CN101009553A - Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system - Google Patents

Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system Download PDF

Info

Publication number
CN101009553A
CN101009553A CN 200610172266 CN200610172266A CN101009553A CN 101009553 A CN101009553 A CN 101009553A CN 200610172266 CN200610172266 CN 200610172266 CN 200610172266 A CN200610172266 A CN 200610172266A CN 101009553 A CN101009553 A CN 101009553A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
key
service
network
program
user
Prior art date
Application number
CN 200610172266
Other languages
Chinese (zh)
Inventor
柯尊友
姚清华
穆志纯
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

The invention provides a method to realize the key security inosculating mobile multimedia broadcasting system that includes: (a) the generation and storage of the broadcasting system network, and refresh the key of program, the generation of mobile communication system network, storage and refresh the business key, and the business key and label are transmitted to the user terminal by the mobile communication system network; (b) the program key is transmitted to the business platform of mobile communication system network by the broadcasting system network, the key is secreted by the business platform, and the secreted control information is returned; (c) the scrambler of broadcasting system network uses the program flow corresponding to the encrypted code, the program flow and the cipher key information are sent by the radio; (d) the user terminal receives the program flow and secreted control information to find the corresponding business key label, and the business key is the parameter, decipher the key of program flow, and decipher the program flow data using the obtained key of program flow.

Description

实现多网融合移动多媒体广播系统密钥安全的方法和系统 Method and system for multi-network convergence of mobile multimedia broadcast system key security

技术领域 FIELD

本发明涉及移动网络通信和移动多媒体广播技术。 The present invention relates to a mobile communications network and mobile multimedia broadcasting technology. 尤其涉及移动多媒体广播系统网络和多种移动通信系统网络融合情况下,为用户终端提供密钥安全的方法和系统。 Particularly to a method and system of a mobile multimedia broadcast system networks and multiple mobile communication system network convergence case, the key to provide the security for the user terminal.

背景技术 Background technique

随着人们对移动通信的需求不断增长,大量多媒体业务随着时代发展而涌现出来。 As the demand for mobile communications is growing, a large number of multimedia services with the development of the times and emerge. 其中,一些应用要求多个用户能同时接收相同媒体数据,如视频点播、电视广播等,典型的如手机电视业务。 Wherein Some applications require multiple users to receive the same data at the same media, such as video on demand, television broadcast or the like, such as a typical mobile TV services.

单纯的移动多媒体广播系统MMB网络实现移动多媒体广播或手机电视等业务(DMB、DAB、DVB等频率寻址广播网络系统,统一用MMB示出),面临着一些先天性的缺陷。 Pure MMB mobile multimedia broadcast system for mobile multimedia broadcast network or a mobile TV service (DMB, DAB, DVB and other broadcast network addressing system frequency, using a unified MMB shown), it faces a number of congenital defects. 由于其传输的单向性,即只有下行通道,给交互式业务、系统计费灵活性和系统安全都带来了不便,使得一些成熟的移动网络的技术无法应用到该领域。 The one-way, i.e. only the downlink channel, to interactive services, billing system security and system flexibility are inconvenienced transmitted therethrough, such that some mature mobile network technology can not be applied to the field.

单纯MMB系统为了实现交互、计费和安全,不得不在不可预知的情况下,轮播交互、计费和安全的内容,对于大规模商用系统,这些数据量非常大,特别是计费信息,极大影响了系统开销,带来很大系统性负担。 MMB system in order to achieve simple interaction, billing and security, had in the case of unpredictable, interactive content carousel, billing and security for large-scale commercial systems, the data is very large, especially billing information, very big impact on system overhead, great systemic burden. 相比较于双向的移动通信系统网络,广播系统网络要实现同样的功能,要承担很大代价。 Compared to the two-way mobile communication network systems, network broadcasting system to achieve the same function, we have to bear a very high price. 即便实现了,业务范畴、使用灵活性也大打折扣。 Even if achieved, business scope, flexibility of use is also greatly reduced. 而这些在移动通信系统网络早已获得了成熟的电信级应用。 These mobile communication system network has already gained a mature carrier-grade applications.

但是,广播网络的无线带宽利用效率高,数据容量较移动网络大得多。 However, high bandwidth utilization efficiency of the wireless broadcast network, the mobile network is much greater than the data capacity. 为大规模多媒体传输提供了较好承载。 The carrier is preferably provided for large-scale multimedia transmission. 为此,提出了MMB与移动网络(GSM、CDMA或3G等)融合的需求。 This paper presents a demand for integration of MMB and mobile networks (GSM, CDMA, or 3G, etc.).

3GPP和3GPP2都提出了相应的多媒体广播/组播业务,所谓广播/组播类业务是指:一点到多点的单向承载业务,数据由一个源实体发送至多个接收实体。 3GPP and 3GPP2 are made corresponding multimedia broadcast / multicast service, called the broadcast / multicast service refers to: a unidirectional point to multipoint bearer service, data is transmitted by a source entity to multiple receiving entities. 这些业务将点到多点的思想引入移动通信系统,它可以在移动网络中提供一个数据源向多个用户发送数据的点到多点业务,以达到网络资源共享和提高网络资源利用率的目的。 These multipoint service to introduce the idea of ​​a mobile communication system, it can provide a data source for transmitting data to a plurality of user-to-multipoint services in a mobile network, in order to achieve sharing of network resources and improve network resource utilization .

业务指南中每个节目流被按照时间段,分成了若干段节目内容,简称节目。 Each program guide service stream according to the time period is divided into a number of pieces of program content, referred to the program. 需要对每个节目进行安全保护。 The need for security protection for each program. 目前,3GPP移动通信系统中多媒体广播/组播业务的安全通过三层密钥体系来实现:第一层:用户密钥,单个多媒体广播/组播业务用户终端与数据源之间共享的密钥MUK;第二层:业务密钥,所有多媒体广播/组播业务用户终端和数据源共享的密钥MSK;第三层:节目流密钥,所有多媒体广播/组播业务用户终端与数据源共享的组播传输数据加密密钥MTK。 Currently, 3GPP mobile communication system, secure multimedia broadcast / multicast service is implemented by three key system: First layer: user key, shared between the individual multimedia broadcast / multicast service the user terminal and the data source key MUK; second layer: the service key, all multimedia broadcast / multicast service the user terminal and the data source shared key the MSK; third layer: a program stream key, all multimedia broadcast / multicast service the user terminal and the shared data source transmitting multicast data encryption key MTK.

MUK被用来将MSK安全地发送给业务用户,MSK被用来将MTK安全的发送给业务用户,而MTK是真正的组播传输数据加密密钥。 MUK MSK is used to securely sent to the service user, MTK MSK is used to secure traffic sent to the user, and is truly MTK multicast transmission data encryption key. 为了保证多媒体广播/组播业务的安全,MSK和MTK需要经常性地进行更新,避免合法用户泄露MSK或MTK给非法用户,以减小非法用户获得组播通信内容对业务安全造成的影响。 In order to ensure the safety of multimedia broadcast / multicast service, MTK MSK and need to be updated regularly, to avoid leakage of MSK or MTK legitimate users to unauthorized users, to reduce the impact of illegal users to get content for multicast communication business security. 保护只有签约该业务的用户终端,才可以合法享用业务。 Protect the user terminal only sign of the business, before they can legally enjoy the business. 对于没有签约用户,或者签约后退定的用户,都要视为非法用户。 For there is no subscriber or subscription retreat given user, the user must be considered illegal.

当广播/组播服务器更新业务密钥后,向用户终端发送新密钥有效消息,该消息表示新的业务密钥已经有效;用户终端收到该消息后,可以向广播/组播服务器发送请求密钥消息,请求一个新的业务密钥;广播/组播服务器收到请求密钥消息后,将相应的新业务密钥发送给发起请求的用户终端;所述用户终端成功收到新的业务密钥后,将该业务密钥进行保存并在以后使用。 When the broadcast / multicast server updates the service key, the user terminal sends a valid new key message, which indicates the new service key is already active; after the user terminal receives this message, may send a request to the broadcast / multicast server key message requesting a new service key; broadcast / multicast server receives the key request message, transmits corresponding new key to the user terminal initiates a service request; user terminal has successfully received the new service after the key, the key business save and use later.

3GPP2移动通信系统中,也与3GPP对应有分层的密钥。 3GPP2 mobile communication system, and also layered with a key corresponding 3GPP. 具体的讲,第一层:用户密钥TK;第二层:业务密钥BAK;第三层:节目流密钥SK。 To be specific, the first layer: a user key TK; second layer: the BAK service key; Third layer: a program stream key SK.

融合网络中,节目流从广播网络下发(例如广电广播网络),即由广电网络的广播信道传输节目业务流;由广电手机电视系统实现节目内容加密;由移动运营商的移动通信系统网络完成用户鉴权和业务计费;由移动运营商的移动通信系统网络作为交互信道传送业务密钥和实现业务定购、业务交互等。 Converged network, program stream made (e.g., radio and television broadcast network) from the broadcast network, i.e., a broadcast channel transmission program service streams broadcasting network; program content is encrypted by the broadcasting mobile TV system; completed by the mobile communication system network of the mobile operator user authentication and billing services; mobile operator network in a mobile communication system as an interactive channel for transmitting service subscription service key and implement business interactions.

但是,相对于3GPP,3GPP2使用了不同的加密方法。 However, with respect to 3GPP, 3GPP2 uses a different encryption method. 而且,一般两者存在于独立的网络系统,具有不相干的广播/组播业务平台的密钥管理系统。 Further, both generally present in the independent network system with irrelevant broadcast / multicast service platform key management systems. 广播系统网络如何融合不同移动通信系统网络的业务平台的密钥管理? How Broadcasting System network integration services platform key management systems of different mobile communication networks? 因此,在移动多媒体广播系统网络和多种移动通信系统网络融合情况下,广播系统网络融合了不同移动通信系统网络的业务平台,需要为移动用户终端提供一种密钥安全的方法,实现三级密钥更新及密钥安全。 Thus, in the case, the network broadcasting system combines the different internet service mobile communication system network in a mobile multimedia broadcast system networks and multiple mobile communication systems network convergence, there is provided a security key for the mobile user terminal method needs to achieve three key update and key security.

发明内容 SUMMARY

本发明要解决的技术问题是提供一种实现多网融合移动多媒体广播系统密钥安全的方法,使得移动多媒体广播系统可以融合多种或多个具有不同密钥管理功能的移动通信系统网络业务平台,为移动用户终端提供密钥安全。 The present invention is to solve the technical problem is to provide a method to achieve multi-network integration mobile multimedia broadcast system security key, mobile multimedia broadcast system that may be fused or various mobile communication systems having different network service platform key management functions providing the mobile user terminal for the key security.

为了解决上述问题,本发明提出了一种实现多网融合移动多媒体广播系统密钥安全的方法,应用于广播系统网络和多个移动通信系统网络融合的系统,所述广播系统网络有一加扰器,所述移动通信系统网络有一业务平台,该方法包括以下步骤:(a)广播系统网络的加扰器按设定规则生成、存储和更新节目流密钥,各移动通信系统网络的业务平台按设定规则生成、存储和更新业务密钥,业务密钥对应于唯一的业务密钥标识,各移动通信系统网络分别将业务密钥及其标识分发到订购了相应业务的用户终端;(b)广播系统网络的加扰器将节目流密钥发送到各个移动通信系统网络的业务平台,各业务平台以对应的业务密钥为参数对节目流密钥加密,并将加密控制信息返回所述加扰器,其中包括加密后的节目流密钥、业务密钥标识和移动通信系统网络的标识参数 To solve the above problems, the present invention provides a method for realizing multi-network integration mobile multimedia broadcast system key security system applicable to a broadcast network and a plurality of mobile communication systems network convergence system, the broadcast network system with a scrambler the mobile communication network has a service platform system, the method comprising the steps of: (a) system network broadcast scrambler according to the set rule generating, storing and updating the program stream key, each mobile communication network system according to the service platform setting rule generating, storing and updating service key, the service key corresponding to the unique service key identifier, each mobile communication network system and the service key identifier, respectively distributed to the user terminal corresponding to the ordered service; (b) network broadcast system sends the scrambler to key the program stream each service platform of the mobile communication system network, each service platform in a corresponding service key encryption key as a parameter of the program stream, and returns the encrypted control information added scrambler, wherein the identification parameter comprises a program stream key encrypted service key identification system and a mobile communication network 加扰器对收到的加密控制信息加以存储;(c)广播系统网络的加扰器使用节目流密钥加密编码后的对应节目流,并将节目流和加密节目流密钥信息一并输出,复用后广播发送,所述加密节目流密钥信息包含每一节目流标识及其在每个移动通信系统网络的加密控制信息;(d)用户终端选择节目后,接收相应的节目流及其加密控制信息,根据所属移动通信系统网络的标识找到对应的业务密钥标识,确定应使用的本地业务密钥,以该业务密钥为参数,解密加密后的节目流密钥,再用得到的节目流密钥解密节目流数据。 Scrambler be stored encrypted received control information; (c) broadcasting system using network scrambler program stream corresponding to the program stream encoding key encryption, and the encrypted program and a program stream together with stream key information output after transmitting the multiplexed broadcast, the stream key encrypted program information includes identification for each program stream and encrypts each control information of the mobile communication system network; (d) after the terminal user selects a program, the corresponding program stream received and encrypting the control information, the key to find the corresponding service identifier according to the identifier of the relevant mobile communication network system, to determine the local service key should be used to the parameter of the service key, a program key by decrypting the encrypted stream, and then to give the program stream key to decrypt the program data stream.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,步骤(a)中,所述用户终端生成用户密钥并在认证时上报业务平台,所述业务平台按相同规则为订购业务的用户生成用户密钥,并验证与该用户终端上报的用户密钥是否一致,如是,再以该用户密钥为参数加密业务密钥,然后将加密后的业务密钥及其标识发送到该用户终端存储;步骤(d)中,用户终端在确定了应使用的业务密钥后,先找到存储的加密后的业务密钥,以本地的用户密钥为参数解密得到业务密钥,再以该业务密钥解密加密后的节目流密钥。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following features, steps (a), the user terminal generates a user key and reports the authentication service platform, said service platform by subscription rules generated for the same service user key, and verify that the user terminal reports the user key are the same, and if so, then the user key to encrypt the service key parameter, and then the encrypted service key and which identifies the user terminal sending to storage; step (d), the user terminal after determining the service key to be used to find the service key encrypted storage, local user key is decrypted service parameters key, then the program flows to the service key encrypted key is decrypted.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,步骤(b)进一步分为以下步骤:(b1)广播系统网络的加扰器根据配置的管理规则,通过与多个移动通信系统网络的业务平台的接口,向其发送节目流密钥加密请求,携带会话标识、节目流标识、节目流密钥标识和节目流密钥数据;(b2)各移动通信系统网络的业务平台收到加密请求后,根据节目流标识匹配找到对应的业务密钥,使用该业务密钥作为参数,加密控制字数据,并生成该节目流的加密控制信息;(b3)各移动通信系统网络业务平台向加扰器发送节目流密钥加密响应消息,使用与请求一样的会话标识和节目流标识,并带上生成的加密控制信息,包括加密后的节目流密钥、业务密钥标识和移动通信系统网络的标识参数;(b4)业务平台存储各移动通信系统网络返回的节 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following features in step (b) is further divided into the following steps: (b1) broadcasting system network management scrambler according to configured rules, by service platform interface a plurality of mobile communication systems network, transmitting program stream key encryption request thereto, carries the session identifier, the program flow identifier, a program identifier and a program stream key stream key data; (B2) each of the mobile communication system after receiving the encrypted network request service platform, to find the matching program stream identifier corresponding to the service key, the service key is used as a parameter, the control word encrypted data, and generates the encrypted control information of the program stream; (B3) of each mobile communication system network service platform transmits to the scrambler key encrypted program flow response message, the request using the same session identifier and the flow identification program, and bring the generated encrypted control information, the program stream includes an encryption key, secret service key identification parameter identifies the mobile communication system network; (B4) stored in each mobile communication service platform system network return section 目流的加密控制信息。 Encrypted program stream control information.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,步骤(d)进一步分为以下步骤:(d1)用户启动终端上的移动多媒体广播系统的客户端,客户端程序开始工作;(d2)客户端如判断需要获取电子业务指南,则和所述业务平台交互获取电子业务指南数据并展示,如不需要,则直接展示;(d3)用户根据客户端展示的电子业务指南,选择观看有效的电视节目,如该节目需订购,则和所述业务平台交互完成业务订购过程;(d4)终端根据用户选择使用的当前业务,根据业务标识解复用接收对应加密的节目流,同时可接收加密节目流密钥信息;(d5)终端从加密节目流密钥信息中获得多个网络的加密控制信息,根据终端存储的移动通信系统网络的标识参数,选择使用该移动通信系统网络的加密控制信息;(d6)终端根据加密控制信息中的业 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following characteristics, step (d) is further divided into the following steps: (d1) a user starts a client system on a mobile multimedia broadcast terminal, the client end program starts working; (D2) is determined as the client needs to obtain electronic service guide, the service platform and the interactive electronic service guide data acquisition and display, if not required, the direct display; (D3) according to the user's client display an electronic service guide, effectively choose to watch a television program, such as the need to order the program, the interactive service platform and the service subscription process is completed; (D4) according to a user terminal used by the current service, the service identifier demultiplexed according to the corresponding encryption reception the program stream, while encrypted program stream received key information; (d5 of) a plurality of network terminal obtains the encrypted control information, according to the identifier of the mobile communication system network parameter stored by the terminal, selected from the encrypted program using the key information in the stream encrypting the mobile communication system network control information; (d6) terminal industry encryption control information in accordance with 密钥标识,判断终端是否已存储对应有效的业务密钥,如否,则向移动通信系统网络业务平台发起业务密钥请求,获取用该终端的用户密钥加密后的该节目流的业务密钥,如是,执行下一步;(d7)终端使用本地的用户密钥对加密后的业务密钥解密,利用得到的业务密钥和相应的解密算法来解密加密控制信息中加密后的节目流密钥,再用得到的节目流密钥解密节目流数据。 Key identifier, the terminal determines whether the stored key corresponding to a valid service, if not, initiating a service key request to the mobile communication system network service platform, obtain the service of the program is encrypted with the user of the terminal after the key encryption stream key, if yes, performing next step; (D7) using the local terminal of a user key to decrypt the encrypted service key, the service key and the corresponding decryption algorithm to decrypt the encrypted using the obtained control information of the program stream cipher encryption key, the program flow key to decrypt the program data stream is then obtained.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,所述终端在初始化过程中从业务平台获取Ks,生成用户密钥,并获得用户密钥归属的移动通信系统网络的标识参数,用户认证时,终端认证请求带上用户密钥索引和自己生成的密钥,移动通信系统网络业务平台从HLR获取的鉴权多元组的基础上查找到或生成Ks,再根据该Ks生成用户密钥,业务平台对本地和终端上报的同一用户的用户密钥进行验证,如相同,将使用该用户密钥作为参数,用规定的加密算法对该用户所订购业务的业务密钥加密,否则,返回错误码给终端。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following characteristics, Ks acquired from the terminal service platform in the initialization process, generating a user key and a user key to obtain the mobile communication belongs system network identification parameter, the user authentication, terminal authentication request and bring their user key index generated key, the mobile communication system from the network lookup service platform based authentication tuple to the HLR or acquired Ks is generated, and then this generates a user key from Ks, the local service platform and the user terminal reports the same user authentication key, such as the same, the user key will be used as a parameter, the encryption algorithm using a predetermined service ordered service to the user key encryption, otherwise, it returns an error code to the terminal.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,所述节目流密钥加密请求消息中的参数还包括以下几种中的一种或其组合:加密周期开始序号,表示该次传递的节目流密钥数据用于加密节目流的加密周期开始序号;加密周期开始的绝对时间;加密持续时间长度的周期数量,表示该节目流密钥即将被用于加密节目流的持续加密周期数量;以及移动通信系统网络编码,用于标识不同的移动通信系统网络;和/或所述节目流密钥加密响应消息中的参数还包括加密周期开始序号。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following characteristics, in the flow parameters message encrypting said program request further comprises one or a combination of several of: cryptoperiod start number, it means that the transmission of the stream key data used for encrypting the program cycle start number encrypted program stream; encryption cycle start absolute time; the number of cycles duration of the length of the encryption, the key stream indicates the program is about to be used to encrypt number of cycles continued encrypted program stream; and a mobile communication network coding system, used to identify different mobile communication system network; parameters message and / or the encryption key further comprises an encrypted program stream in response to the cycle start number.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,所述移动通信系统网络的标识参数为移动通信系统网络业务平台编码,表征了特定移动通信系统网络业务平台,包括移动通信系统网络编码、多媒体业务平台编码和业务密钥体系编码;移动通信系统网络编码是移动通信系统网络的标识,唯一区分了移动通信系统网络;多媒体业务平台编码唯一标识了移动通信系统网络业务平台;业务密钥体系编码用来区分业务平台的业务密钥加解密节目流密钥的算法。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following characteristics, parameters identifying the mobile communication network system for a mobile communication network service platform coding system, characterized by a specific mobile communication system network service platform , a mobile communication system including coding, multimedia services, and internet service key encoding system encoding; mobile communication system network identification code is a mobile communication network systems, uniquely identify the mobile communication system network; internet multimedia service code uniquely identifies the mobile communication system network service platform; service key encoding systems used to distinguish the service platform service key decryption program stream key algorithm.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,步骤(a)中所述业务平台分发到终端的信息除业务密钥和业务密钥标识外,还包括节目流密钥有效序列号区间;步骤(d)中终端解密得到的节目流密钥为一个时间周期序号,终端先验证该序号是否在所述节目流密钥有效序列号区间范围内,如是,则密钥有效;再用得到有效的节目流密钥再用来解密节目数据流。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following features in step (a) is distributed to the service platform of the information terminal in addition to the service key and the service key identifier, further comprising program stream key valid serial number interval; program stream key step (d) in the terminal obtained by the decryption to a number of time periods, to verify that the terminal number is in the interval range of the program stream key is valid sequence number, and if so, the key is valid; then effectively re-program stream key is used to decrypt the program data stream.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的方法,还可以具有以下特点,步骤(a)中,所述业务密钥具有本网密钥标识唯一性,并有各自的有效期,有效期管理用于指导密钥更新以及有效性验证。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security methods may also have the following features, steps (a), the service key unique key identifier this site, and has its own validity period management guidance for key update and validation.

一种实现多网融合移动多媒体广播系统密钥安全的系统,包括移动通信系统网络、用户终端和广播系统网络,其中,移动通信系统网络,用于实现移动多媒体广播业务平台功能,以及移动网络承载功能,与用户终端交互,生成、存储或更新用户密钥,完成业务密钥的生成、存储、更新和分发;与广播系统网络交互,完成业务密钥对节目流密钥的加密;用户终端,用于获取用户密钥,接收广播系统网络的节目流和加密控制信息,并解密相应的节目流,以及和各自对应类型、位置的移动通信系统网络交互,完成用户密钥的认证,存储或更新业务密钥;广播系统网络,用于生成、存储和更新节目流密钥,将节目流密钥发送到各个移动通信系统网络,并将接收到的加密控制信息加以存储;使用节目流密钥加密编码后的对应节目流,并将节目流和加密节目流 One implementation, multi-network integration mobile multimedia broadcast system key security system, the system comprising a mobile communication network, a user terminal and a broadcast network system, wherein the mobile communication system network, for implementing functions of a mobile multimedia broadcast service platform, and mobile network carrier function, the user interacts with the terminal, generating, storing or updating user key, completion of the service key generation, storage, and distribution of the update; interact with a broadcast network system, the completion of the program stream traffic key encryption key; user terminal, for acquiring the user key, the system receives a broadcast program stream and an encrypted network control information, and decrypts the corresponding program stream, and each of the corresponding type and the mobile communication system network interaction location, the user completes the authentication key, stored or updated service key; broadcast network system for generating, storing and updating the program stream key, the program sends the key stream to each of the mobile communication system network, and the received encrypted control information to be stored; stream key encrypted program using corresponding to the program stream encoded and encrypted program streams and program streams 钥信息复用后广播发送。 After sending the key information broadcast multiplexing.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的系统,还可以具有以下特点,用户终端进一步包括以下模块:初始化模块,用于在初始化过程中获得用户密钥以及归属的移动通信系统网络业务平台编码;用户密钥用于加密业务密钥和解密得到的业务密钥,每个用户的用户密钥各不相同;用户认证模块,用于和移动通信系统网络交互完成终端的认证过程,并在终端认证请求带上用户密钥索引和自己生成的密钥,以供移动通信系统网络侧验证;业务密钥管理单元,用于接收移动通信系统网络业务平台为已订购业务的用户分发的当前业务密钥、业务密钥标识及其节目流密钥有效序列号区间,加以存储或更新;节目流接收模块,用于根据当前节目的节目流标识接收相应节目流,包括接收加密节目流密钥信息;节目流解密模块,根据移动网络业务 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security system, may also have the following characteristics, user terminal further includes the following modules: an initialization module, a key for obtaining user during initialization of a mobile communication system and the home network encoding the service platform; user key used to encrypt the service key and the decrypted service key, the user key of each user vary; the subscriber identity module for a mobile communication system, and network authentication process to complete interactive terminal, and bring the terminal user authentication request generated by itself and the key index key, for authentication of the mobile communication system network side; key management unit for receiving a mobile communication network service platform system user has subscribed for the distribution service of current service key, the service key identifier and a program stream key section valid serial number, to be stored or updated; program stream receiving means for receiving a program stream according to the corresponding program stream identity of the current program, including receiving the encrypted program stream cipher key information; program stream decryption module, the mobile network service 台编码从节目流中选择使用本网络对应的节目流加密控制信息,获得相应的业务密钥标识,根据该标识选择使用终端上存储的加密后业务密钥,用本地的用户密钥为参数加以解密得到业务密钥,再用该业务密钥解密加密后节目流密钥,根据节目流密钥有效序列号区间验证密钥有效性,再用得到的有效节目流密钥解密节目数据流。 From station program stream encoded using the encryption program stream corresponding to the network control information, to obtain the corresponding service key identifier, selecting the stored encrypted service key using the terminal according to the identification key as a parameter by the local user to be decrypted service key, then the program flow after the service key to decrypt the encrypted key, key validity verification based on the program stream key section valid serial number, the effective program stream key to decrypt the program stream then obtained.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的系统,还可以具有以下特点,业务密钥管理单元,如开始使用业务时,本地没有存储有效的业务密钥,则发起主动请求从相应移动通信系统网络获取该业务的业务密钥;不同移动通信系统网络业务平台及其终端自成体系,终端只接收到所签约的移动通信系统网络业务平台分发的业务密钥,并且已由相应用户密钥加密。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security system, may also have the following characteristics, when the service key management unit, such as start using the service, the effective local service key is not stored, a request is initiated from the respective active the mobile communication system network to obtain the service key service; different mobile communication systems network terminal service platform and self-contained, the terminal receives only key service mobile communication system subscription service platform distribution network, and the user has been encryption key.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的系统,还可以具有以下特点,移动通信系统网络的业务平台进一步包括以下模块:业务中心、密钥管理模块,其中:业务中心,提供与用户终端的业务接口,以及实现业务平台的业务逻辑控制,调度和使用业务平台内或其他业务平台功能模块,包括分发业务密钥;密钥管理模块,用于生成、存储或更新用户密钥,并根据有效的用户密钥生成业务密钥,完成业务密钥对节目流密钥的加密。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security system, may also have the following characteristics, in the mobile communication system network service platform module further comprises: a service center, the key management module, wherein: the service center, providing the service interface of the user terminal, and the service platform to achieve service logic control, scheduling and service platform using the platform or other service function module, including a service key distribution; key management module, for generating, storing or updating user key, service key and key generation, to complete the service program stream key encryption key pursuant to a valid user.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的系统,还可以具有以下特点,密钥管理模块,进一步包括:用户密钥管理单元、业务密钥管理单元、业务密钥分发单元、节目流密钥加密单元,其中:用户密钥管理单元,用于生成用户密钥,并进行存储或更新;终端初始化时从业务平台获取Ks,生成用户密钥,当业务平台收到终端的包含用户密钥索引和终端生成密钥的认证请求时,根据索引查找到或生成Ks,再由业务平台对终端上报的同一用户的用户密钥进行验证,如相同,则将该消息通知业务密钥管理单元,否则,返回错误码给终端;业务密钥管理单元,用于在业务配置后,如收到用户密钥管理单元发送的用户密钥确认信息,则可以该用户密钥为参数,用规定的加密算法对业务密钥加密,生成、存储相应的业务密钥,并建立与业务密钥标 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security system, it may also have the following characteristics, the key management module, further comprising: a user key management unit, the key management service unit, the service key distribution unit, the program stream key encryption unit, wherein: the user key management unit for generating a user key, and stores or updates; Ks acquired from the terminal to initialize the service platform, to generate the user key, when the service platform comprises a terminal receives user when the terminal generates the authentication and key index key request, or look to the index Ks is generated, by the same user then reported by the terminal service platform for user authentication key, such as the same, the key management message notification service units, otherwise, return an error code to the terminal; key management unit, configured to configure the service, receives a user key of the user key management unit transmits acknowledgment information, the user key may be a parameter, with a predetermined the encrypted service key encryption algorithm to generate, store the corresponding service key, the service key and establish standard 识的一一对应关系,业务密钥通过业务标识,与节目流标识相关联,业务密钥具有本网密钥标识唯一性,并有各自的有效期;业务密钥分发单元,用于通过业务中心分发业务密钥,业务平台根据用户的订购关系,向已订购业务的用户发送用该用户的用户密钥加密后的业务密钥;以网络主动推送方式为主,或者在收到终端获取业务密钥的请求时,找到相应的业务密钥,由用户密钥加密后发送给终端;节目流密钥加密单元,指业务平台接收广播系统网络加扰器发送的节目流密钥,用相应业务密钥加密后,将已加密的节目流密钥、节目流密钥标识及其他加密参数按指定数据格式封装成节目流密钥消息,返回给加扰器。 Knowledge of the correspondence relationship between the service key through the service identifier identifies the program stream associated with the service key unique key identifying this site, and have their validity; service key distribution unit by the service center for distributing the service key, the service platform according to the user's subscription, the user has subscribed to the service transmits the service key encrypted with the user key of the user; network-based active push mode, or density to obtain a service of receiving terminal when the request key to find the corresponding service key, the encrypted key is transmitted to the terminal by a user; key encryption unit program stream, a program stream key means receiving a broadcast service platform system network scrambler transmitted, encrypted with corresponding service after the encryption key, the encrypted key program stream, a program stream key and other cryptographic parameters identifying the specified data format encapsulated into a program stream key message, returns to the scrambler.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的系统,还可以具有以下特点,广播系统网络包括:节目源编码模块,用于对各个原始接入的音视频内容进行压缩编码,输出给加扰器;加扰器,用于生成、存储和更新节目流密钥,将节目流密钥发送到各个移动通信系统网络,并将接收到的加密控制信息加以存储;由加密后节目流密钥控制字加密编码后的节目流,并将所述节目流和加密控制信息输出到复用系统;复用系统,用于将多个加密后的节目流及其在多个移动通信系统网络的加密控制信息复用,通过广播系统网络输出。 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security system, may also have the following characteristics, network broadcasting system comprising: a program source coding means for each of the original audio and video content access coding, output to scrambler; scrambler for generating, storing and updating the program stream key, the program sends the key stream to each of the mobile communication system network, and the received encrypted control information to be stored; program stream encrypted by the secret after the control words encryption key encoded program stream and the program stream, and outputs the encrypted control information to the multiplexing system; multiplexing system, the program stream for a plurality of encryption in mobile communication systems and networks multiplexing the encrypted control information, is output through a broadcast network system.

进一步,上述实现多网融合移动多媒体广播系统密钥安全的系统,还可以具有以下特点,加扰器,进一步包括节目密钥管理模块和加密机,其中,节目密钥管理模块,用于对节目流密钥的控制字、加密后控制字、加密周期、加密时长进行管理,不断生成、存储和更新控制字;通过与多个移动通信系统网络业务平台的接口向该业务平台发送节目流密钥加密请求,携带会话标识、节目流标识、节目流密钥标识和节目流密钥数据;并从该业务平台获得节目流加密控制信息并储存,包括加密后的节目流密钥、业务密钥标识和移动通信系统网络的标识参数;通过与内容播控系统的接口获得对应节目的起始、结束的时间信息,对齐开始新的加密周期,以及节目流密钥用作加密的加密周期范围,作为与业务平台的节目流密钥同步的依据;加密机,使用加密后的节 Further, to achieve the above-described multi-network integration mobile multimedia broadcast system key security system, may also have the following characteristics, scrambler, further comprising a key management module and a program encryption unit, wherein the key management program module, a program for key stream of control words, encrypted control word, encrypted cycle length encryption management, continue to generate, store, and update control word; transmitting program stream key by the mobile communication system with a plurality of network interfaces to the service platform service platform encryption request carries the session identifier, the program flow identifier, a program identifier and a program stream key stream key data; program stream and obtaining and storing the encrypted control information from the service platform, including a program key encrypted stream, the service key identifier and the mobile communication system network identification parameter; obtaining interfaces with content control system corresponding program starting time information ends, aligned to start a new cycle of encryption, and the encryption key as the period range encrypted program stream, as synchronized with the program stream key business platform based; encrypted machine, using encryption section 流密钥来加密编码后的节目流,复用多个网络的加密控制信息到输出数据流中,并输出到复用系统。 Key encrypted program stream encoded stream, multiplexing the encrypted control information to the plurality of network output data stream, and outputs to the multiplexing system.

与现有技术相比,在移动多媒体广播系统网络与多种或多个移动通信系统网络业务平台融合的情况下,设计和提出了密钥安全的方法。 Compared with the prior art, in case of the mobile multimedia broadcast system or a network with a plurality of mobile communication systems network convergence service platform, designed and made key security methods. 使得移动多媒体广播系统网络可以融合多种或多个具有不同密钥管理功能的移动通信系统网络业务平台,移动多媒体广播系统的一个节目流可以同时服务于这些移动通信系统网络业务平台,极大节约了频谱资源和降低了融合系统的复杂性。 So that the network may be a mobile multimedia broadcast system having a plurality of different fusion or more key management functions of the mobile communication system network service platform, a mobile multimedia broadcast system program stream may simultaneously serve these mobile communication systems network service platform, to save a great the spectrum resources and reduces the complexity of system integration.

附图说明 BRIEF DESCRIPTION

图1是实施例中广播系统网络和多种移动通信系统网络融合的示意图。 FIG 1 is a schematic diagram of a broadcasting system and a plurality of mobile communication network system network convergence embodiment.

图2是实施例中广播系统网络和某个移动通信系统网络融合的示意图。 FIG 2 is a schematic diagram of a broadcast system and a mobile communication network system network convergence embodiment.

图3是实施例中移动用户终端业务使用流程的示意图。 FIG 3 is a schematic diagram of the mobile terminal user service usage process embodiment.

图4是实施例中节目流密钥加密过程的序列图。 FIG 4 is a sequence diagram of the program stream key encryption process embodiment.

具体实施方式 detailed description

下面结合附图,对本发明的具体实施进行说明。 Below with the accompanying drawings, a specific embodiment of the present invention will be described.

图1是移动多媒体广播系统网络和多种移动通信系统网络融合的结构图,包括多种或多个移动通信系统网络(MN)101、104,多个用户终端(UE)102、103和移动多媒体广播系统网络(BN)105,以广电移动多媒体广播系统网络为例。 FIG 1 is a configuration diagram of a mobile multimedia broadcast system networks and multiple mobile communication systems network convergence, 101, 104, a plurality of user terminal (UE) comprises a plurality of mobile communication systems or networks (MN) 102,103 and Mobile Multimedia broadcast system network (BN) 105, to the mobile multimedia broadcast system broadcasting network as an example.

移动通信系统网络MN101和104,用于实现移动多媒体广播业务平台功能,以及移动网络承载功能。 The mobile communication system network MN101 and 104, for implementing functions of a mobile multimedia broadcast service platform, and mobile network carrier function. 与用户终端交互,完成业务发现、订购/退订、业务指南服务和管理、业务信息配置、审核管理、鉴权、密钥生成和分发、计费和统计等;与广播系统网络105交互,完成业务密钥对节目流密钥的加密、节目内容信息同步等;用户终端UE102、103,包括了手机设备和卡的功能,在这里不区分机卡合一、还是分离。 User terminal that interacts business and found Subscribe / unsubscribe, guide service and business management, business information configuration, audit, management, authentication, key generation and distribution, billing and statistics; interact with the network broadcasting system 105, complete service key encryption key for the program stream, synchronization, program content information; user terminal UE102,103, comprising mobile devices and a function card, where the card is not the sorter one, or separation. 用于接收广播系统网络105加密的节目流,以及和各自对应类型、位置的移动通信系统网络101、104交互,进一步包括以下主要模块:初始化模块,用于在初始化过程中从业务平台获得ks生成用户密钥,以及获得归属的移动通信系统网络业务平台编码(MNSP_Code);用户密钥用于加密业务密钥和解密得到业务密钥,每个用户的用户密钥各不相同。 For receiving a broadcast program stream encryption system network 105, and each corresponding type well, the position of the mobile communication system 101, 104 of the interactive network, the main module further comprising: an initialization module for obtaining ks is generated from service platform during initialization user key, and access to the home network of the mobile communication system service platform coding (MNSP_Code); user key used to encrypt the service key and the decrypted service key, a user key of each user vary.

用户认证模块,用于和移动通信系统网络交互完成终端的认证过程,并在终端认证请求带上用户密钥索引(用户名)和自己生成的密钥(密码),以供移动通信系统网络侧验证。 Subscriber identity module, a mobile communication system for network interaction and complete the authentication process of the terminal, and requests the user to bring key index (username) and a key (password) of the self-generated terminal authentication, in order for the mobile communication system network side verification.

业务密钥管理单元,用于接收移动通信系统网络业务平台为已订购业务的用户分发的当前业务密钥、业务密钥标识及其节目流密钥有效序列号区间,加以存储或更新;如开始使用业务时,本地没有存储有效的业务密钥,则发起主动请求从相应移动通信系统网络获取该业务的业务密钥。 Key management unit for receiving the current service key service platform of the mobile communication system network user has subscribed for the distribution service, the service key identifier and a program stream key section valid serial number, to be stored or updated; such as start when using the service, not stored locally valid service key, the service key initiates active request acquisition of the respective service from the mobile communication system network. 不同移动通信系统网络业务平台及其终端自成体系,终端只接收到所签约的移动通信系统网络业务平台分发的业务密钥等信息,并且已由相应用户密钥加密。 Different mobile communication systems network terminal service platform and self-contained, the terminal receives only information of the mobile communication system network subscription service key distribution service platform, etc., and the corresponding encrypted by the user key.

节目流接收模块,用于根据当前节目的Stream ID接收相应节目流,包括可接收加密节目流密钥信息。 Program stream receiving module for receiving a program stream according to the corresponding Stream ID of the current program, the program comprises receiving an encrypted key stream message.

节目流解密模块,根据MNSP_Code从节目流中选择使用本网络对应的节目流加密控制信息,获得相应的业务密钥标识SK_ID,根据该标识选择使用终端上存储的加密后业务密钥,用本地的用户密钥为参数加以解密得到业务密钥,再用该业务密钥解密加密后节目流密钥(CW),验证密钥有效性,得到有效的节目流密钥再用来解密节目数据流。 Decryption module program stream, according to the selected program stream MNSP_Code program stream encrypted using the local network corresponding to the control information to obtain the corresponding service key identifier SK_ID, choose the service key stored encrypted on the basis of the terminal identifier, with a local user key parameters to be decrypted service key, the service key and then decrypting the encrypted program stream key (the CW), the validity of the authentication key, effectively re-program stream key is used to decrypt the program data stream. 所述节目流密钥ID值,是一个时间周期序号,如果该序号在节目流密钥有效序列号区间范围内,则密钥有效。 The program stream key ID value, is a number of time periods, if the sequence number in the program stream key interval range of valid sequence numbers, the key is valid.

此外,终端还包括提供移动多媒体广播业务应用的客户端;业务发现模块,用于获取和显示电子节目指南(ESG)的信息;业务订购和退订模块;节目选择模块,用于供用户选定所观看的节目,并根据节目单信息中获得当前节目的Stream_ID;以及用于解复用、解码播放节目流、多媒体展示、鉴权及计费等多个功能模块。 In addition, the terminal further comprising providing the client application of mobile multimedia broadcasting service; service discovery module, for acquiring and displaying information on an electronic program guide (ESG); the service subscription and unsubscription module; program selection module for a user to select the viewed program and the currently obtained Stream_ID programs based on program guide information; and for demultiplexing, decoding broadcast program stream, multimedia presentations, authentication and billing functions of a plurality of modules.

广播系统网络(BN)105,主要用于节目流编码、加密、复用和广播,BN和MN具有内容信息同步接口和节目流加密接口。 Broadcast system network (BN) 105, the main program stream for encoding, encrypting, multiplexing and broadcasting, BN and MN content information having synchronous interface and the interface encrypted program stream.

图2是广播系统网络和其中某个移动通信系统网络融合的示意图,更细化说明了移动通信系统网络的业务平台功能模块,以及广播系统网络的功能模块。 FIG 2 is a schematic diagram of a broadcasting system wherein a network and a mobile communication network convergence system, a more detailed description of the mobile communication system network service platform function module, and a broadcast network system function modules.

用户终端201,具有移动多媒体广播系统的应用客户端;移动网络202,即CDMA1x或CDMA2000类型网络的PDSN网元,或GSM/GPRS或WCDMA类型网络GGSN网元,提供与业务平台接口的分组域核心网重要功能系统;WAP网关系统203,在该业务网络中是移动用户终端与业务平台进行HTTP交互的代理。 User terminal 201, with the application client mobile multimedia broadcast system; mobile network 202, i.e. CDMA1x or CDMA2000 network type PDSN NE, or GSM / GPRS or WCDMA network type GGSN network element, there is provided a packet switched core with the service platform interface network important function of the system; the WAP gateway system 203, the service network is a mobile user terminal and the service platform interacts HTTP proxy. 不是必选设备,特别对于CDMA1x或CDMA2000类型的网络;移动通信系统网络的业务平台进一步包括以下模块:业务中心204、密钥管理模块205、ESG服务模块206和业务管理模块207,其中:业务中心204,提供与用户终端的业务接口,以及实现业务平台的业务逻辑控制,调度和使用业务平台内或其他业务平台功能模块,实现诸如订购/退订业务、分发业务密钥、业务计费等功能;密钥管理模块205,用于支持用户密钥、业务密钥和节目流密钥的管理功能,进一步包括:用户密钥管理单元、业务密钥管理单元、业务密钥分发单元、节目流密钥加密单元,其中:用户密钥管理单元,用于根据从HLR获取的鉴权多元组的基础上查找到或生成Ks,再根据该Ks生成用户密钥,并进行存储或更新。 Not mandatory equipment, particularly for the type of network or CDMA2000 CDMA1x; mobile communication system network service platform module further comprises: a service center 204, the key management module 205, ESG service module 206 and the service management module 207, wherein: the service center 204, service interface provides a user terminal, and the service platform to achieve service logic control, scheduling and service platform using the platform or other business functional blocks, such as to achieve Usually / unsubscribe services, distribution of the service key, service billing and other functions ; key management module 205, for supporting a user key, service key management key and the program stream, further comprising: a user key management unit, the key management service unit, the service key distribution unit program stream density key encryption unit, wherein: the user key management unit configured to search the authentication tuple the base obtained from the HLR to generate or Ks, Ks then generated according to the user key, and stores or updates. 当业务平台收到终端的包含用户密钥索引和终端生成密钥的认证请求时,对终端上报的同一用户的用户密钥进行验证,如相同,则将该消息通知业务密钥管理单元,否则,返回错误码给终端。 When the terminal receives the authentication service platform comprises a key index and the user terminal generates a request for the key, the user terminal reports the same user authentication key, such as the same, the key management unit notifies the service message, otherwise error code is returned to the terminal.

业务密钥管理单元,用于在业务配置后,如收到用户密钥管理单元发送的用户密钥确认信息,则可以该用户密钥为参数,用规定的加密算法对业务密钥加密,生成、存储相应的加密后业务密钥,并建立与业务密钥标识的一一对应关系,业务密钥通过业务标识,与节目流标识相关联,业务密钥具有本网密钥标识唯一性,并有各自的有效期。 Key management unit, configured to configure the service, receives a user key of the user key management unit transmits acknowledgment information, the user key may be a parameter with a predetermined encryption algorithm to encrypt the service key, to generate storing respective encrypted service key, and establish a correspondence relationship with the identification of the service key, service key through the service identifier identifies the program stream associated with the service key this site unique key identifier, and They have their own validity. 该模块还进行有效期管理,用于指导密钥更新以及有效性验证等。 The module is also valid for management to guide the key update and validation and so on. 对于包月类型业务,要每月定期更新业务密钥。 For a monthly subscription type service, to be updated monthly service key.

业务密钥分发单元,用于通过业务中心分发业务密钥,业务平台应能够根据用户的订购关系,向已订购业务的用户发送用该用户的用户密钥加密后的业务密钥、业务密钥标识及其节目流密钥有效序列号区间。 Service key distribution means for distributing the service key through the service center, the service platform should be capable of transmitting a key service key encrypted with the user's user has subscribed to the user service according to the user's subscription, the service key its program stream identification key is valid sequence number range. 以网络主动推送方式为主,也可在收到终端获取业务密钥的请求时,找到相应的业务密钥,由用户密钥加密后和业务密钥标识及其节目流密钥有效序列号区间一起发送给终端。 When the network-based active push mode, the terminal may receive the acquisition request of the service key, to find the appropriate service key, the key is encrypted by a service key and a user identification and a valid program stream key section sequence number transmitted together to the terminal.

节目流密钥加密单元,指业务平台能够接收广播系统网络加扰器发送的节目流密钥,用相应业务密钥加密后,将已加密的节目流密钥、节目流密钥标识及其他加密参数按指定数据格式封装成节目流密钥消息,返回给加扰器。 Key encryption unit program stream, a program refers to a service platform capable of receiving a broadcast stream key system network scrambler transmitted, after encryption using the corresponding service key, the key encrypted program stream, a program stream key and other cryptographic identifier encapsulating the data format specified parameter into the program stream key message, it returns to the scrambler.

各移动通信系统网络MN的业务平台根据自身需要,具有不相干的广播/组播业务平台密钥管理系统,甚至会使用不同的加密方法。 Each mobile communication network MN service platform system according to their needs, with irrelevant broadcast / multicast service platform key management system, even use different encryption methods.

ESG服务模块206,具有与广播系统网络的接口,接收广电侧手机电视系统发送的业务信息,提供管理员提交的频道及内容信息功能,生成业务指南;根据用户请求,通过移动通信系统网络将已生成的业务指南发送给用户终端;业务管理模块207,处理用户的订购或退订请求,存储并维护用户订购关系;以及负责管理该广播系统网络所提供业务的信息管理功能,提供管理员审批、配置业务的功能,并在业务配置完成后,通知业务密钥管理单元生成对应的业务密钥;其他网元213,例如BOSS等系统,对于GSM/GPRS或WCDMA类型网络,还有BSF,HLR/HSS等系统。 ESG service module 206, a broadcast system has an interface with the network, traffic information receiving-side mobile TV broadcasting transmission system, providing a channel and content information submitted by the administrator function generates service guide; according to a user request, the mobile communication system network which has been the traffic generated guide sent to the user terminal; service management module 207, handles user subscription or unsubscribe request, stores and maintains user subscription relationship; and is responsible for managing the broadcast system information provided by the network management business, providing administrator approval, service configuration function and the service configuration, the key management unit generates a notification service corresponding to the service key; other network elements 213, for example systems BOSS, for the GSM / GPRS network or WCDMA type, as well as BSF, HLR / HSS and other systems.

广播系统网络包括:复用系统208,用于将多个加密后的节目流及其在多个移动通信系统网络的加密控制信息复用,通过广播系统网络输出;加扰器,进一步包括:节目密钥管理模块210,用于对节目流密钥的控制字(CW)、加密后CW、加密周期CP、加密时长等进行管理,不断生成、存储和更新CW。 Network broadcast system comprising: a multiplexing system 208, the program stream for a plurality of encryption and encrypted control the mobile communication system a plurality of information multiplexing network, the broadcasting system through the network output; scrambler, further comprising: a program key management module 210, a control word stream key of the program (the CW), encrypted CW, the CP period encryption, encrypted management and long continuously generated, stored and updated CW. 通过与多个移动通信系统网络业务平台的接口向该业务平台发送CW等信息,并从该业务平台获得加密后CW(即加扰CW)等节目流加密控制信息(ECM),提供给加密机209;以及,通过与内容播控系统的接口获得对应节目的起始、结束的时间等信息,对齐开始新的CP,以及CW用作加密的CP范围,以作为与业务平台的节目流密钥同步的依据。 Transmitted by the mobile communication system with a plurality of network interfaces to the service platform service platform CW and other information, and the encrypted CW is obtained from the service platform (i.e. scrambling CW) and other control information encrypted program stream (the ECM), is supplied to the encryption machine 209; and, obtained starting with the corresponding program content broadcast via the interface control system, the end time and other information, start a new alignment of CP, CP and CW as encrypted range, to a program stream key as a service platform synchronous basis.

加密机209,使用CW来加密编码后的节目流,复用多个网络的加密控制信息到输出数据流中,并同步输出到复用系统;节目源编码模块211,用于对各个原始接入的音视频内容进行压缩编码,输出给加扰器;内容播控管理模块212,用于对节目流编排,生成各个时间段不重叠的节目单元;还具有和加扰器以及移动通信系统网络业务平台接口,和移动通信系统网络业务平台同步节目内容的信息,该信息不含节目流数据本身;图3是用户终端业务使用流程示意图,包括以下步骤:步骤301,用户启动终端上的移动多媒体广播系统的客户端,客户端程序开始工作; Encryptor 209, a CW encrypted program streams to coding, multiplexing the encrypted control information to the plurality of network output data stream, and outputs it to the synchronous multiplexing system; program source coding module 211 for each access to the original the compression-coded audio and video content, to the scrambler output; content control management module 212, a schedule for the program stream, a program generation unit each time period do not overlap; further having a scrambler and a mobile communication network service system platform interface, and program content information for synchronizing the mobile communication system network service platform, the program stream data itself does not contain information; FIG. 3 is a schematic flow chart of the user terminal using the service, comprising the following steps: step 301, the user starts the mobile multimedia broadcast terminal client system, the client program to work;

步骤302,综合判断是否需要取ESG,如果是,执行步骤303,否则,执行步骤304;判断内容包括:是否每次开机都必须重新获取ESG,本地是否有ESG,以及本地ESG是否过期或不是最新。 Step 302, to determine whether the need to take a comprehensive ESG, and if so, step 303 is performed, otherwise, step 304; judgment include: whether each boot to re-acquire ESG, ESG whether there are local, and the local ESG has expired or not up to date .

步骤303,通过HTTP等方式和业务平台交互,获取ESG数据;当遇到中断时,可以转312,询问是否退出处理,如果退出,结束;否则,继续处理过程,处理完成后执行步骤304;中断情况包括接收时发生故障超过指定次数,用户中断操作等。 In step 303, by way of interactive business platform and HTTP, etc., to obtain ESG data; when it comes to interrupt, can turn 312, asking whether to exit the process if the exit end; otherwise, the process is continued, after the completion of the process of step 304; interrupt including the case of failure than a designated number is received, a user interrupt operation.

步骤304,根据客户端展示的ESG,用户查看当前和未来的业务,选择观看有效的电视节目;用户可以操作选择使用业务。 Step 304, according to ESG client display, the user to view the current and future business, choose to watch TV programs effective; the user can choose to use the operating business. 对于当前进行中的节目,可以立即订购、观看;对于将来业务,可以先订购,到时收看。 For the current progress of the program, it can be ordered immediately, watch; for future business, you can order, when to watch.

步骤305,判断用户是否需要先订购,如果是,执行步骤306,否则,执行步骤307;步骤306,用户进行业务订购,终端通过和移动通信系统网络业务平台交互,完成业务订购过程;当遇到中断时,可以转312,询问是否退出处理,如果退出,结束;否则,继续处理过程,处理完成后则执行步骤307;步骤307,终端根据用户选择使用的当前业务,以业务标识Service_ID标识业务,解复用接收对应加密的节目流,同时可接收节目流的加密节目流密钥信息,所述Service_ID与节目流标识Stream_ID对应;步骤308,终端根据ECM信息中的业务密钥标识SK_ID,判断终端上是否已存储对应有效的业务密钥,如果有,执行步骤310,否则,执行步骤309;步骤309,终端主动向移动通信系统网络业务平台发起业务密钥请求,在该请求中携带业务密钥标识,业务平台收到后,根据其中的业务密钥 Step 305 determines whether the user needs to order, if yes, perform step 306, otherwise, perform step 307; step 306, the user service subscription, the terminal service platform through the network, and interact with the mobile communication system, service subscription process is completed; when encountered interrupt, can turn 312, asking whether to exit the process if the exit end; otherwise, the process is continued, the processing after the completion of executing step 307; step 307, the terminal according to the user chooses to use the current business to business identity Service_ID identify services demultiplexing the received stream corresponding to the encrypted program, while receiving encrypted program stream key information of the program stream, the program stream Service_ID and the corresponding identifier Stream_ID; step 308, the terminal according to the service SK_ID ECM key identification information, whether the terminal if the stored service key corresponding to a valid, if so, step 310 is performed, otherwise, perform step 309; step 309, the terminal initiates the service key request to the mobile communication system network service platform, the service key carried in the request identity, after receipt of the service platform, according to which the service key 标识找到相应的业务密钥,用该终端的用户密钥加密后返回给该终端;当遇到中断时,该步可以转312,询问是否退出处理,如果退出,结束;否则,继续处理过程,处理完成后则执行步骤310;步骤310,终端使用ECM解密单个加密节目流;其过程为:终端从节目流获得多个网络ECM,根据终端存储的MNSP_Code信息,选择使用ECM。 Identifies find the appropriate service key to return to the terminal after the key is encrypted with the user of the terminal; when it comes to interrupt, this step can turn 312, asking whether to exit the process if the exit end; otherwise, the process is continued, after processing the step 310; step 310, the terminal uses a single ECM decrypting the encrypted program stream; the process of: obtaining a plurality of network terminals ECM from the program stream stored in the information terminal according MNSP_Code selects the ECM. 根据ECM中业务密钥标识,选择终端存储的加密后业务密钥,终端使用其上的用户密钥对其解密后,利用得到的业务密钥和相应的解密算法来解密ECM中加密后的节目流密钥,判断其有效性,如有效,再用得到的有效节目流密钥解密节目流数据。 The ECM identifying the service key, select encrypted service key stored in the terminal, the terminal uses a user key which decrypts them, using the obtained service key and a corresponding decryption algorithm to decrypt the encrypted ECM in the program stream key, its validity is determined, such as effective, then the program stream to obtain effective data key to decrypt the program stream.

当遇到中断时,可以转312,询问是否退出处理,如果退出,结束;否则,继续处理过程,处理完成后则执行步骤311。 When faced with interruption, you can turn 312, asking whether to exit the process if the exit end; otherwise, the process is continued, the processing is performed after the completion of step 311.

步骤311,对解密后的节目流数据解码和播放显示,执行步骤313;当遇到中断时,可以转312,询问是否退出处理,如果退出,结束;否则,继续处理过程,处理完成后则执行步骤313;步骤313,退出客户端。 In step 311, the program data stream decoding and playing the decrypted display, perform step 313; when it comes to interrupt, can turn 312, asking whether to exit the process if the exit end; otherwise, the process is continued, after the completion of the processing is performed step 313; step 313, exit the client. 一般是由于用户操作退出。 Generally due to user operation of exit.

图4是节目流密钥加密过程的示意图,包括以下步骤:步骤401,广播系统网络的节目密钥管理模块210根据管理规则,不断生成、存储和更新CW,并管理其加密使用期;步骤402,节目密钥管理模块210根据配置的规则,通过与多个移动通信系统网络的业务平台密钥管理模块205之间的接口,向其发送节目流密钥加密请求消息,请求消息携带的参数包括会话标识Session_ID、节目流标识Stream_ID、控制字标识CW_ID和控制字数据CW_Data;步骤403,各移动通信系统网络的密钥管理模块205接收节目密钥管理模块210加密请求,根据输入参数Stream_ID匹配找到对应的业务密钥,使用该业务密钥作为参数,加密控制字数据,并生成一定格式的ECM,该ECM的格式详见下文;步骤404,各移动通信系统网络的密钥管理模块205向节目密钥管理模块210发送节目流密钥加密响应消息,使用与请求一 FIG 4 is a schematic diagram of a program stream key encryption process comprising the following steps: Step 401, a broadcast program key system network management module 210 according to the management rules, continuously generating, storing and updating CW, and manage their use of encryption; step 402 parameters, a program key management module 210 according to the rules configured by the interface 205 between the plurality of mobile communication systems network service platform key management module, to send the key encryption program stream request message, the request message comprising the Session_ID session identifier, a program identifier stream_id stream, the control word and the control word data identification CW_ID CW_Data; step 403, each mobile communication network system, a key management module 205 receives a program request encryption key management module 210, according to the input parameters to find the corresponding match stream_id the service key, the service key is used as a parameter, encrypted control word data, and generating the formatted ECM, the ECM format detailed below; step 404, each mobile communication network system, a key management module 205 to program secret key management module 210 transmits a program stream key encrypted response message using a request 样的Session_ID和Stream_ID,并带上生成的ECM; And the like Session_ID Stream_ID, and bring ECM production;

步骤405,节目密钥管理模块210存储各移动通信系统网络返回的加密后的ECM;步骤406,节目密钥管理模块210在即将使用ECM前,将多个网络的ECM发送给加密机209;步骤407,加密机209接收到ECM后,向节目密钥管理模块返回响应。 Step 405, after the encrypted program key management module 210 stores each mobile communication network system returns ECM; step 406, the program key management module 210 immediately before use ECM, the ECM is sent to a plurality of network encryption engine 209; step 407, the encryption unit 209 receives the ECM, the program returns a response to the key management module.

此外,业务平台应能够根据用户的订购关系,向已订购业务的用户发送用该用户的用户密钥加密后的业务密钥、业务密钥标识及其节目流密钥有效序列号区间。 In addition, the service platform according to the user's subscription should be capable of sending user has subscribed to the service key encrypted with the service key to the user's user, the service key identifier and a program stream key valid serial number interval. 以网络主动推送方式为主,也可在收到终端获取业务密钥的请求时,找到相应的业务密钥,以用户密钥为参数加密后,和业务密钥标识及其节目流密钥有效序列号区间一起发送给终端。 When the network-based active push mode, the acquisition request may be received in the terminal service key, to find the appropriate service key, the user key for encryption parameter, and the program service key and stream key valid identification sequence number is transmitted together to the terminal section.

在广播系统网络,在完成广播节目流数据的编码后,使用该节目的节目流密钥来加密编码后的节目流,将加密后的节目流和加密节目流密钥信息同步输出到复用系统复用后广播发送。 Network in a broadcasting system, a broadcast program after the completion of encoded data stream, the program stream key used to encrypt the program coded program stream, the program stream and stream key encrypted program information to multiplexing system synchronized encrypted after sending broadcast multiplexing. 该加密节目流密钥信息包含每一节目流的标识及其在每个移动通信系统网络的ECM。 The encrypted program key information stream comprises identifying each program in the ECM stream and each of the mobile communication system network.

上述流程中的节目流密钥加密请求消息数据参数包括:会话标识Session_ID,用于连接节目密钥管理模块210和密钥管理205的会话,唯一标识某次会话消息的标识;节目流标识Stream_ID,是节目密钥管理模块210和业务平台用来唯一标识一个节目流的标识;加密周期开始序号CP_Index,表示该次传递的CW数据,用于加密节目流的CP开始序号;加密周期开始的绝对时间CP_Timestamp,与CP_Index对应,该参数是可选的;加密持续时间长度的周期数量CP_Duration,用于表示该CW即将被用于加密节目流的持续CP数量(时长); The above-described key encryption program stream flow parameter data request message comprises: a session identifier the Session_ID, for connection management program key 210 and key management module 205 of the session, a session identifier uniquely identifies a message; program stream identifier stream_id, key management module 210 is a program and service platform identifier used to uniquely identify a program stream; cycle start sequence number encrypted CP_Index, CW represents the data transfer times for CP start sequence number encrypted program stream; start absolute time cryptoperiod CP_Timestamp, and CP_Index corresponding to the parameter is optional; the number of cycles duration of the length of the encryption CP_Duration, CW is going to be used to indicate that a sustained level of encrypted program streams CP (duration);

控制字(节目流密钥)标识CW_ID;控制字(节目流密钥)数据CW_Data,用于表示CW被业务密钥加密之前的原始CW数据;移动通信系统网络编码BN_Code,用于标识不同移动多媒体广播系统,保留供扩展用,该参数是可选的。 Control word (the key program stream) identification CW_ID; control word (key program stream) data CW_Data, raw data before being encrypted CW key CW is used to indicate traffic; mobile communication system network coding BN_Code, for identifying different mobile multimedia broadcast system, reserved for spreading, this parameter is optional.

以上参数作为请求消息参数,不局限其顺序,且可能有其他补充参数。 The above parameters as a request message parameter, not limited to the order, and there may be other supplemental parameters. 其中Session_ID、Stream_ID、CW_ID、CW_Data是不可或缺的重要参数。 Which Session_ID, Stream_ID, CW_ID, CW_Data is an indispensable parameter.

上述流程中的节目流密钥加密响应消息中的数据参数包括:会话标识Session_ID,连接节目密钥管理模块210和密钥管理205的会话,唯一标识某次会话消息的标识,该参数与请求消息的会话标识参数匹配;节目流标识Stream_ID,是节目密钥管理模块210和业务平台用来唯一标识一个节目流的标识,该参数与请求消息的节目流标识参数匹配;加密周期开始序号CP_Index,表示该次传递的CW数据,将被用于加密节目流的CP开始序号;以及ECM的组成信息:加密后的控制字CW_Edata,即加密节目流密钥;业务密钥标识SK_ID;移动通信系统网络业务平台编码MNSP_Code。 The above-described key encryption program stream flow parameter response data message comprises: a session identifier identifying the Session_ID, the key management module 210 connected to a program and key management session 205 uniquely identifies a session message, the request message parameter session identification parameter matches; program stream identifier stream_id, the key management module 210 is a program and service platform identifier used to uniquely identify a program stream, the program stream parameter identification parameter matches the request message; cycle start sequence number encrypted CP_Index, represents the secondary data transmitted CW, CP will be used to start sequence number encrypted program stream; and the ECM composition information: the encrypted control word CW_Edata, i.e. encrypted program stream key; service key identifier SK_ID; mobile communication system network traffic platform encoding MNSP_Code.

ECM中移动通信系统网络业务平台编码MNSP_Code,表征了某特定网络某业务平台,包括MN编码MNC、多媒体业务平台编码MSP和业务密钥体系编码。 ECM mobile communication system network service platform coding MNSP_Code, characterized by a network of a specific service platform, including the MNC MN coding, multimedia services, and internet service key encoding system encoding MSP. MNC是移动通信系统网络的标识,唯一区分了移动通信系统网络;MSP编码唯一标识了某移动通信系统网络业务平台;业务密钥体系的业务平台编码用来区分业务平台的业务密钥加解密节目流密钥的算法,可以忽略使用默认算法。 MNC identifies a network of mobile communication systems, uniquely identify the mobile communication system network; the MSP code uniquely identifies the mobile communication system of a network service platform; service platform service key encoding systems used to distinguish the service key decryption program service platform stream key algorithm, you can ignore the default algorithm.

以上参数不局限其顺序,且可能有其他补充参数。 The above parameters are not limited to the order, and there may be other supplementary parameters. 加密周期开始序号CP_Index是可选的。 CP_Index encryption cycle start number is optional.

下表是和节目流数据同时广播的加密节目流密钥信息的语法结构: The following table is a program stream syntax structure and the data simultaneously broadcast encrypted program key information stream:

可以看出,该结构中包括的参数有:节目流数量701,对每个节目流,包括以下信息:节目流标识702、移动通信系统网络业务平台数量703以及每个移动通信系统网络的ECM。 As can be seen, the configuration parameters included: 701 Number of program streams, each program stream, including the following information: identification program stream 702, the number 703 and each of the mobile communication system network of the mobile communication system network service platform ECM. 参数701-706的语法结构表示了加密节目流中,移动多媒体广播系统节目流套用多家不同移动网络运营商业务密钥,来加密节目流密钥,实现密钥安全的方法。 701-706 grammatical structure parameter represents the encrypted program stream, program stream mobile multimedia broadcast system to apply a number of different mobile network operator service key to encrypt program stream keys, key security methods. 以使广电控制节目流密钥,各移动运营商控制管理自己的业务密钥。 To control the radio and television program stream key mobile operators manage their business control keys. 确保安全保密同时,又方便了业务的开展应用。 At the same time to ensure the security and confidentiality, but also to facilitate the conduct of business applications.

Claims (16)

  1. 1.一种实现多网融合移动多媒体广播系统密钥安全的方法,应用于广播系统网络和多个移动通信系统网络融合的系统,所述广播系统网络有一加扰器,所述移动通信系统网络有一业务平台,该方法包括以下步骤:(a)广播系统网络的加扰器按设定规则生成、存储和更新节目流密钥,各移动通信系统网络的业务平台按设定规则生成、存储和更新业务密钥,业务密钥对应于唯一的业务密钥标识,各移动通信系统网络分别将业务密钥及其标识分发到订购了相应业务的用户终端;(b)广播系统网络的加扰器将节目流密钥发送到各个移动通信系统网络的业务平台,各业务平台以对应的业务密钥为参数对节目流密钥加密,并将加密控制信息返回所述加扰器,其中包括加密后的节目流密钥、业务密钥标识和移动通信系统网络的标识参数,加扰器对收到的加密控制信息 A multi-network integration mobile multimedia broadcast system key security methods, network broadcasting system applied to the system and a plurality of mobile communication systems network convergence, the broadcast network system with a scrambler, the mobile communication system network a service platform, the method comprising the steps of: (a) system network broadcast scrambler according to the set rule generating, storing and updating the program stream key, each mobile communication network system according to the set of rules to generate the service platform, and storage update service key, the service key corresponding to the unique service key identifier, each mobile communication network system and the service key identifier, respectively distributed to the user terminal corresponding to the ordered service; (b) a broadcast network system scrambler after transmission of the program stream key individual to the service platform of the mobile communication system network, each service platform in a corresponding service key encryption key as a parameter of the program stream, and returns the encrypted control information to the scrambler, including encryption program stream key, the service key identifies the parameter identifier and a mobile communication network system, a scrambler receives control information encrypted 以存储;(c)广播系统网络的加扰器使用节目流密钥加密编码后的对应节目流,并将节目流和加密节目流密钥信息一并输出,复用后广播发送,所述加密节目流密钥信息包含每一节目流标识及其在每个移动通信系统网络的加密控制信息;(d)用户终端选择节目后,接收相应的节目流及其加密控制信息,根据所属移动通信系统网络的标识找到对应的业务密钥标识,确定应使用的本地业务密钥,以该业务密钥为参数,解密加密后的节目流密钥,再用得到的节目流密钥解密节目流数据。 Stored; (c) broadcasting system using network scrambler program stream corresponding to the program stream encoding key encryption, and the encrypted program and a program stream together with stream key information output, multiplexed and broadcast transmission, the encryption each program stream comprising program stream key information and identification information encrypted control system, each mobile communication network; (d) the terminal user selects a program, the corresponding program received and the encrypted control message flow, according to the mobile communication system belongs identifying the network to find the corresponding service key identifier, the key should be used to determine the local traffic to the service key parameter, a program key by decrypting the encrypted stream, program stream key to decrypt the program data stream is then obtained.
  2. 2.如权利要求1所述的实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:步骤(a)中,所述用户终端生成用户密钥并在认证时上报业务平台,所述业务平台按相同规则为订购业务的用户生成用户密钥,并验证与该用户终端上报的用户密钥是否一致,如是,再以该用户密钥为参数加密业务密钥,然后将加密后的业务密钥及其标识发送到该用户终端存储;步骤(d)中,用户终端在确定了应使用的业务密钥后,先找到存储的加密后的业务密钥,以本地的用户密钥为参数解密得到业务密钥,再以该业务密钥解密加密后的节目流密钥。 Multi-network as claimed in claim 1 fusion mobile multimedia broadcast system security key, characterized in that: step (a), the user terminal generates a user key and reports the authentication service platform, the said service platform for the user is generated according to the same rules for ordering services user key, and verify the user terminal reports the user key are the same, and if so, then the user key to encrypt the service key parameter, and then the encrypted and the service key transmitted to the user terminal identifier stored; step (d), the user terminal after determining the service key to be used to find the encrypted service key stored in the key for the local user parameter decrypted service key, the service key to re-program stream encryption key decrypted.
  3. 3.如权利要求1所述的实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:步骤(b)进一步分为以下步骤:(b1)广播系统网络的加扰器根据配置的管理规则,通过与多个移动通信系统网络的业务平台的接口,向其发送节目流密钥加密请求,携带会话标识、节目流标识、节目流密钥标识和节目流密钥数据;(b2)各移动通信系统网络的业务平台收到加密请求后,根据节目流标识匹配找到对应的业务密钥,使用该业务密钥作为参数,加密控制字数据,并生成该节目流的加密控制信息;(b3)各移动通信系统网络业务平台向加扰器发送节目流密钥加密响应消息,使用与请求一样的会话标识和节目流标识,并带上生成的加密控制信息,包括加密后的节目流密钥、业务密钥标识和移动通信系统网络的标识参数;(b4)业务平台存储各移动通信系统网络返回的节目 3. The claimed multi-network integration mobile multimedia broadcast system key security method according to claim 1, wherein: step (b) is further divided into the following steps: (b1) a broadcast network system configured in accordance with the scrambler management rules, interfaces with a plurality of mobile communication systems network service platform, to send the key encryption program stream request carries the session identifier, the program flow identifier, a program identifier and a program stream key stream key data; (B2) after each mobile communication system network service platform receives an encrypted request, to find the matching program stream identifier corresponding to the service key, the service key is used as a parameter, the control word encrypted data, and generates the encrypted control information of the program stream; ( b3) each mobile communication system network service platform transmits to the scrambler key encrypted program flow response message, the request using the same session identifier and the flow identification program, and bring the generated encrypted control information, including the encrypted program stream cipher parameter identification key, the service key and the identifier of the mobile communication system network; (B4) stored in each mobile communication service platform system network program returns 流的加密控制信息。 Encryption stream control information.
  4. 4.如权利要求1所述的实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:步骤(d)进一步分为以下步骤:(d1)用户启动终端上的移动多媒体广播系统的客户端,客户端程序开始工作;(d2)客户端如判断需要获取电子业务指南,则和所述业务平台交互获取电子业务指南数据并展示,如不需要,则直接展示;(d3)用户根据客户端展示的电子业务指南,选择观看有效的电视节目,如该节目需订购,则和所述业务平台交互完成业务订购过程;(d4)终端根据用户选择使用的当前业务,根据业务标识解复用接收对应加密的节目流,同时可接收加密节目流密钥信息;(d5)终端从加密节目流密钥信息甲获得多个网络的加密控制信息,根据终端存储的移动通信系统网络的标识参数,选择使用该移动通信系统网络的加密控制信息;(d6)终端根据加密控制信息中的业务 4. The claimed multi-network integration mobile multimedia broadcast system key security method according to claim 1, wherein: step (d) is further divided into the following steps: (D1) a user starts the mobile multimedia broadcast system terminal client, the client program to work; (D2) is determined as the client needs to obtain electronic service guide, the service platform and the interactive electronic service guide data acquisition and display, if not required, the direct display; (D3) according to the user ESG client display, choose to watch a television program effectively, such as the need to order the program, the interactive service platform and the service subscription process is completed; (D4) according to a user terminal used by the current service, the service identifier according to the demultiplexing corresponding encryption reception program stream, while encrypted program stream received key information; (d5 of) a plurality of network terminal obtains the encrypted control stream information from the encrypted program key information a, the mobile communication system according to the identifier of the network terminal storage parameters selecting an encryption using the mobile communication system network control information; (d6) terminal according to the encryption control information in the service 钥标识,判断终端是否已存储对应有效的业务密钥,如否,则向移动通信系统网络业务平台发起业务密钥请求,获取用该终端的用户密钥加密后的该节目流的业务密钥,如是,执行下一步;(d7)终端使用本地的用户密钥对加密后的业务密钥解密,利用得到的业务密钥和相应的解密算法来解密加密控制信息中加密后的节目流密钥,再用得到的节目流密钥解密节目流数据。 Key identifier, the terminal determines whether the stored key corresponding to a valid service, if not, initiating a service key request to the mobile communication system network service platform, the service key using the acquired user program after the terminal key encryption stream if so, the next step; (D7) using the local terminal of a user key to decrypt the encrypted service key, the service key and the corresponding decryption algorithm to decrypt the encrypted using the obtained control information of the program stream encryption key , a program stream key to decrypt the program data stream is then obtained.
  5. 5.如权利要求2所述的实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:所述终端在初始化过程中从业务平台获取Ks,生成用户密钥,并获得用户密钥归属的移动通信系统网络的标识参数,用户认证时,终端认证请求带上用户密钥索引和自己生成的密钥,移动通信系统网络业务平台从HLR获取的鉴权多元组的基础上查找到或生成Ks,再根据该Ks生成用户密钥,业务平台对本地和终端上报的同一用户的用户密钥进行验证,如相同,将使用该用户密钥作为参数,用规定的加密算法对该用户所订购业务的业务密钥加密,否则,返回错误码给终端。 5. The multi network according to claim 2 mobile multimedia broadcast system key security fusion method, wherein: the terminal obtains service from the initialization process Ks is the platform, to generate the user key, and obtains the user key identification parameter a home network of a mobile communication system, user authentication, terminal authentication request and key index to bring their user-generated key, the mobile communication system from the network lookup service platform based authentication tuple to the HLR or acquired generating a Ks, which then generates a user key from Ks, the local service platform and the user terminal reports the same user authentication key, such as the same, the user key will be used as a parameter, the encryption algorithm specified by the user business key encryption order business, otherwise, an error code is returned to the terminal.
  6. 6.如权利要求3所述的实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:所述节目流密钥加密请求消息中的参数还包括以下几种中的一种或其组合:加密周期开始序号,表示该次传递的节目流密钥数据用于加密节目流的加密周期开始序号;加密周期开始的绝对时间;加密持续时间长度的周期数量,表示该节目流密钥即将被用于加密节目流的持续加密周期数量;以及移动通信系统网络编码,用于标识不同的移动通信系统网络;和/或所述节目流密钥加密响应消息中的参数还包括加密周期开始序号。 Or a parameter in the message flow encrypting said program request further comprises one of the following: multi network as claimed in claim 3, said mobile multimedia broadcast system key security fusion method, wherein composition: encryption cycle start sequence number, it means that the transmission of the stream key data used for encrypting the program cycle start number encrypted program stream; encryption cycle start absolute time; the number of cycles duration of the length of the encryption, the key stream indicates the program is about to number encrypted program streams continuously encryption period is used; and a mobile communication network coding system, used to identify different mobile communication system network; parameters message and / or the encryption key further comprises an encrypted program stream in response to the cycle start sequence number .
  7. 7.如权利要求1所述实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:所述移动通信系统网络的标识参数为移动通信系统网络业务平台编码,表征了特定移动通信系统网络业务平台,包括移动通信系统网络编码、多媒体业务平台编码和业务密钥体系编码;移动通信系统网络编码是移动通信系统网络的标识,唯一区分了移动通信系统网络;多媒体业务平台编码唯一标识了移动通信系统网络业务平台;业务密钥体系编码用来区分业务平台的业务密钥加解密节目流密钥的算法。 7. The implement of claim 1 mobile multimedia broadcast system key security methods multiplay claim, wherein: said identification parameters of the mobile communication network system for a mobile communication network service platform coding system, characterized by a specific mobile communication system network service platform, a mobile communication system including coding, multimedia services, and internet service key encoding system encoding; mobile communication system network identification code is a mobile communication network systems, uniquely identify the mobile communication system network; multimedia service code uniquely identifies the internet the mobile communication system network service platform; service key encoding systems used to distinguish the service platform service key decryption program stream key algorithm.
  8. 8.如权利要求1所述实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:步骤(a)中所述业务平台分发到终端的信息除业务密钥和业务密钥标识外,还包括节目流密钥有效序列号区间;步骤(d)中终端解密得到的节目流密钥为一个时间周期序号,终端先验证该序号是否在所述节目流密钥有效序列号区间范围内,如是,则密钥有效;再用得到有效的节目流密钥再用来解密节目数据流。 8. The method of the multi-network integration mobile multimedia broadcast system security key as claimed in claim, wherein: said step (a) is distributed to the service platform of the information terminal and a service key identifying the service key in addition to the outer further comprising a program stream key valid serial number interval; program stream key step (d) in the terminal obtained by the decryption to a number of time periods, the terminal ID to verify that a valid sequence number in the program stream key section within the range if yes, the key is valid; then effectively re-program stream key is used to decrypt the program data stream.
  9. 9.如权利要求1所述实现多网融合移动多媒体广播系统密钥安全的方法,其特征在于:步骤(a)中,所述业务密钥具有本网密钥标识唯一性,并有各自的有效期,有效期管理用于指导密钥更新以及有效性验证。 As claimed in one of the multi-network integration mobile multimedia broadcast system key security method of claim, wherein: step (a), the service key unique key identifier this site, and have their own the validity period management guidance for key update and validation.
  10. 10.一种实现多网融合移动多媒体广播系统密钥安全的系统,包括移动通信系统网络、用户终端和广播系统网络,其中,移动通信系统网络,用于实现移动多媒体广播业务平台功能,以及移动网络承载功能,与用户终端交互,生成、存储或更新用户密钥,完成业务密钥的生成、存储、更新和分发;与广播系统网络交互,完成业务密钥对节目流密钥的加密;用户终端,用于获取用户密钥,接收广播系统网络的节目流和加密控制信息,并解密相应的节目流,以及和各自对应类型、位置的移动通信系统网络交互,完成用户密钥的认证,存储或更新业务密钥;广播系统网络,用于生成、存储和更新节目流密钥,将节目流密钥发送到各个移动通信系统网络,并将接收到的加密控制信息加以存储;使用节目流密钥加密编码后的对应节目流,并将节目流和加密节目 A multi-network integration mobile multimedia broadcast system key security system, the system comprising a mobile communication network, a user terminal and a broadcast network system, wherein the mobile communication system network, for implementing functions of a mobile multimedia broadcast service platform, and a mobile bearer network function, interacts with the user terminal, generating, storing or updating user key, completion of generation, storage, and distribution of updated service key; interact with a broadcast network system, the completion of the program stream traffic key encryption key; user a terminal for acquiring the user key, the system receives a broadcast program stream and an encrypted network control information, and decrypts the corresponding program stream, and each correspond to a mobile communication system and network interaction type, location, user key authentication is completed, store or updating the service key; broadcast network system for generating, storing and updating the program stream key, the program sends the key stream to each of the mobile communication system network, and the received encrypted control information to be stored; using a fluid-tight program stream corresponding to the coding key encryption, and the encrypted program and a program stream 密钥信息复用后广播发送。 Key information broadcasting transmitter after multiplexing.
  11. 11.如权利要求10所述实现多网融合移动多媒体广播系统密钥安全的系统,其特征在于:用户终端进一步包括以下模块:初始化模块,用于在初始化过程中获得用户密钥以及归属的移动通信系统网络业务平台编码;用户密钥用于加密业务密钥和解密得到的业务密钥,每个用户的用户密钥各不相同;用户认证模块,用于和移动通信系统网络交互完成终端的认证过程,并在终端认证请求带上用户密钥索引和自己生成的密钥,以供移动通信系统网络侧验证;业务密钥管理单元,用于接收移动通信系统网络业务平台为已订购业务的用户分发的当前业务密钥、业务密钥标识及其节目流密钥有效序列号区间,加以存储或更新;节目流接收模块,用于根据当前节目的节目流标识接收相应节目流,包括接收加密节目流密钥信息;节目流解密模块,根据移动网络业务平 10 11. The claimed multi-network integration mobile multimedia broadcast system key security system of claim, wherein: the user terminal further includes the following modules: an initialization module configured to obtain a user key movement during initialization and attribution coding communication system network service platform; user key used to encrypt the service key and the decrypted service key, the user key of each user vary; the subscriber identity module for a mobile communication system, and to complete interactive terminal network authentication process and bring the terminal user authentication request generated by itself and the key index key, for authentication of the mobile communication system network side; key management unit for receiving the mobile communication system network service platform for the ordered service the current traffic distribution key of the user, the service key identifier and a program stream key section valid serial number, to be stored or updated; program stream receiving means for receiving a program stream according to the corresponding program stream identity of the current program, including receiving encrypted program stream key information; program stream decryption module, the mobile network service level 编码从节目流中选择使用本网络对应的节目流加密控制信息,获得相应的业务密钥标识,根据该标识选择使用终端上存储的加密后业务密钥,用本地的用户密钥为参数加以解密得到业务密钥,再用该业务密钥解密加密后节目流密钥,根据节目流密钥有效序列号区间验证密钥有效性,再用得到的有效节目流密钥解密节目数据流。 Scrambled program stream from the program stream corresponding to the selected network using the control information, to obtain the corresponding service key identifier, selecting the stored encrypted service key using the terminal according to the identification key to be decrypted with the user's local parameters get the service key, the service key and then decrypting the encrypted program stream key, the key validity verification based on the program stream key section valid serial number, the effective program stream key to decrypt the program stream then obtained.
  12. 12.如权利要求11所述实现多网融合移动多媒体广播系统密钥安全的系统,其特征在于:业务密钥管理单元,如开始使用业务时,本地没有存储有效的业务密钥,则发起主动请求从相应移动通信系统网络获取该业务的业务密钥;不同移动通信系统网络业务平台及其终端自成体系,终端只接收到所签约的移动通信系统网络业务平台分发的业务密钥,并且已由相应用户密钥加密。 The multi-network integration mobile multimedia broadcast system 12. The key security system as claimed in claim 11, wherein: Key management unit, such as when to start using business, effective local service key is not stored, initiating active request service key of the service from the respective mobile communication system network; different mobile communication systems network terminal service platform and self-contained, the terminal receives only the subscription service key of the mobile communication system network of distributed service platform, and have encryption key is used by the user.
  13. 13.如权利要求10所述实现多网融合移动多媒体广播系统密钥安全的系统,其特征在于:移动通信系统网络的业务平台进一步包括以下模块:业务中心、密钥管理模块,其中:业务中心,提供与用户终端的业务接口,以及实现业务平台的业务逻辑控制,调度和使用业务平台内或其他业务平台功能模块,包括分发业务密钥;密钥管理模块,用于生成、存储或更新用户密钥,并根据有效的用户密钥生成业务密钥,完成业务密钥对节目流密钥的加密。 As claimed in claim 10 said multi-network integration mobile multimedia broadcast system key security system, wherein: the mobile communication system network service platform module further comprises: a service center, the key management module, wherein: the service center , service interface provides a user terminal, and the service platform to achieve service logic control, scheduling and service platform using the platform or other service function module, including a service key distribution; key management module, for generating, storing or updating user key, service key and key generation, to complete the service program stream key encryption key pursuant to a valid user.
  14. 14.如权利要求13所述实现多网融合移动多媒体广播系统密钥安全的系统,其特征在于:密钥管理模块,进一步包括:用户密钥管理单元、业务密钥管理单元、业务密钥分发单元、节目流密钥加密单元,其中:用户密钥管理单元,用于生成用户密钥,并进行存储或更新;终端初始化时从业务平台获取Ks,生成用户密钥,当业务平台收到终端的包含用户密钥索引和终端生成密钥的认证请求时,根据索引查找到或生成Ks,再由业务平台对终端上报的同一用户的用户密钥进行验证,如相同,则将该消息通知业务密钥管理单元,否则,返回错误码给终端;业务密钥管理单元,用于在业务配置后,如收到用户密钥管理单元发送的用户密钥确认信息,则可以该用户密钥为参数,用规定的加密算法对业务密钥加密,生成、存储相应的业务密钥,并建立与业务密钥标识 As claimed in claim 13 said multi-network integration mobile multimedia broadcast system key security system, wherein: a key management module, further comprising: a user key management unit, the key management service unit, the service key distribution units, the program stream key encryption unit, wherein: the user key management unit for generating a user key, and stores or updates; Ks initialization terminal acquires from the service platform, to generate the user key, when the terminal receives the service platform when the user authentication request contains the terminal and a key index key generation, or the index generation Ks is found, then the service platform for the user terminal reported by the same user authentication key, such as the same, then the message notification service the key management unit, otherwise, return an error code to the terminal; key management unit, configured to configure the service, receives a user key of the user key management unit transmits acknowledgment information, the user key may be a parameter , using a predetermined encryption algorithm to encrypt the service key generation, storage keys corresponding service, and establishes the service key identifier 一一对应关系,业务密钥通过业务标识,与节目流标识相关联,业务密钥具有本网密钥标识唯一性,并有各自的有效期;业务密钥分发单元,用于通过业务中心分发业务密钥,业务平台根据用户的订购关系,向已订购业务的用户发送用该用户的用户密钥加密后的业务密钥;以网络主动推送方式为主,或者在收到终端获取业务密钥的请求时,找到相应的业务密钥,由用户密钥加密后发送给终端;节目流密钥加密单元,指业务平台接收广播系统网络加扰器发送的节目流密钥,用相应业务密钥加密后,将已加密的节目流密钥、节目流密钥标识及其他加密参数按指定数据格式封装成节目流密钥消息,返回给加扰器。 One relationship, the service key through the service identifier, the program flow identifier associated with the service key unique key identifier of this site, and have their validity; service key distribution unit for distributing traffic through service center key, the service platform according to the user's subscription, the user has subscribed to the service transmits the service key encrypted key using the user's user; network-based active push mode, or obtaining the service key received in the terminal when a request to find the corresponding service key, the encrypted key is transmitted to the terminal by a user; key encryption unit program stream, a program stream key means receiving a broadcast service platform system network scrambler transmitted, encrypted with the service key corresponding to after the key encrypted program stream, a program stream key and other cryptographic parameters identifying the specified data format encapsulated into a program stream key message, returns to the scrambler.
  15. 15.如权利要求10所述实现多网融合移动多媒体广播系统密钥安全的系统,其特征在于:广播系统网络包括:节目源编码模块,用于对各个原始接入的音视频内容进行压缩编码,输出给加扰器;加扰器,用于生成、存储和更新节目流密钥,将节目流密钥发送到各个移动通信系统网络,并将接收到的加密控制信息加以存储;由加密后节目流密钥控制字加密编码后的节目流,并将所述节目流和加密控制信息输出到复用系统;复用系统,用于将多个加密后的节目流及其在多个移动通信系统网络的加密控制信息复用,通过广播系统网络输出。 As claimed in claim 10 said multi-network integration mobile multimedia broadcast system key security system, wherein: a broadcast network system comprising: a program source coding means for each of the original audio and video content accessible compression coding output to a scrambler; scrambler for generating, storing and updating the program stream key, the program sends the key stream to each of the mobile communication system network, and the received encrypted control information to be stored; encrypted by the program stream program stream after encoding key encrypting the control words and the encrypted control information and program stream output to the multiplexing system; multiplexing system, the program stream for a plurality of encryption and a plurality of mobile communication encryption system network control information multiplexing, the network output through the broadcast system.
  16. 16.如权利要求15所述实现多网融合移动多媒体广播系统密钥安全的系统,其特征在于:加扰器,进一步包括节目密钥管理模块和加密机,节目密钥管理模块,用于对节目流密钥的控制字、加密后控制字、加密周期、加密时长进行管理,不断生成、存储和更新控制字;通过与多个移动通信系统网络业务平台的接口向该业务平台发送节目流密钥加密请求,携带会话标识、节目流标识、节目流密钥标识和节目流密钥数据;并从该业务平台获得节目流加密控制信息并储存,包括加密后的节目流密钥、业务密钥标识和移动通信系统网络的标识参数;通过与内容播控系统的接口获得对应节目的起始、结束的时间信息,对齐开始新的加密周期,以及节目流密钥用作加密的加密周期范围,作为与业务平台的节目流密钥同步的依据;加密机,使用加密后的节目流密钥 16. The claim 15 of the multi-network integration mobile multimedia broadcast system key security system, wherein: a scrambler, further comprising a program module and an encryption key management unit, a program key management module, configured to program control word stream key, the encrypted control word, encrypted cycle length encryption management, continue to generate, store, and update control word; transmitting program stream cipher with a plurality of mobile communication systems through the network interface to the service platform service platform key encryption request carries the session identifier, the program flow identifier, a program identifier and a program stream key stream key data; program stream and obtaining and storing the encrypted control information from the service platform, including a program key encrypted stream, the service key identification parameter identifies the mobile communication system network; obtained by starting with an interface corresponding to the program content control system, the end time information, start a new cryptoperiod aligned, and program stream encrypted encryption key as the period range, as a program in synchronization with the stream key based on the service platform; encrypted machine program stream using an encryption key 加密编码后的节目流,复用多个网络的加密控制信息到输出数据流中,并输出到复用系统。 Encrypted program stream encoding, multiplexing the encrypted control information to the plurality of network output data stream, and outputs to the multiplexing system.
CN 200610172266 2006-12-30 2006-12-30 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system CN101009553A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610172266 CN101009553A (en) 2006-12-30 2006-12-30 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200610172266 CN101009553A (en) 2006-12-30 2006-12-30 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system
PCT/CN2007/003922 WO2008086714A1 (en) 2006-12-30 2007-12-29 A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system

Publications (1)

Publication Number Publication Date
CN101009553A true true CN101009553A (en) 2007-08-01

Family

ID=38697728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610172266 CN101009553A (en) 2006-12-30 2006-12-30 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Country Status (2)

Country Link
CN (1) CN101009553A (en)
WO (1) WO2008086714A1 (en)

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008086714A1 (en) * 2006-12-30 2008-07-24 Zte Corporation A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system
WO2009039691A1 (en) * 2007-09-28 2009-04-02 Zte Corporation A method and system for encrypting the content key in a mobile multimedia broadcast service
WO2009039692A1 (en) * 2007-09-26 2009-04-02 Zte Corporation A method and system for encrypting a program stream key in the mobile multimedia broadcast service
WO2009039784A1 (en) * 2007-09-20 2009-04-02 Zte Corporation Method and system for encrypting program stream key in broadcast-mode mobile tv service
WO2009106007A1 (en) * 2008-02-27 2009-09-03 华为技术有限公司 Method, system and equipment for realizing media security of iptv multicast service
CN101267533B (en) 2007-03-14 2010-05-19 中国移动通信集团公司 Method, system and mobile terminal for playing program stream at different platform terminals
CN101860406A (en) * 2010-04-09 2010-10-13 北京创毅视讯科技有限公司 Central processor and mobile multimedia broadcasting device, system and method
WO2010115333A1 (en) * 2009-04-07 2010-10-14 中兴通讯股份有限公司 Method, system and terminal for transmitting continuous service multiplexing configuration information
CN101399960B (en) 2007-09-25 2010-12-01 中兴通讯股份有限公司 Program stream key encryption method and system in broadcast type mobile television service
CN101924907A (en) * 2009-06-12 2010-12-22 北京视博数字电视科技有限公司 Method for realizing condition receiving, terminal equipment and front end thereof
CN101415104B (en) 2007-10-15 2011-04-06 中兴通讯股份有限公司 Method and system for implementing program current cipher key of mobile multimedia broadcast service
CN101521794B (en) 2009-03-31 2011-04-20 中兴通讯股份有限公司 Mobile TV terminal and local program encrypting method thereof
CN101184274B (en) 2007-12-12 2011-05-25 中兴通讯股份有限公司 Method of implementing mobile terminal condition reception
CN101577595B (en) 2008-05-09 2011-07-13 中兴通讯股份有限公司 Method and system for encrypting program stream keys in multi-media broadcast service
CN101499901B (en) 2008-02-01 2011-08-17 中国移动通信集团公司 Method, terminal and television broadcast server for sending request from triggering terminal to mobile server
WO2011097877A1 (en) * 2010-02-11 2011-08-18 中兴通讯股份有限公司 Terminal and television service playing method thereof
CN101626568B (en) 2008-07-11 2011-11-16 中国移动通信集团公司 Method and device for acquiring service key
CN101499866B (en) 2008-02-01 2011-12-07 中兴通讯股份有限公司 Multimedia broadcasting service in the service key transmission method
CN102300154A (en) * 2010-06-25 2011-12-28 中兴通讯股份有限公司 A method of multimedia broadcast system key update apparatus and
CN101478544B (en) 2009-01-15 2012-01-11 中兴通讯股份有限公司 Implementation method and apparatus for multimedia broadcast multiple ciphering and deciphering
CN102355598A (en) * 2011-10-08 2012-02-15 北京视博数字电视科技有限公司 Operating system drive layer-based scrambling method and device
CN102404629A (en) * 2010-09-17 2012-04-04 中国移动通信有限公司 Method and device for processing television program data
CN101714904B (en) 2008-10-08 2012-05-09 中兴通讯股份有限公司 Key management system and method
CN101729269B (en) 2008-10-16 2012-05-23 中兴通讯股份有限公司 Method and system for implementing multimedia broadcast/multicast service, and bearer selection method
CN101656583B (en) 2008-08-21 2012-07-04 中兴通讯股份有限公司 Key management system and key management method
CN101651509B (en) 2008-08-15 2012-08-15 威盛电子(中国)有限公司 Terminal and method for securely playing multimedia broadcast content
CN103763586A (en) * 2014-01-16 2014-04-30 北京酷云互动科技有限公司 Television program interaction method and device and server
US8806207B2 (en) 2007-12-21 2014-08-12 Cocoon Data Holdings Limited System and method for securing data
CN104205863A (en) * 2012-03-27 2014-12-10 三菱电机株式会社 Digital broadcast receiver device and digital broadcast receiving method
CN104410828A (en) * 2014-11-26 2015-03-11 北京视博数字电视科技有限公司 Home monitoring method and apparatus
CN102056161B (en) * 2009-10-28 2015-04-22 上海摩波彼克半导体有限公司 Method for realizing layered key management in wireless mobile communication network
CN104661051A (en) * 2015-03-09 2015-05-27 深圳市九洲电器有限公司 Streaming media pushing method and system
CN105515768A (en) * 2016-01-08 2016-04-20 腾讯科技(深圳)有限公司 Method, device and system for updating secret key
CN105828186A (en) * 2016-03-23 2016-08-03 福建新大陆通信科技股份有限公司 Set top box recorded program secondary encryption method
CN103686251B (en) * 2012-09-05 2017-02-22 中国移动通信集团公司 Program stream broadcasting system in a multimedia broadcast service, a method and apparatus
CN107707514A (en) * 2017-02-08 2018-02-16 贵州白山云科技有限公司 Method, system and device for achieving encryption among CDN nodes

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387500B (en) * 2011-10-25 2015-10-28 中兴通讯股份有限公司 A service key management method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1764274A (en) * 2004-10-23 2006-04-26 四川长虹电器股份有限公司 Digital videocast system capable of mobile reception
CN1867066A (en) * 2005-05-20 2006-11-22 中国移动通信集团公司 Digital television program broadcasting system and method
CN100548044C (en) * 2006-04-27 2009-10-07 中国移动通信集团公司 Mobile television broadcasting control system and broadcasting network and method
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008086714A1 (en) * 2006-12-30 2008-07-24 Zte Corporation A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system
CN101267533B (en) 2007-03-14 2010-05-19 中国移动通信集团公司 Method, system and mobile terminal for playing program stream at different platform terminals
WO2009039784A1 (en) * 2007-09-20 2009-04-02 Zte Corporation Method and system for encrypting program stream key in broadcast-mode mobile tv service
CN101127596B (en) 2007-09-20 2012-04-11 中兴通讯股份有限公司 A method and system for program stream secret key encryption in broadcast mobile TV service
CN101399960B (en) 2007-09-25 2010-12-01 中兴通讯股份有限公司 Program stream key encryption method and system in broadcast type mobile television service
CN101146209B (en) 2007-09-26 2011-05-25 中兴通讯股份有限公司 A method and system for program stream secret key encryption in mobile multi-media broadcasting service
WO2009039692A1 (en) * 2007-09-26 2009-04-02 Zte Corporation A method and system for encrypting a program stream key in the mobile multimedia broadcast service
WO2009039691A1 (en) * 2007-09-28 2009-04-02 Zte Corporation A method and system for encrypting the content key in a mobile multimedia broadcast service
CN101415104B (en) 2007-10-15 2011-04-06 中兴通讯股份有限公司 Method and system for implementing program current cipher key of mobile multimedia broadcast service
CN101184274B (en) 2007-12-12 2011-05-25 中兴通讯股份有限公司 Method of implementing mobile terminal condition reception
US8806207B2 (en) 2007-12-21 2014-08-12 Cocoon Data Holdings Limited System and method for securing data
CN101499901B (en) 2008-02-01 2011-08-17 中国移动通信集团公司 Method, terminal and television broadcast server for sending request from triggering terminal to mobile server
CN101499866B (en) 2008-02-01 2011-12-07 中兴通讯股份有限公司 Multimedia broadcasting service in the service key transmission method
WO2009106007A1 (en) * 2008-02-27 2009-09-03 华为技术有限公司 Method, system and equipment for realizing media security of iptv multicast service
CN101577595B (en) 2008-05-09 2011-07-13 中兴通讯股份有限公司 Method and system for encrypting program stream keys in multi-media broadcast service
CN101626568B (en) 2008-07-11 2011-11-16 中国移动通信集团公司 Method and device for acquiring service key
CN101651509B (en) 2008-08-15 2012-08-15 威盛电子(中国)有限公司 Terminal and method for securely playing multimedia broadcast content
CN101656583B (en) 2008-08-21 2012-07-04 中兴通讯股份有限公司 Key management system and key management method
CN101714904B (en) 2008-10-08 2012-05-09 中兴通讯股份有限公司 Key management system and method
CN101729269B (en) 2008-10-16 2012-05-23 中兴通讯股份有限公司 Method and system for implementing multimedia broadcast/multicast service, and bearer selection method
CN101478544B (en) 2009-01-15 2012-01-11 中兴通讯股份有限公司 Implementation method and apparatus for multimedia broadcast multiple ciphering and deciphering
CN101521794B (en) 2009-03-31 2011-04-20 中兴通讯股份有限公司 Mobile TV terminal and local program encrypting method thereof
WO2010115333A1 (en) * 2009-04-07 2010-10-14 中兴通讯股份有限公司 Method, system and terminal for transmitting continuous service multiplexing configuration information
US8472345B2 (en) 2009-04-07 2013-06-25 Zte Corporation Terminals, systems and methods for transmitting continual service multiplex configuration information
CN101924907A (en) * 2009-06-12 2010-12-22 北京视博数字电视科技有限公司 Method for realizing condition receiving, terminal equipment and front end thereof
CN102056161B (en) * 2009-10-28 2015-04-22 上海摩波彼克半导体有限公司 Method for realizing layered key management in wireless mobile communication network
WO2011097877A1 (en) * 2010-02-11 2011-08-18 中兴通讯股份有限公司 Terminal and television service playing method thereof
CN101860406B (en) 2010-04-09 2014-05-21 北京创毅视讯科技有限公司 Central processor and mobile multimedia broadcasting device, system and method
CN101860406A (en) * 2010-04-09 2010-10-13 北京创毅视讯科技有限公司 Central processor and mobile multimedia broadcasting device, system and method
WO2011160350A1 (en) * 2010-06-25 2011-12-29 中兴通讯股份有限公司 Method and apparatus for key updating in multimedia broadcast system
CN102300154A (en) * 2010-06-25 2011-12-28 中兴通讯股份有限公司 A method of multimedia broadcast system key update apparatus and
CN102300154B (en) * 2010-06-25 2015-07-22 中兴通讯股份有限公司 Method and device for updating key in multimedia broadcast system
CN102404629B (en) 2010-09-17 2014-08-06 中国移动通信有限公司 Method and device for processing television program data
CN102404629A (en) * 2010-09-17 2012-04-04 中国移动通信有限公司 Method and device for processing television program data
CN102355598A (en) * 2011-10-08 2012-02-15 北京视博数字电视科技有限公司 Operating system drive layer-based scrambling method and device
CN104205863A (en) * 2012-03-27 2014-12-10 三菱电机株式会社 Digital broadcast receiver device and digital broadcast receiving method
CN104205863B (en) * 2012-03-27 2017-10-27 三菱电机株式会社 The digital broadcast receiving apparatus and a digital broadcast receiving method
CN103686251B (en) * 2012-09-05 2017-02-22 中国移动通信集团公司 Program stream broadcasting system in a multimedia broadcast service, a method and apparatus
CN103763586B (en) * 2014-01-16 2017-05-10 北京酷云互动科技有限公司 Interactive television programming methods, devices, and servers
CN103763586A (en) * 2014-01-16 2014-04-30 北京酷云互动科技有限公司 Television program interaction method and device and server
CN104410828A (en) * 2014-11-26 2015-03-11 北京视博数字电视科技有限公司 Home monitoring method and apparatus
CN104661051A (en) * 2015-03-09 2015-05-27 深圳市九洲电器有限公司 Streaming media pushing method and system
CN105515768B (en) * 2016-01-08 2017-07-21 腾讯科技(深圳)有限公司 A method for updating the key, apparatus and system
CN105515768A (en) * 2016-01-08 2016-04-20 腾讯科技(深圳)有限公司 Method, device and system for updating secret key
CN105828186A (en) * 2016-03-23 2016-08-03 福建新大陆通信科技股份有限公司 Set top box recorded program secondary encryption method
CN105828186B (en) * 2016-03-23 2018-09-28 福建新大陆通信科技股份有限公司 A set top box to record programs of secondary encryption method
CN107707514A (en) * 2017-02-08 2018-02-16 贵州白山云科技有限公司 Method, system and device for achieving encryption among CDN nodes
CN107707514B (en) * 2017-02-08 2018-08-21 贵州白山云科技有限公司 Cdn method for inter-node encryption types of systems and devices and

Also Published As

Publication number Publication date Type
WO2008086714A1 (en) 2008-07-24 application

Similar Documents

Publication Publication Date Title
US7055030B2 (en) Multicast communication system
US20060291660A1 (en) SIM UICC based broadcast protection
US20050010774A1 (en) Apparatus and method for a secure broadcast system
US20070223703A1 (en) Method and apparatus for providing service keys within multiple broadcast networks
US20120102315A1 (en) Verification of peer-to-peer multimedia content
US20080065548A1 (en) Method of Providing Conditional Access
US20040105549A1 (en) Key mangement system and multicast delivery system using the same
US20060177067A1 (en) Hybrid broadcast encryption method
US20040120527A1 (en) Method and apparatus for security in a data processing system
US7185362B2 (en) Method and apparatus for security in a data processing system
US20080219436A1 (en) Method and apparatus for providing a digital rights management engine
US20090282246A1 (en) Method and system for continuously transmitting encrypted data of a broadcast service to a mobile terminal
US7352868B2 (en) Method and apparatus for security in a data processing system
US20020141591A1 (en) Method and apparatus for security in a data processing system
US20060291662A1 (en) Decryption-key distribution method and authentication apparatus
US20120057697A1 (en) Security of a multimedia stream
CN101547095A (en) Application service management system and management method based on digital certificate
US20080287057A1 (en) Method and apparatus for providing multimedia broadcasting multicasting services
JP2003174441A (en) Contents encrypting method and device and contents decoding method and device
CN102291680A (en) An encryption method for paging group td-lte trunking communication system based on
CN1852418A (en) Mobile television television broadcasting control system and broadcasting network and method
CN1780413A (en) Packet broadcasting service key controlling method
US20050129231A1 (en) Apparatus and method for broadcast services transmission and reception
US20090252324A1 (en) Method and apparatus for providing broadcast service using encryption key in a communication system
US20080013733A1 (en) Key Management Messages For Secure Broadcast

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C12 Rejection of an application for a patent