the business to be played that terminal receives, then perform step S509, utilize the second front-end certificate including the second front end PKI being stored in terminal, business tine characteristic signature and business tine characteristic signature object (the i.e. content characteristic of program to be broadcast, system protection configuration information and the service protection configuration information corresponding to program to be broadcast) judge that whether business tine characteristic signature is by checking, if be verified, broadcast program (step S511), otherwise stop broadcast program (step S513).It should be noted that, the terminal described in one embodiment of the invention can not show or play any content from broadcast message when stopping broadcast program.
The front terminal system of the multi-media broadcasting system of one embodiment of the invention and the structured flowchart of terminal are described below with reference to Fig. 6 and Fig. 7.
In the present embodiment, multi-media broadcasting system 100 is made up of front terminal system 600, channel (not shown) and the terminal 700 that is coupled to channel.As shown in Figure 6, the front terminal system 600 of one embodiment of the invention comprises secure broadcast signing messages generation module 610, business tine characteristic signature information-generation module 620, certificate control module 630, secure broadcast information combination module 640 and Multiplexing Unit 650.
Certificate control module 630 is for providing the related control information of the first front-end certificate and the second front-end certificate and first, second front-end certificate (upgrade and cancel) to secure broadcast signing messages generation module 610 and secure broadcast information combination module 640.For simplified illustration, in the present embodiment, hypothesis can upgrade or cancel for the first front end PKI of authenticating security broadcasting multisignatures, and for verifying that the second front end PKI of business tine characteristic signature does not need to upgrade, front terminal system 600 is broadcasted once.So, when the first front-end certificate needs renewal or when cancelling, certificate control module 630 needs to export the related control information (such as front end mark and front end PKI index) of the first front-end certificate and/or the second front-end certificate to secure broadcast signing messages generation module 610 and secure broadcast information combination module 640.
Secure broadcast signing messages generation module 610 is made up of timestamp generation unit 612, secure broadcast signature generation unit 614 and the first secret key storing unit 616.Timestamp generation unit 612 produces a timestamp according to real-time clock, and this timestamp is sent to secure broadcast signature generation unit 614.The form of timestamp as shown in Figure 3, and describes front, thus omits herein.Secure broadcast signature generation unit 614 is the timestamp sent of time of reception stamp generation unit 612 not only, other secure broadcast signature object outside the first front end private key also needing reception first secret key storing unit 616 to send and timestamp, such as broadcast channel control information (i.e. the foregoing control information table be carried in multiplexed frame MF0), secure broadcast configuration information, certificate control module 630 send first, the business tine characteristic signature information that second front-end certificate and/or certificate control information and business tine characteristic signature information-generation module 620 are sent, to produce secure broadcast signing messages.
Business tine characteristic signature information-generation module 620 includes the second secret key storing unit 622, characteristic signature information creating unit 624 and Content Feature Extraction unit 626.Second secret key storing unit 622 is for storing and exporting the second front end private key to characteristic signature information creating unit 624.Content Feature Extraction unit 626 such as, for extracting the content characteristic that can show the fast-changing attribute of content of each business (program), video number sub-cells, audio frequency number sub-cells, video unit length, audio unit length etc. in the broadcast service content received.Characteristic signature information creating unit 624 for carrying out signature computing to produce the business tine characteristic signature of corresponding service according to the second front end private key to business tine characteristic signature object, and combines these business tine characteristic signatures and characteristic information relaying configuration to produce business tine characteristic signature information.In the present embodiment, business tine characteristic signature object is business tine feature and characteristic information relaying configuration.Characteristic information relaying configuration and above-mentioned system protection configuration information; as transmission frame delay, number of services; and correspond to the service protection configuration information of each business, as information such as service identification, initial reproduction time, video protection mark, audio frequency protection marks.Number of services also can be obtained in broadcast service content by Content Feature Extraction unit 626.
Secure broadcast information combination module 640 is for being secure broadcast information by the certificate of reception, secure broadcast signing messages and business tine characteristic signature information combination, and wherein business tine characteristic signature information and certificate are placed in the extra data segment of secure broadcast information.
Multiplexing Unit 650 for receiving broadcast service content and secure broadcast information, with multiplexing according to certain rule and launch broadcast service content and secure broadcast information.
Figure 7 shows that the schematic block diagram of the receiving terminal of one embodiment of the invention.As shown in Figure 7, terminal 700 comprises demultiplexing unit 710 and correction verification module 720.The channel code stream that demultiplexing unit 710 is launched for self-channel receiving front-end subsystem 600, and in self-channel code stream, extract the business tine characteristic signature information of each business, secure broadcast information and broadcast service content.Correction verification module 720 for verifying business tine characteristic signature information and secure broadcast information, and determines whether play broadcast service content according to check results.
Correction verification module 720 comprises secure broadcast Information Authentication unit 721, certificate storage unit 722, characteristic signature Information Authentication unit 723, feature extraction unit 724, first switch element 727 and second switch unit 728.Certificate storage unit 722 is for exporting the first front-end certificate and the second front-end certificate to secure broadcast Information Authentication unit 721 and characteristic signature Information Authentication unit 723, comprise the first front end PKI corresponding with the first front end private key in first front-end certificate, in the second front-end certificate, comprise the second front end PKI corresponding with the second front end private key.Secure broadcast Information Authentication unit 721 for receiving the first front-end certificate, broadcast channel control information and secure broadcast information, and judge whether secure broadcast signing messages exists and legal, the respective description of step please refer to the drawing 5 of concrete checking.Secure broadcast Information Authentication unit 721 also sends according to the result the state that one first control signal controls the first switch element 727.For example, if secure broadcast information does not exist or illegal, then send the first control signal that value is " 1 " and make the first switch element 727 be in off-state, broadcast any content from broadcast channel to stop terminal 700.If secure broadcast information have passed checking, then secure broadcast Information Authentication unit 721 can send the first control signal that value is " 0 ", make feature extraction unit 724 can extract the content characteristic of business/program to be played in broadcast service content, such as video number sub-cells, audio frequency number sub-cells, video unit length and audio unit length.Characteristic signature Information Authentication unit 723 for receiving the second front-end certificate, the content characteristic of business to be broadcast and the business tine characteristic signature information of each business, and judges whether the content characteristic signing messages of business to be broadcast exists and correct.Furthermore, characteristic signature Information Authentication unit 723 comprises characteristic signature authentication unit 725 and strategy control unit 726.Characteristic signature authentication unit 725 is for judging the business tine characteristic signature information whether comprising program to be broadcast in the business tine characteristic signature information that receives, and the second front-end certificate that certificate of utility memory cell 722 sends verifies whether the business tine characteristic signature of business to be played matches with signature object (content characteristic of business to be played and characteristic information relaying configuration).Its concrete verification step corresponding paragraph in Figure 5 has explanation, no longer repeats herein.Strategy control unit 726 carries out CRC check for the content characteristic treating the business of broadcasting, and namely reads the multiplexed sub frame head of business to be played, video paragraph header, audio frequency paragraph header and data segment header, and carries out CRC check.The result exported according to CRC check result and characteristic signature authentication unit 725 is controlled the state of second switch unit 728 by strategy control unit 726.For example, if do not comprise the characteristic signature information of business to be played in business tine characteristic signature information, then send the second control signal that value is " 1 " and make second switch unit 728 be in off-state, avoid terminal 700 to broadcast broadcast service content; If comprise the correlated characteristic signing messages of business to be played in business tine characteristic signature information and match with the content characteristic of business to be played, then output valve is that second control signal of " 0 " makes second switch unit 728 be in closure state, impels terminal 700 to broadcast broadcast program; If comprise the correlated characteristic signing messages of business to be played in business tine characteristic signature information but do not mate with the content characteristic of business to be played, and the success of the content characteristic CRC check of business to be broadcast, then output valve be " 1 " second control signal to second switch unit 728, make terminal 700 stop broadcasting program broadcast; And comprise the correlated characteristic signing messages of business to be played in business tine characteristic signature information but do not mate with the content characteristic of business to be played, if above-mentioned CRC check mistake, and there is certain hour (such as 3 seconds) continuously in this kind of situation, then output valve is that second control signal of " 1 " makes second switch unit 728 disconnect, if above-mentioned CRC check mistake, but this kind of situation does not continue this certain hour, then output valve is that second control signal of " 0 " carrys out closed second switch unit 728, makes terminal 700 can program content playing.
The foregoing is only present pre-ferred embodiments; so itself and be not used to limit scope of the present invention; anyone familiar with this technology; without departing from the spirit and scope of the present invention; can do on this basis and further improve and change, the scope that therefore protection scope of the present invention ought define with claims of the application is as the criterion.
Claims (11)
1. a method for secure broadcast information is provided in multimedia broadcasting information, it is characterized in that, comprising:
The content characteristic of broadcast channel control information and business is extracted in multimedia broadcasting information;
Content characteristic according to described business produces business tine characteristic signature information;
Secure broadcast signing messages is produced according to described broadcast channel control information and described business tine characteristic signature information; And
Described secure broadcast information is produced according to described secure broadcast signing messages and described business tine characteristic signature information, wherein said secure broadcast information will be inserted in described multimedia broadcasting information with certain rule, it is any one or more that the content characteristic of described business comprises in the initial reproduction time of described business, video number sub-cells, audio frequency number sub-cells, video unit length and audio unit length, and described broadcast channel control information is stored in the control information table of multiplexed frame.
2. the method providing secure broadcast information in multimedia broadcasting information according to claim 1, is characterized in that, the step that the content characteristic according to described business produces this business tine characteristic signature information comprises further:
Receive the characteristic information relaying configuration of described business;
Digital signature is applied to produce business tine characteristic signature to the content characteristic of described characteristic information relaying configuration and described business; And
Combine described business tine characteristic signature and described characteristic information relaying configuration to produce described business tine characteristic signature information.
3. the method that secure broadcast information is provided in multimedia broadcasting information according to claim 2, it is characterized in that, the signature object of described business tine characteristic signature also comprises timestamp, for identifying the time that described business tine characteristic signature produces, wherein said timestamp is contained in described secure broadcast signing messages.
4. the method providing secure broadcast information in multimedia broadcasting information according to claim 2, is characterized in that, it is one or more that the characteristic information relaying configuration of described business comprises in the following:
Transmission frame postpones, for identifying the transmission frame corresponding to business tine characteristic signature information that described secure broadcast information comprises;
Number of services, for representing the number of the business that described transmission frame carries;
Service identification, for identifying the business corresponding to described business tine characteristic signature;
Video protection identifies, and whether comprises video unit length information during for being identified at and calculating described business tine characteristic signature; And
Whether audio frequency protection mark, comprise audio unit length information during for being identified at and calculating described business tine characteristic signature.
5. the method that secure broadcast information is provided in multimedia broadcasting information according to claim 1, it is characterized in that, the step producing secure broadcast signing messages according to described broadcast channel control information and described business tine characteristic signature information comprises further:
According to real-time clock generation time stamp, for identifying the time that described secure broadcast information produces;
Receive secure broadcast configuration information;
Obtain the length of described business tine characteristic signature information;
Signature computing is carried out to produce secure broadcast signature to the length of described broadcast channel control information, timestamp, secure broadcast configuration information and business tine characteristic signature information; And
According to the length of described secure broadcast signature, timestamp, secure broadcast configuration information and business tine characteristic signature information to produce described secure broadcast signing messages.
6. the method providing secure broadcast information in multimedia broadcasting information according to claim 5, is characterized in that, it is one or more that described secure broadcast configuration information comprises in the following:
Mark, for identifying described secure broadcast information;
Version number, for identifying the version number of described secure broadcast information;
Control information table protection mark, the broadcast channel control information that should comprise during for being identified at and calculating described secure broadcast signature.
7. for providing an equipment for secure broadcast in multi-media broadcasting system, it is characterized in that, comprising:
Secure broadcast signing messages generation module, for applying signature to produce secure broadcast signing messages to the broadcast channel control information received;
Business tine characteristic signature information-generation module, extracts business tine feature in the multimedia broadcasting information that certainly receives, and applies signature to produce business tine characteristic signature information to described business tine feature; And
Secure broadcast information combination module, for producing described secure broadcast information according to described secure broadcast signing messages and described business tine characteristic signature information;
Wherein, it is any one or more that described business tine feature comprises in the initial reproduction time of described business, video number sub-cells, audio frequency number sub-cells, video unit length and audio unit length, and described broadcast channel control information is stored in the control information table of multiplexed frame.
8. according to claim 7ly it is characterized in that for providing the equipment of secure broadcast in multi-media broadcasting system, described business tine characteristic signature information-generation module comprises:
Content Feature Extraction unit, for extracting described business tine feature in described multimedia broadcasting information; And
Characteristic signature information creating unit, for receive feature information protection configuration, and utilizes the second front end private key to apply signature to produce business tine characteristic signature to described characteristic information relaying configuration and described business tine feature,
Wherein, described characteristic signature information creating unit combines described business tine characteristic signature and described characteristic information relaying configuration to obtain described business tine characteristic signature information.
9. according to claim 8ly it is characterized in that for providing the equipment of secure broadcast in multi-media broadcasting system, it is one or more that the characteristic information relaying configuration of described business comprises in the following:
Transmission frame postpones, for identifying the transmission frame corresponding to business tine characteristic signature information that described secure broadcast information comprises;
Number of services, for representing the number of the business that described transmission frame carries;
Service identification, for identifying the business corresponding to described business tine characteristic signature;
Video protection identifies, and whether comprises video unit length information during for being identified at and calculating described business tine characteristic signature; And
Whether audio frequency protection mark, comprise audio unit length information during for being identified at and calculating described business tine characteristic signature.
10. according to claim 7ly it is characterized in that for providing the equipment of secure broadcast in multi-media broadcasting system, described secure broadcast signing messages generation module comprises:
Timestamp generation unit, for according to real-time clock generation time stamp, described timestamp is used for identifying the time that described secure broadcast information produces; And
Secure broadcast signature generation unit, for receiving described broadcast channel control information and secure broadcast signature configuration information, and utilize the first front end private key to described timestamp, broadcast channel control information, secure broadcast signature configuration information and business tine characteristic signature information length apply signature with produces secure broadcast sign
Wherein, described secure broadcast signature generation unit combines the length of described secure broadcast signature, timestamp, secure broadcast configuration information and business tine characteristic signature information to produce described secure broadcast signing messages.
11. is according to claim 7 for providing the equipment of secure broadcast in multi-media broadcasting system, it is characterized in that, also comprise the Multiplexing Unit being coupled to described secure broadcast signing messages generation module, business tine characteristic signature information-generation module and secure broadcast information combination module, for described secure broadcast signing messages and business tine feature are inserted described multimedia broadcasting information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810173629.0A CN101729253B (en) | 2008-11-03 | 2008-11-03 | Multimedia broadcasting system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810173629.0A CN101729253B (en) | 2008-11-03 | 2008-11-03 | Multimedia broadcasting system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101729253A CN101729253A (en) | 2010-06-09 |
| CN101729253B true CN101729253B (en) | 2015-05-06 |
Family
ID=42449533
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810173629.0A Active CN101729253B (en) | 2008-11-03 | 2008-11-03 | Multimedia broadcasting system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101729253B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8667288B2 (en) * | 2012-05-29 | 2014-03-04 | Robert Bosch Gmbh | System and method for message verification in broadcast and multicast networks |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101193266A (en) * | 2007-04-05 | 2008-06-04 | 国家广播电影电视总局广播科学研究院 | An identity identification method for digital TV broadcast signal |
-
2008
- 2008-11-03 CN CN200810173629.0A patent/CN101729253B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101193266A (en) * | 2007-04-05 | 2008-06-04 | 国家广播电影电视总局广播科学研究院 | An identity identification method for digital TV broadcast signal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101729253A (en) | 2010-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104506503B (en) | A kind of security certification system based on broadcasting and TV one-way transport network | |
| EP1402679B1 (en) | Security devices and processes for protecting and identifying messages | |
| CN101902477B (en) | Transmission system, reception system, the recognition methods of media stream and system | |
| CN106357396A (en) | Digital signature method, digital signature system and quantum key card | |
| EP1764974A1 (en) | Inter-entity coupling method, apparatus and system for content protection | |
| CN101534433B (en) | Streaming media encryption method | |
| CN103746962B (en) | GOOSE electric real-time message encryption and decryption method | |
| JP2016514914A (en) | Key distribution in satellite systems | |
| US20030041241A1 (en) | Privacy data communication method | |
| US8306223B2 (en) | Method and a system for transmitting encrypted control message based on mobile multimedia broadcast | |
| CN114697040A (en) | Electronic signature method and system based on symmetric key | |
| US20120180102A1 (en) | Realization method, device, and system for broadcast service grouping | |
| WO2022127164A1 (en) | Interface data transmission method and apparatus, electronic device, and storage medium | |
| CN111541699B (en) | Method for safely transmitting data based on IEC102 communication protocol | |
| CN101729253B (en) | Multimedia broadcasting system and method | |
| CN101729254B (en) | Multimedia broadcasting system and method | |
| CN101729501A (en) | Multimedia broadcasting system and method | |
| CN115550328A (en) | Digital copyright protection method based on auxiliary enhancement information of H.264 video code stream | |
| CN114244532A (en) | Charging method and charging device of terminal | |
| CN113259315B (en) | Communication message safety protection method and system suitable for power distribution network | |
| CN101651507A (en) | Method and system for securely playing multimedia broadcast content and multimedia broadcast system | |
| CN101651509B (en) | Terminal and method for securely playing multimedia broadcast content | |
| WO2016110718A1 (en) | Digital television broadcast data stream authentication | |
| CN101651508B (en) | Secure broadcast method, related secure broadcast system and front end system | |
| EP2063566A1 (en) | An encrypted key updating system, method thereof and a transmitting terminal and a receiving terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |