CN113727196B - Method, device and storage medium for realizing CAS terminal authorization on demand - Google Patents

Method, device and storage medium for realizing CAS terminal authorization on demand Download PDF

Info

Publication number
CN113727196B
CN113727196B CN202110817272.0A CN202110817272A CN113727196B CN 113727196 B CN113727196 B CN 113727196B CN 202110817272 A CN202110817272 A CN 202110817272A CN 113727196 B CN113727196 B CN 113727196B
Authority
CN
China
Prior art keywords
authorization
cas
cas terminal
terminal
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110817272.0A
Other languages
Chinese (zh)
Other versions
CN113727196A (en
Inventor
韦月飞
陆天钦
张灵晶
李波
严志康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen SDMC Technology Co Ltd
Original Assignee
Shenzhen SDMC Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen SDMC Technology Co Ltd filed Critical Shenzhen SDMC Technology Co Ltd
Priority to CN202110817272.0A priority Critical patent/CN113727196B/en
Publication of CN113727196A publication Critical patent/CN113727196A/en
Application granted granted Critical
Publication of CN113727196B publication Critical patent/CN113727196B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2543Billing, e.g. for subscription services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/475End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data
    • H04N21/4753End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data for user identification, e.g. by entering a PIN or password

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The application discloses a method for realizing the on-demand authorization of a CAS terminal, which comprises the steps of receiving an authorization request sent by the CAS terminal and obtaining a CAS terminal identifier corresponding to the authorization request; determining authorization information corresponding to the CAS terminal identification according to the CAS terminal identification; and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can acquire a control word according to the service key, and then descramble the received scrambled program stream according to the control word. The application also discloses a device for realizing the CAS terminal authorization on demand and a computer readable storage medium. The application solves the problem that the authorization information occupies a large amount of bandwidth when being broadcasted to all CAS terminals in one way by receiving the authorization request sent by the CAS terminal and then sending the authorization information to the CAS terminal in a unicast mode.

Description

Method, device and storage medium for realizing CAS terminal authorization on demand
Technical Field
The present application relates to the field of digital television technologies, and in particular, to a method, an apparatus, and a computer readable storage medium for implementing on-demand authorization of a CAS terminal.
Background
The conditional access system CAS (Conditional Access System) is a core technology of pay digital television broadcasting, and has a main function of preventing illegal intrusion into a digital broadcasting network and allowing an authorized user to watch a specific program while preventing an unauthorized user from watching. The basic principle of CAS authorization is: the scrambler of the CAS front-end system provides the entitlement control message generator ECMG (Entitlement Control Message Generator) with the scrambling control word CW (Control Word) key for scrambling the program stream, and the ECMG encapsulates the CW into entitlement control message ECM (Entitlement Control Message) and returns the ECM to the scrambler, which multiplexes the ECM into transport stream TS (Transport Stream) and broadcasts it to the transport network. In addition, the entitlement management message generator EMMG (Entitlement Management Message Generator) generates entitlement management messages EMM (Entitlement Management Message) that are pushed to the scrambler, which also multiplexes EMMs into the TS and broadcasts into the transport network. The CAS terminal STB (Set Top Box) parses the identification codes of the ECMs and EMMs from the program map PMT (Program Map Table) and CA-descriptor fields in the conditional access table CAT (Conditional Access Table) of the TS stream, then filters the ECMs and EMMs from the TS stream, parses the scrambling control word CW therefrom, and then sends the CW to the descrambler for descrambling the program. However, based on the above basic principle, the EMM message is transmitted to all CAS terminals by way of unidirectional broadcasting, resulting in a large bandwidth occupied by the EMM message in case that there are a large number of CAS terminals.
Disclosure of Invention
The application mainly aims to provide a method, a device and a computer readable storage medium for realizing the on-demand authorization of a CAS terminal, and aims to solve the problem that authorization information occupies a large bandwidth when the authorization information is distributed to all CAS terminals in a one-way broadcasting mode in the prior art.
In order to achieve the above object, the present application provides a method for implementing on-demand authorization of a CAS terminal, including the steps of:
receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request;
determining authorization information corresponding to the CAS terminal identification according to the CAS terminal identification;
and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can acquire a control word according to the service key, and then descramble the received scrambled program stream according to the control word.
Optionally, the step of determining the authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier includes:
performing security authentication on the CAS terminal according to the CAS terminal identifier;
and if the authentication is successful, executing the step of determining EMM data corresponding to the CAS terminal identification according to the CAS terminal identification.
Optionally, the step of performing security authentication on the CAS terminal according to the CAS terminal identifier includes:
and if the authentication fails, sending a rejection response containing rejection of the authorization request to the CAS terminal.
Optionally, the step of receiving the authorization request of the CAS terminal and acquiring the CAS terminal identifier corresponding to the authorization request further includes:
after receiving an initial program stream, generating a control word corresponding to the initial program stream;
packaging the control word into the initial program stream to generate a scrambled program stream and generating authorization control information according to the control word, wherein the authorization control information comprises the control word encrypted by a service key;
and transmitting the authorization control information and the scrambled program stream to the CAS terminal through a broadcasting network.
A method for implementing on-demand authorization of a CAS terminal, the steps of the method for implementing on-demand authorization of a CAS terminal comprising:
receiving a program playing request of a user, acquiring the scrambled program stream according to the program playing request and sending an authorization request to the CAS front end;
and after receiving the authorization information sent by the CAS front end, descrambling the scrambled program stream according to the authorization information.
Optionally, the step of descrambling the scrambled program stream obtained from the broadcast network according to the authorization information further comprises:
decrypting the authorization information according to the personal distribution key to obtain a corresponding service key;
decrypting the authorization control information according to the service secret key to obtain a control word in the authorization control information;
and descrambling the scrambled program stream according to the control word.
Optionally, the authorization request includes a CAS terminal identifier corresponding to the CAS terminal.
In addition, in order to achieve the above object, the present application further provides a device for implementing on-demand authorization of a CAS terminal, where the device for implementing on-demand authorization of a CAS terminal includes: the system comprises a memory, a processor and a CAS terminal on-demand authorization program stored in the memory and capable of running on the processor, wherein the CAS terminal on-demand authorization program is executed by the processor to realize the steps of the CAS terminal on-demand authorization method.
In addition, to achieve the above object, the present application also provides a computer-readable storage medium having stored thereon a program for implementing CAS terminal on-demand authorization, which when executed by a processor, implements the steps of the method for implementing CAS terminal on-demand authorization as described above.
The method, the device and the computer readable storage medium for realizing the on-demand authorization of the CAS terminal provided by the embodiment of the application realize the on-demand authorization of the CAS terminal by receiving the authorization request sent by the CAS terminal, and then carrying out legal authentication on the CAS terminal according to the authorization request, and after the authentication of the CAS terminal is successful, sending the authorization information corresponding to the CAS terminal.
Drawings
Fig. 1 is a schematic structural diagram of a conditional access system for digital television according to an embodiment of the present application;
FIG. 2 is a flow chart of a first embodiment of a method for implementing on-demand authorization of a CAS terminal in accordance with the present application;
FIG. 3 is a flow chart of a second embodiment of a method for implementing on-demand authorization of a CAS terminal in accordance with the present application;
fig. 4 is a flowchart of a third embodiment of a method for implementing on-demand authorization of a CAS terminal according to the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The main solutions of the embodiments of the present application are: receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request; determining authorization information corresponding to the CAS terminal identification according to the CAS terminal identification; and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can acquire a control word according to the service key, and then descramble the received scrambled program stream according to the control word.
As shown in fig. 1, fig. 1 is a schematic structural diagram of a conditional access system for a digital television according to an embodiment of the present application.
The conditional access system of the digital television comprises a CAS front end and a CAS terminal;
the CAS front end includes:
a scrambler for generating a control word;
an entitlement control message generator for generating ECM data based on the control word and the service key;
the authorization server is used for receiving the authorization request sent by the CAS terminal and returning EMM data corresponding to the authorization request to the CAS terminal;
the CAS terminal includes:
a descrambler for descrambling the scrambled data stream;
and the key box is used for storing the personal distribution key and sending an authorization request to the CAS front end.
Referring to fig. 1, the scrambler establishes two-way communication with the entitlement control message generator and the entitlement server, respectively, and the scrambler transmits the generated control word to the entitlement control message generator, so that the entitlement control message generator generates entitlement control message according to the control word and transmits the entitlement control message to the scrambler, wherein the entitlement control message comprises the control word encrypted by the service key.
Optionally, the authorization control information generator is configured to generate a service key, and encrypt the control word according to the service key, so as to generate authorization control information.
Optionally, the authorization server establishes two-way data communication with the key box of the CAS terminal through a preset http interface, and is configured to receive an authorization request sent by the key box, where the authorization request includes a CAS terminal identifier corresponding to the CAS terminal, and the CAS terminal identifier is used to characterize the CAS terminal. Optionally, the authorization request further includes a program ID, and when the CAS terminal needs to obtain authorization information of some programs, the key box sends the program ID corresponding to the program to the authorization server, so that the authorization server generates the authorization information. And after receiving the authorization request sent by the key box, the authorization server carries out security authentication on the CAS terminal according to the CAS terminal identifier corresponding to the authorization request, and after the authentication is passed, the generated authorization information is returned to the key box for sending the authorization request.
Optionally, the CAS terminal includes a descrambler and a key box, where the descrambler establishes bidirectional communication with the key box, and the descrambler is configured to receive a scrambled data stream sent by the scrambler, where the scrambled data stream includes a program mapping table and authorization control information, the descrambler parses the program mapping table, and the program mapping table stores a correspondence between the authorization control information and an identifier code, so as to obtain the identifier code corresponding to the authorization control information, identify the authorization control information from the scrambled data stream according to the identifier code, and then send the authorization control information to the key box, so that the key box obtains the control word according to the authorization control information.
Optionally, the key box establishes two-way data communication with the authorization server through a preset http interface, and sends an authorization request to the connected authorization server after receiving the authorization control information sent by the descrambler, where the authorization request is sent to the authorization server through the preset http interface. After the key box receives the authorization information sent by the authorization server through the http interface, decrypting the authorization information according to the personal distribution key stored by the key box, further obtaining a service key, further decrypting the authorization control information sent by the descrambler according to the service key, further obtaining a control word corresponding to the authorization control information, further sending the control word to the descrambler, and further enabling the descrambler to analyze the scrambled data stream through the control word sent by the key box, and further realizing playing of the analyzed scrambled data stream.
Optionally, referring to fig. 2, based on the conditional access system for digital television shown in fig. 1, the method for implementing the on-demand authorization of the CAS terminal provided by the present application is applied to the CAS front end of the conditional access system for digital television, and the steps of the method for implementing the on-demand authorization of the CAS terminal include:
step S10, receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request;
step S20, determining authorization information corresponding to the CAS terminal identification according to the CAS terminal identification;
and step S30, transmitting the authorization information to the CAS terminal for transmitting the authorization request through a preset hypertext transfer protocol (HTTP) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal obtains a control word according to the service key, and then descrambles the received scrambled program stream according to the control word.
In the prior art, after the authorization server generates authorization information, the authorization information is sent to the scrambler, the scrambler unidirectional broadcasts the authorization information to all CAS terminals in a unicast mode, and based on the existence of a large number of CAS terminals, the authorization information needs to occupy a large amount of bandwidth. For example, a program corresponds to a data packet, 60 existing programs, 60 CAS terminals, and 100 bytes of each authorization information, and the total data amount of the authorization information is 600000×100×8×60=28800 Mb, where the larger the data amount, the larger the occupied bandwidth. Based on the above, the embodiment of the application provides a user authorization method, which solves the problem that authorization information occupies a large amount of bandwidth.
In the embodiment of the application, an authorization request sent by a key box of a CAS terminal is received through an http interface by an authorization server at the front end of the CAS, wherein the authorization request comprises, but is not limited to, a request token, a CAS terminal identifier and a program ID, and the program ID is a program ID corresponding to a program requested to be authorized to be played by the CAS terminal.
Optionally, after the authorization request is obtained, the authorization server determines whether the CAS terminal has authority to access the authorization server according to a request token corresponding to the authorization request, and when the CAS terminal has authority to access, obtains the CAS terminal identifier and the program ID, and further determines authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier.
Optionally, the step S20 includes:
legal authentication is carried out on the CAS terminal according to the CAS terminal identifier;
if the authentication is successful, executing the step of determining EMM data corresponding to the CAS terminal identification according to the CAS terminal identification;
and if the authentication fails, sending a rejection response containing rejection of the authorization request to the CAS terminal.
In the embodiment of the application, the CAS terminal identifiers are in one-to-one correspondence with the CAS terminals, and legal authentication is performed on the CAS terminals according to the CAS terminal identifiers.
Optionally, the manner of legally authenticating the CAS terminal includes the following:
firstly, judging whether the area position corresponding to the CAS terminal identifier is legal or not; further, whether the CAS terminal corresponding to the CAS terminal identifier is in a white list is judged, and it can be understood that the white list is stored in the authorization server; and further judging whether the CAS terminal corresponding to the CAS terminal identifier has the authority of watching the program to be played corresponding to the program to be played ID. For example: and when the program which is requested to be authorized to be played is a program A, the playing condition of the program A is that the program A is played in a region B, the CAS terminal is in a white list, the CAS terminal has playing authority for playing the program A, when an authorization request of a certain CAS terminal C is received, whether the CAS terminal C has authority for accessing an authorization server or not is judged according to a request token corresponding to the authorization request, after the CAS terminal C has the authority for accessing the authorization server, the position information of the CAS terminal C is acquired, whether the CAS terminal is in the white list is judged according to whether the position information is in the region B, whether the CAS terminal C has the playing authority for playing the program A is judged after the CAS terminal C is in the white list, and the CAS terminal C is judged to be successful in authentication after the CAS terminal C has the playing authority for playing the program A.
Optionally, after the CAS terminal authentication is successful, the authorization information corresponding to the CAS terminal identifier is obtained, where the authorization information includes a service key, and then the authorization information is sent to a key box of the CAS terminal through a preset http interface. For example, after the CAS terminal passes the authentication, a status code "200OK" is returned to the key box and the authorization information is returned, where the status code is used to indicate that the authorization request has been successfully responded, and the key box acquires the authorization information after receiving the status code.
Optionally, to ensure the security of the service key, the authorization server encrypts the service key with a Personal Distribution Key (PDK) in advance, so as to prevent an illegal device from acquiring the service key.
Optionally, when the CAS terminal is determined to be illegal, a rejection response including rejecting the authorization request is returned to the key box. For example, when the CAS terminal is not legal, a status code "403Forbidden" is returned to the key box, where "403Forbidden" is a reject response rejecting the authorization request.
In the embodiment of the application, the authorization request sent by the CAS terminal is received, the CAS terminal is legally authenticated according to the CAS terminal identification corresponding to the authorization request, when the CAS terminal is judged to be legal, the authorization information corresponding to the CAS terminal is determined according to the CAS terminal identification, and then the authorization information is returned to the CAS terminal through a downlink channel, so that the CAS terminal plays a program according to the authorization information, and the authorization information is sent to the CAS terminal after the authorization request is acquired, thereby solving the problem of occupying a large amount of bandwidth when the authorization information is distributed to all CAS terminals in a one-way broadcasting mode in the prior art.
Optionally, based on fig. 2, the step S10 further includes:
step S40, after receiving an initial program stream, generating a control word corresponding to the initial program stream;
step S41, packaging the control word into the initial program stream to generate a scrambling program stream and generating authorization control information according to the control word, wherein the authorization control information comprises the control word encrypted by a service key;
and step S42, transmitting the authorization control information and the scrambling program stream to the CAS terminal through a broadcasting network.
In the embodiment of the application, after the scrambler receives an initial program stream sent by the head end of the encoder in a UDP unicast or multicast mode, a control word is generated by a random word generator, wherein the initial data stream is a program stream before scrambling the scrambled program stream, the control word is further encapsulated into the initial program stream to generate a scrambled program stream, meanwhile, the scrambler sends the control word to the authorization control information generator so that the authorization control information encrypts the control word by using a Service Key (Service Key), thereby generating authorization control information corresponding to the control word, and then sends the authorization control information to the scrambler so that the scrambler multiplexes the authorization control information into the scrambled data stream, and then sends the scrambled data stream and the authorization control information to the CAS terminal through a broadcasting network. It will be appreciated that the entitlement control message includes a control word encrypted with a service key, and optionally, program information such as program source, time, content category, and program price.
Optionally, the control words corresponding to different programs are different and the service keys corresponding to different programs are also different. Accordingly, the authorization control information corresponding to different programs is also different.
Optionally, the broadcast network is a Fiber-Coax network (Hybrid Fiber-Coax), and the scrambled program stream and the entitlement control message are transmitted to the CAS terminal via the broadcast network.
In the embodiment of the application, the CAS front end generates the control word through the scrambler, scrambles the initial program stream according to the control word to generate a scrambled program stream, and simultaneously generates the authorization control information according to the control word and the service key, and further sends the authorization control information and the scrambled data stream to the CAS terminal through a broadcasting network, scrambles the initial program stream through the control word and encrypts the control word through the service key, thereby guaranteeing the security of the initial program stream.
Based on the above embodiments, referring to fig. 4, the steps of the method for implementing on-demand authorization of a CAS terminal further include:
step S50, receiving a program playing request of a user, acquiring the scrambled program stream according to the program playing request and sending an authorization request to the CAS front end;
step S51, after receiving the authorization information sent by the CAS front end, descrambling the scrambled program stream according to the authorization information.
In the embodiment of the application, the CAS terminal receives a program playing request of a user, and receives a scrambled program stream corresponding to the program playing request from the broadcasting network according to the program playing request. After the scrambled program stream is obtained, the scrambled program stream is analyzed, a program mapping table is obtained, the identification code corresponding to the authorization control information in the scrambled program stream is found according to the program mapping table, the authorization control information is obtained from the scrambled program stream according to the identification code, the authorization control information is sent to the key box, after the key box receives the authorization control information, an authorization request is sent to the authorization server, after the authorization server receives the authorization request, whether the CAS terminal is legal or not is judged according to the authorization request, and when the CAS terminal is legal, the authorization information is returned to the key box sending the authorization request, so that the CAS terminal descrambles the scrambled program stream according to the authorization information, and further plays the program corresponding to the scrambled program stream for a user.
Optionally, the step S70 includes:
decrypting the authorization information according to the personal distribution key to obtain a corresponding service key;
decrypting the authorization control information according to the service secret key to obtain a control word in the authorization control information;
and descrambling the scrambled program stream according to the control word.
In the embodiment of the application, when the key box acquires the authorization information, the authorization information is decrypted according to a Personal Distribution Key (PDK) stored by the key box to acquire a service key, after the service key is acquired, authorization control information corresponding to the scrambling program stream is decrypted according to the service key to acquire a control word, after the key box acquires the control word, the control word is returned to the descrambler to descramble the scrambling data stream according to the control word by the descrambler to acquire an initial program stream, and then the initial program stream is analyzed and rendered for the CAS terminal to play a program corresponding to the initial data stream for a user to watch.
In the embodiment of the application, after receiving a play request of a user, a corresponding scrambling program stream is obtained according to the play request, an identification code corresponding to the authorization control information is obtained according to a program mapping table corresponding to the scrambling data stream, the authorization control information is filtered out of the scrambling program stream according to the identification code, and the authorization control information is sent to the key box, so that the key box sends the authorization request to the authorization server according to the authorization control information, and then receives the authorization information sent by the authorization server, and then decrypts the authorization information according to a personal distribution key to obtain a service secret key, and then decrypts the authorization control information according to the service secret key to obtain a control word, and then sends the control word to the descrambler, so that the descrambler descrambles the scrambling program stream according to the control word, and the user watches the program.
In addition, the embodiment of the application also provides a device for realizing the on-demand authorization of the CAS terminal, which comprises: the system comprises a memory, a processor and a CAS terminal on-demand authorization program stored in the memory and capable of running on the processor, wherein the CAS terminal on-demand authorization program is executed by the processor to realize the steps of the CAS terminal on-demand authorization method.
In addition, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores a program for realizing the on-demand authorization of the CAS terminal, and the method for realizing the on-demand authorization of the CAS terminal comprises the steps of realizing the method for realizing the on-demand authorization of the CAS terminal when the program for realizing the on-demand authorization of the CAS terminal is executed by a processor.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (6)

1. A method for implementing on-demand authorization of a CAS terminal, the method for implementing on-demand authorization of a CAS terminal comprising the steps of:
after the CAS front end receives the initial program stream, a random word generator is used for generating a control word corresponding to the initial program stream;
packaging the control word into the initial program stream to generate a scrambled program stream and generating authorization control information according to the control word, wherein the authorization control information comprises the control word and program information encrypted by a service key;
transmitting the entitlement control message and the scrambled program stream to the CAS terminal via a broadcast network;
the CAS terminal receives a program playing request of a user, acquires the scrambling program stream according to the program playing request and sends an authorization request to the CAS front end;
the CAS front end receives an authorization request sent by a CAS terminal and acquires a CAS terminal identifier and a program ID corresponding to the authorization request;
the method comprises the steps of carrying out legal authentication on a CAS terminal according to a CAS terminal identifier, wherein the legal authentication is carried out in a mode that whether the CAS terminal corresponding to the CAS terminal identifier has authority for accessing an authorization server or not is judged according to a request token corresponding to the authorization request, whether the area position corresponding to the CAS terminal identifier is in a play area corresponding to a program ID or not, whether the CAS terminal is in a white list or not, and whether the CAS terminal has play authority for playing programs or not is judged;
if the authentication is successful, corresponding authorization information is determined according to the CAS terminal identification and the program ID;
transmitting the authorization information to the CAS terminal for transmitting the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises a service key encrypted by a personal distribution key;
and after receiving the authorization information sent by the CAS front end, the CAS terminal descrambles the scrambled program stream according to the authorization information.
2. The method for implementing CAS terminal on-demand authorization as set forth in claim 1, wherein the step of legally authenticating the CAS terminal based on the CAS terminal identification includes:
and if the authentication fails, sending a rejection response containing rejection of the authorization request to the CAS terminal.
3. The method for achieving on-demand authorization of a CAS terminal as set forth in claim 1, wherein the step of descrambling the scrambled program stream according to the authorization information further comprises:
decrypting the authorization information according to the personal distribution secret key to obtain a corresponding service secret key;
decrypting the authorization control information according to the service secret key to obtain a control word in the authorization control information;
and descrambling the scrambled program stream according to the control word.
4. The method for implementing CAS terminal on-demand authorization as set forth in claim 1, wherein the authorization request includes a CAS terminal identification corresponding to the CAS terminal.
5. An apparatus for implementing on-demand authorization of a CAS terminal, wherein the apparatus for implementing on-demand authorization of a CAS terminal comprises: memory, a processor and a CAS terminal on-demand authorization implementation program stored on the memory and executable on the processor, wherein the CAS terminal on-demand authorization implementation program, when executed by the processor, implements the steps of the CAS terminal on-demand authorization implementation method according to any one of claims 1 to 4.
6. A computer readable storage medium, wherein a program for implementing CAS terminal on-demand authorization is stored on the computer readable storage medium, and the steps of the method for implementing CAS terminal on-demand authorization according to any one of claims 1 to 4 are implemented when the program for implementing CAS terminal on-demand authorization is executed by a processor.
CN202110817272.0A 2021-07-19 2021-07-19 Method, device and storage medium for realizing CAS terminal authorization on demand Active CN113727196B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110817272.0A CN113727196B (en) 2021-07-19 2021-07-19 Method, device and storage medium for realizing CAS terminal authorization on demand

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110817272.0A CN113727196B (en) 2021-07-19 2021-07-19 Method, device and storage medium for realizing CAS terminal authorization on demand

Publications (2)

Publication Number Publication Date
CN113727196A CN113727196A (en) 2021-11-30
CN113727196B true CN113727196B (en) 2023-09-15

Family

ID=78673550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110817272.0A Active CN113727196B (en) 2021-07-19 2021-07-19 Method, device and storage medium for realizing CAS terminal authorization on demand

Country Status (1)

Country Link
CN (1) CN113727196B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217358A (en) * 2007-01-05 2008-07-09 中国移动通信集团公司 An activation method of digital broadcast service system and digital broadcast service
CN101247508A (en) * 2008-03-07 2008-08-20 北京握奇数据系统有限公司 Method for terminal implementing service authorization in conditioned receiving system
KR20120072030A (en) * 2010-12-23 2012-07-03 한국전자통신연구원 The apparatus and method for remote authentication
CN102761778A (en) * 2012-07-30 2012-10-31 山东泰信电子股份有限公司 Data encrypting and decrypting system and method based on bidirectional terminal
CN102769776A (en) * 2012-07-30 2012-11-07 山东泰信电子股份有限公司 System and method for enabling CAS (Conditional Access System) terminal to timely obtain entitlement

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2957737B1 (en) * 2010-03-17 2012-08-10 Bouygues Telecom Sa METHOD AND SYSTEM FOR SECURE DIFFUSION OF A DIGITAL DATA STREAM
US20120114121A1 (en) * 2010-11-10 2012-05-10 Souhwan Jung Method of transmitting and receiving content

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217358A (en) * 2007-01-05 2008-07-09 中国移动通信集团公司 An activation method of digital broadcast service system and digital broadcast service
CN101247508A (en) * 2008-03-07 2008-08-20 北京握奇数据系统有限公司 Method for terminal implementing service authorization in conditioned receiving system
KR20120072030A (en) * 2010-12-23 2012-07-03 한국전자통신연구원 The apparatus and method for remote authentication
CN102761778A (en) * 2012-07-30 2012-10-31 山东泰信电子股份有限公司 Data encrypting and decrypting system and method based on bidirectional terminal
CN102769776A (en) * 2012-07-30 2012-11-07 山东泰信电子股份有限公司 System and method for enabling CAS (Conditional Access System) terminal to timely obtain entitlement

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种免智能卡的有线电视条件接收技术的研究;闫一功;董国珍;;计算机与现代化(第08期);全文 *

Also Published As

Publication number Publication date
CN113727196A (en) 2021-11-30

Similar Documents

Publication Publication Date Title
US8205243B2 (en) Control of enhanced application features via a conditional access system
CN101529905B (en) Method of transmitting a complementary datum to a receiving terminal
CA2660593C (en) Method of revocation of security modules used to secure broadcast messages
KR100838892B1 (en) Method and system for conditional access
US20060069645A1 (en) Method and apparatus for providing secured content distribution
WO2003039155A2 (en) Apparatus of a baseline dvb-cpcm
US10091537B2 (en) Method and multimedia unit for processing a digital broadcast transport stream
CN1643924A (en) Smart card mating protocol
KR20110004333A (en) Processing recordable content in a stream
US20080059993A1 (en) Method and system for transmitting and receiving authorization message
CN102724568A (en) Authentication certificates
KR100194790B1 (en) Conditional Conditional Access System and Conditional Conditional Access Service Processing Method Using It
US8813254B2 (en) Conditional access system switcher
CN113727196B (en) Method, device and storage medium for realizing CAS terminal authorization on demand
KR20050090399A (en) Method for access control in digital pay television
KR100696823B1 (en) Pseudo scrambling method in digital broadcasting system
CN103237245A (en) Vehicle-mounted DVB (Digital Video Broadcasting) conditional access system for identifying set-top-box identity
US20160165279A1 (en) Method of transmitting messages between distributed authorization server and conditional access module authentication sub-system in renewable conditional access system, and renewable conditional access system headend
KR100693748B1 (en) Method And System of Transmitting EMM Message Through Wireless Communication Network
CN103634624A (en) Digital television live broadcasting method and system based on IP (Internet protocol) network
US20080101614A1 (en) Method and Apparatus for Providing Secured Content Distribution
KR102202813B1 (en) Internet protocol television(iptv) device, server, and operating method thereof
KR101138126B1 (en) Cas system and method for iptv
CN102761778A (en) Data encrypting and decrypting system and method based on bidirectional terminal
KR20160067722A (en) Method for tramsmitting message between distributed authorization server and cam authentication sub-system and rcas headend

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant