CN201515456U - Safe device, set-top box and receiving terminal for digital television receiving terminals - Google Patents
Safe device, set-top box and receiving terminal for digital television receiving terminals Download PDFInfo
- Publication number
- CN201515456U CN201515456U CN200920222893.9U CN200920222893U CN201515456U CN 201515456 U CN201515456 U CN 201515456U CN 200920222893 U CN200920222893 U CN 200920222893U CN 201515456 U CN201515456 U CN 201515456U
- Authority
- CN
- China
- Prior art keywords
- safety device
- top box
- random number
- key
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000004891 communication Methods 0.000 claims description 50
- 239000000047 product Substances 0.000 claims description 22
- 238000012795 verification Methods 0.000 claims description 16
- 230000004044 response Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 8
- 239000006227 byproduct Substances 0.000 claims description 7
- 230000010365 information processing Effects 0.000 abstract 2
- 230000005540 biological transmission Effects 0.000 description 15
- 230000015572 biosynthetic process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 238000000034 method Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012797 qualification Methods 0.000 description 2
- 208000027418 Wounds and injury Diseases 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 208000014674 injury Diseases 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Abstract
The utility model provides a safe device, a set-top box and a receiving terminal for digital television receiving terminals, wherein the safe device comprises a first negotiation key generating unit for generating negotiation keys, an authorized control information processing unit which is sued for receiving authorized control information distributed by the front end and is sent by the set-top box, the authorized control information comprises product marks and control words which are enciphered by a product key, a production key which corresponds to the product mark is used for deciphering the control words enciphered by the product key for obtaining control words, a first enciphering unit is connected with the first negotiation key generating unit and the authorized control information processing unit for utilizing the negotiation key to obtain the control words for enciphering, and the control words after being enciphered are delivered to the set-top box. The utility model utilizes asymmetric encryption algorithm to project scrambling control words, effectively prevents the phenomenon of maliciously stealing the control words, and greatly protects the vital interests of program operators.
Description
Technical field
The utility model is about receiving terminal for digital television, specifically about a kind of safety device, set-top box and receiving terminal of receiving terminal for digital television.
Background technology
As everyone knows, condition receiving system CAS is meant and is used for controlling the system that the user receives broadcast service, realizes the paid service of broadcast system usually by empowerment management.
Condition receiving system is by broadcast data is carried out scrambling to the control of broadcast service, and the scrambling control information encrypted realize.The safety of control word CW transmits and depends on product key, through after the product secret key encryption with scrambling after broadcast data together send.
As shown in Figure 1, the user is by the front end order program, and front end utilizes product key that control word CW is encrypted, transmission in Entitlement Control Message (ECM:Entitlement Control Message).Front end utilizes user key that product key is encrypted, and the product key after encrypting is sent to terminal set top box by Entitlement Management Message (EMM:Entitlement Management Message) packet.
Set-top box is filtered the EMM packet according to the smart card numbering, and the EMM packet that is filled into is sent into smart card, and smart card utilizes pre-buried user key that the product key after encrypting is decrypted, and the product key after the deciphering is stored in the smart card.
Set-top box filters out the ECM bag of current channel according to the identification number of ECM bag, and sends into smart card, and the product key after the smart card utilization deciphering is decrypted encrypted control word CW, and the control word CW after the deciphering is returned to set-top box descrambling program.Behind this digital program descrambling, the user just can watch the product of mandate by the display unit of terminal.
Generally speaking, transmit control word CW with clear-text way between smart card and the set-top box, such transmission means is very dangerous, some illegal hackers may malice intercept expressly control word CW in control word CW transmission course, utilize the control word CW of intercepting to come the program stream of descrambling process scrambling to watch program, therefore, grievous injury the vital interests of operator.
The utility model content
The purpose of this utility model is to provide a kind of safety device, set-top box and receiving terminal of receiving terminal for digital television; use rivest, shamir, adelman protection scrambling control word CW; make encrypted transmission control word CW between safety device and the set-top box; thereby can prevent that malice from stealing the phenomenon of control word and taking place, effectively protect the vital interests of operator.
The utility model embodiment provides a kind of safety device of receiving terminal for digital television, and this safety device comprises:
The first arranging key generation unit is used to generate first random number, and utilizes the secured communication channel of building in advance described first random number to be sent to the set-top box of described receiving terminal for digital television; And second random number that receives that secured communication channel that described set-top box utilization builds in advance returns by the publicly-owned secret key encryption of described safety device, and utilize the private cipher key of described safety device that second random number of encrypting is decrypted, to obtain described second random number; Utilize described first random number and described second random number to generate arranging key according to certain algorithm;
The Entitlement Control Message processing unit is used to receive the Entitlement Control Message that front end that described set-top box sends issues, and described Entitlement Control Message comprises product mark and the control word of being encrypted by product key; Utilize the product key of described product mark correspondence that the control word of encrypting is decrypted, to obtain control word;
First ciphering unit is connected with the Entitlement Control Message processing unit with the described first arranging key generation unit, be used to utilize described arranging key that the control word that obtains is encrypted, and the described control word after will encrypting is sent to described set-top box.
The utility model embodiment provides a kind of set-top box, and this set-top box comprises:
The second arranging key generation unit, be used for receiving first random number that safety device generates by the secured communication channel of building in advance, and generate second random number, utilize described first random number and described second random number to adopt the algorithm generation arranging key same with safety device;
The Entitlement Control Message receiving element is used for the Entitlement Control Message that receiving front-end sends, and described Entitlement Control Message is sent to described safety device; Described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
The control word receiving element is used for receiving the control word by the arranging key encryption that safety device sends by the secured communication channel of building in advance;
Second decrypting device, be connected with the control word receiving element with the described second arranging key generation unit, be used to utilize the control word of the encryption that described arranging key that the described second arranging key generation unit generates receives described control word receiving element to be decrypted, to obtain described control word.
The utility model embodiment provides a kind of receiving terminal for digital television, and this receiving terminal for digital television comprises above-mentioned set-top box and safety device.
The beneficial effect of the utility model embodiment is that the arranging key that the safety device utilization generates is encrypted control word, and encrypted control word is sent to set-top box; And the arranging key that the set-top box utilization generates is decrypted the control word of encrypting; to obtain control word; owing to use rivest, shamir, adelman protection scrambling control word CW; make encrypted transmission control word CW between safety device and the set-top box; thereby can prevent that malice from stealing the phenomenon of control word and taking place, effectively protect the vital interests of operator.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present utility model, constitutes the application's a part, does not constitute qualification of the present utility model.In the accompanying drawings:
Fig. 1 is that condition receiving system adds the descrambling flow chart in the correlation technique;
Fig. 2 is the formation schematic diagram of the safety device of the utility model embodiment 1;
Fig. 3 is the formation schematic diagram of the safety device of the utility model embodiment 2;
Fig. 4 is the formation schematic diagram that first communication port is set up the unit among the embodiment 2;
Fig. 5 is the formation schematic diagram of the first arranging key generation unit among the embodiment 2;
Fig. 6 is the formation schematic diagram of the set-top box of the utility model embodiment 3;
Fig. 7 is the formation schematic diagram of the set-top box of the utility model embodiment 4;
Fig. 8 is the formation schematic diagram that second channel is set up the unit among the embodiment 4;
Fig. 9 is the formation schematic diagram of the second arranging key generation unit among the embodiment 4;
Figure 10 is the formation schematic diagram of the receiving terminal for digital television of the embodiment of the invention 5;
Figure 11 is the schematic diagram that safety device and set-top box are set up escape way;
Figure 12 is the schematic diagram that safety device and set-top box generate arranging key.
Embodiment
For making the purpose of this utility model, technical scheme and advantage clearer,, the utility model is described in further details below in conjunction with execution mode and accompanying drawing.At this, exemplary embodiment of the present utility model and explanation thereof are used to explain the utility model, but not as to qualification of the present utility model.
Embodiment 1
The utility model embodiment provides a kind of safety device of receiving terminal for digital television, and as shown in Figure 2, this safety device comprises the first arranging key generation unit 201, Entitlement Control Message processing unit 202 and first ciphering unit 203; Wherein,
The first arranging key generation unit 201 is used to generate first random number, and utilizes the secured communication channel of building in advance this first random number to be sent to the set-top box of receiving terminal for digital television; And second random number by the publicly-owned secret key encryption of this safety device that receives that secured communication channel that this set-top box utilization builds in advance returns, and utilize the private cipher key of this safety device that second random number of encrypting is decrypted, to obtain this second random number; Utilize this first random number and second random number to generate arranging key according to certain algorithm;
Entitlement Control Message processing unit 202 is used for the Entitlement Control Message that front end that the set-top box of receiving digital television receiving terminal sends issues, and this Entitlement Control Message comprises product mark and the control word of being encrypted by product key; Utilize the product key of this product mark correspondence that the control word of encrypting is decrypted, to obtain control word;
In the present embodiment, this Entitlement Control Message is the ECM packet.
In the present embodiment, first table of random numbers is shown A, second table of random numbers is shown B, and second table of random numbers of encryption is shown B '.
In the present embodiment, publicly-owned key of this safety device (Public Key) and private cipher key (Private Key) can utilize rivest, shamir, adelman by the CAS front end of CAS manufacturer, generate as RSA (Peter Lonard Lee Vista (Ron Rivest), A Di Shamir (Adi Shamir) and Leonard A Deman (Leonard Adleman)) algorithm.
In the present embodiment, this safety device can obtain its corresponding private cipher key and certificate in advance, this certificate comprises the sign of this safety device, the publicly-owned key and the signature of this safety device, and in setting up the secured communication channel process, this set-top box can obtain the publicly-owned key of this safety device, like this, by data transmission safety communication port between this safety device set up in advance and the set-top box, this safety device can be sent to this set-top box with the first random number A that generates, after this set-top box is received the first random number A, can generate the second random number B, and utilize this second random number of publicly-owned secret key encryption B of this safety device, with the second random number B ' that obtains to encrypt, and this second random number B ' is sent to this safety device, make this safety device according to utilizing private cipher key that this second random number B ' is deciphered, to obtain the second random number B, and adopt certain algorithm to utilize this first random number A and the second random number B to generate arranging key (DCK:DeviceCommon Key), utilize this arranging key DCK that the control word CW that obtains is encrypted, obtain encrypted control word CW ', and this control word CW ' is transmitted in secured communication channel.Wherein, the digital signature that comprises in this certificate is that the CAS front end of CAS manufacturer utilizes its private cipher key and adopts existing RSA cryptographic algorithms to obtain, and repeats no more herein.
In the present embodiment, can adopt 3DES (Data Encryption Standard, data encryption standard) algorithm to utilize the first random number A and the second random number B to generate arranging key DCK, but be not limited to said method, also can adopt other algorithm to generate arranging key.
By the foregoing description as can be known, the arranging key that this safety device utilization generates is encrypted control word, and encrypted control word is sent to set-top box, because to transmitting after this control word encryption, thereby can prevent that malice from stealing the phenomenon of control word and taking place, improve safety of data transmission.
Embodiment 2
Present embodiment provides a kind of safety device of receiving terminal for digital television, as shown in Figure 3, this safety device comprises the first arranging key generation unit 301, Entitlement Control Message processing unit 302 and first ciphering unit 303, and its effect is similar to Example 1, repeats no more herein.
As shown in Figure 3, this safety device comprises that also first passage sets up unit 304, is connected with the first arranging key generation unit 301, is used to set up the secured communication channel between this safety device and the set-top box.
In the present embodiment, can set up secured communication channel in the following way:
This safety device can obtain its corresponding private cipher key and certificate in advance, and this certificate comprises the sign of this safety device, the publicly-owned key and the signature of this safety device.Wherein can adopt following dual mode to obtain:
First kind, CAS front end by CAS manufacturer utilizes rivest, shamir, adelman, generate the publicly-owned key (Public Key) and the private cipher key (Private Key) of this safety device as RSA Algorithm, with the certificate of the publicly-owned key of the private cipher key that generates and the sign that comprises this safety device, safety device and signature this safety device that writes direct, like this, make this safety device obtain its private cipher key and certificate.
Second kind, CAS front end by CAS manufacturer utilizes rivest, shamir, adelman, generate the publicly-owned key (Public Key) and the private cipher key (Private Key) of this safety device as RSA Algorithm, generate the EMM packet, this EMM packet comprises the private cipher key and the certificate of this safety device, and the EMM packet that generates is sent to receiving terminal for digital television, make this safety device obtain the private cipher key and the certificate of this safety device.
When setting up secured communication channel, whether this safety device can utilize the signature of publicly-owned key authentication certificate of the CAS manufacturer that prestores effective, if effectively then this is comprised the publicly-owned key of this safety device and the certificate of signature is sent to the set-top box that communicates with, can obtain the publicly-owned key of this safety device simultaneously.After this set-top box receives the certificate of the publicly-owned key that comprises this safety device and signature, similarly, the prestore publicly-owned key of CAS manufacturer of utilization is verified the signature of this certificate, if effectively then this set-top box obtains the publicly-owned key of this safety device, and determine to set up secured communication channel with this safety device, and return response message and give this safety device, make that this safety device obtains to determine to set up secured communication channel behind this response message.
Like this, as shown in Figure 4, this first passage is set up unit 304 and is comprised:
Whether first certificate verification unit 401 is used to utilize the prestore signature of publicly-owned key authentication certificate of CAS manufacturer effective, and this certificate comprises the publicly-owned key and the signature of this safety device correspondence;
First information transmitting element 402, be connected with first certificate verification unit 401, be used for when the signature of first certificate verification unit, 401 these certificates of checking is effective, this certificate that comprises the publicly-owned key of safety device is sent to set-top box, make whether the prestore signature of publicly-owned this certificate of key authentication of CAS manufacturer of this set-top box utilization is effective, and when checking is effective, obtain the publicly-owned key of this safety device and return the effective response message of checking;
First passage determining unit 403 is used for determining to set up the secure communication channel between this safety device and the set-top box when receiving the effective response message of checking that this set-top box returns.
As shown in Figure 4, this first passage is set up unit 304 also can comprise information acquisition unit 404, and this information acquisition unit 404 is used to the certificate that obtains the private cipher key of this safety device and comprise the publicly-owned key of safety device.Like this, can make safety device set up and set-top box between the process of secured communication channel in the validity of the signature of this certificate is verified and the mode that obtains the private cipher key of this safety device and certificate as mentioned above, repeats no more herein.
In the above-described embodiments, whether the signature of safety device and set-top box authentication certificate effectively can adopt existing mode, repeats no more herein.
In the present embodiment, as shown in Figure 5, the first arranging key generation unit 301 can comprise:
The first random number generation unit 501 is used to generate the first random number A, and utilizes the secured communication channel of building in advance that this first random number A is sent to this set-top box;
The first random number receiving element 502 is used to receive that secured communication channel that this set-top box utilization builds in advance returns by the second random number B of the publicly-owned secret key encryption of this safety device;
First decrypting device 503 is connected with the first random number receiving element 502, is used to utilize the private cipher key of this safety device that the second random number B ' that encrypts is decrypted, to obtain this second random number B;
The first key generation unit 504 is connected with first decrypting device 503 with the first random number generation unit 501, is used to utilize the first random number A and the second random number B to generate arranging key DCK.
From the above, the CAS front end of CAS manufacturer can utilize asymmetric arithmetic to generate the private cipher key and the publicly-owned key of this safety device, and this safety device can get access to the private cipher key that this CAS front end generates and comprise the publicly-owned key of this safety device and the certificate of signature; This safety device can utilize the certificate of acquisition to set up secured communication channel between the set-top box communicate with, and consult to generate arranging key with set-top box, be sent to set-top box after utilizing this arranging key to encrypt to the control word that obtains, thereby can improve safety of data transmission and reliability, prevent that malice from stealing the phenomenon of control word and taking place.
Embodiment 3
The utility model embodiment provides a kind of set-top box, and as shown in Figure 6, this set-top box comprises the second arranging key generation unit 601, Entitlement Control Message receiving element 602, control word receiving element 603 and second decrypting device 604; Wherein,
The second arranging key generation unit 601, be used for receiving first random number that safety device generates by the secured communication channel of building in advance, and generate second random number, utilize this first random number and second random number to adopt the algorithm generation arranging key same with safety device;
Entitlement Control Message receiving element 602 is used for the Entitlement Control Message that receiving front-end sends, and this Entitlement Control Message is sent to this safety device; This Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
Control word receiving element 603 is used for receiving the control word by the arranging key encryption that safety device sends by the secured communication channel of building in advance;
In the present embodiment, this set-top box can obtain the publicly-owned key of this safety device in the process of the secured communication channel between foundation and the safety device, like this, by data transmission safety communication port between this safety device set up in advance and the set-top box, this set-top box can obtain the first random number A that safety device sends, and generate the second random number B, and the same algorithm of employing and safety device utilizes this first random number A and the second random number B to generate arranging key (DCK:Device Common Key); Utilize this arranging key DCK that the control word CW of the encryption of this safety device transmission is decrypted,, also play thereby utilize this CW that program is carried out descrambling to obtain CW.
By the foregoing description as can be known, the secured communication channel that this set-top box utilization is set up in advance receives the control word CW ' that encrypts, and utilize the arranging key DCK that generates that the control word CW ' that encrypts is decrypted, to obtain CW, thereby can prevent that malice from stealing the phenomenon of control word and taking place, improve safety of data transmission.
Embodiment 4
The utility model embodiment provides a kind of set-top box, as shown in Figure 7, this set-top box comprises the second arranging key generation unit 701, Entitlement Control Message receiving element 702, control word receiving element 703 and second decrypting device 704, and its effect is similar to Example 3, repeats no more herein.
As shown in Figure 7, this set-top box comprises that also second channel sets up unit 705, is connected with the second arranging key generation unit 701, is used to set up the secured communication channel between this safety device and the set-top box.
In the present embodiment, when setting up secured communication channel, after this set-top box receives the certificate of the publicly-owned key that comprises this safety device, similarly, the prestore publicly-owned key of this CAS manufacturer of utilization verifies the signature of this certificate, if effectively then this set-top box obtains the publicly-owned key of this safety device, and determines to set up secured communication channel with this safety device, and return response message and give this safety device, make that this safety device obtains to determine to set up secured communication channel behind this response message.
As shown in Figure 7, this set-top box also comprises descrambling unit 706 and broadcast unit 707; Wherein,
Descrambling unit 706 is connected with second decrypting device 704, is used to utilize this control word that program is carried out descrambling; Broadcast unit 707 is connected with descrambling unit 706, is used for the program behind the descrambling is play.
In the present embodiment, as shown in Figure 8, second channel is set up unit 705 and is comprised:
Second information receiving unit 801 is used to receive the certificate of the publicly-owned key that comprises safety device that this safety device sends;
Whether second certificate verification unit 802 is connected with second information receiving unit 801, be used to utilize the prestore signature of the described certificate of publicly-owned key authentication of CAS manufacturer effective;
Second channel determining unit 803 is used for determining to set up the secure communication channel between this safety device and the set-top box when the signature of second certificate verification unit, 802 these certificates of checking is effective;
Second information transmitting unit 804 is connected with second certificate verification unit 802, is used for sending the effective response message of checking to this safety device when the signature of second certificate verification unit, 802 these certificates of checking is effective.
In addition, as shown in Figure 8, this second channel is set up unit 705 and is also comprised key acquiring unit 805, is used for obtaining the publicly-owned key of this safety device when the signature of the described certificate of second certificate verification unit, 802 checkings is effective.Like this, when this set-top box generates the second random number B, can utilize the publicly-owned key of this safety device that this second random number is encrypted acquisition B ', and this B ' is sent to safety device.
In the present embodiment, as shown in Figure 9, the second arranging key generation unit 701 can comprise:
First receiving element 901 is used to receive first random number that described safety device generates;
The second random number generation unit 902 is used to generate second random number;
The second key generation unit 903 is connected with the second random number generation unit 902 with first receiving element 901, is used to utilize first random number and described second random number to adopt the algorithm generation arranging key same with safety device.Like this, this set-top box can utilize this arranging key that the control word of the encryption of this safety device transmission is decrypted, to obtain control word.
As shown in Figure 9, the second arranging key generation unit 701 also can comprise second ciphering unit 904, be connected with the second random number generation unit 902, be used to utilize the publicly-owned key of this safety device that this second random number B is encrypted, and the second random number B ' after will encrypting be sent to safety device.Like this, after this safety device obtains this B ', utilize its private cipher key to be decrypted,, and utilize this A and B to generate arranging key DCK with acquisition B.
Embodiment 5
The embodiment of the invention also provides a kind of receiving terminal for digital television, and as shown in figure 10, this terminal comprises safety device 1001 and set-top box 1002; Wherein, the formation of this safety device 1001 repeats no more as described in embodiment 1 and the embodiment 2 herein.The formation of this set-top box 1002 repeats no more as described in embodiment 3 and the embodiment 4 herein.
In concrete the application, receiving terminal for digital television can comprise the safety device 1001 and the set-top box 1002 of the foregoing description, below in conjunction with Figure 11 and Figure 12 its workflow is described.
At first, set up secured communication channel between this safety device and the set-top box.Wherein, the CAS front end of CAS manufacturer generates the publicly-owned key (Publickey) and the private cipher key (Privatekey) of safety device, this private cipher key, the certificate that comprises publicly-owned key and signature is sent in the safety device (see step 1101,1102) then; Whether this safety device can utilize the signature of publicly-owned key authentication certificate of the CAS manufacturer that prestores effective, be sent to the set-top box that communicates with if effectively then this is comprised the certificate of the publicly-owned key of this safety device, can obtain the private cipher key and the publicly-owned key (seeing step 1103,1104) of this safety device simultaneously; After this set-top box receives the certificate of the publicly-owned key that comprises this safety device, similarly, the utilization publicly-owned key that prestores is verified the signature of this certificate, if effectively then this set-top box obtains the publicly-owned key of this safety device, and determine to set up secured communication channel with this safety device, and return response message and give this safety device (seeing step 1105,1106); Safety device obtains to determine to set up secured communication channel (seeing step 1107) behind this response message.
Then, safety device generates random number A, and this random number A is sent to set-top box (seeing step 1201,1202) by secured communication channel; Set-top box generates random number B, and utilizes random number A and random number B to generate arranging key DCK, and utilizes the publicly-owned secret key encryption random number B of this safety device, obtains random number B ' and this B ' is sent to safety device (seeing that step 1203 is to 1206); Safety device utilizes its private cipher key that B ' is decrypted, and obtains random number B, utilizes random number A and random number B to generate arranging key DCK (seeing step 1208).
When set-top box received the ECM packet of front end transmission, this ECM packet can comprise the control word of being encrypted by product key, and this set-top box is sent to safety device with this ECM packet; This safety device utilization prestores after product key is decrypted the control word of this encryption, can obtain control word CW; In order to improve safety of data transmission, before this control word CW is transferred to set-top box, can utilize the arranging key DCK of generation that this control word is encrypted and encrypted control word is sent to set-top box; After set-top box obtained the control word of this encryption, the arranging key that utilization generates was decrypted the control word of this encryption, to obtain this control word, utilizes this control word descrambling program, and plays this program, makes that the terminal use can TV reception.
The foregoing description has illustrated the secured communication channel that can set up in advance between safety device and the set-top box, and generation arranging key, after safety device receives the ECM packet and obtains control word, can utilize this arranging key that the control word that obtains is encrypted, be sent to set-top box by this secured communication channel then, this set-top box can utilize the arranging key of generation that the control word of encrypting is decrypted, to obtain control word.
In addition, also can be after safety device receives the ECM packet and obtains control word, set up the secured communication channel between safety device and the set-top box again, and generation arranging key, utilize the arranging key that generates that the control word that obtains is encrypted then, be sent to set-top box by this secured communication channel then, this set-top box can utilize the arranging key of generation that the control word of encrypting is decrypted, to obtain control word.
From the above, the CAS front end of CAS manufacturer can utilize the private cipher key and the publicly-owned key of this safety device of asymmetric arithmetic generation, and this safety device can get access to this CAS front end generation private cipher key and comprise the publicly-owned key of this safety device and the certificate of signature; This set-top box can be set up the logical and safety device negotiation generation arranging key of secure communication between the safety device that communicates with, control word to the encryption that obtains utilizes this arranging key to be decrypted, utilize the control word after deciphering that program is carried out descrambling so that the user watches program then, therefore, can improve safety of data transmission and reliability, prevent that malice from stealing the phenomenon of control word and taking place.
Above-described embodiment; the purpose of this utility model, technical scheme and beneficial effect are further described; institute is understood that; the above only is an embodiment of the present utility model; and be not used in and limit protection range of the present utility model; all within spirit of the present utility model and principle, any modification of being made, be equal to replacement, improvement etc., all should be included within the protection range of the present utility model.
Claims (13)
1. the safety device of a receiving terminal for digital television is characterized in that, described safety device comprises:
The first arranging key generation unit is used to generate first random number, and utilizes the secured communication channel of building in advance described first random number to be sent to the set-top box of described receiving terminal for digital television; And second random number that receives that secured communication channel that described set-top box utilization builds in advance returns by the publicly-owned secret key encryption of described safety device, and utilize the private cipher key of described safety device that second random number of encrypting is decrypted, to obtain described second random number; Utilize described first random number and described second random number to generate arranging key according to certain algorithm;
The Entitlement Control Message processing unit is used to receive the Entitlement Control Message that front end that described set-top box sends issues, and described Entitlement Control Message comprises product mark and the control word of being encrypted by product key; Utilize the product key of described product mark correspondence that the control word of encrypting is decrypted, to obtain control word;
First ciphering unit is connected with the Entitlement Control Message processing unit with the described first arranging key generation unit, be used to utilize described arranging key that the control word that obtains is encrypted, and the described control word after will encrypting is sent to described set-top box.
2. the safety device of receiving terminal for digital television according to claim 1 is characterized in that, the described first arranging key generation unit comprises:
The first random number generation unit is used to generate first random number, and utilizes the secured communication channel of building in advance that described first random number is sent to described set-top box;
The first random number receiving element is used to receive that secured communication channel that described set-top box utilization builds in advance returns by second random number of the publicly-owned secret key encryption of described safety device;
First decrypting device is connected with the described first random number receiving element, is used to utilize the private cipher key of described safety device that second random number of encrypting is decrypted, to obtain described second random number;
The first key generation unit is connected with described first decrypting device with the described first random number generation unit, is used to utilize described first random number and described second random number to generate arranging key.
3. the safety device of receiving terminal for digital television according to claim 1, it is characterized in that, described safety device comprises that also first passage sets up the unit, described first passage is set up the unit and is connected with the described first arranging key generation unit, is used to set up the secured communication channel between described safety device and the described set-top box.
4. the safety device of receiving terminal for digital television according to claim 3 is characterized in that, described first passage is set up the unit and comprised:
Whether first certificate verification unit is used to utilize the prestore signature of the certificate that the publicly-owned key authentication of CAS manufacturer obtains effective, and described certificate comprises the publicly-owned key and the signature of safety device correspondence;
First information transmitting element, be connected with described first certificate verification unit, when the signature that is used for verifying described certificate in described first certificate verification unit is effective, described certificate is sent to described set-top box, make whether the prestore signature of the described certificate of publicly-owned key authentication of CAS manufacturer of described set-top box utilization is effective, and when checking is effective, obtain the publicly-owned key of described safety device and return the effective response message of checking;
The first passage determining unit is used for determining to set up the secured communication channel between described safety device and the described set-top box when receiving the effective response message of checking that described set-top box returns.
5. the safety device of receiving terminal for digital television according to claim 4 is characterized in that, described first passage is set up the unit and also comprised: information acquisition unit is used to obtain the private key and the described certificate of described safety device.
6. a set-top box is characterized in that, described set-top box comprises:
The second arranging key generation unit, be used for receiving first random number that safety device generates by the secured communication channel of building in advance, and generate second random number, utilize described first random number and described second random number to adopt the algorithm generation arranging key same with safety device;
The Entitlement Control Message receiving element is used for the Entitlement Control Message that receiving front-end sends, and described Entitlement Control Message is sent to described safety device; Described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
The control word receiving element is used for receiving the control word by the arranging key encryption that safety device sends by the secured communication channel of building in advance;
Second decrypting device, be connected with the control word receiving element with the described second arranging key generation unit, be used to utilize the control word of the encryption that described arranging key that the described second arranging key generation unit generates receives described control word receiving element to be decrypted, to obtain described control word.
7. set-top box according to claim 6 is characterized in that, the described second arranging key generation unit comprises:
First receiving element is used to receive first random number that described safety device generates;
The second random number generation unit is used to generate second random number;
The second key generation unit is connected with the described second random number generation unit with described first receiving element, is used to utilize described first random number and described second random number to adopt the algorithm generation arranging key same with safety device.
8. set-top box according to claim 7 is characterized in that, the described second arranging key generation unit also comprises:
Second ciphering unit is connected with the described second random number generation unit, be used to utilize the publicly-owned key of described safety device that described second random number is encrypted, and second random number after will encrypting is sent to safety device.
9. according to the described set-top box of claim 6, it is characterized in that, described set-top box comprises that also second channel sets up the unit, and described second channel is set up the unit and is connected with the described second arranging key generation unit, is used to set up the secured communication channel between described safety device and the described set-top box.
10. set-top box according to claim 9 is characterized in that, described second channel is set up the unit and comprised:
Second information receiving unit is used to receive the certificate that described safety device sends, and described certificate comprises the publicly-owned key and the signature of safety device correspondence;
Whether second certificate verification unit is connected with described second information receiving unit, be used to utilize the prestore signature of the described certificate of publicly-owned key authentication of CAS manufacturer effective;
The second channel determining unit when signature that is used for verifying described certificate in described second certificate verification unit is effective, determines to set up the secure communication channel between described safety device and the described set-top box;
Second information transmitting unit is connected with described second certificate verification unit, when the signature that is used for verifying described certificate in described second certificate verification unit is effective, sends the effective response message of checking to described safety device.
11. set-top box according to claim 10 is characterized in that, described second channel is set up the unit and is also comprised key acquiring unit, when the signature that is used for verifying described certificate in described second certificate verification unit is effective, obtains the publicly-owned key of described safety device.
12. set-top box according to claim 6 is characterized in that, described set-top box also comprises:
The descrambling unit is connected with described second decrypting device, is used to utilize described control word that described program is carried out descrambling;
Broadcast unit is connected with described descrambling unit, is used for the program behind the descrambling is play.
13. a receiving terminal for digital television is characterized in that described receiving terminal for digital television comprises set-top box and safety device; Wherein,
Described safety device comprises the described safety device of each claim in the claim 1 to 5;
Described set-top box comprises the described set-top box of each claim in the claim 6 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200920222893.9U CN201515456U (en) | 2009-09-23 | 2009-09-23 | Safe device, set-top box and receiving terminal for digital television receiving terminals |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200920222893.9U CN201515456U (en) | 2009-09-23 | 2009-09-23 | Safe device, set-top box and receiving terminal for digital television receiving terminals |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201515456U true CN201515456U (en) | 2010-06-23 |
Family
ID=42486867
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200920222893.9U Expired - Lifetime CN201515456U (en) | 2009-09-23 | 2009-09-23 | Safe device, set-top box and receiving terminal for digital television receiving terminals |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201515456U (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964708A (en) * | 2010-10-25 | 2011-02-02 | 西安西电捷通无线网络通信股份有限公司 | System and method for establishing session key between nodes |
| CN103139642A (en) * | 2013-02-20 | 2013-06-05 | 深圳创维数字技术有限公司 | Method, related device and system of signal encryption achieved in set top box |
| CN103354998A (en) * | 2010-12-01 | 2013-10-16 | 耶德托公司 | Control word protection |
| CN104796745A (en) * | 2015-03-26 | 2015-07-22 | 成都市斯达鑫辉视讯科技有限公司 | Safety protection method for set top box |
| US11303440B2 (en) * | 2017-02-07 | 2022-04-12 | Siemens Aktiengesellschaft | Method and programmable hardware security module |
-
2009
- 2009-09-23 CN CN200920222893.9U patent/CN201515456U/en not_active Expired - Lifetime
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964708A (en) * | 2010-10-25 | 2011-02-02 | 西安西电捷通无线网络通信股份有限公司 | System and method for establishing session key between nodes |
| CN101964708B (en) * | 2010-10-25 | 2013-01-16 | 西安西电捷通无线网络通信股份有限公司 | System and method for establishing session key between nodes |
| CN103354998A (en) * | 2010-12-01 | 2013-10-16 | 耶德托公司 | Control word protection |
| CN103139642A (en) * | 2013-02-20 | 2013-06-05 | 深圳创维数字技术有限公司 | Method, related device and system of signal encryption achieved in set top box |
| CN104796745A (en) * | 2015-03-26 | 2015-07-22 | 成都市斯达鑫辉视讯科技有限公司 | Safety protection method for set top box |
| US11303440B2 (en) * | 2017-02-07 | 2022-04-12 | Siemens Aktiengesellschaft | Method and programmable hardware security module |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1655503B (en) | A secure key authentication and ladder system | |
| CN103618607B (en) | A kind of Security Data Transmission and key exchange method | |
| CN102075802B (en) | Method for realizing secure communication between set-top box and intelligent card | |
| KR20140034725A (en) | Control word protection | |
| US7937587B2 (en) | Communication terminal apparatus and information communication method | |
| KR20030011672A (en) | Method of transmitting confidential data | |
| CN103051869A (en) | System and method for encrypting camera video in real time | |
| CN101005356A (en) | Method of descrambling a scrambled content data object | |
| CN102724568A (en) | Authentication certificates | |
| US9986308B2 (en) | Method and device to embed watermark in uncompressed video data | |
| CN103444195A (en) | Content encryption | |
| KR20100058840A (en) | Method for downloading cas in iptv | |
| CN101448130A (en) | Method, system and device for protecting data encryption in monitoring system | |
| CN102857911A (en) | Positioning method, terminal and server | |
| CN102595198B (en) | A kind of key management system based on safety chip, terminal equipment and method | |
| CN101335579A (en) | Method implementing conditional reception and conditional receiving apparatus | |
| CN201515456U (en) | Safe device, set-top box and receiving terminal for digital television receiving terminals | |
| CN101789863B (en) | Safe data information transmission method | |
| CN101626484A (en) | Method for protecting control word in condition access system, front end and terminal | |
| CN109618313B (en) | Vehicle-mounted Bluetooth device and connection method and system thereof | |
| CN105635759A (en) | Output content protection method and condition receiving module | |
| CN102056156B (en) | Computer Data Security is downloaded to the method and system of mobile terminal | |
| CN101505400B (en) | Bi-directional set-top box authentication method, system and related equipment | |
| KR20060120011A (en) | Portable security module pairing | |
| CN101902610B (en) | Method for realizing secure communication between IPTV set top box and smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term | ||
| CX01 | Expiry of patent term |
Granted publication date: 20100623 |