WO2010011106A2 - Memory card-based conditional access system for mobile broadcast - Google Patents

Memory card-based conditional access system for mobile broadcast Download PDF

Info

Publication number
WO2010011106A2
WO2010011106A2 PCT/KR2009/004137 KR2009004137W WO2010011106A2 WO 2010011106 A2 WO2010011106 A2 WO 2010011106A2 KR 2009004137 W KR2009004137 W KR 2009004137W WO 2010011106 A2 WO2010011106 A2 WO 2010011106A2
Authority
WO
WIPO (PCT)
Prior art keywords
ltkm
stkm
key
cas
memory card
Prior art date
Application number
PCT/KR2009/004137
Other languages
French (fr)
Korean (ko)
Other versions
WO2010011106A3 (en
Inventor
이주화
이진영
이병성
Original Assignee
주식회사 드리머아이
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 드리머아이 filed Critical 주식회사 드리머아이
Publication of WO2010011106A2 publication Critical patent/WO2010011106A2/en
Publication of WO2010011106A3 publication Critical patent/WO2010011106A3/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4184External card to be used in combination with the client device, e.g. for conditional access providing storage capabilities, e.g. memory stick
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only

Definitions

  • the present invention relates to a memory card-based mobile broadcast reception restriction system, and more particularly, to a memory card-based mobile broadcast reception restriction system for processing a CAS service in a memory card.
  • Digital Video Broadcasting-Handheld (DVB-H) technology a European mobile TV standard, includes a reception restriction system that provides broadcast services only to subscribers who have the right to watch broadcast content, and OMA-BCAST SCP (Open Mobile Alliance-Mobile Broadcast). Provides CAS (Conditional Access System) service based on Sub Working Group Smart Card Profile.
  • the above-described DVB-H technology is a GBA performed between the Universal Integrated Circuit Card (UICC), which is a core security card used for mobile terminals of the 3rd Generation Partnership Project (3GPP) system, and the Bootstrapping Service Function / Home Subscriber System (BSF / HSS). It uses CK (Cipher Key) and IK (Integrity Key) generated through (Generic Bootstrapping Architecture).
  • UICC Universal Integrated Circuit Card
  • 3GPP 3rd Generation Partnership Project
  • BSF / HSS Home Subscriber System
  • CK Cipher Key
  • IK Intelligent Bootstrapping Architecture
  • the UICC and BSF / HSS of the mobile terminal share the shared key KS (Shared Key) generated by the concatenation of CK and IK. Done.
  • CAS service is supported by applying SEK (Service Encryption Key) or PEK (Program Encryption Key) generated in any way, and TEK (Traffic Encryption Key) generated in any way to MIKEY (Multimedia Internet KEYing) protocol.
  • SEK Service Encryption Key
  • PEK Program Encryption Key
  • TEK Traffic Encryption Key
  • GBA_ME ME-based GBA
  • GBA_U GBA with UICC-based enhancements
  • the CAS server derives the SMK using the shared key KS, generates the SEK / PEK in an arbitrary manner, and encrypts the Long-Term Key Massage (LTKM) including the SEK / PEK with the SMK. Then, it is transmitted to the CAS client through a broadcasting network or a mobile network, a TEK is generated in an arbitrary manner, the STKM (Short-Term Key Massage) including the TEK is encrypted by SEK, and transmitted to the CAS client through the broadcasting network.
  • the scrambled broadcast content is TEK and transmitted to the CAS client through the broadcast network.
  • the CAS client derives the SMK using the shared key KS received from the UICC, decrypts the LTKM received from the CAS server with the SMK, obtains the SEK, and decrypts the STKM received from the CAS server with the SEK to obtain the TEK. do. Then, by using TEK and descrambler, the broadcast content received from the CAS server is decoded to watch the broadcast.
  • the key (SMK, SEK / PEK, TEK) for viewing the encrypted broadcast content in the UICC and modifying the COCC (Card Operating System) of the UICC to perform message decryption
  • COCC Card Operating System
  • the present invention has been made to solve the above-described problem, and is a memory card that enables decryption of a key (SMK, SEK / PEK, TEK) and message for viewing encrypted broadcast content including a GBA in a memory card.
  • the purpose of the present invention is to provide a mobile broadcast reception restriction system.
  • Another object of the present invention is to perform a GBA based on the UICC, the key (SMK, SEK / PEK, TEK) and message decryption for viewing the encrypted broadcast content can be performed in the memory card based
  • the present invention provides a mobile broadcast reception restriction system.
  • Still another object of the present invention is a memory card mounted on a CAS server and a CAS client to perform AKA by directly interworking through a bidirectional network, and a key (SMK, SEK / PEK, TEK) and a message for viewing encrypted broadcast content.
  • the present invention provides a memory card-based mobile broadcast reception limiting system capable of decoding.
  • a memory card-based mobile broadcast reception restriction system comprising: a Key Management System Device Agent (KDA) interface unit for receiving LTKM and STKM from a CAS server; A memory card for performing a GBA through the KDA interface unit and decoding the LTKM and STKM received from the KDA interface unit to obtain a TEK required for CAS service operation; And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card, wherein the memory card performs BSF / HSS and GBA through the KDA interface unit.
  • KDA Key Management System Device Agent
  • a GBA execution unit for inducing SMK using the shared key KS generated by performing GBA;
  • An LTKM analysis and decoding unit for decoding the LTKM received from the KDA interface unit into the SMK and then obtaining the SEK from the LTKM;
  • SAC Secure Authenticated Channel
  • a memory card-based mobile broadcast reception limiting system comprising: a UICC for performing a BSF / HSS and a GBA through a mobile network and storing a shared key KS generated by performing a GBA; A KDA interface unit for inducing an SMK using the shared key KS received from the UICC and receiving LTKM and STKM from a CAS server; A memory card for decoding the LTKM and STKM received from the KDA interface unit to obtain a TEK required for CAS service operation; And a descrambler configured to descramble the broadcast content transmitted from the CAS server using the TEK received from the memory card, wherein the memory card includes the LTKM received from the KDA interface unit.
  • An LTKM analysis and decoding unit for decoding the SMK received from the LTKM and obtaining the SEK from the LTKM; After decoding the STKM received from the KDA interface unit to the SEK, it is preferable to include a STKM analysis and decoding unit for obtaining the TEK from the STKM, and securely delivers the TEK to the descrambler through the SAC.
  • KDA interface unit for receiving the LTKM and STKM from the CAS server; A memory card interworking with the CAS server directly through the KDA interface unit to perform AKA (Authentication and Key Agreement), and decoding the LTKM and STKM received from the KDA interface unit to obtain a TEK required for CAS service operation; And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card, wherein the memory card is shared with a shared key K previously issued with the CAS server.
  • AKA Authentication and Key Agreement
  • An AKA performing unit performing AKA with the CAS server through the KDA interface unit using any one of key pairs Puk / Prk, and inducing SMK using the shared key KS generated by performing AKA;
  • An LTKM analysis and decoding unit for decoding the LTKM received from the KDA interface unit into the SMK and then obtaining the SEK from the LTKM;
  • After decoding the STKM received from the KDA interface unit to the SEK it is preferable to include a STKM analysis and decoding unit for obtaining the TEK from the STKM, and securely delivers the TEK to the descrambler through the SAC.
  • the memory card-based mobile broadcast reception restriction system of the present invention it is possible to ensure the secure management of the keys (SMK, SEK / PEK, TEK) by performing all the CAS services including the GBA in the memory card .
  • the GBA is performed using the UICC, and the CAS service is performed in the memory card, so that the mobile terminal equipped with the existing UICC can be provided with the broadcast service only by inserting the memory card.
  • the memory card mounted on the CAS server and the CAS client performs AKA by directly interworking through a bidirectional network, and then performs CAS service, thereby eliminating the need to perform a complex GBA based on the UICC depending on the carrier.
  • the memory card installed in the CAS client performs AKA by directly interworking with the CAS server through the two-way network, thus enhancing the stability of the security of broadcasting services that are not linked to the mobile network, such as IPTV. Will be.
  • FIG. 1 is a view schematically showing the configuration of a mobile broadcasting system according to the prior art.
  • FIG. 2 is a view showing an example of the structure of the LTKM applied to the present invention.
  • FIG. 3 is a view showing an example of the structure of the STKM applied to the present invention.
  • FIG. 4 is a diagram schematically illustrating a configuration of a memory card based mobile broadcast reception restriction system according to an embodiment of the present invention.
  • FIG. 5 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention.
  • FIG. 6 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention.
  • SD Secure Digital
  • smart card function added xD card a case where a SD (Secure Digital) card to which a smart card function is added is used as a memory card.
  • SDHC Secure Digital High Capacity
  • smart card function added xD card a case where a smart card function is added.
  • the added CF (Compact Flash) card, smart card function added xD card, etc. can be implemented in various ways.
  • FIG. 2 is a diagram illustrating a structure of a long-term key message (LTKM) applied to the present invention
  • the device type of the header field of the LTKM value can be set so that the SD card is selected
  • SIO Serial Input Output
  • SDIO Secure Digital Input Output
  • STKM short-term key message
  • FIG. 4 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to an embodiment of the present invention.
  • the CAS server 100 generates a subscriber management key (SMK) derivation unit 110, a service encryption key (SEK) generation unit 120, an LTKM encryption and transmission unit 130, and a TEK (Traffic Encryption Key) generation.
  • the SMK induction unit 110 requests and stores the shared key KS shared by the CAS client 200 and the BSF / HSS 300 through the GBA to the BSF / HSS 300, and is stored therein. Induce SMK using shared key KS.
  • SEK generation unit 120 generates the SEK by using any random number generation method.
  • the LTKM encryption and transmission unit 130 encrypts the LTKM including the SEK generated by the SEK generation unit 120 with the SMK received from the SMK derivation unit 110, and stores the LTKM encrypted with the SMK through a broadcasting network or a mobile network. Send to client 200.
  • LTKM including SEK is generated through the MIKEY protocol.
  • the TEK generator 140 generates a TEK using an arbitrary random number generation method.
  • the STKM encryption and transmission unit 150 encrypts the STKM including the TEK generated by the TEK generation unit 140 with the SEK received from the SEK generation unit 120, and converts the STKM encrypted by the SEK through the broadcasting network to the CAS client ( 200).
  • the STKM including the TEK is generated through the MIKEY protocol.
  • the scrambler 160 scrambles the broadcast content to be transmitted to the CAS client 200 with the TEK received from the TEK generation unit 140 and transmits the scrambler 160 to the CAS client 200.
  • the CAS client 200 may include a key management system device agent (KDA) interface unit 210, an SD card 220, and a descrambler 230.
  • KDA key management system device agent
  • the KDA interface unit 210 receives the LTKM transmitted by the CAS server 100 through a broadcasting network or a mobile network, and receives the STKM transmitted by the CAS server 100 through a broadcasting network.
  • the KDA interface unit 210 checks the value set in the device type of the header field of the LTKM and STKM received from the CAS server 100 and the value set in the SIO type, so that the LTKM and STKM are the SD card ( If it is set to be transmitted to 220, LTKM and STKM is transferred to the SD card (220).
  • the SD card 220 includes a GBA performing unit 221, an LTKM analyzing and decoding unit 222, and an STKM analyzing and decoding unit 223.
  • the GBA execution unit 221 performs a GBA by attempting a GBA to the BSF / HSS 300 through the KDA interface unit 210 by using an AKA applet and a crypto engine.
  • the SMK is derived using the shared key KS generated by performing the GBA.
  • the LTKM analysis and decryption unit 222 receives the LTKM from the KDA interface unit 210 through the SIO port of the SD card 220, the LTKM GBA is obtained using the Key Management System (KMS) applet and the encryption engine 224. After decoding the SMK received from the execution unit 221, the decoded LTKM is analyzed to obtain the SEK from the LTKM.
  • KMS Key Management System
  • the STKM analysis and decryption unit 223 receives the STKM from the KDA interface 210 through the SIO port of the SD card 220, the LTKM analysis and decryption unit STKM using the KMS applet and the encryption engine 224 ( After decoding with the SEK received from 222, the decoded STKM is analyzed to obtain TEK from the STKM.
  • the STKM analysis and decryption unit 223 safely transmits the TEK to the descrambler 230 using the SAC applet including the SAC protocol.
  • the file system 225 uses the shared key KS and SMK obtained through the GBA execution unit 221 and the TEK obtained through the SEK, STKM analysis and decryption unit 223 obtained through the analysis and decryption unit 222. Store it in the memory area, and if a new key is received, update using the newly received key.
  • the descrambler 230 descrambles the broadcast content received from the CAS server 100 using the TEK received from the STKM analyzer and decoder 223.
  • FIG. 5 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention.
  • the CAS server 100 applied to another embodiment of the present invention has the same configuration and operation as the CAS server 100 applied in one embodiment, the same reference numerals will be given and the description thereof will be omitted.
  • the CAS client 400 includes a UICC 410, a KDA interface 420, an SD card 430, and a descrambler 440.
  • the UICC 410 performs a GBA with the BSF / HSS 300 through the mobile network, and stores the shared key KS generated by performing the GBA.
  • the KDA interface unit 420 derives an SMK using the shared key KS received from the UICC 410 and transmits the SMK to the SD card 430, and receives the LTKM transmitted by the CAS server 100 through a broadcasting network or a mobile network.
  • the CAS server 100 receives the STKM transmitted through the broadcasting network.
  • the KDA interface unit 420 checks the value set in the device type of the header field of the LTKM and STKM received from the CAS server 100 and the value set in the SIO type so that the LTKM and STKM may be the SD card 430. If it is set to be delivered to), and receives the received LTKM and STKM to the SD card (430).
  • the SD card 430 includes an LTKM analysis and decoding unit 431 and an STKM analysis and decoding unit 432.
  • the LTKM analysis and decryption unit 431 receives the LTKM from the KDA interface unit 420 through the SIO port of the SD card 430, the LTKM is analyzed using the KMS applet and the encryption engine 433. After decoding with the SMK received from the KDA interface unit 420, the decoded LTKM is analyzed to obtain the SEK from the LTKM.
  • the STKM analysis and decryption unit 432 receives the STKM from the KDA interface unit 420 through the SIO port of the SD card 430, the LTKM analysis and decryption unit STKM using the KMS applet and the encryption engine 433 ( After decoding by the SEK received from 431, the decoded STKM is analyzed to obtain a TEK from the STKM.
  • the STKM analysis and decryption unit 432 safely transmits the TEK to the descrambler 440 using the SAC applet including the SAC protocol.
  • the file system 434 stores the SMK obtained through the KDA interface unit 420 and the TEK obtained through the SEK, STKM analyzing and decoding unit 432 acquired through the LTKM analyzing and decoding unit 431 in a memory area. If a new key is received, update is performed using the newly received key.
  • the descrambler 440 descrambles the broadcast content received from the CAS server 100 using the TEK received from the STKM analyzer and decoder 432.
  • FIG. 6 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention.
  • the CAS server 500 includes an AKA performer 510, an SEK generator 520, an LTKM encryption and transmitter 530, a TEK generator 540, and an STKM encryption and transmitter 550. And a scrambler 560.
  • the AKA execution unit 510 uses the shared key K and the random number issued together with the CAS client 600 from the key issuing system (not shown) when the CAS client 600 subscribes to the mobile broadcasting service.
  • the SD card 430 mounted in the CAS client 600 in a manner of generating a one-time password (OTP)
  • OTP one-time password
  • the AKA execution unit 510 may generate a random number and a public key pair Puk / Prk issued together with the CAS client 600 from a key issuing system (not shown) when the CAS client 600 subscribes to the mobile broadcasting service. In this manner, the AKA is performed with the SD card 430 mounted on the CAS client 600, and the SMK is derived using the shared key KS generated by performing the AKA.
  • the public key pair Puk / Prk is issued from the key issuing system of the CAS service subscriber, not the mobile communication provider.
  • the SEK generator 520 generates the SEK using any random number generation scheme.
  • the LTKM encryption and transmission unit 530 encrypts the LTKM including the SEK generated by the SEK generation unit 520 with the SMK received from the AKA execution unit 510 and transmits the LTKM encrypted with the SMK through a broadcasting network or a bidirectional network. Send to the CAS client 600.
  • LTKM including SEK is generated through the MIKEY protocol.
  • the TEK generator 540 generates the TEK by using an arbitrary random number generation method.
  • the STKM encryption and transmission unit 550 encrypts the STKM including the TEK generated by the TEK generation unit 540 with the SEK received from the SEK generation unit 520, and converts the STKM encrypted with the SEK through the broadcasting network to the CAS client ( 600).
  • the STKM including the TEK is generated through the MIKEY protocol.
  • the scrambler 560 scrambles the broadcast content to be transmitted to the CAS client 600 to the TEK received from the TEK generation unit 540 and transmits the scrambler to the CAS client 600.
  • the CAS client 600 includes a KDA interface unit 610, an SD card 620, and a descrambler 630.
  • the KDA interface unit 610 receives the LTKM transmitted by the CAS server 500 through the broadcasting network or the bidirectional network, and receives the STKM transmitted by the CAS server 500 through the broadcasting network.
  • the KDA interface unit 610 checks the value set in the device type of the header field of the LTKM and STKM received from the CAS server 500 and the value set in the SIO type, so that the LTKM and STKM are the SD card ( If set to 620, LTKM and STKM are transferred to SD card 620.
  • the SD card 620 includes an AKA performer 621, an LTKM analyzer and decoder 622, and an STKM analyzer and decoder 623.
  • the AKA execution unit 621 may use the shared key K or public key issued together with the CAS server 500 from a key issuing system (not shown).
  • AKA is performed by directly interworking with the AKA performing unit 621 of the CAS server 500 through the KDA interface unit 610 using the pair Puk / Prk, and SMK is generated using the shared key KS generated by performing the AKA. Induce.
  • the AKA execution unit 621 performs LTKM using the KMS applet and the encryption engine 624. After decoding with the SMK received from the decoded LTKM is analyzed to obtain the SEK from the LTKM.
  • the STKM analysis and decryption unit 623 receives the STKM from the KDA interface unit 610 through the SIO port of the SD card 620, the LTKM analysis and decryption unit STKM using the KMS applet and the encryption engine 624 ( After decoding by the SEK received from 622, the decoded STKM is analyzed to obtain a TEK from the STKM.
  • the STKM analysis and decryption unit 623 safely transmits the TEK to the descrambler 630 using the SAC applet including the SAC protocol.
  • the file system 625 is a shared key K and a public key pair Puk / Prk issued together with the CAS server 500, and a shared key KS and SMK, LTKM analysis and decryption unit 622 obtained through the AKA performing unit 621.
  • the TEK acquired through the SEK, STKM analysis and decryption unit 623 obtained through the EK is stored in the memory area, and when a new key is received, the update is performed using the newly received key.
  • the descrambler 630 descrambles the broadcast content received from the CAS server 500 using the TEK received from the STKM analyzer and decoder 623.
  • the memory card-based mobile broadcast reception limiting system of the present invention is not limited to the above-described embodiments, and may be modified in various ways within the scope of the technical idea of the present invention.
  • the present invention relates to a memory card based mobile broadcast reception restriction system that enables a memory card to process a CAS service.
  • the memory card-based mobile broadcast reception restriction system of the present invention it is possible to ensure the secure management of the key (SMK, SEK / PEK, TEK) by performing all the CAS services including the GBA in the memory card .

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Telephone Function (AREA)

Abstract

The present invention relates to a memory card-based conditional access system (CAS) for mobile broadcasts that enables CAS services to be handled in the memory card. To this end, the present invention executes the generic bootstrapping architecture (GBA) between the CAS client and the bootstrapping service function/home subscriber system (BSF/HSS) in the memory card loaded in the CAS client so that the memory card loaded in the CAS client shares a shared key (KS) with the BSF/HSS. In addition, a long-term key message (LTKM) received from the CAS server is encrypted with a subscriber management key (SMK) induced from the KS to obtain a service encryption key (SEK) (or program encryption key (PEK)) to provide a traffic encryption key (TEK), and it is preferable that safe delivery to the descrambler of the TEK thus obtained be effected in the memory card.  The present invention executes the decryption of the keys (SMK, SEK/PEK, TEK) and messages, including GBA, required to view the encrypted contents, within the memory card, thereby ensuring safe management of the keys (SMK, SEK/PEK, TEK).

Description

메모리 카드 기반의 모바일 방송 수신 제한 시스템Memory card based mobile broadcast reception restriction system
본 발명은 메모리 카드 기반의 모바일 방송 수신 제한 시스템에 관한 것으로서, 특히 메모리 카드에서 CAS 서비스를 처리할 수 있도록 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템에 관한 것이다.The present invention relates to a memory card-based mobile broadcast reception restriction system, and more particularly, to a memory card-based mobile broadcast reception restriction system for processing a CAS service in a memory card.
유럽 모바일 TV 표준인 DVB-H(Digital Video Broadcasting-Handheld) 기술은 방송 컨텐츠를 방송 시청 권한을 가진 가입자에게만 방송 서비스를 제공하는 수신 제한 시스템을 포함하며, OMA-BCAST SCP(Open Mobile Alliance-Mobile Broadcast Sub Working Group Smart Card Profile)를 토대로 CAS(Conditional Access System) 서비스를 제공한다.Digital Video Broadcasting-Handheld (DVB-H) technology, a European mobile TV standard, includes a reception restriction system that provides broadcast services only to subscribers who have the right to watch broadcast content, and OMA-BCAST SCP (Open Mobile Alliance-Mobile Broadcast). Provides CAS (Conditional Access System) service based on Sub Working Group Smart Card Profile.
전술한 DVB-H 기술은 3GPP(The 3rd Generation Partnership Project) 시스템의 모바일 단말기에 사용되는 핵심 보안 카드인 UICC(Universal Integrated Circuit Card)와 BSF/HSS(Bootstrapping Service Function/Home Subscriber System) 간에 수행되는 GBA(Generic Bootstrapping Architecture)를 통하여 생성된 CK(Cipher Key)와 IK(Integrity Key)를 사용하게 된다.The above-described DVB-H technology is a GBA performed between the Universal Integrated Circuit Card (UICC), which is a core security card used for mobile terminals of the 3rd Generation Partnership Project (3GPP) system, and the Bootstrapping Service Function / Home Subscriber System (BSF / HSS). It uses CK (Cipher Key) and IK (Integrity Key) generated through (Generic Bootstrapping Architecture).
즉, 모바일망에서의 애플리케이션 실행을 위해 모바일 단말기와 BSF/HSS 간에 수행되는 GBA를 통해, 모바일 단말기의 UICC와 BSF/HSS는 CK와 IK의 연접으로 생성된 공유키 KS(Shared Key)를 서로 공유하게 된다. 이 때, CAS 서버는 BSF/HSS로 저장하고 있는 공유키 KS(=CK∥IK)를 요청하여 안전하게 전송받고, BSF/HSS로부터 전송받은 공유키 KS를 이용하여 유도된 SMK(Subscriber Management Key)와 임의의 방식으로 생성된 SEK(Service Encryption Key) 혹은 PEK(Program Encryption Key), 그리고 임의의 방식으로 생성된 TEK(Traffic Encryption Key)를 MIKEY(Multimedia Internet KEYing) 프로토콜에 적용하여 CAS 서비스를 지원한다.That is, through the GBA performed between the mobile terminal and the BSF / HSS to execute an application in the mobile network, the UICC and BSF / HSS of the mobile terminal share the shared key KS (Shared Key) generated by the concatenation of CK and IK. Done. At this time, the CAS server requests the shared key KS (= CK∥IK) stored in the BSF / HSS to be transmitted securely, and the SMK (Subscriber Management Key) derived from the shared key KS received from the BSF / HSS. CAS service is supported by applying SEK (Service Encryption Key) or PEK (Program Encryption Key) generated in any way, and TEK (Traffic Encryption Key) generated in any way to MIKEY (Multimedia Internet KEYing) protocol.
방송 서비스를 제공하는 CAS 서버와 UICC가 탑재된 CAS 클라이언트 사이에 공유키 KS를 이용하여 키를 유도하는 방법으로 GBA_ME(ME-based GBA), GBA_U(GBA with UICC-based enhancements)를 OMA-BCAST 표준문서에서 제안하고 있다.GBA_ME (ME-based GBA) and GBA_U (GBA with UICC-based enhancements) are a method of deriving a key using a shared key KS between a CAS server providing a broadcasting service and a CAS client equipped with UICC. The document suggests.
도 1은 종래 기술에 따른 모바일 방송 시스템의 구성을 개략적으로 보인 도이다. CAS 서버는 공유키 KS를 이용하여 SMK를 유도하고, 임의의 방식으로 SEK/PEK를 생성하고, SEK/PEK를 포함하는 LTKM(Long-Term Key Massage)을 SMK로 암호화한다. 그리고 이를 방송망 혹은 모바일망을 통해 CAS 클라이언트로 전송하고, 임의의 방식으로 TEK를 생성하고, TEK를 포함하는 STKM(Short-Term Key Massage)을 SEK로 암호화하여, 이를 방송망을 통해 CAS 클라이언트로 전송하며, 방송 컨텐츠를 TEK로 스크램블링하여, 이를 방송망을 통해 CAS 클라이언트로 전송한다.1 is a view schematically showing the configuration of a mobile broadcasting system according to the prior art. The CAS server derives the SMK using the shared key KS, generates the SEK / PEK in an arbitrary manner, and encrypts the Long-Term Key Massage (LTKM) including the SEK / PEK with the SMK. Then, it is transmitted to the CAS client through a broadcasting network or a mobile network, a TEK is generated in an arbitrary manner, the STKM (Short-Term Key Massage) including the TEK is encrypted by SEK, and transmitted to the CAS client through the broadcasting network. The scrambled broadcast content is TEK and transmitted to the CAS client through the broadcast network.
한편, CAS 클라이언트는 UICC로부터 전달받은 공유키 KS를 이용하여 SMK를 유도하고, CAS 서버로부터 전송받은 LTKM을 SMK로 복호화하여 SEK를 획득하고, CAS 서버로부터 전송받은 STKM을 SEK로 복호화하여 TEK를 획득한다. 그리고 TEK와 디스크램블러(Descrambler)를 이용하여, CAS 서버로부터 전송받은 방송 컨텐츠를 복호화하여 방송을 시청한다.Meanwhile, the CAS client derives the SMK using the shared key KS received from the UICC, decrypts the LTKM received from the CAS server with the SMK, obtains the SEK, and decrypts the STKM received from the CAS server with the SEK to obtain the TEK. do. Then, by using TEK and descrambler, the broadcast content received from the CAS server is decoded to watch the broadcast.
그러나, 전술한 바와 같은 UICC를 기반으로 GBA_ME 또는 GBA_U를 수행하여 공유키 KS를 유도하는 경우, GBA_ME/GBA_U의 인증 및 키 일치 동작을 수행한 후, 실제 암호화된 방송 컨텐츠를 시청하기 위한 키(SMK, SEK/PEK, TEK) 및 메시지 복호화를 UICC에서 수행하지 않고 모바일 단말기에서 처리하므로, 키(SMK, SEK/PEK, TEK)가 노출될 가능성이 있어 키에 대한 안전한 관리가 보장되기 어렵다는 문제점이 발생하게 된다.However, when inducing the shared key KS by performing GBA_ME or GBA_U based on the UICC described above, after performing authentication and key matching operations of GBA_ME / GBA_U, a key for viewing the actual encrypted broadcast content (SMK , SEK / PEK, TEK) and message decryption are handled by the mobile terminal rather than by the UICC, so the key (SMK, SEK / PEK, TEK) may be exposed, making it difficult to secure key management. Done.
그리고 전술한 문제점을 해결하기 위해, UICC 내에서 암호화된 방송 컨텐츠를 시청하기 위한 키(SMK, SEK/PEK, TEK) 및 메시지 복호화를 수행할 수 있도록 UICC의 COS(Card Operating System)를 수정하게 되는 경우에는, 수정된 COS가 탑재된 UICC를 새로 구매해서 방송 서비스를 받아야 하고, 기존 제품 사용 고객은 기존 UICC를 수정된 UICC로 교체하지 않는 한 방송 서비스를 제공받을 수 없게 되는 문제점이 있다.In order to solve the above problem, the key (SMK, SEK / PEK, TEK) for viewing the encrypted broadcast content in the UICC and modifying the COCC (Card Operating System) of the UICC to perform message decryption In this case, a new purchase of a UICC with a modified COS is required to receive a broadcast service, and a customer using an existing product cannot receive a broadcast service unless the existing UICC is replaced with a modified UICC.
또한, 전술한 바와 같이 UICC 내에서 암호화된 방송 컨텐츠를 시청하기 위한 키(SMK, SEK/PEK, TEK) 및 메시지 복호화를 수행할 수 있도록 UICC의 COS(Card Operating System)을 수정하게 되는 경우에도 통신 사업자에 종속된 UICC를 사용하므로, UICC 기반의 복잡한 GBA를 수행해야 하는 문제점이 있다.In addition, as described above, even when the key (SMK, SEK / PEK, TEK) for viewing the broadcast content encrypted in the UICC and the message operating system (COS) of the UICC is modified to perform message decryption. There is a problem in that a complex GBA based on UICC needs to be performed because a UICC that is dependent on a provider is used.
본 발명은 전술한 문제점을 해결하기 위해 안출된 것으로서, GBA를 비롯하여 암호화된 방송 컨텐츠를 시청하기 위한 키(SMK, SEK/PEK, TEK) 및 메시지 복호화를 메모리 카드 내에서 수행할 수 있도록 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템을 제공함에 그 목적이 있다.DISCLOSURE OF THE INVENTION The present invention has been made to solve the above-described problem, and is a memory card that enables decryption of a key (SMK, SEK / PEK, TEK) and message for viewing encrypted broadcast content including a GBA in a memory card. The purpose of the present invention is to provide a mobile broadcast reception restriction system.
본 발명의 다른 목적은 UICC를 기반으로 GBA를 수행하고, 암호화된 방송 컨텐츠를 시청하기 위한 키(SMK, SEK/PEK, TEK) 및 메시지 복호화는 메모리 카드 내에서 수행할 수 있도록 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템을 제공함에 있다.Another object of the present invention is to perform a GBA based on the UICC, the key (SMK, SEK / PEK, TEK) and message decryption for viewing the encrypted broadcast content can be performed in the memory card based The present invention provides a mobile broadcast reception restriction system.
본 발명의 또 다른 목적은 CAS 서버와 CAS 클라이언트에 탑재된 메모리 카드가 양방향망을 통해 직접 연동하여 AKA를 수행하고, 암호화된 방송 컨텐츠를 시청하기 위한 키(SMK, SEK/PEK, TEK) 및 메시지 복호화를 수행할 수 있도록 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템을 제공함에 있다.Still another object of the present invention is a memory card mounted on a CAS server and a CAS client to perform AKA by directly interworking through a bidirectional network, and a key (SMK, SEK / PEK, TEK) and a message for viewing encrypted broadcast content. The present invention provides a memory card-based mobile broadcast reception limiting system capable of decoding.
전술한 목적을 달성하기 위한 본 발명의 일 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템은, CAS 서버로부터 LTKM과 STKM을 수신하는 KDA(Key management system Device Agent) 인터페이스부와; 상기 KDA 인터페이스부를 통해 GBA를 수행하고, 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK를 획득하는 메모리 카드와; 상기 CAS 서버로부터 전송받은 방송 컨텐츠를 상기 메모리 카드로부터 전달받은 상기 TEK를 이용하여 디스크램블링하는 디스크램블러를 포함하여 이루어지되, 상기 메모리 카드는, 상기 KDA 인터페이스부를 통해 BSF/HSS와 GBA를 수행하고, GBA를 수행하여 생성된 공유키 KS를 이용하여 SMK를 유도하는 GBA 수행부와; 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK를 획득하는 LTKM 분석 및 복호화부와; 상기 KDA 인터페이스부로부터 전달받은 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 것이 바람직하다.According to an aspect of the present invention, there is provided a memory card-based mobile broadcast reception restriction system, comprising: a Key Management System Device Agent (KDA) interface unit for receiving LTKM and STKM from a CAS server; A memory card for performing a GBA through the KDA interface unit and decoding the LTKM and STKM received from the KDA interface unit to obtain a TEK required for CAS service operation; And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card, wherein the memory card performs BSF / HSS and GBA through the KDA interface unit. A GBA execution unit for inducing SMK using the shared key KS generated by performing GBA; An LTKM analysis and decoding unit for decoding the LTKM received from the KDA interface unit into the SMK and then obtaining the SEK from the LTKM; Decode the STKM received from the KDA interface unit to the SEK, obtain the TEK from the STKM, and includes a STKM analysis and decryption unit for securely delivering the TEK to the descrambler through the Secure Authenticated Channel (SAC) It is preferable to make.
본 발명의 다른 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템은, 모바일망을 통해 BSF/HSS와 GBA를 수행하고, GBA를 수행하여 생성된 공유키 KS를 저장하고 있는 UICC와; 상기 UICC로부터 전달받은 상기 공유키 KS를 이용하여 SMK를 유도하고, CAS 서버로부터 LTKM과 STKM을 수신하는 KDA 인터페이스부와; 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK를 획득하는 메모리 카드와; 상기 CAS 서버로부터 전송받은 방송 컨텐츠를 상기 메모리 카드로부터 전달받은 상기 TEK를 이용하여 디스크램블링하는 디스크램블러를 포함하여 이루어지되, 상기 메모리 카드는, 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM을 상기 KDA 인터페이스부로부터 전달받은 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK를 획득하는 LTKM 분석 및 복호화부와; 상기 KDA 인터페이스부로부터 전달받은 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC을 통해 상기 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 것이 바람직하다.In accordance with another aspect of the present invention, there is provided a memory card-based mobile broadcast reception limiting system comprising: a UICC for performing a BSF / HSS and a GBA through a mobile network and storing a shared key KS generated by performing a GBA; A KDA interface unit for inducing an SMK using the shared key KS received from the UICC and receiving LTKM and STKM from a CAS server; A memory card for decoding the LTKM and STKM received from the KDA interface unit to obtain a TEK required for CAS service operation; And a descrambler configured to descramble the broadcast content transmitted from the CAS server using the TEK received from the memory card, wherein the memory card includes the LTKM received from the KDA interface unit. An LTKM analysis and decoding unit for decoding the SMK received from the LTKM and obtaining the SEK from the LTKM; After decoding the STKM received from the KDA interface unit to the SEK, it is preferable to include a STKM analysis and decoding unit for obtaining the TEK from the STKM, and securely delivers the TEK to the descrambler through the SAC.
본 발명의 또 다른 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템은, CAS 서버로부터 LTKM과 STKM을 수신하는 KDA 인터페이스부와; 상기 KDA 인터페이스부를 통해 상기 CAS 서버와 직접 연동하여 AKA(Authentication and Key Agreement)를 수행하고, 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK를 획득하는 메모리 카드와; 상기 CAS 서버로부터 전송받은 방송 컨텐츠를 상기 메모리 카드로부터 전달받은 상기 TEK를 이용하여 디스크램블링하는 디스크램블러를 포함하여 이루어지되, 상기 메모리 카드는, 사전에 상기 CAS 서버와 함께 발급받은 공유키 K와 공개키 쌍 Puk/Prk 중에서 어느 하나를 이용하여 상기 KDA 인터페이스부를 통해 상기 CAS 서버와 AKA를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK를 유도하는 AKA 수행부와; 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK를 획득하는 LTKM 분석 및 복호화부와; 상기 KDA 인터페이스부로부터 전달받은 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC을 통해 상기 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 것이 바람직하다.Memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention, KDA interface unit for receiving the LTKM and STKM from the CAS server; A memory card interworking with the CAS server directly through the KDA interface unit to perform AKA (Authentication and Key Agreement), and decoding the LTKM and STKM received from the KDA interface unit to obtain a TEK required for CAS service operation; And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card, wherein the memory card is shared with a shared key K previously issued with the CAS server. An AKA performing unit performing AKA with the CAS server through the KDA interface unit using any one of key pairs Puk / Prk, and inducing SMK using the shared key KS generated by performing AKA; An LTKM analysis and decoding unit for decoding the LTKM received from the KDA interface unit into the SMK and then obtaining the SEK from the LTKM; After decoding the STKM received from the KDA interface unit to the SEK, it is preferable to include a STKM analysis and decoding unit for obtaining the TEK from the STKM, and securely delivers the TEK to the descrambler through the SAC.
본 발명의 메모리 카드 기반의 모바일 방송 수신 제한 시스템에 따르면, GBA를 비롯하여 CAS 서비스를 모두 메모리 카드 내에서 수행하게 함으로써, 키(SMK, SEK/PEK, TEK)에 대한 안전한 관리를 보장할 수 있게 된다.According to the memory card-based mobile broadcast reception restriction system of the present invention, it is possible to ensure the secure management of the keys (SMK, SEK / PEK, TEK) by performing all the CAS services including the GBA in the memory card .
그리고, GBA는 UICC를 이용하여 수행하고, CAS 서비스는 메모리 카드 내에서 수행하게 함으로써, 기존 UICC를 탑재한 모바일 단말기도 메모리 카드만 삽입하게 되면 방송 서비스를 제공받을 수 있게 된다.In addition, the GBA is performed using the UICC, and the CAS service is performed in the memory card, so that the mobile terminal equipped with the existing UICC can be provided with the broadcast service only by inserting the memory card.
그리고, CAS 서버와 CAS 클라이언트에 탑재된 메모리 카드가 양방향망을 통해 직접 연동하여 AKA를 수행한 후, CAS 서비스를 수행하게 함으로써, 통신 사업자에 종속된 UICC 기반의 복잡한 GBA를 수행하지 않아도 되며, 모바일망에서만 구현되는 GBA 처리 절차 대신 CAS 클라이언트에 탑재된 메모리 카드가 CAS 서버와 양방향망을 통해 직접 연동하여 AKA를 수행하므로, IPTV 등과 같이 모바일망과 연계되지 않은 방송 서비스의 보안에 대해서도 안정성을 강화할 수 있게 된다.In addition, the memory card mounted on the CAS server and the CAS client performs AKA by directly interworking through a bidirectional network, and then performs CAS service, thereby eliminating the need to perform a complex GBA based on the UICC depending on the carrier. Instead of the GBA processing procedure that is implemented only in the network, the memory card installed in the CAS client performs AKA by directly interworking with the CAS server through the two-way network, thus enhancing the stability of the security of broadcasting services that are not linked to the mobile network, such as IPTV. Will be.
도 1은 종래 기술에 따른 모바일 방송 시스템의 구성을 개략적으로 보인 도면.1 is a view schematically showing the configuration of a mobile broadcasting system according to the prior art.
도 2는 본 발명에 적용되는 LTKM의 구조를 예시적으로 보인 도면.2 is a view showing an example of the structure of the LTKM applied to the present invention.
도 3은 본 발명에 적용되는 STKM의 구조를 예시적으로 보인 도면.3 is a view showing an example of the structure of the STKM applied to the present invention.
도 4는 본 발명의 일 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템의 구성을 개략적으로 보인 도면.4 is a diagram schematically illustrating a configuration of a memory card based mobile broadcast reception restriction system according to an embodiment of the present invention.
도 5는 본 발명의 다른 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템의 구성을 개략적으로 보인 도면.FIG. 5 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention. FIG.
도 6은 본 발명의 또 다른 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템의 구성을 개략적으로 보인 도면.FIG. 6 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention. FIG.
*** 도면의 주요 부분에 대한 부호의 설명 ****** Explanation of symbols for the main parts of the drawing ***
100, 500. CAS 서버, 110. SMK 유도부, 100, 500 CAS server, 110 SMK induction part,
120, 520. SEK 생성부, 130, 530. LTKM 암호화 및 전송부,120, 520. SEK generator, 130, 530. LTKM encryption and transmitter,
140, 540. TEK 생성부, 150, 550. STKM 암호화 및 전송부,140, 540. TEK generation unit, 150, 550. STKM encryption and transmission unit,
160, 560. 스크램블러, 200, 400, 600. CAS 클라이언트,160, 560.scrambler, 200, 400, 600.CAS client,
210, 420, 610. KDA 인터페이스부, 220, 430. 620. SD 카드,210, 420, 610.KDA interface, 220, 430. 620.SD card,
221. GBA 수행부, 222, 431, 622. LTKM 분석 및 복호화부,221.GBA execution unit, 222, 431, 622. LTKM analysis and decoding unit,
223, 432, 623. STKM 분석 및 복호화부, 224, 433, 624. 암호화 엔진,223, 432, 623. STKM analysis and decryption unit, 224, 433, 624. Cryptographic Engine,
225, 434, 625. 파일 시스템, 230, 440, 630. 디스크램블러,225, 434, 625. File system, 230, 440, 630. Descrambler,
300. BSF/HSS, 410. UICC300.BSF / HSS, 410.UICC
510, 621. AKA 수행부510, 621. AKA Execution Unit
이하에서는 첨부한 도면을 참조하여 본 발명의 바람직한 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템에 대해서 상세하게 설명한다.Hereinafter, a mobile card reception restriction system based on a memory card according to an exemplary embodiment of the present invention will be described in detail with reference to the accompanying drawings.
본 발명의 실시예에서는 메모리 카드로 스마트 카드 기능이 부가된 SD(Secure Digital) 카드가 사용되는 경우를 예로 들어 설명하기로 한다. 그러나, 본 발명에 적용되는 메모리 카드를 스마트 카드 기능이 부가된 SD 카드로만 한정하는 것이 아니며, 본 발명에 적용되는 메모리 카드는 스마트 카드 기능이 부가된 SDHC(Secure Digital High Capacity) 카드, 스마트 카드 기능이 부가된 CF(Compact Flash) 카드, 스마트 카드 기능이 부가된 xD 카드 등으로 다양하게 구현될 수 있음을 밝힌다.In the embodiment of the present invention, a case where a SD (Secure Digital) card to which a smart card function is added is used as a memory card will be described as an example. However, the memory card to which the present invention is applied is not limited to an SD card to which a smart card function is added, and the memory card to which the present invention is applied is a Secure Digital High Capacity (SDHC) card and a smart card function to which a smart card function is added. The added CF (Compact Flash) card, smart card function added xD card, etc. can be implemented in various ways.
도 2는 본 발명에 적용되는 LTKM(Long-Term Key Message)의 구조를 예시적으로 보인 도로, LTKM의 헤더 필드의 디바이스 타입을 SD 카드가 선택되도록 값을 설정할 수 있게 되고, SIO(Serial Input Output) 타입은 SDIO(Secure Digital Input Output)가 선택되도록 값을 설정할 수 있게 된다.2 is a diagram illustrating a structure of a long-term key message (LTKM) applied to the present invention, the device type of the header field of the LTKM value can be set so that the SD card is selected, SIO (Serial Input Output) ) Type can be set so that SDIO (Secure Digital Input Output) is selected.
도 3은 본 발명에 적용되는 STKM(Short-Term Key Message)의 구조를 예시적으로 보인 도로, STKM의 헤더 필드의 디바이스 타입을 SD 카드가 선택되도록 값을 설정할 수 있게 되고, SIO 타입은 SDIO가 선택되도록 값을 설정할 수 있게 된다.3 is a diagram illustrating the structure of a short-term key message (STKM) applied to the present invention, the value of the SD card can be set to the device type of the header field of the STKM, the SIO type is SDIO You can set the value to be selected.
도 4는 본 발명의 일 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템의 구성을 개략적으로 보인 도이다.4 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to an embodiment of the present invention.
우선, CAS 서버(100)는 SMK(Subscriber Management Key) 유도부(110)와, SEK(Service Encryption Key) 생성부(120)와, LTKM 암호화 및 전송부(130)와, TEK(Traffic Encryption Key) 생성부(140)와, STKM 암호화 및 전송부(150)와, 스크램블러(Scrambler)(160)를 포함하여 이루어진다.First, the CAS server 100 generates a subscriber management key (SMK) derivation unit 110, a service encryption key (SEK) generation unit 120, an LTKM encryption and transmission unit 130, and a TEK (Traffic Encryption Key) generation. The unit 140, the STKM encryption and transmission unit 150, and a scrambler (Scrambler) (160).
이와 같은 구성에 있어서, SMK 유도부(110)는 CAS 클라이언트(200)와 BSF/HSS(300)가 GBA를 통해 공유하고 있는 공유키 KS를 BSF/HSS(300)로 요청하여 제공받아 저장하고 있다가, 공유키 KS를 이용하여 SMK를 유도한다.In such a configuration, the SMK induction unit 110 requests and stores the shared key KS shared by the CAS client 200 and the BSF / HSS 300 through the GBA to the BSF / HSS 300, and is stored therein. Induce SMK using shared key KS.
SEK 생성부(120)는 임의의 난수 생성 방식을 이용하여 SEK를 생성한다. SEK generation unit 120 generates the SEK by using any random number generation method.
LTKM 암호화 및 전송부(130)는 SEK 생성부(120)에서 생성된 SEK를 포함하는 LTKM을 SMK 유도부(110)로부터 전달받은 SMK로 암호화하며, SMK로 암호화된 LTKM을 방송망 혹은 모바일망을 통해 CAS 클라이언트(200)로 전송한다. 여기서, SEK를 포함하는 LTKM은 MIKEY 프로토콜을 통해 생성된다.The LTKM encryption and transmission unit 130 encrypts the LTKM including the SEK generated by the SEK generation unit 120 with the SMK received from the SMK derivation unit 110, and stores the LTKM encrypted with the SMK through a broadcasting network or a mobile network. Send to client 200. Here, LTKM including SEK is generated through the MIKEY protocol.
TEK 생성부(140)는 임의의 난수 생성 방식을 이용하여 TEK를 생성한다.The TEK generator 140 generates a TEK using an arbitrary random number generation method.
STKM 암호화 및 전송부(150)는 TEK 생성부(140)에서 생성된 TEK를 포함하는 STKM을 SEK 생성부(120)로부터 전달받은 SEK로 암호화하며, SEK로 암호화된 STKM을 방송망을 통해 CAS 클라이언트(200)로 전송한다. 여기서, TEK를 포함하는 STKM은 MIKEY 프로토콜을 통해 생성된다.The STKM encryption and transmission unit 150 encrypts the STKM including the TEK generated by the TEK generation unit 140 with the SEK received from the SEK generation unit 120, and converts the STKM encrypted by the SEK through the broadcasting network to the CAS client ( 200). Here, the STKM including the TEK is generated through the MIKEY protocol.
스크램블러(160)는 CAS 클라이언트(200)로 전송하고자 하는 방송 컨텐츠를 TEK 생성부(140)로부터 전달받은 TEK로 스크램블링하여 CAS 클라이언트(200)로 전송한다.The scrambler 160 scrambles the broadcast content to be transmitted to the CAS client 200 with the TEK received from the TEK generation unit 140 and transmits the scrambler 160 to the CAS client 200.
한편, CAS 클라이언트(200)는 KDA(Key management system Device Agent) 인터페이스부(210)와, SD 카드(220)와, 디스크램블러(Descrambler)(230)를 포함하여 이루어진다.The CAS client 200 may include a key management system device agent (KDA) interface unit 210, an SD card 220, and a descrambler 230.
이와 같은 구성에 있어서, KDA 인터페이스부(210)는 CAS 서버(100)가 방송망 혹은 모바일망을 통해 전송한 LTKM을 수신하고, CAS 서버(100)가 방송망을 통해 전송한 STKM을 수신한다.In such a configuration, the KDA interface unit 210 receives the LTKM transmitted by the CAS server 100 through a broadcasting network or a mobile network, and receives the STKM transmitted by the CAS server 100 through a broadcasting network.
전술한, KDA 인터페이스부(210)는 CAS 서버(100)로부터 수신한 LTKM과 STKM의 헤더 필드의 디바이스 타입으로 설정되어 있는 값과 SIO 타입으로 설정되어 있는 값을 확인하여 LTKM과 STKM이 SD 카드(220)로 전달되도록 설정되어 있으면, LTKM과 STKM을 SD 카드(220)로 전달한다.As described above, the KDA interface unit 210 checks the value set in the device type of the header field of the LTKM and STKM received from the CAS server 100 and the value set in the SIO type, so that the LTKM and STKM are the SD card ( If it is set to be transmitted to 220, LTKM and STKM is transferred to the SD card (220).
한편, SD 카드(220)는 GBA 수행부(221)와, LTKM 분석 및 복호화부(222)와, STKM 분석 및 복호화부(223)를 포함하여 이루어진다.The SD card 220 includes a GBA performing unit 221, an LTKM analyzing and decoding unit 222, and an STKM analyzing and decoding unit 223.
이와 같은 구성에 있어서, GBA 수행부(221)는 AKA 애플릿(Applet)과 암호화 엔진(Crypto Engine)을 이용하여 KDA 인터페이스부(210)를 통해 BSF/HSS(300)로 GBA를 시도하여 GBA를 수행하고, GBA를 수행하여 생성된 공유키 KS를 이용하여 SMK를 유도한다.In such a configuration, the GBA execution unit 221 performs a GBA by attempting a GBA to the BSF / HSS 300 through the KDA interface unit 210 by using an AKA applet and a crypto engine. In addition, the SMK is derived using the shared key KS generated by performing the GBA.
LTKM 분석 및 복호화부(222)는 SD 카드(220)의 SIO 포트를 통해 KDA 인터페이스부(210)로부터 LTKM을 전달받으면, KMS(Key Management System) 애플릿과 암호화 엔진(224)을 이용하여 LTKM을 GBA 수행부(221)로부터 전달받은 SMK로 복호화한 후, 복호화된 LTKM을 분석하여 LTKM으로부터 SEK를 획득한다.When the LTKM analysis and decryption unit 222 receives the LTKM from the KDA interface unit 210 through the SIO port of the SD card 220, the LTKM GBA is obtained using the Key Management System (KMS) applet and the encryption engine 224. After decoding the SMK received from the execution unit 221, the decoded LTKM is analyzed to obtain the SEK from the LTKM.
STKM 분석 및 복호화부(223)는 SD 카드(220)의 SIO 포트를 통해 KDA 인터페이스부(210)로부터 STKM을 전달받으면, KMS 애플릿과 암호화 엔진(224)을 이용하여 STKM을 LTKM 분석 및 복호화부(222)로부터 전달받은 SEK로 복호화한 후, 복호화된 STKM을 분석하여 STKM으로부터 TEK를 획득한다.When the STKM analysis and decryption unit 223 receives the STKM from the KDA interface 210 through the SIO port of the SD card 220, the LTKM analysis and decryption unit STKM using the KMS applet and the encryption engine 224 ( After decoding with the SEK received from 222, the decoded STKM is analyzed to obtain TEK from the STKM.
그리고, STKM 분석 및 복호화부(223)는 TEK를 SAC 프로토콜이 포함된 SAC 애플릿을 이용하여 TEK를 디스크램블러(230)로 안전하게 전달한다.The STKM analysis and decryption unit 223 safely transmits the TEK to the descrambler 230 using the SAC applet including the SAC protocol.
파일 시스템(225)은 GBA 수행부(221)를 통해 획득한 공유키 KS 및 SMK, LTKM 분석 및 복호화부(222)를 통해 획득한 SEK, STKM 분석 및 복호화부(223)를 통해 획득한 TEK를 메모리 영역에 저장하고, 새로 키가 수신되는 경우 새로 수신된 키를 이용하여 업데이트를 수행한다.The file system 225 uses the shared key KS and SMK obtained through the GBA execution unit 221 and the TEK obtained through the SEK, STKM analysis and decryption unit 223 obtained through the analysis and decryption unit 222. Store it in the memory area, and if a new key is received, update using the newly received key.
한편, 디스크램블러(230)는 CAS 서버(100)로부터 전송받은 방송 컨텐츠를 STKM 분석 및 복호화부(223)로부터 전달받은 TEK를 이용하여 디스크램블링한다.Meanwhile, the descrambler 230 descrambles the broadcast content received from the CAS server 100 using the TEK received from the STKM analyzer and decoder 223.
도 5는 본 발명의 다른 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템의 구성을 개략적으로 보인 도이다.5 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention.
본 발명의 다른 실시예에 적용되는 CAS 서버(100)는 일 실시예에서 적용된 CAS 서버(100)와 그 구성 및 동작이 동일하므로, 동일한 도면 번호를 부여하고 이에 대한 설명은 생략하기로 한다.Since the CAS server 100 applied to another embodiment of the present invention has the same configuration and operation as the CAS server 100 applied in one embodiment, the same reference numerals will be given and the description thereof will be omitted.
한편, CAS 클라이언트(400)는 UICC(410)와, KDA 인터페이스부(420)와, SD 카드(430)와, 디스크램블러(440)를 포함하여 이루어진다.Meanwhile, the CAS client 400 includes a UICC 410, a KDA interface 420, an SD card 430, and a descrambler 440.
이와 같은 구성에 있어서, UICC(410)는 모바일망을 통해 BSF/HSS(300)와 GBA를 수행하고, GBA를 수행하여 생성된 공유키 KS를 저장하고 있다.In such a configuration, the UICC 410 performs a GBA with the BSF / HSS 300 through the mobile network, and stores the shared key KS generated by performing the GBA.
KDA 인터페이스부(420)는 UICC(410)로부터 전달받은 공유키 KS를 이용하여 SMK를 유도하여 SD 카드(430)로 전달하고, CAS 서버(100)가 방송망 혹은 모바일망을 통해 전송한 LTKM을 수신하고, CAS 서버(100)가 방송망을 통해 전송한 STKM을 수신한다.The KDA interface unit 420 derives an SMK using the shared key KS received from the UICC 410 and transmits the SMK to the SD card 430, and receives the LTKM transmitted by the CAS server 100 through a broadcasting network or a mobile network. The CAS server 100 receives the STKM transmitted through the broadcasting network.
그리고, KDA 인터페이스부(420)는 CAS 서버(100)로부터 수신한 LTKM과 STKM의 헤더 필드의 디바이스 타입으로 설정되어 있는 값과 SIO 타입으로 설정되어 있는 값을 확인하여 LTKM과 STKM이 SD 카드(430)로 전달되도록 설정되어 있으면, 수신한 LTKM과 STKM을 SD 카드(430)로 전달한다.The KDA interface unit 420 checks the value set in the device type of the header field of the LTKM and STKM received from the CAS server 100 and the value set in the SIO type so that the LTKM and STKM may be the SD card 430. If it is set to be delivered to), and receives the received LTKM and STKM to the SD card (430).
한편, SD 카드(430)는 LTKM 분석 및 복호화부(431)와, STKM 분석 및 복호화부(432)를 포함하여 이루어진다.The SD card 430 includes an LTKM analysis and decoding unit 431 and an STKM analysis and decoding unit 432.
이와 같은 구성에 있어서, LTKM 분석 및 복호화부(431)는 SD 카드(430)의 SIO 포트를 통해 KDA 인터페이스부(420)로부터 LTKM을 전달받으면, KMS 애플릿과 암호화 엔진(433)을 이용하여 LTKM을 KDA 인터페이스부(420)로부터 전달받은 SMK로 복호화한 후, 복호화된 LTKM을 분석하여 LTKM으로부터 SEK를 획득한다.In such a configuration, when the LTKM analysis and decryption unit 431 receives the LTKM from the KDA interface unit 420 through the SIO port of the SD card 430, the LTKM is analyzed using the KMS applet and the encryption engine 433. After decoding with the SMK received from the KDA interface unit 420, the decoded LTKM is analyzed to obtain the SEK from the LTKM.
STKM 분석 및 복호화부(432)는 SD 카드(430)의 SIO 포트를 통해 KDA 인터페이스부(420)로부터 STKM을 전달받으면, KMS 애플릿과 암호화 엔진(433)을 이용하여 STKM을 LTKM 분석 및 복호화부(431)로부터 전달받은 SEK로 복호화한 후, 복호화된 STKM을 분석하여 STKM으로부터 TEK를 획득한다.When the STKM analysis and decryption unit 432 receives the STKM from the KDA interface unit 420 through the SIO port of the SD card 430, the LTKM analysis and decryption unit STKM using the KMS applet and the encryption engine 433 ( After decoding by the SEK received from 431, the decoded STKM is analyzed to obtain a TEK from the STKM.
그리고, STKM 분석 및 복호화부(432)는 TEK를 SAC 프로토콜이 포함된 SAC 애플릿을 이용하여 TEK를 디스크램블러(440)로 안전하게 전달한다.The STKM analysis and decryption unit 432 safely transmits the TEK to the descrambler 440 using the SAC applet including the SAC protocol.
파일 시스템(434)은 KDA 인터페이스부(420)를 통해 획득한 SMK, LTKM 분석 및 복호화부(431)를 통해 획득한 SEK, STKM 분석 및 복호화부(432)를 통해 획득한 TEK를 메모리 영역에 저장하고, 새로 키가 수신되는 경우 새로 수신된 키를 이용하여 업데이트를 수행한다.The file system 434 stores the SMK obtained through the KDA interface unit 420 and the TEK obtained through the SEK, STKM analyzing and decoding unit 432 acquired through the LTKM analyzing and decoding unit 431 in a memory area. If a new key is received, update is performed using the newly received key.
한편, 디스크램블러(440)는 CAS 서버(100)로부터 전송받은 방송 컨텐츠를 STKM 분석 및 복호화부(432)로부터 전달받은 TEK를 이용하여 디스크램블링한다.Meanwhile, the descrambler 440 descrambles the broadcast content received from the CAS server 100 using the TEK received from the STKM analyzer and decoder 432.
도 6은 본 발명의 또 다른 실시예에 따른 메모리 카드 기반의 모바일 방송 수신 제한 시스템의 구성을 개략적으로 보인 도이다.6 is a diagram schematically illustrating a configuration of a memory card-based mobile broadcast reception restriction system according to another embodiment of the present invention.
우선, CAS 서버(500)는 AKA 수행부(510)와, SEK 생성부(520)와, LTKM 암호화 및 전송부(530)와, TEK 생성부(540)와, STKM 암호화 및 전송부(550)와, 스크램블러(560)를 포함하여 이루어진다.First, the CAS server 500 includes an AKA performer 510, an SEK generator 520, an LTKM encryption and transmitter 530, a TEK generator 540, and an STKM encryption and transmitter 550. And a scrambler 560.
이와 같은 구성에 있어서, AKA 수행부(510)는 CAS 클라이언트(600)가 모바일 방송 서비스에 가입할 당시 키 발급 시스템(미도시)으로부터 CAS 클라이언트(600)와 함께 발급받은 공유키 K와 난수를 이용하여 OTP(One-Time Password)를 생성하는 방식으로 CAS 클라이언트(600)에 탑재되어 있는 SD 카드(430)와 AKA를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK를 유도한다.In this configuration, the AKA execution unit 510 uses the shared key K and the random number issued together with the CAS client 600 from the key issuing system (not shown) when the CAS client 600 subscribes to the mobile broadcasting service. By performing AKA with the SD card 430 mounted in the CAS client 600 in a manner of generating a one-time password (OTP), SMK is induced by using the shared key KS generated by performing AKA.
또 다른 방법으로 AKA 수행부(510)는 CAS 클라이언트(600)가 모바일 방송 서비스에 가입할 당시 키 발급 시스템(미도시)으로부터 CAS 클라이언트(600)와 함께 발급받은 공개키 쌍 Puk/Prk와 난수를 이용하는 방식으로 CAS 클라이언트(600)에 탑재되어 있는 SD 카드(430)와 AKA를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK를 유도한다.Alternatively, the AKA execution unit 510 may generate a random number and a public key pair Puk / Prk issued together with the CAS client 600 from a key issuing system (not shown) when the CAS client 600 subscribes to the mobile broadcasting service. In this manner, the AKA is performed with the SD card 430 mounted on the CAS client 600, and the SMK is derived using the shared key KS generated by performing the AKA.
전술한 바와 같이, 본 발명의 또 다른 실시예에서는 공유키 K를 비롯하여 공개키 쌍 Puk/Prk를 이동통신 사업자가 아닌 CAS 서비스 사입자 측의 키 발급 시스템으로부터 발급받게 된다.As described above, in another embodiment of the present invention, the public key pair Puk / Prk, including the shared key K, is issued from the key issuing system of the CAS service subscriber, not the mobile communication provider.
SEK 생성부(520)는 임의의 난수 생성 방식을 이용하여 SEK를 생성한다.The SEK generator 520 generates the SEK using any random number generation scheme.
LTKM 암호화 및 전송부(530)는 SEK 생성부(520)에서 생성된 SEK를 포함하는 LTKM을 AKA 수행부(510)로부터 전달받은 SMK로 암호화하며, SMK로 암호화된 LTKM을 방송망 혹은 양방향망을 통해 CAS 클라이언트(600)로 전송한다. 여기서, SEK를 포함하는 LTKM은 MIKEY 프로토콜을 통해 생성된다.The LTKM encryption and transmission unit 530 encrypts the LTKM including the SEK generated by the SEK generation unit 520 with the SMK received from the AKA execution unit 510 and transmits the LTKM encrypted with the SMK through a broadcasting network or a bidirectional network. Send to the CAS client 600. Here, LTKM including SEK is generated through the MIKEY protocol.
TEK 생성부(540)는 임의의 난수 생성 방식을 이용하여 TEK를 생성한다.The TEK generator 540 generates the TEK by using an arbitrary random number generation method.
STKM 암호화 및 전송부(550)는 TEK 생성부(540)에서 생성된 TEK를 포함하는 STKM을 SEK 생성부(520)로부터 전달받은 SEK로 암호화하며, SEK로 암호화된 STKM을 방송망을 통해 CAS 클라이언트(600)로 전송한다. 여기서, TEK를 포함하는 STKM은 MIKEY 프로토콜을 통해 생성된다.The STKM encryption and transmission unit 550 encrypts the STKM including the TEK generated by the TEK generation unit 540 with the SEK received from the SEK generation unit 520, and converts the STKM encrypted with the SEK through the broadcasting network to the CAS client ( 600). Here, the STKM including the TEK is generated through the MIKEY protocol.
스크램블러(560)는 CAS 클라이언트(600)로 전송하고자 하는 방송 컨텐츠를 TEK 생성부(540)로부터 전달받은 TEK로 스크램블링하여 CAS 클라이언트(600)로 전송한다.The scrambler 560 scrambles the broadcast content to be transmitted to the CAS client 600 to the TEK received from the TEK generation unit 540 and transmits the scrambler to the CAS client 600.
한편, CAS 클라이언트(600)는 KDA 인터페이스부(610)와, SD 카드(620)와, 디스크램블러(630)를 포함하여 이루어진다.Meanwhile, the CAS client 600 includes a KDA interface unit 610, an SD card 620, and a descrambler 630.
이와 같은 구성에 있어서, KDA 인터페이스부(610)는 CAS 서버(500)가 방송망 혹은 양방향망을 통해 전송한 LTKM을 수신하고, CAS 서버(500)가 방송망을 통해 전송한 STKM을 수신한다.In such a configuration, the KDA interface unit 610 receives the LTKM transmitted by the CAS server 500 through the broadcasting network or the bidirectional network, and receives the STKM transmitted by the CAS server 500 through the broadcasting network.
전술한, KDA 인터페이스부(610)는 CAS 서버(500)로부터 수신한 LTKM과 STKM의 헤더 필드의 디바이스 타입으로 설정되어 있는 값과 SIO 타입으로 설정되어 있는 값을 확인하여 LTKM과 STKM이 SD 카드(620)로 전달되도록 설정되어 있으면, LTKM과 STKM을 SD 카드(620)로 전달한다.As described above, the KDA interface unit 610 checks the value set in the device type of the header field of the LTKM and STKM received from the CAS server 500 and the value set in the SIO type, so that the LTKM and STKM are the SD card ( If set to 620, LTKM and STKM are transferred to SD card 620.
한편, SD 카드(620)는 AKA 수행부(621)와, LTKM 분석 및 복호화부(622)와, STKM 분석 및 복호화부(623)를 포함하여 이루어진다.The SD card 620 includes an AKA performer 621, an LTKM analyzer and decoder 622, and an STKM analyzer and decoder 623.
이와 같은 구성에 있어서, AKA 수행부(621)는 CAS 클라이언트(600)가 모바일 방송 서비스에 가입될 때, 키 발급 시스템(미도시)로부터 CAS 서버(500)와 함께 발급받은 공유키 K 또는 공개키 쌍 Puk/Prk를 이용하여 KDA 인터페이스부(610)를 통해 CAS 서버(500)의 AKA 수행부(621)와 직접 연동하여 AKA를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK를 유도한다.In such a configuration, when the CAS client 600 is subscribed to the mobile broadcasting service, the AKA execution unit 621 may use the shared key K or public key issued together with the CAS server 500 from a key issuing system (not shown). AKA is performed by directly interworking with the AKA performing unit 621 of the CAS server 500 through the KDA interface unit 610 using the pair Puk / Prk, and SMK is generated using the shared key KS generated by performing the AKA. Induce.
LTKM 분석 및 복호화부(622)는 SD 카드(620)의 SIO 포트를 통해 KDA 인터페이스부(610)로부터 LTKM을 전달받으면, KMS 애플릿과 암호화 엔진(624)을 이용하여 LTKM을 AKA 수행부(621)로부터 전달받은 SMK로 복호화한 후, 복호화된 LTKM을 분석하여 LTKM으로부터 SEK를 획득한다.When the LTKM analysis and decryption unit 622 receives the LTKM from the KDA interface unit 610 through the SIO port of the SD card 620, the AKA execution unit 621 performs LTKM using the KMS applet and the encryption engine 624. After decoding with the SMK received from the decoded LTKM is analyzed to obtain the SEK from the LTKM.
STKM 분석 및 복호화부(623)는 SD 카드(620)의 SIO 포트를 통해 KDA 인터페이스부(610)로부터 STKM을 전달받으면, KMS 애플릿과 암호화 엔진(624)을 이용하여 STKM을 LTKM 분석 및 복호화부(622)로부터 전달받은 SEK로 복호화한 후, 복호화된 STKM을 분석하여 STKM으로부터 TEK를 획득한다.When the STKM analysis and decryption unit 623 receives the STKM from the KDA interface unit 610 through the SIO port of the SD card 620, the LTKM analysis and decryption unit STKM using the KMS applet and the encryption engine 624 ( After decoding by the SEK received from 622, the decoded STKM is analyzed to obtain a TEK from the STKM.
그리고, STKM 분석 및 복호화부(623)는 TEK를 SAC 프로토콜이 포함된 SAC 애플릿을 이용하여 TEK를 디스크램블러(630)로 안전하게 전달한다.The STKM analysis and decryption unit 623 safely transmits the TEK to the descrambler 630 using the SAC applet including the SAC protocol.
파일 시스템(625)은 CAS 서버(500)와 함께 발급받은 공유키 K 및 공개키 쌍 Puk/Prk, AKA 수행부(621)를 통해 획득한 공유키 KS 및 SMK, LTKM 분석 및 복호화부(622)를 통해 획득한 SEK, STKM 분석 및 복호화부(623)를 통해 획득한 TEK를 메모리 영역에 저장하고, 새로 키가 수신되는 경우 새로 수신된 키를 이용하여 업데이트를 수행한다.The file system 625 is a shared key K and a public key pair Puk / Prk issued together with the CAS server 500, and a shared key KS and SMK, LTKM analysis and decryption unit 622 obtained through the AKA performing unit 621. The TEK acquired through the SEK, STKM analysis and decryption unit 623 obtained through the EK is stored in the memory area, and when a new key is received, the update is performed using the newly received key.
한편, 디스크램블러(630)는 CAS 서버(500)로부터 전송받은 방송 컨텐츠를 STKM 분석 및 복호화부(623)로부터 전달받은 TEK를 이용하여 디스크램블링한다.Meanwhile, the descrambler 630 descrambles the broadcast content received from the CAS server 500 using the TEK received from the STKM analyzer and decoder 623.
본 발명의 메모리 카드 기반의 모바일 방송 수신 제한 시스템은 전술한 실시예에 국한되지 않고 본 발명의 기술 사상이 허용하는 범위 내에서 다양하게 변형하여 실시할 수 있다.The memory card-based mobile broadcast reception limiting system of the present invention is not limited to the above-described embodiments, and may be modified in various ways within the scope of the technical idea of the present invention.
본 발명은 메모리 카드에서 CAS 서비스를 처리할 수 있도록 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템에 관한 것이다. 본 발명의 메모리 카드 기반의 모바일 방송 수신 제한 시스템에 따르면, GBA를 비롯하여 CAS 서비스를 모두 메모리 카드 내에서 수행하게 함으로써, 키(SMK, SEK/PEK, TEK)에 대한 안전한 관리를 보장할 수 있게 된다.The present invention relates to a memory card based mobile broadcast reception restriction system that enables a memory card to process a CAS service. According to the memory card-based mobile broadcast reception restriction system of the present invention, it is possible to ensure the secure management of the key (SMK, SEK / PEK, TEK) by performing all the CAS services including the GBA in the memory card .

Claims (17)

  1. CAS(Conditional Access System) 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부와;A Key Management System Device Agent (KDA) interface unit for receiving a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a Conditional Access System (CAS) server;
    상기 KDA 인터페이스부를 통해 GBA(Generic Bootstrapping Architecture)를 수행하고, 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK(Traffic Encryption Key)를 획득하는 메모리 카드와;A memory card which performs a Generic Bootstrapping Architecture (GBA) through the KDA interface unit, and decrypts the LTKM and STKM received from the KDA interface unit to obtain a Traffic Encryption Key (TEK) required for CAS service operation;
    상기 CAS 서버로부터 전송받은 방송 컨텐츠를 상기 메모리 카드로부터 전달받은 상기 TEK를 이용하여 디스크램블링하는 디스크램블러를 포함하여 이루어지되,And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card.
    상기 메모리 카드는, 상기 KDA 인터페이스부를 통해 BSF/HSS(Bootstrapping Service Function/Home Subscriber System)와 GBA를 수행하고, GBA를 수행하여 생성된 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하는 GBA 수행부와;The memory card performs a GBA with a BSF / HSS (Bootstrapping Service Function / Home Subscriber System) through the KDA interface unit, and uses a shared key KS generated by performing a GBA to derive a SMK (Subscriber Management Key). Execution unit;
    상기 KDA 인터페이스부로부터 전달받은 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK(Service Encryption Key)를 획득하는 LTKM 분석 및 복호화부와;An LTKM analysis and decryption unit for decrypting the LTKM received from the KDA interface unit into the SMK and then obtaining a Service Encryption Key (SEK) from the LTKM;
    상기 KDA 인터페이스부로부터 전달받은 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Decode the STKM received from the KDA interface unit to the SEK, obtain a TEK from the STKM, and includes an STKM analysis and decryption unit for securely delivering the TEK to the descrambler through the Secure Authenticated Channel (SAC) Memory card-based mobile broadcast reception restriction system.
  2. 제 1항에 있어서, 상기 KDA 인터페이스부는,The method of claim 1, wherein the KDA interface unit,
    상기 CAS 서버로부터 수신한 상기 LTKM과 STKM의 헤더 필드를 분석하여 상기 LTKM과 STKM이 상기 메모리 카드로 전달되도록 설정되어 있으면, 상기 LTKM과 STKM을 상기 메모리 카드로 전달하는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Analyzing the header fields of the LTKM and STKM received from the CAS server, if the LTKM and STKM is set to be delivered to the memory card, the LTKM and STKM is delivered to the memory card Mobile broadcast reception restriction system.
  3. 제 1항에 있어서, 상기 메모리 카드는,The method of claim 1, wherein the memory card,
    상기 GBA 수행부를 통해 획득한 공유키 KS 및 SMK, 상기 LTKM 분석 및 복호화부를 통해 획득한 SEK, 상기 STKM 분석 및 복호화부를 통해 획득한 TEK를 메모리 영역에 저장하고, 새로 수신된 키를 이용하여 업데이트를 수행하는 파일 시스템을 더 포함하여 이루어지는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.The shared key KS and SMK obtained through the GBA execution unit, the SEK obtained through the LTKM analysis and decryption unit, and the TEK obtained through the STKM analysis and decryption unit are stored in a memory area, and the update is performed using the newly received key. A memory card based mobile broadcast reception restriction system, further comprising a file system.
  4. 모바일망을 통해 BSF/HSS(Bootstrapping Service Function/Home Subscriber System)와 GBA(Generic Bootstrapping Architecture)를 수행하고, GBA를 수행하여 생성된 공유키 KS를 저장하고 있는 UICC(Universal Integrated Circuit Card)와;A Universal Integrated Circuit Card (UICC) for performing a BSF / HSS (Bootstrapping Service Function / Home Subscriber System) and a Generic Bootstrapping Architecture (GBA) through a mobile network, and storing a shared key KS generated by performing a GBA;
    상기 UICC로부터 전달받은 상기 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하고, CAS(Conditional Access System) 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부와;Deriving a Subscriber Management Key (SMK) using the shared key KS received from the UICC and receiving a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a Conditional Access System (CAS) server A key management system device agent (KDA) interface unit;
    상기 KDA 인터페이스부로부터 전달받은 상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK(Traffic Encryption Key)를 획득하는 메모리 카드와;A memory card for decrypting the LTKM and STKM received from the KDA interface unit to obtain a Traffic Encryption Key (TEK) required for CAS service operation;
    상기 CAS 서버로부터 전송받은 방송 컨텐츠를 상기 메모리 카드로부터 전달받은 상기 TEK를 이용하여 디스크램블링하는 디스크램블러를 포함하여 이루어지되,And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card.
    상기 메모리 카드는, 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM을 상기 KDA 인터페이스부로부터 전달받은 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK(Service Encryption Key)를 획득하는 LTKM 분석 및 복호화부와;The memory card includes: an LTKM analysis and decryption unit for decrypting the LTKM received from the KDA interface unit to the SMK received from the KDA interface unit, and then obtaining a Service Encryption Key (SEK) from the LTKM;
    상기 KDA 인터페이스부로부터 전달받은 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Decode the STKM received from the KDA interface unit to the SEK, obtain the TEK from the STKM, and includes a STKM analysis and decryption unit for securely delivering the TEK to the descrambler through the Secure Authenticated Channel (SAC) Memory card-based mobile broadcast reception restriction system.
  5. 제 4항에 있어서, 상기 KDA 인터페이스부는,The method of claim 4, wherein the KDA interface unit,
    상기 UICC로부터 전달받은 상기 공유키 KS를 이용하여 생성한 SMK를 상기 메모리 카드로 전달하고, 상기 CAS 서버로부터 수신한 상기 LTKM과 STKM의 헤더 필드를 분석하여 상기 LTKM과 STKM이 상기 메모리 카드로 전달되도록 설정되어 있으면, 상기 LTKM과 STKM을 상기 메모리 카드로 전달하는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.The SMK generated using the shared key KS received from the UICC is transferred to the memory card, and the header fields of the LTKM and STKM received from the CAS server are analyzed so that the LTKM and STKM are transferred to the memory card. If set, the memory card-based mobile broadcast reception restriction system, characterized in that for transmitting the LTKM and STKM to the memory card.
  6. 제 4항에 있어서, 상기 메모리 카드는,The memory card of claim 4, wherein the memory card includes:
    상기 KDA 인터페이스부를 통해 획득한 SMK, 상기 LTKM 분석 및 복호화부를 통해 획득한 SEK, 상기 STKM 분석 및 복호화부를 통해 획득한 TEK를 메모리 영역에 저장하고, 새로 수신된 키를 이용하여 업데이트를 수행하는 파일 시스템을 더 포함하여 이루어지는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.A file system for storing the SMK obtained through the KDA interface unit, the SEK obtained through the LTKM analysis and decryption unit, and the TEK obtained through the STKM analysis and decryption unit in a memory area and performing an update using a newly received key. Memory card based mobile broadcast reception restriction system, characterized in that further comprises.
  7. CAS(Conditional Access System) 서버로부터 LTKM(Long--Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부와;A key management system device agent (KDA) interface unit for receiving a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a Conditional Access System (CAS) server;
    상기 KDA 인터페이스부를 통해 상기 CAS 서버와 직접 연동하여 AKA(Authentication and Key Agreement)를 수행하고, 상기 KDA 인터페이스부로부터 전달받은 상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK(Traffic Encryption Key)를 획득하는 메모리 카드와;Perform an AKA (Authentication and Key Agreement) by directly interworking with the CAS server through the KDA interface unit, and decrypt the LTKM and STKM received from the KDA interface unit to obtain a TEK (Traffic Encryption Key) required for CAS service operation. A memory card;
    상기 CAS 서버로부터 전송받은 방송 컨텐츠를 상기 메모리 카드로부터 전달받은 상기 TEK를 이용하여 디스크램블링하는 디스크램블러를 포함하여 이루어지되,And a descrambler configured to descramble broadcast content received from the CAS server using the TEK received from the memory card.
    상기 메모리 카드는, 사전에 상기 CAS 서버와 함께 발급받은 공유키 K와 공개키 쌍 Puk/Prk 중에서 어느 하나를 이용하여 상기 KDA 인터페이스부를 통해 상기 CAS 서버와 AKA를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하는 AKA 수행부와;The memory card is generated by performing AKA with the CAS server through the KDA interface using any one of a shared key K and a public key pair Puk / Prk previously issued together with the CAS server, and performing AKA. An AKA performing unit for inducing a subscriber management key (SMK) using the shared key KS;
    상기 KDA 인터페이스부로부터 전달받은 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK(Service Encryption Key)를 획득하는 LTKM 분석 및 복호화부와;An LTKM analysis and decryption unit for decrypting the LTKM received from the KDA interface unit into the SMK and then obtaining a Service Encryption Key (SEK) from the LTKM;
    상기 KDA 인터페이스부로부터 전달받은 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Decode the STKM received from the KDA interface unit to the SEK, obtain the TEK from the STKM, and includes a STKM analysis and decryption unit for securely delivering the TEK to the descrambler through the Secure Authenticated Channel (SAC) Memory card-based mobile broadcast reception restriction system.
  8. 제 7항에 있어서, 상기 KDA 인터페이스부는,The method of claim 7, wherein the KDA interface unit,
    상기 CAS 서버로부터 수신한 상기 LTKM과 STKM의 헤더 필드를 분석하여 상기 LTKM과 STKM이 상기 메모리 카드로 전달되도록 설정되어 있으면, 상기 LTKM과 STKM을 상기 메모리 카드로 전달하는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Analyzing the header fields of the LTKM and STKM received from the CAS server, if the LTKM and STKM is set to be delivered to the memory card, the LTKM and STKM is delivered to the memory card Mobile broadcast reception restriction system.
  9. 제 7항에 있어서, 상기 메모리 카드는,The method of claim 7, wherein the memory card,
    사전에 상기 CAS 서버와 함께 발급받은 공유키 K 혹은 공개키 쌍 Puk/Prk, 상기 AKA 수행부를 통해 획득한 공유키 KS 및 SMK, 상기 LTKM 분석 및 복호화부를 통해 획득한 SEK, 상기 STKM 분석 및 복호화부를 통해 획득한 TEK를 메모리 영역에 저장하고, 새로 수신된 키를 이용하여 업데이트를 수행하는 파일 시스템을 더 포함하여 이루어지는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Shared key K or public key pair Puk / Prk previously issued with the CAS server, shared key KS and SMK obtained through the AKA execution unit, SEK obtained through the LTKM analysis and decryption unit, and STKM analysis and decryption unit And a file system for storing the TEK obtained through the memory area and performing an update using a newly received key.
  10. 제 7항에 있어서, 상기 CAS 서버는,The method of claim 7, wherein the CAS server,
    상기 공유키 K와 공개키 쌍 Puk/Prk 중에서 어느 하나를 이용하여 CAS 클라이언트에 탑재되는 상기 메모리 카드와 AKA를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하는 AKA 수행부와;AKA and a memory card mounted on a CAS client are performed using any one of the shared key K and the public key pair Puk / Prk, and a SMK (Subscriber Management Key) is generated using the shared key KS generated by performing AKA. Inducing AKA performing section;
    임의의 난수 방식을 이용하여 SEK를 생성하는 SEK 생성부와;An SEK generation unit generating an SEK using an arbitrary random number scheme;
    상기 SEK 생성부에서 생성한 SEK를 포함하는 LTKM을 상기 SMK로 암호화하여 상기 CAS 클라이언트로 전송하는 LTKM 암호화 및 전송부와;An LTKM encryption and transmission unit encrypting the LTKM including the SEK generated by the SEK generation unit with the SMK and transmitting the encrypted LTKM to the CAS client;
    임의의 난수 방식을 이용하여 TEK를 생성하는 TEK 생성부와;A TEK generator for generating TEK using any random number method;
    상기 TEK 생성부에서 생성한 TEK를 포함하는 STKM을 상기 SEK로 암호화하여 상기 CAS 클라이언트로 전송하는 STKM 암호화 및 전송부와;An STKM encryption and transmission unit for transmitting the STKM including the TEK generated by the TEK generation unit to the CAS client by encrypting the STKM with the SEK;
    방송 컨텐츠를 상기 TEK로 스크램블링하여 상기 CAS 클라이언트로 전송하는 스크램블러를 포함하여 이루어지는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.And a scrambler configured to scramble broadcast content to the TEK and transmit the scrambled content to the CAS client.
  11. 제 10항에 있어서, 상기 AKA 수행부는,The method of claim 10, wherein the AKA execution unit,
    사전에 상기 CAS 클라이언트와 함께 발급받은 상기 공유키 K와 난수를 이용하여 OTP(One-Time Password)를 생성하는 방식으로 AKA를 수행하여 공유키 KS를 생성하는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.Memory card-based mobile broadcast, characterized in that for performing the AKA to generate a shared key KS by generating a one-time password (OTP) using the shared key K and a random number issued with the CAS client in advance Restriction system.
  12. 제 10항에 있어서, 상기 AKA 수행부는,The method of claim 10, wherein the AKA execution unit,
    사전에 상기 CAS 클라이언트와 함께 발급받은 상기 공개키 쌍 Puk/Prk와 난수를 이용하는 방식으로 AKA를 수행하여 공유키 KS를 생성하는 것을 특징으로 하는 메모리 카드 기반의 모바일 방송 수신 제한 시스템.And a shared card KS by performing AKA in a manner using random number and the public key pair Puk / Prk previously issued together with the CAS client.
  13. CAS(Conditional Access System) 클라이언트 내에 탑재되어 CAS 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부를 통해 BSF/HSS(Bootstrapping Service Function/Home Subscriber System)와 GBA를 수행하고, GBA를 수행하여 생성된 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하는 GBA 수행부와;BSF / HSS (Bootstrapping Service) through a Key Management System Device Agent (KDA) interface that is embedded within a CAS (Conditional Access System) client and receives a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a CAS server. A GBA performing unit performing a GBA with a Function / Home Subscriber System) and inducing a subscriber management key (SMK) using a shared key KS generated by performing a GBA;
    상기 KDA 인터페이스부를 통해 상기 CAS 서버로부터 수신한 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK(Service Encryption Key)를 획득하는 LTKM 분석 및 복호화부와;An LTKM analysis and decryption unit for decrypting the LTKM received from the CAS server through the KDA interface unit into the SMK and then obtaining a Service Encryption Key (SEK) from the LTKM;
    상기 KDA 인터페이스부를 통해 상기 CAS 서버로부터 수신한 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 CAS 클라이언트 내에 탑재되어 있는 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 메모리 카드.After decoding the STKM received from the CAS server through the KDA interface unit to the SEK, the TEK is obtained from the STKM, and the TEK is descrambler mounted in the CAS client through a Secure Authenticated Channel (SAC). Memory card comprising a STKM analysis and decryption unit for secure delivery.
  14. CAS(Conditional Access System) 클라이언트 내에 탑재되어 CAS 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하고, UICC(Universal Integrated Circuit Card)로부터 전달받은 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하는 KDA(Key management system Device Agent) 인터페이스부를 통해 상기 CAS 서버로부터 수신한 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK(Service Encryption Key)를 획득하는 LTKM 분석 및 복호화부와;It is installed in a CAS (Conditional Access System) client to receive a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a CAS server, and uses the shared key KS received from a Universal Integrated Circuit Card (UICC). LTKM analysis of decoding the LTKM received from the CAS server through the Key Management System Device Agent (KDA) interface unit for inducing a Subscriber Management Key (SMK) into the SMK, and then obtaining a Service Encryption Key (SEK) from the LTKM. And a decoding unit;
    상기 KDA 인터페이스부를 통해 상기 CAS 서버로부터 수신한 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 CAS 클라이언트 내에 탑재되어 있는 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 메모리 카드.After decoding the STKM received from the CAS server through the KDA interface unit to the SEK, the TEK is obtained from the STKM, and the TEK is descrambler mounted in the CAS client through a Secure Authenticated Channel (SAC). Memory card comprising a STKM analysis and decryption unit for secure delivery.
  15. CAS(Conditional Access System) 클라이언트 내에 탑재되어 CAS 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부를 통해 상기 CAS 서버와 공유키 K와 공개키 쌍 Puk/Prk 중에서 어느 하나를 이용하여 AKA(Authentication and Key Agreement)를 수행하고, AKA를 수행하여 생성된 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하는 AKA 수행부와;A shared key with the CAS server through a Key Management System Device Agent (KDA) interface unit mounted within a CAS (Conditional Access System) client to receive a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a CAS server. An AKA execution unit performing an AKA (Authentication and Key Agreement) using any one of K and a public key pair Puk / Prk, and inducing a SMK (Subscriber Management Key) using a shared key KS generated by performing AKA; ;
    상기 KDA 인터페이스부를 통해 상기 CAS 서버로부터 수신한 상기 LTKM을 상기 SMK로 복호화한 후, 상기 LTKM으로부터 SEK(Service Encryption Key)를 획득하는 LTKM 분석 및 복호화부와;An LTKM analysis and decryption unit for decrypting the LTKM received from the CAS server through the KDA interface unit into the SMK and then obtaining a Service Encryption Key (SEK) from the LTKM;
    상기 KDA 인터페이스부를 통해 상기 CAS 서버로부터 수신한 상기 STKM을 상기 SEK로 복호화한 후, 상기 STKM으로부터 TEK를 획득하고, 상기 TEK를 SAC(Secure Authenticated Channel)을 통해 상기 CAS 클라이언트 내에 탑재되어 있는 디스크램블러로 안전하게 전달하는 STKM 분석 및 복호화부를 포함하여 이루어지는 메모리 카드.After decoding the STKM received from the CAS server through the KDA interface unit to the SEK, the TEK is obtained from the STKM, and the TEK is descrambler mounted in the CAS client through a Secure Authenticated Channel (SAC). Memory card comprising a STKM analysis and decryption unit for secure delivery.
  16. CAS(Conditional Access System) 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부와;A Key Management System Device Agent (KDA) interface unit for receiving a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a Conditional Access System (CAS) server;
    AKA(Authentication and Key Agreement)를 수행한 후, CAS 서비스 운용에 필요한 TEK(Traffic Encryption Key)를 유도하는 메모리 카드로부터 전달받은 상기 TEK를 이용하여 상기 CAS 서버로부터 전송받은 방송 컨텐츠를 디스크램블링하는 디스크램블러를 포함하여 이루어지는 CAS 클라이언트.A descrambler that descrambles the broadcast content received from the CAS server using the TEK received from a memory card for deriving a traffic encryption key (TEK) required for CAS service operation after performing AKA (Authentication and Key Agreement). CAS client, including.
  17. 모바일망을 통해 BSF/HSS(Bootstrapping Service Function/Home Subscriber System)와 GBA(Generic Bootstrapping Architecture)를 수행하고, GBA를 수행하여 생성된 공유키 KS를 저장하고 있는 UICC(Universal Integrated Circuit Card)와;A Universal Integrated Circuit Card (UICC) for performing a BSF / HSS (Bootstrapping Service Function / Home Subscriber System) and a Generic Bootstrapping Architecture (GBA) through a mobile network, and storing a shared key KS generated by performing a GBA;
    상기 UICC로부터 전달받은 상기 공유키 KS를 이용하여 SMK(Subscriber Management Key)를 유도하고, CAS(Conditional Access System) 서버로부터 LTKM(Long-Term Key Message)과 STKM(Short-Term Key Message)을 수신하는 KDA(Key management system Device Agent) 인터페이스부와;Deriving a Subscriber Management Key (SMK) using the shared key KS received from the UICC and receiving a Long-Term Key Message (LTKM) and a Short-Term Key Message (STKM) from a Conditional Access System (CAS) server A key management system device agent (KDA) interface unit;
    상기 LTKM과 STKM을 복호화하여 CAS 서비스 운용에 필요한 TEK(Traffic Encryption Key)를 획득하는 메모리 카드로부터 전달받은 상기 TEK를 이용하여 상기 CAS 서버로부터 전송받은 방송 컨텐츠를 디스크램블링하는 디스크램블러를 포함하여 이루어지는 CAS 클라이언트.And a descrambler that descrambles the broadcast content received from the CAS server using the TEK received from a memory card for decrypting the LTKM and STKM to obtain a traffic encryption key (TEK) required for CAS service operation. Client.
PCT/KR2009/004137 2008-07-24 2009-07-24 Memory card-based conditional access system for mobile broadcast WO2010011106A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2008-0072363 2008-07-24
KR1020080072363A KR100950458B1 (en) 2008-07-24 2008-07-24 Mobile broadcasting conditional access system based on memory card

Publications (2)

Publication Number Publication Date
WO2010011106A2 true WO2010011106A2 (en) 2010-01-28
WO2010011106A3 WO2010011106A3 (en) 2010-05-14

Family

ID=41570749

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2009/004137 WO2010011106A2 (en) 2008-07-24 2009-07-24 Memory card-based conditional access system for mobile broadcast

Country Status (2)

Country Link
KR (1) KR100950458B1 (en)
WO (1) WO2010011106A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101145766B1 (en) * 2010-12-10 2012-05-16 고려대학교 산학협력단 System and method for providing security service

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070089027A (en) * 2006-02-27 2007-08-30 삼성전자주식회사 Method and system for protecting broadcasting service/content, encryption key and message generation method thereof
KR20070089582A (en) * 2006-02-28 2007-08-31 엘지전자 주식회사 Method of managing a sek and a pek for a pay-per view based and service based broadcast subscriber and communication system thereof
US20070274526A1 (en) * 2006-02-03 2007-11-29 Qualcomm Incorporated Method and apparatus for content protection in wireless communications
KR20080000950A (en) * 2006-06-28 2008-01-03 주식회사 케이티프리텔 Decryption method of encryption broadcasting using ic chip performed by mobile and the mobile thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8046824B2 (en) * 2005-04-11 2011-10-25 Nokia Corporation Generic key-decision mechanism for GAA

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070274526A1 (en) * 2006-02-03 2007-11-29 Qualcomm Incorporated Method and apparatus for content protection in wireless communications
KR20070089027A (en) * 2006-02-27 2007-08-30 삼성전자주식회사 Method and system for protecting broadcasting service/content, encryption key and message generation method thereof
KR20070089582A (en) * 2006-02-28 2007-08-31 엘지전자 주식회사 Method of managing a sek and a pek for a pay-per view based and service based broadcast subscriber and communication system thereof
KR20080000950A (en) * 2006-06-28 2008-01-03 주식회사 케이티프리텔 Decryption method of encryption broadcasting using ic chip performed by mobile and the mobile thereof

Also Published As

Publication number Publication date
WO2010011106A3 (en) 2010-05-14
KR100950458B1 (en) 2010-04-02
KR20100011233A (en) 2010-02-03

Similar Documents

Publication Publication Date Title
JP5106845B2 (en) How to descramble a scrambled content data object
US7171553B2 (en) Method for providing a secure communication between two devices and application of this method
CN101719910B (en) Terminal equipment for realizing content protection and transmission method thereof
TWI376131B (en) Methods of broadcasting and receiving a scrambled multimedia programme, content,headend, terminal, receiver and security rpocessor for such methods
CN101076109B (en) Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it
US7937587B2 (en) Communication terminal apparatus and information communication method
US8503675B2 (en) Cable television secure communication system for one way restricted
WO2010062028A2 (en) Method for downloading conditional access system for digital broadcasting
JP2010193449A (en) Method of securely providing control word from smart card to conditional access module
JPH10164053A (en) Verification method/system for data by scrambling
WO2008046323A1 (en) Mobile telephone television service protect method, system and apparatus
US20070204290A1 (en) Method for Protecting Contents of Broadband Video/Audio Broadcast
WO2011120901A1 (en) Secure descrambling of an audio / video data stream
CN103444195A (en) Content encryption
CN101335579A (en) Method implementing conditional reception and conditional receiving apparatus
JP2002152194A (en) Limited reception device, limited reception device authenticating method, and cipher communication method
CN101626484A (en) Method for protecting control word in condition access system, front end and terminal
KR100194790B1 (en) Conditional Conditional Access System and Conditional Conditional Access Service Processing Method Using It
WO2017128585A1 (en) Advanced secure output content protection method and condition receiving module
KR970064233A (en) How messages are handled for conditional conditional access services
WO2010011106A2 (en) Memory card-based conditional access system for mobile broadcast
JP2001333056A (en) Limited reception system and limited reception method
CN101500147B (en) Digital television receiving control method and apparatus based on bi-directional network
JP5143186B2 (en) Information communication method and server
KR20120050366A (en) Security method and system of mobile

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09800587

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09800587

Country of ref document: EP

Kind code of ref document: A2