CN105516812A - Data security processing system - Google Patents
Data security processing system Download PDFInfo
- Publication number
- CN105516812A CN105516812A CN201610059914.4A CN201610059914A CN105516812A CN 105516812 A CN105516812 A CN 105516812A CN 201610059914 A CN201610059914 A CN 201610059914A CN 105516812 A CN105516812 A CN 105516812A
- Authority
- CN
- China
- Prior art keywords
- data
- end server
- top box
- certification
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 19
- 239000000654 additive Substances 0.000 description 4
- 230000000996 additive effect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 2
- 230000009931 harmful effect Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/458—Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules ; time-related management operations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/441—Acquiring end-user identification, e.g. using personal code sent by the remote control or by inserting a card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
Abstract
The embodiment of the invention provides a data security processing system, relates to the technical field of televisions, and aims to protect the security of advertisement data more comprehensively. The system comprises a front-end server and a set-top box; the front-end server acquires the authenticated advertisement data, encrypts the advertisement data by using a preset encryption algorithm and sends the encrypted advertisement data to the set-top box; the authenticated advertisement data is the advertisement data authenticated by the front-end server; the set top box receives the encrypted advertisement data sent by the front-end server and decrypts the encrypted advertisement data according to a decryption algorithm; if the set-top box decrypts the advertisement data, storing the advertisement data; when receiving the encrypted advertisement data sent by the front-end server, the set-top box monitors whether the encrypted advertisement data is received again within a preset time; and if the encrypted advertisement data is not received again within the preset time, deleting the stored advertisement data.
Description
Technical field
The present invention relates to TV technology, particularly relate to a kind for the treatment of system of data security.
Background technology
Along with the development of science and technology, the type of service of Set Top Box gets more and more.Develop commercial paper value-added service on the set-top box, be more and more subject to the favor of each radio, TV and film industries operator, middleware producer, set-top box software develop enterprise.Commercial paper value-added service in the product function enriching Set Top Box, improve Consumer's Experience, and add the income of operator.
But, when displaying advertising messages, be all from front-end server to the unidirectional propelling movement of STB terminal.Lack enough salvos therebetween, once the transmission system of ad data is broken through by lawless person, will the loss that cannot retrieve be brought.
Summary of the invention
Embodiments of the invention provide a kind for the treatment of system of data security, in order to more fully to protect the safety of ad data.
For achieving the above object, embodiments of the invention adopt following technical scheme:
Embodiments provide a kind for the treatment of system of data security, comprising: front-end server and Set Top Box; Wherein, described front-end server obtains the ad data after certification, and described ad data is utilized predetermined encryption algorithm, is encrypted described ad data, and the described ad data of encryption is sent to Set Top Box; Ad data after described certification is the ad data by described front-end server certification; Described Set Top Box receives the ad data of the encryption that described front-end server sends, and according to decipherment algorithm, is decrypted the ad data of described encryption; If described Set Top Box decrypts ad data, then store described ad data; Further, described Set Top Box, when receiving the ad data of the encryption that described front-end server sends, monitors the ad data whether again receiving described encryption in Preset Time; If again do not receive the ad data of described encryption in Preset Time, then delete the described ad data of storage.
Alternatively, the ad data after described front-end server obtains certification comprises: described front-end server carries out authentication to the user sending ad data; If the ad data that described user sends by authentication, is then defined as the ad data after certification by the user of described transmission ad data; Or, described front-end server receives the ad data that user sends, determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification; Or the ad data obtained from mobile device is defined as the ad data after certification by described front-end server.
Alternatively, the ad data after described front-end server obtains certification comprises: described front-end server carries out authentication to the user sending ad data; If the user of described transmission ad data passes through authentication, then receive the ad data that described user sends, and determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification.
Alternatively, the ad data after described front-end server obtains certification comprises: described front-end server carries out authentication to the user sending ad data; If the ad data obtained in described mobile device by authentication, is then defined as the ad data after certification by the user of described transmission ad data.
Alternatively, ad data after described front-end server obtains certification comprises: the ad data that described front-end server obtains from described mobile device, and determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification.
Alternatively, the ad data after described front-end server obtains certification comprises: described front-end server carries out authentication to the user sending ad data; If the user of described transmission ad data passes through authentication, the ad data then obtained from described mobile device, and determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification.
Alternatively, described front-end server carries out authentication comprise sending the user of ad data: described front-end server detects user and whether inserts U shield; If insert U shield, then from described U shield, obtain identity information, described identity information is verified.
Alternatively, if described Set Top Box decrypts ad data, then store described ad data and comprise:
If described Set Top Box decrypts ad data, then carry out resolving the version number obtaining described ad data to described ad data; According to the version number of described ad data, determine whether described ad data stores; Do not store described ad data if determine, then upgrade the ad data stored according to described ad data.
Alternatively, also comprise: store described ad data if determine, then do not process the described ad data after deciphering.
Alternatively, at described front-end server after the described ad data after encryption is sent to Set Top Box, also comprise: described front-end server sends to keeper the prompting message that ad data is sent to Set Top Box.
Embodiments provide a kind for the treatment of system of data security, comprising: front-end server and Set Top Box; Wherein, front-end server obtains the ad data after certification, and ad data is utilized predetermined encryption algorithm, is encrypted, the ad data of encryption is sent to Set Top Box to ad data; The ad data of the encryption that Set Top Box receiving front-end server sends, according to decipherment algorithm, is decrypted the ad data of encryption; If Set Top Box decrypts ad data, then store ad data; Further, Set Top Box, when the ad data of the encryption that receiving front-end server sends, monitors the ad data whether again to receive encryption in Preset Time after; If again do not receive the ad data after encryption in Preset Time, then delete the ad data of storage.Like this, in the treatment system of data security, front-end server obtains the ad data after certification, due to the ad data that the data after this certification are by front-end server certification, therefore, ad data after certification is safe ad data, and now the ad data after certification can be sent to Set Top Box by front-end server.In order to prevent in transmitting procedure, ad data is replaced, and now front-end server can utilize predetermined encryption algorithm to be encrypted the ad data after this certification, and the ad data after encryption is sent to Set Top Box.Set Top Box, after receiving the ad data of encryption, to the ad data deciphering of this encryption, after decrypting ad data, can store this ad data.Set Top Box is when the ad data of the encryption that receiving front-end server sends, need to continue to monitor the ad data whether again receiving encryption in Preset Time, if again do not receive the ad data of encryption in Preset Time, then the ad data stored is deleted by Set Top Box.When ad data after the certification that can obtain at front-end server is like this invalid data, this invalid data is sent to Set Top Box, if when now front-end server is closed by keeper, Set Top Box then cannot receive the ad data of encryption in Preset Time, the ad data stored can be deleted by Set Top Box, thus the invalid data stored can be deleted, stop playing this invalid data.That is, the safeguard protection that the treatment system of data security in the present invention all can realize ad data at front-end server and Set Top Box, thus the object of the safety more fully protecting ad data can be realized.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The schematic diagram of the system of a kind of data security that Fig. 1 provides for the embodiment of the present invention;
The schematic diagram of the system of the another kind of data security that Fig. 2 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiments provide a kind of system of data security, as shown in Figure 1, comprising: front-end server and Set Top Box.Wherein,
101, the ad data after front-end server acquisition certification, and ad data is utilized predetermined encryption algorithm, ad data is encrypted, the ad data of encryption is sent to Set Top Box.
Wherein, the ad data after certification is the ad data by front-end server certification.
Concrete, ad data after front-end server utilizes the authentication method preset can get certification, the ad data that can obtain for it after the ad data after getting certification be legal ad data, and the ad data after the now front-end server certification that can be obtained is sent in Set Top Box.Owing to passing through transmission medium between front-end server and Set Top Box, such as cable (cable) connects, in order to prevent transmission medium by illegal molecule grafting, cause front-end server to Set Top Box ability out of hand, now front-end server needs to treat the ad data being sent to Set Top Box and be encrypted.So, instant illegal molecule carries out grafting to transmission medium, because it cannot know the cryptographic algorithm of front-end server and the decipherment algorithm of Set Top Box, and then cannot forge ad data.Front-end server can utilize predetermined encryption algorithm to be encrypted the ad data after certification, and then the ad data after encryption can be sent in Set Top Box.
It should be noted that, front-end server can be made an appointment the cryptographic algorithm and decipherment algorithm that use with Set Top Box.So, front-end server can utilize the cryptographic algorithm appointed to be encrypted ad data, and Set Top Box can utilize the decipherment algorithm appointed to the encrypted advertisements decrypt data received, and then gets required ad data.Further, cryptographic algorithm can be symmetric encipherment algorithm, and can be rivest, shamir, adelman, can also be other advanced encryption algorithm, the present invention limit this.Wherein, because cryptographic algorithm and decipherment algorithm are corresponding, after cryptographic algorithm is determined, the decipherment algorithm of its correspondence is also just determined.
Further, front-end server is the server of generating advertisement data.In order to ensure that the ad data generated is legal ad data, keeper can set authentication method, and so, the ad data that certification obtains is thought legal ad data by front-end server.Keeper can set different authentication methods, and front-end server can obtain the ad data after certification according to different authentication methods.Specific as follows:
Ad data after front-end server obtains certification comprises: front-end server carries out authentication to the user sending ad data; If send the user of ad data by authentication, then the ad data that user sends is defined as the ad data after certification.
Concrete, when user needs to log in front-end server, front-end server first can carry out certification to the identity of user.Now front-end server can obtain the identity information of user, thus carries out authentication according to the identity information of user to user.At front-end server when the identity information determining acquisition is legal identity information, can determine that this user passes through authentication.Now, user is by after authentication, and can send ad data by forward end server, the ad data that the user by authentication can send by front-end server is defined as the ad data after certification.
At front-end server when the identity information determining acquisition is illegal identity information, can determine that this user does not pass through authentication.Now, the ad data that this user sends can abandon by front-end server.
Further, front-end server carries out authentication comprise sending the user of ad data: front-end server detects user and whether inserts U shield; If insert U shield, then from U shield, obtain identity information, identity information is verified.
Concrete, the method that front-end server carries out authentication to the user sending ad data can be utilize U shield to verify.Now, whether front-end server monitoring users inserts U shield.When listening to user and inserting U shield, the identity information of user can be got from U shield, and then can verify identity information.
It should be noted that, the method that front-end server carries out authentication to the user sending ad data can also be additive method, such as, front-end server can receive user name and the password of user's input, and then to the user name of this user and password as the identity information of user, verify accordingly.The present invention is not restricted this.
Further, front-end server according to the identity information of user to the concrete grammar that user carries out authentication can be, the identity information of validated user is previously stored with in front-end server, such front-end server is after getting the identity information of user, the identity information of the identity information of acquisition with the validated user prestored can be compared, if there is the information matched with the identity information obtained in the identity information of the validated user prestored, then the identity information of acquisition can be legal identity information by front-end server.If the information do not matched with the identity information obtained in the identity information of the validated user prestored, then the identity information of acquisition can be illegal identity information by front-end server.
It should be noted that, the concrete grammar that front-end server carries out authentication according to the identity information of user to user also additive method, such as, utilizes U shield to verify at front-end server, can also use the method that existing U shield is verified, the present invention is not restricted this.
So, front-end server can carry out authentication to the user that need log in front-end server, thus prevents the user not having authority from utilizing front-end server to send illegal ad data.
Or, ad data after front-end server obtains certification comprises: front-end server receives the ad data that user sends, determine whether the address information in ad data is preset address information, if the address information in ad data is preset address information, then ad data is defined as the ad data after certification.
Concrete, front-end server can not limit the user sending ad data to it, but strict limiting access address.Now, front-end server receives the ad data that user sends, after receiving this ad data, ad data can be resolved, and then know address information in ad data, address information in ad data and preset address information are compared, determines whether ad data is legal ad data.If the address information in ad data is preset address information, then can thinks that the ad data that user sends is legal ad data, now ad data can be defined as the ad data after certification.If the address information in ad data is not preset address information, then can think that the ad data that user sends is illegal ad data, now ad data can abandon by front-end server.
Further, the address information of ad data comprises: IP (InternetProtocol, Internet protocol) address information and MAC (MediaAccessControl, media interviews control) address information.
It should be noted that, in embodiments of the present invention, the address information of ad data can be only also IP address information or mac address information, or other address informations, and the present invention is not restricted this.
So, can networking requirement be met at front-end server, be ensured the safety of ad data by the address information of strict limiting access.
Or the ad data after front-end server obtains certification comprises: the ad data obtained from mobile device is defined as the ad data after certification by front-end server.
Concrete, in order to ensure the safety of ad data, user sends ad data by other-end equipment forward end server, like this, front-end server without the need to other-end equipment connection, thus can prevent front-end server from being attacked.User can by advertisement data store in mobile device, and front-end server obtains ad data from mobile device, and directly the ad data obtained from mobile device can be defined as the ad data after certification.
It should be noted that, the method of the ad data that front-end server obtains after certification can also be additive method, such as by front-end server restriction in a local network, itself and outer net being disconnected, making front-end server be defined as the ad data after certification by obtaining ad data from the equipment in local area network (LAN).Certainly, can also be additive method, the present invention limit this.
Above-mentioned front-end server obtains the ad data after certification only for a kind of authentication mode.The safety of ad data is obtained in order to strengthen front-end server, can by multiple authentication mode to combination.Specific as follows:
Ad data after front-end server obtains certification comprises: front-end server carries out authentication to the user sending ad data; If the user sending ad data passes through authentication, then receive the ad data that user sends, and determine whether the address information in ad data is preset address information, if the address information in ad data is preset address information, then ad data is defined as the ad data after certification.
Concrete, first front-end server carries out authentication to the user logged in, after authentication is passed through, the ad data that this user sends can be received, and carry out this ad data resolving the address information obtained in ad data, address information in ad data and preset address information are compared, determines whether ad data is legal ad data.If the address information in ad data is preset address information, then can thinks that the ad data that user sends is legal ad data, now ad data can be defined as the ad data after certification.
Or the ad data after front-end server obtains certification comprises: front-end server carries out authentication to the user sending ad data; If send the user of ad data by authentication, then the ad data obtained in mobile device is defined as the ad data after certification.
Concrete, first front-end server carries out authentication to the user logged in, after authentication is passed through, user can by advertisement data store in mobile device, front-end server obtains ad data from mobile device, and directly the ad data obtained from mobile device can be defined as the ad data after certification.
Or, ad data after front-end server obtains certification comprises: the ad data that front-end server obtains from mobile device, and determine whether the address information in ad data is preset address information, if the address information in ad data is preset address information, then ad data is defined as the ad data after certification.
Concrete, user can by advertisement data store in mobile device, front-end server obtains ad data from mobile device, front-end server carries out this ad data resolving the address information obtained in ad data, address information in ad data and preset address information are compared, determines whether ad data is legal ad data.If the address information in ad data is preset address information, then can thinks that the ad data that user sends is legal ad data, now ad data can be defined as the ad data after certification.
Or the ad data after front-end server obtains certification comprises: front-end server carries out authentication to the user sending ad data; If the user sending ad data passes through authentication, the ad data then obtained from mobile device, and determine whether the address information in ad data is preset address information, if the address information in ad data is preset address information, then ad data is defined as the ad data after certification.
Concrete, first front-end server carries out authentication to the user logged in, after authentication is passed through, user can by advertisement data store in mobile device, front-end server obtains ad data from mobile device, front-end server carries out this ad data resolving the address information obtained in ad data, the address information in ad data and preset address information is compared, determines whether ad data is legal ad data.If the address information in ad data is preset address information, then can thinks that the ad data that user sends is legal ad data, now ad data can be defined as the ad data after certification.
So, front-end server utilizes multiple authentication mode to carry out corresponding certification to ad data, and then can get the ad data after certification.By the way, front-end server can prevent to a certain extent from outer net hacker attacks, and the forward end server that also can prevent inner illegal staff from deliberating to a certain extent sends illegal ad data.From but front-end server obtain certification after ad data be safer.
102, the ad data of the encryption of Set Top Box receiving front-end server transmission, according to decipherment algorithm, is decrypted the ad data of encryption; If Set Top Box decrypts ad data, then store described ad data; Further, Set Top Box, when the ad data of the encryption that receiving front-end server sends, monitors the ad data whether again receiving encryption in Preset Time; If again do not receive the ad data of described encryption in Preset Time, then delete the ad data of storage.
Concrete, when the ad data of encryption is sent to Set Top Box by transmission medium by front-end server, Set Top Box can receive the ad data of the encryption that front-end server sends.Now, Set Top Box can be decrypted process according to the ad data of decipherment algorithm to deciphering.When Set Top Box can decrypt ad data, illustrate that ad data is when by some transmission medium, is not replaced by lawless person, the ad data after deciphering can store by this set-top box, when needs broadcast advertisement data, to play accordingly.And when Set Top Box does not go out ad data, illustrate that ad data is when by some transmission medium, being replaced this set-top box by lawless person can abandon the ad data of reception.
Further, Set Top Box is when receiving the ad data of the encryption that described front-end server sends, and Set Top Box also needs real-time monitoring front-end server whether to send the ad data of encryption to it always.Be, Set Top Box needs to monitor whether front-end server again have sent encryption in ad data from Preset Time to Set Top Box.That is, Set Top Box needs to monitor the ad data whether again receiving the encryption that front-end server sends in Preset Time.If Set Top Box does not receive the ad data of encryption in Preset Time, then illustrate that front-end server is closed, this set-top box can determine with front-end server without being connected, can determine that the ad data stored in Set Top Box may exist illegal ad data, all ad datas stored can be deleted by this set-top box.
It should be noted that, because illegal ad data is sent to front-end server by the staff that there is front-end server.Because the staff of front-end server can by all certifications of front-end server, therefore, the illegal ad data that this staff sends, for front-end server, owing to being the ad data obtained by certification, so the ad data that its ad data obtained of front-end server is legal, is the ad data after certification.Now, after this illegal ad data can utilize cryptographic algorithm to be encrypted by front-end server, the illegal ad data of encryption is sent to Set Top Box.Now, Set Top Box can decrypt illegal ad data by decipherment algorithm after receiving the illegal ad data of encryption, and so, when needs broadcast advertisement, illegal ad data can be shown by intelligent television by Set Top Box.
In order to reduce the harmful effect caused after above-mentioned situation occurs, now, front-end server can be closed by keeper, so, after Set Top Box does not receive the ad data of encryption in Preset Time, can be deleted by the ad data stored timely.Or keeper can send new legal ad data by front-end server to Set Top Box, makes Set Top Box show legal ad data by intelligent television.
It should be noted that, in embodiments of the present invention, what front-end server needs were real-time sends enciphered data to Set Top Box.
It should be noted that, Preset Time is that user is arranged according to the actual requirements.
Further, if Set Top Box decrypts ad data, then store ad data and comprise: if Set Top Box decrypts ad data, then carry out resolving the version number obtaining described ad data to ad data; According to the version number of ad data, determine whether ad data stores; Do not store ad data if determine, then upgrade the ad data stored according to ad data.
Concrete, because front-end server needs to send ad data to Set Top Box always, and the ad data sent may be identical with the ad data stored in Set Top Box, and therefore Set Top Box can after decrypting ad data, ad data is resolved, obtains the version number of this ad data.The version number of the ad data of acquisition and the version number of ad data that self stores are contrasted, if do not find the version number identical with the version number of the ad data obtained in the version number of the ad data stored, then illustrate that the ad data stored in Set Top Box exceeds the time limit, now, the ad data that self can store by Set Top Box is deleted, and the ad data that goes out of store decrypted again, the ad data be storing upgrades, so that when by intelligent television broadcast advertisement data, broadcasting be the ad data of the up-to-date transmission of front-end server.
Further, also comprise: store described ad data if determine, then do not process the ad data after deciphering.
Be, when Set Top Box have found the version number identical with the version number of the ad data obtained in the version number of the ad data stored, illustrate that front-end server does not upgrade ad data, the ad data decrypted, without the need to upgrading the ad data stored, can abandon by this set-top box.
Further, in order to strengthen the fail safe of the ad data of the transmission of front-end server, as shown in Figure 2, in step 101 front-end server after the ad data of encryption is sent to Set Top Box, also comprise:
103, front-end server sends to keeper the prompting message that ad data is sent to Set Top Box.
Concrete, front-end server, after the ad data sending encryption to Set Top Box, can send to keeper the prompting message that ad data is sent to Set Top Box, to inform that keeper's front-end server have sent ad data to Set Top Box.Now, when this ad data is not this keeper transmission, keeper can check the ad data that front-end server sends, and then can when keeper detects that the ad data that front-end server sends is illegal ad data, closed front end server timely.Or resend legal ad data to Set Top Box timely, to reduce the harmful effect of illegal ad data.
Like this, keeper can know the ad data sent to Set Top Box by front-end server in time.Thus the better managing advertisement data of keeper can be made.
It should be noted that, the present invention does not limit the order between step 102 and step 103.First can perform step 102, in execution step 103, also first can perform step 103, in execution step 102, step 102 and step 103 can also be performed simultaneously.Only indicate a kind of situation in the example shown.
Embodiments provide a kind for the treatment of system of data security, comprising: front-end server and Set Top Box; Wherein, front-end server obtains the ad data after certification, and ad data is utilized predetermined encryption algorithm, is encrypted ad data, and the ad data after encryption is sent to Set Top Box; The ad data of the encryption that Set Top Box receiving front-end server sends, according to decipherment algorithm, is decrypted the ad data of encryption; If Set Top Box decrypts ad data, then store ad data; Further, Set Top Box, when the ad data of the encryption that receiving front-end server sends, monitors the ad data after whether again receiving encryption in Preset Time; If again do not receive the ad data after encryption in Preset Time, then delete the ad data of storage.Like this, in the treatment system of data security, front-end server obtains the ad data after certification, due to the ad data that the data after this certification are by front-end server certification, therefore, ad data after certification is safe ad data, and now the ad data after certification can be sent to Set Top Box by front-end server.In order to prevent in transmitting procedure, ad data is replaced, and now front-end server can utilize predetermined encryption algorithm to be encrypted the ad data after this certification, and the ad data after encryption is sent to Set Top Box.Set Top Box, after receiving the ad data of encryption, to the ad data deciphering of this encryption, after decrypting ad data, can store this ad data.Set Top Box is when the ad data of the encryption that receiving front-end server sends, need to continue to monitor the ad data whether again receiving encryption in Preset Time, if again do not receive the ad data of encryption in Preset Time, then the ad data stored is deleted by Set Top Box.When ad data after the certification that can obtain at front-end server is like this invalid data, this invalid data is sent to Set Top Box, if when now front-end server is closed by keeper, Set Top Box then cannot receive the ad data of encryption in Preset Time, the ad data stored can be deleted by Set Top Box, thus the invalid data stored can be deleted, stop playing this invalid data.That is, the safeguard protection that the treatment system of data security in the present invention all can realize ad data at front-end server and Set Top Box, thus the object of the safety more fully protecting ad data can be realized.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (10)
1. a system for data security, is characterized in that, comprising: front-end server and Set Top Box; Wherein,
Described front-end server obtains the ad data after certification, and described ad data is utilized predetermined encryption algorithm, is encrypted described ad data, and the described ad data of encryption is sent to Set Top Box; Ad data after described certification is the ad data by described front-end server certification;
Described Set Top Box receives the ad data of the encryption that described front-end server sends, and according to decipherment algorithm, is decrypted the ad data of described encryption; If described Set Top Box decrypts ad data, then store described ad data; Further, described Set Top Box, when receiving the ad data of the encryption that described front-end server sends, monitors the ad data whether again receiving described encryption in Preset Time; If again do not receive the ad data of described encryption in Preset Time, then delete the described ad data of storage.
2. system according to claim 1, is characterized in that,
Ad data after described front-end server obtains certification comprises:
Described front-end server carries out authentication to the user sending ad data;
If the ad data that described user sends by authentication, is then defined as the ad data after certification by the user of described transmission ad data;
Or, described front-end server receives the ad data that user sends, determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification;
Or the ad data obtained from mobile device is defined as the ad data after certification by described front-end server.
3. system according to claim 1, is characterized in that,
Ad data after described front-end server obtains certification comprises:
Described front-end server carries out authentication to the user sending ad data;
If the user of described transmission ad data passes through authentication, then receive the ad data that described user sends, and determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification.
4. system according to claim 1, is characterized in that,
Ad data after described front-end server obtains certification comprises:
Described front-end server carries out authentication to the user sending ad data;
If the ad data obtained in described mobile device by authentication, is then defined as the ad data after certification by the user of described transmission ad data.
5. system according to claim 1, is characterized in that,
Ad data after described front-end server obtains certification comprises:
The ad data that described front-end server obtains from described mobile device, and determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification.
6. system according to claim 1, is characterized in that,
Ad data after described front-end server obtains certification comprises:
Described front-end server carries out authentication to the user sending ad data;
If the user of described transmission ad data passes through authentication, the ad data then obtained from described mobile device, and determine whether the address information in described ad data is preset address information, if the address information in described ad data is preset address information, then described ad data is defined as the ad data after certification.
7. the system according to claim 2-4 or 6 any one, is characterized in that, described front-end server carries out authentication to the user sending ad data and comprises:
Described front-end server detects user and whether inserts U shield;
If insert U shield, then from described U shield, obtain identity information, described identity information is verified.
8. system according to claim 1, is characterized in that, if described Set Top Box decrypts ad data, then stores described ad data and comprises:
If described Set Top Box decrypts ad data, then carry out resolving the version number obtaining described ad data to described ad data;
According to the version number of described ad data, determine whether described ad data stores;
Do not store described ad data if determine, then upgrade the ad data stored according to described ad data.
9. system according to claim 8, is characterized in that, also comprises:
Store described ad data if determine, then do not process the described ad data after deciphering.
10. system according to claim 1, is characterized in that, at described front-end server after the described ad data after encryption is sent to Set Top Box, also comprises:
Described front-end server sends to keeper the prompting message that ad data is sent to Set Top Box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610059914.4A CN105516812A (en) | 2016-01-28 | 2016-01-28 | Data security processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610059914.4A CN105516812A (en) | 2016-01-28 | 2016-01-28 | Data security processing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105516812A true CN105516812A (en) | 2016-04-20 |
Family
ID=55724397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610059914.4A Pending CN105516812A (en) | 2016-01-28 | 2016-01-28 | Data security processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105516812A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100004984A1 (en) * | 2008-07-02 | 2010-01-07 | Verizon Data Services Llc | Television distribution of product/service coupon codes |
| CN102769798A (en) * | 2012-07-24 | 2012-11-07 | 华数传媒网络有限公司 | Set top box information pushing system and set top box information pushing method based on dynamic allocation technology |
| CN104469422A (en) * | 2014-12-31 | 2015-03-25 | 四川金网通电子科技有限公司 | Set top box advertising system with security mechanism and obtaining method thereof |
-
2016
- 2016-01-28 CN CN201610059914.4A patent/CN105516812A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100004984A1 (en) * | 2008-07-02 | 2010-01-07 | Verizon Data Services Llc | Television distribution of product/service coupon codes |
| CN102769798A (en) * | 2012-07-24 | 2012-11-07 | 华数传媒网络有限公司 | Set top box information pushing system and set top box information pushing method based on dynamic allocation technology |
| CN104469422A (en) * | 2014-12-31 | 2015-03-25 | 四川金网通电子科技有限公司 | Set top box advertising system with security mechanism and obtaining method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101076109B (en) | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it | |
| US9270465B2 (en) | Control word protection | |
| EP2595082B1 (en) | Method and authentication server for verifying access identity of set-top box | |
| CN101719910B (en) | Terminal equipment for realizing content protection and transmission method thereof | |
| CN109218825B (en) | Video encryption system | |
| KR100969668B1 (en) | Method for Downloading CAS in IPTV | |
| US8996870B2 (en) | Method for protecting a recorded multimedia content | |
| US8218772B2 (en) | Secure multicast content delivery | |
| CN109151508B (en) | Video encryption method | |
| CN104298896A (en) | Method and system for managing and distributing digital rights | |
| US8615650B2 (en) | Control-word deciphering, transmission and reception methods, recording medium and server for these methods | |
| CN105245944A (en) | DVB (Digital Video Broadcasting)-based multi-terminal program playing method and system, set top box and mobile terminal | |
| US11308242B2 (en) | Method for protecting encrypted control word, hardware security module, main chip and terminal | |
| EP3494707B1 (en) | Method and device for checking authenticity of a hbbtv related application | |
| CN104202622A (en) | Safe advertisement broadcasting method and system | |
| CN101204037A (en) | System and method for efficient encryption and decryption of drm rights objects | |
| KR101803974B1 (en) | A method and apparatus for decrypting encrypted content | |
| US20110179444A1 (en) | Apparatus and method for downloading conditional access images | |
| CN111277802A (en) | Video code stream processing method, device, equipment and storage medium | |
| US10411900B2 (en) | Control word protection method for conditional access system | |
| US20160165279A1 (en) | Method of transmitting messages between distributed authorization server and conditional access module authentication sub-system in renewable conditional access system, and renewable conditional access system headend | |
| CN105516812A (en) | Data security processing system | |
| KR20130096575A (en) | Apparatus and method for distributing group key based on public-key | |
| CN103392312A (en) | Cascading dynamic crypto periods | |
| US20160241900A1 (en) | Descrambling of data according to the properties of the control words |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160420 |