CN101714904B - Key management system and method - Google Patents

Key management system and method Download PDF

Info

Publication number
CN101714904B
CN101714904B CN2008102115979A CN200810211597A CN101714904B CN 101714904 B CN101714904 B CN 101714904B CN 2008102115979 A CN2008102115979 A CN 2008102115979A CN 200810211597 A CN200810211597 A CN 200810211597A CN 101714904 B CN101714904 B CN 101714904B
Authority
CN
China
Prior art keywords
key
encrypted
scrambler
key information
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2008102115979A
Other languages
Chinese (zh)
Other versions
CN101714904A (en
Inventor
柯尊友
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2008102115979A priority Critical patent/CN101714904B/en
Publication of CN101714904A publication Critical patent/CN101714904A/en
Application granted granted Critical
Publication of CN101714904B publication Critical patent/CN101714904B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention discloses key management system and method. In the method, a plurality of safe systems generate and manage respective key information, wherein each safe system provides management key information to a scrambler and terminals under the condition that encryption information is needed; and the scrambler acquires the key information partially or fully provided by the safe systems to encrypt the pre-encryption key of data and sends the pre-encryption data and encrypted pre-encryption key to the terminals. By the technical scheme, different safe systems based on service provided by different operators are set, jointly or independently encrypt the data scrambled by the scrambler and can achieve the aim that a plurality of operators jointly participate and control the multimedia multicast service.

Description

Key management system and method
Technical field
The present invention relates to the communications field, and especially, relate to a kind of key management system and method.
Background technology
China mobile multi-media broadcasting technology is a kind of technology that multimedia service is provided for the user on the mobile network.China mobile multi-media broadcasting technology can realize that point-to-multipoint service and Internet resources share; Promptly; Data are sent to a plurality of users in individual data source by operator provides, and this technology has improved utilization rate of network resource, have especially improved the utilance of the interface resource of eating dishes without rice or wine.
In CMMB, generally employing condition is accepted system's (ConditionalAccess System abbreviates CAS as) access control is carried out in the service that provides.The major function of CAS is exactly to guarantee that the service that operator is provided is transmitted to encrypt and license, that is, guarantee to have only the user who has paid or be about to pay just can watch ordered program.In addition, mobile multimedia broadcast system also can adopt other safety system to carry out safety encipher and access control.
Network with the mobile multimedia broadcast system that adopts CAS is an example below, and the business procedure of mobile multi-media broadcasting service is described.
Fig. 1 shows the network configuration of the mobile multimedia broadcast system that adopts CAS; As shown in Figure 1; Mobile multimedia broadcast system comprises following network element at least: cas system, electron service instruction (Electronic Service Guide; Abbreviate ESG as), program provides unit, multiplexing and transmission system and user terminal, wherein, cas system comprises safety system and scrambler again.
As shown in Figure 1; Safety system among the CAS and scrambler are encrypted the data flow of the program that needs are encrypted; Information such as the data flow of data encrypted stream, unencrypted program and ESG are sent to user terminal through multiplexing with transmission system together, thereby on the mobile network, have realized the multicast and the broadcasting of multimedia service.
Two key technologies among the CAS are transmission scrambling (Scrambling) technology and control descrambling (Descrambling) technology.
Wherein, Signal scrambling technique is to pass through scrambler under the control of control word (ControlWord abbreviates CW as) at transmitting terminal, and some characteristic of the service (program) that change or control are transmitted (promptly; Program is encrypted), make uncommitted user can't obtain this service.On the other hand, the descrambling technology is to user side an enciphered message to be provided by transmitting terminal, and authorized users end descrambler utilizes this enciphered message that the data that receive are carried out descrambling.This enciphered message is produced by the safety system of CAS, and is configured in the transmission information and sends user side to.
Visible from the principle of above-mentioned signal scrambling technique and descrambling technology, the core that receives service (program) conditionally is exactly to transmit above-mentioned enciphered message (in following enciphered message being called key) safely.
Fig. 2 shows the model of the key of simplification, and is as shown in Figure 2, and key is made up of two encryption keys that three keys form through twice encryption, that is, and and key 1 (for example, encryption forms to CW by SK) and key 2 (for example, encryption forms to SK by UK).
Fig. 3 shows the generation and the encrypted process of key in the correlation technique, and is as shown in Figure 3, comprises following processing procedure:
At first, a low level key (Lower Level Key abbreviates LLK as) is encrypted, for example, CW is encrypted generation key 1 through business cipher key (Service Key abbreviates SK as) by a high-order key (Higher Level Key abbreviates HLK as).Wherein, CW be used for its control down scrambler program stream is carried out scrambling, SK is used for controlling the service that operator provides, and SK can often change according to the requirement of operator, the use of SK is generally relevant with the user charges condition.
Need to prove that HLK and LLK are a pair of relative notions, carry out encrypted secret key and be called as HLK that encrypted key is called as LLK.
Secondly, though SK encrypts CW, also must encrypt again SK further from security purpose.As shown in Figure 3, SK is carried out encrypted secret key again set by the user, be commonly called individual distributing key (PersonalDistributed Key abbreviates PDK as) or user key (User Key abbreviates UK as).UK (showing as a sequence number usually) is generally produced and strict control by safety system equipment such as CAS automatically; And the special equipment that is provided through safety system by Virtual network operator is with programmable read only memory (the Programmable Read-Only Memory of the descrambler of the burned terminal equipment of this sequence number; Abbreviate PROM as) in, can not read again.UK encrypts the key that is generated to SK and is appreciated that and is the key shown in Fig. 22.
Through the key 1 and key 2 that form after above-mentioned twice encryption, this key is configured in the transmission information and through the program stream after the scrambling and is sent to user side together.
In addition; In finally being transferred to user's data stream; Comprise that program stream and two control datas after the scrambling flow, as shown in Figure 3, these two control datas streams are Entitlement Control Message (Entitle Control Message; Abbreviate ECM as) and Entitlement Management Message (EntitleManage Message abbreviates EMM as).Key 1 after transmission is encrypted CW by SK among the ECM, and also comprise information such as program source, time, classifying content and program price among the ECM, the key 2 after transmission is encrypted SK by UK among the EMM, and also comprise address, authorized user message among the EMM.Like this, just all contain following three kinds of information in the encrypting traffic of any program that sends the user to, promptly; CAS descriptor, original special flow information (for example, ECM is comprising key 1) and description conditional access management information are (for example; EMM is comprising key 2).
In the reality operation; On the value chain of CMMB, may relate to operator in many ways; Yet existing CMMB can only for different services (promptly; The program that provides by different operators) identical encryption is provided, can't associating be provided for operator in many ways or cryptographic services independently, therefore operator can not control the transmission and the reception of service (program) effectively in many ways.
To supporting the professional problem of the operation of operator's corporate management in many ways in the above-mentioned China mobile multi-media broadcasting technology, effective solution is not proposed as yet at present.
Summary of the invention
Consider the problems referred to above and make the present invention, for this reason, main purpose of the present invention is to provide a kind of key management system and method, can not support the professional problem of the operation of operator's corporate management in many ways in the correlation technique to solve.
According to an aspect of the present invention, a kind of key management system is provided.
Key management system according to the present invention comprises: a plurality of safety systems, be used to produce and manage key information separately, and for each safety system, and the key information of its management is provided to scrambler and terminal under the situation that needs are encrypted;
Scrambler, the key information that partly or entirely provides that is used for obtaining by a plurality of safety systems is encrypted the preparatory encryption key of data, and the preparatory encryption key of preparatory ciphered data and encryption is sent to the terminal.
Wherein, utilize in a plurality of safety systems under the preassigned situation of encrypting more than the key information of a safety system at scrambler, the processing that scrambler is encrypted is specially:
Utilize one by one and specify the key information of safety system to encrypt; Wherein, After the key information of a safety system of the every usefulness of scrambler is encrypted; With the output result of this encryption as the low level key, and will after the key information of other safety system as high-order key this low level key is encrypted, and obtain the result of multi-layer security; Perhaps
Scrambler calls through predetermined low level secret key cryptographic algorithm specifies the key information of safety system to encrypt, and the result who obtains encrypting.
In addition, this system can further comprise: program provides system, is used for providing to scrambler the data of not encrypted.
And, receive the data of not encrypted at scrambler after, utilize preparatory encryption key that the data of not encrypted are encrypted, with encrypted result as preparatory ciphered data.
In addition, above-mentioned key information comprises: business cipher key and/or individual distributing key; Perhaps comprise multimedia broadcast-multicast service key, multimedia broadcasting and multicast transmission security key and/or multimedia broadcasting and multicast user key; Encryption key is a control word in advance.
According to a further aspect in the invention, a kind of key management method is provided.
Key management method according to the present invention comprises: a plurality of safety systems produce also management key information separately, wherein, for each safety system, the key information of its management are provided to scrambler and terminal under the situation that needs are encrypted; Scrambler obtains by the key information that partly or entirely provides in a plurality of safety systems the preparatory encryption key of data is encrypted, and the preparatory encryption key of preparatory ciphered data and encryption is sent to the terminal.
Wherein, before scrambler is encrypted preparatory ciphered data, further comprise:
Scrambler receives the data that the not encrypted of system is provided from program, utilizes preparatory encryption key that the data of not encrypted are encrypted, with encrypted result as preparatory ciphered data.
In addition, utilize in a plurality of safety systems under the preassigned situation of encrypting more than the key information of a safety system at scrambler, concrete ciphering process is:
Utilize one by one and specify the key information of safety system to encrypt; Wherein, After the key information of a safety system of the every usefulness of scrambler is encrypted; With the output result of this encryption as the low level key, and will after the key information of other safety system as high-order key this low level key is encrypted, and obtain the result of multi-layer security; Perhaps
Scrambler calls through predetermined low level secret key cryptographic algorithm specifies the key information of safety system to carry out multi-layer security, and obtains the result of multi-layer security.
In addition, this method can further comprise: the terminal receives from a plurality of safety systems carries out encrypted secret key information to preparatory encryption key, and receives preparatory encryption key and preparatory ciphered data from scrambler.
In addition, above-mentioned key information comprises: business cipher key and/or individual distributing key; Perhaps comprise multimedia broadcast-multicast service key, multimedia broadcasting and multicast transmission security key and/or multimedia broadcasting and multicast user key; Encryption key is a control word in advance.
Through technique scheme of the present invention; Can be through the different security system being set based on the service that different operators provided; Thereby adopt the different encrypted mode to carry out combining encryption, reach the purpose of operator's fellowship control multimedia multicast and multicast service in many ways to data or through the data after the scrambler scrambling.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the structured flowchart according to the mobile multimedia broadcast system of the employing CAS of correlation technique;
Fig. 2 is the simplification key models sketch map according to correlation technique;
Fig. 3 is according to the key generation of correlation technique and the sketch map of ciphering process;
Fig. 4 is the network configuration block diagram of the mobile multimedia broadcast system of key management system in practical application of system according to the invention embodiment;
Fig. 5 is the block diagram of the key management system of system according to the invention embodiment;
Fig. 6 is the concise and to the point processing sketch map of encrypting through key in the key management system of system according to the invention embodiment;
Fig. 7 is the processing sketch map of the mode one of encrypting through key in the key management system of system according to the invention embodiment;
Fig. 8 is the detailed process sketch map of the mode one of encrypting through key in the key management system of system according to the invention embodiment;
Fig. 9 is the flow chart according to the key management method of the inventive method embodiment.
Embodiment
Functional overview
The present invention is directed in the correlation technique and can't independently cryptographic services be provided separately for how tame operator; From more system and more comprehensively angle; A kind of key management system and method have been proposed; Based on the service that different operators provided the different security system is set; And these safety systems adopt the different encrypted mode to jointly encrypting through the data after the scrambler scrambling, make that operator can control the key generation of the multi-media broadcasting service among the mobile network simultaneously and use in many ways.
Network configuration
Below in conjunction with accompanying drawing the applied network configuration of the present invention is described.
As shown in Figure 4; The related function network element of the applied network of the present invention comprises at least: program provide module, scrambler, a plurality of safety system (safety system 1 ..., safety system n), multiplexing and transmission system, electron service instruction (ESG) unit and user terminal; And program provides module, scrambler, electron service instruction unit and user terminal all to be connected to multiplexing and transmission system.
Particularly, safety system is responsible for the generation and the management of key, and to scrambler and terminal key is provided, and this safe unit can comprise one and more than one safety system formation, and these safety systems all are connected with scrambler.To describe the present invention in detail below.
System embodiment
According to the embodiment of the invention, a kind of key management system at first is provided, can realize the purpose of combined ciphering through this system.
Fig. 5 shows the brief configuration of the key management system of system according to the invention embodiment; As shown in Figure 5; The key management system of system according to the invention embodiment comprises: a plurality of safety system 502, scrambler 504 and program provide system 506; In the above-mentioned network architecture that is used for combined ciphering, each in the safety system 502 lays respectively at a different encrypted layer.
The processing procedure that reaches therebetween in the face of above-mentioned component part down is elaborated.
(that is, the safety system 502-1 shown in Fig. 5 is to safety system 502-n, and these safety systems can lay respectively at different operators for a plurality of safety systems 502; Thereby management belongs to the key information of operator separately); Be used to produce and manage key information separately, comprising the safety system of any number, for each safety system; Under the situation that needs are encrypted, the key information of its management can be provided to scrambler and terminal.Wherein, the type of safety system can be conditional access system (CAS) and 3GPP safety system.
Scrambler 504, the key information that partly or entirely provides that is used for obtaining by a plurality of safety systems is encrypted the preparatory encryption key of data, and the preparatory encryption key of preparatory ciphered data and encryption is sent to the terminal.
Program provides system 506, is used for providing to scrambler 504 data of not encrypted, after scrambler 504 receives the data of not encrypted, utilizes preparatory encryption key that the data of not encrypted are encrypted, with encrypted result as preparatory ciphered data.
In addition, the terminal can obtain the key information from each safety system, receives the program data of encrypting from scrambler 504, and the ciphered program data and the presenting programs that use this key information that obtains deciphering to be received.
When the key management system of present embodiment was realized the key management method of following method embodiment, each component part processing procedure of native system was following.
Scrambler 504 utilize in a plurality of safety systems 502 preassigned more than a safety system (promptly; Safety system 502-1 any two or more safety systems to the safety system 502-n) under the situation of key information to the encryption of the preparatory encryption key of data, the processing that scrambler 504 is encrypted is specially:
(mode one) utilizes the key information of above-mentioned appointment safety system to encrypt one by one; Wherein, After the key information of a safety system of scrambler 504 every usefulness is encrypted; With the output result of this encryption as the low level key, and will after the key information of other safety (safety system that the next one is encrypted) system as high-order key this low level key is encrypted, and obtain the result of multi-layer security; Perhaps
(mode two) scrambler 504 carries out multi-layer security through the key information that predetermined low level secret key cryptographic algorithm calls above-mentioned appointment safety system, and obtains the result of multi-layer security.
To combine accompanying drawing to describe this two kinds of cipher modes respectively below.
Fig. 6 shows and adopts these two kinds of processing procedures that cipher mode is encrypted.As shown in Figure 6, a plurality of safety systems use high-order separately key (Higher Level Key abbreviates HLK as) that a low level key (Lower Level Key abbreviates LLK as) is encrypted, and export an encryption key at last.As above, HLK and LLK are a pair of relative notions, carry out encrypted secret key and are called as HLK, and encrypted key is called as LLK.
In CAS, HLK and LLK possibly corresponding situation have: HLK is user cipher (User Key abbreviates UK as), and LLK is SK; HLK is SK, and LLK is CW, and wherein, CW can be used as preparatory encryption key;
And in the 3G network system; HLK and LLK possibly corresponding situation have: HLK is multimedia broadcast-multicast service (Multimedia Broadcast Multicast Service; Abbreviate MBMS as) user key (MBMS User Key; Abbreviate MUK as), LLK is MBMS Service Key (MBMS Service Key abbreviates MSK as); HLK is MSK, and LLK is MTK (MBMS Traffic Key abbreviates MTK as).
Fig. 7 has carried out further refinement on ciphering process basis shown in Figure 6.
Wherein, Fig. 7 shows the detailed process process of utilizing mode one to carry out secret key encryption, and is as shown in Figure 7, and safety system 1 utilizes its key information HLK1 to HLK n that the LLK of scrambler is encrypted to safety system n successively; That is, HLK encrypts LLK or the LLK that encrypted successively, for example; HLK1 encrypts output LLK1 to LLK, and HLK2 encrypts LLK1, output LLK2; The rest may be inferred, finally exports the key information LLK n after encrypting, and send to user terminal through transmission system.
Need to prove that LLK and HLK can be respectively control word (CW) and the business cipher keys (SK) among the CAS, also can be MTK and the MSK in the 3G network.
In encryption shown in Figure 7, following disposition may be arranged:
In CAS, at first, SK is as HLK, and CW is as LLK, and SK encrypts CW, and then, UK is as HLK, and SK is as LLK, and UK encrypts SK.In 3G network, at first, MSK is as HLK, and MTK is as LLK, and MSK encrypts MTK, and then, MUK is as HLK, and MSK is as LLK, and MUK encrypts MSK.
Fig. 8 shows by the way a processing procedure of encrypting in further detail.In processing shown in Figure 8, the SK after the UK encryption of each safety system is transmitted through EMM, and the CW after the SK encryption is transmitted through ECM, and also transmit the program data of scrambling simultaneously.
Fig. 6 shows the processing procedure of two generation keys by the way.As shown in Figure 6; With key information HLK (HLK1; HLK2 ..., HLK n) LLK being encrypted of (security module 1 is to the key information of safety system n) as input parameter, scrambler can once be carried out LLK (can be preparatory encryption key) is encrypted according to predetermined each HLK of encryption LLK algorithm invokes; Key after obtaining encrypting, and this key is exported to user terminal through transmission system.Like this, just can replace a plurality of operators to carry out unified once encryption through believable third party.
Under the situation that employing mode two is encrypted, need to prove that LLK among Fig. 6 and HLK can be respectively control word (CW) and the business cipher keys (SK) among the CAS, and MTK in the 3G network and MSK.And in CAS, SK also need encrypt SK with UK after CW is encrypted, and at this moment, SK is LLK, and UK is HLK.UK offers the terminal through out-band method; Among the PROM like the burned descrambler of special equipment that provides through safety system by Virtual network operator; In order to ensure safety, can not read again, also can be before hair fastener; Write in the Universal Integrated Circuit Card (Universal Integrated Circuit Card abbreviates UICC as) that uses at the terminal.
Although being example with CAS and 3G system is illustrated the management method of key before; But; It will be appreciated by those skilled in the art that other exists all can adopt similar mode to encrypt in the hierarchical relationship key cordless communication network, enumerate no longer one by one here.
Can further comprise according to key management system of the present invention: multiplexing (not shown in Fig. 5 with transmission system; Its position and annexation can be as shown in Figure 4), be used for exporting the result of multi-layer security, employed key information, encryption and/or unencrypted data to relevant terminal.
After a plurality of safety systems and scrambler were encrypted programme content together, in subscriber terminal side, the terminal at first obtained business cipher key, for example SK or MSK from safety system; From ciphered program stream, obtain program current cipher key then, like MTK, perhaps the acquisition program current cipher key can also be deciphered to business cipher key in the terminal, for example, obtains CW or MTK with SK or MSK deciphering, uses CW or MTK deciphering and reduction program stream data at last.
In addition; Multiplexing and transmission system may further include: the first multiplexing and transmission subsystem; Be used for encrypting under the result's's (utilizing aforesaid way one to encrypt) who obtains multi-layer security the situation at scrambler; The encrypted result that obtains after utilizing first key information to encrypt (that is the preparatory encryption key of encryption) is sent to terminal (that is, sending through the first above-mentioned encryption layer) through authorization control message;
The second multiplexing and transmission subsystem; Be used for encrypting under the result's who obtains multi-layer security the situation at scrambler; With the encrypted result that obtains after utilizing second key information to encrypt (promptly; The LLK that encrypts) sends to terminal (that is, sending) through entitlement management message through the second above-mentioned encryption layer;
Wherein, First multiplexing and the transmission subsystem and/or second multiplexingly is further used for encrypting under the result's's (two encrypting by the way) who obtains encrypting the situation at scrambler with transmission system; The result who encrypts is sent to terminal (that is, sending through the first above-mentioned encryption layer or second encryption layer) through Entitlement Control Message or entitlement management message.
Pass through such scheme; Can realize the key management method that provides among the following method embodiment; That is, a plurality of safety systems are set, and generate multilayer or unified encrypted secret key successively through these safety systems; Scrambler utilizes this key that data are encrypted then, can make how tame operator unite the participation cipher controlled.
Method embodiment
According to embodiments of the invention, a kind of key management method also is provided, this method is applied to above-mentioned key management system (with reference to figure 5).
Fig. 9 shows the handling process according to key management method of the present invention; As shown in Figure 9; Key management method according to the present invention comprises: step S902, and a plurality of safety systems produce and management key information separately, wherein; For each safety system, the key information of its management is provided to scrambler and terminal under the situation that needs are encrypted; Step S904; Scrambler obtains the key information that is provided by partly or entirely (can through specific mode confirm) in advance in a plurality of safety systems the preparatory encryption key of data is encrypted, and the preparatory encryption key of preparatory ciphered data and encryption is sent to the terminal.
Be elaborated in the face of above-mentioned steps down.
Before scrambler is encrypted preparatory ciphered data; This method can further comprise: scrambler receives the data that the not encrypted of system is provided from program; Utilize preparatory encryption key that the data of not encrypted are encrypted, with encrypted result as preparatory ciphered data.
And this method may further include: export the result of multi-layer security to relevant terminal.
In addition, this method can further comprise: will encrypt employed key information and send to relevant terminal.Safety system can use the CMMB in-band method with last key through the output of output module as a result, also can use its out-band method will last key to export through output module as a result, for example, issue relevant key information through mobile communications network.
Afterwards, the terminal receives from a plurality of safety systems carries out encrypted secret key information to preparatory encryption key, and receives preparatory encryption key and preparatory ciphered data from scrambler, realizes the deciphering to data.
Utilize in a plurality of safety systems under the preassigned situation of key information to the encryption of data more than a safety system at scrambler, the processing of encrypting specifically can be with reference to above-mentioned mode one and mode two.
Method of encrypting can be after the key information of a safety system of the every usefulness of scrambler is encrypted; With the output result of this encryption as the low level key; And will after the key information of other safety system as high-order key this low level key is encrypted, and obtain result's (aforesaid way one) of multi-layer security.For example, in CAS, a plurality of SK that provided by a plurality of operators encrypt CW respectively successively; That is, SK1 encrypts back output CW1 to CW, and SK2 encrypts CW1 again; And output CW2, encrypt so successively, until last output CW n; That is, the key information behind the multi-layer security, its detailed process can be with reference to Fig. 6 to Fig. 8.
Perhaps, method of encrypting also can be that scrambler is encrypted through the key information that predetermined low level secret key cryptographic algorithm calls the appointment safety system, and the result who obtains encrypting (aforesaid way two).For example; The a plurality of SK that provided by a plurality of operators are input in the encrypting module as parameter respectively, (that is, SK) CW are encrypted according to each parameter of algorithm for encryption module invokes of encrypting CW; Export the key information behind the multi-layer security at last, its detailed process can be with reference to Fig. 6.
After a plurality of safety systems and scrambler were encrypted programme content together, in subscriber terminal side, the terminal at first obtained business cipher key from safety system; For example SK or MSK obtain program current cipher key, then like MTK from ciphered program stream; Perhaps, the acquisition program current cipher key can also be deciphered to business cipher key in the terminal, for example; Obtain CW with the SK deciphering, use CW or MTK deciphering and reduction program stream data at last.
In sum; By technical scheme provided by the invention; Through with high-order password the low level password being encrypted the password that obtains a multi-layer security successively, and program data is encrypted, the key that makes operator in many ways can jointly control the multi-media broadcasting service among the mobile network produces and uses; And feasible operator in many ways can jointly control the transmission and the reception of service (program), and having reached in many ways, operator unites the purpose of participating in mobile multi-media broadcasting service.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. a key management system is characterized in that, comprising:
A plurality of safety systems are used to produce and manage key information separately, and for each safety system, and the key information of its management is provided to scrambler and terminal under the situation that needs are encrypted;
Said scrambler, the key information that partly or entirely provides that is used for obtaining by said a plurality of safety systems is encrypted the preparatory encryption key of data, and the preparatory encryption key of the said data that will encrypt in advance and encryption sends to said terminal.
2. system according to claim 1 is characterized in that, utilizes in said a plurality of safety system under the preassigned situation of encrypting more than the key information of a safety system at said scrambler, and the processing that said scrambler is encrypted is specially:
Utilize the key information of said appointment safety system to encrypt one by one; Wherein, After the key information of a safety system of the every usefulness of said scrambler is encrypted; With the output result of this encryption as the low level key, and will after the key information of other safety system as high-order key this low level key is encrypted, and obtain the result of multi-layer security; Perhaps
Said scrambler is encrypted through the key information that predetermined low level secret key cryptographic algorithm calls said appointment safety system, and the result who obtains encrypting.
3. system according to claim 1 is characterized in that, further comprises:
Program provides system, is used for providing to said scrambler the data of not encrypted.
4. system according to claim 3 is characterized in that, receive the data of said not encrypted at said scrambler after, utilize said preparatory encryption key that the data of said not encrypted are encrypted, with encrypted result as said preparatory ciphered data.
5. according to each described system in the claim 1 to 4, it is characterized in that said key information comprises: business cipher key and/or individual distributing key; Perhaps comprise multimedia broadcast-multicast service key, multimedia broadcasting and multicast transmission security key and/or multimedia broadcasting and multicast user key; Said preparatory encryption key is a control word.
6. a key management method is characterized in that, comprising:
A plurality of safety systems produce also management key information separately, wherein, for each safety system, the key information of its management are provided to scrambler and terminal under the situation that needs are encrypted;
Said scrambler obtains by the key information that partly or entirely provides in said a plurality of safety systems the preparatory encryption key of data is encrypted, and the preparatory encryption key of the said data that will encrypt in advance and encryption sends to said terminal.
7. method according to claim 6 is characterized in that, before said scrambler is encrypted said preparatory ciphered data, further comprises:
Said scrambler receives the data that the not encrypted of system is provided from program, utilizes said preparatory encryption key that the data of said not encrypted are encrypted, with encrypted result as said preparatory ciphered data.
8. method according to claim 6 is characterized in that, utilizes in said a plurality of safety system under the preassigned situation of encrypting more than the key information of a safety system at said scrambler, and concrete ciphering process is:
Utilize the key information of said appointment safety system to encrypt one by one; Wherein, After the key information of a safety system of the every usefulness of said scrambler is encrypted; With the output result of this encryption as the low level key, and will after the key information of other safety system as high-order key this low level key is encrypted, and obtain the result of multi-layer security; Perhaps
Said scrambler carries out multi-layer security through the key information that predetermined low level secret key cryptographic algorithm calls said appointment safety system, and obtains the result of multi-layer security.
9. method according to claim 6 is characterized in that, further comprises:
Said terminal receives from said a plurality of safety systems carries out encrypted secret key information to said preparatory encryption key, and receives said preparatory encryption key and said preparatory ciphered data from said scrambler.
10. according to each described method in the claim 6 to 9, it is characterized in that said key information comprises: business cipher key and/or individual distributing key; Perhaps comprise multimedia broadcast-multicast service key, multimedia broadcasting and multicast transmission security key and/or multimedia broadcasting and multicast user key; Said preparatory encryption key is a control word.
CN2008102115979A 2008-10-08 2008-10-08 Key management system and method Expired - Fee Related CN101714904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008102115979A CN101714904B (en) 2008-10-08 2008-10-08 Key management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008102115979A CN101714904B (en) 2008-10-08 2008-10-08 Key management system and method

Publications (2)

Publication Number Publication Date
CN101714904A CN101714904A (en) 2010-05-26
CN101714904B true CN101714904B (en) 2012-05-09

Family

ID=42418200

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008102115979A Expired - Fee Related CN101714904B (en) 2008-10-08 2008-10-08 Key management system and method

Country Status (1)

Country Link
CN (1) CN101714904B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156229A (en) * 2015-04-27 2016-11-23 宇龙计算机通信科技(深圳)有限公司 The processing method of file, device and terminal in a kind of multiple operating system terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1349182A (en) * 2000-07-12 2002-05-15 株式会社东芝 Encipher decipher devices and device for producing expanded key, method and recording medium therefor
CN1902605A (en) * 2004-01-06 2007-01-24 索尼株式会社 Data communicating apparatus and method for managing memory of data communicating apparatus
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1349182A (en) * 2000-07-12 2002-05-15 株式会社东芝 Encipher decipher devices and device for producing expanded key, method and recording medium therefor
CN1902605A (en) * 2004-01-06 2007-01-24 索尼株式会社 Data communicating apparatus and method for managing memory of data communicating apparatus
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Also Published As

Publication number Publication date
CN101714904A (en) 2010-05-26

Similar Documents

Publication Publication Date Title
JP4705958B2 (en) Digital Rights Management Method for Broadcast / Multicast Service
CN1933393B (en) Inter-entity coupling method, apparatus and system for content protection
US7698568B2 (en) System and method for using DRM to control conditional access to broadband digital content
EP1452027B1 (en) Access to encrypted broadcast content
AU2004288307B2 (en) System and method for using DRM to control conditional access to broadband digital content
CN100442839C (en) Information transmitting method and apparatus for interactive digital broadcast television system
CN102111681B (en) Key system for digital television broadcast condition receiving system
CN101656583B (en) Key management system and key management method
CN100364332C (en) Method for protecting broadband video-audio broadcasting content
US11308242B2 (en) Method for protecting encrypted control word, hardware security module, main chip and terminal
CN101883102A (en) Link generation method
CN101562520B (en) Method and system for distributing service secret keys
CN100547955C (en) A kind of method of protecting mobile multimedia service, system and equipment
CN101321261B (en) Front-end system, user terminal and authorization management information distribution method
CN101145932B (en) A realization method and system for program stream secret key in mobile multi-media broadcast service
CN101505400B (en) Bi-directional set-top box authentication method, system and related equipment
CN100479354C (en) Method for transmitting condition receiving information in mobile multimedia broadcast network
CN100544429C (en) A kind of mobile phone TV services content protecting method
CN101521668A (en) Method for authorizing multimedia broadcasting content
CN101217358A (en) An activation method of digital broadcast service system and digital broadcast service
CN101714904B (en) Key management system and method
CN103546767A (en) Content protection method and system of multimedia service
KR20130096575A (en) Apparatus and method for distributing group key based on public-key
CN101198011B (en) Method for transmitting condition receiving information in mobile multimedia broadcasting network
EP2141924A1 (en) Process to ensure massive data diffusion security, and devices associated

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120509

Termination date: 20171008

CF01 Termination of patent right due to non-payment of annual fee