CN101170676B - Method and system for encrypting user login information in interactive network TV system - Google Patents
Method and system for encrypting user login information in interactive network TV system Download PDFInfo
- Publication number
- CN101170676B CN101170676B CN2007101883384A CN200710188338A CN101170676B CN 101170676 B CN101170676 B CN 101170676B CN 2007101883384 A CN2007101883384 A CN 2007101883384A CN 200710188338 A CN200710188338 A CN 200710188338A CN 101170676 B CN101170676 B CN 101170676B
- Authority
- CN
- China
- Prior art keywords
- user
- login
- encryption
- password
- plaintext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 230000002452 interceptive effect Effects 0.000 title claims description 7
- 230000004044 response Effects 0.000 claims abstract description 28
- 230000006870 function Effects 0.000 claims description 63
- 230000008569 process Effects 0.000 claims description 31
- 230000005540 biological transmission Effects 0.000 claims description 10
- 230000008676 import Effects 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 238000005538 encapsulation Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000001771 impaired effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
A method for encrypting user's login information in an IPTV system is provide, which relates to a built-in customer software frame system, a STB client end, an EPG service terminal and a service management system. The method comprises the following steps: a) the STB client end, supporting for the login encryption flow, performs the encryption treatment of plain text of a confidential information inputted by the user to generate a cipher text and then sends a login request to the EPG service terminal; b) the EPG service terminal, according to the encryption mark carried in the login request, judges the encryption flow and decrypts the cipher text to a plain text and then sends a login identification request to the service management system; c) the service management system identifies the login and returns a response of successful or failed identification, the EPG service terminal issues the related webpage to the STB client end for customer use. The inventive method has expandable flow, definite function and duty of each subsystem and good compatibility with STB not supporting the encryption function.
Description
Technical field
The present invention relates to IPTV (IPTV, Internet Protocol Television) system user safe practice, relate in particular to the technology that the IPTV system protects the user profile confidentiality.
Background technology
IPTV has higher requirement to the safety of network as a kind of video media service business.Set-top box (STB, Subscriber Terminal Block) is the web browser of directly serving towards the end user, it not only provides colourful Electronic Program Guide (EPG, Electronic ProgramGuide) page also provides multiple value-added services such as information, recreation, Karaoke simultaneously.Existing EPG server is when reinforcement server network security (mainly being Account Administration and login safety management) has been taked a lot of measures, at the potential insecurity of public network network environment, yet there are no and take measures necessary to guarantee the fail safe of user's information such as user cipher in login process, be the HTML (Hypertext Markup Language) (HTTP that present STB is asked when EPG logins, Hyper Text Transfer Protocol) URL(uniform resource locator) (URL, Uniform Resource Locator) in, password and user name all adopt expressly and transmit, the easy like this user profile that makes is stolen in transmission and transmission course, cause user benefit impaired, thereby be unfavorable for the sound development of IPTV business.Thereby the important topic that present IPTV system is faced is how to provide technological means to protect the confidentiality of user's important information (as account, password etc.) in business procedure.
And, when considering to provide above-mentioned technological means to protect user's confidentiality information, also need to consider can compatible original IPTV system user terminal function.
Summary of the invention
Technical problem to be solved by this invention provides a kind of system for encrypting user login information in interactive network TV method and system, can guarantee the fail safe of IPTV system user password transmission in login process, also can be compatible those support information encryption function STB user terminals not, make it still can normally login and normally use all functions of IPTV system.
In order to solve the problems of the technologies described above, the invention provides a kind of system for encrypting user login information in interactive network TV method, relate to user software frame system, set-top box STB client, electronic program guide (EPG) service end and business management system in the IPTV IPTV system, described method comprises step:
(a) the STB client of support login encryption flow is carried out encryption to the plaintext of the confidentiality information of user's input, sends logging request to the EPG service end after the generation ciphertext;
(b) the EPG service end is to send the login authentication request to business management system after encryption flow then becomes decrypt ciphertext expressly according to the encryption indicator that carries in the logging request if judge;
(c) business management system is verified login, returns the response that is proved to be successful or fails; The EPG service end responds according to this, pushes away the corresponding page and use for the user under the STB client.
Further, step (a) confidentiality information comprises user name or password, the encryption function that step (a) provides by STB client call software frame system is implemented, and the parameter that this encryption function returns comprises the encryption indicator that encryption is carried out in ciphertext, key and the expression of ciphertext, the password of user name.
Further, step (a) STB client then also comprises step: the plaintext of user name and password is write in the temporary variable of buffer memory if judge that the user logins again before carrying out encryption.
Further, step (b) EPG service end according to key and with the STB client in advance the initial vector of agreement with described decrypt ciphertext.
Further, step (c) is proved to be successful response if the EPG service end is received, then further judges and then directly releases the EPG homepage to the STB client and use for the user if checking is to login first at the user; If checking is to login again at the user, the interface function that then calling the software frame system provides writes the STB client with the user name of buffer memory and the plaintext of password, releases the EPG homepage to the STB client then and uses for the user; If the EPG service end is received the authentication failed response, then release login page again to the STB client, re-enter password for the user, to login again.
Further, the STB client of not supporting to login encryption flow is implemented expressly flow process by the encryption function that calls the software frame system and provide, and the parameter that this encryption function returns comprises the plaintext of user name, the plaintext of password and the encryption indicator that encryption is not carried out in expression; The EPG service end is directly sent the login authentication request with the plaintext of user name and password to business management system.
Further, the user software frame system operates on the STB client and resides in the EPG service end, obtains and loads from the EPG service end when the STB client is started shooting.
Further, when EPG was carried out load balancing, user name and password also adopted encryption flow or expressly flow process transmission; Perhaps, for the function of the user's modification password that occurs in the corresponding page, original code, new password all adopt encryption flow or expressly flow process transmission.
In order to solve the problems of the technologies described above, the invention provides a kind of system for encrypting user login information in interactive network TV system, comprise IPTV IPTV system intra subsystem: user software frame system, STB client, EPG service end and business management system, wherein:
The user software frame system is used to IPTV user that the user is provided login page, imports user's confidentiality information for IPTV user, and sends log on command;
The STB client is used for providing the support of the user being logined the execution encrypted login as terminal equipment, and the plaintext of the confidentiality information that is about to receive sends logging request to the EPG service end after carrying out encryption generation ciphertext;
The EPG service end is used for as server end after receiving described logging request, and the encryption indicator that carries according to request is to carry out the encrypted login flow process as if judging, then solves the plaintext of confidentiality information, sends the login authentication request to business management system again; According to the response that is proved to be successful or fails that the business management system of receiving is returned, under the STB client, push away the corresponding page and use for the user;
Business management system is used to realize the authentification of user of IPTV business, promptly the user name and the password of user's login is verified; Simultaneously, the provider to user, described IPTV business and IPTV business manages.
Further, the user software frame system also provides the application programming interfaces API of a series of encapsulation, calls for STB client and operation function pages thereon; This user software frame system operates on the STB client and resides in the EPG service end, obtains and loads from the EPG service end when the STB client is started shooting.
Further, confidentiality information comprises user name or password, the STB client is implemented encrypted login by the encryption function that calls among the API, and the parameter that this encryption function returns comprises the ciphertext of user name, ciphertext, the key of password and the encryption indicator that is used to represent to carry out encryption;
Perhaps, the STB client also provides logins the support of carrying out the plaintext login to the user, promptly implement expressly login by the encryption function that calls among the API, the parameter that this encryption function returns comprises the plaintext of user name, the plaintext of password and the encryption indicator that is used to represent the unencryption processing, and the EPG service end sends the login authentication request with the plaintext of user name and the plaintext of sign indicating number to business management system.
Further, the STB client also is used for before implementing encrypted login, according to user's new login of attaching most importance to the user name of user's input and the plaintext of password is write in the temporary variable of buffer memory.
Further, the EPG service end judges that this checking is to login first at the user if receive the response that is proved to be successful, and then directly releases the EPG homepage to the STB client and uses for the user; If judge that this checking is to login again at the user, the interface function that then calls earlier among the API writes the STB client with the user name of buffer memory and the plaintext of password, releases the EPG homepage to the STB client again and uses for the user; The EPG service end is logined for the user again if the response of receiving authentication failed is then released login page again to the STB client.
Adopt the information ciphering method clear process of IPTV user's login provided by the invention reliable, the function responsibility of each subsystem is very clear in the system, and the extensibility of this flow process is also very good.Simultaneously, give compatibility, it can be consistent with present login process for the STB that does not support encryption function.
Description of drawings
Fig. 1 is the information ciphering method flow chart of IPTV system user login of the present invention;
Fig. 2 is the application example flow chart of IPTV system for encrypting user login information method shown in Figure 1.
Embodiment
The information ciphering method of IPTV user's login provided by the invention, relate to the intrasystem subsystem of IPTV: IPTV user software frame system, STB client, EPG service end and business management system, the method comprising the steps of: the STB client of (a) supporting encrypted login checking flow process is called encryption function to the user name of user's input and password and is carried out encryption, initiates logging request to the EPG system after generating ciphertext; (b) the EPG system judges it is encryption flow or plaintext flow process according to the encryption indicator that carries in this request, if encryption flow is sent the login authentication request to business management system after then the initial vector of agreement becomes decrypt ciphertext expressly in advance according to key and with STB; If expressly flow process is then directly sent the login authentication request to business management system; (c) business management system is verified login, returns the response that is proved to be successful or fails; The response that the EPG system returns according to business management system pushes away the corresponding page and uses for the user under the STB client.
Be proved to be successful response if business management system is returned, then further successfully take appropriate measures according to user's new login of whether attaching most importance to; If business management system is returned the authentication failed response, then release login page again in the STB client, allow the user re-enter password and login again.
If the success response that EPG system judgement business management system is returned is then directly released the EPG homepage and is used for the user for login first; If judge success response that business management system the is returned new login of attaching most importance to, then first calling interface function writes the STB client with the password that the user name and the user of buffer memory re-enters, and then releases the EPG homepage and use for the user.
Below will by embodiment also in conjunction with the accompanying drawings technique scheme of the present invention be described in detail.
The information ciphering method of IPTV system user login provided by the invention, can guarantee the fail safe of IPTV system user password transmission in login process, simultaneously, consider that also in the existing network actual motion those use the client do not support encryption function STB, also can normally login all functions of IPTV system and the normal IPTV of use system.For this reason, method of the present invention needs to consider to finish following situation:
(1) EPG adopts encryption flow to the STB client login of supporting encryption flow respectively, and present plaintext login process is adopted in the STB client login of not supporting encryption flow;
Use when (2) EPG supports to adapt to these two kinds of STB client releases automatically.
As shown in Figure 1, for the present invention is directed to the information ciphering method flow chart of the IPTV system user login that above-mentioned consideration proposes, it is mutual that this method relates to the function of user software frame system, STB client, EPG server and business management system of IPTV, and this flow process may further comprise the steps:
101: the user sends log on command after the STB client is inputed user name, password;
The user clicks login button behind STB client input password, just send log on command.
102: support the STB client of encrypted login identifying procedure that user name, password are encrypted, and with behind the encrypting and authenticating sign, the URL by HTTP initiates logging request to EPG;
After 103:EPG receives this request, judge according to the encryption indicator that carries in this request whether this request is the encrypted login flow process, if execution in step 104, execution in step 105 then if not;
After EPG receives this request, judge whether to encrypt and corresponding cryptographic algorithm, carry out encryption flow if encrypt according to encryption indicator; Then carry out expressly flow process if not encrypting.
104:EPG solves the plaintext of user name, password according to the key that carries in the request and with the initial vector of the prior both sides' agreement of STB, and sends the login authentication request to business management system, and execution in step 106 then;
EPG need generate actual decruption key according to encryption key, and comes decrypted user logon name and login password according to the initial vector of prior both sides' agreement, generates expressly.
105:EPG directly sends the login authentication request with the plaintext of user name, password to business management system;
106:EPG judges whether business management system is proved to be successful this request, if successful then execution in step 107, if fail then execution in step 108;
If the user logins unsuccessful, the EPG pushing login page is to the STB client.The login interface of this moment shows the right user name, and this user name can be revised by remote controller by the user, but password is empty, waits for that the user re-enters password.
107:EPG judges whether this login is that the user logins again, if execution in step 109, execution in step 110 then if not;
108:EPG releases the login authentication page again, and password is empty under this page, treat that the user re-enters password after, STB returns step 102 then and carries out by calling encryption function with user name and password buffer memory;
109:EPG writes STB by the calling interface function with user name, the password of buffer memory;
After the user logined authentication success once more, business can be called the JavaScript interface function, and the plaintext of user name in the temporary variable of buffer memory and password is write among the STB.
110: release the EPG homepage to the STB client and use for the user.
EPG is as server, sometimes often need carry out load balancing according to the service conditions of client, it is too much just to work as the STB terminal that EPG had jurisdiction over, when causing server load overweight, consider a part of STB user is moved to the processing of getting on of other EPG server, and this process is will avoid allowing the user login once more and bring to it and to use trouble.Therefore, the relevant information of user's login need be transmitted in the lump.
To this, the present invention also considers, when EPG is carried out load balancing because do not need the user to remake login for the second time, this moment load balancing URL in the field value of user name and password also to adopt ciphertext (if desired and support encryption function) to transmit.
For the function of releasing the user's modification password that occurs in the Page Template, original code, new password be unified to use ciphertext (if desired and support encryption function, to call cryptographic operation equally) mode transmit, the login process again of this flow process and STB client is similar.
Sum up foregoing, do not support the normal login of the set-top box of encryption flow for compatibility is existing, method of the present invention is by increasing the encryption indicator position, judge that this login is to adopt encryption flow or adopt expressly flow process, thus the automatic adaptation of realization to supporting to encrypt and do not support to encrypt these two kinds of STB.
If the operation that the time need encrypt in login the user, STB must correspondingly can provide the encryption function function so, when the user submits login page to, need call corresponding encryption function, and this function must be the flow process that compatible STB does not encrypt.In addition,, also need interim cache user login name and password, and provide interface function, should be written to STB by interim cache size by EPG to EPG for login again or when revising password.Support encrypted login method of the present invention with this.
Present embodiment provides above-mentioned framework user system, encryption function and the interface function except adopting JavaScript software frame system, also can adopt other software frame systems to realize framework user system and each power function, present embodiment only is used for explanation and sets forth method of the present invention, and is not limited to the present invention.
As shown in Figure 2, be the concrete application example of the foregoing description, it comprises following subsystem in the IPTV system:
STB client: be used for realizing the STB function by IPTV hardware as terminal equipment, or has an IPTV set-top box functionality by what pure software was realized, both can provide user login information had been carried out the expressly support of transmission flow, also can provide the support of user login information being carried out encryption flow; Promptly after receiving that the user logins the user name and password of input first, call the JS encryption function with the user name of user's input and password encrypt generate ciphertext after, the URL by HTTP sends logging request to the EPG service end; Perhaps, after receiving that the user logins the user name and password of input again, call the JS encryption function user name and the password of user's input are encrypted the generation ciphertext, and the plaintext of user name and password is carried out passing through the URL of HTTP to EPG service end transmission logging request behind the buffer memory.
The user software frame system of IPTV: be used to IPTV user that the user is provided login page, input user name and password for the IPTV system user, and send log on command; In addition, also provide the application programming interfaces (API, Application Program Interface) of a series of encapsulation, call for STB and operation function pages thereon.
This user software frame system is a software frame based on JS (JavaScript) that operates on the STB client, and this framework resides in the EPG server.When STB starts shooting, can obtain and load from EPG.
The EPG service end: the user is as server end, after receiving the logging request that the STB client sends, judge it is to carry out expressly login process or execution ciphertext login process according to its encryption indicator that carries, if the latter, then according to key and with the STB client in advance the initial vector of agreement solve the plaintext of user name, password, send the login authentication request to business management system again; After receiving the auth response that business management system is returned, under the STB client, push away the corresponding page and use for the user.
If business management system is returned and is proved to be successful response, then log on as login first and push away the EPG homepage directly and use for the user according to this; Or log on as again login according to this and then call the JS interface function earlier the user name of buffer memory, the plaintext of password are write the STB client, and then under push away the EPG homepage and use for the user;
If business management system is returned the authentication failed response, then have an high regard for the new login page down and re-enter user name and password usefulness for the user.
Have a plurality of EPG servers in the whole network, setting the EPG server that is in Centroid is the main business navigation system.
Business management system: be mainly used in the authentification of user (promptly the user name and the password of user's login being verified) of realizing the IPTV business, order and quit the subscription of; Can manage user, business and service provider etc. simultaneously.
See also Fig. 2, should login specifically may further comprise the steps of encryption flow with instance user:
201: the user imports username and password in the STB client by the page of software frame, and presses login button;
202:STB client call encryption function becomes user name, password encryption ciphertext or directly expressly sends logging request with user name, password;
For example: STB at the HTTP URL of the logging request that sends to EPG is:
Http: // 10.1.1.1:8080/iptvepg/frame.jsp? state=1﹠amp; Stb_id=12345612345678﹠amp; Loginname=010﹠amp; Password=1﹠amp; Server_ip=http: // 10.1.1.2:8080/iptvepg/﹠amp; User_ip=10.1.2.1﹠amp; SmartCardID=undefine﹠amp; Accessmethod=LAN﹠amp; Adslusername=﹠amp; Adslpassword=1234
Wherein: loginname, password are respectively expressly to represent username and password;
The STB client of supporting log-on message to encrypt is encrypted the plaintext of loginname and password, as: loginname=46542AB9E06C37BE, password=46542AB9E06C37BE;
Notice that here owing to loginname=password, the result after therefore they being encrypted is the same.If loginname ≠ password, the result after so they being encrypted is different certainly.
At this, the algorithm that regulation is encrypted is Base16[3DES (loginname)], Base16[3DES (password)].Promptly elder generation carries out three symmetries (DESede/CBC/PKCS5Padding) encryption to the plaintext of user name or password, and the byte arrays after will encrypting is then carried out the Base16 coding.
Then, does STB increase in the URL of logging request or changes following parameter: http: // 10.1.1.1:8080/iptvepg/frame.jsp? state=1﹠amp; Stb_id=12345612345678﹠amp; Loginname=46542AB9E06C37BE﹠amp; Password=46542AB9E06C37BE﹠amp; Server_ip=http: // 10.1.1.2:8080/iptvepg/﹠amp; User_ip=10.1.2.1﹠amp; SmartCardID=undefine﹠amp; Accessmethod=LAN﹠amp; Adslusername=﹠amp; Adslpassword=﹠amp; Cryptmode=1﹠amp; Cryptkey=200611211430000000000000
Need to prove at this cryptmode field is used for representing whether this STB supports the version number of encrypting, promptly cryptmode=1 represents that STB supports to encrypt and used cryptographic algorithm; And cryptmode=0 does not perhaps have the cryptmode parameter, and expression STB does not support to encrypt.Cryptkey is expressed as 24 3DES encryption key, and its generation principle is: preceding 14 bit representation temporal information yyyyMMddHHmmss, back 10 is to generate integer value at random.For the initial vector of encrypting is that STB and EPG both sides are decided to be 16 character strings, for example { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08} in advance approximately
*, the result of password value with regard to being to use above-mentioned initial vector to encrypt by certain logical operation.
After the 203:EPG service end is received this request, encrypt and corresponding cryptographic algorithm if be judged as to adopt according to the cryptmode parameter, then decipher loginname and password according to crpytkey generation actual decruption key and the prior initial vector of arranging of both sides, to generate the plaintext of user name and password, send the login authentication request to business management system then;
204: after business management system is received this login authentication request, the user name and the password of user's login are verified,, returned the response that is proved to be successful if checking is passed through; If checking is not passed through, return the response of authentication failed;
205:EPG receive business management system return be proved to be successful response after, if judge it is that the user logins success first, then push the EPG homepage and give the STB client, use for the user;
206:EPG pushes again the login authentication page and gives the STB client after receiving that business management system is returned the authentication failed response, logins usefulness again for the user;
The login page of this moment shows right user name (this user name also can be revised certainly), but password is empty, waits for that the user re-enters password.
207: the user re-enters username and password, and presses login button;
The 208:STB client must be before logon form is submitted to earlier with login page login.jsp on the password of user's input expressly (username password) encrypts, and transmits after the generation ciphertext again by calling encryption function jsGetEcryptPara; The function of this encryption function is:
1) returns encryption or plaintext related parameter values, as " 46542AB9E06C37BE; 46542AB9E06C37BE; 2006112114300000; 1 ", first parameter is the user name after encrypting, second parameter is the password after encrypting, the 3rd parameter is 24 keys, and the 4th parameter is that the sign of whether encrypting (1: encrypted by expression; 0: the expression unencryption); If need not encrypt, just return with plaintext, i.e. " xxxx, yyyy, 0,0 ", wherein " xxxx ", " yyyy " are respectively user name and password expressly;
2) plaintext of the user name that will import into or password writes in the temporary variable of buffer memory.
The 209:EPG service end becomes expressly decrypt ciphertext with key according to encryption indicator, or directly expressly to send the login authentication request to business management system;
210: when user name that business management system is logined once more to the user and password verify pass through after, return the response that is proved to be successful;
The 211:EPG service end can be called the another one interface function jsSetNtvAccount () of JS, by this interface function the plaintext of user name in the temporary variable or the password temporary variable by buffer memory is write among the STB; And push the EPG homepage to the STB client, use for the user.
EPG is when carrying out load balancing, because do not need STB to remake login for the second time, the field value of user name and password also should adopt ciphertext (if encryption) to transmit among the URL of load balancing at this moment.
For the function of the user's modification password that occurs in the template, original code, the unified mode of ciphertext (encrypting relevant JS function in the same invocation step 208 if desired) of using of new password are transmitted (logining similar again with STB).
By foregoing description as can be seen, adopt the information ciphering method of IPTV user's login provided by the invention, its clear process is reliable, and the function responsibility of each subsystem is also very clear in the system, and the extensibility of this flow process is also very good.Simultaneously, give compatibility, it can be consistent with present login process for the set-top box of not supporting encryption function.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (13)
1. system for encrypting user login information in interactive network TV method, relate to user software frame system, set-top box STB client, electronic program guide (EPG) service end and business management system in the described IPTV IPTV system, described method comprises step:
(a) the described STB client of support login encryption flow is carried out encryption to the plaintext of the confidentiality information of described user's input, sends logging request to described EPG service end after the generation ciphertext;
(b) described EPG service end is to send the login authentication request to described business management system after encryption flow then becomes decrypt ciphertext described plaintext according to the encryption indicator that carries in the described logging request if judge;
(c) described business management system is verified login, returns the response that is proved to be successful or fails; Described EPG service end pushes away the corresponding page and uses for described user according to described response under described STB client.
2. in accordance with the method for claim 1, it is characterized in that, the described confidentiality information of step (a) comprises user name or password, the encryption function that step (a) provides by the described software frame of described STB client call system is implemented, and the parameter that described encryption function returns comprises that ciphertext, key and the expression of the ciphertext of described user name, described password carry out the described encryption indicator of encryption.
3. in accordance with the method for claim 2, it is characterized in that, the described STB client of step (a) then also comprises step: the plaintext of described user name and password is write in the temporary variable of buffer memory if judge that described user logins again before carrying out described encryption.
4. according to claim 2 or 3 described methods, it is characterized in that, the described EPG service end of step (b) according to described key and with described STB client in advance the initial vector of agreement with described decrypt ciphertext.
5. in accordance with the method for claim 3, it is characterized in that, step (c) is then further judged if described checking is to login first at described user if described EPG service end is received the described response that is proved to be successful, is then directly released the EPG homepage to described STB client and use for described user; If described checking is to login again at described user, the interface function that then calling described software frame system provides writes described STB client with the described user name of buffer memory and the plaintext of password, releases the EPG homepage to described STB client then and uses for the user; If described EPG service end is received described authentication failed response, then release login page again to described STB client, re-enter password for described user, to carry out described login again.
6. in accordance with the method for claim 2, it is characterized in that, the described STB client of not supporting to login encryption flow is implemented expressly flow process by the encryption function that calls described software frame system and provide, and the parameter that described encryption function returns comprises the plaintext of the plaintext of described user name, described password and the described encryption indicator that encryption is not carried out in expression; Described EPG service end is directly sent the login authentication request with the plaintext of described user name and described password to described business management system.
7. according to claim 1 or 6 described methods, described user software frame system operates on the described STB client and resides in described EPG service end, obtains and loads from described EPG service end when described STB client is started shooting.
8. in accordance with the method for claim 6, it is characterized in that when described EPG was carried out load balancing, described user name and described password also adopted described encryption flow or the transmission of described plaintext flow process; Perhaps, for the function of the user's modification password that occurs in the corresponding page, original code, new password all adopt described encryption flow or the transmission of described plaintext flow process.
9. system for encrypting user login information in interactive network TV system comprises IPTV IPTV system intra subsystem: user software frame system, STB client, EPG service end and business management system, wherein:
Described user software frame system is used to IPTV user that the user is provided login page, imports described user's confidentiality information for described IPTV user, and sends log on command;
Described STB client is used for providing the support of the user being logined the execution encrypted login as terminal equipment, and the plaintext of the described confidentiality information that is about to receive sends logging request to described EPG service end after carrying out encryption generation ciphertext;
Described EPG service end, be used for as server end, after receiving described logging request, the encryption indicator that carries according to described request is to carry out the encrypted login flow process if judge, then solve the plaintext of described confidentiality information, send the login authentication request to business management system again; The response that is proved to be successful or fails according to the described business management system of receiving is returned pushes away the corresponding page and uses for described user under described STB client;
Described business management system is used to realize the authentification of user of IPTV business, promptly the user name and the password of user's login is verified; Simultaneously, the provider to described user, described IPTV business and described IPTV business manages.
10. according to the described system of claim 9, it is characterized in that described user software frame system also provides the application programming interfaces API of a series of encapsulation, call for described STB client and operation function pages thereon; Described user software frame system operates on the described STB client and resides in described EPG service end, obtains and loads from described EPG service end when described STB client is started shooting.
11. according to the described system of claim 10, it is characterized in that, described confidentiality information comprises user name or password, described STB client is implemented described encrypted login by the encryption function that calls among the described API, and the parameter that described encryption function returns comprises ciphertext, the key of the ciphertext of described user name, described password and the described encryption indicator that is used to represent to carry out encryption;
Perhaps, described STB client also provides logins the support of carrying out the plaintext login to the user, promptly implement described plaintext login by the encryption function that calls among the described API, the parameter that described encryption function returns comprises the plaintext of the plaintext of described user name, described password and is used to represent the described encryption indicator that unencryption is handled that described EPG service end sends described login authentication request with the plaintext of described user name and the plaintext of described password to described business management system.
12., it is characterized in that described STB client also is used for before implementing encrypted login according to the described system of claim 11, the user name of described user's input and the plaintext of password write in the temporary variable of buffer memory according to the described user new login of attaching most importance to.
13., it is characterized in that described EPG service end judges that described checking is to login first at described user if receive the described response that is proved to be successful according to the described system of claim 12, then directly release the EPG homepage and use for the user to described STB client; If judge that described checking is to login again at described user, the interface function that then calls earlier among the API writes described STB client with the described user name of described buffer memory and the plaintext of password, releases the EPG homepage to described STB client again and uses for the user; Described EPG service end is carried out described login again if the response of receiving described authentication failed is then released login page again to described STB client for described user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101883384A CN101170676B (en) | 2007-11-19 | 2007-11-19 | Method and system for encrypting user login information in interactive network TV system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101883384A CN101170676B (en) | 2007-11-19 | 2007-11-19 | Method and system for encrypting user login information in interactive network TV system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101170676A CN101170676A (en) | 2008-04-30 |
| CN101170676B true CN101170676B (en) | 2010-09-29 |
Family
ID=39391112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101883384A Expired - Fee Related CN101170676B (en) | 2007-11-19 | 2007-11-19 | Method and system for encrypting user login information in interactive network TV system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101170676B (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662657B (en) * | 2009-09-15 | 2011-08-10 | 中兴通讯股份有限公司 | User login method of internet protocol television IPTV and system thereof |
| CN102547686B (en) * | 2010-12-07 | 2015-03-04 | 中国电信股份有限公司 | M2M (Machine-to-Machine) terminal security access method and terminal and management platform |
| CN102724167B (en) * | 2011-03-29 | 2015-12-16 | 联想(北京)有限公司 | A kind of method of log-on message server and device |
| CN102905163B (en) * | 2011-07-29 | 2018-08-10 | 上海帕科软件科技股份有限公司 | IPTV system based on business interaction |
| CN102625163B (en) * | 2012-03-14 | 2016-01-20 | 深圳创维-Rgb电子有限公司 | The method and system of user and television program interaction |
| CN103107989A (en) * | 2012-11-20 | 2013-05-15 | 高剑青 | Cryptosystem based on multi-hash values |
| CN104601532B (en) * | 2013-10-31 | 2019-03-15 | 腾讯科技(深圳)有限公司 | A kind of method and device of logon account |
| CN105592328A (en) * | 2014-10-24 | 2016-05-18 | 中兴通讯股份有限公司 | Information processing method, EPG server, and client |
| CN104519060B (en) * | 2014-12-16 | 2018-05-25 | 深圳市共进电子股份有限公司 | It reads parameter and calls the method and device of service |
| CN104917748B (en) * | 2015-04-14 | 2019-09-20 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for being converted and being handled to encrypted message |
| CN110519203B (en) * | 2018-05-21 | 2023-09-26 | 北京京东尚科信息技术有限公司 | Data encryption transmission method and device |
| CN109067727B (en) * | 2018-07-25 | 2021-11-30 | 高新兴科技集团股份有限公司 | Network system self-verification method |
| CN110798710A (en) * | 2018-08-03 | 2020-02-14 | 视联动力信息技术股份有限公司 | Streaming media processing method and device |
| CN109600648B (en) * | 2018-10-26 | 2020-05-15 | 广东汉鼎蜂助手网络技术有限公司 | Set top box login method and device, set top box management system and storage medium |
| CN111931232B (en) * | 2020-08-11 | 2022-12-09 | 福建天晴在线互动科技有限公司 | Method and system for verifying safety of background data interface |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1808975A (en) * | 2006-01-26 | 2006-07-26 | 黄涛 | System and method of preventing network account from stolen |
| CN1859554A (en) * | 2006-03-11 | 2006-11-08 | 华为技术有限公司 | Device and method for improving electronic program list display speed |
| CN101022533A (en) * | 2007-04-02 | 2007-08-22 | 中兴通讯股份有限公司 | Automatic logging the third party service system and method in interactive network TV |
| CN101068335A (en) * | 2007-05-24 | 2007-11-07 | 中兴通讯股份有限公司 | Apparatus, system and method for switching conventional IPTV terminal into IMS domain |
-
2007
- 2007-11-19 CN CN2007101883384A patent/CN101170676B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1808975A (en) * | 2006-01-26 | 2006-07-26 | 黄涛 | System and method of preventing network account from stolen |
| CN1859554A (en) * | 2006-03-11 | 2006-11-08 | 华为技术有限公司 | Device and method for improving electronic program list display speed |
| CN101022533A (en) * | 2007-04-02 | 2007-08-22 | 中兴通讯股份有限公司 | Automatic logging the third party service system and method in interactive network TV |
| CN101068335A (en) * | 2007-05-24 | 2007-11-07 | 中兴通讯股份有限公司 | Apparatus, system and method for switching conventional IPTV terminal into IMS domain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101170676A (en) | 2008-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101170676B (en) | Method and system for encrypting user login information in interactive network TV system | |
| CN100407186C (en) | System and method for provisioning universal stateless digital and computing services | |
| US6351536B1 (en) | Encryption network system and method | |
| CN101510877B (en) | Single-point logging-on method and system, communication apparatus | |
| CN1934819B (en) | System and method for digital rights management of electronic content | |
| US20120254622A1 (en) | Secure Access to Electronic Devices | |
| US9473308B2 (en) | Method and system for implementing digital signature in mobile operating system | |
| CN101534196A (en) | Method and apparatus for securely invoking a rest api | |
| JP2007328482A (en) | Communication processing method and computer system | |
| CN103428221A (en) | Safety logging method, system and device of mobile application | |
| CN105491073B (en) | Data downloading method, device and system | |
| CN103763308A (en) | Method and device for having access to webpage safely and downloading data through intelligent terminal | |
| CN108040065A (en) | Webpage redirect after exempt from login method, device, computer equipment and storage medium | |
| CN103179128B (en) | Communication security enhancement agent system between Android platform browser and Website server | |
| CN103327034A (en) | Safe login method, system and device | |
| CN112954047A (en) | Method for encrypting cookie through load balancing equipment | |
| CN101938465B (en) | Method and system based on webservice authentication | |
| CN104579657A (en) | Method and device for identity authentication | |
| EP4346256A1 (en) | Implementation of one-key login service | |
| JP2010072916A (en) | Data protection system and data protection method | |
| CN113285958A (en) | Client authentication method | |
| CN106909826B (en) | Password substitution device and system | |
| CN104901951A (en) | Mobile terminal based cipher data processing and interaction method in Web application | |
| CN101106456B (en) | Online identity dual factor authentication method and system | |
| KR101797571B1 (en) | Client terminal device for generating digital signature and digital signature generation method of the client terminal device, computer readable recording medium and computer program stored in the storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100929 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |