CN101505403A - Primary-secondary card authentication method under digital television bidirectional network environment - Google Patents
Primary-secondary card authentication method under digital television bidirectional network environment Download PDFInfo
- Publication number
- CN101505403A CN101505403A CNA2009103008061A CN200910300806A CN101505403A CN 101505403 A CN101505403 A CN 101505403A CN A2009103008061 A CNA2009103008061 A CN A2009103008061A CN 200910300806 A CN200910300806 A CN 200910300806A CN 101505403 A CN101505403 A CN 101505403A
- Authority
- CN
- China
- Prior art keywords
- subcard
- main frame
- digital
- numbering
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention relates to a digital television authentication technique, and in particular provides a novel method for authenticating a primary card and a secondary card in a bilateral network environment of a digital television. The method comprises the following steps that: a, after a host computer and a slave computer are started, the host computer and the slave computer send the serial number and the international mobile equipment identity (IMEI) of the primary card and the serial number and the IMEI of the secondary card to the front end of the digital television through a network channel respectively; b, the front end of the digital television inquiries registration information of the primary card and the secondary card in a database, if the received serial number and the IMEI of the primary card and the serial number and the IMEI of the secondary card are matched with the registration information, the authentication is successful, otherwise, the authentication fails; c, the front end of the digital television transmits the authentication result back to the master computer through the network channel; and d, if the authentication is successful, the master computer sends a PDK singly transmitted to the secondary card of the master computer at the front end of the digital television to the slave computer. The method not only does not influence the use of a user, but also does not increase the hardware cost of a set-top box; besides, the method is convenient to implement and can protect the benefits of operators to the utmost extent.
Description
Technical field
The present invention relates to Digital Television authentication technology.
Background technology
Existing digital television business all is the pattern that set-top box adds common TV basically, and the user uses set-top box to come receiving digital signals, passes to television set again after converting analog signal to, pays certain license fee simultaneously in every month.Because increasing family begins to have second television set, the problem of " a family multimachine " just can't be avoided.Subscriber household has two set-top box, if all pay identical license fee, can increase burden for users, is unfavorable for the expansion of digital television business; If only collect the license fee of a set-top box, damaged benefits of operators again.The child and parent card function of set-top box has solved this problem to a certain extent.Two set-top box of subscriber household, one as main frame, one as handset, two IC-cards, insert main frame as master card, insert handset as subcard, main card was paid full-amount license fee in every month, subcard was only paid the license fee of part in every month, and two set-top box can be watched same program, and the interests between user and the operator all obtain safeguarding like this.Master card is identical with the operation principle of subcard, it is the at first individual distributing key (PDK) of its inside of reading and saving of IC-card, decipher with the Entitlement Management Message (EMM) that PDK obtains reception, take out business cipher key (SK), utilize Entitlement Control Message (ECM) deciphering of SK then to receiving, take out control word (CW), CW is sent to the descrambling engine by the IC-card interface, the descrambling engine utilizes CW that program stream is carried out descrambling.Wherein program stream, EMM, ECM send with the form of broadcasting by television headend, and PDK is stored in the IC-card chip.
Child and parent card should only be limited in the one family and use, and watches program otherwise the use of any two family families contains this main frame and handset to the letter card, can damage benefits of operators.Therefore, need child and parent card to authenticate and solve this problem.Growing along with Digital Television, two-way has been inexorable trend.Pass through bilateral network, the user can obtain various network services according to the demand of handset, comprise new business such as video request program, shopping online, remote teaching, ballot guess, operator also can add up audience ratings easily, check whether there is pirate card, improved interactivity, the diversity of digital television business greatly.Existing unilateral network all will progressively be transformed into bilateral network.The authentication method of letter card has two classes at present, once being subcard need be inserted main frame at set intervals once to authenticate, the 2nd, on main frame and handset, wireless module is installed, communication by intermodule authenticates, and the communication distance of intermodule so just can guarantee that composite aircraft all is to use usually all in small range in one family.But preceding a kind of method can influence user's rating to be experienced, and then a kind of method can increase the hardware cost of set-top box.
Summary of the invention
Technical problem to be solved by this invention is that a kind of new method of the child and parent card authentication under digital television bidirectional network environment is provided.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be, the primary-secondary card authentication method under the digital television bidirectional network environment may further comprise the steps:
After a, main frame and the handset start, main frame number sends to digital TV front-end by network channel with the numbering of master card and string, and handset number sends to digital TV front-end by network channel with the numbering of subcard and string;
Behind the numbering of the numbering that b, digital TV front-end are received master card and string number, subcard and the string number, the log-on message of Query Database master card and subcard, as the numbering of the numbering that receives master card and string number and subcard and string number mate with log-on message, then authentication success; Otherwise authentification failure;
C, digital TV front-end are passed authentication result back main frame by network channel;
D, as authentication success, then main frame sends to handset with the PDK that digital TV front-end sends the subcard of main frame separately to; As authentification failure, main frame shows the message of authentification failure by television set.
Subcard among the present invention is different from IC-card of the prior art, and the PDK of IC-card is stored in the IC-card chip in the prior art.Do not have PDK in the subcard chip of the present invention, subcard does not have the PDK then can't the descrambling program stream, only could obtain the PDK of subcard from main frame after subcard is by the television headend authentication, thereby normally watch program.Need not that subcard is regularly inserted main frame and authenticate, avoid user's frequent operation.And main frame does not need to use wireless module to the only coaxial cable communication of need by being connected with its winding output interface of the PDK of handset transmission subcard.
In order to increase authenticating safety, can increase by one again and judge that the PDK of subcard sends the step of accuracy, promptly before step a, subcard inserts main frame for the first time, and main frame reads the numbering and the string number also preservation of subcard; Digital TV front-end also number sends the numbering of subcard and string separately to handset among the step c; In the steps d as authentication success, the numbering of the subcard during main frame also sends digital TV front-end separately to the numbering of subcard of main frame and string number and is kept at main frame and go here and there and number to compare, as identical, the PDK that then digital TV front-end is sent to the subcard of main frame separately sends to handset; Otherwise main frame will not transmitted the PDK of the subcard that receives.When using for the first time, subcard need be inserted main frame, main frame reads the numbering, string number of subcard and preserves, and later subcard inserts handset not to be needed to insert main frame again and authenticates, and can avoid user's frequent operation equally.
Further, the PDK that digital TV front-end transmits subcard separately is during to main frame, and for the fail safe of the PDK that guarantees subcard, the cipher mode after digital TV front-end can adopt the PDK of subcard and consult with main frame is encrypted the back and transmitted.
The invention has the beneficial effects as follows, neither influence the user and use that also do not increase the hardware cost of set-top box, it is convenient to implement, and can protect operator's interests to greatest extent.
Embodiment
The winding output interface of main frame links to each other with the input interface of handset by coaxial cable, and main frame links to each other with the network interface of subscriber household by the RJ45 netting twine with the Ethernet interface of handset; Network interface links to each other with digital TV front-end by network channel.
The certificate scheme key step is as follows:
One, authentication registration:
1) main frame and handset in advance in operator's place's registration, comprise the IC-card numbering, string number of the child and parent card of binding when buying, information such as the program bag of purchase and price, and log-on message can be stored in the digital TV front-end system; A main frame can be bound an estrade machine or a few estrade machine, and the user increases handset or original main frame in the future if desired, handset needs to change, and must locate to re-register to operator;
2) subcard inserts main frame for the first time and carries out authentication, and main frame reads information and these machines of being kept at such as subcard numbering, string number, if want to change the subcard of binding later on, must locate to re-register authentication to operator.And subcard is different with common IC-card, and the inside is not used in the PDK of deciphering EMM, that is to say that handset can not directly resolve program stream and watch program.IC-card is numbered the numeral number of 16 character strings that meet General Bureau of Radio, Film and Television's regulation, uses this number to come unique IC-card of determining.The IC-card string number is a physics numbering, has write down the production information of IC-card, the uniqueness production number information of RAS manufacturer during this number.Need two numbers all to mate and could pass through when authentication, this is in order to prevent the appearance of pirate card;
3) after the each start of main frame and handset, the authentication result that the return path (being the bilateral network passage) by Ethernet interface is passed back to digital TV front-end enrollment status and receiving digital television front end:
(3-1) main frame and handset number send to digital TV front-end by return path with the numbering of master card and subcard, string; The master card that is complementary and the numbering of subcard, string number must be sent by the consolidated network interface.If do not have the numbering of subcard, string number to send, can not influence main frame and watch program, but handset can not be watched program owing to can't receive the PDK of subcard;
(3-2) the authentication registration module of digital TV front-end receive master card and subcard numbering, the string number after, Query Database obtains the relevant information of master card and subcard, comprises whether this card registered, whether legal, the card state, the product bags of purchase etc. judge whether authentication is successful;
After (3-2) authentication finished, digital TV front-end sent authentication result message by return path, if authentication is passed through, set-top box does not deal with after receiving authentication result message; If authentication is not passed through, then set-top box will be handled this authentication result message, and notify the user on TV with the authentication result demonstration;
Two, digital TV front-end is sent to main frame with the PDK of subcard
1) the digital TV front-end system is to the program stream scrambling, and generate master card, subcard is ordered the required ECM information of program and the EMM information of subcard, broadcast away again after multiplexing, and the numbering of the EMM of master card and subcard, string number, PDK are encrypted the back and send main frame separately to by return path;
2) after main frame is received ECM, the EMM of master card, untie EMM, ECM, obtain CW and descrambling program stream, normally watch program according to normal descrambling program;
3) main frame with the numbering of the numbering of the subcard received, string number and the subcard of this machine of being kept at, go here and there and number compare, judge that whether this is exactly the PDK that sends to handset, enters step 3 in this way; Otherwise do not send the PDK of the handset that receives, and the demonstration corresponding message is notified the user to TV;
Wherein in the step 1) EMM of master card sent to main frame separately and mainly be consideration, also the EMM of master card can be sent by the form of broadcasting, only the numbering of subcard, string number, PDK are encrypted the back and send main frame separately to by return path for fail safe;
Three, main frame is sent to handset with the PDK of subcard
1) main frame will receive that the PDK of subcard is transferred to handset by the winding output interface with coaxial cable;
2) thus handset is obtained CW and descrambling program stream according to EMM, the ECM that the PDK of subcard deciphers handset successively, normally watch program.
At the foregoing description, need the new set-top box kernel of structure, the change of kernel can be realized by the mode of aerial upgrade, implement simple; The function that kernel need increase realization is as follows:
Main frame can be handled the EMM of the master card that return path transmits and the PDK of subcard; Handset can be deciphered the EMM of subcard by the PDK of the subcard that receives; The authentication of main frame and handset needs to be undertaken by the return path of Ethernet interface; Needing by Ethernet interface identity information to be passed back to front end after main frame and the handset start authenticates.
Claims (3)
- Primary-secondary card authentication method under [claim 1] digital television bidirectional network environment is characterized in that, may further comprise the steps:After a, main frame and the handset start, main frame number sends to digital TV front-end by network channel with the numbering of master card and string, and handset number sends to digital TV front-end by network channel with the numbering of subcard and string; The individual distributing key of no subcard in the chip of described subcard;Behind the numbering of the numbering that b, digital TV front-end are received master card and string number, subcard and the string number, the log-on message of Query Database master card and subcard, as the numbering of the numbering that receives master card and string number and subcard and string number mate with log-on message, then authentication success; Otherwise authentification failure;C, digital TV front-end are passed authentication result back main frame by network channel; Digital TV front-end sends the individual distributing key of subcard to main frame separately;D, as authentication success, then the main frame individual distributing key that digital TV front-end sent to the subcard of main frame separately sends to handset; As authentification failure, main frame shows the message of authentification failure by television set.
- [claim 2] be the primary-secondary card authentication method under the digital television bidirectional network environment according to claim 1, it is characterized in that, also comprises step x before step a;X, subcard insert main frame for the first time, and main frame reads the numbering and the string number also preservation of subcard;Among the described step c, digital TV front-end also number sends the numbering of subcard and string separately to main frame; In the described steps d as authentication success, the numbering of the subcard during main frame also sends digital TV front-end separately to the numbering of subcard of main frame and string number and is kept at main frame and go here and there and number to compare, as identical, the individual distributing key that then digital TV front-end is sent to the subcard of main frame separately sends to handset; Otherwise main frame will not transmitted the PDK of the subcard that receives.
- [claim 3] is characterized in that as the primary-secondary card authentication method under the digital television bidirectional network environment as described in the claim 2, and digital TV front-end number is sent to main frame with the numbering of the individual distributing key of subcard and subcard and string earlier among the step c after encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009103008061A CN101505403B (en) | 2009-03-12 | 2009-03-12 | Primary-secondary card authentication method under digital television bidirectional network environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009103008061A CN101505403B (en) | 2009-03-12 | 2009-03-12 | Primary-secondary card authentication method under digital television bidirectional network environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101505403A true CN101505403A (en) | 2009-08-12 |
| CN101505403B CN101505403B (en) | 2010-12-08 |
Family
ID=40977432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009103008061A Expired - Fee Related CN101505403B (en) | 2009-03-12 | 2009-03-12 | Primary-secondary card authentication method under digital television bidirectional network environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101505403B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065331A (en) * | 2010-10-18 | 2011-05-18 | 深圳市九洲电器有限公司 | Set-top box and starting method thereof |
| CN102378054A (en) * | 2011-10-09 | 2012-03-14 | 深圳创维数字技术股份有限公司 | Slave card authentication method and authentication system for digital set-top box (DSTB) |
| CN102572580A (en) * | 2012-01-31 | 2012-07-11 | 福建创频数码科技有限公司 | Method for descrambling set top box through network |
| CN101720012B (en) * | 2009-11-19 | 2012-09-26 | 北京数码视讯科技股份有限公司 | Primary and subsidiary cards for digital television condition receiving system and realization method thereof |
| CN104519377A (en) * | 2014-12-30 | 2015-04-15 | 康佳集团股份有限公司 | Method and system for television software storage release verification |
-
2009
- 2009-03-12 CN CN2009103008061A patent/CN101505403B/en not_active Expired - Fee Related
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101720012B (en) * | 2009-11-19 | 2012-09-26 | 北京数码视讯科技股份有限公司 | Primary and subsidiary cards for digital television condition receiving system and realization method thereof |
| CN102065331A (en) * | 2010-10-18 | 2011-05-18 | 深圳市九洲电器有限公司 | Set-top box and starting method thereof |
| CN102065331B (en) * | 2010-10-18 | 2013-10-30 | 深圳市九洲电器有限公司 | Set-top box and starting method thereof |
| CN102378054A (en) * | 2011-10-09 | 2012-03-14 | 深圳创维数字技术股份有限公司 | Slave card authentication method and authentication system for digital set-top box (DSTB) |
| CN102572580A (en) * | 2012-01-31 | 2012-07-11 | 福建创频数码科技有限公司 | Method for descrambling set top box through network |
| CN102572580B (en) * | 2012-01-31 | 2014-03-05 | 福建创频数码科技有限公司 | Method for descrambling set top box through network |
| CN104519377A (en) * | 2014-12-30 | 2015-04-15 | 康佳集团股份有限公司 | Method and system for television software storage release verification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101505403B (en) | 2010-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8243925B2 (en) | Method and apparatus for supporting multiple broadcasters independently using a single conditional access system | |
| CN101505403B (en) | Primary-secondary card authentication method under digital television bidirectional network environment | |
| CN102084664B (en) | Unit and method for secure processing of access controlled audio/video data | |
| US7937587B2 (en) | Communication terminal apparatus and information communication method | |
| EP2802152A1 (en) | Method for secure processing a stream of encrypted digital audio / video data | |
| CN104919810B (en) | Receive audio/video content | |
| CN104205855B (en) | Receive audio/video content | |
| CN100502496C (en) | Digital TV user authentication system based on mobile device | |
| CN105471533A (en) | Digital television emergency broadcast playing method and digital television terminal | |
| CN1890968B (en) | Broadcast conditional access system with impulse purchase capability in a two-way network | |
| CN103975604A (en) | Method and multimedia unit for processing a digital broadcast transport stream | |
| CN100442839C (en) | Information transmitting method and apparatus for interactive digital broadcast television system | |
| CN100531364C (en) | Method for implementing parameter registration of controlled access and digital publication right management system | |
| CN101316316A (en) | Method and device for activating software and hardware of television | |
| CN102340702A (en) | IPTV (Internet protocol television) network playing system and rights management and descrambling method based on USB (Universal serial bus) Key | |
| CN103702173B (en) | System of encrypting and controlling digital television recorded program segments | |
| CN100521772C (en) | Method for restricting number of channel watched by user at same time | |
| CN101202893A (en) | Method, system for preventing non-authorization user from obtaining service and video server | |
| KR100729083B1 (en) | Method for authorizing user in cable set-top box | |
| CN103237245A (en) | Vehicle-mounted DVB (Digital Video Broadcasting) conditional access system for identifying set-top-box identity | |
| EP3228062B1 (en) | Improvements to a television signal reception device and system | |
| CN101198012A (en) | Method for binding machine and card in mobile multimedia broadcasting system | |
| CN100571369C (en) | A kind of method that in mobile multimedia broadcast system, realizes binding machine and card | |
| CN101505402A (en) | Authentication method for uni-directional network digital television conditional receiving system terminal deciphering module | |
| CN114727155B (en) | Multimedia data service processing device, system and method based on I-PON |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101208 |