CN100484266C - Method for mobile terminal using content of service of broadcast/multicast - Google Patents

Method for mobile terminal using content of service of broadcast/multicast Download PDF

Info

Publication number
CN100484266C
CN100484266C CN 200510123496 CN200510123496A CN100484266C CN 100484266 C CN100484266 C CN 100484266C CN 200510123496 CN200510123496 CN 200510123496 CN 200510123496 A CN200510123496 A CN 200510123496A CN 100484266 C CN100484266 C CN 100484266C
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
step
mobile terminal
key
server
broadcast
Prior art date
Application number
CN 200510123496
Other languages
Chinese (zh)
Other versions
CN1972504A (en )
Inventor
斐 刘
青 奚
张慧媛
武传坤
王利明
Original Assignee
中国移动通信集团公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Abstract

本发明涉及一种移动终端使用广播/组播业务内容的方法,包括:移动终端和服务器通过运行通用引导框架程序实现相互鉴权并产生对称密钥;所述移动终端用该对称密钥解密加密的权限密钥信息得到权限密钥;所述移动终端向所述服务器获取权限目标;若该权限目标完整,所述移动终端利用所述权限密钥解密所述权限目标中被加密的服务和/或程序密钥;所述移动终端利用服务和/或程序密钥解密被加密的传输密钥信息得到所述传输密钥信息;所述移动终端上的数字版权管理模块利用所述传输密钥信息解密广播/组播业务内容。 The present invention relates to a mobile terminal using a broadcast / multicast service content, comprising: a mobile terminal and a server authentication with each other by common guide frame running program and generating a symmetric key; decrypting the encrypted symmetric key to the mobile terminal with the key information to obtain permission authority key; said mobile terminal to the server to obtain permission for the target; complete if the permission for the target, the mobile terminal by using the rights key to decrypt the encrypted permission target and service / or a program key; said mobile terminal using the service and / or program decrypting the encrypted key information to obtain the transmit key information transmission; the DRM module on the mobile terminal by using the key information transmission decrypting the broadcast / multicast service content. 本发明加解密信息的速度快,产生密文信息的体积小,需要的时间短,流程简单,减轻了网络负担,提高了用户的业务体验。 The present invention incorporating speed fast decryption information, to generate cipher text information is small, the required time is short, the process is simple, reduce the load on the network, to improve the user's service experience.

Description

移动终端使用广播/组播业务内容的方法 The mobile terminal using the broadcast / multicast service content method

技术领域 FIELD

本发明涉及一种移动终端使用广播/组播业务内容的方法,尤其是涉及一种在移动通信网络中,完全利用对称密钥对广播/组播业务内容进行保护的移动终端使用广播/组#~业务内容的方法。 The present invention relates to a mobile terminal using a broadcast / multicast service content, and particularly relates to a mobile communication network, the mobile terminal is completely symmetric key using the broadcast / multicast service using a broadcast content protection / Group # the method described business content.

背景技术 Background technique

随着通信技术的飞速发展,广播/组播业务在移动数据领域得到了日益广泛的应用,极大地方便了移动终端用户的生活,丰富了移动终端用户的业务使用,给移动通信领域注入了新的活力。 With the rapid development of communication technology, broadcast / multicast service in the field of mobile data to get an increasingly wide range of applications, which greatly facilitates the mobile lives of end users, enriching the end-user's mobile business, has injected new to the field of mobile communications vitality. 由于广播/组播业务中,信息内容涉及到众多的具有版权的多媒体信息,因此,移动通信网络必须对其服务信息进行相应的版权保护。 Since the broadcast / multicast service, the information content related to a large number of multimedia information having a copyright, therefore, the mobile communication network must be appropriate copyright protection for its service information. 目前所采用的保护方案包括对广播/组播业务的服务保护和内容保护,服务保护是指对服务信息的传输过程进行保护,使非法终端 Currently used protection scheme includes a service protection and content protection, service protection on the broadcast / multicast service refers to the service information transmission process to protect the illegal terminal

不能直接获取服务信息;内容保护是指是对服务信息在其整个生命周期内的保护。 You can not directly obtain service information; content protection refers to the protection of service information throughout its lifecycle. 它不仅包括了对服务信息在传输过程的保护机制还包括了在终端获取服务信息后的使用规则。 It includes not only the protection of the service information transmission process also includes the use of the rules of the service information in the terminal. 在用户使用服务信息时,对服务信息内容进行相应的保护,从而禁止用户的非法复制、传播行为。 When the user uses the service information, service information corresponding content protection, so as to prohibit the illegal copying of users, communication behavior.

现有技术中广播/组播业务的保护通常是通过对广播/组播业务信息内容(文件或者流^!某体)进行加密,并采用访问控制;^几制对传输过程中以及对传输到移动终端上的广播/组播业务内容进行保护,移动终端用户可通过相应的使用权限激活广播/组播业务,从而访问其内容。 Protection prior art broadcast / multicast service typically by encrypting the broadcast / multicast service content (file or stream in a body ^!), And uses access control; ^ several transmission system during transmission and to on the mobile terminal broadcast / multicast service content protection, the mobile terminal user may activate the broadcast / multicast service by using the appropriate permissions to access the content.

目前,开放移动联盟(Open Mobile Alliance,简称OMA)通过如下技术方案对广播/组播业务的传输及使用进行保护: Currently, the Open Mobile Alliance (Open Mobile Alliance, referred to as OMA) protect the broadcast / multicast service transmission and by the following technical solutions:

步骤l.移动终端向服务器发送申请注册的请求信息;步骤1服务器对移动终端的证书进行验证,同时移动终端也对服务器的 Step l The mobile terminal transmits to the server application registration request information; Step 1 server certificate to authenticate the mobile terminal, while the mobile terminal to the server also

证书进行验证; Certificates for authentication;

步骤3.若服务器和移动终端的证书的有效性均通过对方的验证,则服务器向移动终端发送注册信息,该注册信息中包含用该移动终端的公钥加密的密钥材料(Right Encryption Key, REK); Step 3. If the validity of the certificate server and the mobile terminal are handled by other authentication, the server sends the registration information to the mobile terminal, the mobile terminal with the public key encrypted key material (Right Encryption Key included in the registration information, REK);

步骤4.移动终端接收到注册信息后,移动终端上的数字版权管理模块(DRM Agent)用私钥解密公钥得到REK; Step 4. After the mobile terminal receives the registration information, digital rights management module (DRM Agent) on the mobile terminal to obtain decrypted REK public key with the private key;

步骤5.移动终端向服务器发送获取权限目标的请求信息; 步骤6.服务器将包含消息认证码、用REK加密后的密钥材料(SEK/PEK)、权限信息以及其它的一些必要信息的权限目标(RO)发送给移动终端; Step 5. The mobile terminal sends the server request information acquired certain rights; Step 6. server contains a message authentication code, permission for the target key material (SEK / PEK) encrypted with the REK, permission information and other necessary information (RO) to the mobile terminal;

步骤7.移动终端上DRM Agent利用消息认证码检验RO的完整性,同时, 利用REK对RO中的密钥材料进行解密,从而得到SEK/PEK; Step 7. DRM Agent integrity using a message authentication code on the mobile terminal RO test, while using the REK of the RO key to decrypt the material, whereby SEK / PEK;

步骤8.若RO的完整性通过验证,则DRM Agent利用从SEK/PEK解密传输加密密钥TEK; Step 8. If the integrity of the RO verified, the DRM Agent from the key TEK using the SEK / PEK decrypting the encrypted transmission;

步骤9.移动终端上的DRM Agent利用TEK解密服务器发送的广播/组播业务获取该广播/组播业务的内容; At step DRM Agent The mobile terminal by using a broadcast / multicast service server sends the decrypted TEK acquire the content of the broadcast / multicast service;

步骤10.当移动终端用户访问该广播/组播业务的内容时,移动终端上的DRM代理验证移动终端用户对广播/组播业务的访问是否满足使用权限信息的要求,若满足,则允许移动终端用户访问该广播/组播业务的内容,否则, 拒绝对该广播/组播业务的内容进行访问。 Step 10. When the mobile terminal user accessing the contents of the broadcast / multicast service, the DRM agent on the mobile terminal verifies the mobile terminal user to access the broadcast / multicast service meets the requirements of the use permission information, if yes, then allowed to move end-user access to the content of the broadcast / multicast service, otherwise, refused access to the content broadcast / multicast service.

根据OMA组织采用的技术方案,服务器需要和移动终端相互验证证书, 则服务器需要从认证中心申请证书,同时移动终端也需要提在内部预置证书或向认证中心申请证书。 According to the use of the OMA, a mobile terminal and a server requires mutual authentication certificate, the server requests the certificate from the certification center, but also needs to provide the mobile terminal within a preset certificate or a certificate request to the authentication center. 并且认证中心需要不断地对移动终端和服务器的证书进行如证书撤销、证书更新或证书状态查询等的管理,需要的时间长,流程复杂,增加了网络负担,给用户带来了不好的感受;另外,认证中心需要产生服务器和移动终端使用的公私密钥对,利用公钥加密的信息的体积比较大,且利用公钥加密和私钥解密信息的速度慢,也浪费了移动终端用户的时间,给移动终端用户带来了不便。 And certification center certificate of need to keep mobile terminal and the server to be managed as certificate revocation, certificate renewal or certificate status inquiries, the long time required, complex process, increasing the burden on the network, giving users a bad experience ; in addition, the need to generate public-private key authentication center server and the mobile terminal, using the public key encryption relatively large volume of information, and the use of public key encryption and private key decryption information is slow, but also a waste of mobile terminal users time, to the mobile end-user inconvenience.

发明内容 SUMMARY

本发明的目的是针对现有技术对广播/组播业务的传输及使用的保护方法中存在的缺陷与不足,提供一种移动终端使用广播/组播业务内容的方法, 该方法通过运行通用引导框架程序在服务器和移动终端产生共享的对称密钥来保护广播/组播业务,从而可提高加解密信息的速度,减小产生的密文信息的体积,缩短获取广播/组播业务的时间。 The present invention is directed to the prior art protection method used for transmission and broadcast / multicast traffic in the defects and shortcomings, to provide a mobile terminal using a broadcast / multicast service content, the method operating by Generic Bootstrapping framework program generates a symmetric key shared by the server and the mobile terminal to protect the broadcast / multicast traffic, thereby improving the speed of encryption and decryption of information, to reduce the volume of information generated ciphertext, shortening acquire broadcast / multicast service time.

为实现上述目的,本发明提供一种移动终端使用广播/组播业务内容的方 To achieve the above object, the present invention provides a mobile terminal using a broadcast / multicast service content side

法,其执行以下步骤: Method, which performs the following steps:

步骤1.移动终端向服务器发送申请注册广播/组播业务内容的请求信息; 步骤2.所述服务器检查所述移动终端中是否存在通用引导框架程序参 Step 1. The mobile terminal transmits to the server application for registration of the broadcast / multicast service content request information; whether there is common guide frame 2. The server checks the program steps in the mobile terminal parameters

数,若不存在,执行步骤3;若存在,则跳转执行步骤6; Number, if not, step 3; if there is a jump to Step 6;

步骤3.所述服务器向所述移动终端发送运行所述通用引导框架程序的消台. Step 3. The general operation of the server transmitting the program guide frame erasing station to the mobile terminal.

步骤4.所述移动终端通过运行所述通用引导框架程序与所述服务器相互鉴权,若所述服务器和所述移动终端均通过鉴权,执行步骤5;否则,跳转才丸行步骤15; Step 4. The general operation of the mobile terminal by the program guide frame mutual authentication with the server, if the server and the mobile terminal have passed the authentication, executing step 5; otherwise, it jumps to step 15 row pellet ;

步骤5.所述服务器与所述移动终端产生共享的对称密钥; 步骤6.所述服务器向所述移动终端发送广播/组播业务的注册信息; 步骤7.所述移动终端接收到所述注册信息后,该移动终端上的数字版权管理模块用所述对称密钥对权限密钥信息进行解密,得到权限密钥; 步骤8.所述移动终端向所述服务器发送获取权限目标的请求信息; 步骤9.所述服务器将所述权限目标发送给所述移动终端,所述权限目标中包含消息认证码、用所述权限密钥加密的服务和/或程序密钥; The server and the step of generating a symmetric key shared mobile terminal; a step of sending a registration server 6. The information broadcast / multicast service to the mobile terminal; a step of receiving said mobile terminal 7. after registration information, the DRM module on the mobile terminal authority key information decrypting the symmetric key, to give authority key; said step 8. the mobile terminal sends a request for obtaining permission information to the target server ; step 9. the server transmits the rights to the target mobile terminal, the rights contained in the target message authentication code key encrypted with the service authority and / or program key;

步骤IO.所述数字版权管理模块利用所述消息认证码检验所述权限目标 Step IO. The digital rights management module of the test using the message authentication code permission for the target

是否完整,若完整,执行步骤ll;否则,跳转执行步骤15; It is complete, if complete, step ll; otherwise, skip to step 15;

步骤ll.所述数字版权管理模块利用所述权限密钥对所述权限目标中加 Step ll. The digital rights management module using the authority key plus the target privilege

密的服务和/或程序密钥进行解密得到所述服务和/或程序密钥; Dense service and / or program key obtained by the decryption of the service and / or program key;

步骤12.所述数字版权管理模块利用所述服务和/或程序密钥对该移动终 Step 12. The digital rights management module using the service and / or program key to the mobile terminal

端中收到的由所述服务器广播发出的传输密钥信息进行解密,获得所述传输 Transmitting the key information sent by the server side in the received broadcast decrypt obtain the transmission

密钥; Key;

步骤13.所述数字版权管理模块利用所述传输密钥对所述服务器播出的经过加密的所述广播/组播业务内容进行解密; Step 13. The digital rights management module uses the encryption key transmitted through the broadcast server the broadcast / multicast service to decrypt the content;

步骤14.所述移动终端使用所述广播/组播业务内容; 步骤15.结束。 Said step of using the mobile terminal 14. The broadcast / multicast service content; Step 15 ends.

由上述技术方案可知,本发明通过运行通用引导框架程序即实现了服务器与移动终端的相互鉴权,不需要移动终端和服务器向认证中心申请证书, 也不需要向移动终端内预置证书,还免去了认证中心对移动终端证书和服务器证书的管理如:证书查询、证书撤销、证书更新等;另外,本发明中用共享的对称密钥代替公私密钥对,加解密信息的速度快,产生的密文信息的体积小,因此流程简单,获取广播/组播业务内容需要的时间短,减轻了网络负担,也节省了移动终端用户的时间,提高了用户的业务体验。 Seen from the above technical solutions, the present invention is to run the general program guide frame i.e. to achieve a mutual authentication server with the mobile terminal, the mobile terminal and the server does not need to apply by the certificate authority certificate, the certificate is not necessary to preset the mobile terminal, further eliminating the need for the mobile terminal authentication management center and server certificates such as: query certificate, certificate revocation, a certificate renewal; in addition, with the present invention, the shared symmetric key instead of public-private key pair, the cryptographic speed information, small volume information generated ciphertext, and thus the process is simple, short acquisition time of the broadcast / multicast service content needs, reducing the network load, the mobile terminal user saves time, improving the user's service experience.

下面通过附图和实施例,对本发明的技术方案做进一步的详细描述。 The following drawings and embodiments, detailed description of the further aspect of the present invention.

附图说明 BRIEF DESCRIPTION

图1为本发明移动终端使用广播/组播业务内容方法的流程图; Figure 1 is a flowchart of a mobile terminal broadcast / multicast service content using the method of the invention;

图2为本发明方法中引导服务功能模块与移动终端相互鉴权的流程图。 Flowchart guiding service module of the mobile terminal mutual authentication method of the present invention in FIG.

具体实施方式参见图1,图1所示为本发明移动终端使用广播/组播业务内容的一具体 A DETAILED DESCRIPTION OF EMBODIMENTS Referring to Figure 1, the mobile terminal 1 of the present invention shown in a broadcast / multicast service content

流程,其具体执行以下步骤: Process, which carries out the following steps:

步骤101.移动终端(User Equipment, UE)向网络应用服务功能模块(Network Application Function, NAF)发送使用广播/组播业务的请求信息; Step 101. The mobile terminal (User Equipment, UE) transmitting broadcast / multicast service to a network application service function module (Network Application Function, NAF) request information;

步骤102.NAF检查UE中是否存在通用引导框架程序(Generic Bootstrapping Architecture, GBA)参数,若不存在,执行步骤103;若存在, 则跳转执行步骤106; Whether there is a common guide frame check program steps 102.NAF the UE (Generic Bootstrapping Architecture, GBA) parameters, if not, step 103; if yes, step 106 jumps;

步骤103.NAF向UE回复一条通知UE运行GBA的消息; Step 103.NAF a reply message to notify the UE operating GBA UE;

步骤104.NAF通过一引导服务功能模块(Bootstrapping Server Function, BSF)运行所述GBA与UE相互鉴权,若通过相互鉴权,执行步骤105;否则,跳转执行步骤115; Step 104.NAF by a guiding service module (Bootstrapping Server Function, BSF) and the UE run the GBA mutual authentication, when the mutual authentication through, step 105 is executed; otherwise, skip to step 115;

通过运行通用引导框架程序即实现服务器与移动终端的相互鉴权,不需要移动终端和服务器向认证中心申请证书,也不需要向移动终端内预置证书, 还免去了认证中心移动终端证书和服务器证书的管理如:证书查询、证书撤销、证书更新等,因此流程简单,缩短了获取广播/组播业务内容的时间,减轻了网络负担,也节省了移动终端用户的时间,提高了用户的业务体验。 I.e. the mobile terminal realize the server by running the universal guide frame mutual authentication procedure, the mobile terminal and the server does not need to request a certificate authentication center, the mobile terminal does not need to preset the certificate, but also eliminates the authentication center and the mobile terminal certificate managing server certificates, such as: certificate inquiries, certificate revocation, and other certificate renewal, so the process is simple, shorten the acquisition broadcast / multicast service content, time, reduce the burden on the network, but also saves time mobile end-users, improves the user business experience.

步骤105.BSF和UE利用运行通用引导框架程序产生的Ks产生共享的对称密钥Ks—NAF,并且BSF将B-TID和Ks-NAF发送给NAF; Step 105.BSF UE and run using common guide frame generating program generates a shared symmetric key Ks Ks-NAF, the BSF and the B-TID and the Ks-NAF sending to the NAF;

用共享的对称密钥代替现有技术中的公私密钥对,加解密信息的速度快, 产生的密文信息的体积小,缩短了获取广播/组播业务内容的时间,也节省了移动终端用户的时间,进一步提高了用户的业务体验。 Instead of the prior art public-private key with the shared symmetric key pair, the cryptographic information is fast, small cipher text information generated shortened acquire broadcast / multicast service content, the time, the mobile terminal also saves the user's time to further enhance the user's service experience.

步骤106.NAF向UE发送广播/组播业务的注册业务信息,该注册业务信息中包含用Ks—NAF加密的权限密钥信息(Right Encryption Key, REK); Transmitting the service information registration step 106.NAF broadcast / multicast service to a UE, where the register contains the service encrypted with Ks-NAF key information in the rights information (Right Encryption Key, REK);

步骤107.UE接收到NAF发送的注册业务信息后,UE上的数字版权管理模块(Digital Right Management Agent, DRM Agent)用Ks—NAF解密^皮加密的REK得到REK; After receiving the registration step 107.UE NAF transmitted service information, DRM module (Digital Right Management Agent, DRM Agent) on the UE decrypting the encrypted Piga ^ Ks-NAF REK obtained with the REK;

步骤108.UE向NAF发送获取权限目标(Right Object, RO )的请求信息; Step 108.UE transmission permission information acquisition request to the NAF target (Right Object, RO) of;

步骤109.NAF将包含消息认证码(Message Authentication Code, MAC)、 用REK加密后的服务密钥(Service Encryption Key, SEK)和/或程序密钥(Program Encryption Key, PEK)、用户使用该广4番/组播业务的权限的权限信息(如:使用次数、使用间隔、使用的截止日期等)以及其它相关信息的RO发送给UE; 109.NAF step comprising a message authentication code (Message Authentication Code, MAC), a service key (Service Encryption Key, SEK) and the encrypted REK / or program key (Program Encryption Key, PEK), user uses the wide 4 fan authority information permission / multicast service (such as: frequency of use, using spacers, the use expiration date, etc.) to the UE RO and other relevant information;

步骤110.DRM Agent根据MAC判断RO是否完整,若完整,执行步骤111;否则,跳转执行步骤115; Step 110.DRM Agent determines according to the MAC RO is complete, if complete, step 111; otherwise, skip to step 115;

步骤lll.DRM Agent利用REK对被加密的SKK/PEK进行解密,得到SEK/PEK; Lll.DRM Agent step of using the encrypted REK SKK / PEK decrypts obtain SEK / PEK;

步骤112.DRM Agent利用SEK/PEK对服务器发送的经过加密的传输密钥信息(Traffic Encryption Key, TEK)进行解密得到TEK; 步骤113.DRM Agent利用TEK解密广播/组播业务内容; 步骤114.UE使用广播/组播业务内容; 步骤115.结束。 After step 112.DRM Agent using SEK / PEK sent by the server transmitting the encrypted key information (Traffic Encryption Key, TEK) be decrypted TEK; step 113.DRM Agent using TEK to decrypt the broadcast / multicast service content; step 114. UE broadcast / multicast service content; end step 115..

参见图2,图2所示为上述方法中步骤104的BSF与UE相互鉴权的一具体流程,其具体操作如下: Referring to Figure 2, Figure 2 shows the steps of the above method of the BSF and the UE 104 in a particular mutual authentication process, the specific operation is as follows:

步骤1041.UE向BSF发送运行GBA的请求信息,该请求信息中包含该UE的身份信息; Step 1041.UE transmission request information to run GBA BSF, the request message includes the identity of the UE;

步骤1042,BSF从用户归属网络系统(Home Subscriber System , HSS ) 获取GBA参数,包括用户安全设置和认证向量AV,该AV中包括随机挑战数(Random Challenge, RAND)、认证令牌(Authentication Token, AUTN)、 期望应答值(Expected Response, XRES )、加密密钥(Cipher Key , CK) 及完整性密钥(Integrity Key , IK); Step 1042, BSF acquired from the user home network system (Home Subscriber System, HSS) GBA parameters, including user settings, and security authentication vector AV, the AV includes a random number (Random Challenge, RAND) challenge, the authentication token (Authentication Token, AUTN), a desired response value (expected response, XRES), an encryption key (Cipher key, CK) and an integrity key (integrity key, IK);

步骤1043.BSF将RAND和AUTN发送给UE; Step 1043.BSF transmitted to the RAND and AUTN the UE;

步骤1044.UE根据RAND计算出CK 、 IK和应答值RES;同时,UE根据AUTN来验证BSF身份是否合法,若合法,执行步骤1045;否则,跳转执行步骤115; The RAND calculated step 1044.UE CK, IK, and the RES response value; Meanwhile, AUTN the UE according to BSF to verify the identity legality, if legal, performing step 1045; otherwise, skip to step 115;

步骤1045.UE将RES发送给BSF; Step 1045.UE sends RES to the BSF;

步骤1046.BSF比较RES和XRES的值是否相等,若相等,说明UE身份合法,执行步骤1047,否则,跳转执行步骤115; Step 1046.BSF compare RES and XRES values ​​are equal, if equal, indicating the identity of legitimate UE, step 1047, otherwise, skip to step 115;

步骤1047.BSF产生引导交易识别符(Bootstrapping Transaction Identifier, B-TID),并用CK, IK产生密钥参数Ks; The step of generating the guide 1047.BSF transaction identifier (Bootstrapping Transaction Identifier, B-TID), and washed with CK, IK key parameter Ks is generated;

步骤1048.BSF向UE发送B-TID信息告知UE通过鉴权; Step 1048.BSF UE B-TID is sent to notify the UE through the authentication information;

步骤1049.UE用CK, IK产生Ks。 Step 1049.UE with CK, IK produce Ks.

在上述技术方案中,若要进一步对广播/组播业务的内容进行保护,则在步骤113与步骤114之间还可以执行以下操作: In the above aspect, to further content broadcast / multicast service protection, the following operations may also be performed between step 113 and step 114:

UE用户接收广播/组播业务时,DRM Agent判断UE用户对该广播/组播业务的使用是否满足RO中的使用权限,比如,若使用权限中规定该广播/组播业务的使用次数为3次,则DRM Agent判断该广播/组播业务被使用的次数是否小于3次,小于则执行步骤114,否则执行步骤115;若使用权限中规定该广播/组播业务的使用间隔为1天,则DRM Agent判断该广播/组播业务被使用时的时间与上次记录的使用时间之间的差值是否大于24小时,大于则执行步骤114,否则执行步骤115;若使用权限中规定该广播/组播业务的使用有效期为2006年10月1日,则DRM Agent判断该广播/组播业务被使用时的时间是否小于2006年10月1日,小于则执行步骤114,否则执行步骤115;若使用权限中规定该广播/组播业务只能被XXX UE收听,则DRM判断该广播/组播业务被收听时的UE是否为XXX UE,是则执行步骤114,否则执行步骤115; When the user of the UE receiving broadcast / multicast service, DRM Agent determines the UE user uses a broadcast / multicast service meets a use authority of the RO, for example, if the usage rights specified number of times using the broadcast / multicast service is 3 times, the DRM Agent determines the frequency and the broadcast / multicast service to be used is less than 3, less than the step 114 is performed, otherwise step 115; if the predetermined usage rights to use the broadcast / multicast service intervals of 1 day, DRM Agent determines the time when the broadcast / multicast traffic is used if the time difference between the last recorded greater than 24 hours, greater than step 114 is performed, otherwise step 115; if the broadcast rights specified using period of validity / multicast service for the October 1, 2006, the DRM Agent to determine the time when the broadcast / multicast service being used is less than October 1, 2006, less than the step 114 is performed, otherwise step 115; if the usage rights specified in the broadcast / multicast service can only be listened XXX UE, when the UE determines the DRM of the broadcast / multicast service is listening whether XXX UE, if yes, perform step 114, otherwise, executing step 115;

最后所应说明的是,以上实施例仅用以说明本发明的技术方案而非限制, 尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换,而不脱离本发明技术方案的精神和范围。 Finally, it should be noted that the above embodiments are intended to illustrate and not limit the present invention, although the present invention has been described in detail with reference to preferred embodiments, those of ordinary skill in the art should be understood that the techniques of the present invention program modifications or equivalent replacements without departing from the spirit and scope of the technical solutions of the present invention.

Claims (6)

  1. 1、一种移动终端使用广播/组播业务内容的方法,其中执行以下步骤:步骤1. 移动终端向服务器发送申请注册广播/组播业务内容的请求信息;步骤2. 所述服务器检查所述移动终端中是否存在通用引导框架程序参数,若不存在,执行步骤3;若存在,则跳转执行步骤6;步骤3. 所述服务器向所述移动终端发送运行所述通用引导框架程序的消息;步骤4. 所述移动终端通过运行所述通用引导框架程序与所述服务器相互鉴权,若所述服务器和所述移动终端均通过鉴权,执行步骤5;否则,跳转执行步骤15;步骤5. 所述服务器与所述移动终端产生共享的对称密钥;步骤6. 所述服务器向所述移动终端发送广播/组播业务的注册信息;步骤7. 所述移动终端接收到所述注册信息后,该移动终端上的数字版权管理模块用所述对称密钥对权限密钥信息进行解密,得到权限密钥 1. A method for a terminal using a broadcast / multicast service content movement, wherein performing the following steps: Step 1. The mobile terminal transmits to the server application registration request message broadcast / multicast service content; Step 2. The server checks the General procedure guide frame parameters whether the mobile terminal exists, if not, step 3; if there is a jump to step 6; step 3. the general operation of the message server transmitting the program guide frame to the mobile terminal ; step 4. the general operation of the mobile terminal by the program guide frame mutual authentication with the server, if the server and the mobile terminal have passed the authentication, executing step 5; otherwise, skip to step 15; the server and the step of generating a symmetric key shared mobile terminal; a step of sending a registration server 6. the information broadcast / multicast service to the mobile terminal; a step of receiving said mobile terminal 7. after registration information, the DRM module on the mobile terminal using the symmetric key authority decrypts the key information, to obtain authority key 步骤8. 所述移动终端向所述服务器发送获取权限目标的请求信息;步骤9. 所述服务器将所述权限目标发送给所述移动终端,所述权限目标中包含消息认证码、用所述权限密钥加密的服务和/或程序密钥;步骤10. 所述数字版权管理模块利用所述消息认证码检验所述权限目标是否完整,若完整,执行步骤11;否则,跳转执行步骤15;步骤11. 所述数字版权管理模块利用所述权限密钥对所述权限目标中加密的服务和/或程序密钥进行解密得到所述服务和/或程序密钥;步骤12. 所述数字版权管理模块利用所述服务和/或程序密钥对该移动终端中收到的由所述服务器广播发出的传输密钥信息进行解密,获得所述传输密钥;步骤13. 所述数字版权管理模块利用所述传输密钥对所述服务器播出的经过加密的所述广播/组播业务内容进行解密;步骤14. 所述移动终端使用所述 The mobile terminal step of transmitting to the target server to obtain permission request information; step 9. The target server, the permission to the mobile terminal, the rights contained in the target message authentication code with said rights key encryption service and / or program key; said step of digital rights management module 10 by using the message authentication code of the inspection target privilege is complete, if complete, go to step 11; otherwise, skip to step 15 ; step 11. the digital rights management module using the target rights authority key in the encrypted service and / or program key obtained by the decryption of the service and / or program key; step 12. the digital Rights management module using the transfer key information sent by the broadcast service server and / or the received program key to decrypt the mobile terminal, obtain the transmission key; step 13. the digital rights management said module encrypted using the key server transmitting broadcast the broadcast / multicast service decrypting the content; the step of the mobile terminal 14 广播/组播业务内容;步骤15. 结束。 Broadcast / multicast service content; Step 15 ends.
  2. 2、 根据权利要求1所述的移动终端使用广播/组播业务内容的方法,其中所述步骤4的具体操作为:步骤41.所述移动终端向所述服务器发送运行通用引导框架程序的请求信息,该运行通用引导框架程序的请求信息中包含所述移动终端的身份信息;步骤42.所述服务器从用户归属网络系统获取通用引导框架程序参数,该通用引导框架程序参数包括用户安全设置和认证向量,该认证向量包括随机挑战数、认证令牌、期望应答值、加密密钥及完整性密钥;步骤43.所述服务器将所述随机挑战数和所述认证令牌发送给所述移动终端;步骤44.所述移动终端计算出所述加密密钥、所述完整性密钥及应答值; 同时,所述移动终端根据所述认证令牌来验证所述服务器是否合法,若合法, 执行步骤45;否则,跳转执行步骤15;步骤45.所述移动终端将所述应答值发送给所述服务器 2, the mobile terminal according to claim 1, the method using a broadcast / multicast service content, wherein the specific operation step 4: Step 41. The mobile terminal sends a request to run the general program guide frame to the server information, the request information to run the general program guide frame includes the identity of the mobile terminal; a step of obtaining common guide frame 42. the server program parameters from the user home network system, the general program guide frame including user security settings and parameters authentication vector, the authentication vector comprises a random challenge number, the authentication token, the desired response value, an encryption key and an integrity key; step 43. the server challenges the random number and the authentication token to the the mobile terminal; a step of calculating the mobile terminal 44. the encryption key and the integrity key response value; the same time, the mobile terminal to verify the legality of the server according to the authentication token, if legitimate , step 45; otherwise, skip to step 15; step of the mobile terminal 45. the response value is sent to the server ;步骤46.所述服务器比较所述应答值与所述期望应答值的值是否相等,若相等,执行步骤47,否则,跳转执行步骤15;步骤47.所述服务器产生引导交易识别符并用所述加密密钥与所述完整性密钥产生密钥参数;步骤48.所述服务器向所述移动终端发送所述引导交易识别符信息告知所述移动终端通过鉴权;步骤49.所述移动终端用所述加密密钥与所述完整性密钥产生密钥参数。 ; Step of comparing the response value to the server 46. The expected response value is equal to the value, if equal, step 47, otherwise jumps to step 15; step 47 the server generates a transaction identifier and a guide the encryption key and the integrity key generating key parameter; a step 48. the server sends the bootstrapping transaction identifier information informed by the mobile terminal to the mobile terminal authentication; 49. step the mobile terminal generates the encryption key using the key parameter and the integrity key.
  3. 3、 根据权利要求2所述的移动终端使用广播/组播业务内容的方法,其中所述步骤41中所述移动终端向所述服务器发送运行通用引导框架程序的请求信息是:所述移动终端向所述服务器中的引导服务功能模块发送运行通用引导框架程序的请求信息。 3, the mobile terminal according to claim 2, the method using a broadcast / multicast service content, wherein said step of requesting information of the mobile terminal 41 transmits to the server to run the general program guide frame: said mobile terminal the server sends the service guide request information common function module to run the program guide frame.
  4. 4、 根据权利要求2所述的移动终端使用广播/组播业务内容的方法,其中所述步骤42中所述服务器从用户归属网络系统获取通用引导框架程序参数是:所述服务器中引导服务功能模块从用户归属网络系统获取通用引导框架程序参数。 4. The mobile terminal of claim 2, wherein the method uses a broadcast / multicast service content, wherein said step of acquiring from a server 42 in the user home network system parameter is a general guide frame: the guiding service server program module acquires common guide frame parameters from a user home network system.
  5. 5、 根据权利要求1所述的移动终端使用广播/组播业务内容的方法,其中所述步骤9中,所述权限目标中还包括权限信息;所述步骤13与所述步骤14之间还设有所述数字版权管理模块判断所述移动终端在使用所述广播/组播业务内容时,是否符合所述权限信息的要求的步骤,如果符合,则执行步骤14,如果不符合,则执行步骤15。 The mobile terminal 5, according to claim 1, using the broadcast / multicast service content, wherein in the step 9, further comprising the target privilege rights information; and a step 13 between step 14 further with the digital rights management module determines that the mobile terminal using the broadcast / multicast service content, whether the required steps to comply with the authority information, if so, step 14 is executed, and if not, is executed step 15.
  6. 6、 根据权利要求5所述的移动终端使用广播/组播业务内容的方法,其中所述步骤9中的所述权限信息为使用次数信息、使用间隔信息、使用有效期信息或使用系统信息或它们的任意组合。 6, the mobile terminal according to claim 5, wherein the method uses a broadcast / multicast service content, wherein the rights information in the step 9 to the frequency of use information, use interval information using the validity information or system information, or any combination.
CN 200510123496 2005-11-23 2005-11-23 Method for mobile terminal using content of service of broadcast/multicast CN100484266C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510123496 CN100484266C (en) 2005-11-23 2005-11-23 Method for mobile terminal using content of service of broadcast/multicast

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510123496 CN100484266C (en) 2005-11-23 2005-11-23 Method for mobile terminal using content of service of broadcast/multicast

Publications (2)

Publication Number Publication Date
CN1972504A true CN1972504A (en) 2007-05-30
CN100484266C true CN100484266C (en) 2009-04-29

Family

ID=38113035

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510123496 CN100484266C (en) 2005-11-23 2005-11-23 Method for mobile terminal using content of service of broadcast/multicast

Country Status (1)

Country Link
CN (1) CN100484266C (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127663B (en) 2007-09-13 2010-11-03 北京交通大学 A system and method for access of mobile self-organized network to integrated network
CN101119206B (en) 2007-09-13 2011-03-02 北京交通大学 Identification based integrated network terminal united access control method
CN101414253B (en) 2007-10-17 2011-11-23 华为技术有限公司 Method and system for managing authority
CN101162955B (en) 2007-11-12 2011-10-05 中国联合网络通信集团有限公司 Method of obtaining login key of handset television service system
CN101345677B (en) 2008-08-21 2011-06-01 西安西电捷通无线网络通信股份有限公司 Method for improving security of broadcast or multicast system
CN101753588B (en) 2008-12-05 2012-08-15 中国移动通信集团公司 Method and system for controlling integrated service operation
CN101719910B (en) * 2009-11-16 2015-02-11 北京数字太和科技有限责任公司 Terminal equipment for realizing content protection and transmission method thereof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1249584A (en) 1998-09-01 2000-04-05 曼德波特有限公司 System for broadcasting data signal by encryption mode
CN1553600A (en) 2003-05-29 2004-12-08 华为技术有限公司 Method for updating shared key

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1249584A (en) 1998-09-01 2000-04-05 曼德波特有限公司 System for broadcasting data signal by encryption mode
CN1553600A (en) 2003-05-29 2004-12-08 华为技术有限公司 Method for updating shared key

Also Published As

Publication number Publication date Type
CN1972504A (en) 2007-05-30 application

Similar Documents

Publication Publication Date Title
US7185362B2 (en) Method and apparatus for security in a data processing system
US7500269B2 (en) Remote access to local content using transcryption of digital rights management schemes
US20070100701A1 (en) Digital rights management engine systems and methods
US20070204078A1 (en) Digital rights management engine systems and methods
Xu et al. Security issues in privacy and key management protocols of IEEE 802.16
US20090217036A1 (en) Digital rights management
US20110213969A1 (en) Dynamic cryptographic subscriber-device identity binding for subscriber mobility
US20130117824A1 (en) Privacy preserving authorisation in pervasive environments
US20060291660A1 (en) SIM UICC based broadcast protection
US20080141378A1 (en) Method and apparatus for creating licenses in a mobile digital rights management network
US20090183010A1 (en) Cloud-Based Movable-Component Binding
US20040157584A1 (en) Method for establishing and managing a trust model between a chip card and a radio terminal
US20050289347A1 (en) Method and apparatus to authenticate base and subscriber stations and secure sessions for broadband wireless networks
US20050278787A1 (en) Robust and flexible digital rights management involving a tamper-resistant identity module
US20070079381A1 (en) Method and devices for the control of the usage of content
US20040117623A1 (en) Methods and apparatus for secure data communication links
US20050209972A1 (en) System and method for digital rights management of electronic content
US20080046758A1 (en) Digital rights management using trusted processing techniques
US20060282391A1 (en) Method and apparatus for transferring protected content between digital rights management systems
US20070220598A1 (en) Proactive credential distribution
US20060206708A1 (en) Method for managing digital rights in broadcast/multicast service
US20070234041A1 (en) Authenticating an application
US20070254630A1 (en) Methods, devices and modules for secure remote access to home networks
US8417952B2 (en) Method for Digital Rights Management in a mobile communications network
US20130091353A1 (en) Apparatus and method for secure communication

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted