CN117319691A - Authorization control method, device, system, electronic equipment and storage medium - Google Patents

Authorization control method, device, system, electronic equipment and storage medium Download PDF

Info

Publication number
CN117319691A
CN117319691A CN202210700456.3A CN202210700456A CN117319691A CN 117319691 A CN117319691 A CN 117319691A CN 202210700456 A CN202210700456 A CN 202210700456A CN 117319691 A CN117319691 A CN 117319691A
Authority
CN
China
Prior art keywords
authorization
authorization file
dvb
terminal
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210700456.3A
Other languages
Chinese (zh)
Inventor
陈志伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN202210700456.3A priority Critical patent/CN117319691A/en
Priority to PCT/CN2023/100174 priority patent/WO2023246585A1/en
Publication of CN117319691A publication Critical patent/CN117319691A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/21Server components or server architectures
    • H04N21/218Source of audio or video content, e.g. local disk arrays
    • H04N21/2187Live feed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/4508Management of client data or end-user data
    • H04N21/4516Management of client data or end-user data involving client characteristics, e.g. Set-Top-Box type, software version or amount of memory available
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/458Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules ; time-related management operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/458Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules ; time-related management operations
    • H04N21/4586Content update operation triggered locally, e.g. by comparing the version of software modules in a DVB carousel to the version stored locally
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention discloses an authorization control method, an authorization control device, an authorization control system, electronic equipment and a storage medium, and belongs to the technical field of electric communication. Wherein the method comprises the following steps: receiving an encrypted second authorization file; decrypting the second authorization file through a built-in key and a decryptor, wherein the key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal; and if the decryption is passed, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file. The invention realizes the update of the authorization file and solves the technical problem that a terminal manufacturer cannot carry out authorization control on the unidirectional DVB terminal after the DVB terminal is sold in the prior art.

Description

Authorization control method, device, system, electronic equipment and storage medium
Technical Field
The present invention relates to the field of telecommunications technologies, and in particular, to an authorization control method, apparatus, system, electronic device, and storage medium.
Background
DVB (Digital Video Broadcasting ) is a digital service architecture facing the market, and can be divided into a front-end system, a transmission system and a terminal system according to the signal propagation sequence, wherein the front-end system mainly refers to an information source part of a digital television network, is a switching center of television program information, belongs to a core part of the whole digital cable television system, is generally located in a program production department such as a television station, and the terminal system mainly refers to a signal sink part of the digital television network, and is mainly provided for users of digital televisions, and generally refers to user terminal equipment such as a set top box.
The unidirectional DVB terminal is media playing equipment conforming to DVB standards (DVB-S, DVB-C, DVB-T, DVB-SMATV, DVB-MS and DVB-MC), adopts a content unidirectional transmission function, the front end transmits content, the terminal receives the content, the DVB terminal only passively receives the DVB broadcast data due to unidirectional content transmission, after the DVB terminal is sold, a DVB terminal manufacturer cannot control the terminal, and under the condition of business disputes, the DVB terminal manufacturer is very passive.
Disclosure of Invention
The embodiment of the invention provides an authorization control method, an authorization control device, electronic equipment and a storage medium, which are used for solving the technical problem that a terminal manufacturer cannot perform authorization control on a unidirectional DVB terminal in the prior art.
According to an aspect of an embodiment of the present invention, there is provided an authorization control method, applicable to a unidirectional digital video broadcasting DVB terminal, including: receiving an encrypted second authorization file; decrypting the second authorization file through a built-in key and a decryptor, wherein the key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal; and if the decryption is passed, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file.
Further, after updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file, the method further includes: acquiring the current time and the effective time of the second authorization file; judging whether the authorization is expired or not according to the current time and the effective time; and if the authorization expires, the live service of the DVB terminal is forbidden.
Further, if the decryption passes, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file includes: if the decryption passes, extracting verification data of the second authorization file, and verifying the decrypted second authorization file; and if the verification is passed, updating the existing first authorization file of the unidirectional DVB terminal according to the first authorization file.
According to another aspect of the embodiment of the present invention, there is also provided an authorization control method, which is applicable to a control end of a unidirectional digital video broadcasting DVB terminal, and is characterized by comprising: configuring a second authorization file; and calculating the verification data of the second authorization file, and encrypting the second authorization file and the verification data to obtain an encrypted second authorization file.
Further, after obtaining the encrypted second authorization file, the method further includes: converting the encrypted second authorization file into code stream data of DVB protocol through DVB code stream converter; and transmitting the code stream data to the DVB terminal through operating a front-end multiplexer.
Further, before the configuring the second authorization file, the method includes: judging whether the control end is connected with a USB security key or not; and if the control end is connected with the USB security key, executing the configuration second authorization file.
According to another aspect of the embodiments of the present invention, there is also provided a first entitlement control device adapted to a unidirectional digital video broadcasting DVB terminal, the first entitlement control device comprising: the receiving module is used for receiving the encrypted second authorization file; the decryption module is used for decrypting the second authorization file through a built-in secret key and a decryptor, wherein the secret key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal; and the updating module is used for updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file if the decryption passes.
Further, the first authorization control device further includes: the acquisition module is used for acquiring the current time and the valid time of the second authorization file; the judging module is used for judging whether the authorization is expired or not according to the current time and the effective time; and the disabling module is used for disabling the live broadcast service of the DVB terminal if the authorization expires.
Further, the updating module includes: the verification unit is used for extracting verification data of the second authorization file if decryption passes, and verifying the decrypted second authorization file; and the updating subunit is used for updating the existing first authorization file of the unidirectional DVB terminal according to the second authorization file if the verification passes.
According to another aspect of the embodiments of the present invention, there is also provided a second entitlement control device adapted to a control terminal of a unidirectional digital video broadcasting DVB terminal, the second entitlement control device comprising: the configuration module is used for configuring a second authorization file; and the encryption module is used for calculating the verification data of the second authorization file, encrypting the second authorization file and the verification data, and obtaining the encrypted second authorization file.
Further, the second authorization control device further includes: the sending module is used for converting the encrypted second authorization file into code stream data of the DVB protocol through the DVB code stream converter; and transmitting the code stream data to the DVB terminal through operating a front-end multiplexer.
Further, the second authorization control device further includes: the safety detection module is used for judging whether the control end is connected with the USB safety key or not; and if the control end is connected with the USB security key, executing the configuration second authorization file.
According to another aspect of the embodiment of the present invention, there is also provided an authorization control system, including a unidirectional digital video broadcasting DVB terminal and a control end, where the unidirectional DVB terminal includes a first authorization control device as described above; the control end comprises the second authorization control device.
According to another aspect of an embodiment of the present invention, there is also provided an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the computer program implementing the steps of the authorization control method as set forth in any one of the preceding claims when executed by the processor.
According to another aspect of an embodiment of the present invention, there is also provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the authorization control method as defined in any one of the above.
Embodiments of the present invention also provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the steps of the authorization control method as claimed in any one of the preceding claims.
According to the embodiment of the invention, the encrypted second authorization file is received, the second authorization file is decrypted according to the secret key and the decryptor which are arranged in the ROM of the unidirectional DVB terminal, and then the existing first authorization file of the unidirectional DVB terminal is updated according to the decrypted second authorization file, so that the update of the authorization file of the DVB terminal is realized, and the technical problem that a terminal manufacturer cannot perform authorization control on the unidirectional DVB terminal after the DVB terminal is sold in the prior art is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a block diagram of the hardware architecture of a computer according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating an authorization control method applicable to a DVB terminal for unidirectional digital video broadcasting according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of steps after updating an existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file in the embodiment of the present invention;
fig. 4 is a flowchart of an authorization control method suitable for a control end of a unidirectional digital video broadcasting DVB terminal according to an embodiment of the invention;
FIG. 5 is a schematic diagram of an authorization document creation process in an implementation scenario according to an embodiment of the present invention;
FIG. 6 is a schematic diagram illustrating a transmission flow of an updated authorization file in an implementation scenario according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a control flow of an authorization file in an implementation scenario according to an embodiment of the present invention;
fig. 8 is a block diagram of a first entitlement control device adapted for use with a unidirectional digital video broadcast DVB terminal in accordance with an embodiment of the present invention;
fig. 9 is a block diagram of a second entitlement control device adapted to a control terminal of a unidirectional digital video broadcasting DVB terminal according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The method embodiments provided in the embodiments of the present application may be performed in a mobile phone, a computer, a tablet, or a similar computing device. Taking a computer as an example, fig. 1 is a block diagram of a hardware structure of a computer according to an embodiment of the present invention. As shown in fig. 1, the computer may include one or more processors 102 (only one is shown in fig. 1) (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, and optionally, a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those of ordinary skill in the art that the configuration shown in FIG. 1 is merely illustrative and is not intended to limit the configuration of the computer described above. For example, the computer may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to an authorization control method in an embodiment of the present invention, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, implement the above-mentioned method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 104 may further include memory located remotely from processor 102, which may be connected to the computer via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communications provider of a computer. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is configured to communicate with the internet wirelessly.
In this embodiment, an authorization control method is provided, fig. 2 is a schematic flow diagram of an authorization control method applicable to a unidirectional digital video broadcasting DVB terminal according to an embodiment of the present invention, and as shown in fig. 2, the flow includes the following steps:
step S11, receiving an encrypted second authorization file;
the authorization control method provided by the embodiment of the invention is suitable for the unidirectional digital video broadcasting DVB terminal, wherein the unidirectional digital video broadcasting DVB terminal can be a set top box, a receiving card, a digital television, a mobile device and the like for unidirectional transmission of contents.
The DVB terminal manufacturer generates the encrypted second authorization file through the specific computer end tool configuration, and in an embodiment, the terminal manufacturer can send the manufactured encrypted second authorization file to the one-way digital video broadcasting DVB terminal through a serial port or a burning tool, and the DVB terminal receives the encrypted second authorization file manufactured by the terminal manufacturer through the serial port or the burning tool. Generally, the method of receiving the encrypted second authorization file is used in the production flow before the DVB terminal leaves the factory.
In another embodiment, the terminal manufacturer may further convert the encrypted second authorization file into a code stream of a standard DVB protocol through a DVB code stream converter, and then broadcast the code stream of the second authorization file of the DVB standard at the front end, where the DVB terminal receives the code stream data of the encrypted second authorization file through a wired channel or a satellite channel, and other manners. Typically, this approach is used in the after-market scenario of DVB terminals.
Step S12, decrypting the second authorization file through a built-in key and a decryptor, wherein the key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal;
in the embodiment of the invention, after receiving the encrypted second authorization file, the encrypted second authorization file needs to be decrypted, and the decryption mode is realized through a secret key and a decryptor which are built in the DVB terminal, wherein the secret key is characterized as a section of data, the decryptor is characterized as an algorithm, the secret key and the encrypted second authorization file are input into the decryptor, and the decryptor verifies the correctness of the secret key and decrypts the encrypted authorization file, so that a decrypted plaintext authorization file is obtained. The key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal, and the key and the decryptor can be directly written into the ROM of the DVB terminal in the production and manufacturing process of the DVB terminal.
And step S13, if the decryption passes, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file.
After the encrypted first authorization file is decrypted, the embodiment of the invention updates the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file, and replaces and updates the existing first authorization file into the second authorization file.
According to the embodiment of the invention, the encrypted second authorization file is received, the second authorization file is decrypted according to the secret key and the decryptor which are arranged in the ROM of the unidirectional DVB terminal, and then the existing first authorization file of the unidirectional DVB terminal is updated according to the decrypted second authorization file, so that the update of the authorization file can be remotely performed after the DVB terminal is sold, and the technical problem that a terminal manufacturer cannot perform authorization control on the unidirectional DVB terminal in the prior art is solved.
Referring to fig. 3, fig. 3 is a schematic flowchart of steps after updating an existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file in the embodiment of the present invention, and after step S13, the method further includes:
s14, acquiring the current time and the effective time of the second authorization file;
in the embodiment of the invention, the validity period of the authorization file is longer than the specified validity period, and the authorization file is invalid.
In a specific embodiment, the current time may be obtained by adding a clock chip, or may be obtained by a DVB terminal through wireless or wired broadcasting, where the validity time of the second authorization file is information contained in the authorization file, and the validity period specified by the authorization file may be obtained by decrypting the authorization file.
S15, judging whether the authorization is expired or not according to the current time and the effective time;
if the acquired current time exceeds the effective time of the authorization file, indicating that the authorization file is due; if the current time does not exceed the valid time of the authorization document, the authorization document is not expired and still is in the validity period.
S16, if the authorization expires, the live broadcast service of the DVB terminal is forbidden.
If the authorization file expires, the embodiment of the invention disables the live broadcast service of the DVB terminal, so that the DVB terminal cannot play the digital video broadcasted by the front end.
In the embodiment of the invention, the validity period of the authorization file exists, whether the authorization file is expired or not is judged according to the current time and the validity time of the second authorization file, and if the authorization file is expired, the live broadcast service of the DVB terminal is forbidden, so that the forbidden control of the DVB terminal is realized.
In an embodiment of the present invention, if the decryption passes, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file includes: if the decryption passes, extracting verification data of the second authorization file, and verifying the decrypted authorization file; and if the check is passed, updating the existing first authorization file of the unidirectional DVB terminal according to the second authorization file.
In order to ensure the correctness of the authorization file, in the embodiment of the present invention, the second authorization file that is decrypted is also checked, where the checking mode may be parity check, CRC (Cyclic Redundancy Check ), LRC (Longitudinal Redundancy Check, longitudinal redundancy check), gray code check, checksum check, xor check, etc. For example, the DVB terminal calculates the second authorization file by using the same preset algorithm as that used when making the authorization file, so as to obtain a check value, compares the check value with the extracted check data of the second authorization file, and if the calculated check value is the same as the check value in the check data, it indicates that the second authorization file is complete and correct, and updates the existing first authorization file of the unidirectional DVB terminal according to the second authorization file.
The embodiment of the invention ensures the integrity and the correctness of the authorization file by checking the second authorization file, and prevents the authorization file from generating errors in the transmission process.
In this embodiment, there is further provided an authorization control method, and fig. 4 is a flowchart of an authorization control method suitable for a control end of a unidirectional digital video broadcasting DVB terminal according to an embodiment of the present invention, as shown in fig. 4, where the flowchart includes the following steps:
s21, configuring a second authorization file;
the authorization control method provided by the embodiment of the invention is suitable for the control end of the unidirectional digital video broadcasting DVB terminal, and the control end can realize the control of the DVB terminal and can be a control terminal with an operation processing function such as a computer, a mobile phone, a server and the like.
The invention generates the second authorization document by the control end, for example, the second authorization document is generated by a computer and a specific PC tool on the computer is used for configuration. The configuration of the second authorization file comprises configuration of at least one of a terminal identification number, a terminal batch, an expiration date and file verification of the second authorization file.
S22, calculating the verification data of the second authorization file, and encrypting the second authorization file and the verification data to obtain an encrypted second authorization file.
The mode of calculating the check data of the second authorization file in the embodiment of the invention can be parity check, CRC check, LRC check, gray code check, sum check, exclusive OR check and the like; the manner of encrypting the second authorization file and the verification data may be symmetric encryption, asymmetric encryption, single encryption, etc., and the embodiment of the present invention is not particularly limited. In a specific embodiment, the second authorization file may be encrypted using an encryption tool, where a key and an encryptor are built in the encryption tool, and the authorization file may be encrypted.
According to the embodiment of the invention, the verification data of the second authorization file is calculated for the configured second authorization file, and the second authorization file and the verification data are encrypted, so that the encrypted second authorization file is obtained.
In an embodiment of the present invention, after obtaining the encrypted second authorization file, the method further includes: converting the encrypted second authorization file into code stream data of DVB protocol through DVB code stream converter; and transmitting the code stream data to the DVB terminal through operating a front-end multiplexer.
The DVB code stream converter is a conversion tool for converting the authorization file into the DVB code stream according to the DVB technical protocol, and can convert the encrypted second authorization file into stream (code stream) data of the DVB protocol.
The front-end multiplexer is a code stream processing device, is an important part in the DVB front-end system, and can synthesize multiple transport streams into one transport stream for transmission.
In the production and manufacturing process before the DVB terminal leaves the factory, the initial authorization file is conveniently built in the ROM of the DVB terminal, for example, the authorization file can be directly burnt in the ROM in a large batch, but after the DVB terminal is sold, the method is not suitable. Therefore, in the embodiment of the invention, the encrypted second authorization file is converted into the code stream data of the DVB protocol through the DVB code stream converter, and the second authorization file stream code stream data can be transmitted in the DVB system, so that the second authorization file is sent to the DVB terminal.
In an embodiment, before the configuring the second authorization file, the method includes: judging whether the control end is connected with a USB security key or not; and if the control end is connected with the USB security key, executing the configuration second authorization file.
The USB safety KEY, also called USB safety KEY, is a hardware device of a USB interface, is internally provided with a singlechip or a smart card chip, has a certain storage space, can store a private KEY and a digital certificate of a user, and realizes authentication of the user identity by utilizing a public KEY algorithm arranged in the USB KEY.
In order to ensure data security, the embodiment of the invention also performs login security identity authentication before the control end configures the second authorization file. And confirming the security of the environment configuring the authorization file by judging whether the USB interface of the control terminal is connected with the USB security key.
In the following, a complete explanation of one implementation scenario in the embodiment of the present invention will be made with reference to fig. 5, 6 and 7.
Fig. 5 is a schematic diagram of an authorization file creation process in an implementation scenario according to an embodiment of the present invention. In the implementation scene of the invention, when the DVB terminal is produced and manufactured, a PC tool is used for manufacturing an authorization file and embedding the authorization file into a DVB terminal ROM, specifically, after the PC tool is started, whether a USB interface is connected with a USB security key is detected, if not, the operation of the authorization file manufacturing process is not allowed; if the USB interface security key is connected and started, the PC tool is used for configuring the authorization file information, the configured authorization file comprises information such as a terminal identification number, terminal batch information, expiration date, file verification and the like, verification data of the authorization file are calculated and verified, the authorization file is encrypted through a key and an encryptor to obtain an encrypted ciphertext authorization file, the encrypted authorization file is embedded into a DVB terminal production ROM, wherein the encryption key is held by a terminal provider, and an encryption algorithm is private and is built in the PC tool.
Fig. 6 is a schematic diagram of a transmission flow of an updated authorization file in an implementation scenario according to an embodiment of the present invention. After the DVB terminal with the encrypted authorization file embedded in the process is sold, if the current authorization file of the terminal needs to be updated, a terminal provider or a manufacturer makes a new authorization file according to the same making process as shown in fig. 5, then the authorization file is converted into a stream code stream of a standard DVB protocol through a DVB stream converter, a multiplexer at the front end is operated, the DVB standard code stream is broadcast at the front end, and the DVB standard code stream is sent to the DVB terminal.
Fig. 7 is a schematic control flow diagram of an authorization file in an implementation scenario according to an embodiment of the present invention. The DVB terminal starts, tries to receive the authorization file, if a new authorization file is found, then receives the data, after the authorization file is received, decrypts the authorization file by using a secret key and a decryptor integrated in the terminal, verifies the decrypted authorization file, updates the existing authorization file in the ROM of the terminal if the verification is passed, judges whether the authorization file is expired or not if the verification is not passed, and disables the core function of the DVB terminal for watching the live broadcast content if the authorization is expired, and the full function of the DVB terminal is operated if the authorization file is not expired. If the new authorization file is not found in the step of attempting to receive the authorization file by the DVB terminal, the step of judging whether the authorization file is expired is executed, and if so, the live broadcast service of the DVB terminal is forbidden.
According to the embodiment of the invention, a new authorization file is manufactured through a PC tool, the new authorization file is converted into a stream code stream of a standard DVB protocol through a DVB stream converter, the stream code stream is broadcast at the front end and is sent to the DVB terminal, the DVB terminal is updated according to the new authorization file, if the authorization of the authorization file expires, the function of watching live contents of the DVB terminal core is forbidden, and after the DVB terminal is sold, a terminal manufacturer can control the DVB authorization and forbidden through the authorization file, so that the technical problem that the terminal manufacturer cannot conduct authorization control on the unidirectional DVB terminal is solved.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The embodiment also provides a first authorization control device suitable for the unidirectional digital video broadcast DVB terminal, which is used for implementing the foregoing embodiment and the preferred implementation, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 8 is a block diagram of a first entitlement control device adapted for use in a unidirectional digital video broadcasting DVB terminal according to an embodiment of the present invention, as shown in fig. 8, the first entitlement control device comprising: a receiving module 100, a decrypting module 200, an updating module 300, wherein,
a receiving module 100, configured to receive the encrypted second authorization file;
a decryption module 200, configured to decrypt the second authorization file through a built-in key and a decryptor, where the key and the decryptor are built in a ROM of the unidirectional DVB terminal;
and the updating module 300 is configured to update the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file if the decryption passes.
Optionally, the first authorization control device further includes: the acquisition module is used for acquiring the current time and the valid time of the second authorization file; the judging module is used for judging whether the authorization is expired or not according to the current time and the effective time; and the disabling module is used for disabling the live broadcast service of the DVB terminal if the authorization expires.
Optionally, the updating module includes: the verification unit is used for extracting verification data of the second authorization file if decryption passes, and verifying the decrypted second authorization file; and the updating subunit is used for updating the existing first authorization file of the unidirectional DVB terminal according to the second authorization file if the verification passes.
Fig. 9 is a block diagram of a second entitlement control device adapted to a control terminal of a unidirectional digital video broadcasting DVB terminal according to an embodiment of the present invention, and as shown in fig. 9, the second entitlement control device comprises: the configuration module 400, the encryption module 500, wherein,
a configuration module 400, configured to configure a second authorization file;
and the encryption module 500 is configured to calculate verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
Optionally, the second authorization control device further includes: the sending module is used for converting the encrypted second authorization file into code stream data of the DVB protocol through the DVB code stream converter; and transmitting the code stream data to the DVB terminal through operating a front-end multiplexer.
Optionally, the second authorization control device further includes: the safety detection module is used for judging whether the control end is connected with the USB safety key or not; and if the control end is connected with the USB security key, executing the configuration second authorization file.
It should be noted that each of the above modules may be implemented by software or hardware, and for the latter, it may be implemented by, but not limited to: the modules are all located in the same processor; alternatively, the above modules may be located in different processors in any combination.
The embodiment of the invention also provides an authorization control system which comprises a unidirectional Digital Video Broadcasting (DVB) terminal and a control end, wherein the unidirectional DVB terminal comprises the first authorization control device; the control end comprises the second authorization control device.
Optionally, the specific embodiment of the authorization control system of the present invention is substantially the same as the embodiments of the above method, and will not be described herein.
Embodiments of the present invention also provide an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the authorization control method as claimed in any one of the preceding claims.
Optionally, the electronic device may further include a transmission device and an input/output device, where the transmission device is connected to the processor, and the input/output device is connected to the processor.
Alternatively, in this embodiment, the processor may be configured to perform the steps of any of the method embodiments described above by means of a computer program.
Embodiments of the present invention also provide a storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the authorization control method as described in any of the above.
Optionally, the specific embodiments of the storage medium of the present invention are substantially the same as the embodiments of the method described above, and are not described herein.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a usb disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing a computer program.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present invention, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, such as the division of the units, is merely a logical function division, and may be implemented in another manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims (11)

1. An authorization control method suitable for a one-way digital video broadcasting DVB terminal, comprising:
receiving an encrypted second authorization file;
decrypting the second authorization file through a built-in key and a decryptor, wherein the key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal;
and if the decryption is passed, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file.
2. The authorization control method according to claim 1, wherein after updating an existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file, the method further comprises:
acquiring the current time and the effective time of the second authorization file;
judging whether the authorization is expired or not according to the current time and the effective time;
and if the authorization expires, the live service of the DVB terminal is forbidden.
3. The authorization control method according to claim 1, wherein if the decryption passes, updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file includes:
if the decryption passes, extracting verification data of the second authorization file, and verifying the decrypted second authorization file;
and if the check is passed, updating the existing first authorization file of the unidirectional DVB terminal according to the second authorization file.
4. An authorization control method suitable for a control end of a unidirectional Digital Video Broadcasting (DVB) terminal is characterized by comprising the following steps:
configuring a second authorization file;
and calculating the verification data of the second authorization file, and encrypting the second authorization file and the verification data to obtain an encrypted second authorization file.
5. The authorization control method according to claim 4, wherein after obtaining the encrypted second authorization file, the method further comprises:
converting the encrypted second authorization file into code stream data of DVB protocol through DVB code stream converter;
and transmitting the code stream data to the DVB terminal through operating a front-end multiplexer.
6. The authorization control method according to claim 4, wherein before the configuring of the second authorization file, the method includes:
judging whether the control end is connected with a USB security key or not;
and if the control end is connected with the USB security key, executing the configuration second authorization file.
7. An entitlement control device adapted for use with a unidirectional digital video broadcast DVB terminal, comprising:
the receiving module is used for receiving the encrypted second authorization file;
the decryption module is used for decrypting the second authorization file through a built-in secret key and a decryptor, wherein the secret key and the decryptor are built in a read-only memory ROM of the unidirectional DVB terminal;
and the updating module is used for updating the existing first authorization file of the unidirectional DVB terminal according to the decrypted second authorization file if the decryption passes.
8. An authorization control device, which is applicable to a control end of a unidirectional digital video broadcasting DVB terminal, comprising:
the configuration module is used for configuring a second authorization file;
and the encryption module is used for calculating the verification data of the second authorization file, encrypting the second authorization file and the verification data, and obtaining the encrypted second authorization file.
9. An authorization control system is characterized by comprising a one-way digital video broadcasting DVB terminal and a control end, wherein,
the unidirectional DVB terminal comprising the apparatus of claim 8;
the control terminal comprising the device of claim 9.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the authorization control method according to any one of claims 1 to 6.
11. A storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the entitlement control method as claimed in any one of claims 1 to 6.
CN202210700456.3A 2022-06-20 2022-06-20 Authorization control method, device, system, electronic equipment and storage medium Pending CN117319691A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210700456.3A CN117319691A (en) 2022-06-20 2022-06-20 Authorization control method, device, system, electronic equipment and storage medium
PCT/CN2023/100174 WO2023246585A1 (en) 2022-06-20 2023-06-14 Authorization control method, apparatus and system, and electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210700456.3A CN117319691A (en) 2022-06-20 2022-06-20 Authorization control method, device, system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117319691A true CN117319691A (en) 2023-12-29

Family

ID=89248561

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210700456.3A Pending CN117319691A (en) 2022-06-20 2022-06-20 Authorization control method, device, system, electronic equipment and storage medium

Country Status (2)

Country Link
CN (1) CN117319691A (en)
WO (1) WO2023246585A1 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3025267A4 (en) * 2013-07-23 2017-03-22 Ericsson AB Media distribution system with manifest-based entitlement enforcement
CN108124480B (en) * 2016-12-27 2022-01-11 深圳配天智能技术研究院有限公司 Software authorization method, system and equipment
CN110891187A (en) * 2019-11-30 2020-03-17 广西广播电视信息网络股份有限公司 Program authorization control method of household intelligent terminal
CN110968844B (en) * 2019-12-02 2021-12-17 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium
CN112380501B (en) * 2021-01-19 2021-11-09 北京信安世纪科技股份有限公司 Equipment operation method, device, equipment and storage medium

Also Published As

Publication number Publication date
WO2023246585A1 (en) 2023-12-28

Similar Documents

Publication Publication Date Title
JP4755862B2 (en) Device pairing
CN101719910B (en) Terminal equipment for realizing content protection and transmission method thereof
CN101300841B (en) Method for securing data exchanged between a multimedia processing device and a security module
CN102271285A (en) Conditional access module and digital television realization method
CN102802036A (en) System and method for identifying digital television
CN112910869A (en) Method, device and storage medium for encrypting and decrypting data information
EP2420058A2 (en) Interoperability of set top box through smart card
CN116074039A (en) File secure transmission method and system based on HTTPS protocol
CN102413463B (en) Wireless media access layer authentication and key agreement method for filling variable sequence length
CN106464664A (en) A method and system to create a secure communication channel between two security modules
CN109600631B (en) Video file encryption and publishing method and device
KR101280740B1 (en) Method to secure access to audio/video content in a decoding unit
CN117319691A (en) Authorization control method, device, system, electronic equipment and storage medium
US8819434B2 (en) Method and processing unit for secure processing of access controlled audio/video data
KR20080088012A (en) Method of combined certification of plural terminals using user identification
US20160165279A1 (en) Method of transmitting messages between distributed authorization server and conditional access module authentication sub-system in renewable conditional access system, and renewable conditional access system headend
KR20120072030A (en) The apparatus and method for remote authentication
CN102821317B (en) Method and system for managing digital television
Chung et al. A security model for IPTV with one-time password and Conditional Access System for smart mobile platform
JP2013042330A (en) Unidirectional communication system, method, and program
CN114629642A (en) Target data sending method and device, storage medium and electronic device
KR101131067B1 (en) System and method for assigning and verification unique device number of cas client in unidirectional broadcasting network
KR101113055B1 (en) Method for providing secure protocol in eXchangeable Conditional Access System
CN115915122A (en) Data processing method and device, network side equipment and terminal
CN116830564A (en) Conference data transmission method, device and system, electronic equipment and readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication