A kind of digital information safety treatment system
Technical field
The utility model relates to the digital information safety field, relates in particular to a kind of digital information safety treatment system.
Background technology
Condition receiving system (Conditional access system, CAS) be the core of digital television system, CAS realizes the scrambling transmission of audio frequency, video and data at front end, the descrambling of realizing program at the set-top box end receives, by authorization control and empowerment management, realize the paid reception of scrambled program, realize the income of program operator.
Digital copyright management (Digital rights management; DRM) system mainly is responsible for content publisher's information releasing and copyright publisher information releasing combined content is become shielded content; the user needs acquisition earlier to use the permission or the mandate of protected content when using the content of DRM protection.
Continuous development along with science and technology; people require more and more higher to information security; especially along with the propelling of domestic integration of three networks process; digital television system is except requiring the programme content safe transmission; safety to programme content itself has also proposed more and more higher requirement; yet CAS lays particular emphasis on the transmission security of protection programme content; DRM lays particular emphasis on the safety of protection programme content itself; do not have a kind of suitable device at present and can satisfy CAS protection program transmission safety, can satisfy the demand of the safety of DRM protection programme content itself again.
No. 201020169730.1 applications that the applicant formerly submits to have proposed a kind of digital information safety treatment facility, digital information for the input safety processing device, it both can be protected according to the CA mode, also can protect according to digital copyright management (DRM) mode, but, 201020169730.1 number apply for described safety processing device, the generation of the generation of control word CW and DRM encryption key all realizes that by the FPGA module FPGA module work load is bigger; Simultaneously, the FPGA module also is connected with the signal condition unit, and structure is complicated; In addition, apply for that described safety processing device does not relate to many CA with close situation for No. 201020169730.1.
Summary of the invention
The purpose of this utility model can only adopt CA mode or DRM mode data message to be carried out problems such as scrambling or encryption in order to solve present a kind of equipment or system exactly; and the device structure complexity of No. 201020169730.1 application existence; the big and many CA that are untreated of FPGA module burden are with problem such as close; a kind of digital information safety treatment system has been proposed; it is mutual by safety control module and a plurality of CAS server and DRM authorization server; and control the safe handling module by safety control module the digital information of input is protected according to the CA mode or protected according to digital copyright management (DRM) mode; this digital information safety treatment system is powerful; realize simple; flexibly, the trend that meets integration of three networks development.
To achieve these goals, the utility model adopts following technical scheme:
A kind of digital information safety treatment system, it comprises: safety control module and safe handling module, both two-way communications, wherein,
Safety control module is a kind of in PC and/or the server, safety control module be responsible for controlling many CA with close, generate control word CW, management control Entitlement Control Message ECM and Entitlement Management Message EMM, generation or receive mode and the control safe handling module that DRM encryption key, control carry out safe handling to digital information digital information is carried out safe handling;
The safe handling module then is connected with derived digital signal, the safe handling module is under the control of safety control module, be responsible for the digital information of input safe handling module is carried out safe handling according to CA scrambling or DRM cipher mode, and output is through the digital information of safe handling.
Described safety control module and safe handling intermodule are by at least a the communicating in RJ45 interface, PCIE interface and the SFP light mouth module.
Described safety control module by the RJ45 interface respectively with DRM server, at least one CA server and NM server two-way communication.
Described safe handling module comprises fpga chip, and fpga chip is connected with at least one PCIE interface with at least one memory module, at least one SFP light mouth module, at least one RJ45 interface respectively.
Described memory module is SDRAM and FLASH memory.
Described RJ45 interface is a 10/100/1000M self adaptation network interface.
Described digital information is carried out safe handling is to be realized by the fpga chip in the safe handling module, comprises at least using CW that digital information is carried out scrambling and using the DRM encryption key that digital information is encrypted a kind of in two kinds of processing modes.
Described use CW carries out digital information also comprising Entitlement Control Message ECM and Entitlement Management Message EMM etc. is multiplexed in the digital information in the processing mode of scrambling.
Described safety control module can be the CA server that the CA systems soft ware is installed.
Described safe handling module receives the digital information input by SFP light mouth module or RJ45 interface; Simultaneously, the digital information after safe handling module is handled by SFP light mouth module or RJ45 interface output safety.
Communication data between described safety control module and the safe handling module comprises control word CW, Entitlement Control Message ECM, Entitlement Management Message EMM, DRM encryption key at least, digital information is carried out the state information of control information such as safe handling mode that safe handling uses and safe handling module.
The beneficial effects of the utility model are: safety control module by with CA server, DRM server and NM server two-way communication; control safe handling module is protected according to the CA mode or is protected according to digital copyright management (DRM) mode the digital information of input; this digital information safety treatment system can realize the protection to digital information simply, safely, neatly; powerful; realize simply meeting the trend of integration of three networks development.
Description of drawings
Fig. 1 is the structural representation of safe handling module described in the utility model;
Fig. 2 is the embodiment 1 of digital information safety treatment system described in the utility model;
Fig. 3 is the embodiment 2 of digital information safety treatment system described in the utility model;
Fig. 4 is the embodiment 3 of digital information safety treatment system described in the utility model.
Wherein, 1, fpga chip, 2, memory module, 3, SFP light mouth module, 4, the RJ45 interface, 5, the PCIE interface, 6. safety control module, 7. safe handling module, 8.DRM server, 9.CA server, 10. NM server, 11. derived digital signals.
Embodiment
Below in conjunction with accompanying drawing and embodiment the utility model is described further.
Accompanying drawing described herein is used to provide further understanding of the present utility model, constitutes a part of the present utility model, and illustrated embodiment of the present utility model and explanation thereof are used to explain the utility model, and improper qualification of the present utility model in pairs inadequately.
Fig. 1 is the structural representation of safe handling module 7 described in the utility model, and it comprises fpga chip 1, and fpga chip 1 is connected with memory module 2; Fpga chip 1 is connected with at least one RJ45 interface 4 with at least one SFP light mouth module 3 respectively; Simultaneously, fpga chip 1 also is connected with PCIE interface 5.
Described memory module 2 is SDRAM or FLASH memory.
Described RJ45 interface 4 is a 10/100/1000M self adaptation network interface.
Described safe handling module 7 communicates by a kind of and safety control module 6 in RJ45 interface 4, PCIE interface 5 or the SFP light mouth module 3 at least.
Safe handling module 7 receives control word CW, DRM encryption key and other control informations that safety control module 6 is sent, and the digital information of 1 pair of input of control fpga chip carries out the CA scrambling or DRM encrypts.
Described fpga chip 1 uses CW digital information to be carried out also comprise Entitlement Control Message ECM and Entitlement Management Message EMM etc. is multiplexed in the digital information in the processing mode of scrambling.
Described safe handling module 7 receives the digital information input by SFP light mouth module 3 or RJ45 interface 4; Simultaneously, the digital information after safe handling module 7 is handled by SFP light mouth module 3 or RJ45 interface 4 output safeties.
Embodiment 1:
As shown in Figure 2, safety control module 6 is by SFP light mouth module 3 and 7 two-way communications of safe handling module; Safety control module 6 passes through RJ45 interface 4 respectively at DRM server 8 and NM server 10 two-way communications; Simultaneously, the digital information that safe handling module 7 is sent by SFP light mouth module 3 receiving digital signals sources 11.Wherein, safety control module 6 is the CA server that contains RJ45 interface 4 and the CA systems soft ware is installed, and RJ45 interface 4 is a 10M/100M/1000M adaptive network interface.
Embodiment 2:
As shown in Figure 3, safety control module 6 is by SFP light mouth module 3 and 7 two-way communications of safe handling module; Safety control module 6 by RJ45 interface 4 respectively with two CA servers 9, DRM server 8 and NM server 10 two-way communications; Simultaneously, the digital information that safe handling module 7 is sent by SFP light mouth module 3 receiving digital signals sources 11.Wherein, safety control module 6 is for containing the PC of RJ45 interface 4, and RJ45 interface 4 is a 10M/100M/1000M adaptive network interface.
Embodiment 3:
As shown in Figure 4, safety control module 6 is by PCIE interface 5 and 7 two-way communications of safe handling module; Safety control module 6 by RJ45 interface 4 respectively with two CA servers 9, DRM server 8 and NM server 10 two-way communications; Simultaneously, the digital information that safe handling module 7 is sent by SFP light mouth module 3 receiving digital signals sources 11.Wherein, safety control module 6 is for being equipped with the CA server of CA systems soft ware, and RJ45 interface 4 is a 10M/100M/1000M adaptive network interface.
In the foregoing description, when adopting the CA mode that digital signal is carried out scrambling, described digital information safety treatment system workflow is:
(a1) be configured by 10 pairs of safety control modules 6 of NM server, it is the scrambling of CA mode that the safe handling mode is set;
(a2) safety control module 6 generates control word CW, and CW is sent to two CA servers 9 respectively;
(a3) two CA servers 9 generate Entitlement Control Message ECMA, ECMB and Entitlement Management Message EMMA, EMMB respectively according to the CW that receives, and Entitlement Control Message and the Entitlement Management Message that generates sent to safety control module 6;
(a4) safety control module 6 sends to safe handling module 7 with CW and ECMA, ECMB, control informations such as EMMA, EMMB;
(a5) safe handling module 7 utilizes CW that the digital information that receives from derived digital signal 11 is carried out scrambling, and the digital information after the scrambling is sent by SFP light mouth module 3 with Entitlement Control Message and Entitlement Management Message.
When adopting the DRM mode that digital signal is encrypted, described digital information safety treatment system workflow is:
(b1) be configured by 10 pairs of safety control modules 6 of NM server, the safe handling mode be set encrypt for the DRM mode;
(b2) safety control module 6 generates the DRM encryption key, and key is sent to DRM server 8 and safe handling module 7;
(b3) safe handling module 7 utilizes the DRM encryption key that the digital information that receives from derived digital signal 11 is encrypted, and the digital information after will encrypting sends by SFP light mouth module 3.
Perhaps
When adopting the DRM mode that digital signal is encrypted, described digital information safety treatment system workflow is:
(c1) be configured by 10 pairs of safety control modules 6 of NM server, the safe handling mode be set encrypt for the DRM mode;
(c2) safety control module 6 is to DRM server 8 request DRM encryption keys;
(c3) DRM server 8 generates the DRM encryption key, and key is sent to safety control module 6;
(c4) safety control module 6 receives the DRM encryption key, and key is sent to safe handling module 7;
(c5) safe handling module 7 utilizes the DRM encryption key that the digital information that receives from derived digital signal 11 is encrypted, and the digital information after will encrypting sends by SFP light mouth module 3.
More preferably, the DRM encryption key that transmits between above-mentioned safety control module 6 and the DRM server 8 is the ciphertext of DRM encryption key.
Above-mentioned implementation column and flow process are of the present utility modelly more preferably to select, and other related embodiment of the present utility model and using method, this area person skilled can be easy to expect and realize that the utility model repeats no more on the utility model basis.