CN104581370A - Host and slave control mechanism, host, slave and system - Google Patents
Host and slave control mechanism, host, slave and system Download PDFInfo
- Publication number
- CN104581370A CN104581370A CN201510019083.3A CN201510019083A CN104581370A CN 104581370 A CN104581370 A CN 104581370A CN 201510019083 A CN201510019083 A CN 201510019083A CN 104581370 A CN104581370 A CN 104581370A
- Authority
- CN
- China
- Prior art keywords
- handset
- key
- control data
- machine tool
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42607—Internal components of the client ; Characteristics thereof for processing the incoming bitstream
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
- H04N21/42607—Internal components of the client ; Characteristics thereof for processing the incoming bitstream
- H04N21/42623—Internal components of the client ; Characteristics thereof for processing the incoming bitstream involving specific decryption arrangements
Abstract
The invention relates to the technical field of communication and discloses a host and slave control mechanism, a host, a slave and a system. According to the host and slave control mechanism, the host, the slave and the system, direct control over the slave can be achieved by the host without third-party service, and independence is high; during data control through direction interaction between the host and the slave, a random protective key is used for encrypting controlled data, a root key of the slave based on the serial number of the slave is also adopted for encrypting the protective key, and corresponding dual decryption is conducted inside a safe processor of the slave. Due to the adoption of the dual encryption and decryption method, the difficulty for crackers to analyze and tamper controlled data so as to control the host and the slave illegally is increased greatly, and high security of controlled data exchange is ensured. Furthermore, the control mechanism is simple and practical, and application and popularization of a host-slave terminal are facilitated.
Description
Technical field
The present invention relates to communication technical field, particularly, relate to a kind of mechanism, machine tool, handset and the system that realize composite aircraft and control.
Background technology
In the similar field such as Digital Television or Web TV, be divided into the demand of composite aircraft more and more general the terminal receiver belonging to same subscriber, citing, in a family having multiple digital TV terminal or network TV terminal, there is one for the machine tool of the head of a family, and multiple handset for child/old man; Or in the place being configured with the hotel of Digital Television or Web TV receiving equipment, bar, teahouse and hospital etc. have many rooms, also there is similar demand, namely a terminal is machine tool, and the terminal in each room is handset.Adopting the mode of aforementioned composite aircraft, the difference charging of machine tool and handset can being realized on the one hand, for possessing subscriber's cost saving of multiple terminal; Can be controlled by the viewing behavior of machine tool to handset on the other hand, such as in the family, the head of a family can control by machine tool child to watch certain content TV programme at specific time period, or in hotel, hotel owner can control client by machine tool and watch corresponding TV programme in difference consumption grade.
The mode realizing composite aircraft control at present is mainly divided into three kinds: a kind of is when not having network to be connected between machine tool with handset, the control of machine tool to handset is realized alternately by smart card, but need user to perform loaded down with trivial details operating procedure (to need first to start handset in machine tool terminal to control, then machine tool smart card is extracted, and intron machine smart card, subsequently handset smart card is inserted handset terminal, handset local parameter is upgraded, thus complete the control of composite aircraft), although this control mode is comparatively safe, but operating process is complicated, and need repeatedly to plug smart card, easily certain damage is caused to the card reader of smart card and terminal.Two kinds is realize the control of machine tool to handset by cable LAN or WLAN (wireless local area network), although this control mode is convenient and swift, if but lack enough safety assurance mechanism, then can be easy to be utilized by hacker or " greed " user, when not paying or paying less, the charge program that operator provides can be watched, or realize other illegal objects.Such as, send handset authorization packets by false machine tool to particular terminal, allow this terminal illegally obtain program viewing mandate, the legitimate rights and interests of infringement operator, or allow this terminal lose program viewing mandate, the interests of infringement legitimate client.Three kinds is that the transfer communication mode (completing communication encryption in front end) come by Access Network operator front end realizes the control of machine tool to handset, although this control mode safe ready, but be the increase in the network burden of access net system, and need to configure extra encryption server, add the cost of operator.
For the limitation of above-mentioned current composite aircraft control mode, need to provide a kind of newly, realize mechanism that composite aircraft controls and relevant device, not only can realize direct communication to control between machine tool and handset, independence is strong, but also high, the simple and practical feature of fail safe will be had, be beneficial to the promotion and application of composite aircraft terminal.
Summary of the invention
For the limitation of aforementioned current composite aircraft control mode, the invention provides a kind of mechanism, machine tool, handset and the system that realize composite aircraft and control, without the need to serving by third party, the direct control of machine tool to handset can be realized, independence is strong, and in control data reciprocal process, adopt double-encryption and deciphering, have the advantages that fail safe is high, simple and practical, be beneficial to the promotion and application of composite aircraft terminal.
The technical solution used in the present invention, provide a kind of mechanism realizing composite aircraft and control on the one hand, it is characterized in that, comprise: at machine tool end, generate control data and Protective Key, use Protective Key paired domination number according to encryption, generate encryption control data, generate handset root key according to the handset sequence number of correspondence simultaneously, handset root key is used to encrypt Protective Key, generate encipherment protection key, by encryption control data and encipherment protection key in the packet assembled, then by Packet Generation to handset; At sub-unit terminal; receive described packet; obtain encryption control data and encipherment protection key; first use the handset root key corresponding with local handset sequence number to encipherment protection secret key decryption; obtain Protective Key; re-use Protective Key to decipher encryption control data, obtain control data, last processing controls data.
Concrete, the step that the described handset sequence number according to correspondence generates handset root key also comprises: read the handset sequence number that machine tool this locality prestores, run key schedule, generate handset root key.
Concrete, described control data comprises handset controling parameters and machine tool sequence number.
Concrete, described encryption control data and the assembled step in the packet of encipherment protection key also to be comprised: agreement packet header is also in the packet assembled, and described agreement packet header comprises the first length information and the second length information; The data length of the first length information instruction encryption control data, the data length of the second length information instruction encipherment protection key.
Concrete, the step of described processing controls data comprises: obtain handset controling parameters and machine tool sequence number in control data after, if the machine tool sequence numbers match that machine tool sequence number and handset this locality prestore, then upgrade handset local parameter according to handset controling parameters.
The technical solution used in the present invention, providing a kind of machine tool realizing composite aircraft and control on the other hand, it is characterized in that, comprising: data generation module, for reading the handset controling parameters of configuration and local machine tool sequence number, generating control data; First key generation module, for generation of random Protective Key; First encrypting module, for using Protective Key paired domination number according to encryption, generates encryption control data; Second key generation module, for reading the handset sequence number that this locality prestores, running key schedule, generating handset root key; Second encrypting module, for using handset root key to encrypt Protective Key, generates encipherment protection key; Assembling module, for by encryption control data and encipherment protection key in the packet assembled; Data transmission module, for by Packet Generation to handset; First memory module, for prestoring corresponding handset sequence number; Second memory module, is arranged in local security processor, for storing local machine tool sequence number.
The technical solution used in the present invention, additionally provide a kind of handset realizing composite aircraft and control on the other hand, it is characterized in that, comprising: data reception module, for receiving the packet transmitted from machine tool, described packet comprises encipherment protection key and encryption control data; Parsing module, for obtaining encipherment protection key and encryption control data from packet; 3rd memory module, is arranged in local security processor, for storing local handset sequence number and handset root key; Second deciphering module, is arranged in local security processor, for using the handset root key corresponding with the handset sequence number of this locality to encipherment protection secret key decryption, obtains Protective Key; First deciphering module, is arranged in local security processor, for using Protective Key to decipher encryption control data, obtains control data; Data processing module, for the treatment of control data.
The technical solution used in the present invention, additionally provide a kind of system realizing composite aircraft and control on the other hand, it is characterized in that, comprise: machine tool, for generating control data and Protective Key, use Protective Key paired domination number according to encryption, generate encryption control data, generate handset root key according to the handset sequence number of correspondence simultaneously, handset root key is used to encrypt Protective Key, generate encipherment protection key, by encryption control data and encipherment protection key in the packet assembled, then by Packet Generation to handset; Handset, for receiving packet, obtain encryption control data and encipherment protection key, first use the handset root key corresponding with local handset sequence number to encipherment protection secret key decryption, obtain Protective Key, re-use Protective Key to decipher encryption control data, obtain control data, last processing controls data; Transmit medium, for realizing the transfer of data between machine tool and handset.
To sum up; adopt the mechanism, machine tool, handset and the system that realize composite aircraft and control provided by the present invention; without the need to serving by third party; the direct control of machine tool to handset can be realized; independence is strong, in machine tool and handset direct interaction control data process, not only uses random Protective Key paired domination number according to encryption; also use the handset root key based on handset sequence number to encrypt Protective Key, and carry out corresponding double descrambling in the safe processor inside of handset.This double-encryption and manner of decryption, make hacker pass through to resolve and distort control data, and then complete the difficulty that composite aircraft illegally controls and increase considerably, ensure that the high security that control data exchanges, and described controlling mechanism is simple and practical, be beneficial to the promotion and application of composite aircraft terminal.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the machine-processed flow chart realizing composite aircraft control that the embodiment of the present invention provides.
Fig. 2 is the machine tool structural representation realizing composite aircraft control that the embodiment of the present invention provides.
Fig. 3 is the handset structural representation realizing composite aircraft control that the embodiment of the present invention provides.
Fig. 4 is the system configuration schematic diagram realizing composite aircraft control that the embodiment of the present invention provides.
Embodiment
Hereinafter with reference to accompanying drawing, describe the mechanism, machine tool, handset and the system that realize composite aircraft and control provided by the invention in detail by way of example.It should be noted that at this, the explanation for these way of example understands the present invention for helping, but does not form limitation of the invention.
Various technology described herein may be used for but be not limited to communication technical field, can also be used for other similar field.
Term "and/or" herein, it is only a kind of incidence relation describing affiliated partner, three kinds of relations can be there are in expression, such as, A and/or B, can represent: individualism A, individualism B, there are A and B tri-kinds of situations simultaneously, herein term " or/and " be describe another kind of affiliated partner relation, can there are two kinds of relations in expression, such as, A is or/and B, can represent: individualism A, individualism A and B two kinds of situations, in addition, character "/" herein, general expression forward-backward correlation is to liking a kind of "or" relation.
Embodiment one, Fig. 1 shows the machine-processed flow chart realizing composite aircraft control that the present embodiment provides.The mechanism realizing composite aircraft control of the present embodiment displaying, is characterized in that, comprise the steps.
S101. at machine tool end; generate control data and Protective Key; use Protective Key paired domination number according to encryption; generate encryption control data; generate handset root key according to the handset sequence number of correspondence simultaneously, use handset root key to encrypt Protective Key, generate encipherment protection key; by encryption control data and encipherment protection key in the packet assembled, then by Packet Generation to handset.
S102. at sub-unit terminal; receive described packet; obtain encryption control data and encipherment protection key; first use the handset root key corresponding with local handset sequence number to encipherment protection secret key decryption; obtain Protective Key; re-use Protective Key to decipher encryption control data, obtain control data, last processing controls data.
In the present embodiment, described handset and machine tool are respectively the one in information receiving terminal, and its inside is all configured with safe processor, have data encryption and the decipher function of advanced security.Described information receiving terminal can be but be not limited to receiving terminal for digital television, or Web TV receiving terminal, or other similar information receiving terminal.Described advanced security comprises following technical requirement: (1) has safe processor hardware, unique, not modifiable sequence number is not only pre-stored with in each safe processor, also be previously stored with several, can not change, for the root key to decrypt data, sequence number and each root key provide by information security service provider, be kept in the memory module of safe processor, such as OTP(One Time Programming, One Time Programmable) memory; (2) key schedule that the corresponding relation between sequence number and root key is provided by information security service provider determines, described key schedule only with the root key generator provided information security service provider and description of the present invention, realize running in software that composite aircraft controls; (3) advanced security data deciphering is supported, after input encryption control data and encipherment protection key, first use root key to encipherment protection secret key decryption, after obtaining Protective Key, re-use Protective Key to decipher encryption control data, finally obtain control data, described two kinds of decrypting processes all complete in safe processor inside, and the root key that deciphering uses and Protective Key etc. all can not be accessed by external program; (4) multiple hardware based algorithms for encryption and decryption is supported.
Described sequence number is the sequence number of built-in security processor in information receiving terminal, can as the unique identification of information receiving terminal.When information receiving terminal is used for initialization, the job category (machine tool or handset) of this information receiving terminal is specified by operator/user, be the information receiving terminal of machine tool for assigned work type, this machine tool also can be specified whether to have handset, when appointment has handset, also the handset sequence number that this machine tool is corresponding can be specified further; Be the information receiving terminal of handset for assigned work type, also can specify the machine tool sequence number belonging to this handset.Aforementioned handset sequence number or machine tool sequence number are all kept in the memory module of information receiving terminal, such as NVRAM(Non-Volatile Random Access Memory, nonvolatile random access memory) memory.
The mechanism realizing composite aircraft control described by the present embodiment; without the need to serving by third party; the direct control of machine tool to handset can be realized; independence is strong; in machine tool and handset direct interaction control data process; not only use random Protective Key paired domination number according to encryption, also use the handset root key based on handset sequence number to encrypt Protective Key, and carry out corresponding double descrambling in the safe processor inside of handset.This double-encryption and manner of decryption, make hacker pass through to resolve and distort control data, and then complete the difficulty that composite aircraft illegally controls and increase considerably, ensure that the high security that control data exchanges, and described controlling mechanism is simple and practical, be beneficial to the promotion and application of composite aircraft terminal.
Embodiment two, the present embodiment is expanded as the optimization of embodiment one, and the basis of embodiment one is described in detail to the mechanism realizing composite aircraft control that embodiment two provides.
At machine tool end, concrete, generate control data by data generating module.Described control data comprises handset controling parameters and machine tool sequence number.When needs machine tool controls handset, first configured the handset controling parameters of handset by input equipment by user, then the machine tool sequence number being read described handset controling parameters by data generating module and preserved in local security processor, generate control data.Described handset controling parameters includes but not limited to the receives information authority of handset, working hour, account charging information or the contents such as information of deducting fees.In described handset controling parameters, the implication of internal data structure is indicated by communication protocol version number.As further optimization, be also configured with the first error check code at the trailer field of control data.Described first error check code is the error check code of the anterior field of control data, and error check code can be but be not limited to any in cyclic redundancy check (CRC) code, parity check code and Hamming code etc.At sub-unit terminal, obtain after control data through deciphering, error checking and correction can be carried out according to anterior field by paired domination number, if check results is mated with the first error check code, then represent control data zero defect in transmitting procedure, complete errorless handset controling parameters and machine tool sequence number can be obtained.
Described data generating module is except generating control data and configuring except the first error check code in control data; also for cryptographic algorithm is specified in the encryption of follow-up control data and Protective Key encryption respectively; described cryptographic algorithm is AES(Advanced Encryption Standard; Advanced Encryption Standard), TDES(Triple Digital Encryption Standard, triple DES) and other symmetric encipherment algorithms in any.
At machine tool end, concrete, produce Protective Key by the first key generation module.Described Protective Key is random number, and the length of Protective Key is the integral multiple of 16 bytes.Described Protective Key produces at random, as paired domination number according to the session key be encrypted.After Protective Key produces; first encrypting module of machine tool take Protective Key as session key, and the control data cryptographic algorithm paired domination number of specifying according to data generating module, according to being encrypted, generates encryption control data; and encryption control data is delivered to assembling module, so that assembled packet.
In step S101, concrete, the step that the described handset sequence number according to correspondence generates handset root key also comprises: read the handset sequence number that machine tool this locality prestores, run key schedule, generate handset root key.The control object of described handset sequence number mark machine tool, by operator when configuring master/slave system, is pre-written in the NVRAM memory of machine tool inside.Described key schedule is provided by information security service provider, determines the one-to-one relationship of handset sequence number and handset root key.Key schedule is the one of any combination in multiple symmetric data encryption algorithm, can pass through software simulating, also can be realized by the hardware encryption logic calling machine tool safe processor.At machine tool end; concrete; the local handset sequence number prestored is read by the second key generation module; run key schedule, generate handset root key, then the second encrypting module with handset root key for session key; the Protective Key cryptographic algorithm of specifying according to data generating unit is encrypted Protective Key; generate encipherment protection key, and encipherment protection key is delivered to assembling module, so that assembled packet.
In step S101, concrete, described encryption control data and the assembled step in the packet of encipherment protection key also to be comprised: agreement packet header is also in the packet assembled, and described agreement packet header comprises the first length information and the second length information; The data length of the first length information instruction encryption control data, the data length of the second length information instruction encipherment protection key.Described agreement packet header is positioned at the afterbody of packet, and handset, behind acquisition agreement packet header, can obtain correct encryption control data and encipherment protection key according to the first length information and the second length information.At machine tool end, concrete, be assembled in packet by assembling module by encryption control data, encipherment protection key and agreement packet header, as further optimization, described agreement packet header also comprises the first algorithm indication information and the second algorithm indication information; The cryptographic algorithm of the first algorithm indication information instruction control data, the cryptographic algorithm of the second algorithm indication information instruction Protective Key.Handset obtains described first algorithm indication information and the second algorithm indication information from agreement packet header, when being decrypted encipherment protection key or encryption control data, can according to the cryptographic algorithm of the Protective Key of the second algorithm indication information instruction, use corresponding decipherment algorithm, encipherment protection key is decrypted, thus obtains Protective Key; According to the cryptographic algorithm of the control data of the first algorithm indication information instruction, corresponding decipherment algorithm can also be used, encryption control data is decrypted, thus obtain control data.As further optimizing, described agreement packet header also comprises communication protocol version information, the communication protocol version number that described communication protocol version information instruction machine tool is supported.Described communication protocol version is number for representing the version of internal data structure in handset controling parameters, handset correctly can be resolved according to communication protocol version number and understand handset controling parameters, if handset finds not support the communication protocol version number that communication protocol version information indicates, then can not upgrade handset local parameter according to handset controling parameters.Trailer field in agreement packet header is also configured with the second error check code.Described second error check code is the error check code of the anterior content of packet (comprising the anterior field in encryption control data, encipherment protection key and agreement packet header), and error check code can be but be not limited to any in cyclic redundancy check (CRC) code, parity check code and Hamming code etc.At sub-unit terminal; receive after packet through data reception module; error checking and correction can be carried out to the anterior content of packet; if assay is mated with the second error check code; then represent packet zero defect in transmitting procedure; the content (comprise the first length information and the second length information, or the first algorithm indication information and the second algorithm indication information, or communication protocol version information etc.) of complete errorless encryption control data, the anterior field in encipherment protection key and agreement packet header can be obtained.
At machine tool end, concrete, by data transmission module by Packet Generation to handset.Describedly by Packet Generation to the mode of handset can be but be not limited to based on the communication mode of ICP/IP protocol or the transfer mode based on any equipment in removable medium, serial ports circuit and remote controller.Such as, when being stored in local net network between machine tool and handset, by realizing the transmission of packet based on the communication mode of ICP/IP protocol; And in other cases, can by based on the movable storage medium such as USB flash disk, smart card, or serial ports circuit, or the transfer mode of other similar devices such as remote controller realizes the transmission of control data bag.
At sub-unit terminal, concrete, receive packet by the data reception module of handset.Described control data bag can be that the communication mode by coordinating based on TCP/IP mode is sent, and also can be by based on the movable storage medium such as USB flash disk, smart card, or serial ports circuit, or the transfer mode of other similar devices such as remote controller is sent.Data reception module receives packet, if confirm, agreement packet header comprises the second error check code, then need can carry out error checking and correction to the anterior content of packet, if check results is mated with the second error check code, then represent that whole packet is complete errorless, then packet is delivered to parsing module to resolve, otherwise delete the packet received.
At sub-unit terminal; concrete; by parsing module, packet is resolved; correct encryption control data and encipherment protection key is obtained respectively according to the first length information in agreement packet header and the second length information; then by encryption control data and encipherment protection key, and the first algorithm indication information in agreement packet header and the second algorithm indication information are delivered in the safe processor of handset and are decrypted.
Concrete, in the safe processor of sub-unit terminal, first by the second deciphering module to encipherment protection secret key decryption, second deciphering module with the handset root key corresponding with local handset sequence number for session key, and use the decipherment algorithm corresponding with the Protective Key cryptographic algorithm that the second algorithm indication information indicates, encipherment protection key is decrypted, obtains Protective Key; Then by the first deciphering module, encryption control data is deciphered; first deciphering module with the Protective Key formerly obtained for session key; and use the decipherment algorithm corresponding with the control data cryptographic algorithm that the first algorithm indication information indicates, encryption control data is decrypted, obtains control data.Described handset root key and handset sequence number one_to_one corresponding, the key schedule that its corresponding relation is provided by information security service provider determines, handset root key and the handset sequence number of handset this locality are prestored in the OPT memory of installation process device by information security service provider.Protective Key after safe processor can guarantee handset root key, handset sequence number and deciphering by hardware all cannot be obtained by extraneous program, ensure that the fail safe of decrypting process.Control data is delivered to data processing module and is processed by the first deciphering module in last safe processor.
At sub-unit terminal, concrete, by data processing module processing controls data.Data processing module receives control data, if comprise the first error check code in confirmation control data, paired domination number is then needed to carry out error checking and correction according to anterior field, if check results is mated with the first error check code, then represent that whole control data is complete errorless, then from control data, obtain handset controling parameters and machine tool sequence number, otherwise delete control data.
In step s 102, concrete, the step of described processing controls data comprises: after obtain handset controling parameters and machine tool sequence number from control data, if the machine tool sequence numbers match that machine tool sequence number and handset this locality prestore, then upgrades handset local parameter according to handset controling parameters.Described machine tool sequence number by operator when appointed information receiving terminal is handset job category, be written in the NVRAM memory of handset inside by the machine tool sequence number identifying machine tool belonging to this handset in advance, described handset local parameter can be but be not limited to the parameters such as receives information authority, working hour and account balance.When upgrading handset local parameter, the internal data structure of described handset local parameter should mate with the internal data structure of handset controling parameters, and this data structure is arranged by communication protocol version number.If handset finds the communication protocol version number of communication protocol version information instruction in not supported protocol packet header, then do not upgrade handset local parameter.After data processing module upgrades handset local parameter, work can be carried out according to new handset local parameter, such as, in the working hour of regulation, to the display outgoing television signal be connected with handset.
At sub-unit terminal, after successfully upgrading handset local parameter, can control successfully to confirm bag to machine tool transmission by network, repeat to avoid machine tool to send packet.Described control successfully confirms to wrap and can also comprise the local job information that handset reports, and such as stored value card is supplemented with money or deduct fees information, and machine tool can be corrected relevant parameter according to these information.
The mechanism realizing composite aircraft control described described in the present embodiment can be applicable to Digital Television or network television field, the control that can realize following content is controlled: (1) is by controlling the mandate of handset and the highest program X-certificate by composite aircraft, limit handset only to receive the program allowed, prevent handset user (as minor in family) from watching unsuitable TV programme; By controlling the working hour of handset, prevent handset user from indulging in TV and affecting normal work and study; (3) by the stored value card of management handset, control the license fee use of handset user, overspend to avoid license fee.The account of described stored value card is safeguarded by the software of information receiving terminal, to the mode of receives information charging can be but be not limited to pay fees by the hour (Impulsive Pay Per Time by the charging of product bag, program, IPPT) or the mode such as pay-per-use (Impulsive Pay Per View), watch that the expense that IPPT or IPPV program produces directly buckles value from the stored value card account of terminal.Citing, after realizing composite aircraft controlling mechanism, the account of machine tool can be supplemented with money by front end, and the account of handset then manages by machine tool.
At machine tool end, the embedded software run according to the mechanism realizing composite aircraft control described described in the present embodiment is after promoter machine tool control process, the user interface of composite aircraft control operation can be provided for user, user can select and configure following handset controling parameters: (1) selects the handset identifier of control object, and described handset identifier can be but be not limited to the parameters such as handset logical sequence number, the another name of handset, the network address of handset; (2) select the handset parameter needing to upgrade, comprise mandate time, authorizing product list, view level, working hour and handset and supplement with money (or deducting fees); The described mandate time is machine tool single is the effective maximum duration of handset mandate, can be specified in advance by operator; Described authorizing product the package list is that machine tool can the multiple combination subset of grant item object; Described viewing rank comprises the mark whether arranging handset viewing rank, and set handset viewing rank; Described working hour comprises the mark whether arranging handset working hour, and set handset working hour; Described handset supplements the mark comprising whether antithetical phrase organic electronic wallet and carry out supplementing with money or deducting fees with money, and the amount of money supplemented with money or deduct (when supplementing with money, recharge amount must not exceed the remaining sum of the stored value card of main frame own).Handset is completed after controling parameters configuration, each operational module startup work of machine tool end user, and by final Packet Generation to sub-unit terminal.And after sub-unit terminal receives packet, each operational module also starts work, finally completes the renewal of handset controling parameters.If communication condition allows (such as machine tool and handset are all in by the local area network (LAN) of the technique construction such as WiFi or bluetooth), sub-unit terminal can also send to machine tool and control successfully to confirm bag, machine tool receive control successfully confirm bag after, can provide visual to user and successfully show.Further, to supplement with money or to deduct fees etc. information if control successfully to confirm also to comprise in bag stored value card, then machine tool end also needs amount of money deduct or supplement correspondence according to these information in the stored value card of proper account.
The described mechanism realizing composite aircraft and control that the present embodiment provides, detailed describing realizes the entire protocol that composite aircraft controls, and comprises the double-encryption of packet and the details of deciphering and machine tool checking.The described mechanism realizing composite aircraft and control, have employed the encryption and decryption process based on advanced security, only have the composite aircraft terminal being configured to mutually same master/slave system in advance just can complete Control on Communication, and the safe processor of composite aircraft inside ensure that the fail safe of sequence number and key from hardware aspect, thus make hacker pass through to resolve and distort control data, and then complete the difficulty that composite aircraft illegally controls and increase considerably.The described mechanism realizing composite aircraft control has the advantages that independence is strong, fail safe is high and simple and practical, contributes to the large-scale promotion and application of composite aircraft terminal.
Embodiment three, embodiments of the invention additionally provide a kind of machine tool realizing composite aircraft and control, as shown in Figure 2, the described machine tool realizing composite aircraft and control, it is characterized in that, comprising: data generation module, for reading the handset controling parameters of configuration and local machine tool sequence number, generating control data; First key generation module, for generation of random Protective Key; First encrypting module, for using Protective Key paired domination number according to encryption, generates encryption control data; Second key generation module, for reading the handset sequence number that this locality prestores, running key schedule, generating handset root key; Second encrypting module, for using handset root key to encrypt Protective Key, generates encipherment protection key; Assembling module, for by encryption control data and encipherment protection key in the packet assembled; Data transmission module, for by Packet Generation to handset; First memory module, for prestoring corresponding handset sequence number; Second memory module, is arranged in local security processor, for storing local machine tool sequence number.
Described machine tool is the one in information receiving terminal, and its inside is all configured with safe processor, has data encryption and the decipher function of advanced security.When information receiving terminal is used for initialization, the job category (machine tool or handset) of this information receiving terminal is specified by operator/user, be the information receiving terminal of machine tool for assigned work type, this machine tool also can be specified whether to have handset, when appointment has handset, also the handset sequence number that this machine tool is corresponding can be specified further; Be the information receiving terminal of handset for assigned work type, also can specify the machine tool sequence number belonging to this handset.
Concrete, described first memory module is NVRAM memory.Described second memory module is otp memory.Also be assemblied with agreement packet header in described packet, agreement packet header comprises the first length information and the second length information; The data length of the first length information instruction encryption control data, the data length of the second length information instruction encipherment protection key.Described agreement packet header also comprises the first algorithm indication information and the second algorithm indication information; The cryptographic algorithm of the first algorithm indication information instruction control data, the cryptographic algorithm of the second algorithm indication information instruction Protective Key.The length of described Protective Key is the integral multiple of 16 bytes.
That shows described in the present embodiment realizes the machine tool that composite aircraft controls, and can be complete realize is shown in embodiment one and embodiment two, at machine tool end paired domination number according to being encrypted, being encrypted Protective Key and the method for assembled packet.The root key paired domination number certificate based on handset sequence number is adopted to carry out double-encryption, hacker is made to pass through to resolve and distort control data, and then complete the difficulty that composite aircraft illegally controls and increase considerably, have the advantages that independence is strong, fail safe is high and simple and practical, contribute to the large-scale promotion and application of composite aircraft terminal.
Embodiment four, embodiments of the invention additionally provide a kind of handset realizing composite aircraft and control, as shown in Figure 3, the described handset realizing composite aircraft and control, it is characterized in that, comprise: data reception module, for receiving the packet transmitted from machine tool, described packet comprises encipherment protection key and encryption control data; Parsing module, for obtaining encipherment protection key and encryption control data from packet; 3rd memory module, is arranged in local security processor, for storing local handset sequence number and handset root key; Second deciphering module, is arranged in local security processor, for using the handset root key corresponding with the handset sequence number of this locality to encipherment protection secret key decryption, obtains Protective Key; First deciphering module, is arranged in local security processor, for using Protective Key to decipher encryption control data, obtains control data; Data processing module, for the treatment of control data.
Described handset is the one in information receiving terminal, and its inside is all configured with safe processor, has data encryption and the decipher function of advanced security.When information receiving terminal is used for initialization, the job category (machine tool or handset) of this information receiving terminal is specified by operator/user, be the information receiving terminal of machine tool for assigned work type, this machine tool also can be specified whether to have handset, when appointment has handset, also the handset sequence number that this machine tool is corresponding can be specified further; Be the information receiving terminal of handset for assigned work type, also can specify the machine tool sequence number belonging to this handset.
Concrete, described 3rd memory module is otp memory.Also be assemblied with agreement packet header in described packet, agreement packet header comprises the first length information and the second length information; The data length of the first length information instruction encryption control data, the data length of the second length information instruction encipherment protection key.Described agreement packet header also comprises the first algorithm indication information and the second algorithm indication information; The cryptographic algorithm of the first algorithm indication information instruction control data, the cryptographic algorithm of the second algorithm indication information instruction Protective Key.The length of described Protective Key is the integral multiple of 16 bytes.The described handset realizing composite aircraft and control, can also comprise the 4th memory module, for prestoring the machine tool sequence number of affiliated machine tool.Described 4th memory module is NVRAM memory.The machine tool sequence number that described machine tool sequence number is used in paired domination number certificate is verified, only when both mate, handset just can upgrade handset local parameter, thus completes the control of composite aircraft.
The handset realizing composite aircraft control of showing described in the present embodiment; can be complete realize is shown in embodiment one and embodiment two, at sub-unit terminal to data Packet analyzing, to encipherment protection secret key decryption, method to encryption control data deciphering and processing controls data.The described handset realizing composite aircraft and control, double descrambling is carried out in the safe processor of handset inside, and carry out machine tool checking, hacker is made to pass through to resolve and distort control data, and then complete the difficulty that composite aircraft illegally controls and increase considerably, have the advantages that independence is strong, fail safe is high and simple and practical, contribute to the large-scale promotion and application of composite aircraft terminal.
Embodiment five, embodiments of the invention additionally provide a kind of system realizing composite aircraft and control, as shown in Figure 4, the described system realizing composite aircraft and control, it is characterized in that, comprise: machine tool, for generating control data and Protective Key, use Protective Key paired domination number according to encryption, generate encryption control data, generate handset root key according to the handset sequence number of correspondence simultaneously, handset root key is used to encrypt Protective Key, generate encipherment protection key, by encryption control data and encipherment protection key in the packet assembled, then by Packet Generation to handset; Handset, for receiving packet, obtain encryption control data and encipherment protection key, first use the handset root key corresponding with local handset sequence number to encipherment protection secret key decryption, obtain Protective Key, re-use Protective Key to decipher encryption control data, obtain control data, last processing controls data; Transmit medium, for realizing the transfer of data between machine tool and handset.
Described machine tool and handset are the one in information receiving terminal, and its inside is all configured with safe processor, have data encryption and the decipher function of advanced security.When information receiving terminal is used for initialization, the job category (machine tool or handset) of this information receiving terminal is specified by operator/user, be the information receiving terminal of machine tool for assigned work type, this machine tool also can be specified whether to have handset, when appointment has handset, also the handset sequence number that this machine tool is corresponding can be specified further; Be the information receiving terminal of handset for assigned work type, also can specify the machine tool sequence number belonging to this handset.
Described transmission medium can be the communication medium (such as netting twine etc.) based on ICP/IP protocol, also can be the movable storage medium of the such as type such as USB flash disk, smart card, can also be the transferring equipment of the such as type such as serial ports circuit or remote controller.
System that composite aircraft controls that what the present embodiment was shown realize, the composite aircraft controlling mechanism realizing showing in embodiment and embodiment two that can be complete.The described system realizing composite aircraft and control, adopt double-encryption and manner of decryption, hacker is made to pass through to resolve and distort control data, and then complete the difficulty that composite aircraft illegally controls and increase considerably, have the advantages that independence is strong, fail safe is high and simple and practical, contribute to the large-scale promotion and application of composite aircraft terminal.
As mentioned above, the present invention can be realized preferably.For a person skilled in the art, according to instruction of the present invention, designing the multi-form mechanism realizing composite aircraft security control, machine tool, handset and system does not need performing creative labour.Without departing from the principles and spirit of the present invention these embodiments changed, revise, replace, integrate and modification still falls within the scope of protection of the present invention.
Claims (10)
1. realize the mechanism that composite aircraft controls, it is characterized in that, comprising:
At machine tool end, generate control data and Protective Key, use Protective Key paired domination number according to encryption, generate encryption control data, generate handset root key according to the handset sequence number of correspondence simultaneously, use handset root key to encrypt Protective Key, generate encipherment protection key, by encryption control data and encipherment protection key in the packet assembled, then by Packet Generation to handset;
At sub-unit terminal; receive described packet; obtain encryption control data and encipherment protection key; first use the handset root key corresponding with local handset sequence number to encipherment protection secret key decryption; obtain Protective Key; re-use Protective Key to decipher encryption control data, obtain control data, last processing controls data.
2. a kind of mechanism realizing composite aircraft and control as claimed in claim 1, it is characterized in that, the step that the described handset sequence number according to correspondence generates handset root key also comprises:
Read the handset sequence number that machine tool this locality prestores, run key schedule, generate handset root key.
3. a kind of mechanism realizing composite aircraft security control as claimed in claim 1, it is characterized in that, described control data comprises handset controling parameters and machine tool sequence number.
4. a kind of mechanism realizing composite aircraft and control as claimed in claim 1, is characterized in that, describedly encryption control data and the assembled step in the packet of encipherment protection key also to be comprised:
Agreement packet header is also in the packet assembled, and described agreement packet header comprises the first length information and the second length information;
The data length of the first length information instruction encryption control data, the data length of the second length information instruction encipherment protection key.
5. as claimed in claim 4 a kind of realize composite aircraft control mechanism, it is characterized in that, described agreement packet header also comprises the first algorithm indication information and the second algorithm indication information;
The cryptographic algorithm of the first algorithm indication information instruction control data, the cryptographic algorithm of the second algorithm indication information instruction Protective Key.
6. as claimed in claim 1 a kind of realize composite aircraft control mechanism, it is characterized in that, described Protective Key is random number, and the length of Protective Key is the integral multiple of 16 bytes.
7. a kind of mechanism realizing composite aircraft security control as claimed in claim 1, it is characterized in that, the step of described processing controls data comprises:
After obtain handset controling parameters and machine tool sequence number from control data, if the machine tool sequence numbers match that machine tool sequence number and handset this locality prestore, then upgrade handset local parameter according to handset controling parameters.
8. realize the machine tool that composite aircraft controls, it is characterized in that, comprising:
Data generation module, for reading the handset controling parameters of configuration and local machine tool sequence number, generates control data;
First key generation module, for generation of random Protective Key;
First encrypting module, for using Protective Key paired domination number according to encryption, generates encryption control data;
Second key generation module, for reading the handset sequence number that this locality prestores, running key schedule, generating handset root key;
Second encrypting module, for using handset root key to encrypt Protective Key, generates encipherment protection key;
Assembling module, for by encryption control data and encipherment protection key in the packet assembled;
Data transmission module, for sending to handset by control data bag;
First memory module, for prestoring corresponding handset sequence number;
Second memory module, is arranged in local security processor, for storing local machine tool sequence number.
9. realize the handset that composite aircraft controls, it is characterized in that, comprising:
Data reception module, for receiving the packet transmitted from machine tool, described packet comprises encipherment protection key and encryption control data;
Parsing module, for obtaining encipherment protection key and encryption control data from packet;
3rd memory module, is arranged in local security processor, for storing local handset sequence number and handset root key;
Second deciphering module, is arranged in local security processor, for using the handset root key corresponding with the handset sequence number of this locality to encipherment protection secret key decryption, obtains Protective Key;
First deciphering module, is arranged in local security processor, for using Protective Key to decipher encryption control data, obtains control data;
Data processing module, for the treatment of control data.
10. realize the system that composite aircraft controls, it is characterized in that, comprising:
Machine tool, for generating control data and Protective Key, use Protective Key paired domination number according to encryption, generate encryption control data, generate handset root key according to the handset sequence number of correspondence simultaneously, use handset root key to encrypt Protective Key, generate encipherment protection key, by encryption control data and encipherment protection key in the packet assembled, then by Packet Generation to handset;
Handset, for receiving packet, obtain encryption control data and encipherment protection key, first use the handset root key corresponding with local handset sequence number to encipherment protection secret key decryption, obtain Protective Key, re-use Protective Key to decipher encryption control data, obtain control data, last processing controls data;
Transmit medium, for realizing the transfer of data between machine tool and handset.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510019083.3A CN104581370A (en) | 2015-01-15 | 2015-01-15 | Host and slave control mechanism, host, slave and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510019083.3A CN104581370A (en) | 2015-01-15 | 2015-01-15 | Host and slave control mechanism, host, slave and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104581370A true CN104581370A (en) | 2015-04-29 |
Family
ID=53096415
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510019083.3A Pending CN104581370A (en) | 2015-01-15 | 2015-01-15 | Host and slave control mechanism, host, slave and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104581370A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113872971A (en) * | 2021-09-28 | 2021-12-31 | 芜湖雄狮汽车科技有限公司 | New energy Internet of vehicles communication protocol upgrading method and device and cloud platform |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1215528A (en) * | 1996-04-03 | 1999-04-28 | 迪格科公司 | Method for providing a secure communication between two devices and application of this method |
| US20060039559A1 (en) * | 2004-08-18 | 2006-02-23 | Wasilewski Anthony J | Retrieval and transfer of encrypted hard drive content from DVR set-top box utilizing second DVR set-top box |
| CN101087361A (en) * | 2006-06-09 | 2007-12-12 | 谢剑斌 | A method for authorization of digital TV STB slave-master device |
| CN201229570Y (en) * | 2008-07-18 | 2009-04-29 | 北京中科联众科技有限公司 | Mobile hard disc data protection apparatus |
| CN101425862A (en) * | 2008-12-02 | 2009-05-06 | 中兴通讯股份有限公司 | Mobile multimedia broadcast service operation management system and method |
| CN101651508A (en) * | 2008-08-15 | 2010-02-17 | 威盛电子(中国)有限公司 | Secure broadcast method, related secure broadcast system and front end system |
| CN101720012A (en) * | 2009-11-19 | 2010-06-02 | 北京数码视讯科技股份有限公司 | Primary and subsidiary cards for digital television condition receiving system and realization method thereof |
| CN102164319A (en) * | 2011-04-08 | 2011-08-24 | 北京数字太和科技有限责任公司 | Method and device for safely transmitting transport stream (TS) |
| US20120110612A1 (en) * | 2001-11-21 | 2012-05-03 | General Instrument Corporation | Method and System for Providing Security within Multiple Set-Top Boxes Assigned for a Single Customer |
| CN102932692A (en) * | 2011-08-12 | 2013-02-13 | 华为终端有限公司 | Method and device for authenticating set-top box |
| CN203057385U (en) * | 2012-12-17 | 2013-07-10 | 深圳市数视通科技股份有限公司 | Digital television set top box and main and auxiliary set top box system |
-
2015
- 2015-01-15 CN CN201510019083.3A patent/CN104581370A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1215528A (en) * | 1996-04-03 | 1999-04-28 | 迪格科公司 | Method for providing a secure communication between two devices and application of this method |
| US20120110612A1 (en) * | 2001-11-21 | 2012-05-03 | General Instrument Corporation | Method and System for Providing Security within Multiple Set-Top Boxes Assigned for a Single Customer |
| US20060039559A1 (en) * | 2004-08-18 | 2006-02-23 | Wasilewski Anthony J | Retrieval and transfer of encrypted hard drive content from DVR set-top box utilizing second DVR set-top box |
| CN101087361A (en) * | 2006-06-09 | 2007-12-12 | 谢剑斌 | A method for authorization of digital TV STB slave-master device |
| CN201229570Y (en) * | 2008-07-18 | 2009-04-29 | 北京中科联众科技有限公司 | Mobile hard disc data protection apparatus |
| CN101651508A (en) * | 2008-08-15 | 2010-02-17 | 威盛电子(中国)有限公司 | Secure broadcast method, related secure broadcast system and front end system |
| CN101425862A (en) * | 2008-12-02 | 2009-05-06 | 中兴通讯股份有限公司 | Mobile multimedia broadcast service operation management system and method |
| CN101720012A (en) * | 2009-11-19 | 2010-06-02 | 北京数码视讯科技股份有限公司 | Primary and subsidiary cards for digital television condition receiving system and realization method thereof |
| CN102164319A (en) * | 2011-04-08 | 2011-08-24 | 北京数字太和科技有限责任公司 | Method and device for safely transmitting transport stream (TS) |
| CN102932692A (en) * | 2011-08-12 | 2013-02-13 | 华为终端有限公司 | Method and device for authenticating set-top box |
| CN203057385U (en) * | 2012-12-17 | 2013-07-10 | 深圳市数视通科技股份有限公司 | Digital television set top box and main and auxiliary set top box system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113872971A (en) * | 2021-09-28 | 2021-12-31 | 芜湖雄狮汽车科技有限公司 | New energy Internet of vehicles communication protocol upgrading method and device and cloud platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100936885B1 (en) | Method and apparatus for mutual authentification in downloadable conditional access system | |
| KR101261674B1 (en) | Method and apparatus for mutual authentication in downloadable conditional access system | |
| CN102356640B (en) | Safe IPTV service is sent to PC platform | |
| EP2026494A1 (en) | Authentication device using intrinsic random number generating element or pseudo-random number generating element, authentication apparatus, and authentication method | |
| JP4839303B2 (en) | Digital cable tv broadcast receiver | |
| CN104303511B (en) | TV receivers with multiple decryption modes | |
| CN103067333A (en) | Method for verifying set top box access identity and authentication server | |
| CN101090452A (en) | Set-top box software updating method and system | |
| US20050066355A1 (en) | System and method for satellite broadcasting and receiving encrypted television data signals | |
| US7804959B2 (en) | Digital cable television broadcasting receiver | |
| US20020184512A1 (en) | Method and apparatus for supporting remote configuration to facilitate subscriber management | |
| CN102084664A (en) | Unit and method for secure processing of access controlled audio/video data | |
| US11308242B2 (en) | Method for protecting encrypted control word, hardware security module, main chip and terminal | |
| CN102752662B (en) | A kind of root key generation method of condition receiving system receiving terminal, module, chip and receiving terminal | |
| CN102752635A (en) | Downloadable and replaceable condition receiving system | |
| WO2008077303A1 (en) | A method and system for processing broadcast signal and a receiving terminal of broadcast signal | |
| CN101742249A (en) | Realization method of trusted bilateral network digital television system | |
| CN104581370A (en) | Host and slave control mechanism, host, slave and system | |
| EP2337347A1 (en) | Method and processing unit for secure processing of access controlled audio/video data | |
| CN101505402B (en) | Authentication method for uni-directional network digital television conditional receiving system terminal deciphering module | |
| CN202178853U (en) | Multi-functional set top box with encryption system | |
| CN105306975A (en) | Control word safe transmission method and system without binding smart card with set top box | |
| KR20110028784A (en) | A method for processing digital contents and system thereof | |
| JP2007036380A (en) | Receiver, cas module and distribution method | |
| EP3293978A1 (en) | Method for implementing a new default configuration in a host device and system therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |