CN101500147B - Digital television receiving control method and apparatus based on bi-directional network - Google Patents
Digital television receiving control method and apparatus based on bi-directional network Download PDFInfo
- Publication number
- CN101500147B CN101500147B CN2009100781382A CN200910078138A CN101500147B CN 101500147 B CN101500147 B CN 101500147B CN 2009100781382 A CN2009100781382 A CN 2009100781382A CN 200910078138 A CN200910078138 A CN 200910078138A CN 101500147 B CN101500147 B CN 101500147B
- Authority
- CN
- China
- Prior art keywords
- key
- user
- private key
- ciphertext
- rating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a digital television reception control method and a device based on a bilateral network. The method comprises the following steps: a user private key of a user public and private key pair is utilized for decrypting a received reception control secret key which is encrypted by a user public key, thus obtaining the reception control secret key; and the reception control secret key is utilized for controlling the reception of the encrypted message of the received digital television content. By the method and the device of the embodiment of the invention, the problem of safe distribution of the protecting content on the digital television bidirectional network in live broadcasting, on-demand broadcasting and downloading and the problem of reception control are solved.
Description
Technical field
The present invention relates to digital TV field, relate in particular to a kind of digital television receiving control method and device based on bilateral network.
Background technology
At digital TV field, existing conventional digital TV based on unidirectional network, as terrestrial DTV, satellite digital TV, cable digital TV etc., television system based on two-way net is also arranged, as mobile TV, Internet Protocol Television, OUBNs etc., it then is one of them requisite link that television content is encrypted.
And cryptographic algorithm comprises symmetric cryptographic algorithm and asymmetric cryptographic algorithm, so-called symmetric cryptographic algorithm is meant that the encryption key of a cryptographic algorithm is identical with decruption key, though perhaps inequality, can derive another easily by wherein any one, promptly password is that both sides share.Asymmetric cryptographic algorithm is meant that the encryption key of a cryptographic algorithm and decruption key are different, can not derive another password by one of them password in other words, and one of them is called PKI these two passwords, be used for encrypting, and be disclosed; Another is called private key, is used for deciphering, maintains secrecy, and wherein deriving private key by PKI is infeasible on calculating.
Therefore, the difference of these two kinds of cryptographic algorithms comprises:
1. the password that adopts during encryption and decryption is different: the symmetric cryptography encryption and decryption is used same password, perhaps can be easy to release decruption key from encryption key; And the asymmetric cryptographic algorithm encryption and decryption is used different passwords, utilizes one of them to be difficult to release another password.
2. algorithm difference: the block encryption technology that symmetric cryptographic algorithm adopts, be about to pending plaintext according to fixed length packets, and utilize password to carry out iteration for several times to grouping and encode, finally obtain ciphertext, the processing of deciphering is same, under the regular length cipher control, carry out the several iterative decoding with the unit of being grouped into, obtain expressly.And asymmetric cryptographic algorithm adopts a kind of special mathematical function, trap-door one-way function (one way trapdoor function), be easy promptly from a direction evaluation, and its reverse calculating is very difficult, calculate infeasible in other words conj.or perhaps, to expressly utilizing PKI to carry out enciphering transformation, obtain ciphertext during encryption; Utilize private key to be decrypted conversion to ciphertext during deciphering, obtain expressly.Characteristics such as therefore, it is simple that symmetric cryptographic algorithm has encryption, and encryption/decryption speed is fast; Asymmetric cryptographic algorithm has encryption/decryption speed and waits characteristics slowly.
3. fail safe difference: symmetric cryptographic algorithm is because its algorithm is disclosed, its fail safe depends on the length of grouping and the length of password, attack method commonly used comprises: exhaustive password search method, dictionary attack, the attack of tabling look-up, differential cryptanalysis, linear cryptanalysis etc.The fail safe of asymmetric cryptographic algorithm is based upon on the intractability of the one-way function that adopts, and as elliptic curve cryptography, many cryptographists think that it is exponential difficulty, is not easy to be broken.
The inventor finds in realizing process of the present invention, at present, the key framework of the protection content safety distribution that is widely used in the digital TV field is at the live sight of unilateral network, owing to all adopt symmetric key, the fail safe of symmetry algorithm is not as asymmetric arithmetic on the one hand; On the other hand, at sights such as live, program request that on bilateral network, occurs and downloads, the key framework of the protection content safety that is not widely used distribution.
Summary of the invention
In order to solve problem pointed in the above-mentioned prior art, the embodiment of the invention provides the televiewing control method and the device of the employing new type key framework of digital television application sights such as a kind of live, program request at digital television bidirectional network, download.
The above-mentioned purpose of the embodiment of the invention is achieved by the following technical solution:
A kind of digital television receiving control method based on bilateral network, described method comprises: utilize the private key for user in user's public private key pair that the rating control key of encrypting through client public key that receives is decrypted, obtain the rating control key; Utilize described rating control key to control the rating of the digital TV contents ciphertext that receives.
A kind of digital television receiving control method based on bilateral network, described method comprises: utilize the front end PKI in the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified, if the verification passes, then carry out following steps: utilize the private key for user in user's public private key pair that the user's group key encrypted through client public key that receives is decrypted, obtain user's group key; Utilize described user's group key that the rating control key of encrypting through user's group key that receives is decrypted, obtain the rating control key; Utilize described rating control key to control the rating of the digital TV contents ciphertext that receives; Utilize the private key for user in described user's public private key pair that the uplink information that sends to the content protecting front end system is done digital signature, so that the content protecting front end system utilizes the client public key in described user's public private key pair that described digital signature is verified.
A kind of safety device, described safety device comprises: rating control key decrypting device, be used for utilizing the private key for user of user's public private key pair that the rating control key of encrypting through client public key that receives is decrypted, obtain the rating control key; The digital television receiving control unit is used to utilize described rating control key to control the rating of the digital TV contents ciphertext that receives.
A kind of safety device, described safety device comprises: the authentication unit of digital signature is used for utilizing the front end PKI of the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified; User's group key decrypting device is used for utilizing the private key for user of user's public private key pair that the user's group key encrypted through client public key that receives is decrypted, and obtains user's group key; Rating control key decrypting device is used to utilize described user's group key that the rating control key of encrypting through user's group key that receives is decrypted, and obtains the rating control key; The digital television receiving control unit is used to utilize described rating control key to control the rating of the digital TV contents ciphertext that receives; The digital signature unit; be used for utilizing the private key for user of described user's public private key pair that the uplink information that sends to the content protecting front end system is done digital signature, so that the content protecting front end system utilizes the client public key in described user's public private key pair that described digital signature is verified.
By the method and apparatus of the embodiment of the invention, solved digital television bidirectional on the net at the protection content safety distribution of three kinds of sights such as live, program request and download and the problem of rating control.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the method flow diagram of the embodiment of the invention;
Fig. 2 is the key configuration diagram under the live sight;
Fig. 3 utilizes all kinds of secret key safeties of key framework shown in Figure 2 to issue interaction figure;
Fig. 4 is the key configuration diagram under the program request sight;
Fig. 5 utilizes all kinds of secret key safeties of key framework shown in Figure 4 to issue interaction figure;
Fig. 6 is for downloading the key configuration diagram under the sight;
Fig. 7 utilizes all kinds of secret key safeties of key framework shown in Figure 6 to issue interaction figure;
Fig. 8 is the device composition frame chart of the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention is clearer,, the embodiment of the invention is described in further details below in conjunction with embodiment and accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
Embodiment one
The embodiment of the invention provides a kind of digital television receiving control method based on bilateral network, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 1 is the method flow diagram of the embodiment of the invention, please refer to Fig. 1, and the digital television receiving control method based on bilateral network of present embodiment mainly comprises:
101: utilize the private key for user in user's public private key pair that the rating control key of encrypting through client public key that receives is decrypted, obtain the rating control key;
In the present embodiment, private key for user is the part of user's public private key pair, user's public private key pair can obtain from security context, for example can pass through trusted third party's off-line or online acquisition, wherein, off-line obtains public private key pair can various ways, such as, hair fastener or by the generation of specific purpose tool user side etc., present embodiment not with this as restriction.
In the present embodiment, the user's public private key pair that obtains from security context except carrying out can also being used to do digital signature the encryption and decryption to the rating control key.For example, the information that the user uses private key for user that oneself is sent is done digital signature, reception information side uses acquired client public key that the signature of information is done checking, if by checking, the descriptive information source is that information real and that this user sends is not distorted.
In the present embodiment, this rating control key can be a business cipher key, and business cipher key is to be used for the control word of scrambling programme televised live is encrypted.
In the present embodiment, this rating control key also can be a contents encryption key, and contents encryption key is to be used for scrambling is carried out in request program or file in download.
102: utilize described rating control key to control the rating of the digital TV contents ciphertext that receives.
In the present embodiment, if digital TV contents is a programme televised live, the rating control key is a business cipher key so, and then the step 102 of present embodiment can comprise:
1021: utilize business cipher key that the control word of encrypting through business cipher key that receives is decrypted, obtain control word;
1022: the programme televised live ciphertext of utilizing described control word descrambling to receive, the programme televised live behind the acquisition descrambling.
In the present embodiment, if digital TV contents is request program or file in download, the rating control key is a contents encryption key so, and then the step 102 of present embodiment can comprise:
2021: request program ciphertext or the file in download ciphertext of utilizing the contents encryption key descrambling to receive, request program or file in download behind the acquisition descrambling through the contents encryption key scrambling.
According to present embodiment, just can watch digital television program through the user who authorizes, therefore, the method for present embodiment can also comprise:
103: send live or program request or download request, with request programme televised live or request program or file in download;
104: receive programme televised live ciphertext, perhaps receive request program ciphertext or file in download ciphertext through the contents encryption key scrambling through the control word scrambling.
According to present embodiment, if the rating control key is encrypted by user's group key, because user's group key issues after may being encrypted by client public key, then the method for present embodiment also comprises:
Utilize the private key for user in user's public private key pair that the user's group key encrypted through client public key that receives is decrypted, obtain user's group key;
Utilize described user's group key that the rating control key of encrypting through user's group key that receives is decrypted, obtain the rating control key.
In the present embodiment, control word CW (Control Word) is a symmetric key, is used for programme televised live stream is added descrambling.A CW can protect one road stream of a programme televised live; also can protect the multi-way stream of a programme televised live; can also protect the multi-way stream of a plurality of programme televised lives, behind the use CW scrambling programme televised live, the user who obtains this CW just can go out the programme televised live of being protected by it by descrambling.The change frequency of CW is very high, changes once in general 10~60 seconds.
In the present embodiment; business cipher key SK (Service Key) is a symmetric key; be used for CW is carried out encryption and decryption; a SK is professional corresponding with one; a business can be a programme televised live, also can be a plurality of programme televised lives, professional all corresponding CW of a SK protection; after using SK to encrypt professional all corresponding CW, the user who obtains this SK just can decrypt the CW that is protected by it.
In the present embodiment; contents encryption key CEK (Content Encryption Key) is a symmetric key; be used to realize the descrambling that adds to the content of request program or file in download; request program or file in download are at least by a CEK protection; after using CEK scrambling request program or file in download; the user who obtains this CEK just can go out request program or the file in download of being protected by it by descrambling, and CEK does not need frequent replacing.
In the present embodiment; user's group key GK (Group Key) is a symmetric key; be used for SK or CEK are carried out encryption and decryption; a GK organizes corresponding with a user; promptly all users in user group have identical GK, use certain professional corresponding SK or CEK of GK encrypting user group application after, the user who obtains in user's group of this GK just can decrypt SK or the CEK that is protected by it; it is professional that the user organizes application, just means that all users have had the right of using this service media content in the group.
In the present embodiment; user's public private key pair is a unsymmetrical key; be used for protection to GK and SK; client public key is used for GK and SK are encrypted; private key for user is used for GK and SK are decrypted; user's public private key pair is corresponding with a user; promptly the private key for user in user's public private key pair can only be obtained by a user and use; after using the GK or SK of client public key encrypting user place user group, the user who has the respective user private key just can decrypt GK or the SK that is protected by client public key.
For the method that makes present embodiment is known understandable more; below in conjunction with accompanying drawing respectively to live sight, program request sight, download under the sight; the content protecting front end system is to the digital TV contents scrambling, generate and encrypt and the process of distribution is illustrated all kinds of keys; content protecting front end system issuing above-mentioned information arranged; the method of present embodiment then can be in the content protecting terminal system; for example user side receives above-mentioned digital TV contents ciphertext, key ciphertext etc., by above-mentioned decrypt ciphertext or descrambling are reached the purpose of controlling rating.
Live sight:
The key configuration diagram of Fig. 2 for being adopted under the live sight, as shown in Figure 2, this key framework has comprised control word CW, business cipher key SK and user's public private key pair, can also comprise user's group key GK, function for each key under the key framework shown in Figure 2 is described aforementioned, does not repeat them here.
Fig. 3 is the information interaction schematic diagram of content protecting front end system 31 and content protecting terminal system 32 under the live sight, and as shown in Figure 3, under live sight, content protecting front end system 31 issues all kinds of key ciphertexts and the programme televised live ciphertext comprises:
The GK secure distribution: behind the GK of the client public key encrypting user place user group that content protecting front end system 31 usefulness obtain in advance, the ciphertext GK ' of distribution GK after the user obtains GK ', decrypts GK with the private key for user in the user's public private key pair of oneself;
Need to prove, therefore, when in the key framework GK being arranged, the secure distribution of GK is arranged just because the GK in the key framework is optional.
The secure distribution of SK: after the GK of content protecting front end system 31 usefulness client public key or user's group encrypts the professional corresponding SK of application, the ciphertext SK ' of distribution SK, after the user obtains the professional corresponding SK ' of oneself application, decrypt the professional corresponding SK of application with the private key for user in the user's public private key pair of oneself or with acquired GK;
The secure distribution of CW: behind the CW of the SK secure service correspondence of the professional correspondence of content protecting front end system 31 usefulness, the ciphertext CW ' of distribution CW after the user obtains CW ', decrypts CW with acquired SK;
The secure distribution of programme televised live: behind the CW scrambling programme televised live of content protecting front end system 31 usefulness program correspondences, the ciphertext of distribution programme televised live after the user obtains the ciphertext of programme televised live, goes out programme televised live with acquired CW descrambling;
In the present embodiment, the user can obtain user's public private key pair and the front end PKI of oneself from security context, for example can be from trusted third party's off-line or online acquisition.Content protecting front end system 31 is the same with the user, also is the front end public private key pair and the client public key that can obtain oneself from security context.
GK, SK, CW can be that the content protecting front end system generates, encrypting all kinds of key/control words or programme televised live, present embodiment not with this as restriction.
In the present embodiment; content protecting front end system 31 also can have the front end public private key pair of representing own identity; front end private key wherein can be used for the information of distribution procedure carrying GK and SK is signed; content protecting terminal system 32; also be that user side is verified with the signature of front end PKI butt joint collection of letters breath; if the verification passes, the information source that this carrying GK and SK are described is real, and information is not distorted.
By the method for present embodiment, be user's distributing user key, can comprise: user's public private key pair or user's group key; Need the program of protection in the content protecting front end system, Be Controlled word CW scrambling to export; One or more programs are formed a business, are used for protecting all CW of a business to be encrypted output by a business cipher key SK at the content protecting front end system; User applies after a certain business, this professional SK will be by this user's user key in the content protecting front end system, for example user's group key is encrypted output; The user uses the user key of oneself, and for example user's group key decrypts the SK of written business, and the SK that usefulness decrypts decrypts the CW of program correspondence in the business, and the user just can use this program after the CW descrambling that usefulness decrypts went out corresponding program.Can't use media content for the user who does not obtain SK.
The program request sight:
The key configuration diagram that Fig. 4 is adopted down for the program request sight, as shown in Figure 4, this key framework has comprised contents encryption key CEK1 and user's public private key pair, can also comprise user's group key GK1, function for each key under the key framework shown in Figure 4 is described aforementioned, does not repeat them here.
Fig. 5 is the information interaction schematic diagram of content protecting front end system 51 under the program request sight and content protecting terminal system 52, and as shown in Figure 5, under the program request sight, content protecting front end system 51 issues all kinds of key ciphertexts and the request program ciphertext comprises:
The GK1 secure distribution: behind the GK1 of the client public key encrypting user place user group that content protecting front end system 51 usefulness obtain in advance, the ciphertext GK1 ' of distribution GK1 after the user obtains GK1 ', decrypts GK1 with the private key for user in the user's public private key pair of oneself;
Need to prove, therefore, when in the key framework GK1 being arranged, the secure distribution of GK1 is arranged just because the GK1 in the key framework is optional.
CEK1 secure distribution: after the GK1 of content protecting front end system 51 usefulness client public key or user's group encrypts the CEK1 of the program correspondence of applying for, the ciphertext CEK1 ' of distribution CEK1, behind the CEK1 ' of the program correspondence that the user obtains to apply for, decrypt CEK1 with the private key for user in the user's public private key pair of oneself or with acquired GK1;
The secure distribution of request program: after the CEK1 scrambling request program of content protecting front end system 51 usefulness request program correspondences, distribution request program ciphertext after the user obtains the ciphertext of request program, goes out request program with acquired CEK1 descrambling;
In the present embodiment, the user can obtain user's public private key pair and the front end PKI of oneself from security context, for example can be from trusted third party's off-line or online acquisition.Content protecting front end system 51 is the same with the user, also is the front end public private key pair and the client public key that can obtain oneself from security context.
GK1, CEK1 can be that content protecting front end system 51 generates, encrypting all kinds of keys or request program, present embodiment not with this as restriction.
In the present embodiment; content protecting front end system 51 also can have the front end public private key pair of representing own identity; front end private key wherein can be used for the information of distribution procedure carrying GK1 and CEK1 is signed; content protecting terminal system 52; also be that user side is verified with the signature of front end PKI butt joint collection of letters breath; if the verification passes, the information source that this carrying GK1 and CEK1 are described is real, and information is not distorted.
By the method for present embodiment,, can comprise user's public private key pair or user's group key for each user's distributing user key; To in the content protecting front end system, be exported by the program of program request by contents encryption key CEK1 scrambling; User applies after certain request program, protect the CEK1 of this program will be by this user's user key in the content protecting front end system, for example user's group key is encrypted output; The user uses the user key of oneself, and for example user's group key decrypts the CEK1 of application program correspondence, and the user just can use this program after the CEK1 descrambling that usefulness decrypts went out corresponding program.Can't use request program for the user who does not obtain CEK1.
Download sight:
Fig. 6 is for downloading the key configuration diagram that sight is adopted down, as shown in Figure 6, this key framework has comprised contents encryption key CEK2 and user's public private key pair, can also comprise user's group key GK2, function for each key under the key framework shown in Figure 6 is described aforementioned, does not repeat them here.
Fig. 7 is the information interaction schematic diagram of content protecting front end system 71 and content protecting terminal system 72 under the download sight, as shown in Figure 7, is downloading under the sight, and content protecting front end system 71 issues all kinds of key ciphertexts and the program downloading ciphertext comprises:
The GK2 secure distribution: behind the GK2 of the client public key encrypting user place user group that content protecting front end system 71 usefulness obtain in advance, the ciphertext GK2 ' of distribution GK2 after the user obtains GK2 ', decrypts GK2 with the private key for user in the user's public private key pair of oneself;
Need to prove, therefore, when in the key framework GK2 being arranged, the secure distribution of GK2 is arranged just because the GK2 in the key framework is optional.
CEK2 secure distribution: after the GK2 of content protecting front end system 71 usefulness client public key or user's group encrypts the CEK2 of the file correspondence of applying for, the ciphertext CEK2 ' of distribution CEK2, behind the CEK2 ' of the file correspondence that the user obtains to apply for, decrypt CEK2 with the private key for user in the user's public private key pair of oneself or with acquired GK2;
Need to prove, user in user's group can obtain file in download from sending file in download side, also can obtain file in download from other user who has obtained file in download in user's group, obtain file in download from the user who obtains file in download and also be equivalent to obtain file in download from sending file in download side, present embodiment not with this as restriction.
The secure distribution of file in download: behind the CEK2 scrambling file of content protecting front end system 71 usefulness file in download correspondences, distribution file in download ciphertext after the user obtains the ciphertext of file in download, goes out file in download with acquired CEK2 descrambling;
In the present embodiment, the user can obtain user's public private key pair and the front end PKI of oneself from security context, for example can be from trusted third party's off-line or online acquisition.Content protecting front end system 71 is the same with the user, also is the front end public private key pair and the client public key that can obtain oneself from security context.
GK2, CEK2 can be that content protecting front end system 71 generates, encrypting all kinds of keys or file in download, present embodiment not with this as restriction.
In the present embodiment; content protecting front end system 71 also can have the front end public private key pair of representing own identity; front end private key wherein can be used for the information of distribution procedure carrying GK2 and CEK2 is signed; content protecting terminal system 72; also be that user side uses the signature of front end PKI butt joint collection of letters breath wherein to verify; if the verification passes, the information source that this carrying GK2 and CEK2 are described is real, and information is not distorted.
By the method for present embodiment,, can comprise user's public private key pair or user's group key for each user's distributing user key; File in download will be exported by contents encryption key CEK2 scrambling in the content protecting front end system; Protect the CEK2 of this file in download will be by this user's user key in the content protecting front end system, for example user's group key be encrypted output; The user uses the user key of oneself, and for example user's group key decrypts the CEK2 that applies for the file in download correspondence, and the user just can use this document after the CEK2 descrambling that usefulness decrypts went out the corresponding download file.Can't use file in download for the user who does not obtain CEK2.
Embodiment two
The embodiment of the invention also provides a kind of safety device, below in conjunction with accompanying drawing present embodiment is elaborated.
Fig. 8 is the device composition frame chart of the embodiment of the invention, please refer to Fig. 8, and the safety device of present embodiment mainly comprises:
Rating control key decrypting device 81 is used for utilizing the private key for user of user's public private key pair that the rating control key of encrypting through client public key that receives is decrypted, and obtains the rating control key;
Digital television receiving control unit 82 is used to utilize described rating control key to control the rating of the digital TV contents ciphertext that receives.
According to present embodiment, described safety device can also comprise:
User's public private key pair acquiring unit 83 is used for by trusted third party's off-line or online acquisition user public private key pair, utilizes the private key for user in this user's public private key pair to decrypt the rating control key to offer rating control key decrypting device 81.
According to present embodiment, described safety device can also comprise:
User's group key decrypting device 84 is used for utilizing the private key for user of user's public private key pair that user's public private key pair acquiring unit 83 gets access to that the user's group key encrypted through client public key that receives is decrypted, and obtains user's group key.
In this case, user's group key that rating control key decrypting device 81 also is used to utilize user's group key decrypting device 84 to decrypt is decrypted the rating control key of encrypting through user's group key that receives, and obtains the rating control key.
In the present embodiment, digital TV contents can be programme televised live, and at this moment, the rating control key that rating control key decrypting device 81 decrypts is a business cipher key, with the control word deciphering to the scrambling programme televised live, digital television receiving control unit 82 can also comprise:
Live with control word deciphering module 821, be used to utilize business cipher key that the control word of encrypting through business cipher key that receives is decrypted, obtain control word;
Digital TV contents descrambling module 822 is used to the programme televised live ciphertext of utilizing described control word descrambling to receive, obtains the programme televised live behind the descrambling.
In the present embodiment, digital TV contents can also be request program or file in download, and at this moment, the rating control key that rating control key decrypting device 81 decrypts is a contents encryption key, so that descrambling is carried out in request program or file in download; Request program ciphertext or file in download ciphertext through the contents encryption key scrambling that digital TV contents descrambling module 822 also is used to utilize the contents encryption key descrambling to receive obtain request program or file in download behind the descrambling.
According to present embodiment, described safety device can also comprise:
Solicited message transmitting element 85 is used to send live, program request or download request, with to content protecting front end system request program.
According to present embodiment, user's public private key pair that user's public private key pair acquiring unit 83 gets access to, except can being used to do digital signature to the key encryption and decryption, therefore, the safety device of present embodiment can also comprise:
In addition, the safety device of present embodiment can also comprise:
The authentication unit 87 of digital signature is used for utilizing the front end PKI of the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified.At this moment; the content protecting front end system has the front end public private key pair of oneself; when it utilizes front end private key in this front end public private key pair to its information that issues; the relevant information that for example comprises key; after carrying out digital signature; receive the safety device of above-mentioned information, promptly can utilize the front end PKI in this front end public private key pair that above-mentioned digital signature is verified by the authentication unit 87 of digital signature.Therefore, the present embodiment position of the authentication unit 87 of limit number word signature not.
In addition, the safety device of present embodiment can also comprise:
Receiving element 88 is used for receiving user's group key of encrypting through the client public key of user's public private key pair, directly offers user's group key decrypting device 84, or offers user's group key decrypting device 84 after the checking of the authentication unit 87 by digital signature; Perhaps be used for receiving the rating control key of encrypting through the client public key of user's group key or user's public private key pair, directly offer rating control key decrypting device 81, or offer rating control key decrypting device 81 after the checking of the authentication unit 87 by digital signature; Perhaps be used to receive the control word of encrypting, directly offer control word deciphering module 821 through business cipher key; Perhaps be used to receive programme televised live ciphertext through the control word scrambling, or the request program ciphertext of process contents encryption key scrambling, digital TV contents descrambling module 822 directly offered; Perhaps be used to receive file in download ciphertext, directly store file in download memory cell 89 into, offer digital TV contents descrambling module 832 again through the contents encryption key scrambling.
In addition, the safety device of present embodiment can also comprise:
File in download memory cell 89 is used for directly being stored in this file in download memory cell 89 after receiving element 88 receives the file in download ciphertext of process contents encryption key scrambling, to offer digital TV contents descrambling module 822 it is carried out descrambling.
The safety device of the embodiment of the invention is the digital television receiving control method based on bilateral network that is used to realize embodiment one, because a pair of said method of embodiment has been done detailed description, does not repeat them here.
The safety device of the embodiment of the invention has proposed to be used for two-way on the net at the rating control of the protection content of live, program request and three kinds of sights of download; and a kind of authentication mechanism based on two-way environment proposed; and, improved fail safe because of using the client public key in user's public private key pair that business cipher key or contents encryption key are further encrypted.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. the digital television receiving control method based on bilateral network is characterized in that, described method comprises:
Utilize the front end PKI in the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified, if the verification passes, then carry out following steps:
Utilize the private key for user in user's public private key pair that the rating control key of encrypting through client public key that receives is decrypted, obtain the rating control key;
Utilize described rating control key to control the rating of the digital TV contents ciphertext that receives;
Utilize the private key for user in described user's public private key pair that the uplink information that sends to the content protecting front end system is done digital signature, so that the content protecting front end system utilizes the client public key in described user's public private key pair that described digital signature is verified.
2. the digital television receiving control method based on bilateral network is characterized in that, described method comprises:
Utilize the front end PKI in the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified, if the verification passes, then carry out following steps:
Utilize the private key for user in user's public private key pair that the user's group key encrypted through client public key that receives is decrypted, obtain user's group key;
Utilize described user's group key that the rating control key of encrypting through user's group key that receives is decrypted, obtain the rating control key;
Utilize described rating control key to control the rating of the digital TV contents ciphertext that receives;
Utilize the private key for user in described user's public private key pair that the uplink information that sends to the content protecting front end system is done digital signature, so that the content protecting front end system utilizes the client public key in described user's public private key pair that described digital signature is verified.
3. method according to claim 1 and 2, it is characterized in that, when described digital TV contents was programme televised live, described rating control key was a business cipher key, and the step of utilizing described rating control key to control the rating of the digital TV contents ciphertext that receives comprises:
Utilize business cipher key that the control word of encrypting through business cipher key that receives is decrypted, obtain control word;
The programme televised live ciphertext of utilizing described control word descrambling to receive, the programme televised live behind the acquisition descrambling.
4. method according to claim 1 and 2, it is characterized in that, when described digital TV contents was request program or file in download, described rating control key was a contents encryption key, and the step of utilizing described rating control key to control the rating of the digital TV contents ciphertext that receives comprises:
Request program ciphertext or the file in download ciphertext of utilizing the contents encryption key descrambling to receive through the contents encryption key scrambling, request program or file in download behind the acquisition descrambling.
5. method according to claim 1 and 2 is characterized in that, described method also comprises:
Send live or program request or download request, with request programme televised live or request program or file in download;
Receive programme televised live ciphertext, perhaps receive request program ciphertext or file in download ciphertext through the contents encryption key scrambling through the control word scrambling.
6. a safety device is characterized in that, described safety device comprises:
The authentication unit of digital signature is used for utilizing the front end PKI of the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified;
Rating control key decrypting device is used for after the authentication unit checking of described digital signature is passed through, and utilizes the private key for user in user's public private key pair that the rating control key of encrypting through client public key that receives is decrypted, and obtains the rating control key;
The digital television receiving control unit is used to utilize described rating control key to control the rating of the digital TV contents ciphertext that receives;
The digital signature unit; be used for utilizing the private key for user of described user's public private key pair that the uplink information that sends to the content protecting front end system is done digital signature, so that the content protecting front end system utilizes the client public key in described user's public private key pair that described digital signature is verified.
7. a safety device is characterized in that, described safety device comprises:
The authentication unit of digital signature is used for utilizing the front end PKI of the front end public private key pair of content protecting front end system that the signature of photos and sending messages under the content protecting front end system that receives is verified;
User's group key decrypting device is used for utilizing the private key for user of user's public private key pair that the user's group key encrypted through client public key that receives is decrypted, and obtains user's group key;
Rating control key decrypting device is used to utilize described user's group key that the rating control key of encrypting through user's group key that receives is decrypted, and obtains the rating control key;
The digital television receiving control unit is used to utilize described rating control key to control the rating of the digital TV contents ciphertext that receives;
The digital signature unit; be used for utilizing the private key for user of described user's public private key pair that the uplink information that sends to the content protecting front end system is done digital signature, so that the content protecting front end system utilizes the client public key in described user's public private key pair that described digital signature is verified.
8. according to claim 6 or 7 described safety devices, it is characterized in that described safety device also comprises:
User's public private key pair acquiring unit is used for by trusted third party's off-line or online acquisition user public private key pair.
9. according to claim 6 or 7 described safety devices, it is characterized in that when described digital TV contents was programme televised live, described rating control key was a business cipher key, described digital television receiving control unit comprises:
The live control word deciphering module of using is used to utilize business cipher key that the control word of encrypting through business cipher key that receives is decrypted, and obtains control word;
The digital TV contents descrambling module is used to the programme televised live ciphertext of utilizing described control word descrambling to receive, obtains the programme televised live behind the descrambling.
10. safety device according to claim 9, it is characterized in that, when described digital TV contents is request program or file in download, described rating control key is a contents encryption key, request program ciphertext or file in download ciphertext through the contents encryption key scrambling that described digital TV contents descrambling module also is used to utilize the contents encryption key descrambling to receive obtain request program or file in download behind the descrambling.
11. safety device according to claim 10 is characterized in that, described safety device also comprises:
The solicited message transmitting element is used to send live or program request or download request, with request programme televised live or request program or file in download.
12. safety device according to claim 11 is characterized in that, described safety device also comprises:
Receiving element is used to receive request program ciphertext or file in download ciphertext through the contents encryption key scrambling, perhaps receives the programme televised live ciphertext through the control word scrambling, perhaps receives business cipher key ciphertext or control word ciphertext or contents encryption key ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100781382A CN101500147B (en) | 2009-02-18 | 2009-02-18 | Digital television receiving control method and apparatus based on bi-directional network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100781382A CN101500147B (en) | 2009-02-18 | 2009-02-18 | Digital television receiving control method and apparatus based on bi-directional network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101500147A CN101500147A (en) | 2009-08-05 |
| CN101500147B true CN101500147B (en) | 2011-04-27 |
Family
ID=40946993
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100781382A Active CN101500147B (en) | 2009-02-18 | 2009-02-18 | Digital television receiving control method and apparatus based on bi-directional network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101500147B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2963135B1 (en) * | 2010-07-22 | 2013-02-08 | Viaccess Sa | METHOD FOR PROTECTING CONTENT |
| CN109842506B (en) * | 2017-11-27 | 2022-08-12 | 财付通支付科技有限公司 | Disaster recovery processing method, device, system and storage medium for key management system |
-
2009
- 2009-02-18 CN CN2009100781382A patent/CN101500147B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101500147A (en) | 2009-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101021708B1 (en) | Group Key Distribution Method and Server and Client for Implementing the Same | |
| CN101645773B (en) | Based on the stopover sites of elliptic curve cryptography | |
| US20090245516A1 (en) | Method and system for high entropy encryption using an unpredictable seed based on user regisration time | |
| KR20190073472A (en) | Method, apparatus and system for transmitting data | |
| EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
| CN104821944A (en) | Hybrid encrypted network data security method and system | |
| CN103237040A (en) | Storage method, storage server and storage client | |
| US11575977B2 (en) | Secure provisioning, by a client device, cryptographic keys for exploiting services provided by an operator | |
| CN103634266B (en) | A bidirectional authentication method for a server and a terminal | |
| US20150229621A1 (en) | One-time-pad data encryption in communication channels | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN107682152B (en) | Group key negotiation method based on symmetric cipher | |
| CN101640785B (en) | Encrypting/decrypting system and encrypting/decrypting method for interactive network television | |
| CN105376261A (en) | Encryption method and system for instant communication message | |
| CN104901803A (en) | Data interaction safety protection method based on CPK identity authentication technology | |
| CN101202630A (en) | Method and system for adding decipher in TR069 integrative terminal management platform | |
| CN107493283B (en) | Method and system for realizing message security encryption based on live broadcast platform | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| KR101991775B1 (en) | Method for data encryption and decryption based on fpga | |
| CN104486756A (en) | Encryption and decryption method and system for secret letter short message | |
| CN101500146A (en) | Digital television receiving control method and apparatus based on bi-directional network | |
| CN112532384B (en) | Method for quickly encrypting and decrypting transmission key based on packet key mode | |
| CN109995785A (en) | File security unlocking method in local area network based on quantum cryptography | |
| CN101500147B (en) | Digital television receiving control method and apparatus based on bi-directional network | |
| CN108494554B (en) | Data symmetric encryption method based on double plaintexts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |