CN100337478C - A private key acquiring method for use in set-top box - Google Patents
A private key acquiring method for use in set-top box Download PDFInfo
- Publication number
- CN100337478C CN100337478C CNB2005100805711A CN200510080571A CN100337478C CN 100337478 C CN100337478 C CN 100337478C CN B2005100805711 A CNB2005100805711 A CN B2005100805711A CN 200510080571 A CN200510080571 A CN 200510080571A CN 100337478 C CN100337478 C CN 100337478C
- Authority
- CN
- China
- Prior art keywords
- top box
- key
- private key
- software
- management module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The present invention relates to a private key acquiring method for a machine-top box, which at least comprises the procedures that (1), account establishing operation is carried on a machine-top box by an operator before a user purchases and uses the machine-top box; (2), software containing up to date computation of a sharing secret key is written in the machine-top box in the process of the account establishing operation, and the sharing secret key is computed by the machine-top box through the computation; (3), when a machine is started for use, the software of the machine-top box is first checked after a secret key management module receives download application of the private key of the machine-top box, the legal identity and non-revision of the software are ensured, the sharing secret key is computed by the stored information of the hardware and the software of the machine-top box, and the private key of the machine-top box is encrypted through the sharing secret key; (4), the sharing secret key is computed by the hardware and the software of the machine-top box after the encrypted private key is downloaded and is acquired by the machine-top box, a private key is obtained by decrypting the sharing secret key, a content secret key is decrypted by the private key, and playing is realized. The private key acquiring method can transmit and store the private key of the machine-top box safely.
Description
Technical field
The present invention relates to a kind of acquisition methods that is used for the private key of set-top box, belong to the key use of the Internet and the technical field of safe transmission thereof.
Background technology
Top box of digital machine generally is used for displaying video and/or audio program; for copyright and the content safety of protecting these video and/or audio digital programs; at present, use the safety of digital copyright management DRM (Digital RightsManagement) technical protection content more.The principle of digital copyright management DRM is: the operation technique means, digital product is controlled in each links such as distribution, transmission and uses, and make and, in the time limit of licensing, use the people that digital product can only be authorized to use according to the mode of authorizing.
The DRM technology is a kind of content protecting technology based on public keys system PKI (Public Key Infrastructure).DRM technology major part is made up of mandate and cipher key system, encryption system.When content supplier wishes to utilize its content of DRM technical protection, need to use a content key that its content is encrypted.This content key generally uses symmetry algorithm, and only obtaining content key as terminal use's set-top box could the real time decrypting programme content, plays then.So how the safe transmission content key just becomes the major issue of DRM technology naturally.
At present, for the safe transmission of content key, common way realizes by public and private key algorithm.The key management system of DRM adopts the PKI of set-top box earlier content key to be encrypted, send it to set-top box then, after the terminal use-set-top box of authorizing-obtain encrypted content key, must decipher with the private key of oneself, just can obtain content key, again the programme content after encrypting is decrypted and realizes playing, can prevent conscientiously that like this set-top box of other unauthorized user from intercepting and capturing and using this content key.
Therefore, learn from the above mentioned that the private key safety of set-top box is part the most key in the DRM system.If the private key of set-top box is cracked by intercepting and capturing, then content key can be readily solved, and does not have secret to say.
At present, the private key of set-top box has several preservation schemes, for example uses smart card, preserves the private key of set-top box in smart card; Use flash memory FLASH, private key is stored among the FLASH; Or the like.
Smart card (claiming the CPU card again) is a kind of eeprom memory and microprocessor CPU chip to be encapsulated in integrated circuit (IC) (Integrated Card) card in the plastic base simultaneously, and its internal structure is formed as shown in Figure 1.
Owing in smart card, encapsulated cpu chip, exterior read-write equipment can only carry out exchanges data by the EEPROM in CPU and the smart card, therefore, the data-interface of EEPROM can be connected with the outbound data line of smart card at no time, makes exterior read-write equipment can directly have access to any one unit among the EEPROM in no instance.Exterior read-write equipment is when carrying out exchanges data with smart card like this, at first must send instructions to CPU, instruction is made an explanation, analyzes and judges according to the card operating system COS that stores among the ROM of its inside by CPU, after the legitimacy of confirming read-write equipment, just allow exterior read-write equipment and smart card to connect.Therefore, the fail safe that the set-top box private key is kept in the smart card memory is mathematical, and wherein Cun Chu other data can also be carried out inner information processing and judgement.Therefore, operation is fast and convenient, identification is correct because of it has for smart card, and can prevent to forge, security reliability is high and characteristics such as easy to carry and coming into one's own.
Another scheme is that the private key with the terminal use is kept among the set-top box flash memory Flash.
Referring to Fig. 2, be presented in the private key distribution flow of preserving the set-top box private key among the Flash or using the smart cards for storage private key.As can be seen from Figure, the user is when opening an account, and operator need write private key among the FLASH of set-top box.As user in the same way provided the smart card that writes private key, in above-mentioned flow process, user's private key all obtained with offline mode.
Using the major advantage of smart card is that fail safe is higher, but shortcoming is also more obvious: the production cost of smart card is higher, and after the password of smart card is cracked, changes the process that smart card also is a cost costliness, process is loaded down with trivial details.And use the topmost shortcoming of FLASH mode is that fail safe is too low, and the hacker is easy to just can read user's private key in Flash, thereby has cracked the security mechanism of set-top box.
So, how to research and develop as early as possible a kind of not only safe and reliable, but also preservation with low cost and the method for obtaining the set-top box private key just become the very urgent and new problem that has significant practical applications.
Summary of the invention
The purpose of this invention is to provide a kind of acquisition methods that is used for the private key of set-top box, this method has solved prior art problems preferably, can be safely and transmit and preserve the private key of set-top box inexpensively.
In order to achieve the above object, the invention provides a kind of acquisition methods that is used for the private key of set-top box, its technical scheme is to give set-top box by the method for sharing key with set-top box private key secure download; At least comprise the following steps:
(1) before the user buys set-top box preparation use, set-top box is carried out account-opening by operator;
(2) in the account-opening process, by the set-top box administration module software that contains the shared key algorithm of up-to-date calculating is write in the set-top box, so that this set-top box uses this algorithm computation to share key;
When (3) each start was used, set-top box was downloaded private key after encrypting to the key management module application, and key management module is wanted the verification set-top box software earlier, guaranteed the legal identity of this software and was not modified; Utilize the hardware and software information calculations of this set-top box of preserving shared key then, and by sharing secret key encryption set-top box private key;
(4) after set-top box is downloaded and to be obtained the private key of encryption, utilize the hardware and software information calculations of this set-top box to go out shared key, and the private key of encrypting is decrypted and obtains private key, re-use this privacy key and hold key and be decrypted, realize playing.
Described method further comprises the following steps:
(5) when key management module find to be shared key algorithm and is cracked, prevent that the private key of this set-top box from being cracked grasp by the hacker, the privacy of assurance private key to renewals of upgrading of this algorithm.
Described set-top box is to utilize the private key decrypted content keys, and then utilizes content key that encrypted program is decrypted, and realizes the client device of video and/or audio playing programs; Described set-top box administration module is a functional module of being responsible for set-top box is carried out account-opening, read-write heads top box software and hardware information and supervisor top box; Described key management module is to be responsible for the functional module of PKI, private key and the content key of storage and supervisor top box; Interconnect between described set-top box, set-top box administration module and the key management module three, constitute information transfer channel each other.
Described set-top box private key is the unique key identification that is used to identify the set-top box identity, and is used for the content key that utilizes its corresponding set-top box public key encryption is decrypted; When outage or shutdown, the private key that is stored in the set-top box disappears automatically, needs when use next time to apply for again downloading and deciphering to key management module; Described set-top box PKI is used for encrypted content key, has only to utilize with its corresponding set-top box private key and could correctly decipher this content key; Described content key is the key that is used for the video and/or audio programme content is carried out encryption and decryption.
The account-opening flow process that described step (1) is carried out set-top box further comprises the following steps:
(11) software and hardware information that comprises CPU sign, media access control layer MAC Address, sequence number of set top box, infrared remote receiver sign, user name, line identification at least on the set-top box administration module reading machine top box, and these information are recorded in the set-top box administration module;
(12) the set-top box administration module sends to key management module to above-mentioned set-top box software that writes down and hardware information, and key management module then is stored in the unique identification of this information as this set-top box in the database;
(13) key management module is inquired about this set-top box corresponding service user name to the network operation management system;
(14) the network operation management system is returned this set-top box corresponding service user name to key management module, and key management module is bound this set-top box service-user name and its unique identification;
(15) key management module returns to the set-top box administration module to the binding relationship result of this set-top box.
Calculating in the described step (2) is shared the algorithm of key to user cipher device, key management module is in case after finding to divulge a secret, in time change: the various software and hardware informations that will comprise CPU sign, media access control layer MAC Address, sequence number of set top box, infrared remote receiver sign, user name, line identification at least make up and/or conversion again, form new calculating and share the algorithm of key, and the software that will contain this new algorithm writes set-top box, carries out software upgrading.
Key management module further comprises the following steps: the verification of set-top box software in the described step (3)
(31) behind the set-top-box opening, set up SSL SSL by network and key management module and be connected;
(32) set-top box is carried out Hash HASH calculating to the system file of set-top box software, and result of calculation is sent to key management module;
(33) key management module compares verification to the result of calculation of set-top box software, if this software be legal, be not modified, promptly carry out the distribution of key; Otherwise, the connection of refusal set-top box, and record result.
The middle set-top box of described step (4) is downloaded the flow process of obtaining private key and is further comprised following operating procedure:
(41) set-top box and network operation support system connect, and check the username and password that this set-top box is submitted to by OSS, have only the validated user by authentication, can carry out subsequent operation;
(42) set-top box and set-top box administration module connect, and check by the set-top box administration module whether this set-top box software is latest edition, if latest edition, then redirect execution in step (44); Otherwise order is carried out subsequent operation;
(43) set-top box is downloaded the software of latest edition from the set-top box administration module;
(44) set-top box is downloaded the private key after the encryption belong to this set-top box to the key management module application, so that after the private key after will encrypting is decrypted, be kept in the set-top box internal memory;
(45) Password Management module finds the unique identification of this set-top box according to the user name of set-top box, find other relevant hardware and software information of this set-top box again according to the unique identification of this set-top box, so that the Password Management module uses up-to-date key algorithm to calculate the shared key of this set-top box, and utilize this shared key that the private key of this set-top box is carried out encryption, be handed down to this set-top box then;
(46) set-top box is utilized the hardware and software information of oneself, calculates shared key by up-to-date key algorithm, utilizes this shared key that the private key after encrypting is decrypted again, obtains this private key.
The Password Management module can combine with access process to the authentication of set-top box with operator to the operation that set-top box issues the set-top box private key after the encryption in the described step (45), promptly in operator by after the set-top box authentication, the set-top box private key after encrypting is handed down to set-top box with the token Token of identifying user.
Described key management module is behind the algorithm that has upgraded the shared key of calculating, and its upgrading renewal operation to set-top box software is performed such:
When if this key management module update calculation is shared the algorithm of key, set-top box is then carried out the software upgrading operation by set-top box administration module announcement machine top box, after set-top box receives software upgrade notification immediately just at broadcast program, stop playing programs immediately, and the prompting user carries out software upgrading;
If when the key management module update calculation was shared the algorithm of key, set-top box did not have broadcast program, then after user's start, carry out software upgrading earlier by set-top box administration module announcement machine top box, otherwise set-top box can't normally be watched program.
The present invention is a kind of acquisition methods that is used for the private key of set-top box, the characteristics of this method are: by the information interaction between set-top box and set-top box administration module and the key management module three, adopt the set-top box private key secure download after the method for sharing key will be encrypted to pass to set-top box.Therefore, the present invention need not increase any hardware unit in set-top box, does not need the smart card of purchasing yet, and does not have the expense of hardware costs, and cost is cheaper; And, the present invention is that the private key with set-top box is kept in the key management module, only when set-top box need be used, just encrypt the back secure download and give set-top box according to the program of setting, the self information that re-uses this set-top box obtains the algorithm that up-to-date calculating shares key it is decrypted, and just can obtain this private key; And, use to finish, when shutdown or outage, this private key disappears automatically, so fully guaranteed private key transmission, use and each link such as storage on fail safe.In addition, algorithm that calculate to share key is that self the various hardware and software information combination according to set-top box form, and flexible, various, conversion is infinite; In case find to be cracked by the people, can change at any time, guarantee that this algorithm has very high secret performance equally.
Description of drawings
Fig. 1 uses smart card to obtain the method schematic diagram of set-top box private key now.
Fig. 2 is that present operator distributes private key the schematic flow sheet among the Flash that is kept at set-top box.
Fig. 3 (A), (B) are to use the network architecture of the inventive method to form the schematic diagram and the effect schematic diagram of functional module wherein respectively.
Fig. 4 is the acquisition methods flow diagram of the present invention's private key of being used for set-top box.
Fig. 5 is the concrete steps block diagram of the account-opening among the present invention set-top box carried out.
Fig. 6 is that set-top box is downloaded the concrete steps block diagram that obtains private key among the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 3, the present invention is a kind of acquisition methods that is used for the private key of set-top box, and its network system that is suitable for includes following three at least and interconnects and constitute the functional unit of information transfer channel each other:
Set-top box 1, the client device of displaying video and/or audio program, it is in the account-opening process, obtained to contain the software that latest computed is shared key algorithm, so that use this algorithm to calculate the shared key of generation according to himself set-top box software and hardware information, re-use this shared key the encryption key of downloading is decrypted, and then utilize the private key decrypted content keys, and then utilize content key that encrypted program is decrypted and realize playing.
Set-top box administration module 2 is responsible for set-top box is carried out account-opening, and the functional module of the software and hardware information of read-write heads top box and supervisor top box.
Key management module generates shared key according to the software and hardware information of shared key algorithm and this set-top box, utilizes and should shared key be encrypted by private key, so that the private key after will encrypting is downloaded to set-top box by IP network.The private key of this moment produces according to the public and private key generating algorithm of set-top box.
Referring to Fig. 4, the present invention is a kind of acquisition methods that is used for the private key of set-top box: give set-top box by sharing encryption key method with set-top box private key secure download, comprise five operating procedures; Describe it below respectively in detail:
(1) before the user buys set-top box preparation use, set-top box is carried out account-opening by operator.
The concrete steps of the account-opening that the present invention carries out set-top box, in Fig. 5, made detailed description:
(11) software and hardware information on the set-top box administration module reading machine top box (comprising CPU sign, media access control layer MAC Address, sequence number of set top box, infrared remote receiver sign, user name, line identification at least), and these information are recorded in the set-top box administration module;
(12) the set-top box administration module sends to key management module to above-mentioned set-top box software that is write down and hardware information, and key management module then is stored in the unique identification of this information as this set-top box in the database;
(13) key management module is inquired about this set-top box corresponding service user name to network operation management system (external system);
(14) the network operation management system is returned this set-top box corresponding service user name to key management module, and key management module is bound this set-top box service-user name and its unique identification;
(15) key management module returns to the set-top box administration module to the binding relationship result of this set-top box.
(2) in the account-opening process, by the set-top box administration module software that contains the shared key algorithm of up-to-date calculating is write in the set-top box, so that using this algorithm computation to generate, this set-top box shares key.
Calculate the algorithm of sharing key and maintain secrecy, and be removable for the user.Calculate the needed information of algorithm of sharing key and comprise that at least CPU sign ID, media access control layer MAC Address, sequence number of set top box, infrared remote receiver in the set-top box identify ID, user name and line identification ID.Key management module is in case after finding that the algorithm of the shared key of calculating is divulged a secret, the above-mentioned various hardware and software information of this set-top box will be reconfigured and/or conversion, form new algorithm, recomputate the shared key of this set-top box, and the software that will contain this new algorithm writes set-top box, carries out software upgrading.Present set-top box is all supported online software upgrading, and renewal process is simple and convenient.
Exemplify a algorithm examples that calculate to share key below: use hashing algorithm to obtain separately 24 bit value respectively to CPU ID, MAC Address, sequence number of set top box, infrared remote receiver ID, user name, circuit ID, again these numerical value are got up according to setting sequence arrangement, get preceding 128 shared keys as Advanced Encryption Standard AES (Advanced Encryption Standard).
(3) when each start was used, set-top box was downloaded private key to the key management module application, and key management module is wanted the verification set-top box software earlier, guaranteed the legal identity of this software and was not modified; Utilize the hardware and software information calculations of this set-top box of preserving shared key then, and by sharing secret key encryption set-top box private key.
To write in the set-top box software because calculate the algorithm of sharing key, so whether safety is just extremely important for set-top box software.Guarantee that the safety and sound effective measures of set-top box software are in time it to be tested.The set-top box software checking process comprises the following steps:
(31) behind the set-top-box opening, set up SSL SSL by network and key management module and be connected;
(32) set-top box is carried out Hash HASH calculating (the SHA-1 hashing algorithm is used in suggestion) to the system file of set-top box software, and result of calculation is sent to key management module;
(33) key management module is carried out verification to the result of calculation of set-top box software, if this software be legal, be not modified, promptly carry out the distribution of key; Otherwise, the connection of refusal set-top box, and record result.
(4) after set-top box is downloaded and to be obtained the private key of encryption, utilize the hardware and software information calculations of this set-top box self to go out shared key, and the private key of encrypting is decrypted and obtains private key, re-use this privacy key and hold key and be decrypted, realize playing.
Set-top box is in back uses of just can starting shooting of opening an account, and still, when playing the program of encrypting through DRM, set-top box is acquisition set-top box private key earlier, could realize broadcast.Referring to Fig. 6, introducing its download, to obtain the flow process of private key as follows:
(41) set-top box and network operation support system connect, and check the username and password that this set-top box is submitted to by OSS, have only the validated user by authentication, can carry out subsequent operation;
(42) set-top box and set-top box administration module connect, and check by the set-top box administration module whether this set-top box software is latest edition, if latest edition, then redirect execution in step (44); Otherwise order is carried out subsequent operation;
(43) set-top box is downloaded the software of latest edition from the set-top box administration module;
(44) set-top box is downloaded the private key after the encryption belong to this set-top box to the key management module application, so that the private key after the deciphering of this set-top box is kept in the set-top box internal memory;
(45) Password Management module finds the unique identification of this set-top box according to the user name of set-top box, find other relevant hardware and software information of this set-top box again according to the unique identification of this set-top box, so that the Password Management module uses up-to-date key algorithm to calculate the shared key of this set-top box, and utilizes this shared key that the private key of this set-top box is carried out encryption;
(46) Password Management module issues the set-top box private key of encryption to set-top box, this operation can combine with access process to the authentication of set-top box with operator, promptly in operator by after the set-top box authentication, the set-top box private key after encrypting is handed down to set-top box with the token Token of identifying user; For example China Telecom's " ChinaVnet " platform after authentication, will issue character string from an identifying user to set-top box as token Token, the set-top box private key after the encryption just can be carried in this token and issue together;
(47) set-top box is utilized the hardware and software information of oneself, calculates shared key by up-to-date key algorithm, utilizes this shared key that the private key after encrypting is decrypted again, obtains this private key.
(5) when key management module find to be shared key algorithm and is cracked, prevent that the private key of this set-top box from being cracked grasp by the hacker, the privacy of assurance private key to renewals of upgrading of this algorithm.
At present, find that the main way that shared key algorithm has been cracked is to trace by digital watermark technology.
Key management module also will be changed operation to the algorithm in the set-top box software accordingly behind the algorithm that has upgraded the shared key of calculating, this operation is carried out in the software upgrading mode:
When if this key management module update calculation is shared the algorithm of key, set-top box is then carried out the software upgrading operation by set-top box administration module announcement machine top box, after set-top box receives software upgrade notification immediately just at broadcast program, stop playing programs immediately, and the prompting user carries out software upgrading;
If when the key management module update calculation was shared the algorithm of key, set-top box did not have broadcast program, then after user's start, carry out software upgrading earlier by set-top box administration module announcement machine top box, otherwise set-top box can't normally be watched program.
Claims (10)
1, a kind of acquisition methods that is used for the private key of set-top box is characterized in that: give set-top box by the method for sharing key with set-top box private key secure download; At least comprise the following steps:
1. before the user buys set-top box preparation use, set-top box is carried out account-opening by operator;
2. in the account-opening process, by the set-top box administration module software that contains the shared key algorithm of up-to-date calculating is write in the set-top box, so that this set-top box uses this algorithm computation to share key;
3. when each start was used, set-top box was downloaded private key after encrypting to the key management module application, and key management module is wanted the verification set-top box software earlier, guaranteed the legal identity of this software and was not modified; Utilize the hardware and software information calculations of this set-top box of preserving shared key then, and by sharing secret key encryption set-top box private key;
4. after set-top box is downloaded and to be obtained the private key of encryption, utilize the hardware and software information calculations of this set-top box to go out shared key, and the private key of encrypting is decrypted and obtains private key, re-use this privacy key and hold key and be decrypted, realize playing.
2, the acquisition methods that is used for the private key of set-top box according to claim 1, it is characterized in that: described method further comprises the following steps:
5. when key management module find to be shared key algorithm and is cracked, prevent that the private key of this set-top box from being cracked grasp by the hacker, the privacy of assurance private key to renewals of upgrading of this algorithm.
3, the acquisition methods that is used for the private key of set-top box according to claim 1, it is characterized in that: described set-top box is to utilize the private key decrypted content keys, and then utilize content key that encrypted program is decrypted, realize the client device of video and/or audio playing programs; Described set-top box administration module is to be responsible for set-top box is carried out account-opening, the software and hardware information of read-write heads top box and the functional module of supervisor top box; Described key management module is to be responsible for the functional module of PKI, private key and the content key of storage and supervisor top box; Interconnect between described set-top box, set-top box administration module and the key management module three, constitute information transfer channel each other.
4, the acquisition methods that is used for the private key of set-top box according to claim 3, it is characterized in that: described set-top box private key is the unique key identification that is used to identify the set-top box identity, is used for the content key that utilizes its corresponding set-top box public key encryption is decrypted; When outage or shutdown, the private key that is stored in the set-top box disappears automatically, needs when use next time to apply for again downloading and deciphering to key management module; Described set-top box PKI is used for encrypted content key, has only to utilize with its corresponding set-top box private key and could correctly decipher this content key; Described content key is the key that is used for the video and/or audio programme content is carried out encryption and decryption.
5, the acquisition methods that is used for the private key of set-top box according to claim 1 is characterized in that: the account-opening flow process that described step 1 pair set-top box is carried out further comprises the following steps:
11. the software and hardware information that comprises CPU sign, media access control layer MAC Address, sequence number of set top box, infrared remote receiver sign, user name, line identification at least on the set-top box administration module reading machine top box, and these information are recorded in the set-top box administration module;
12. the set-top box administration module sends to key management module to above-mentioned set-top box software that writes down and hardware information, key management module then is stored in the unique identification of this information as this set-top box in the database;
13. key management module is inquired about this set-top box corresponding service user name to the network operation management system;
14. the network operation management system is returned this set-top box corresponding service user name to key management module, key management module is bound this set-top box service-user name and its unique identification;
15. key management module returns to the set-top box administration module to the binding relationship result of this set-top box.
6, the acquisition methods that is used for the private key of set-top box according to claim 1, it is characterized in that: the calculating in the described step 2 is shared the algorithm of key to user cipher device, key management module is in case after finding to divulge a secret, to in time change: will comprise the CPU sign at least, the media access control layer MAC Address, sequence number of set top box, the infrared remote receiver sign, user name, the various software and hardware informations of line identification make up and/or conversion again, form new calculating and share the algorithm of key, and the software that will contain this new algorithm writes set-top box, carries out software upgrading.
7, the acquisition methods that is used for the private key of set-top box according to claim 1, it is characterized in that: key management module further comprises the following steps: the verification of set-top box software in the described step 3
31. behind the set-top-box opening, set up SSL SSL by network and key management module and be connected;
32. set-top box is carried out Hash HASH calculating to the system file of set-top box software, and result of calculation is sent to key management module;
33. key management module compares verification to the result of calculation of set-top box software, if this software be legal, be not modified, promptly carry out the distribution of key; Otherwise, the connection of refusal set-top box, and record result.
8, the acquisition methods that is used for the private key of set-top box according to claim 1 is characterized in that: set-top box is downloaded the flow process obtain private key and is further comprised following operating procedure in the described step 4:
41. set-top box and network operation support system connect, and check the username and password that this set-top box is submitted to by OSS, have only the validated user by authentication, can carry out subsequent operation;
42. set-top box and set-top box administration module connect, and check by the set-top box administration module whether this set-top box software is latest edition, if latest edition, then redirect execution in step (44); Otherwise order is carried out subsequent operation;
43. set-top box is downloaded the software of latest edition from the set-top box administration module;
44. set-top box is downloaded the private key after the encryption belong to this set-top box to the key management module application, so that after the private key after will encrypting is decrypted, be kept in the set-top box internal memory;
45. the Password Management module finds the unique identification of this set-top box according to the user name of set-top box, find other relevant hardware and software information of this set-top box again according to the unique identification of this set-top box, so that the Password Management module uses up-to-date key algorithm to calculate the shared key of this set-top box, and utilize this shared key that the private key of this set-top box is carried out encryption, be handed down to this set-top box then;
46. set-top box is utilized the hardware and software information of oneself, calculates shared key by up-to-date key algorithm, utilizes this shared key that the private key after encrypting is decrypted again, obtains this private key.
9, the acquisition methods that is used for the private key of set-top box according to claim 8, it is characterized in that: the Password Management module can combine with access process to the authentication of set-top box with operator to the operation that set-top box issues the set-top box private key after the encryption in the described step 45, promptly in operator by after the set-top box authentication, the set-top box private key after encrypting is handed down to set-top box with the token Token of identifying user.
10, according to claim 2 or the 6 described acquisition methods that are used for the private key of set-top box, it is characterized in that: described key management module is behind the algorithm that has upgraded the shared key of calculating, and its upgrading renewal operation to set-top box software is performed such:
When if this key management module update calculation is shared the algorithm of key, set-top box is then carried out the software upgrading operation by set-top box administration module announcement machine top box, after set-top box receives software upgrade notification immediately just at broadcast program, stop playing programs immediately, and the prompting user carries out software upgrading;
If when the key management module update calculation was shared the algorithm of key, set-top box did not have broadcast program, then after user's start, carry out software upgrading earlier by set-top box administration module announcement machine top box, otherwise set-top box can't normally be watched program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100805711A CN100337478C (en) | 2005-06-30 | 2005-06-30 | A private key acquiring method for use in set-top box |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100805711A CN100337478C (en) | 2005-06-30 | 2005-06-30 | A private key acquiring method for use in set-top box |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1700765A CN1700765A (en) | 2005-11-23 |
| CN100337478C true CN100337478C (en) | 2007-09-12 |
Family
ID=35476597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100805711A Active CN100337478C (en) | 2005-06-30 | 2005-06-30 | A private key acquiring method for use in set-top box |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100337478C (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101198015B (en) * | 2007-12-27 | 2011-06-15 | 上海全景数字技术有限公司 | Digital television authentication system and encryption method thereof |
| CN101957897B (en) * | 2009-07-20 | 2014-07-09 | 精品科技股份有限公司 | Storage device management method, computer system control and management method and information storage device |
| CN101916350B (en) * | 2010-08-30 | 2013-01-02 | 中国电信股份有限公司 | Method and system for protecting terminal reading contents |
| CN102073827B (en) * | 2010-10-15 | 2012-11-21 | 福建新大陆通信科技股份有限公司 | Method for ensuring security of set-top box application program |
| CN102196317A (en) * | 2011-03-01 | 2011-09-21 | 深圳创维数字技术股份有限公司 | Set-top box protection method and set-top box |
| CN102917259A (en) * | 2012-10-31 | 2013-02-06 | 深圳市多尼卡电子技术有限公司 | Method, system and server for playing programs in encryption manner |
| CN103227944B (en) * | 2013-04-18 | 2016-04-13 | 中国联合网络通信集团有限公司 | The processing method of deciphering preset resource and device |
| CN104134141B (en) * | 2014-08-11 | 2017-05-10 | 济南曼维信息科技有限公司 | E-wallet system payment method based on time synchronization |
| CN104965738B (en) * | 2015-06-26 | 2018-04-10 | 深圳市九洲电器有限公司 | Data of set top box wiring method and system |
| CN104993924A (en) * | 2015-07-10 | 2015-10-21 | 安徽新华传媒股份有限公司 | Method for encryption and decryption of digital copyright |
| CN105119891B (en) * | 2015-07-15 | 2019-06-07 | 华数传媒网络有限公司 | A kind of data interactive method, set-top box and server |
| CN105553568B (en) * | 2015-12-12 | 2018-02-06 | 浙江环顺网络科技有限公司 | FTTH terminals and its module replacing method |
| CN109728912A (en) * | 2017-10-30 | 2019-05-07 | 中国电信股份有限公司 | Broadcasting content safe transmission method, system and terminal |
| CN107992760B (en) * | 2017-12-08 | 2021-08-13 | 深圳小湃科技有限公司 | Key writing method, device, equipment and storage medium |
| CN108241517B (en) * | 2018-02-23 | 2021-02-02 | 武汉斗鱼网络科技有限公司 | Software upgrading method, client and electronic equipment |
| CN108600151B (en) * | 2018-02-28 | 2020-09-08 | 华为技术有限公司 | Data communication method, equipment and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1259260A (en) * | 1997-06-06 | 2000-07-05 | 汤姆森消费电子有限公司 | Conditional access system for set-top boxes |
| US20040003263A1 (en) * | 2002-06-28 | 2004-01-01 | Olivier Brique | Security key for set-top-box updating method |
| CN1620137A (en) * | 2003-11-21 | 2005-05-25 | 华为技术有限公司 | Authorization system and method |
-
2005
- 2005-06-30 CN CNB2005100805711A patent/CN100337478C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1259260A (en) * | 1997-06-06 | 2000-07-05 | 汤姆森消费电子有限公司 | Conditional access system for set-top boxes |
| US20040003263A1 (en) * | 2002-06-28 | 2004-01-01 | Olivier Brique | Security key for set-top-box updating method |
| CN1620137A (en) * | 2003-11-21 | 2005-05-25 | 华为技术有限公司 | Authorization system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1700765A (en) | 2005-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100337478C (en) | A private key acquiring method for use in set-top box | |
| CN107566116B (en) | Method and apparatus for digital asset weight registration | |
| CN1125564C (en) | Conditional access system and smartcard allowing such access | |
| CN101145906B (en) | Method and system for authenticating legality of receiving terminal in unidirectional network | |
| RU2504005C2 (en) | Digital rights management apparatus and method | |
| CN1582422A (en) | Method to protect software against unauthorized use | |
| US8438384B2 (en) | System and method for performing mutual authentication | |
| CN1812416B (en) | Method for managing consumption of digital contents within a client domain and devices implementing this method | |
| US20090031143A1 (en) | Method and system for securing a disk key | |
| CN1780361A (en) | Digital audio/video data processing unit and method for controlling access to said data | |
| CN1658112A (en) | Conditional access to digital rights management conversion | |
| CN1977490A (en) | Storage medium processing method, storage medium processing apparatus, and program | |
| US9047445B2 (en) | Memory device and method for updating a security module | |
| CN1820482A (en) | Method for generating and managing a local area network | |
| CN1689361A (en) | Robust and flexible digital rights management involving a tamper-resistant identity module | |
| CN1409836A (en) | Computer system for application by accreditation access | |
| CN1708941A (en) | Digital-rights management system | |
| JP2009526322A5 (en) | ||
| CN1617492A (en) | System and method for providing services | |
| CN1574733A (en) | Method of establishing home domain through device authentication using smart card, and smart card for the same | |
| CN1486087A (en) | Video request system and method for requesting vedio program by request short message | |
| KR100826522B1 (en) | Apparatus and method for dynamic ciphering in mobile communication system | |
| CN1645797A (en) | Method for optimizing safety data transmission in digital copyright managing system | |
| CN1771691A (en) | Method, system and computer program for the secured management of network devices | |
| CN1808975A (en) | System and method of preventing network account from stolen |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA TELECOMMUNICATION STOCK CO., LTD. Free format text: FORMER OWNER: CHINA TELECOMMUNICATION STOCK CO., LTD. GUANGDONG ACADEME Effective date: 20091030 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| C56 | Change in the name or address of the patentee |
Owner name: CHINA TELECOMMUNICATION STOCK CO., LTD. GUANGDONG Free format text: FORMER NAME: GUANGDONG PROVINCE TELECOMMUNICATION CO., LTD. RESEARCH INSTITUTE |
|
| CP03 | Change of name, title or address |
Address after: 20 floor, No. 109 Zhongshan Avenue, Tianhe District, Guangdong, Guangzhou Patentee after: GUANGDONG RESEARCH INSTITUTE, CHINA TELECOM Co.,Ltd. Address before: No. 109, Zhongshan Avenue, Tianhe District, Guangdong, Guangzhou Patentee before: Guangdong Telecommunication Co.,Ltd. Institude |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20091030 Address after: No. 31, Finance Street, Beijing, Xicheng District Patentee after: CHINA TELECOM Corp.,Ltd. Address before: 20 floor, No. 109 Zhongshan Avenue, Tianhe District, Guangdong, Guangzhou Patentee before: GUANGDONG RESEARCH INSTITUTE, CHINA TELECOM Co.,Ltd. |