KR101362424B1 - Authentication method and system for providing iptv communication service - Google Patents

Abstract

The present invention relates to an authentication method and system for providing an IPTV communication service, and more particularly, when an IPTV viewer uses a communication service on an IPTV, an authentication of an IPTV terminal or a user using the service. The present invention relates to an authentication method and system for providing an IPTV communication service.

According to the present invention, in the user to use the service provided by the IPTV communication service system using the IPTV terminal connected to the IPTV network, the service can be used only by authentication of the terminal according to the characteristics of each application service, or In addition, it enables a variety of authentication methods to use the service only after the user's personal authentication using the user's personal authentication number.

In addition, according to the present invention, when the terminal passes the authentication, it is possible to establish a main session for transmitting and receiving messages between the IPTV communication service system and the user's IPTV terminal, so that the user can manually receive the notification message, etc. immediately without a separate authentication process Make it available.

IPTV, Communications, Certification

Description

Authentication method and system for providing IP communication service {AUTHENTICATION METHOD AND SYSTEM FOR PROVIDING IPTV COMMUNICATION SERVICE}

1 is a diagram showing an IPTV network configuration for implementing an authentication method when using an IPTV communication service according to the present invention.

2 is a diagram showing a configuration of an IPTV head-end system;

3 is a diagram showing the configuration of an IPTV communication service authentication system according to the present invention;

4 is a diagram illustrating a structure of an IPTV communication client operated in an IPTV terminal for implementing an authentication method when using an IPTV communication service according to the present invention.

5 is a diagram illustrating an authentication process when using an IPTV communication service according to the present invention.

6 is a diagram illustrating an embodiment of a portal screen that can use various services provided by an IPTV system.

FIG. 7 illustrates an embodiment of a screen for selecting one of each application service included in an IPTV communication service. FIG.

The present invention relates to an authentication method and system for providing an IPTV communication service, and more particularly, when an IPTV viewer uses a communication service on an IPTV, an authentication of an IPTV terminal or a user using the service. The present invention relates to an authentication method and system for providing an IPTV communication service.

Communication services available through IPTV may include a variety of services including messenger, channel chat, SMS, MMS or dialing. Since each service is a service using IPTV, each terminal should basically undergo terminal authentication of the IPTV communication service authentication system. On the other hand, each service needs to vary the authentication method according to its characteristics. For example, since a messenger service is a very personal service, it is necessary to go through not only the authentication of the IPTV terminal using the messenger service but also the authentication process of the individual using the messenger service. However, the text (SMS) service using the IPTV terminal can be configured to be used only if the terminal has been authenticated without having to go through personal authentication. Also, when viewing a message received by me, for example, an SMS message received by me, or a notification message from the IPTV communication service authentication system, it is possible to receive only the authentication of the terminal without having to go through personal authentication. It is convenient, and it is preferable that the connection is already made even before the service is selected. When using a service using a conventional cable TV or the Internet, there was a problem that such various service authentication methods are not provided.

The present invention has been made to solve the above problems, in which the user to use the service provided by the IPTV communication service system using the IPTV terminal connected to the IPTV network, according to the characteristics of each application service Authentication method for providing IPTV communication service that enables service using only authentication, or enables various authentication methods to use service only after user's personal authentication using user's personal authentication number as well as terminal. The purpose is to provide a system.

On the other hand, when the terminal passes the authentication, it is possible to set up a main session for sending and receiving messages between the IPTV communication service system and the user's IPTV terminal, so that the user can receive the notification message manually received without any separate authentication process immediately. The purpose is to provide an authentication method and system for providing an IPTV communication service.

In order to achieve the above object, an IPTV communication service authentication system for providing an IPTV communication service to an IPTV terminal according to the present invention and performing authentication therefor, and data broadcasting for generating portal screen data including information on the IPTV communication service. system; A return path server system connected to the IPTV terminal through a IPTV network via a return channel and transmitting and receiving bidirectional data with the IPTV terminal in a unicasting manner to provide an interactive IPTV communication service; Receiving an authentication request message for the IPTV communication service from an IPTV terminal using an IPTV network through the return pass server system, and generating an authentication key (Unique Key, UK) in response to the authentication request message, the return pass server. Personalization authentication server for transmitting to the IPTV terminal through a system; And a communication main system in charge of performing authentication using the authentication key and performing an IPTV communication service.

A multiplexing system for multiplexing the portal screen data and the program specific information (PSI) received from the data broadcasting system, and outputting the multiplexed stream by IP packetizing; And a network switch system for transmitting the IP packetized signal received from the multiplexing system to the IPTV terminal through the IPTV network in a multicasting manner.

The communication main system is connected to the IPTV terminal through the Internet network,

A connection front end server for establishing and maintaining an access session with the IPTV terminal through an IPTV communication client program (hereinafter referred to as an "IPTV communication client") in the IPTV terminal; An authentication server for performing authentication of the IPTV terminal or authentication of an IPTV communication service subscriber according to information received from an IPTV communication client; A subscriber information database storing information of an IPTV communication service subscriber for authentication; And an application service system that performs each application service included in the IPTV communication service.

The communication main system may further include a connection distribution server that manages connection location information of the IPTV terminal and designates an access front end server to be connected when the connection request of the IPTV terminal is performed.

The IPTV terminal may include a TV having an IP set-top box, an IP set-top box connected to a TV of a service user, a computer, a notebook, and a personal portable terminal.

The multiplexed stream output by being IP-packed by the multiplexing system may be streamed using the MPEG2 TS.

According to another aspect of the present invention, an IPTV communication service authentication system for an IPTV terminal of an IPTV communication service subscriber (hereinafter referred to as a subscriber) is referred to as an IPTV communication client program (hereinafter referred to as an "IPTV communication client") performed inside the IPTV terminal. (A) receiving a terminal authentication request message from an IPTV terminal of a subscriber, transmitting a message for performing terminal authentication with the IPTV terminal. Transmitting and receiving and performing a terminal authentication process; (b) if terminal authentication passes, establishing a main session for transmitting and receiving a message with the IPTV terminal when providing a service provided by terminal authentication only among IPTV communication services; (c) When a service that requires user's personal authentication is selected by the subscriber among the IPTV communication services (hereinafter referred to as 'personalization service'), when receiving a personal authentication request message from the IPTV terminal, the personal authentication is performed with the IPTV terminal. Transmitting and receiving a message for performing a personal authentication process; and (d) establishing a service session for transmitting and receiving a message with the IPTV terminal when providing the personalized service if the personal authentication passes.

In the step (a), the terminal authentication request from the IPTV terminal is preferably performed at the time of booting the IPTV terminal.

In the terminal authentication of step (a), (a1) when the personalization authentication server of the IPTV communication service authentication system receives the terminal authentication request message including the ID (SAID) of the terminal from the IPTV terminal, the terminal corresponding to the SAID Generating an authentication key and transmitting it to the IPTV terminal; (a2) when the communication main system of the IPTV communication service authentication system receives an authentication request including the SAID and the terminal authentication key from the IPTV terminal, performing authentication and transmitting a result to the IPTV terminal; (a3) when the communication main system of the IPTV communication service authentication system receives a login request from the IPTV terminal, performing a login and transmitting a result to the IPTV terminal.

Personal authentication of the step (c), (c1) the personalization authentication server of the IPTV communication service authentication system, the ID (SAID) of the terminal and the personal identification number (Personal Identification Number, PIN) entered from the subscriber Receiving a personal authentication request message containing a, generating a personal authentication key corresponding to the SAID and PIN and transmitting to the IPTV terminal; (c2) when the communication main system of the IPTV communication service authentication system receives the authentication request including the SAID and the personal authentication key from the IPTV terminal, performing authentication and transmitting a result to the IPTV terminal; (c3) when the communication main system of the IPTV communication service authentication system receives a login request from the IPTV terminal, performing a login and transmitting a result to the IPTV terminal.

In the authentication request received in step (c2), it is preferable that the ID and password input from the subscriber.

According to another aspect of the present invention, an IPTV terminal is connected to an IPTV communication service authentication system and an IPTV network by an IPTV communication client program (hereinafter, referred to as an "IPTV communication client") performed inside the terminal, thereby providing an IPTV service. A method for performing authentication for providing a communication service using an IPTV to a subscriber includes: (a) requesting terminal authentication to the IPTV communication service authentication system, transmitting and receiving a message for performing terminal authentication, and performing terminal authentication; (b) forming a main session for transmitting / receiving a message with the IPTV communication service authentication system when providing a service provided only by terminal authentication among IPTV communication services when terminal authentication passes; (c) If a service that requires user's personal authentication is selected by the subscriber (hereinafter referred to as 'personalization service') of the IPTV communication service, a message for requesting personal authentication to the IPTV communication service authentication system to perform personal authentication Transmitting and receiving and performing personal authentication; (d) if the personal authentication passes, establishing a service session for transmitting and receiving a message with the IPTV communication service authentication system when providing the personalized service.

In the step (a), the terminal authentication request from the IPTV terminal is preferably performed at the time of booting the IPTV terminal.

The terminal authentication process of step (a) may include: (a1) transmitting a terminal authentication request message including an ID (SAID) of the IPTV terminal to a personalization authentication server of the IPTV communication service authentication system; (a2) if the terminal authentication key is received from the personalization authentication server of the IPTV communication service authentication system, transmitting an authentication request message including the received terminal authentication key and the SAID to the communication main system of the IPTV communication service authentication system; (a3) receiving a message indicating that authentication has passed from the channel chat main system of the IPTV communication service authentication system, sending a login request to the communication main system of the IPTV communication service authentication system and receiving a login result; have.

The personal authentication of the step (c), (c1) provides a personal identification number (PIN) input window on the IPTV terminal screen, if a PIN is input from the specific subscriber, the ID (SAID) of the IPTV terminal and the Transmitting a personal authentication request message including a PIN input from the subscriber to the personalization authentication server of the IPTV communication service authentication system; (c2) when receiving the personal authentication key from the personalization authentication server, transmitting an authentication request including the SAID and the personal authentication key to the communication main system of the IPTV communication service authentication system; (c3) receiving an authentication result from the communication main system of the IPTV communication service authentication system, and in case of authentication, sending a login request to the communication main system of the IPTV communication service authentication system and receiving a login result; can do.

In the step (c2), the authentication request transmitted to the communication main system of the IPTV communication service authentication system preferably includes an ID and password input from the subscriber.

According to another aspect of the present invention, an IPTV communication client program (hereinafter referred to as IPTV communication) that is performed in an IPTV terminal, provides an IPTV communication service while communicating with an IPTV communication service authentication system, and performs authentication for providing an IPTV communication service. Client), the IPTV communication client controls each module in the IPTV communication client to provide an IPTV communication service and to perform an authentication process therefor, and transmits and receives a message to and from the IPTV communication service authentication system. A communication main module responsible for setting up and managing sessions for the network; An authentication module for performing an authentication process for providing an IPTV communication service; And an application service module for performing an IPTV communication service.

The IPTV communication client may be executed when the IPTV terminal is booted.

The IPTV communication client may establish a communication main session by performing a terminal authentication process with an IPTV communication service authentication system.

The authentication module of the IPTV communication client may include: transmitting a terminal authentication request message including an ID (SAID) of the IPTV terminal to the IPTV communication service authentication system, communicating with the IPTV communication service authentication system, and performing a terminal authentication process; In the case of services requiring personal authentication among IPTV communication services, a personal authentication request message including a personal identification number (PIN) received from the subscriber is sent to the IPTV communication service authentication system, and the IPTV communication service authentication system And perform a personal authentication function for communicating and performing a personal authentication process for providing a service.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. Prior to this, terms or words used in the specification and claims should not be construed as having a conventional or dictionary meaning, and the inventors should properly explain the concept of terms in order to best explain their invention in the best way possible. Based on the principle that can be defined, it should be interpreted as meaning and concept corresponding to the technical idea of the present invention. Therefore, the embodiments described in this specification and the configurations shown in the drawings are merely the most preferred embodiments of the present invention and do not represent all the technical ideas of the present invention. Therefore, It is to be understood that equivalents and modifications are possible.

1 is a diagram showing an IPTV network configuration for implementing an authentication method when using an IPTV communication service according to the present invention. The communication main system 100 plays a main role of performing the IPTV communication service as part of the IPTV communication service authentication system 500 which will be described later with reference to FIG. 3, which will be described later with reference to FIG. 3.

The IPTV head-end system 200 includes broadcasting contents supplied from each broadcasting contents provider 10 such as a program provider (PP), a data provider (DP), a terrestrial provider or an IPTV contents provider (CP) And an electronic program guide (EPG) information for the broadcast contents to the IPTV terminal 20 of the IPTV viewer. The IPTV headend system 200 is a subscriber switch (L3 switch) 350, a subscriber concentrator (xDSL concentrator, DSLAM) via a Gigabit or higher speed router and an L3 switch using the multicast routing protocol of the premium network 300. Alternatively, the broadcast content and the EPG information are transmitted to the IPTV terminals 20 of the plurality of subscribers joined to the corresponding channel by multicast through the Fast Ethernet Switch (FES) 360. The multicast routing protocol may be a Protocol Independent Multicast-Sparse Mode (PIM-SM) protocol, but the present invention is not limited thereto. For example, the multicast routing protocol may be a Distance Vector Multicast Routing Protocol (DVMRP), a Multicast Extensions to OSPF (MOSPF) Based tree, a Protocol Independent Multicast-Sparse Mode (PIM-SM), and a Protocol Independent Multicast-Dense Mode (PIM-DM).

The IP network may include an IP backbone network (eg, Ethernet, xDSL, HFC, FTTC, FTTH) using an unicast or multicast routing protocol, an IP set- And an IPTV terminal 20 including a TV connected to the STB.

The IP backbone network includes a premium network 300, respective routers including a Rendezvous Point (RP) 310 and a Premium Edge (PE) router 320 therein, a metro switch (L3 switch) 330 ), An N-Topia switch (L3 switch) 340 (N-Topia: a service that uses the high-speed Internet through LAN equipment installed in a collective building where UTP is installed), and a subscriber switch (L3 switch) Each of the Layer 3 network equipment uses a PIM-SM multicast routing protocol and the IPTV terminal 20 and the subscriber aggregation device 360 use an Internet Group Management Protocol (IGMP) and an IGMP Snooping protocol, respectively. The subscriber concentrator 360 may be an xDSL aggregation device, a DSLAM, or a Fast Ethernet Switch (FES).

The rendezvous point 310 of the premium network 300 manages a PIM Join List and a PIM Prune (Release) list for a plurality of multicast groups. In the present invention, a broadcast channel is a multicast group group), so that a Join list and a Prune list are managed for a plurality of broadcast channels.

The Internet Group Management Protocol (IGMP) is used between an IPTV terminal 20 requesting a broadcast channel selection / release and a Layer 3 network equipment (e.g., a subscriber switch 350) accepting the request.

The IGMP Snooping protocol is a Layer 2 device (e.g., a subscriber aggregation device (e.g., a subscriber aggregation device) located between a subscriber's IPTV terminal 20 requesting channel selection / release and a Layer 3 network device The Layer 2 equipment (subscriber concentrator 360) in which the IGMP Snooping protocol is driven recognizes the IGMP transmission / reception messages between the IPTV terminal 20 and the Layer 3 network equipment, And transmits the channel information to the IPTV terminal 20 only.

The subscriber network refers to a network between a Layer 2 device (e.g., subscriber concentrator 360) and an IPTV terminal 20. The subscriber network includes Ethernet, xDSL (ADSL, VDSL), Hybrid Fiber Coax (HFC) A fiber to the curb, and a fiber to the home (FTTH) structure.

The IPTV terminal 20 may use a terminal in which an IP set-top box (IP STB) is embedded or an IP set-top box, a computer, a laptop, or a personal portable terminal connected to a user's TV. Hereinafter, the terminal of the IPTV user is referred to as 'IPTV terminal' for the sake of convenience. The IPTV terminal 20 includes a hardware layer composed of hardware such as a CPU, a media processor, flash RAM, and an Ethernet module, a system software layer including a device driver and an operating system, a Java virtual machine (JVM), and a JNI (Java). Network Interface), ACAP API (ACAP-J, ACAP-X API) (Java TV, Havi UI, JMF, DAVIC, CA Interface), Conditional Access System (CAS) Module or Digital Rights Management (DRM) Rights Management) interface module, APIs for IP media service (Navigator, Audio streaming API, VOD, Flash player, HDS Client, SSO Client), middleware layer with streaming protocol (RTP, RTSP), MPEG2, MPEG4, MPEG7, It supports various multi codecs such as H.264, WMV-9, and other codecs, and includes four layers of application layer including electronic program guide (EPG) client and client for using IPTV channel chat service. do. The IPTV terminal 20 of the subscriber is assigned an IPv4 address or an IPv6 address.

2 is a configuration diagram of an IPTV head-end system 200. As shown in FIG. Referring to the drawing, an IPTV head end system 200 includes a baseband system 205, a compression multiplexing system (or multiplexing system) 210, a network switch system 215, a return path server system (RPS) A personalization authentication server (HDS) 225, an EPG providing system 230, a data broadcasting system 235, a media operation core (MOC) 240, a reception restriction system 245, A processing system 250, a monitoring system 255, and a subscriber management system 260.

The baseband system 205 receives an MPEG-2 broadcast signal or an analog broadcast signal from a terrestrial wave from an external program provider (PP), converts the received source broadcast signal into an SDI (Serial Digital Interface) signal And distributes broadcasting video and audio signals of a plurality of broadcasting channels (for example, 100 channels) through a Routine Switcher. The broadcasting picture and sound signals are distributed to a CG and an APC (Automatic Program Controller) (Signal editing and processing) to the compression multiplexing system (or multiplexing system) 210 by inserting at least one of an advertisement, a logo, and a subtitle into the broadcast video and audio signal. The baseband system 205 is a tuner (Tuner) for receiving an analog broadcast signal, such as a terrestrial broadcast signal DS-3 optical end station, Yagi antenna, Integrated Receiver Decoder (IRD), respectively, received source signal Frame synchronizer for converting and correcting SDI signals into SDI signals and synchronizing frames, and signal dividers such as A / V routers that connect and centralize all broadcast signal channels for operation management. And a subtitle generator for inserting subtitles to edit and process the signal.

The compression multiplexing system (or multiplexing system) 210 converts the broadcast video and audio signals received from the baseband system 205 into an A / V encoder for each broadcasting channel (eg, 100 channels). Compresses SDI (Serial Digital Interface) video signals using the H.264 protocol, compresses audio signals to MPEG-2 AAC, and compresses broadcast data and audio to a data encoder with MPEG-2 TS. After multiplexing the data broadcasting data generated by the program and the program related information (PSI) generated by the PSI generator, the packetized IP packetized by IP packetizing the multiplexed MPEG-2 Transport Stream (TS). A transport stream is transmitted to the network switch system 215. The program related information (PSI) includes a program association table (PAT) and program map table (PMT) information.

The network switch system 215 may include one or more L3 switches (L3 SW), the return path server system, and the subscriber station 20 for transmitting the IP packetized transport stream to an IP network by multicasting. One or more L4 switches (L4 SW) for load balancing by dividing bidirectional data receiving traffic in a unicast manner between them by a proper load, and blocking harmful traffic between the L4 switch and the IP network. One or more intrusion prevention systems.

In addition, IP multicasting can use IPv4 multicasting or IPv6 multicasting technology. In one embodiment, when the router and the L3 switch use the PIM-SM multicast routing protocol and the subscriber's IP set-top box uses the IPv4 address, IGMP v2 / v3 is used to transmit the L3 switch To join a desired broadcast channel, or when using an IPv6 address, it is transmitted to an L3 switch using MLD v1 / v2 and joined to a corresponding broadcast channel.

When the network switch system 215 uses IPv4 multicasting, IPv4 multicast addresses are '224.0.0.0' to '239.255.255.255', which are different for each broadcast channel (for example, 100 channels). Use For example, when using IPv4 multicasting, the SBS may use a 230.1.1.1 multicast address, the KBS may use a 230.1.1.2 multicast address, and the EBS may use a 230.1.1.3 multicast address. When the PIM-SM multicast routing protocol is used, the network switch system 215 transmits a Register message to the rendezvous point (RP) 310 and in response, the rendezvous point (RP) 310 transmits a PIM JOIN message To the network switch system 215 to register a rendezvous point (RP) 310 for setting a path.

The return path server system 220 records log information of a subscriber, processes bi-directional data by a data provider (DP), receives bi-directional data from a subscriber's IPTV terminal 20 And transmits the corresponding response data to the IPTV terminal 20 by unicasting.

The personalization authentication server (HDS) 225 transmits an authentication request message including the SAID of the IPTV terminal 20 for the IPTV service and application service information to be used from the subscriber's IPTV terminal 20 to the return path server System 220 and transmits an authentication key (Unique Key, UK) to the subscriber's IPTV terminal 20 through the return path server system 220 in response to the authentication request message.

The location information of the IPTV terminal 20 includes an ID (SAID) of the IPTV terminal 20 and subscriber information. The SAID of the IPTV terminal 20 is a unique ID assigned to the IPTV terminal 20. [ In addition, the IPTV terminal 20 includes a single sign-on (SSO) client and an HDS client for managing opening terminal information, and the SAID of the terminal is stored in the HDS client in the IPTV terminal 20. The personalization authentication server (HDS authentication server) 225 and the HDS client of the IPTV terminal 20 manage information (SAID, IP address, MAC address, terminal model name) of the opened IPTV terminal 20. In the case of personal authentication-based services, when a personal identification number (PIN) is authenticated, one master PIN number (consisting of four digits) can be assigned to one household and a plurality of PIN information can be assigned to household members.

The EPG providing system 230 provides EPG information to the IPTV terminal 20.

The data broadcasting system (DBS) 235 is a data manager for managing data encoding, a PSI generator / SI generator for generating program related information / service information (PSI / SI). Generator, Data Server / Data Encoder to encode data broadcasting data, Multiplexer Manager (MM) to manage multiplexing function of data broadcasting data and PSI information and SI information, and scheduler It includes a user interface (Scheduler UI). The data broadcasting system (DBS) 235 multiplexes data broadcasting data and PSI information generated by a data server / data encoder and a PSI generator / SI generator by an authoring tool according to a terrestrial ACAP data broadcasting standard , And transmits the SI information to the IP multiplexer. A data manager (DM) of the data broadcasting system (DBS) 235 receives an object carousel (OC) including periodically updated information received from a data agent (DA) do.

The Media Management Core (MOC) 240 is a system for managing various business process information (program organization information, material information, contract information, product information, etc.) for operating a broadcasting service. The media management system 240 manages broadcast program information, content and media management information, contract information of program providers (PP) and content providers (CP), and product information, And serves as a coordinator for managing the information flow through the organic combination. The media management system (MOC) 240 includes contract management in terms of acquisition, media and content metadata management, EPG information acquisition / management as broadcast schedule information, and real time broadcasting in terms of operation. Marketing analysis reporting, delivery such as settlement of CP and subscriber viewing inclination in terms of VoD channel formation management, agent management for interworking with each subsystem, VoD catalog generation management, various product management, and analysis In terms of broadcast transmission monitoring, video server transmission management and VoD subscriber authentication, transmission result recording / management for settlement with CP, and data synchronization with each subsystem.

The billing processing system 250 is a provisioning system and provides a billing function for use of an IPTV service for each subscriber member when the IPTV service is used for a fee after user authentication.

The monitoring system 255 monitors the reception failure of the IPTV head-end system 200 by monitoring a failure of transmitting an A / V broadcasting signal for IPTV broadcasting and a downlink of the IPTV head-end system 200 as a control system.

The subscriber management system 260 provides membership, termination, and member information management functions for the IPTV service.

3 is a diagram illustrating a configuration of an IPTV communication service authentication system 500 according to the present invention. The personalization authentication server 225 and the return path server 220 are components constituting the IPTV headend system 200 as described above with reference to FIG. 2, and on the other hand, the IPTV communication service authentication according to the present invention. It is also a component of system 500. The personalization authentication server 225 is a program executed on the IPTV terminal 20, and is authenticated by the IPTV communication client, which is a program that communicates with the IPTV communication service authentication system 500, and generates an authentication key (Unique Key, UK). Do it. The authentication includes terminal authentication based on the ID (SAID) of the IPTV terminal and personal authentication based on the personal identification number (PIN) of the user input by the user. According to the application service provided by IPTV, whether to perform service alone or personal authentication can be determined in advance. The personalization authentication server 225 receives the authentication request information including the SAID from the IPTV communication client at the time of terminal authentication, generates an authentication key (Unique Key, UK) from the IPTV communication client, and sends it to the IPTV communication client. Receives the authentication request information including the SAID and the PIN input by the user from the communication client, generates an authentication key (Unique Key, UK) from the communication client, and sends it to the IPTV communication client. If the already saved SAID, or SAID and PIN corresponding to the PIN already exists, sends the UK to the IPTV communication client. The detailed authentication process will be described later with reference to FIG.

The return path server 220 enables a bidirectional service by processing a request from an IPTV viewer, and in particular transmits an authentication request to the personalization authentication server 225 at the time of authentication.

A person who wants to use the IPTV communication service may select an IPTV communication service from a portal screen provided to the user's IPTV terminal 20, and then select each application service among the IPTV communication services. The portal screen is provided by a Data Broadcasting System (DBS) 235, is loaded on a channel to which an IP is assigned by the compression multiplexing system (or multiplexing system) 210, and passes through a network switch system 215. 1 is provided to the user's IPTV terminal 20 through the multicast network described above. The IPTV terminal 20 of the user may store the portal screen and display the portal screen on the screen of the IPTV terminal 20 after booting. If the version of the stored portal screen is the older version than the portal screen version currently provided in the data broadcasting system 235, the latest version after booting can be downloaded and displayed to the user. If the version is updated after booting, And informs the user IPTV terminal 20 of the information so that the user can update the portal screen version.

The connection front end server 101 establishes and maintains a connection session with the IPTV communication client on the IPTV terminal 20. [ The IPTV communication client requests the above-mentioned terminal authentication to the personalized authentication server 225. The terminal authentication request may be performed at the time of selecting the IPTV communication service. Preferably, the terminal authentication is performed when the IPTV terminal is booted. It is good to ask. This is because after the main session is established by performing the authentication process, various notification messages from the IPTV communication service authentication system 500 can be received. When logged in after the terminal authentication process, a main session is established between the IPTV communication service authentication system 500 and the IPTV communication client of the IPTV terminal 20. Through such a main session, a service that does not require personal authentication becomes available. For example, when the IPTV communication service SMS service is implemented as a service that does not require personal authentication, SMS transmission and reception is possible in the main session state. In the case of services that require personal authentication, such as messenger service, among IPTV communication services, when the service is selected, a messenger session is established and the service is available when the user logs in after personal authentication from the PIN entered by the user. Become. The main session, the channel chat session, and the like are set and maintained by the connection front end server 101.

The connection distribution server 102 plays a role of connecting a specific IPTV terminal 20 to a server at a proper one of a plurality of connection front-end servers 101.1 to 101.N.

The authentication server 103 verifies the validity of the authentication key (Unique Key, UK) generated by the above-described personalization authentication server 225 and performs authentication. As described above, authentication using an IPTV terminal ID (SAID), that is, UK verification in terminal authentication may be performed, and when selecting an application service requiring personal authentication among IPTV communication services, a personal authentication input from a user UK verification in personal authentication using a Personal Identification Number (PIN) may be performed.

The application service system 110 performs each application service included in the IPTV communication service. The application service system 110 manages the login state using the SAID of the terminal during terminal authentication. However, when selecting an application service requiring personal authentication among the IPTV communication services, the application service system 110 also processes the login of the service user. You can manage the presence, that is, the connection state.

4 is a view showing the structure of the IPTV communication client 700 operated in the IPTV terminal 20 to implement the authentication method when using the IPTV communication service according to the present invention. The IPTV communication service authentication system 500 and the IPTV communication client are connected through an information communication network. As shown in FIG. 3, the information communication network includes an internet network and a multicast network.

The communication main module 710 is a module for controlling each service module of the IPTV communication client 700 after establishing a main session with the IPTV communication service authentication system 500. The communication main module 710 performs the terminal authentication process. The terminal authentication may be performed when the IPTV channel chat service is selected, but is preferably performed immediately after the IPTV terminal 20 is booted. This is because after the main session is established by performing the authentication process, various notification messages from the IPTV communication service authentication system 500 can be received. That is, as described above with reference to FIG. 3, a terminal authentication request is made to the personalized authentication server 225, and a login is requested after authentication passes by the authentication server 103, and the channel of the IPTV communication service authentication system 500 is logged in. The main session is established through the chat main system 100 and the access front end server 101. When the IPTV channel chat service is implemented as a service that does not require the input of a personal identification number (PIN), the IPTV channel chat service can be directly used only by setting up the main session. Meanwhile, when implementing the IPTV channel chat service as a personalized service requiring input of a PIN, when the user selects the IPTV channel chat service and inputs a PIN, the communication main module 710 personalizes the personal authentication. When the server 225 requests a login after the authentication server 103 passes the authentication, the user logs in through the channel chat main system 100 of the IPTV communication service authentication system 500 and the access front end server 101. The channel chat session will be established. This is a session set up and maintained for the channel chat service separately from the aforementioned main session.

If the IPTV channel chat service is implemented to require personal authentication as described above, the communication main module 710 performs terminal authentication and personal authentication to set up the communication main session and the channel chat session as well as the IPTV communication client 700 performs it. If the channel chat service module is driven and controlled, but it is implemented to require that only the main session is set by the terminal authentication of the IPTV terminal 20, the channel chat service module is immediately performed without personal authentication when the user selects the channel chat service. To drive and control. For example, the user may request a channel chat service from the IPTV terminal 20 through the remote controller 30 or the like. At this time, an observer module (not shown), which is a program module executed in the IPTV terminal 20, can recognize the inputted request, and the observer module can communicate with the communication main module 710 of the IPTV communication client 700 . In this way, the communication main module 710 drives the channel chat control unit 721 to start the channel chat service.

5 is a diagram illustrating an authentication process when using an IPTV communication service according to the present invention. Referring to FIG. 5, the IPTV terminal 20 requests authentication of a personalization authentication server (HDS) 225 and starts an authentication process (S501). Although not shown, the terminal authentication request is transmitted to the personalization authentication server 225 through the return path server system 220. The terminal authentication may be performed when the IPTV channel chat service is selected, but is preferably performed immediately after the IPTV terminal 20 is booted. This is because after the main session is established by performing the authentication process, various notification messages from the IPTV communication service authentication system 500 can be received. As described above with reference to FIG. 4, this is performed by the communication main module 710 of the IPTV communication client 700 performed in the IPTV terminal 20. The information included in the SAID request may include the SAID, which is the ID of the IPTV terminal, and application information. Since only the communication main module 710 is currently performed, the application information will be the IPTV communication service. The personalization authentication server 225 searches for existence of the SAID and the authentication key corresponding to the application information (Unique Key, UK), and returns the UK if it exists, (S502). ≪ / RTI > The IPTV communication client 700 of the IPTV terminal 20 requests connection connection server information to be connected to the connection distribution server 102 (S503). At this time, the access distribution server 102 may request a 'seed value' to encrypt the UK, SAID, etc. (S503). The connection distribution server 102 sends connection front-end server information to be connected to the IPTV communication client 700 (S504). If there is the 'seed value' request, the connection distribution server 102 may generate and send a 'seed value' S504). The IPTV communication client 700 generates a key that encrypts UK, SAID, etc. using the 'seed value', and performs the authentication on the channel chat main system 100 of the IPTV communication service authentication system 500. The authentication server 103 requests the authentication (S505), and the authentication server 103 verifies the received key value and sends the result to the IPTV communication client 700 (S506). When the authentication passes, the IPTV communication client 700 requests a login using the SAID (S507), and the access front end server 101 receives the login request to the presence server 107 again (S507). S508). The login result is sent to the IPTV communication client 700 via the access front end server 101 (S509, S510). If the login is passed, the connection front end is connected between the IPTV communication client 700 and the IPTV communication service authentication system 500. The main session for the communication service is established through the server 101. The main session is managed by SAID.

If the IPTV channel chat service is set to be serviced without personal authentication, it is possible to use the service only by selecting the channel chat service after the communication main session is established. That is, in this case, steps S511 to S521 to be described later are not necessary.

However, if the IPTV channel chat service is set to be serviced only after personal authentication, the user enters a personal identification number (PIN) and then goes through a personal authentication process when selecting a channel chat service. That is, in this case, when the user selects the IPTV channel chat service and inputs the PIN, the communication main module 710 requests the personalization authentication server 225 for personal authentication (S511). Although not shown, the personal authentication request is also transmitted to the personalization authentication server 225 through the return path server system 220. The information included in the personal authentication request includes a PIN input by the user together with the SAID and application information of the ID of the IPTV terminal. The personalization authentication server 225 searches whether the authentication key (Unique Key, UK) corresponding to the SAID, the application information, and the PIN exists, and if so, returns the UK, but if not, creates a new UK and generates an IPTV terminal. The UK is returned to (20) (S512). The IPTV communication client 700 generates a key encrypted with its UK or SAID and sends the key to the authentication server 103 for authentication (S513). The authentication server 103 verifies the received key value And sends the result to the IPTV communication client 700 (S514). The IPTV communication client 700 receives an ID and a password from the user when using the service for the first time (S515), requests authentication to the authentication server 103, and receives the result (S516, S517). The channel chat login request is requested through 101 (S518 and S519), and the presence server 107 sends the login result to the IPTV communication client 700 (S520 and S521). If the login passes, the channel chat service is enabled.

6 is a diagram illustrating an embodiment of a portal screen that can use various services provided by an IPTV system. A person who wants to use the IPTV communication service selects the IPTV communication service icon 602 on the portal screen 601 provided to the user's IPTV terminal 20, and will be described later with reference to FIG. 7 among the IPTV communication service 602. As shown, one of each application service 702 may be selected. The portal screen 601 is provided by a data broadcasting system (DBS) 235, is loaded on a channel assigned an IP in the compression multiplexing system (or multiplexing system) 210, and the network switch system 215. Through the multicast network described above in Figure 1 is provided to the user's IPTV terminal 20. The IPTV terminal 20 of the user may store the portal screen 601 and display it on the IPTV terminal 20 screen after booting. If the version of the stored portal screen is the older version than the portal screen version currently provided in the data broadcasting system 235, the latest version after booting can be downloaded and displayed to the user. If the version is updated after booting, And informs the user IPTV terminal 20 of the information so that the user can update the portal screen version.

7 is a diagram illustrating an embodiment of a screen for selecting one of each application service included in an IPTV communication service. When the IPTV communication service icon 602 is selected as described above with reference to FIG. 6, a communication service menu 701 provided by the IPTV service system is displayed on the screen, and one of the application services 702 included in the menu is displayed. You can select to use the service.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. It will be understood that various modifications and changes may be made without departing from the scope of the appended claims.

According to the present invention, in the user to use the service provided by the IPTV communication service system using the IPTV terminal connected to the IPTV network, the service can be used only by authentication of the terminal according to the characteristics of each application service, or In addition, there is an effect that enables a variety of authentication methods to use the service only after the user's personal authentication using the user's personal authentication number.

In addition, according to the present invention, when the terminal passes the authentication, it is possible to establish a main session for transmitting and receiving messages between the IPTV communication service system and the user's IPTV terminal, so that the user can manually receive the notification message, etc. immediately without a separate authentication process There is an effect that allows you to receive.

Claims (20)

An IPTV communication service authentication system for providing an IPTV communication service to an IPTV terminal and authenticating therefor, A data broadcasting system for generating portal screen data including information on an IPTV communication service; A return path server system connected to the IPTV terminal through a IPTV network through a return channel and transmitting and receiving bidirectional data with the IPTV terminal in a unicasting manner to provide an interactive IPTV communication service; Receiving an authentication request message for the IPTV communication service from an IPTV terminal using an IPTV network through the return pass server system, and generating an authentication key (Unique Key, UK) in response to the authentication request message, the return pass server. Personalization authentication server for transmitting to the IPTV terminal through a system; A communication main system in charge of performing authentication using the authentication key and performing an IPTV communication service; IPTV communication service authentication system comprising a. The method according to claim 1, A multiplexing system for multiplexing the portal screen data and the program specific information (PSI) received from the data broadcasting system, and outputting the multiplexed stream by IP packetizing; And A network switch system for transmitting an IP packetized signal received from the multiplexing system to an IPTV terminal through an IPTV network in a multicasting manner; IPTV communication service authentication system comprising a further. The method according to claim 1, The communication main system, It is connected to the IPTV terminal through the internet network, A connection front end server for establishing and maintaining an access session with the IPTV terminal through an IPTV communication client program (hereinafter referred to as an "IPTV communication client") in the IPTV terminal; An authentication server for performing authentication of the IPTV terminal or authentication of an IPTV communication service subscriber according to information received from an IPTV communication client; A subscriber information database storing information of an IPTV communication service subscriber for authentication; An application service system that performs each application service included in the IPTV communication service; IPTV communication service authentication system comprising a. The method of claim 3, The communication main system, An access distribution server which manages connection location information of the IPTV terminal and designates a connection front end server to be connected at the time of connection request of the IPTV terminal; IPTV communication service authentication system comprising a further. The method according to claim 1, The IPTV terminal, An IP set-top box, an IP set-top box connected to the service user's TV, a computer, a notebook, and a personal portable terminal IPTV communication service authentication system, characterized in that. The method of claim 2, The multiplexed stream output by IP packetizing by the multiplexing system is Streamed in MPEG2 Transport Stream (TS) IPTV communication service authentication system, characterized in that. The IPTV communication service authentication system communicates to an IPTV terminal of an IPTV communication service subscriber (hereinafter referred to as a subscriber) through an IPTV network by an IPTV communication client program (hereinafter referred to as an "IPTV communication client") performed inside the IPTV terminal. And to perform authentication for the provision of IPTV communication services, (a) receiving a terminal authentication request message from an IPTV terminal of a subscriber, transmitting and receiving a message for performing terminal authentication with the IPTV terminal, and performing a terminal authentication process; (b) if terminal authentication passes, establishing a main session for transmitting and receiving a message with the IPTV terminal when providing a service provided by terminal authentication only among IPTV communication services; (c) When a service that requires user's personal authentication is selected by the subscriber among the IPTV communication services (hereinafter referred to as 'personalization service'), when receiving a personal authentication request message from the IPTV terminal, the personal authentication is performed with the IPTV terminal. Transmitting and receiving a message for performing a personal authentication process; (d) establishing a service session for transmitting and receiving a message with the IPTV terminal when providing the personalized service if the personal authentication is passed; Authentication method for an IPTV communication service comprising a. The method of claim 7, The terminal authentication request from the IPTV terminal in step (a) What is performed when the IPTV terminal is booted Authentication method for an IPTV communication service characterized in that. The method of claim 7, The terminal authentication in the step (a) (a1) When the personalization authentication server of the IPTV communication service authentication system receives the terminal authentication request message including the ID (SAID) of the terminal from the IPTV terminal, the terminal authentication key corresponding to the SAID is generated and transmitted to the IPTV terminal. Making; (a2) when the communication main system of the IPTV communication service authentication system receives an authentication request including the SAID and the terminal authentication key from the IPTV terminal, performing authentication and transmitting a result to the IPTV terminal; (a3) when the communication main system of the IPTV communication service authentication system receives a login request from the IPTV terminal, performing a login and transmitting a result to the IPTV terminal; Authentication method for an IPTV communication service comprising a. The method of claim 7, Personal authentication of the step (c), (c1) The personalization authentication server of the IPTV communication service authentication system receives a personal authentication request message including an ID (SAID) of the terminal and a personal identification number (PIN) input from the subscriber from the IPTV terminal. Generating a personal authentication key corresponding to the SAID and the PIN and transmitting the generated personal authentication key to the IPTV terminal; (c2) when the communication main system of the IPTV communication service authentication system receives an authentication request including the SAID and the personal authentication key from the IPTV terminal, performing authentication and transmitting a result to the IPTV terminal; (c3) when the communication main system of the IPTV communication service authentication system receives a login request from the IPTV terminal, performing a login and transmitting a result to the IPTV terminal; Authentication method for an IPTV communication service comprising a. The method of claim 10, In the authentication request received in step (c2), Including the ID and password input from the subscriber Authentication method for an IPTV communication service characterized in that. An IPTV terminal is connected to an IPTV communication service authentication system and an IPTV network by an IPTV communication client program (hereinafter referred to as an "IPTV communication client") that is performed inside the terminal to provide IPTV service subscribers with IPTV service subscribers. A method for performing authentication for (a) requesting terminal authentication to the IPTV communication service authentication system, transmitting and receiving a message for performing terminal authentication, and performing terminal authentication; (b) forming a main session for transmitting / receiving a message with the IPTV communication service authentication system when providing a service provided only by terminal authentication among IPTV communication services when terminal authentication passes; (c) If a service that requires user's personal authentication is selected by the subscriber (hereinafter referred to as 'personalization service') of the IPTV communication service, a message for requesting personal authentication to the IPTV communication service authentication system to perform personal authentication Transmitting and receiving and performing personal authentication; (d) establishing a service session for transmitting / receiving a message with the IPTV communication service authentication system when providing the personalized service if the personal authentication passes; IPTV communication service authentication method of the IPTV terminal comprising a. The method of claim 12, The terminal authentication request from the IPTV terminal in step (a) What is performed when the IPTV terminal is booted IPTV communication service authentication method of the IPTV terminal, characterized in that. The method of claim 12, The terminal authentication process of step (a) (a1) transmitting a terminal authentication request message including an ID (SAID) of the IPTV terminal to a personalization authentication server of the IPTV communication service authentication system; (a2) if the terminal authentication key is received from the personalization authentication server of the IPTV communication service authentication system, transmitting an authentication request message including the received terminal authentication key and the SAID to the communication main system of the IPTV communication service authentication system; (a3) receiving a message indicating that authentication has passed from the channel chat main system of the IPTV communication service authentication system, sending a login request to the communication main system of the IPTV communication service authentication system and receiving a login result; IPTV communication service authentication method of the IPTV terminal comprising a. The method of claim 12, Personal authentication of the step (c), (c1) Provide a Personal Identification Number (PIN) input window on the IPTV terminal screen, and if a PIN is input from the specific subscriber, the personal authentication including the ID (SAID) of the IPTV terminal and the PIN input from the subscriber. Transmitting the request message to the personalization authentication server of the IPTV communication service authentication system; (c2) when receiving the personal authentication key from the personalization authentication server, transmitting an authentication request including the SAID and the personal authentication key to the communication main system of the IPTV communication service authentication system; (c3) receiving an authentication result from the communication main system of the IPTV communication service authentication system, and if the authentication passes, transmitting a login request to the communication main system of the IPTV communication service authentication system and receiving a login result; IPTV communication service authentication method of the IPTV terminal comprising a. 16. The method of claim 15, In the step (c2) the authentication request sent to the communication main system of the IPTV communication service authentication system, Including the ID and password input from the subscriber IPTV communication service authentication method of the IPTV terminal, characterized in that. A computer-readable recording medium having recorded thereon a program for executing an IPTV communication service in the IPTV terminal, providing an IPTV communication service while communicating with an IPTV communication service authentication system, and performing authentication for the provision of the IPTV communication service. In The method comprises: Controlling each module in the IPTV communication client to provide an IPTV communication service and performing an authentication process therefor, and setting up and managing a session for transmitting and receiving a message with the IPTV communication service authentication system; Performing an authentication process for providing an IPTV communication service; Performing an IPTV communication service; And a method of executing a computer readable recording medium. delete delete 18. The method of claim 17, Performing the authentication process, Sending a terminal authentication request message including an ID (SAID) of the IPTV terminal to the IPTV communication service authentication system, communicating with the IPTV communication service authentication system, and performing a terminal authentication process; In the case of services requiring personal authentication among IPTV communication services, a personal authentication request message including a personal identification number (PIN) received from the subscriber is sent to the IPTV communication service authentication system, and the IPTV communication service authentication system Communicating and performing a personal authentication process to provide a service. And a computer readable recording medium.

Images