CN109391594B - Security authentication system and method - Google Patents
Security authentication system and method Download PDFInfo
- Publication number
- CN109391594B CN109391594B CN201710673014.3A CN201710673014A CN109391594B CN 109391594 B CN109391594 B CN 109391594B CN 201710673014 A CN201710673014 A CN 201710673014A CN 109391594 B CN109391594 B CN 109391594B
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication
- authentication information
- video server
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a security authentication method and a security authentication system, and relates to the field of information security. The security authentication method comprises the following steps: the video server responds to an access request sent by the terminal, generates first authentication information comprising a second public key according to the first public key, and returns the first authentication information to the terminal; the terminal adopts a first private key in a trusted domain module of the terminal to perform first authentication on the first authentication information; the terminal generates second authentication information by adopting a second public key in the first authentication information and returns the second authentication information to the video server; the video server performs second authentication on the second authentication information by adopting a second private key; and responding to the first authentication and the second authentication, and judging that the security authentication is passed by the video server or the terminal. Therefore, the legality of the terminal can be guaranteed, the legality of a video server accessed by the terminal can be guaranteed, the digital copyright of the video content is effectively prevented from being illegally stolen, and the video content is protected.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a security authentication system and method.
Background
The resolution of the original television is greatly improved by the 4K video, the resolution reaches more than 3840x2160 pixels, the visual effect of the video can be greatly improved, and the impression experience of a user is improved.
Each large content copyright party has strict digital copyright requirements for 4K video content, and clearly requires that copyright protection is required to be performed on the video content when services such as interactive network Television (IPTV, Internet Protocol Television) and the like are operated, and related systems or devices must have content protection capability to prevent illegal pirate playing.
However, in the video playing systems such as IPTV in the prior art, the security of the devices is not verified, or the server simply verifies the terminal, so that the security of the system is low, and the video content is easily stolen illegally.
Disclosure of Invention
The embodiment of the invention aims to solve the technical problem that: how to improve the security of video content protection.
According to a first aspect of embodiments of the present invention, there is provided a security authentication method, including: the video server responds to an access request sent by the terminal, generates first authentication information according to the first public key, and returns the first authentication information to the terminal, wherein the first authentication information comprises a second public key; the terminal performs first authentication on first authentication information by adopting a first private key in a trusted domain module of the terminal, wherein the first public key and the first private key are pairwise keys; the terminal generates second authentication information by adopting a second public key in the first authentication information and returns the second authentication information to the video server; the video server performs second authentication on the second authentication information by adopting a second private key, wherein the second public key and the second private key are pairwise keys; and responding to the first authentication and the second authentication, and judging that the security authentication is passed by the video server or the terminal.
In one embodiment, the video server encrypts the second public key and the terminal identifier in the access request sent by the terminal by using the first public key to generate first authentication information, and returns the first authentication information to the terminal.
In one embodiment, the terminal encrypts the first authentication information by using the second public key in the first authentication information to generate second authentication information, and returns the second authentication information to the video server.
In one embodiment, further comprising: and the terminal reads the terminal identification from the trusted domain module and sends an access request comprising the terminal identification to the video server.
In one embodiment, the terminal identification includes a device identification code and a 4K terminal identification code.
In one embodiment, the secure authentication method further comprises: and the terminal responds to the passing of the security authentication and decrypts the encrypted video sent by the video server by adopting the video key in the trusted domain module.
In one embodiment, the terminal is a set-top box.
According to a second aspect of the embodiments of the present invention, there is provided a security authentication system including: the terminal is configured to receive first authentication information sent by the video server, perform first authentication on the first authentication information by adopting the first private key, generate second authentication information by adopting a second public key in the first authentication information, and return the second authentication information to the video server; the video server stores a first public key, a second public key and a second private key, and is configured to generate first authentication information including the second public key according to the first public key in response to an access request sent by the terminal, return the first authentication information to the terminal, perform second authentication on the second authentication information by using the second private key, and judge that the security authentication passes in response to the first authentication and the second authentication passing; wherein the first public key and the first private key are pairwise keys and the second public key and the second private key are pairwise keys.
In one embodiment, the video server is further configured to encrypt the second public key and the terminal identifier in the access request sent by the terminal by using the first public key to generate first authentication information, and return the first authentication information to the terminal.
In one embodiment, the terminal is further configured to encrypt the first authentication information with a second public key in the first authentication information to generate second authentication information, and return the second authentication information to the video server.
In one embodiment, the terminal is further configured to read a terminal identification from the trusted domain module and to send an access request comprising the terminal identification to the video server.
In one embodiment, the terminal identification includes a device identification code and a 4K terminal identification code.
In one embodiment, the terminal is further configured to decrypt the encrypted video sent by the video server using the video key in the trusted domain module in response to the security authentication passing.
In one embodiment, the terminal is a set-top box.
One embodiment of the above invention has the following advantages or benefits: the terminal authenticates the video server and the video server authenticates the terminal, thereby realizing the bidirectional authentication between the terminal and the video server, not only ensuring the legality of the terminal and avoiding the leakage of the content protected by the copyright from the terminal side, but also ensuring the legality of the video server accessed by the terminal and avoiding the terminal from receiving the content provided by an illegal server, effectively preventing the digital copyright of the video content from being illegally stolen, and realizing the protection of the video content.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a block diagram of one embodiment of a security authentication system of the present invention.
Fig. 2 is a flowchart of an embodiment of a security authentication method of the present invention.
Fig. 3 is a flowchart of another embodiment of the security authentication method of the present invention.
Fig. 4 is a flowchart of another embodiment of the security authentication method of the present invention.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 is a block diagram of one embodiment of a security authentication system of the present invention. As shown in fig. 1, the short message sending and receiving system of the embodiment includes a video server 11 and a terminal 12.
The video server 11 is a network-side device, and may be, for example, a content server of a video website, a device in a Terminal Management System (TMS), or a server dedicated to security authentication. The video server 11 provides the video content and other related data to the terminal 12 for playback or display by the terminal 12.
The video server 11 stores therein a first public key, a second public key, and a second private key.
The terminal 12 is a device on the user side, and is configured to receive the video sent by the video server 11, and play the video or deliver the video to another user device for playing after processing. The terminal 12 may be, for example, a set-top box, a television box, or the like.
The terminal 12 has a first private key stored therein, and the first private key is stored in a trusted domain module of the terminal 12. The trusted domain module is a security zone of the terminal 12, and does not provide modification authority to the user, and the content in the trusted domain module can only be read.
The first private key may be burned in a secure area of the terminal 12, for example, when the terminal 12 is shipped from a factory.
In an embodiment of the invention, the first public key and the first private key are pairwise keys and the second public key and the second private key are pairwise keys. That is, the content encrypted by the first public key may be decrypted by the first private key, and the content encrypted by the second public key may be decrypted by the second private key.
The terminal 12 is configured to receive the first authentication information sent by the video server 11, perform first authentication on the first authentication information by using a first private key, generate second authentication information by using a second public key in the first authentication information, and return the second authentication information to the video server 11; the video server 11 is configured to generate first authentication information including the second public key from the first public key in response to the access request sent by the terminal 12, return the first authentication information to the terminal 12, and perform second authentication on the second authentication information using the second private key.
The video server 11 or the terminal 12 determines that the security authentication is passed in response to the first authentication and the second authentication being passed.
Through the embodiment, the terminal authenticates the video server and the video server authenticates the terminal, so that the bidirectional authentication between the terminal and the video server is realized, the legality of the terminal can be ensured, the content protected by copyright is prevented from being revealed from the terminal side, the legality of the video server accessed by the terminal can be ensured, the terminal is prevented from receiving the content provided by an illegal server, the digital copyright of the video content is effectively prevented from being illegally stolen, and the protection of the video content is realized.
The encrypted objects of the video server 11 and the terminal 12 may be data that both have.
In one embodiment, video server 11 is further configured to encrypt the second public key and the terminal identifier in the access request sent by terminal 12 with the first public key to generate first authentication information, and return the first authentication information to terminal 12.
In one embodiment, the terminal 12 is further configured to encrypt the first authentication information with the second public key in the first authentication information to generate second authentication information.
The security authentication method according to an embodiment of the present invention is described below with reference to fig. 2 with reference to the terminal and the video server in fig. 1.
Fig. 2 is a flowchart of an embodiment of a security authentication method of the present invention. As shown in fig. 2, the security authentication method of this embodiment includes steps S202 to S210.
In step S202, the video server 11 generates first authentication information according to the first public key in response to the access request sent by the terminal, and returns the first authentication information to the terminal, where the first authentication information includes the second public key.
The terminal 12 may, for example, send an access request to the video server 11 when accessing the video server 11, or send an access request when requesting the video server 11 to prepare for delivering video. Of course, those skilled in the art may set other occasions or manners for sending the access request, which are not described herein again.
In one embodiment, the terminal 12 may read a terminal identification from a trusted domain module of the terminal 12 and send an access request including the terminal identification to the video server 11.
The video server 11 may encrypt the second public key and information that both the video server 11 and the terminal 12 possess. For example, if the access request includes a terminal identifier, the video server 11 may encrypt the second public key and the terminal identifier, which may include, for example, a device identification code and a 4K terminal identification code; for another example, the video server 11 may query the device information of the terminal 12 according to the source address in the access request, and encrypt the second public key and the device information; as another example, video server 11 may encrypt the second public key and the transmission timestamp of the access request. Other encryption methods may also be adopted by those skilled in the art as needed, and are not described herein.
In step S204, the terminal 12 performs a first authentication on the first authentication information by using a first private key in the trusted domain module of the terminal 12.
The first public key and the first private key are pairwise keys. Therefore, the terminal 12 may decrypt the first authentication information using the first private key and compare the decryption result with the corresponding information stored by the terminal 12. If the decryption result is identical to the corresponding information stored in the terminal 12, the first authentication is passed.
The terminal 12 can obtain the second public key in the first authentication information after successful decryption, and proceeds to step S206.
In step S206, the terminal 12 generates second authentication information using the second public key in the first authentication information, and returns the second authentication information to the video server 11.
The terminal 12 may encrypt information that both the video server 11 and the terminal 12 have. In a specific embodiment, refer to step S202.
In step S208, the video server 11 performs second authentication on the second authentication information using the second private key.
The second public key and the second private key are pairwise keys. Therefore, the video server 11 may decrypt the second authentication information using the second private key and compare the decryption result with the corresponding information stored by the video server 11. If the decryption result is identical to the corresponding information stored by the video server 11, the second authentication is passed.
In step S210, in response to the first authentication and the second authentication passing, the video server 11 or the terminal 12 determines that the security authentication passes.
After determining that the security authentication is passed, the video server 11 and the terminal 12 may establish a data content transmission connection so that the video server 11 delivers the video content to the terminal 12.
Through the embodiment, the bidirectional authentication between the terminal and the video server is realized, the legality of the terminal can be ensured, the content protected by the copyright is prevented from being revealed from the terminal side, the legality of the video server accessed by the terminal can be ensured, the terminal is prevented from receiving the content provided by an illegal server, the digital copyright of the video content is effectively prevented from being illegally stolen, and the protection of the video content is realized.
The video server 11 and the terminal 12 in the embodiment of fig. 1 may be further configured.
In one embodiment, the terminal 12 may be further configured to read a terminal identification from a trusted domain module of the terminal 12 and to send an access request including the terminal identification to the video server 11.
The terminal identification may include, for example, a device identification code and a 4K terminal identification code.
The 4K video has higher requirements on the playing safety, for example, the video can only be played by using a specific device. Thus, the terminal 12 may transmit its own device identification code, such as a device Number, a hardware identifier, a Serial Number (SN) or a fixed network address, etc.; in addition, the terminal 12 may also transmit a 4K terminal identification code to indicate that the terminal 12 has the right to play 4K video.
Therefore, the safety authentication system provided by the invention can provide a safe transmission environment for the 4K video.
A security authentication method according to another embodiment of the present invention is described below with reference to fig. 3.
Fig. 3 is a flowchart of another embodiment of the security authentication method of the present invention. As shown in fig. 3, the method of this embodiment includes steps S302 to S320, and may further include step S322 as needed.
In step S302, the terminal 12 reads the device identification code and the 4K terminal identification code from the trusted domain module.
In step S304, the terminal 12 transmits an access request including the device identification code and the 4K terminal identification code to the video server 11.
In step S306, the video server 11 encrypts the second public key, the device identifier and the 4K terminal identifier in the access request by using the first public key to generate first authentication information.
The video server 11 may write the second public key, the device identification code, and the 4K terminal identification code at predetermined positions in a predetermined field or string, respectively, so that the terminal 12 can obtain the corresponding content of each part after decryption.
In step S308, the video server 11 returns the first authentication information to the terminal 12.
In step S310, the terminal 12 decrypts the first authentication information by using the first private key in the trusted domain module of the terminal 12.
The first public key and the first private key are pairwise keys.
In step S312, the terminal 12 compares the device identification code and the 4K terminal identification code stored in the trusted domain module with the corresponding contents in the decrypted result.
If not, the terminal 12 determines that the security authentication does not pass. At this time, the terminal 12 may notify the video server 11 of the result of the security authentication failing, and may not perform data transmission between the two. The terminal 12 may reinitiate the request or choose to connect to another server.
If the two are the same, the first authentication is passed, and step S314 is executed.
In step S314, the terminal 12 encrypts the first authentication information using the second public key to generate second authentication information.
In step S316, the terminal 12 returns the second authentication information to the video server 11.
In step S318, the video server 11 decrypts the second authentication information using the second private key.
The second public key and the second private key are pairwise keys.
In step S320, the video server 11 compares whether the decrypted result is the same as the first authentication information previously generated by the video server 11.
If not, video server 11 determines that the security authentication does not pass. At this time, the video server 11 may notify the terminal 12 of the result that the security authentication is not passed, and data transmission between the two may not be performed. The terminal 12 may reinitiate the request or choose to connect to another server.
If the authentication is the same, the video server 11 determines that the security authentication is passed. At this time, the video server 11 may notify the terminal 12 of the result of passing the security authentication, and a video transmission connection may be established therebetween.
For example, step S322 may be included.
In step S322, a video transmission connection is established between the video server 11 and the terminal 12.
In addition, the terminal 12 may also decrypt the encrypted video sent by the video server by using the video key in the trusted domain module.
Thereby further ensuring the security of the digital content.
By the method of the embodiment, a safe transmission environment can be provided for the 4K video, and the 4K video content is protected.
In the network, for part of program sources, the equipment needs strict content protection, and the security requirement of the part of program sources is low. The invention is also suitable for a network or a system with two program sources or playing devices with different security levels. A security authentication method according to still another embodiment of the present invention is described below with reference to fig. 4.
Fig. 4 is a flowchart of another embodiment of the security authentication method of the present invention. As shown in fig. 4, the method of this embodiment includes steps S402 to S416.
In step S402, the video server 11 receives the access request transmitted by the terminal 12.
In step S404, the video server 11 determines whether security authentication is required according to the terminal identifier in the access request.
If the terminal identification corresponds to a higher security level, for example, the terminal identification has a 4K terminal identification code, it is determined that security authentication is required, and steps S406-S416 are executed; if the terminal identifier corresponds to a lower security level, for example, the terminal identifier does not have a 4K terminal identifier, and the terminal is a normal terminal, the security authentication is not required, and step S416 is directly executed.
In step S406, the video server 11 generates first authentication information including the second public key from the first public key, and returns the first authentication information to the terminal 12.
In step S408, the terminal 12 performs a first authentication on the first authentication information by using a first private key in the trusted domain module of the terminal 12.
The first public key and the first private key are pairwise keys
In step S410, the terminal 12 generates second authentication information using the second public key, and returns the second authentication information to the video server 11.
In step S412, the video server 11 performs second authentication on the second authentication information using the second private key.
The second public key and the second private key are pairwise keys.
In step S414, in response to the first authentication and the second authentication passing, the video server 11 or the terminal 12 determines that the security authentication passes.
In step S416, the video server 11 establishes a data transmission connection with the terminal 12.
By the method of the above embodiment, the video server 11 can serve terminals with different security requirement types at the same time, so as to deliver video contents with different content protection requirements to different types of terminals.
After passing the security authentication, the terminal 12 provided by the embodiment of the present invention may further improve security during the playing process.
In one embodiment, the terminal 12 may be further configured to decrypt the encrypted video sent by the video server using the video key in the trusted domain module in response to the security authentication passing.
Thus, the terminal 12 can deliver the decrypted video content to the playing module for playing.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, wherein the computer program is configured to implement any one of the foregoing short message sending and receiving methods when executed by a processor.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (14)
1. A method of secure authentication, comprising:
the video server responds to an access request sent by a terminal, generates first authentication information according to a first public key and returns the first authentication information to the terminal, wherein the first authentication information comprises a second public key, and the video server encrypts the second public key and information simultaneously possessed by the video server and the terminal to generate the first authentication information;
the terminal decrypts the first authentication information by adopting a first private key in a trusted domain module of the terminal so as to perform first authentication, wherein the first public key and the first private key are pairwise keys;
the terminal generates second authentication information by adopting a second public key in the first authentication information and returns the second authentication information to the video server, wherein the terminal generates the second authentication information by encrypting information which is simultaneously possessed by the video server and the terminal;
the video server decrypts the second authentication information by adopting a second private key to perform second authentication, wherein the second public key and the second private key are pairwise keys;
and responding to the first authentication and the second authentication, and judging that the security authentication is passed by the video server or the terminal.
2. The secure authentication method according to claim 1,
the video server encrypts the second public key and the terminal identification in the access request sent by the terminal by adopting the first public key to generate first authentication information, and returns the first authentication information to the terminal.
3. The secure authentication method according to claim 1,
and the terminal encrypts the first authentication information by adopting a second public key in the first authentication information to generate second authentication information, and returns the second authentication information to the video server.
4. The security authentication method of claim 1, further comprising:
and the terminal reads a terminal identifier from the trusted domain module and sends an access request comprising the terminal identifier to the video server.
5. The security authentication method according to claim 2 or 4, wherein the terminal identification comprises a device identification code and a 4K terminal identification code.
6. The secure authentication method according to any one of claims 1 to 4, further comprising:
and the terminal responds to the passing of the security authentication and decrypts the encrypted video sent by the video server by adopting the video key in the trusted domain module.
7. The security authentication method according to any one of claims 1 to 4, wherein the terminal is a set-top box.
8. A security authentication system, comprising:
the terminal comprises a terminal, wherein a first private key is stored in a trusted domain module of the terminal, the terminal is configured to receive first authentication information sent by a video server, decrypt the first authentication information by using the first private key to perform first authentication, generate second authentication information by using a second public key in the first authentication information, and return the second authentication information to the video server, wherein the terminal generates the second authentication information by encrypting information simultaneously possessed by the video server and the terminal;
the video server stores a first public key, a second public key and a second private key, and is configured to generate first authentication information including the second public key according to the first public key in response to an access request sent by the terminal and return the first authentication information to the terminal, wherein the video server generates the first authentication information by encrypting the second public key and information which is possessed by the video server and the terminal at the same time; decrypting the second authentication information by using a second private key to perform second authentication, and judging that security authentication passes in response to the first authentication and the second authentication passing;
wherein the first public key and the first private key are pairwise keys and the second public key and the second private key are pairwise keys.
9. The security authentication system of claim 8, wherein the video server is further configured to encrypt the second public key and the terminal identifier in the access request sent by the terminal with the first public key to generate the first authentication information, and return the first authentication information to the terminal.
10. The system according to claim 8, wherein the terminal is further configured to encrypt the first authentication information with the second public key in the first authentication information to generate second authentication information, and return the second authentication information to the video server.
11. The security authentication system of claim 8, wherein the terminal is further configured to read a terminal identification from the trusted domain module and send an access request including the terminal identification to a video server.
12. The security authentication system according to claim 9 or 11, wherein the terminal identification comprises a device identification code and a 4K terminal identification code.
13. The security authentication system according to any one of claims 8-11, wherein the terminal is further configured to decrypt the encrypted video sent by the video server using the video key in the trusted domain module in response to the security authentication passing.
14. A security authentication system according to any of claims 8-11, wherein the terminal is a set-top box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710673014.3A CN109391594B (en) | 2017-08-09 | 2017-08-09 | Security authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710673014.3A CN109391594B (en) | 2017-08-09 | 2017-08-09 | Security authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109391594A CN109391594A (en) | 2019-02-26 |
| CN109391594B true CN109391594B (en) | 2021-07-30 |
Family
ID=65413966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710673014.3A Active CN109391594B (en) | 2017-08-09 | 2017-08-09 | Security authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109391594B (en) |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8892887B2 (en) * | 2006-10-10 | 2014-11-18 | Qualcomm Incorporated | Method and apparatus for mutual authentication |
| CN101222488B (en) * | 2007-01-10 | 2010-12-08 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| KR101452708B1 (en) * | 2008-02-01 | 2014-10-21 | 삼성전자주식회사 | CE device management server, method for issuing DRM key using CE device management server, and computer readable medium |
| CN101431415B (en) * | 2008-12-12 | 2011-12-21 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method |
| CN101719910B (en) * | 2009-11-16 | 2015-02-11 | 北京数字太和科技有限责任公司 | Terminal equipment for realizing content protection and transmission method thereof |
| TW201201041A (en) * | 2010-06-21 | 2012-01-01 | Zhe-Yang Zhou | Data security method and system |
| CN101958904B (en) * | 2010-10-12 | 2012-07-11 | 高斯贝尔数码科技股份有限公司 | User identity (Id) security authentication system and method for interactive digital television system |
| CN102868519A (en) * | 2011-07-04 | 2013-01-09 | 周哲仰 | Data security method and system |
| CN103095704A (en) * | 2013-01-15 | 2013-05-08 | 杭州华三通信技术有限公司 | Trusted medium online validation method and device |
| US10708072B2 (en) * | 2015-06-30 | 2020-07-07 | Visa International Service Association | Mutual authentication of confidential communication |
| CN105530253B (en) * | 2015-12-17 | 2018-12-28 | 河南大学 | Wireless sensor network access authentication method under Restful framework based on CA certificate |
| JP6613909B2 (en) * | 2016-01-15 | 2019-12-04 | 富士通株式会社 | Mutual authentication method, authentication device, and authentication program |
| CN105554747B (en) * | 2016-01-29 | 2018-09-04 | 腾讯科技(深圳)有限公司 | Wireless network connecting method, apparatus and system |
| CN105872848B (en) * | 2016-06-13 | 2019-01-08 | 北京可信华泰信息技术有限公司 | A kind of credible mutual authentication method suitable for asymmetric resource environment |
| CN106603485B (en) * | 2016-10-31 | 2020-03-03 | 美的智慧家居科技有限公司 | Key agreement method and device |
-
2017
- 2017-08-09 CN CN201710673014.3A patent/CN109391594B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109391594A (en) | 2019-02-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103368740B (en) | System for numeral copyright management of the bound content to smart storage device, device and method | |
| CN106464485B (en) | System and method for protecting content keys delivered in manifest files | |
| KR101172093B1 (en) | Digital audio/video data processing unit and method for controlling access to said data | |
| CA2948895C (en) | Provisioning drm credentials on a client device using an update server | |
| CN101938468B (en) | Digital content protecting system | |
| US10055553B2 (en) | PC secure video path | |
| JP2019532603A (en) | Digital rights management based on blockchain | |
| CN105939484A (en) | Audio/video encrypted playing method and system thereof | |
| CN107613316B (en) | Live network push stream verification method and system | |
| CN102281300A (en) | digital rights management license distribution method and system, server and terminal | |
| CN103841469A (en) | Digital film copyright protection method and device | |
| CN106033503A (en) | Method, device and system of online writing application secret key into digital content equipment | |
| US11436350B2 (en) | Protecting media content | |
| CN104540016A (en) | Video playing method and device | |
| CN105721903A (en) | Method and system for playing online videos | |
| US20230132485A1 (en) | System for Thin Client Devices in Hybrid Edge Cloud Systems | |
| KR102140356B1 (en) | Method and device to embed watermark in uncompressed video data | |
| CN105635759A (en) | Output content protection method and condition receiving module | |
| KR100977498B1 (en) | Method for Digital Rights Management | |
| CN108076352B (en) | Video anti-theft method and system | |
| CN109391594B (en) | Security authentication system and method | |
| JP6013233B2 (en) | Content distribution system, apparatus and program | |
| CN104994411A (en) | Digital copyright protection system for high-definition videos of mobile Internet | |
| CN117318954A (en) | Device certificate generation method, digital content presentation method and related devices | |
| CN103366101B (en) | Provide the content to the system for numeral copyright management of intelligence memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |