CN101102464A - STB terminal and its verification method - Google Patents
STB terminal and its verification method Download PDFInfo
- Publication number
- CN101102464A CN101102464A CNA200710119569XA CN200710119569A CN101102464A CN 101102464 A CN101102464 A CN 101102464A CN A200710119569X A CNA200710119569X A CN A200710119569XA CN 200710119569 A CN200710119569 A CN 200710119569A CN 101102464 A CN101102464 A CN 101102464A
- Authority
- CN
- China
- Prior art keywords
- terminal
- card
- encrypt data
- stb
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012795 verification Methods 0.000 title claims description 17
- 230000000052 comparative effect Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000011022 operating instruction Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Abstract
The method comprises: the terminal identification card sends the key sequence number and the random number sequence to the STB terminal; according to the key sequence number, the STB terminal looks up the pre-saved session key to encrypt the random number sequence in order to generated the terminal cipher text data; said STB terminal sends the terminal cipher text data and the information about the set-top box terminal to said terminal identification card; said terminal identification card uses the information about the set-top box terminal to look up the pre-saved session key to encrypt said random number sequence so as to generate card cipher text data; comparing the card cipher text data with the terminal cipher text data; if they are the same, then passing the authentication. The set-top box terminal comprise: a terminal identification card and an authentication unit.
Description
Technical field
The present invention relates to a kind of to STB terminal verification method and can realize the STB terminal of this method, belong to the STB terminal technology in the Web TV technology.
Background technology
Web TV (is called for short: IPTV) be a kind of technology of utilizing broadband cabled television network that the multiple interactive services that comprises Digital Television etc. is provided to the user.The implementation of existing network TV mainly is by set-top box (Set Top Box is set on general television set, be called for short: STB) terminal, by this STB terminal general television set can be linked to each other with broadband cabled television network, realize the program request or the transmission of TV programme.Being provided with the terminal identity identification card in existing STB terminal (is called for short: the IPTV SIM card), usually by the Virtual network operator granting, be used for before access network STB terminal operational network authentication.
The defective of prior art is: in existing network television system, before the operational network authentication, the IPTV SIM card is not verified the legitimacy of STB terminal, therefore, for some business that need encrypt, (Digital Right Management, be called for short: DRM) business can influence the fail safe of system as digital copyright management.Wherein the DRM business is a kind of technology that is used to strengthen to protect digitized audio/video program content copyright, digital rights is managed.Cardinal principle is that the programme content to transmission on the internet carries out encipherment protection, and the STB terminal that receives the digital program of encryption could be deciphered this digital program by a key (key) and play and watch.Because the IPTV SIM card offers the plaintext after the deciphering that is of STB terminal, and therefore the malicious attack of simulation at the IPTV SIM card take place easily, causes key to be stolen, thereby can't realize the purpose of digital copyright management.
Summary of the invention
The problem to be solved in the present invention is: the legitimacy to STB terminal is verified, prevents malicious attack, to improve the fail safe of system.
In order to address the above problem, one embodiment of the present of invention have provided a kind of STB terminal verification method, comprising:
The terminal identity identification card sends Ciphering Key Sequence Number and random number sequence to the STB terminal at place;
Described STB terminal is searched the session key that prestores according to described Ciphering Key Sequence Number described random number sequence is encrypted in this STB terminal, generate the terminal encrypt data;
Described STB terminal sends to described terminal identity identification card with the end message of this terminal encrypt data and this STB terminal;
Described terminal identity identification card is searched the session key that prestores according to described end message described random number sequence is encrypted in this terminal identity identification card, generate the card encrypt data;
Described card encrypt data and described terminal encrypt data are compared, when comparative result when equating, then by checking.
In order to address the above problem, an alternative embodiment of the invention has provided a kind of STB terminal, comprising: terminal identity identification card and authentication unit;
Described terminal identity identification card comprises:
First card module is used for sending Ciphering Key Sequence Number and random number sequence to described authentication unit;
Second card module is used for searching the session key that prestores according to the end message that comes from the 3rd unit module;
The 3rd card module, the session key that is used for finding according to second card module is encrypted the described random number sequence that first card module sends, and generates the card encrypt data;
The 4th card module, being used for card encrypt data that the 3rd card module is generated and the described terminal encrypt data that comes from the 3rd unit module compares, when comparative result when equating, then by checking, and the state of default authentication field is set to allow network authentication.
Described authentication unit comprises:
The first module module is used for searching the session key that prestores according to the Ciphering Key Sequence Number that comes from first card module;
Second unit module, be used for according to the first module module searches to session key the random number sequence that comes from first card module is encrypted, generate the terminal encrypt data;
The 3rd unit module is used for the terminal encrypt data of second unit module generation and the end message of this STB terminal are sent to described terminal identity identification.
By the present invention, since the beginning network authentication before to the legitimacy of STB terminal is verified, and in proof procedure, the main information of transmitting between the two is ciphertext rather than plaintext, therefore can effectively prevent malicious attack, improve the fail safe of system, also helped effectively carrying out of business such as DRM.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is the flow chart of the embodiment of the invention 1 described STB terminal verification method;
Fig. 2 is the flow chart of the embodiment of the invention 2 described another kind of STB terminal verification methods;
Fig. 3 is the structural representation of the embodiment of the invention 3 described STB terminals.
Embodiment
Embodiment 1
Present embodiment provides a kind of STB terminal verification method, as shown in Figure 1, comprising:
Wherein, the session key of preserving in Ciphering Key Sequence Number and the STB terminal is corresponding, is used for selecting a session key from a plurality of session keys.The figure place of Ciphering Key Sequence Number can be determined according to the number of session key.
Wherein, the end message of STB terminal can comprise manufacturer's code, key version number etc.
Particularly, for the network authentication of STB terminal is controlled, can in the STB terminal, preset the authentication field, beginning that the IPTV SIM card is carried out card (Card Reset) when operation that reset, the state of authentication field is changed to " false (be called for short: FALSE) ", promptly do not allow network authentication.When execution in step 104, if comparative result is identical, then by checking, the state of authentication field is changed to " true (be called for short: TRUE) ", promptly allow network authentication.Wherein, be provided with and finish by card operating system what above-mentioned authentication field status carried out.
After receiving the authentication operating instruction (RUN IP/TVALGORITHM) that comes from the STB terminal when the IPTV SIM card, the state of inquiry authentication field; If the state of authentication field is " FALSE ", network authentication does not then bring into operation; If this state is " TURE ", network authentication then brings into operation.
By the described method of present embodiment, since the beginning network authentication before to the legitimacy of STB terminal is verified, and in proof procedure, the main information of transmitting between the two is ciphertext rather than plaintext, therefore can effectively prevent malicious attack, improve the fail safe of system, also helped effectively carrying out of business such as DRM.
Embodiment 2
Present embodiment provides another kind of STB terminal verification method, as shown in Figure 2, comprising:
Step 201,202 with embodiment 1 in step 101,102 identical, repeat no more herein.
In addition, present embodiment also can adopt the method for embodiment 1 described default authentication field that the network authentication of STB terminal is controlled, when the comparative result in the step 204 when being identical, then by checking, the state of authentication field is changed to " true (be called for short: TRUE) ", promptly allow network authentication.
By the described method of present embodiment, realized checking to the STB terminal, except having embodiment 1 described advantage, because to terminal encrypt data and relatively finishing of carrying out of card encrypt data by the STB terminal, therefore reduced the work load of IPTV SIM card, reduce the designing requirement of IPTV SIM card, thereby reduced the hair fastener cost of operator; Because the STB terminal does not need just can directly obtain comparative result by the instruction message that comes from the IPTV SIM card, so response speed is faster, reliability is higher.
Also it needs to be noted herein, needs as the case may be, the technical scheme of the step 204 among the step 104 among the embodiment 1 and the embodiment 2 can also be combined, that is: all card encrypt data and terminal encrypt data are compared by IPTV SIM card and STB terminal, have only when twice comparative result to be when identical, just allow the network authentication that brings into operation.STB device and IPTV SIM card both sides are recognized each other, can further improve the fail safe of system.
Embodiment 3
Present embodiment provides a kind of STB terminal, as shown in Figure 3, STB terminal 1 comprises: terminal identity identification card 10 and authentication unit 20, and wherein, terminal identity identification card 10 comprises: first card module 11, second card module 12, the 3rd card module 13 and the 4th card module 14; Authentication unit 20 comprises: first module module 21, second unit module 22 and the 3rd unit module 23.Its operation principle is:
First card module 11 of terminal identity identification card 10 sends Ciphering Key Sequence Number and random number sequence to authentication unit 20; The first module module 21 of authentication unit 20 comes from the Ciphering Key Sequence Number of first card module 11 and searches the session key that prestores; Second unit module 22 is encrypted the random number sequence that comes from first card module 11 according to the session key that first module module 21 finds, and generates the terminal encrypt data; The 3rd unit module 23 sends to terminal identity identification card 10 with the terminal encrypt data of second unit module, 22 generations and the end message of this STB terminal 1.
Second card module 12 of terminal identity identification card 10 is searched the session key that prestores according to the end message that comes from the 3rd unit module 23 of authentication unit 20; The 3rd card module 13 is encrypted the described random number sequence that first card module 11 sends according to the session key that second card module 12 finds, and generates the card encrypt data; The 4th card module 14 compares the 3rd card module 13 card encrypt data that generates and the terminal encrypt data that comes from the 3rd unit module 23 of authentication unit 20, when comparative result when equating, then pass through checking, and the state of default authentication field is set to allow network authentication.
In addition, by the network authentication that can bring into operation after the checking, particularly, in terminal identity identification card 10, can also comprise: the 5th card module 15, be used for when detecting the 4th card module 14 by after verifying, the state of the authentication field that inquiry is default is when this state is that network authentication then brings into operation when allowing network authentication; Otherwise network authentication does not bring into operation.
By the described device of present embodiment, since the beginning network authentication before to the legitimacy of STB terminal is verified, and in proof procedure, the main information of transmitting between the two is ciphertext rather than plaintext, therefore can effectively prevent malicious attack, improve the fail safe of system, also helped effectively carrying out of business such as DRM.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (11)
1, a kind of STB terminal verification method is characterized in that comprising:
The terminal identity identification card sends Ciphering Key Sequence Number and random number sequence to the STB terminal at place;
Described STB terminal is searched the session key that prestores according to described Ciphering Key Sequence Number described random number sequence is encrypted in this STB terminal, generate the terminal encrypt data;
Described STB terminal sends to described terminal identity identification card with the end message of this terminal encrypt data and this STB terminal;
Described terminal identity identification card is searched the session key that prestores according to described end message described random number sequence is encrypted in this terminal identity identification card, generate the card encrypt data;
Described card encrypt data and described terminal encrypt data are compared, when comparative result when equating, then by checking.
2, STB terminal verification method according to claim 1 is characterized in that described card encrypt data and described terminal encrypt data compared and comprises:
To compare through cryptographic calculation described card encrypt data that obtains and the described terminal encrypt data that comes from STB terminal that receives by described terminal identity identification card.
3, STB terminal verification method according to claim 2 is characterized in that described by also comprising after the checking:
Described terminal identity identification card sends instruction message to described STB terminal;
Described STB terminal receives the network authentication that brings into operation behind this instruction message.
4, STB terminal verification method according to claim 1 is characterized in that described terminal identity identification card also comprises after generating described card encrypt data:
Described card encrypt data is sent to described STB terminal.
5, STB terminal verification method according to claim 4 is characterized in that described card encrypt data and described terminal encrypt data compared and comprises:
Described STB terminal will compare through cryptographic calculation terminal encrypt data that obtains and the card encrypt data that comes from the terminal identity identification card that receives.
6, STB terminal verification method according to claim 5 is characterized in that described by also comprising after the checking:
The described STB terminal network authentication that brings into operation.
7, STB terminal verification method according to claim 1 is characterized in that described terminal identity identification card also comprises before sending described Ciphering Key Sequence Number and random number sequence:
Default authentication field in STB terminal when described STB terminal begins to carry out the card reset operation, is changed to the state of authentication field and does not allow network authentication.
8, STB terminal verification method according to claim 7 is characterized in that described by also comprising after the checking:
The state of described authentication field is set to allow network authentication.
9,, it is characterized in that the described network authentication that brings into operation comprises according to claim 7 or 8 described STB terminal verification methods:
Described STB terminal sends the authentication operating instruction to described terminal identity identification card;
Described terminal identity identification card receives the state of inquiry authentication field behind this authentication operating instruction;
When the state of this authentication field was the permission network authentication, network authentication then brought into operation; Otherwise network authentication does not bring into operation.
10, a kind of STB terminal is characterized in that comprising: terminal identity identification card and authentication unit;
Described terminal identity identification card comprises:
First card module is used for sending Ciphering Key Sequence Number and random number sequence to described authentication unit;
Second card module is used for searching the session key that prestores according to the end message that comes from the 3rd unit module;
The 3rd card module, the session key that is used for finding according to second card module is encrypted the described random number sequence that first card module sends, and generates the card encrypt data;
The 4th card module, being used for card encrypt data that the 3rd card module is generated and the described terminal encrypt data that comes from the 3rd unit module compares, when comparative result when equating, then by checking, and the state of default authentication field is set to allow network authentication.
Described authentication unit comprises:
The first module module is used for searching the session key that prestores according to the Ciphering Key Sequence Number that comes from first card module;
Second unit module, be used for according to the first module module searches to session key the random number sequence that comes from first card module is encrypted, generate the terminal encrypt data;
The 3rd unit module is used for the terminal encrypt data of second unit module generation and the end message of this STB terminal are sent to described terminal identity identification.
11, STB terminal according to claim 10 is characterized in that described terminal identity identification card also comprises:
The 5th card module is used for when detecting the 4th card module by after verifying, the state of the authentication field that inquiry is default is when this state is that network authentication then brings into operation when allowing network authentication; Otherwise network authentication does not bring into operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710119569A CN100596188C (en) | 2007-07-26 | 2007-07-26 | STB terminal and its verification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710119569A CN100596188C (en) | 2007-07-26 | 2007-07-26 | STB terminal and its verification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101102464A true CN101102464A (en) | 2008-01-09 |
| CN100596188C CN100596188C (en) | 2010-03-24 |
Family
ID=39036518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710119569A Active CN100596188C (en) | 2007-07-26 | 2007-07-26 | STB terminal and its verification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100596188C (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101330387B (en) * | 2008-07-24 | 2010-12-08 | 华为终端有限公司 | Method for authentication of machine card, communication apparatus and authentication system |
| CN101945104A (en) * | 2010-08-31 | 2011-01-12 | 百视通网络电视技术发展有限责任公司 | Terminal anti-fake device, authentication device and anti-fake and authentication method thereof |
| CN101521735B (en) * | 2009-03-31 | 2011-05-25 | 深圳创维数字技术股份有限公司 | Set-top box software encipherment protection method and system |
| WO2012075654A1 (en) * | 2010-12-10 | 2012-06-14 | 惠州市德赛视听科技有限公司 | Production management method for digital rights management (drm) key of blu-ray dvd player |
| CN102892040A (en) * | 2012-09-17 | 2013-01-23 | 深圳创维数字技术股份有限公司 | Method for controlling to play television program and digital television terminal |
| CN103581751A (en) * | 2013-02-08 | 2014-02-12 | 山东泰信电子股份有限公司 | System and method for receiving digital television signals |
| CN106028100A (en) * | 2016-05-13 | 2016-10-12 | 深圳智英电子有限公司 | Embedded type identification encryption card of Beidou satellite communication based digital set-top box |
| CN106303755A (en) * | 2016-09-27 | 2017-01-04 | 天脉聚源(北京)传媒科技有限公司 | A kind of interface ciphering method, device and Set Top Box login system |
| CN106547243A (en) * | 2017-01-10 | 2017-03-29 | 湖北巴东博宇工贸有限公司 | Alternating-current charging pile controls panel control system |
-
2007
- 2007-07-26 CN CN200710119569A patent/CN100596188C/en active Active
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101330387B (en) * | 2008-07-24 | 2010-12-08 | 华为终端有限公司 | Method for authentication of machine card, communication apparatus and authentication system |
| CN101521735B (en) * | 2009-03-31 | 2011-05-25 | 深圳创维数字技术股份有限公司 | Set-top box software encipherment protection method and system |
| CN101945104A (en) * | 2010-08-31 | 2011-01-12 | 百视通网络电视技术发展有限责任公司 | Terminal anti-fake device, authentication device and anti-fake and authentication method thereof |
| WO2012075654A1 (en) * | 2010-12-10 | 2012-06-14 | 惠州市德赛视听科技有限公司 | Production management method for digital rights management (drm) key of blu-ray dvd player |
| CN102892040A (en) * | 2012-09-17 | 2013-01-23 | 深圳创维数字技术股份有限公司 | Method for controlling to play television program and digital television terminal |
| CN102892040B (en) * | 2012-09-17 | 2016-12-21 | 深圳创维数字技术有限公司 | Control to play method and the digital TV terminal of TV programme |
| CN103581751A (en) * | 2013-02-08 | 2014-02-12 | 山东泰信电子股份有限公司 | System and method for receiving digital television signals |
| CN106028100A (en) * | 2016-05-13 | 2016-10-12 | 深圳智英电子有限公司 | Embedded type identification encryption card of Beidou satellite communication based digital set-top box |
| CN106028100B (en) * | 2016-05-13 | 2018-12-21 | 深圳智英电子有限公司 | Based on Beidou satellite communication, the top box of digital machine embedded with identification encrypted card |
| CN106303755A (en) * | 2016-09-27 | 2017-01-04 | 天脉聚源(北京)传媒科技有限公司 | A kind of interface ciphering method, device and Set Top Box login system |
| CN106547243A (en) * | 2017-01-10 | 2017-03-29 | 湖北巴东博宇工贸有限公司 | Alternating-current charging pile controls panel control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100596188C (en) | 2010-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100596188C (en) | STB terminal and its verification method | |
| JP4240297B2 (en) | Terminal device, authentication terminal program, device authentication server, device authentication program | |
| CN105095696B (en) | Method, system and the equipment of safety certification are carried out to application program | |
| EP1983466B1 (en) | Method and apparatus of secure authentication for system-on-chip (SoC) | |
| CN101828357B (en) | Credential provisioning method and device | |
| CN101977190B (en) | Digital content encryption transmission method and server side | |
| US10594479B2 (en) | Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device | |
| US20090006852A1 (en) | Method and Apparatus for Securing Unlock Password Generation and Distribution | |
| CN106464485A (en) | System and method for securing content keys delivered in manifest files | |
| CN101877702A (en) | Method and system for activating and authenticating an internet protocol television client | |
| CN101908113B (en) | Authentication method and authentication system | |
| CN104581214A (en) | Multimedia content protecting method and device based on ARM TrustZone system | |
| US11424919B2 (en) | Protecting usage of key store content | |
| US9819486B2 (en) | S-box in cryptographic implementation | |
| CN103138939A (en) | Secret key use time management method based on credible platform module under cloud storage mode | |
| US11159329B2 (en) | Collaborative operating system | |
| US7979628B2 (en) | Re-flash protection for flash memory | |
| CN102246535B (en) | Method, apparatus and system for employing a secure content protection system | |
| CN113726733B (en) | Encryption intelligent contract privacy protection method based on trusted execution environment | |
| JP4840575B2 (en) | Terminal device, certificate issuing device, certificate issuing system, certificate acquisition method and certificate issuing method | |
| US8755521B2 (en) | Security method and system for media playback devices | |
| CN113676478B (en) | Data processing method and related equipment | |
| EP2990978A1 (en) | Operating a device for forwarding protected content to a client unit | |
| CN113938878A (en) | Equipment identifier anti-counterfeiting method and device and electronic equipment | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHINA LINKED NETWORK COMMUNICATION GROUP CO.,LTD. Free format text: FORMER OWNER: CHINA NETWORK COMMUNICATIONS GROUP CORPORATION Effective date: 20090522 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090522 Address after: Number 21, Finance Street, Beijing, Xicheng District: 100032 Applicant after: China United Network Telecommunication Group Co., Ltd. Address before: Number 21, Finance Street, Beijing, Xicheng District: 100032 Applicant before: China Network Communications Group Corporation |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |