CN101895393A - IPTV (Internet Protocol Television) user security terminal - Google Patents
IPTV (Internet Protocol Television) user security terminal Download PDFInfo
- Publication number
- CN101895393A CN101895393A CN2009100854576A CN200910085457A CN101895393A CN 101895393 A CN101895393 A CN 101895393A CN 2009100854576 A CN2009100854576 A CN 2009100854576A CN 200910085457 A CN200910085457 A CN 200910085457A CN 101895393 A CN101895393 A CN 101895393A
- Authority
- CN
- China
- Prior art keywords
- module
- key
- user
- storage
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention relates to an IPTV (Internet Protocol Television) user security terminal which comprises an identity authentication module, an authorization information decryption module, an authorization storage and management module, a key storage and management module, a key decryption module, a content descrambling module, an uplink information encryption module, a decoding module and a user input module, wherein the identity authentication module comprises an elliptic curve cryptosystem signature module and an elliptic curve cryptosystem verification module. The terminal ensures that only authorized users can watch programs based on good interactivity of the IPTV by means of identity authentication, authorization management, secret key encryption protection, content encryption protection and the like. The user security terminal has favorable expansibility, can satisfy live broadcast, VOD broadcast and other services of the IPTV, and can effectively protect the security of the digital media content of the IPTV.
Description
Technical field
The present invention relates to IPTV (Internet Protocol Television) Secure Application technology, particularly a kind of IPTV user security terminal.
Background technology
It is the media services of display terminal based on the digital audio/video resource with television set, computer etc. that IPTV is based on a kind of of broadband internet, is the new business that produces after Internet service and the traditional tv integrated services.IPTV is based on audio-video frequency content and professional system for conducting business Content Management, that open, mutual; because digitized programme content is broadcast and is had many potential safety hazards in the process on the IP network; therefore, effective copyright management can realize the copyright protection and the legal consumption of audio/video program.The safety of protection IPTV digital media content copyright; need set up the security mechanism that a cover comprises encryption, authentication and rights management; by adopting media content encryption, authentication, issuing security means such as authority of a user licence; making has only the user of mandate could consume specific program; have only the program of permission to broadcast, prevent illegal broadcast, illegal rating and illegal the propagation.
The fail safe of IPTV user terminal and reliability are to guarantee a key link of IPTV digital media content safety, concern the success or failure of IPTV total system safety.The present invention proposes to be applicable to the user security terminal system of IPTV live broadcast service and demand (telecommunication) service in conjunction with platform identity, business characteristic, the demand for security of IPTV.
Summary of the invention
The objective of the invention is to, solve the technical problem of IPTV user terminal potential safety hazard.
For achieving the above object, the invention provides a kind of IPTV security terminal, comprise authentication module, authorization message deciphering module, authorize storage and management module, key storage and management module, cipher key decryption block, content descrambling module, uplink information encrypting module, decoder module and user's input module.Wherein, described authentication module comprises ECC (Elliptic Curve Cryptosystems, elliptic curve cryptosystem) signature blocks and ECC authentication module.
Described ECC authentication module is responsible for the mandate release information that receives is carried out authentication, and described ECC signature blocks is responsible for uploading the signature of data, and the described data of uploading are the uplink informations such as user's registration, order or authority application after encrypting.
Described authorization message deciphering module is responsible for the right object (RO to receiving, Right Object) information data is decrypted, the key that decrypts is delivered to described key storage and management module and is preserved, and the authority information that solves is delivered to described mandate storage and management module and preserved.
Described mandate storage and management module is responsible for the authority information that receives is resolved, and carries out the function of rights management, comprises the validity of verifying authorization, controls the use of the key that is used for decryption content etc. by authority information.Store the authority information of each program, and whether can consume, duplicate or forwarding etc. program according to authority content control.
Described key storage and management module cooperates described mandate storage and management module to realize the storage and management of various keys, comprise the safe storage of guaranteeing key, and provide rational key memory address/space management and scheduling, key to inquire about/call functions such as management.
Described cipher key decryption block is responsible for content key is decrypted, if the authority of corresponding program in tolerance band, decrypted content keys then, and give described content descrambling module, descrambling programme content content key.
Described content descrambling module is responsible for digital media content that the service front end is provided, and promptly Chuan Shu program stream carries out descrambling, sends the broadcast of decoding of described decoder module then to.
Described user's input module be responsible for uplink information (comprising related service solicited message and user labels such as user's registration, program ordering, authority application) in accordance with regulations form encapsulate, send to described uplink information encrypting module then.
Described uplink information encrypting module is responsible for uplink informations such as user's online registration of described user's input module reception, program ordering, authority application are encrypted, and generates the described data of uploading.
Beneficial effect of the present invention is; platform character and the business characteristic of IPTV have been taken into full account; utilize the good interactivity of IPTV, guarantee to have only authorized user just can watch program by methods such as authentication, rights management, secret key encryption protection, content-encrypt protections.User security terminal of the present invention has good autgmentability, can satisfy the business such as live, program request of IPTV, can protect the digital media content safety of IPTV effectively.
Description of drawings
Fig. 1 is an IPTV security terminal entire block diagram of the present invention;
Fig. 2 is the workflow diagram of user terminal authorized application;
Fig. 3 is the workflow diagram of user terminal broadcast program.
Description of reference numerals:
The 1-IPTV user security terminal; The 10-authentication module; The 101-ECC signature blocks; The 102-ECC authentication module; 11-authorization message deciphering module; 12-authorizes the storage and management module; 13-key storage and management module; The 14-cipher key decryption block; 15-content descrambling module; 16-uplink information encrypting module; The 17-decoder module; 18-user's input module; 2-serves front end; 3-authentication center.
Embodiment
Also in conjunction with the accompanying drawings the present invention is done further detailed description below by embodiment.
As shown in Figure 1, IPTV user security terminal 1 provided by the invention comprises authentication module 10, authorization message deciphering module 11, authorizes storage and management module 12, key storage and management module 13, cipher key decryption block 14, content descrambling module 15, uplink information encrypting module 16, decoder module 17 and user's input module 18.Wherein, authentication module 10 comprises ECC (Elliptic Curve Cryptosystems, elliptic curve cryptosystem) signature blocks 101 and ECC authentication module 102.
ECC authentication module 102 in the authentication module 10 is responsible for the mandate release information that receives is carried out authentication, ECC signature blocks 101 is responsible for uploading the signature of data, and the described data of uploading are user's registration, order or authority application information and user label after encrypting.
Authorization message deciphering module 11 is responsible for right object (RO, the Right Object) information data that receives is decrypted, and the key that decrypts send key storage and management module 13 to preserve, and the authority information that solves send authorizes storage and management module 12 to preserve.
Authorize storage and management module 12 to be responsible for the authority information that receives is resolved, carry out the function of rights management, comprise the validity of verifying authorization, control the use of the key that is used for decryption content etc. by authority information.Store the authority information of each program, and whether can consume, duplicate or forwarding etc. program according to authority content control.
Key storage and management module 13 cooperates the storage and management of authorizing storage and management module 12 to realize various keys, comprises the safe storage of guaranteeing key, and provides rational key memory address/space management and scheduling, key to inquire about/call functions such as management.
Cipher key decryption block 14 is responsible for content key is decrypted, if the authority of corresponding program in tolerance band, decrypted content keys then, and give content key the content descrambling module 15 descrambling programme contents.The content key of programme televised live is distributed in real time with program stream, earlier the program stream that receives is resolved the stream cipher of isolating content key, and deciphering obtains content key then, gives content descrambling module 15 content key again; The content key of request program is with the form distribution of right object (RO), and direct decrypted content keys also sends to content descrambling module 15.
Content descrambling module 15 is responsible for digital media contents that service front end 2 is provided, and promptly Chuan Shu program stream carries out descrambling, sends decoder module 17 broadcast of decoding then to.
User's input module 18 be responsible for uplink information (comprising related service solicited message and user labels such as user's registration, program ordering, authority application) in accordance with regulations form encapsulate, send to uplink information encrypting module 16 then.
Uplink informations such as the 16 responsible user's online registrations to 18 receptions of user's input module of uplink information encrypting module, program ordering, authority application are encrypted, and generate the described data of uploading.
Figure 2 shows that the groundwork flow process of IPTV user security terminal when the application right information:
Step 201:IPTV user security terminal 1 initial work.Before system works, at first to carry out initialization to user terminal, it is right that initial work comprises that user terminal 1 generates the ECC public and private key, to (the Certificate Authority of authentication center 3, CA) application service front end 2 public key certificate and download are kept in the key storage and management module 13, send the user side PKI and generate the user side public key certificate for the 2 download uses of service front end to authentication center 3 by authentication center 3, or the like.
Step 202: user's input module 18 with uplink information (comprising related service solicited message and user labels such as user's registration, program ordering, authority application) in accordance with regulations form encapsulate, send to uplink information encrypting module 16 then.
Step 203: 16 pairs of part private informations of uplink information encrypting module (user profile that needs protection) are encrypted, and the ECC signature blocks 101 that sends to authentication module 10 is then signed.
Step 204: the 101 pairs of uplink informations of ECC signature blocks by authentication module 10 are signed, and the application information behind encryption and signature sends to service front end 2.
Step 205: 2 couples of users' of service front end application information is carried out signature verification and is determined user identity, and the application information to the user is decrypted simultaneously, is the corresponding authorization message of legal users granting.Authorization message sends with the form of right object (RO), comprising the relevant key ciphertext of all kinds of business and right information etc.
Step 206: user terminal 1 at first by the identity of ECC authentication module 102 service for checking credentials front ends 2 systems, sends to authorization message deciphering module 11 by the right object RO that verifies after receiving right object RO.
Step 207: authorization message deciphering module 11 will receive right object RO and isolate authorization administration information and key information, and be decrypted respectively.Giving mandate storage and management module 12 with the authorization administration information after the deciphering handles and preserves.
Step 208: the key information after authorization message deciphering module 11 will be deciphered is given key memory management module 13 and is preserved.
IPTV user security terminal 1 just can be watched corresponding programme content at the right information that receives related service and after decrypting corresponding key in the scope of authority permission.
The program digital rights management information of user terminal is defined by right object RO, when user's choosing is broadcast program or opened program file, authorize storage and management module 12 to obtain the right information of this program according to the program identification CID (Content Identifier) that parses among the electronic program list guide EPG (ElectricProgram Guide)/key identification KID (Key Identifier).
Fig. 3 has provided the workflow diagram of IPTV user security terminal 1 at broadcast program, and the basic operation process of user's broadcast program is as follows:
Step 301: the user broadcasts program according to the EPG choosing.
Step 302: authorize storage and management module 12 to check whether this user has the right to consume selected program, promptly whether the CID/KID inquiry this locality according to program has had corresponding right information.If there has been right information, and meet broadcast authority requirement (related right information such as the term of validity, service time, access times), then execution in step 305; If the right information of this program (or right information lost efficacy) not in the user terminal, then execution in step 303.
Step 303: change service order/authority application program over to, the right information of this program is ordered or applied for to user security terminal 1 to serving front end 2, to obtain its consumption rights and decruption key thereof.
Step 304: authorize storage and management module 12 to check whether this user obtains the consumption rights of this program.As obtain then execution in step 305 of authority; As do not obtain then execution in step 308 of consumption rights.
Step 305:, simultaneously, authorize storage and management module 12 to write down or revise the relevant informations such as service time, access times of this program automatically, for judging its rights of using next time when program is broadcast in choosing by cipher key decryption block 14 decrypted content keys.
Step 306: give content descrambling module 15 with the content key that decrypts, carry out the content descrambling.
Step 307: by 17 pairs of program decodings of decoder module, broadcast program.
Step 308: the user judges whether to continue choosing and broadcasts program, broadcasts then execution in step 301 as continuing choosing; Broadcast program as no longer selecting, then finish.
The above description of this invention is illustrative, and nonrestrictive, and those skilled in the art is understood, and can carry out many modifications, variation or equivalence to it within spirit that claim limits and scope, but they will fall within the scope of protection of the present invention all.
Claims (6)
1. IPTV user security terminal, it is characterized in that this terminal comprises authentication module, authorization message deciphering module, authorizes storage and management module, key storage and management module, cipher key decryption block, content descrambling module, uplink information encrypting module, decoder module and user's input module; Described authentication module comprises elliptic curve cryptosystem signature blocks and elliptic curve cryptosystem authentication module;
Described elliptic curve cryptosystem authentication module is responsible for the mandate release information that receives is carried out authentication, and described elliptic curve cryptosystem signature blocks is responsible for the data of uploading are signed;
Described authorization message deciphering module is responsible for the right object information data that receives is decrypted, and the key that decrypts is delivered to described key storage and management module and preserved, and the authority information that solves is delivered to described mandate storage and management module and preserved;
Described mandate storage and management module is responsible for the authority information that receives is resolved, and carries out the function of rights management, stores the authority information of each program, and whether control can consume, duplicate or transmit program according to authority content;
Described key storage and management module cooperates described mandate storage and management module to realize the storage and management of key;
Described cipher key decryption block is responsible for content key is decrypted;
Described content descrambling module is responsible for the digital media content of service front end granting is carried out descrambling, sends the broadcast of decoding of described decoder module then to;
Described user's input module be responsible for uplink information in accordance with regulations form encapsulate, send to described uplink information encrypting module then;
Described uplink information encrypting module is responsible for described uplink information is encrypted, and generates the described data of uploading.
2. IPTV user security terminal as claimed in claim 1 is characterized in that, described key storage and management module is guaranteed the safe storage of key, and provides rational key memory address/space management and scheduling, key to inquire about/call management function.
3. IPTV user security terminal as claimed in claim 1 is characterized in that, the rights management function that described mandate storage and management module is carried out comprises the validity of verifying authorization, is used for the use of the key of decryption content by authority information control.
4. IPTV user security terminal as claimed in claim 1 is characterized in that, the information such as user's online registration, program ordering, authority application and user label that described uplink information receives for user's input module.
5. IPTV user security terminal as claimed in claim 1, it is characterized in that, it is right that the initial work of described terminal comprises that user terminal generates the elliptic curve cryptosystem public and private key, be kept in the described key storage and management module to authentication center's application service front end public key certificate and download, send the user side PKI and generate the user side public key certificate to authentication center and download use for the service front end by authentication center.
6. IPTV user security terminal as claimed in claim 1 is characterized in that, described mandate storage and management module is record or revise the service time of user's request program, the relevant information of access times automatically, judges rights of using when next time, program was broadcast in choosing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100854576A CN101895393A (en) | 2009-05-22 | 2009-05-22 | IPTV (Internet Protocol Television) user security terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100854576A CN101895393A (en) | 2009-05-22 | 2009-05-22 | IPTV (Internet Protocol Television) user security terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101895393A true CN101895393A (en) | 2010-11-24 |
Family
ID=43104472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100854576A Pending CN101895393A (en) | 2009-05-22 | 2009-05-22 | IPTV (Internet Protocol Television) user security terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101895393A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857821A (en) * | 2011-06-30 | 2013-01-02 | 航天信息股份有限公司 | IPTV (internet protocol television) security terminal |
| CN103974120A (en) * | 2013-02-04 | 2014-08-06 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105721893A (en) * | 2014-12-19 | 2016-06-29 | 北京鑫宇士力通信科技有限公司 | Interaction system and method based on IPTV |
| TWI695612B (en) * | 2019-04-12 | 2020-06-01 | 中華電信股份有限公司 | Internet protocol television (iptv) telephone authentication system and method thereof |
| CN113934997A (en) * | 2021-09-30 | 2022-01-14 | 湖北公众信息产业有限责任公司 | Intelligent data management method and system for ITV (integrated transaction television) service |
| CN113965346A (en) * | 2021-08-31 | 2022-01-21 | 微神马科技(大连)有限公司 | Design method for big data ecological unified security certification |
-
2009
- 2009-05-22 CN CN2009100854576A patent/CN101895393A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102857821A (en) * | 2011-06-30 | 2013-01-02 | 航天信息股份有限公司 | IPTV (internet protocol television) security terminal |
| CN103974120A (en) * | 2013-02-04 | 2014-08-06 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN103974120B (en) * | 2013-02-04 | 2018-11-09 | 联想(北京)有限公司 | A kind of method and electronic equipment of information processing |
| CN105721893A (en) * | 2014-12-19 | 2016-06-29 | 北京鑫宇士力通信科技有限公司 | Interaction system and method based on IPTV |
| TWI695612B (en) * | 2019-04-12 | 2020-06-01 | 中華電信股份有限公司 | Internet protocol television (iptv) telephone authentication system and method thereof |
| CN113965346A (en) * | 2021-08-31 | 2022-01-21 | 微神马科技(大连)有限公司 | Design method for big data ecological unified security certification |
| CN113934997A (en) * | 2021-09-30 | 2022-01-14 | 湖北公众信息产业有限责任公司 | Intelligent data management method and system for ITV (integrated transaction television) service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8761393B2 (en) | Method and apparatus for providing secure internet protocol media services | |
| CN100459697C (en) | IPTV system, enciphered digital programme issuing and watching method | |
| CN101076109B (en) | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it | |
| CN101902611B (en) | Method for realizing IPTV digital rights management | |
| US7383438B2 (en) | System and method for secure conditional access download and reconfiguration | |
| CN101938468B (en) | Digital content protecting system | |
| KR100936885B1 (en) | Method and apparatus for mutual authentification in downloadable conditional access system | |
| US8458459B2 (en) | Client device and local station with digital rights management and methods for use therewith | |
| US9277259B2 (en) | Method and apparatus for providing secure internet protocol media services | |
| US20040068659A1 (en) | Method for secure distribution of digital data representing a multimedia content | |
| US9330250B2 (en) | Authorization of media content transfer between home media server and client device | |
| JP2008547312A (en) | Multimedia access device registration system and method | |
| CN102356640A (en) | Delivering secure iptv services to PC platforms | |
| GB2489672A (en) | Authentication certificate distribution to set top boxes | |
| CN103444195A (en) | Content encryption | |
| CN101207794B (en) | Method for enciphering and deciphering number copyright management of IPTV system | |
| CN101895393A (en) | IPTV (Internet Protocol Television) user security terminal | |
| TWI477133B (en) | Methods for decrypting, transmitting and receiving control words, recording medium and control word server to implement these methods | |
| CN102340702B (en) | IPTV (Internet protocol television) network playing system and rights management and descrambling method based on USB (Universal serial bus) Key | |
| CN102625188B (en) | Method and system for displaying program | |
| CN101202883B (en) | System for numeral copyright management of IPTV system | |
| CN101521668B (en) | Method for authorizing multimedia broadcasting content | |
| CN102917252A (en) | IPTV (internet protocol television) program stream content protection system and method | |
| CN103546767A (en) | Content protection method and system of multimedia service | |
| CN102427559A (en) | Identity authentication method based on digital television set card separation technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101124 |