CN101138242A - An interactive television system - Google Patents
An interactive television system Download PDFInfo
- Publication number
- CN101138242A CN101138242A CNA2005800489746A CN200580048974A CN101138242A CN 101138242 A CN101138242 A CN 101138242A CN A2005800489746 A CNA2005800489746 A CN A2005800489746A CN 200580048974 A CN200580048974 A CN 200580048974A CN 101138242 A CN101138242 A CN 101138242A
- Authority
- CN
- China
- Prior art keywords
- key
- host server
- digital receiver
- smart card
- top box
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002452 interceptive effect Effects 0.000 title claims abstract description 58
- 230000003993 interaction Effects 0.000 claims abstract description 11
- 238000004891 communication Methods 0.000 claims description 41
- 238000009826 distribution Methods 0.000 claims description 27
- 238000007726 management method Methods 0.000 claims description 22
- 238000000034 method Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 9
- 210000000056 organ Anatomy 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 8
- 230000004913 activation Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 7
- 238000003860 storage Methods 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 4
- 230000001419 dependent effect Effects 0.000 claims description 3
- 230000008676 import Effects 0.000 claims description 3
- 238000004166 bioassay Methods 0.000 claims description 2
- 210000003813 thumb Anatomy 0.000 claims description 2
- 239000012141 concentrate Substances 0.000 claims 1
- 238000013524 data verification Methods 0.000 claims 1
- 238000011068 loading method Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 6
- 230000008859 change Effects 0.000 description 4
- 238000007689 inspection Methods 0.000 description 4
- 230000001737 promoting effect Effects 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 239000013589 supplement Substances 0.000 description 4
- 238000012546 transfer Methods 0.000 description 4
- 239000004020 conductor Substances 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000035508 accumulation Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000003780 insertion Methods 0.000 description 2
- 230000037431 insertion Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000005055 memory storage Effects 0.000 description 2
- 230000001502 supplementing effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010960 commercial process Methods 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 238000012011 method of payment Methods 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 239000007858 starting material Substances 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/414—Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
- H04N21/41407—Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance embedded in a portable device, e.g. video client on a mobile phone, PDA, laptop
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/61—Network physical structure; Signal processing
- H04N21/6106—Network physical structure; Signal processing specially adapted to the downstream path of the transmission network
- H04N21/6131—Network physical structure; Signal processing specially adapted to the downstream path of the transmission network involving transmission via a mobile phone network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/61—Network physical structure; Signal processing
- H04N21/6156—Network physical structure; Signal processing specially adapted to the upstream path of the transmission network
- H04N21/6181—Network physical structure; Signal processing specially adapted to the upstream path of the transmission network involving transmission via a mobile phone network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/65—Transmission of management data between client and server
- H04N21/658—Transmission by the client directed to the server
- H04N21/6582—Data stored in the client, e.g. viewing habits, hardware capabilities, credit card number
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Graphics (AREA)
- General Engineering & Computer Science (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
An interactive television system (100) for providing secure interactive services to consumers (5) via broadcast infrastructure (50) operated by a broadcaster, the system (100) comprising: a digital receiving device (10) to receive broadcast data and data relating to the secure interactive service via the broadcast infrastructure (50), the digital receiving device (10) receiving a mobile device (20) of the consumer (5); and a return-path host server (60) to provide return path connectivity from the digital receiving device (10) to the broadcaster; wherein interaction with the secure interactive service is secured by checking whether the consumer (5) has physical access to use the digital receiving device (10), checking whether the consumer (5) has been granted access to use the secure interactive service, and authenticating the return-path host server (60) and the digital receiving device (10).
Description
Technical field
The present invention relates to be used for providing to the user interactive TV system of secure interactive business by broadcast infrastructure (broadcast infrastructure) by the broadcasting equipment operation.
Background technology
For many different purposes, use integrated circuit card or smart card at present in the world just more and more.Smart card generally includes read-only memory (ROM), Electrically Erasable Read Only Memory (EEPROM) and output/input (I/O) mechanism.These smart cards need contact or be non-contacting.Smart card can also comprise other circuit of microprocessor and support microcontroller operation.In the memory of smart card, smart card can comprise that single application program maybe can comprise a plurality of independently application programs.Its memory can be safe or unsafe.
The present invention is devoted to overcome the restriction that is brought by broadcast infrastructure and set-top box, so that safe smart card transaction to be provided.
Summary of the invention
First preferred aspect, the invention provides a kind of being used for by providing the interactive TV system of secure interactive business to the user by the broadcast infrastructure of broadcasting equipment operation, this system comprises:
Digital receiver, be used for by broadcast infrastructure receive broadcast data with the professional relevant data of secure interactive, digital receiver reception (receive) user's mobile device; And
Passback path (return-path) host server (host server) is used to provide the passback path from the digital receiver to the broadcasting equipment to connect;
Wherein, by checking whether the user has the physics that uses digital receiver and insert, check that whether authorized user inserts interactive service safe in utilization and checking passback path host server and digital receiver and guarantee safety with the secure interactive service interaction.
Key by using mobile device to and Application Protocol Data Unit (APDU) order and the group of forming by broadcast infrastructure, digital receiver and passback path host server in any one communicate, can further guarantee safety with the secure interactive service interaction.
For communicating by letter between digital receiver and the passback path host server,, can further guarantee safety with the secure interactive service interaction by verifying user's identity according to being stored in data on the mobile device.
By the identity of checking user before allowing the access security interactive service, can further guarantee safety with the secure interactive service interaction.
Can disperse (decentralise) authentication (authentication) and with key to being sent to digital receiver from passback path host server, and by set-top box to key to handling.
Can Collective qualification and with key to being sent to passback path host server from digital receiver, and by passback path host server to key to handling.
Can verify digital receiver or user's identity according to central database.Can carry out checking by input user's PIN (PIN), password or biometric scan.
Can insert sign by the condition of authentication digital receiver and verify digital receiver.
Broadcast infrastructure can be a satellite television infrastructure.Broadcast infrastructure can comprise the infrastructure that can pass through land signal, cable or wireless system carrying digital signal or analog signal.
Digital receiver can be set-top box, personal video record (PVR) or PDA(Personal Digital Assistant).
The third party can comprise financial institution, government organs or trader.
Can select the secure interactive business from comprising that TV reward voucher (TV-Coupon), TV pre-paid (TV-Pre-Paid), TV move the group of download (TV-Mobile Download), TV government (TV-Government), TV payment transaction (TV-Payment Transaction), TV banking (TV-Banking), TV commerce (TV-Commerce), TV shopping (TV-Shopping), TV card management (TV-Card Management) and TV coupons (TV-Token).
Passback path host server can communicate with third party's host server.
For each session of secure interactive business, the session key can be used between broadcast infrastructure and the digital receiver communicate by letter and digital receiver and passback path host server between communicate by letter and encrypt.Session key can at first be sent to digital receiver, be sent to digital receiver, is sent to passback path host server, is sent to digital receiver by passback path host server by digital receiver by mobile device by broadcast infrastructure, perhaps transmits between passback path host server and third party's host server.
Can carry out digital signature to the message that is sent to passback path host server from digital receiver, to guarantee the integrality of message.Can authenticate digital signature by believable side.
Can on mobile device, store at least one interactive application, to handle and to transmit the data of secure interactive business.
Can use with user-dependent information mobile device is individualized, and can it be activated to use by the processing of using activation key.
Digital receiver and smart card can authenticate mutually according to the verification process of mutual approval, to carry out secure communication each other.
User's mobile device can be connected to digital receiver or be embedded in the digital receiver.Mobile device can carry out radio communication with digital receiver.Mobile device can be the card based on chip such as smart card.Mobile device can be the mobile computing device such as PDA(Personal Digital Assistant), palm machine, notebook, removable hard disk, thumb drives or mobile phone.
This system can also comprise the safe key module of key and certificate management module and broadcast infrastructure, with management and distributing key or certificate, key or certificate are used for communicating by letter between broadcast infrastructure and the digital receiver, between mobile device and the digital receiver, between digital receiver and the passback path host server and between passback path host server and the third party's host server, message, application program and data are carried out encrypt/decrypt.
Key can be any one that comprises in the group of activation key, payment key, back distribution (post-issuance) key, transmission security key, terminal key, authentication secret, host key and member (loyatly) key.
This system can also comprise the copy protection module, is used for the content of authorized user record by broadcast infrastructure broadcasting.
This system can also comprise security domain, be used to set up unique cryptographic key, thereby guarantee between mobile device and the digital receiver, between digital receiver and the passback path host server and the secure communication between passback path host server and the third party's host server.
In the symmetric cryptography business, unique cryptographic key can only use single key.
The user can import the password of PIN (PIN), can insert information and the secure interactive business that is stored on the mobile device.
Bioassay system can be set,, can insert the information and the secure interactive business that are stored on the mobile device so that be stored in it under situation that record in biometric data base is complementary at user's scanning biometric data.
Description of drawings
Example of the present invention is described below with reference to accompanying drawings, in the accompanying drawings:
Fig. 1 is the block diagram of broadcast system; And
Fig. 2 is the form of safe access matrix that the safe floor of interactive television system and system unit thereof is shown.
Embodiment
Fig. 1 and following argumentation are intended to the description to realizing that suitable computing environment of the present invention is carried out briefly, summarized.Although not necessarily, will be at the computer executable instructions of carrying out by personal computer (for example, program module) the present invention broadly hereinafter described.Usually, program module comprises routine, program, character, assembly, the data structure of carrying out particular task or realizing particular abstract.Those skilled in the art are to be understood that, can use other computer system configurations to realize the present invention, this configuration comprises mancarried device, multicomputer system, based on microprocessor or programmable consumer electronics, network PC, minicom and mainframe computer etc.Can also in the distributed computing environment (DCE) of executing the task, realize the present invention by the teleprocessing device that connects by communication network.In distributed computing environment (DCE), program module can be arranged in local memory storage device and remote memory storage device.
With reference to Fig. 1, show the interactive TV system 100 that is used for providing to holder 5 the secure interactive business by broadcast infrastructure 50 by the broadcasting equipment operation.Usually, system 100 comprises: set-top box 10 and passback path host server 60.Set-top box 10 by broadcast infrastructure 50 receive broadcast datas with the professional relevant data of secure interactive.Set-top box 10 also receives and reads the data on the smart card 20 that is stored in holder 5.Passback path host server 60 provides the passback path from set-top box 10 to broadcasting equipment to connect.By checking whether holder 5 has the right to use set-top box 10 to guarantee safety with the secure interactive service interaction physically.By checking whether holder 5 is authorized to interactive service safe in utilization and carries out another safety inspection.Carry out further safety inspection by checking passback path host server 60 with set-top box 10.
Smart card
Smart card 20 comprises credit card, bank card, label account card, member card, cash advance card, Gift Card, recreation card, driving license and the national enrollment status card (NRIC) of the integrated circuit with microprocessor or memory chip form.Smart card 20 is contacts or contactless.
Before smart card 20 is issued holder 5, block data (it is uniquely to sticking into line identifier) with some smart card 20 is carried out initialization.After the personal data structure is loaded and is stored in the smart card 20, can identification intelligent card 20 by card publisher 85, product classification, data and identification number.In case individualize, smart card 20 just can not change its identity (sign).
Smart card 20 is equipped with at least one application program, for example, the cash value of credit or storage, utilizes the initialized Cavan of default value part structure and/or is used for the key of transmission security.
In the individualized stage, needn't activate smart card 20.Set-top box 10 is used for the passback path host server 60 by means of the particulars that comprise the smart card that will activate, and activates smart card 20 by verification process.
After distribution smart card 20, need to use activation key to activate smart card 20; Perhaps carry out the back distribution with the application program of new/renewal; Perhaps delete existing application program on the smart card 20.The back distribution is handled and is also comprised information and data.It relates to use back distribution key.Set-top box 10 is used to load/write, read and/or delete holder 5 static data, and these data comprise preferential in holder 5 name, address and the smart card 20.Therefore, set-top box 10 also is used to the card management process.
Based on the smart card type data, set-top box 10 determines whether smart card 20 is suitable for by individualized and/or back distribution.If smart card 20 is not correct type, then handles stopping, and notify holder 5 by display unit 30.
Set-top box 10 can activate holder 5 smart card 20.Usually, issue smart cards 20 by card publisher/manufacturer 85 to holder 5.In addition, also by application program of intelligent card and file structure in set-top box 10 interpolations, deletion or the renewal smart card 20.Set-top box 10 can be carried out holder 5 data management.Read name, address and preferential holder's 5 data by set-top box 10 such as holder 5.
When smart card 20 links to each other with set-top box 10, carry out the smart card interaction process between smart card 20 and the set-top box 10.Smart card 20 storage private key and public keys are right.Usually, processing comprises from smart card 20 retrieval public keys, uses the data that public keys will transmit at least a portion to encrypt, ciphered data is sent to smart card 20 and uses the private key of smart card that ciphered data is deciphered.
The key of smart card pair is mutual to carrying out with the key that is transmitted to set-top box 10 by broadcast infrastructure 50.Alternatively, with key to being loaded on the set-top box 10 from passback path host server 60 or third party's smart card system by secure communication infrastructure.Alternatively, the key of concentrating is opposite to passback path host server 60 or third party's smart card system, and is not sent to set-top box 10.
The type of key comprises activation key, payment key, back distribution key, transmission security key, terminal key (terminal key), authentication secret (verification key), host key and member's key.
Passback path host server
The passback path host server 60 of broadcasting equipment is connected to other third party's host servers 70, so that irrealizable other secure interactive business of this broadcasting equipment of using to be provided.In addition, also carry out authentication/validation with third party's host server 70.These third party's host servers 70 belong to financial institution, member provider, content supplier and government organs.Passback path host server 60 starts the passback path and connects.Passback path host server 60 comprises modem bank or a plurality of telecommunication installation and the communications infrastructure, to receive the data from the set-top box in the system 100 10.Manage these devices by broadcasting equipment.
For safety set-top box transaction (transaction), needing will be from set-top box 10 to the part of the special use connection that returns path host server 60 as data transmission and processing.This connection is via using the secure communication infrastructure of generally acknowledging cryptographic system.Then, passback path host server 60 is connected to other host server 70, to carry out other safe set-top box transaction.
For the TV payment transaction, passback path host server 60 is connected to the host server 70 of payment gateway, so that (settle) settled accounts in any payment of using set-top box 10 to handle by holder 5.Utility company, online trader, government organs, content supplier and member provider are paid.Except use is stored in data on the smart card 20, also use the information in the host server 70 that is included in payment gateway that holder 5 is authenticated.
For the TV banking transaction, passback path host server 60 is connected to the host server 70 of financial institution, with the particulars of account that specific holder 5 is provided, for example, account balance and mortgage details.Except use is stored in data on the smart card 20, also use the information in the host server 70 that is included in financial institution that holder 5 is authenticated.
For TV commerce/TV purchase transaction, passback path host server 60 is connected to " shopping mall " trader's host server 70, commodity and/or professional tabulation that this host server 70 uses set-top box 10 management holders 5 to buy.The part of fulfiling and present the bill of trader's host server 70 managing transactions.Except use is stored in data on the smart card 20, also use the information in the host server 70 that is included in the trader that holder 5 is authenticated.Particularly, holder 5 registers in advance, wherein, holder 5 particulars is stored in trader's the host server 70.For timely propagation, also commodity and/or service lists are sent to broadcast infrastructure 50.
Return profit (reward for TV member and TV, reward) transaction, passback path host server 60 is connected to the host server 70 of member provider, so that specific member's particulars to be provided to specific holder 5, for example, the residue counts, repayment situation and special offer.Except use is stored in data on the smart card 20, also use the information in the host server 70 that is included in member provider that holder 5 is authenticated.
Conclude the business for the TV coupons, passback path host server 60 is connected to the host server 70 of third party's smart card system, to manage/upgrade with third party smart card system relevant information with passback path host server 60 via set-top box 10 by the communications infrastructure.Except use is stored in data on the smart card 20, also use the information in the host server 70 that is included in third party's smart card system that holder 5 is authenticated.Particularly, holder 5 registers in advance, wherein, holder 5 particulars is stored in the third-party host server 70.
Conclude the business for TV reward voucher (coupon), passback path host server 60 is connected to member provider/trader's host server 70, so that nearest promotional discount quotation is downloaded on its smart card 20 safely, be used for when checkout, repaying in the market outlet that participates in.In some cases, repayment is instant.Except use is stored in data on the smart card 20, also use the information in the host server 70 that is included in member provider/trader that holder 5 is authenticated.
For the transaction of TV pre-paid, third party's host server 70 that passback path host server 60 is connected to by pre-paid service provider (for example, telecommunications company) operation is supplemented with money with the storing value on the increase smart card 20 or to it.Holder 5 is by the payment of TV payment transaction selection to supplementing with money.
Move download transactions for TV, passback path host server 60 is connected to by the tinkle of bells and/or wallpaper and moves third party's host server 70 of downloading content supplier's operation, and wherein, holder 5 can pay to moving to download by TV payment transaction.
For TV government, passback path host server 60 (for example is connected to government organs, road transport and immigrant department) host server 70, be used for carrying out online query/payment by the TV payment transaction affairs relevant (for example, driving license upgrades and the fine payment) to government.Except use is stored in data on the smart card 20, also holder 5 is authenticated according to the information in the host server 70 that is included in government organs.Be connected with passback path on the secure communication infrastructure by set-top box 10, use the database of government organs that the information on national registration ID card (NRIC) smart card 20 is authenticated.
For TV card management, passback path host server 60 is connected to the host server 70 of card publisher/manufacturer, is used to carry out the card management service such as back distribution and smart card activation.
Create security context by in first encryption apparatus (for example, set-top box 10), setting up unique cryptographic key (the first key unit).In second encryption apparatus (for example, passback path host server 60), set up identical unique password key safely.Unique cryptographic key has been guaranteed the secure communication infrastructure between set-top box 10 and the passback path main frame affair device 60.For example, in the symmetric cryptography business, unique cryptographic key only adopts single key.
By the passback path host server 60 of broadcast infrastructure 50, vehicle intelligent card system, the communications infrastructure safe in utilization, use the method for concentrating or disperseing that the first key unit is loaded on the set-top box 10; Perhaps be independent of the first key unit, download the first key unit from third party's smart card system.
The secure interactive business
The secure interactive business that is provided by system 100 comprises:
TV payment (credit, debit and Stored Value)-holder 5 is with in its payment smart card 20 insertion machine top boxs 10, to carry out the financial transaction of credit, debit and Stored Value.The payment of being undertaken by set-top box 10 comprises that bill payment, TV commerce, TV pre-paid, the TV of the conduct safety set-top box application of being undertaken by the communications infrastructure move download and TV government, and this communications infrastructure is connected to the passback path host server 70 of payment provider.
The smart card 20 of TV banking-be connected with set-top box 10 makes it possible to insert financial institution, and provides a series of financial information to holder 5.Holder 5 can carry out financial transaction, comprises transaction log inquiry, transfer of financial resources, hypothecated account information, checkbook request and bill/effectiveness (utility) recompense of the inquiry into balance of different accounts, a plurality of accounts.The secure communication infrastructure of the passback path host server 70 by being connected to financial institution is carried out all these transaction.
TV commerce, TV shopping-holder 5 is in its payment smart card 20 insertion machine top boxs 10, with commodity and/or the business of using set-top box 10, the secure communication infrastructure payment of passback path host server 70 by being connected to the trader to be ordered.
TV member-set-top box 10 can be by being connected to member provider passback path host server 70 secure communication infrastructure interpolation/deletion/renewal smart card 20 or the membership information on " TV member card " and/or return profit and count.This comprises the TV gift cards that comprises about concrete people, place and project, and only reads membership information by set-top box 10 and it is presented on the display unit 30.
TV returns that profit-for safe set-top box transaction of performed each or the interactive television navigation in order to use user's interface device 40 to carry out, set-top box 10 accumulations are returned sharp point and it is downloaded on the smart card 20.This is in order to increase participation, and increases by 5 pairs of set-top box of holder 10 and " bonding force " of the business that provided.
TV coupons (token)-holder 5 is with the physical conductors (conduit) of its smart card 20 as off-line, between set-top box 10 and third party's smart card system (for example, pre-paid smart card instrument (meter) and the computer of intellignet card fetch is installed), to transmit effectiveness/payment information and/or data.Smart card 20 inserted intellignet card fetch be installed and utilize in the prepayment effectiveness instrument (utility meter) that cryptographic system starts, with connect by set-top box 10, passback path, the passback path host server 70 of secure communication infrastructure and effectiveness provider with effectiveness use data from pre-paid effectiveness instrument physical transfer to utility company.Use data in case upgraded effectiveness, holder 5 just pays any effectiveness and supplements with money.Afterwards, use the effectiveness data after same smart card 20 will be supplemented with money as physical conductors to transfer to prepayment effectiveness instrument by set-top box 10.
TV reward voucher (coupon)-holder 5 downloads to electronic promotional discount coupons on its smart card 20, and during (redemption) processing is exchanged at the trader's who participates in checkout counter place, when commodity/business of utilizing 20 pairs of purchases of same smart card is paid, enjoy the promotional discount of downloading.Set-top box 10 can be carried out and download or exchange and handle.When being connected to passback path host server 60, complicated and safe promotional discount coupons are downloaded in the smart card 20.Can use set-top box 10 to exchange the safe TV reward voucher of being downloaded.
TV pre-paid-holder 5 uses set-top box 10 to its prepayment smart card 20 (for example to come, recreation card or the telecommunication service of moving such as prepayment) on currency values supplement with money, and, use TV payment transaction to carry out required payment by being connected to the secure communication infrastructure of passback path host server 60.
TV moves download-holder 5 can move download by set-top box 10 request the tinkle of bells and/or wallpaper, and the secure communication infrastructure of the passback path host server 70 by being connected to content supplier, uses TV payment transaction to carry out required payment.
TV government-(for example have national identity smart-card 20, national registration ID card (NRIC) smart card 20 that is called as the Malaysian government of " MyKad ") holder 5 can be by being connected to government organs passback path host server 70 secure communication infrastructure, utilize TV payment transaction, to the affairs relevant (for example with government, the state of application program) inquires about and/or carry out essential government-pay (for example, driving license upgrades and the fine payment).
TV card management-Ka publisher/manufacturer can assist the holder to block management service, for example, will be issued in its smart card after the application program after new/renewal, and the smart card of issuing the holder is recently carried out smart card activate.
In whole system 100, between set-top box 10, smart card 20, passback path host server 60, third party's host server 70 and third party's smart card system, transmit data.
The broadcast data that is sent to set-top box 10 from broadcasting equipment is via broadcast infrastructure 50.This is considered to remote infrastructure.Under this access path, set-top box 10 is host computer systems.This is normally to the unidirectional satellite broadcasting of set-top box 10.Utilize by set-top box 10 to be connected, realized whole communications loop with broadcasting equipment with the passback path that returns the secure communication infrastructure between the path host server 60.Be sent to the response data that the data that return path host server 60 comprise the secure interactive business from set-top box 10.
The data that transmit between set-top box 10 and smart card 20 are via smart card of set-top box reader 12.Under this access path, according to application program and/or business logic, host computer system is set-top box 10 or smart card 20.This depends on that also which system has carried out initialization to the order that smart card 20 is provided with, to carry out commercial processes/logic.
Be sent to the data of passback path host server 60 via the communications infrastructure from set-top box 10.Guarantee communications infrastructure safety by the cryptographic system of generally acknowledging.This connection and remote infrastructure are by the unified local basis facility that is called.Under this access path, host computer system is a passback path host server 60.
Use smart card 20 as the physical conductors between set-top box 10 and the third party's smart card system in the data that transmit between set-top box 10 and the third party's smart card system.Under this access path, host computer system is the third party's smart card system by the communications infrastructure, wherein, uses the cryptographic system of generally acknowledging to guarantee communications infrastructure safety.
With reference to Fig. 2, use the cryptographic system of extensively generally acknowledging in whole broadcast infrastructure 50, broadcast transmitted to be encrypted.In case receive the broadcast transmitted of set-top box 10, set-top box 10 is just used the condition of himself to insert 11 pairs of broadcast transmitted that received of (CA) system and is decrypted.This is considered to first safe floor 200.The mutual fail safe that has improved safe set-top box transaction with the conditional access system 11 of set-top box.In an example, broadcasting equipment uses the physics access of the conditional access system 11 management holders 5 of set-top box to set-top box 10.Do not authorizing under the situation of physics access right by the conditional access system 11 of set-top box, holder 5 just can not use smart card 20 and set-top box 10 to carry out any safe set-top box transaction.
Safe floor 2
Safe floor 3
In an example, there be not authentication or the encrypt/decrypt scheme that is used for smart card 20.That is, smart card 20 does not need key and/or certificate, to carry out read/write in " freely reading and writing " smart card 20.If do not need authentication, think that then application program, information or data are unregistered.This fail safe to smart card 20 and/or set-top box 10 has caused threat, and is especially stolen or when suffering damage at it.
Cryptographic system to be to carry out read/write on smart card 20 if desired, then Here it is " safe read-write " smart card 20.All expect to use " safe read-write " smart card 20 as a rule.
Do not have at smart card under the situation of fail safe, with key to being sent to set-top box 10 from passback path host server 60 or third party's smart card system by secure communication infrastructure.Cipher key change authenticates passback path host server 60 and set-top box 10 mutually.Key is on the part of the conditional access system 11 of smart card 20 or set-top box.This is considered to the 3rd safe floor 202.
Key management is provided, and the key value that is generated to guarantee has necessary attribute, thereby the key that particular system is learnt by secure communication infrastructure in advance by secure broadcast infrastructure and/or the connection of passback path concurs or works separately.Key management has also guaranteed to use the combined protection key of multiple cryptographic technique not to be disclosed or to replace.Key management method is that asymmetric encipherment system or public key encryption system change according to its use basically.
For key management, passback path host server 60 is connected to believable side's 80 main business, with online or off-line management/distributing key and/or certificate.Believable side 80 can use the set-top box 10 that is used to manage its key lifetime cycle.Believable side 80 comprises Certificate Authority, member provider, bank and the believable third party that believable business is provided.
A plurality of safe set-top box application program, information or data (or message) of storage have proposed challenge to credibility, integrality and the fail safe that is connected the message that exchanges with smart card 20, set-top box 10, passback path host server 60, broadcast infrastructure 50 and passback path on single smart card 20.Message comprises any one in application program, information or the data.
Because message may come from anyone, any place any time, so can not guarantee the credibility of the message that received fully.In order to increase fail safe protection, use the cryptographic system of generally acknowledging to realize the security domain structure, with transmit leg or recipient's restricted number in specific security domain or enclosed environment.Also security domain is incorporated on the smart card 20.
In the 4th safe floor 203, use smart card authentication.The key that is provided with on the smart card 20 is made up of three different key items.The private key of smart card is known for smart card 20 only; The public keys of smart card is stored on the smart card 20; And the public-key certificate of smart card, be public keys by the smart card of believable side's 80 signatures.
If set-top box 10 is used cipher key combinations, then message is authenticated and encrypt/decrypt.Each data transmission and processing is carried out encryption technology, with the information that keeps responsive holder 5 and the confidentiality of message.This has guaranteed the credibility and the integrality of the data element of system and host computer system, and the risk of compromised keys and certificate and influence are minimized.
Not with the direct-reading text (clear text, expressly) or other any form that under the situation of not knowing suitable key or cryptographic system, just can extract represent ciphered data element.
Usually, the life cycle of key comprises that key foundation, key recovery, key replacement/renewal, cipher key revocation and key stop.By the connection via passback path host server 60, starter motor top box 10 is to provide key management functions to card publisher 85 and/or application program provider.The loading of key or key unit combines affirmation mechanism, to guarantee the credible of key and to prove whether it is distorted, replaces or be on the hazard.The key loading procedure can be to any part of unwarranted individual public-key cryptography unit.
Use digital certificate (being used for authentication) and Public Key Infrastructure, between host computer system, secure communication session is carried out initialization with the exchange digital certificate, thereby two systems of the public keys by using believable side 80 authenticate digital certificate.In case exchange has also authenticated digital certificate, system just can transmit encrypting messages each other.
The other method of initialization secure communication session is to authenticate according to the digital signature of the certificate that obtains in the host computer system such as set-top box 10, passback path host server and smart card 20 to believable side 80.Believable side's 80 public keys and/or private key also are used for the believable side's 80 who obtains on the certificate of host computer system digital signature is authenticated.Host computer system uses believable side's 80 public keys to verify the certificate of another system.
The key of storage is a private key, and is not used in other purpose.For example, same key can not be used for data encryption and PIN (PIN) encrypts.The key that is stored in the host computer system generates by multiple scheme, and is not displayed in the direct-reading text.
By broadcast infrastructure 50 with key to being transmitted to set-top box 10, this key to as the interim conversation key on the set-top box 10 to and/or the key that carries out when mutual with the smart card 20 that uses with set-top box 10 right.
The private key of encrypting is embedded in the safe key module of broadcast infrastructure.Use the condition access of broadcasting equipment that the safe key module is further encrypted, thereby provide another safe floor by the private key character string in the safe key block code is further encoded (scramble).Even this has guaranteed also can not represent private key with direct-reading text or plain text in the safe key block code.
If the cryptographic key and the card territory signature of acquiescence then under feasible situation, do not used in the card territory relevant with the application program that is loading.
If smart card 20 has had the application program of loading, then during back distribution is handled or safe set-top box trading time period, the follow-up application program of intelligent card and first application program are carried out alternately.Issue or be used for safe set-top box after second application program uses first application program or card territory to be used for and conclude the business.Similarly, during the distribution of back or at safety set-top box trading time period, use the secure service of first application program, so that second application program is installed on the smart card 20.
If smart card 20 has two or more application programs that have been loaded on the smart card, then the subsequent applications program be used for after issue or be used for the card territory of safe set-top box transaction or the security domain of any other existence carries out alternately.Therefore, during back distribution is handled, second application program is installed to and comprises on the smart card 20 first application program is downloaded in the card territory.Set-top box 10 is used for being activated the effective smart card 20 that is used for the back distribution work with being emitted to after application program, information or the data.With broadcast infrastructure 50 and/passback path host server 60 or work respectively, smart card 20 utilizes its key to certificate the back distribution from set-top box 10 being authorized.
On the smart card 20 a plurality of security domains can be arranged, each security domain is by unique encrypt relation or system representation.Each security domain is responsible for cryptographic key and is formed the management of associated encryption method of encrypt relation/business of security domain and shared.
A plurality of application program of intelligent card are relevant with same security domain.Security domain is created by card publisher/manufacturer 85, is perhaps added by card publisher/manufacturer 85 or application program provider afterwards.
Forwarding is used for application program, information or the data of back distribution to download to smart card 20, perhaps downloads to set-top box 10, passback path host server 60 or third party's smart card system by broadcast infrastructure 50.Use be present in smart card 20 on the identical key of key message is encrypted or pre-signature (to authenticate), make each application program have the unique signature that can be verified or authenticate by smart card 20.
The key business from the security domain of smart card self is used in the card territory, deciphers and check the signature of the message of being transmitted with the right public keys of asymmetric cryptographic key that uses application program provider.Alternatively, the card territory uses the key business of the conditional access system 11 of set-top box to be used for deciphering and checking.Alternatively, the card territory is used by broadcast infrastructure 50 and is downloaded to set-top box 10 or the key business of the smart card 20 that transmits from passback path host server 60 or third party's smart card system.
If the signature relevant with message is not that effectively then application program, information or data are not loaded on the smart card by set-top box 10, perhaps end safe set-top box transaction.Error notification appears on the display unit 30.But,, then in the environment of safety, application program, information or data load to smart card 20, or are activated safe set-top box transaction if the signature relevant with message is effectively.
Interactive application is downloaded to smart card 20 as file or application.
During the back distribution was handled, set-top box 10 initiated to be used for " opening (open) " order of preview smart card 20, to determine the smart card 20 qualified loadings of accepting application-specific, information or data.Open permission data and message size that order gives information to smart card 20, and indication smart card 20 determines whether whether smart card 20 conformed to the existing storage space of blocking with related data by individualized, message code.Its also definite whether being considered by the personal data of the distribution of messages that will be loaded is loaded into message on the specific smart card 20.Open order and carry out other required inspection of smart card system/card territory/security domain.
Carried out open order after, whether comprise correct identity personal data by set-top box 10 notice " application loader " smart cards 20, and whether have the enough spaces that are used for further down load application program, information or data in the memory of smart card 20.
Load and carry out with " establishment " step of finishing loading processing.After having loaded application program, this step makes this application program can move smart card 20.By set-top box 10 will " open ", the secure communication infrastructure that is used in combination of " loading " and " establishment " order is connected by broadcast infrastructure or passback path host server 60 and is sent to smart card 20.
The establishment order that is used for the back distribution checks whether the application program load certs is signed/encrypted by believable side 80, and therefore verify as the application program that is used for the appropriate application of smart card and set-top box 10, and be stored in smart card personalization data in the smart card 20 according to the inspection of the permission document (permission profile) of the application program that will be loaded, so that smart card 20 qualified loadings.If these check failure, then failure response is presented on the display unit 30, and abort process.After checking, application program is loaded in the memory of smart card 20 by these.
In one embodiment, except the card territory, independently security domain is created by application program of intelligent card provider on smart card 20.This separates smart card publisher/manufacturer 85 and security protocol/system between application program provider.Security domain comprises the safe key that card publisher/manufacturer 85 is kept secret.The order of intelligent card initialization and back distribution is ratified to be used in the card territory by the secure service that calls security domain.
Each territory has the unique secure service of itself, and is right together with private and/or (a plurality of) private key according to itself, is used for encrypting, deciphering and hash (hashing).Each territory comprises itself unique (a plurality of) digital certificate by believable side's 80 digital signature.
The system component that data is sent to host computer system can carry out following checking: believable side 80 public keys of the signature of the host computer system by using believable side 80 has ratified starting system.If be proved to be successful, then checking believable side 80 in starting side's has ratified host computer system, and the beginning Secure Transaction.
If detect and violated fail safe by residing in application program in set-top box 10 or the passback path host server 60/ third party's smart card system, then pin smart card 20 automatically.Set-top box 10 is by key or use the card territory to carry out pinning/unlocking function at card and application-level.Pinning/unlocking function is carried out in person by holder 5 or is automatically performed according to business logic or rule.
Work with security domain in the card territory.Security domain plays the effect of logical construction, to provide the function relevant with fail safe to card territory and application program, information or the data (or message) relevant with security domain.The card territory uses card publisher's private key application programs, information or data to be decrypted.
Security domain assists distribution after application program, information or the data security is loaded on the smart card 20.It provides security mechanism, and it keeps the information privacy (for example, cryptographic key) of application program provider, and prevents to reveal to card publisher/manufacturer 85.
Set-top box 10 and smart card 20 by mutual approval authentication procedure and cryptographic system, predetermined APDU command group and be used for smart card 20 and the protocol testing of set-top box 10 authenticates each other.This is credibility, integrality and compatibility in order to ensure each other.This set-top box application program that is used to guarantee comprise the safety of TV payment, TV banking and TV commerce/TV shopping alternately.These agreements also use set-top box 10 to prevent the use of the smart card 20 of duplicity ground distribution.
In case finished authentication, set-top box 10 and smart card 20 are being guaranteed to transmit transaction message and order each other in the safe environment by cryptographic service.
The password business
Exist two kinds to be used for system component with security of operation set-top box application program and the password business that is used for the transfer of data between the system.These two kinds of password business are: professional and asymmetrical (typically referring to Public Key Infrastructure) password business of symmetry (typically referring to private key or private key system) password.
The private key system uses the part of key as mathematical formulae, and this system comes message is encrypted by using this mathematical formulae, certificate and key conversion application, information and data (being referred to as message).After message was encrypted, the opposing party/recipient only can use identical private key that the message of encrypting is decrypted by means of predefined decipherment algorithm.Therefore, identical private key is used for encryption and decryption (therefore, this technology is called symmetry).Owing in whole encryption and decryption are handled, only relate to a private key, so this is safe.If but the private key damage, then this will increase risk.If so, whole encryption and decryption system also can be damaged.
Professional two different keys or the key of using of asymmetrical password is to being used for authentication and/or encrypt/decrypt message.These two keys typically refer to individual/private key and public keys.When a key that uses cipher key pair is encrypted message, another key is used for message is decrypted.If personnel A will send to the encrypting messages that all other men can not read personnel B, then the public keys of he user of service B is encrypted message, and sends it to personnel B.Have only the holder of the private key of B can the message of encrypting be decrypted.
Also there is different key usings method.In an example, the session key is stored in the particular system inside that only is used for next transaction.System derives session key from the static symmetrical master key that is used for each transaction.Must under the fail safe control higher, generate, distribute and load these master keys than common key.Alternatively, system only uses the static symmetric session keys that is used for each transaction.
Handle or transaction before, during or afterwards, master key/static keys is the cryptographic key that is present in the system.Master key is embedded in the system usually, for example, and in the security module of host computer system.
Session key is to be the special cryptographic key that generates of specific transaction/session, and in case has finished just calcellation of initial transaction.Session key transmits between system component, transaction is authenticated and be convenient to encryption/decryption process.
Because session key only is used for a transaction, so reduced the possibility of damaging.Yet key-encrypting key or master key are used for the session key of the security module that transmits or be stored in host server (comprising passback path host server 60) on proper communication infrastructure is encrypted.Must under the fail safe control higher, generate, distribute and load these master keys than common key.
The key (master key and/or session key) of symmetry is stored in the outer or security module of security module.If key is stored in the security module, then Dui Cheng key no longer leaves security module.In security module, carry out cryptographic calculations by function from system call.Security module resides in the passback path host server 60 of third party's host server 70 or broadcaster.
For providing another safe class 204 such as method of payment for set-top box 10 and commercial improved 3D safety of TV or Visa checking.Holder 5 needs in advance business to be registered in advance, and provides its user name and password to finish payment transaction.Holder's particulars are stored in the central database, and for each Secure Transaction of interactive service safe in utilization, according to the holder's of centralized stores particulars the particulars from the holder of smart card 20 are confirmed.
Another safe class 205 needs holder 5 to import its PIN (PIN) as required on user's interface device 40 and/or by other holders' 5 authenticating step.Alternatively, the biologicall test reading device that is connected with passback path host server 60 with set-top box 10 has been installed, so that holder 5 is authenticated.
Example-TV banking
In an example, set-top box 10 can play the effect that is similar to ATM (ATM).Holder 5 concludes the business with its financial institution by the smart card 20 that uses the bank of issue's distribution under it, with remittance and carry out account inquiries.In common ATM transaction, provide protection to holder 5 PIN (PIN), holder 5 main account number (PAN), cash amount, the date and time of financial transaction and the identifier of ATM.Transaction terminal (in this example, being set-top box 10), receive Transaction Information and PIN (PIN) from holder 5.From the memory of set-top box 10, fetch first session key of encrypting by first master key, and it is decrypted according to first master key in the memory of the host server 70 that is stored in financial institution equally.
Use is used for the multiple cryptographic system that the data element on the smart card 20 is transferred to the host server 70 of set-top box 10, passback path host server 60 and financial institution is guaranteed the safety of set-top box 10.The existing multiple cryptographic system that security means is provided can be protected these data element safety of these data elements/guarantee by these security means.Start Europay-mastercard-Visa (EMV) payment transaction by set-top box 10.The EMV process comprises: the request application program of intelligent card is with the authentication password business; The data relevant with transaction are sent to smart card 20, and this smart card calculates and returns the password business; Retrieval is not encapsulated into the data in the message in current application program of intelligent card; Use smart card 20 starting EMV payment transactions; And with the PIN (PIN) that provided be included in PIN in the card application and carry out " on the card (on card) " and contrast.
Be similar to " loading " order that is used for the back distribution, loading command is used for carrying out Stored Value by 10 pairs of Stored Value smart cards of set-top box 20.In addition, " payment " order is used to start the payment sequence, Stored Value smart card 20 is specified/debt-credit of predetermined quantity and stop the payment sequence." Stored Value " order makes the inquiry into balance transaction be performed.
Similarly, " payment " order makes payment transaction be performed, and is applicable to polytype means of payment, comprises the transaction based on credit (credit), debit (debit) and Stored Value smart card.With payment amount and currency as the parameter transmission.
In another example, transaction terminal is a set-top box 10.In the time of in being included in security module, first master key resides in the set-top box 10, perhaps by broadcast infrastructure transmission, and with conditional access system 11 co-operation of set-top box.First master key resides in the security context of set-top box 10 provisionally, up to disconnecting set-top box 10.The master key that the conditional access system 11 of set-top box also is used to broadcast is decrypted.
Financial institution retransmits message to holder 5 with identical session key, but uses second master key that it is encrypted this moment.By these return messages, will append in the return messages with the new or second/follow-up session key that first master key is encrypted.When finishing to conclude the business for the first time, second encrypted session key is replaced first session key, and concludes the business to being stored for next time.Even this has guaranteed that for same transaction all enciphered datas also are different with message authentication code.
Therefore, in the symmetric cryptography business, can generate session key by one or more master keys, this provides safer possibility with respect to the asymmetric cryptography business.Similarly, for other safe set-top box transaction, the communications infrastructure safe in utilization, specific Application Protocol Data Unit (APDU) order is sent to smart card 20 by broadcast infrastructure or the host server connection of passback path by set-top box 10.
For each Secure Transaction, set-top box 10 and smart card 20 authenticate each other by the authenticating step or the cryptographic system of mutual approval, and wherein, above-mentioned authenticating step or cryptographic system are used to check each other credible and compatible of smart card 20 and set-top box 10.This mutual authentication has prevented to use the smart card 20 of duplicity ground distribution, to finish safe set-top box transaction.In case finished safety certification, set-top box 10 and smart card 20 are transmitting transaction message each other, to begin safe set-top box transaction.
Key and certificate reside in the security module (not shown) of passback path host server 60/ set-top box 10, or reside on the smart card 20, or reside in provisionally on the set-top box 10 (because these set-top box 10 are not installed security module), in case the power-off of set-top box 10 is just deleted key and certificate.
Use the cryptographic system in identical or different smart card security territory or card territory to distinguish in the following transaction each:
For TV commerce/TV purchase transaction, use " payment " order to pay selected article/service of using set-top box 10 or ordering by debit, credit or Stored Value payment system.In addition, initiate " returning profit " order and return profit (TV returns a sharp part) holder 5 has been carried out safe set-top box transaction.The sharp point that returns that brings in and accumulate is stored in the smart card 20 safely, or is stored in passback path host server 60.
Return sharp safe set-top box transaction for TV member and TV, initiate " member " order, to carry out member's transaction." inquiry " order is used for the host server 70 request membership informations from member provider, and so that member's particulars of specific holder 5 to be provided, for example, residue is counted, repayment state and special offer.Use " returning profit " order to manage the accumulation that TV returns sharp point.
For the transaction of TV coupons, transaction is initiated in " coupons " order." coupons download " order is used for downloading TV coupons information from third party's smart card system." upload " host server 70 that order is used for information is uploaded to by the set-top box 10 and the communications infrastructure third party's smart card system." supplement with money " and order the value of being filled that is used to pay the money and credit on the smart card 20, it is used to be uploaded to third party's smart card system subsequently." uploading " order is used for credit information is uploaded to third party's smart card system.
For the TV coupon transactions, " reward voucher " order is used for selected TV reward voucher is downloaded to smart card 20 from set-top box 10.And the safe TV coupon redemption that " exchanging (redeem) " order is used for downloading is to set-top box 10.
For the transaction of TV pre-paid, " supplementing with money " order is used to pay the value (for telecommunications and utility company) that the money and credit on the smart card 20 are filled.It combines with " payment " order, to pass through credit, debit or Stored Value payment system payment transaction.
Move download transactions for TV, " move and download " order is used for moving download from the host server 70 of content supplier to mobile phone/device 20.It combines with " payment " order, to pass through credit, debit or Stored Value payment system payment transaction.
For TV government, " inquiry " order is used for host server 70 solicited messages from government organs, and so that specific holder's 5 particulars to be provided, for example, driving license upgrades.It combines with " payment " order, with credit, debit or the Stored Value payment system payment transaction by being used to pay government revenue, fine and license.
For TV card management, " back distribution " order be used for by with being connected of the host server 70 of card publisher/manufacturer, will be issued in the smart card after new/application program of upgrading.
For key management, the similar combination of " opening ", " loading " and " establishment " order is used to manage/key on distribution intelligence card 20 and the set-top box 10.
Message integrity
Usually, be used for authenticating/maintain secrecy.But if the message integrity no less important, then cryptographic system is used for coming encapsulation messages by applied cryptography function (being sometimes referred to as hash, verification and or message authentication code (MAC)).This message authentication system protection message is not changed, thereby has kept the integrality of message.With verification and value store with message.Each access or when using message, all recomputate verification and.If the verification of calculating/recomputating and with the value of being stored coupling, then message is not changed probably.Therefore, during transmission of messages, cryptographic check all is the important measures that prevent that message from distorting and losing efficacy together with the broadcasting and the communications infrastructure.
In the certificate by believable side's 80 digital signature after public keys and holder's 5 identity is bundled together in, thereby guaranteed the accuracy/credibility of binding.This digital signature is the agreement of generation and actual signature same effect.It is only can but other people can easily identify the mark that it belongs to this transmit leg by the transmit leg manufacturing.
Each system component can have the certificate more than a group: first group of certificate and the first group of individual/private key that is used for information is decrypted and encrypts are to relevant.Second group of certificate and the second group of individual/private key that is used to sign and the digital signature on the information of transmitting between the system is verified are to relevant.The right quantity of certificate and/or key depends on uses smart card 20 to finish the safety grades that safe set-top box exchange needs.
The copy protection
Utilization has the smart card 20 of the unique password business that is connected with the conditional access system 11 of set-top box and realizes the copy protection.This can be authorized to holder 5, writes down film, pay-per-view (PPV) program or paying with the set-top box 10 by " being subjected to copy protection " and records (PPT, pay-to-tape) program.Access right (access right) is stored on the smart card 20 or downloads by passback path host server 70 that is connected to content supplier or the secure communication infrastructure that returns the path host server when needed.Access right needs expense, and need supplement with money smart card 20 with certain predetermined currency values.
For the copy protection, passback path host server is connected to the host server of content supplier, to authorize the access right that holder 5 downloads certain content.The data on being stored in smart card 20, use the information in the host server 70 that is included in content supplier that holder 5 is authenticated.Particularly, holder 5 shifts to an earlier date location registration process, and wherein, holder 5 particulars are stored in the host server 70 of content supplier.
For the copy protection, " checking and approving " order is used to authorize the access right that holder 5 downloads certain content.It combines with " payment " order, to carry out transaction payment by credit, debit or Stored Value payment system.
Although described safe floor 200,201,202,203,204,205, it is contemplated that the combination in any of safe floor all is fine in order to provide the secure interactive business to holder 5 with reference to specific combination.
It should be appreciated by those skilled in the art, do not deviate from as before under the situation of broadly described scope of the present invention or spirit, can carry out various variations and/or change to the present invention shown in the specific embodiment.Therefore, will be understood that described embodiment is in order to describe rather than restriction comprehensively.
Claims (37)
1. an interactive TV system is used for providing the secure interactive business by the broadcast infrastructure by the broadcasting equipment operation to the user, and described system comprises:
Digital receiver, be used for by described broadcast infrastructure receive broadcast data with the professional relevant data of secure interactive, described digital receiver reception user's mobile device; And
Passback path host server is used to provide the passback path from described digital receiver to described broadcasting equipment to connect;
Wherein, by checking whether described user has the physics that uses described digital receiver and insert, check whether authorized described user to insert to use described secure interactive business and authenticate described passback path host server and described digital receiver is guaranteed safety with described secure interactive service interaction.
2. system according to claim 1, wherein, key by using described mobile device to and Application Protocol Data Unit (APDU) order and the group of forming by described broadcast infrastructure, described digital receiver and described passback path host server in any one communicate, further guarantee safety with described secure interactive service interaction.
3. system according to claim 1, wherein, for communicating by letter between described digital receiver and the described passback path host server, by according to being stored in described digital receiver of data verification on the described mobile device or described user's identity, further guarantee safety with described secure interactive service interaction.
4. system according to claim 1 wherein, by the identity of the described user of checking before permitting inserting described secure interactive business, further guarantees the safety with described secure interactive service interaction.
5. system according to claim 1, wherein, disperse described authentication and with described key to being sent to described digital receiver from described passback path host server, and right by the described key of described set-top box processes.
6. system according to claim 1, wherein, concentrate described authentication and with described key to being sent to described passback path host server from described digital receiver, and right by the described key of described passback path host server processes.
7. system according to claim 3 wherein, verifies described user's identity according to central database.
8. system according to claim 4 wherein, carries out described checking by PIN (PIN), password or the biometric scan of importing described user.
9. system according to claim 1 wherein, inserts sign by the condition of verifying described digital receiver and verifies described digital receiver.
10. system according to claim 1, wherein, at least one interactive application of storage on described mobile device handling and the relevant data of described secure interactive business, and sends response data to described secure interactive business.
11. system according to claim 1 wherein, provides described secure interactive business by described broadcasting equipment or third party.
12. system according to claim 11, wherein, described third party comprises financial institution, government organs or trader.
13. system according to claim 1, wherein, described passback path host server and third party's host server communicate.
14. system according to claim 1, wherein, the described secure interactive business of selection from move the group that download, TV government, TV payment transaction, TV banking, TV commerce, TV shopping, the management of TV card and TV coupons form by TV reward voucher, TV pre-paid, TV.
15. system according to claim 1, the safe key module that also comprises key and certificate management module and broadcast infrastructure, be used for management and distributing key and certificate, described key and certificate are used between described broadcast infrastructure and the described digital receiver, between described mobile device and the described digital receiver, between described digital receiver and the described passback path host server, and communicating by letter between described passback path host server and the described third party's host server, message, application program, and data are carried out encrypt/decrypt.
16. system according to claim 15, wherein, any one in the group that described key is made up of activation key, payment key, back distribution key, transmission security key, terminal key, authentication secret, host key and member's key.
17. system according to claim 1 also comprises the copy protection module, is used to authorize the content of described user record by described broadcast infrastructure and the broadcasting of described digital receiver.
18. system according to claim 1, also comprise security domain, be used to create unique cryptographic key, with guarantee between described mobile device and the described digital receiver, between described digital receiver and the described passback path host server and the secure communication between described passback path host server and the third party's host server.
19. system according to claim 18, wherein, in the symmetric cryptography business, described unique cryptographic key only uses single key.
20. system according to claim 1, wherein, for each session of described secure interactive business, use session key that communicating by letter between described broadcast infrastructure and the described digital receiver and between described digital receiver and the described passback path host server encrypted.
21. system according to claim 20, wherein, described session key at first is sent to described digital receiver by described broadcast infrastructure, perhaps be sent to described digital receiver by described mobile device, perhaps be sent to described passback path host server by described digital receiver, perhaps be sent to described digital receiver, perhaps between described passback path host server and third party's host server, transmit by described passback path host server.
22. system according to claim 1, wherein, the message that is sent to described passback path host server from described digital receiver is digitally signed, to guarantee the integrality of described message.
23. system according to claim 22, wherein, by believable side's authentication digital signature.
24. system according to claim 1 wherein, uses with described user-dependent information described mobile device is individualized, and by the processing of using activation key described mobile device is activated to use.
25. system according to claim 1, wherein, described digital receiver and described smart card authenticate mutually according to the verification process of approval mutually, to carry out secure communication each other.
26. system according to claim 25, wherein, described user imports the password of PIN (PIN), can insert information and the described secure interactive business that is stored on the described mobile device.
27. system according to claim 25, wherein, bioassay system is set, make to be stored under the identical situation of record in the biometric data base, can insert the information and the described secure interactive business that are stored on the described mobile device at described user's scanning biometric data and its.
28. system according to claim 1, wherein, described broadcast infrastructure is a satellite television infrastructure.
29. system according to claim 1, wherein, described broadcast infrastructure comprises the infrastructure that can pass through land signal, cable or wireless system carrying digital signal or analog signal.
30. system according to claim 1, wherein, described broadcast data is television broadcasting.
31. system according to claim 1, wherein, described digital receiver is set-top box, personal video record (PVR) or PDA(Personal Digital Assistant).
32. system according to claim 1, wherein, described user's mobile device can be connected to described digital receiver or be embedded in the described digital receiver.
33. system according to claim 1, wherein, described mobile device and described digital receiver carry out radio communication.
34. system according to claim 1, wherein, described mobile device is the card based on chip such as smart card.
35. system according to claim 1, wherein, described mobile device is the mobile computing device such as personal device assistant (PDA), palm machine, notebook, removable hard disk, thumb drives or mobile phone.
36. system according to claim 1 wherein, will be stored on the described mobile device with described user-dependent identity information, and read by described digital receiver.
37. system according to claim 36, wherein, be sent to described passback path host server to the described identity information encryption of major general and from described digital receiver, so that described user can carry out alternately with described secure interactive business, and will be from being sent to described digital receiver based on the response with described user's mutual described secure interactive business by described broadcast infrastructure.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| MYPI20050053 | 2005-01-06 | ||
| MYPI20050053 | 2005-01-06 | ||
| PCT/SG2005/000096 WO2006031203A1 (en) | 2005-01-06 | 2005-03-24 | An interactive television system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101138242A true CN101138242A (en) | 2008-03-05 |
Family
ID=34588158
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2005800489746A Pending CN101138242A (en) | 2005-01-06 | 2005-03-24 | An interactive television system |
Country Status (4)
| Country | Link |
|---|---|
| CN (1) | CN101138242A (en) |
| AU (1) | AU2005285538A1 (en) |
| GB (1) | GB2420208B (en) |
| WO (1) | WO2006031203A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101827086A (en) * | 2009-02-17 | 2010-09-08 | 柯尼卡美能达商用科技株式会社 | The network equipment and communication control method |
| CN101860406A (en) * | 2010-04-09 | 2010-10-13 | 北京创毅视讯科技有限公司 | Central processor and mobile multimedia broadcasting device, system and method |
| CN102855563A (en) * | 2012-07-24 | 2013-01-02 | 上海柯斯软件有限公司 | System and method for achieving secure payment based on set top box (STB) |
| CN103200433A (en) * | 2013-04-07 | 2013-07-10 | 四川长虹电器股份有限公司 | Conditional receiving system capable of near-field communication |
| US8578426B2 (en) | 2008-09-10 | 2013-11-05 | Qualcomm Incorporated | Method and system for selecting media content for broadcast based on viewer preference indications |
| US8613026B2 (en) | 2008-09-10 | 2013-12-17 | Qualcomm Incorporated | Methods and systems for viewer interactivity and social networking in a mobile TV broadcast network |
| CN103747300A (en) * | 2013-12-02 | 2014-04-23 | 中国传媒大学 | Conditional access system capable of supporting mobile terminal |
| CN104247327A (en) * | 2012-02-21 | 2014-12-24 | 密克罗奇普技术公司 | Cryptographic transmission system using key encryption key |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1945618A (en) * | 2006-10-19 | 2007-04-11 | 华为技术有限公司 | TV bank system, each component system and method of TV bank system |
| GB0701250D0 (en) | 2007-01-23 | 2007-02-28 | Cabot Comm Ltd | A method of implementing an automated return channel using broadcast receiver apparatus |
| US9100548B2 (en) | 2008-07-17 | 2015-08-04 | Cisco Technology, Inc. | Feature enablement at a communications terminal |
| CN102065092B (en) * | 2010-12-31 | 2013-03-06 | 广东九联科技股份有限公司 | Method and system for authorizing digital signature of application program of set top box |
| CN102149011B (en) * | 2011-04-06 | 2013-09-18 | 北京视博数字电视科技有限公司 | Digital television payment method and system based on smart card of digital television |
| CN112788369A (en) * | 2021-02-02 | 2021-05-11 | 江苏省广电有线信息网络股份有限公司无锡分公司 | Commodity pushing method based on set top box |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100680663B1 (en) * | 1997-03-21 | 2007-02-08 | 까날 + (쏘시에떼 아노님) | Broadcast and reception system, and receiver/decoder and remote controller therefor |
| IL121862A (en) * | 1997-09-29 | 2005-07-25 | Nds Ltd West Drayton | Distributed ird system for pay television systems |
| US6607136B1 (en) * | 1998-09-16 | 2003-08-19 | Beepcard Inc. | Physical presence digital authentication system |
| US8818871B2 (en) * | 2001-06-21 | 2014-08-26 | Thomson Licensing | Method and system for electronic purchases using an intelligent data carrier medium, electronic coupon system, and interactive TV infrastructure |
| US20030028883A1 (en) * | 2001-07-30 | 2003-02-06 | Digeo, Inc. | System and method for using user-specific information to configure and enable functions in remote control, broadcast and interactive systems |
| US6865555B2 (en) * | 2001-11-21 | 2005-03-08 | Digeo, Inc. | System and method for providing conditional access to digital content |
| SE0203493D0 (en) * | 2002-11-26 | 2002-11-26 | Kianoush Namvar | Interactive Media Communication |
-
2005
- 2005-03-24 CN CNA2005800489746A patent/CN101138242A/en active Pending
- 2005-03-24 WO PCT/SG2005/000096 patent/WO2006031203A1/en active Application Filing
- 2005-03-24 AU AU2005285538A patent/AU2005285538A1/en not_active Abandoned
- 2005-04-01 GB GB0506692A patent/GB2420208B/en not_active Expired - Fee Related
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8578426B2 (en) | 2008-09-10 | 2013-11-05 | Qualcomm Incorporated | Method and system for selecting media content for broadcast based on viewer preference indications |
| US8613026B2 (en) | 2008-09-10 | 2013-12-17 | Qualcomm Incorporated | Methods and systems for viewer interactivity and social networking in a mobile TV broadcast network |
| CN102210163B (en) * | 2008-09-10 | 2014-09-17 | 高通股份有限公司 | Methods and systems for enabling interactivity in a mobile broadcast network |
| CN101827086A (en) * | 2009-02-17 | 2010-09-08 | 柯尼卡美能达商用科技株式会社 | The network equipment and communication control method |
| CN101860406A (en) * | 2010-04-09 | 2010-10-13 | 北京创毅视讯科技有限公司 | Central processor and mobile multimedia broadcasting device, system and method |
| CN101860406B (en) * | 2010-04-09 | 2014-05-21 | 北京创毅视讯科技有限公司 | Central processor and mobile multimedia broadcasting device, system and method |
| CN104247327A (en) * | 2012-02-21 | 2014-12-24 | 密克罗奇普技术公司 | Cryptographic transmission system using key encryption key |
| CN102855563A (en) * | 2012-07-24 | 2013-01-02 | 上海柯斯软件有限公司 | System and method for achieving secure payment based on set top box (STB) |
| CN102855563B (en) * | 2012-07-24 | 2016-03-09 | 上海柯斯软件股份有限公司 | The system and method for secure payment is realized based on Set Top Box |
| CN103200433A (en) * | 2013-04-07 | 2013-07-10 | 四川长虹电器股份有限公司 | Conditional receiving system capable of near-field communication |
| CN103747300A (en) * | 2013-12-02 | 2014-04-23 | 中国传媒大学 | Conditional access system capable of supporting mobile terminal |
| CN103747300B (en) * | 2013-12-02 | 2018-06-29 | 中国传媒大学 | A kind of condition receiving system for supporting mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| GB2420208B (en) | 2007-02-28 |
| GB2420208A (en) | 2006-05-17 |
| AU2005285538A1 (en) | 2006-03-23 |
| WO2006031203A1 (en) | 2006-03-23 |
| GB0506692D0 (en) | 2005-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101138242A (en) | An interactive television system | |
| CN109118193B (en) | Apparatus and method for secure element transaction and asset management | |
| US9129199B2 (en) | Portable E-wallet and universal card | |
| CN105684346B (en) | Ensure the method for air communication safety between mobile application and gateway | |
| US9218598B2 (en) | Portable e-wallet and universal card | |
| US9218557B2 (en) | Portable e-wallet and universal card | |
| US9916576B2 (en) | In-market personalization of payment devices | |
| US9177241B2 (en) | Portable e-wallet and universal card | |
| US7865431B2 (en) | Private electronic value bank system | |
| US7983994B2 (en) | Module ID based encryption for financial transactions | |
| US20120284194A1 (en) | Secure card-based transactions using mobile phones or other mobile devices | |
| US20080208758A1 (en) | Method and apparatus for secure transactions | |
| US20150287031A1 (en) | Methods and apparatus for card transactions | |
| CN105027153A (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
| CN107077670A (en) | Transaction message is sent | |
| JP2000306003A (en) | System and method for making active use of electronic value, server device and recording medium | |
| WO2013112839A1 (en) | Portable e-wallet and universal card | |
| KR20060125835A (en) | Emv transactions in mobile terminals | |
| CN109716373A (en) | Cipher authentication and tokenized transaction | |
| CN104182875A (en) | Payment method and payment system | |
| WO2022087791A1 (en) | Digital asset transaction control method and apparatus, terminal device, and storage medium | |
| KR100598573B1 (en) | Creating and authenticating one time card data using smartcard and the system therefor | |
| KR102395871B1 (en) | A payment terminal apparatus for providing multi van services using a distributed management network of encryption key based on block chains | |
| KR101912254B1 (en) | A method of processing transaction information for preventing re-use of transaction information based on a shared encryption key, an appratus thereof | |
| KR20080003303A (en) | System for payment by using authorized authentication information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1109985 Country of ref document: HK |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20080305 |
|
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: WD Ref document number: 1109985 Country of ref document: HK |