CN101924907A - Method for realizing condition receiving, terminal equipment and front end thereof - Google Patents
Method for realizing condition receiving, terminal equipment and front end thereof Download PDFInfo
- Publication number
- CN101924907A CN101924907A CN200910086610.7A CN200910086610A CN101924907A CN 101924907 A CN101924907 A CN 101924907A CN 200910086610 A CN200910086610 A CN 200910086610A CN 101924907 A CN101924907 A CN 101924907A
- Authority
- CN
- China
- Prior art keywords
- product
- terminal equipment
- message
- entitlement
- entitlement management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 239000000047 product Substances 0.000 claims abstract description 291
- 238000013475 authorization Methods 0.000 claims abstract description 87
- 239000006227 byproduct Substances 0.000 claims abstract description 13
- 238000001914 filtration Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 description 11
- 230000008859 change Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 230000015572 biosynthetic process Effects 0.000 description 3
- 238000012856 packing Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000005484 gravity Effects 0.000 description 2
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000013256 coordination polymer Substances 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention provides a method for realizing condition receiving, terminal equipment and a front end thereof. The method comprises the following steps: receiving authorization control information transmitted by the front end, wherein the authorization control information comprises product identification, control words encrypted by product keys and identification information of currently used product keys; decrypting the encrypted control words by using the pre-stored equipment key of the terminal equipment and the encrypted product key corresponding to the product identification if product authorization information corresponding to the product identification exists, wherein the product authorization information comprises the product identification and at least two encrypted product keys corresponding to the product identification; and descrambling a received program by using the control words. Through the embodiment of the invention, a condition receiving system can ensure security performance of the system on the non-intelligent card terminal equipment, not only saves cost, but also is convenient for use.
Description
Technical field
The present invention relates to digital television techniques, method, terminal equipment and front end that particularly a kind of realization condition receives.
Background technology
Condition receiving system CAS is meant and is used for controlling the system that the user receives broadcast service, realizes the paid service of broadcast system usually by empowerment management.
Conditional access system front-end is packaged into product to some channels, if packing back user orders this product, then need condition receiving system to authorize, this authorization message generally is issued to set-top box by Entitlement Management Message (EMM:Entitlement Management Message).
Condition receiving system (CAS) is meant the system that is used for controlling the paid receiving digital television broadcast service of user, its basic implementation is: at front end, broadcast data is carried out scrambling, and with scrambling control word (CW) encrypt back (CW ') together send terminal to this broadcast data, in terminal, by safety device, decipher scrambling control word after this encryption (CW ') as smart card and obtain this control word (CW), send this control word (CW) to terminal equipment then, as set-top box, reduce this broadcast data by this set-top box descrambling.
Wherein, the safety of this control word CW transmits and depends on product key, and the transmission of the safety of product key depends on user key, and user key is embedded in the smart card.The product key of encrypting sends to terminal equipment and imports smart card into by Entitlement Management Message (EMM:Entitlement Management Message) packet, and this smart card will be kept at the safety zone for use with this product key after will utilizing pre-buried user key to decipher this product key.
In the prior art, this smart card is key components that guarantee the cas system security performance, the inventor finds that the defective of prior art is in realizing process of the present invention: this smart card cost is higher relatively, and the user needs when watching digital program and will use in this smart card insertion machine top box, uses inconvenience; In addition, if this smart card and set-top box loose contact will influence the reception of program.
Summary of the invention
The method, terminal equipment and the condition receiving system that the object of the present invention is to provide a kind of realization condition to receive, this conditional receiving system terminal does not have card, the security performance by this condition receiving system of conditional receiving system terminal equipment assurance itself had only not only been saved cost but also easy to use.
The method that the embodiment of the invention provides a kind of realization condition to receive, this method comprises:
The control word that the Entitlement Control Message that receiving front-end sends, described Entitlement Control Message comprise product mark, encrypted by product key;
If there be the product authorization message corresponding with described product mark, described product authorization message comprises the product key of product mark and the encryption corresponding with described product mark, the product key that then utilizes the Device keys of the terminal equipment that prestores and encrypt is decrypted the control word of described encryption, to obtain control word;
The program that utilizes described control word descrambling to receive.
The embodiment of the invention provides a kind of terminal equipment, and this terminal equipment comprises:
The Entitlement Control Message receiving element is used for the Entitlement Control Message that receiving front-end sends, and described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
Authorize determining unit, be connected with described Entitlement Control Message receiving element, be used for after receiving described Entitlement Control Message, determine to have the product authorization message corresponding with described product mark, described product authorization message comprises the product key of product mark and the encryption corresponding with described product mark;
Safe arithmetic element, be connected with described mandate determining unit, when determining to have the product authorization message corresponding with described product mark, the product key of the Device keys of the terminal equipment that utilization prestores and encryption is decrypted the control word of described encryption, to obtain control word;
The descrambling unit is connected with described safe arithmetic element, is used to the program that utilizes described control word descrambling to receive.
The method that the embodiment of the invention provides a kind of realization condition to receive, this method comprises:
Generate Entitlement Control Message according to the program configuration information, described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
The described Entitlement Control Message that generates is sent to terminal equipment.
The embodiment of the invention provides a kind of conditional access system front-end, and this front end comprises:
The Entitlement Control Message generation unit is used for generating Entitlement Control Message according to the program configuration information, and described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
The Entitlement Control Message transmitting element is connected with described Entitlement Control Message generation unit, is used for described Entitlement Control Message is sent to terminal equipment.
The beneficial effect of embodiment of the present invention is that this conditional receiving system terminal does not have card, and the security performance by this condition receiving system of conditional receiving system terminal equipment assurance itself had only not only been saved cost but also easy to use.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the flow chart of the method that receives of the realization condition of the embodiment of the invention 1;
Fig. 2 is the front end workflow diagram that the realization condition of the embodiment of the invention 2 receives;
Fig. 3 is the EMM processing data packets process flow diagram of terminal equipment to receiving that the realization condition of the embodiment of the invention 2 receives;
Fig. 4 is the ECM processing data packets process flow diagram of terminal equipment to receiving that the realization condition of the embodiment of the invention 2 receives;
Fig. 5 is that the terminal equipment of the embodiment of the invention 3 constitutes schematic diagram;
Fig. 6 is that the terminal equipment of the embodiment of the invention 4 constitutes schematic diagram;
Fig. 7 is the formation schematic diagram of the condition receiving system of the embodiment of the invention 5;
Fig. 8 is that front end constitutes schematic diagram in the embodiment of the invention 5.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer,, the present invention is described in further details below in conjunction with execution mode and accompanying drawing.At this, exemplary embodiment of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
Embodiment 1
The method that the embodiment of the invention provides a kind of realization condition to receive, as shown in Figure 1, this method comprises:
In the present embodiment, front end can adopt different product keys to encrypt control word.Like this, when front end used a product key potential safety hazard to occur, front end also can use other product key, the fail safe that has improved condition receiving system.
In the present embodiment, when adopting product keys different more than to encrypt control word, also comprise the identification information of the needed presently used product key of decryption control words in this ECM packet, this identification information can be and indicates the position.
In step 102, can utilize product mark in terminal equipment, to search the product authorization message corresponding with product mark.Like this, the product key that this terminal equipment can utilize the Device keys DSK of the terminal equipment that prestores and the encryption corresponding with this identification information is decrypted the control word of this encryption, to obtain control word, can be in the following way: at first utilize the Device keys DSK that prestores in this terminal equipment that the product key of encrypting is decrypted, to obtain product key, wherein, this product key is the product key of this identification information correspondence.Then, the product key that utilization obtains is decrypted the control word of the encryption in this ECM packet, to obtain control word.
In the present embodiment, this Device keys DSK can write when this terminal equipment initialization, the pairing Device keys DSK of different terminal equipments difference is if different terminal equipments represents that with device identification (STBID) separately then this Device keys DSK is corresponding one by one with this device identification STBID.Can utilize this Device keys DSK security product key at front end, therefore, on this terminal equipment, utilize the Device keys DSK that prestores that the product key of encrypting is decrypted, to obtain this product key.
By the foregoing description as can be known, when this nothing card terminal equipment receives the ECM packet of front end transmission, can directly utilize the device identification of this terminal equipment and product authorization message that this ECM packet is handled, cost-saved like this, easy to use; In addition, by using a plurality of product keys, the fail safe that can improve system transmissions information.
Embodiment 2
The method that the embodiment of the invention provides a kind of realization condition to receive below is that example is elaborated with the condition receiving system that comprises front end and terminal equipment.
As shown in Figure 2, at front end:
In the present embodiment, can utilize this device identification of client-side editing (STBID) of front end and the corresponding relation between the Device keys DSK, and the corresponding relation between this device identification STBID and the Device keys DSK stored in the mode of file, but be not limited thereto mode, also can adopt existing any mode to store.
In the present embodiment, this Entitlement Management Message can be the EMM packet.This product key can be one or more, for example, adopts at least two product keys in the present embodiment, like this, when front end used a product key potential safety hazard to occur, front end also can use other product key, the fail safe that has improved condition receiving system.
This product authorization message except comprise product mark (ProductID) and with the product key of the corresponding encryption of this product mark, zero-time (StartDate) and expired time (EndDate), the operator that also can comprise authorizing product number (OperatorID), version information etc., but be not limited to above-mentioned information, also can comprise out of Memory as required.
In addition, generating the EMM packet can be in the following way: utilize the Device keys DSK that stores in the front-end stores unit that at least two product keys are encrypted, then product key, product mark, zero-time and the expired time of these at least two encryptions, device identification, operator's numbering and the version information of terminal equipment are packed, generate the EMM packet of this terminal equipment correspondence.
For example, the product key of this encryption is 2, can be referred to as strange product key (ProductKey_Odd ') and even product key (ProductKey_Even '), and this strange product key and even product key are encrypted by Device keys DSK.As shown in table 1, be the form of the EMM packet that generates.Wherein, this EMM packet can be referred to as authorization data packets, one or more products can be broken into a packet.
Table 1
| Grammer | Note |
| EMMData(){ | |
| STB_ID | Terminal Equipment Identifier |
| OperatorID | Operator's numbering |
| For(i=0;i<N;i++){ | |
| Product?ID | Product IDs |
| StartDate | Zero-time |
| EndDate | Expired time |
| ProductKey_Odd’ | Strange product key |
| ProductKey_Even’ | The idol product key |
| } | |
| ... | |
| } |
In the present embodiment, front end can send this EMM packet by communication module.
In addition, also can comprise at front end: front end is by reading program configuration information generation Entitlement Control Message and this Entitlement Control Message being sent to this terminal equipment.This step can be carried out before or after above-mentioned each step, and is unrestricted.
In the present embodiment, this Entitlement Control Message is the ECM packet.The control word that this ECM packet comprises product mark (ProductID), encrypted by product key and the identification information of presently used product key.
In addition, this ECM packet also can comprise operator's numbering information such as (OperatorID), can determine according to actual conditions.
In the present embodiment, use strange product key (ProductKey_Odd ') or even product key (ProductKey_Even ') to encrypt control word as front end, generating this ECM packet can be in the following way: strange product key of front end utilization (ProductKey_Odd ') or even product key (ProductKey_Even ') are encrypted the control word of the scrambled program that produces, with identification information and operator's numbering packing of the control word of encrypting, the product mark of program correspondence, presently used product key, generate this ECM packet then.
For example, the control word of this encryption is encrypted by strange product key (ProductKey_Odd ').Wherein, the control word of being encrypted by strange product key (ProductKey_Odd ') is called the strange control word (CW_Odd ') of encryption, is called the even control word (CW_Even ') of encryption by even product key (the ProductKey_Even ') control word of encrypting.As shown in table 2, be the form of ECM packet.
Table 2
| Grammer | Note |
| ECM_Data(){ | |
| OddFlag | Represent that strange key still is the sign position of even key |
| ProductID | Program products ID |
| OperatorID | Operator's numbering |
| ... | |
| CW_Odd’ | The strange CW that encrypts |
| ... | |
| } |
As shown in table 2, the identification information of this current employed product key is for indicating the position, i.e. the product key that expression is in the present embodiment used is strange product key or even product key.For example, Flag represented that the product key of current use was strange product key at 0 o'clock, and Flag is that the product key of representing current use at 1 o'clock is even product key, and vice versa.Therefore, if when any hidden danger appears in the even product key of current use, front end can use another strange product key to encrypt CW at next CP in the cycle, thereby generates a new ECM packet, and generative process as mentioned above.In the present embodiment, for the even product key that potential safety hazard occurs, front end then can regenerate a new key and replace old even product key, and can be along with the generation of new key, regenerate new EMM packet and be issued to terminal, can guarantee like this when potential safety hazard appears in some product keys, continue to watch under the prerequisite of program not influencing terminal equipment that front end has been realized the process of seamless replacing key and the fail safe that improves message transmission.
At terminal equipment:
As shown in Figure 3, when terminal equipment receives the EMM packet of front end transmission, can adopt the following step to handle:
Step 301, the EMM packet that the terminal equipment receiving front-end sends.
In the present embodiment, for example, this product authorization message can comprise information as shown in table 1, as the device identification (STBID) of terminal equipment, operator numbering (OperatorID), product mark (ProductID), zero-time (StartDate), expired time (EndDate), strange product key (ProductKey_Odd ') and even product key (ProductKey_Even '), version information (not shown in the table 1).
Step 302, the EMM packet according to this terminal equipment under the device identification STBID of storage filters out in advance in this terminal equipment in addition, also can adopt existing additive method to filter the EMM packet of affiliated this terminal equipment.
Step 303 judges whether to receive this EMM packet, if received that then execution in step 307; Otherwise execution in step 304.
In the present embodiment, can judge whether to receive this EMM packet according to the version information of this EMM packet, if the version information of terminal storage EMM packet is consistent with the EMM packet that this receives, then explanation had received this EMM packet, otherwise for not receiving this EMM packet.
Step 304 in step 303, if never received this EMM packet, judges further then whether this EMM packet is effective.
In the present embodiment, can judge whether this EMM packet is effective according to time started in this EMM packet and expired time.Concrete mode is as follows:
Whether judge expired time in the EMM packet receive greater than the time started, if judged result be this expired time greater than the time started, then definite this EMM packet is effective, when definite this this EMM packet is effective, but execution in step 305.
If judged result be this expired time less than the time started, then definite this EMM packet is invalid, at this moment, but execution in step 308.
Step 305 in step 304, if determine that this EMM packet is effective, then can be obtained the product authorization message in this EMM packet.
Step 306 stores this product authorization message.
Step 307 in step 303, received this EMM packet when, then abandoned this EMM packet.
Step 308, in step 304, when if this EMM packet is invalid, be that expired time is before the time started, then can be with this EMM packet as anti-authorization data packets, in the present embodiment, when receiving invalid EMM packet, if the product authorization message of this product mark correspondence has been stored in the terminal equipment, then the product authorization message that is stored in the terminal equipment can be removed.
By the foregoing description as can be known, this terminal equipment is handled the back to affiliated EMM packet and is obtained the product authorization message, and the product authorization message is stored.Like this, when this terminal equipment receives corresponding ECM packet, can utilize the Device keys of this product authorization message and this terminal equipment that this ECM packet is handled, finally obtain control word.
As shown in Figure 4, when terminal equipment received the ECM packet of front end transmission, as shown in table 2, this control word was encrypted by strange product key, can adopt the following step to handle:
In the present embodiment, the flag bit of strange control word that this ECM packet comprises product mark (ProductID), encrypted by strange product key (ProductKey_Odd ') (CW_Odd ') and presently used product key, Flag is O as this flag bit, and the product key of representing current use is strange product key.
Step 402 determines that this ECM packet is not for adopting the packet of smartcard types.
In the present embodiment, if being handed down to the ECM packet of terminal equipment, front end both comprised the ECM packet that this does not adopt smart card, comprise the packet that other uses smart card again, then terminal equipment is after receiving this ECM packet, need judge the type of this ECM packet, thereby carry out different processing procedures according to different types.
In the present embodiment, can adopt descriptor to identify the type of this ECM packet, like this, this terminal equipment adopts and does not use the mode of smart card that this ECM packet is handled; Use the mode of smart card that this ECM packet is handled otherwise adopt, this processing mode can adopt existing any-mode, repeats no more herein.
In the present embodiment, can search in terminal equipment whether the product of this product mark correspondence authorization message is arranged according to this product mark, as the strange product key of encrypting, the information such as even product key, time started and expired time of encryption, if find, then there is the product authorization message of this product mark correspondence in explanation, otherwise explanation does not exist.
In the present embodiment, can be in the following way: utilize this Device keys DSK that the strange product key of the encryption of current use (ProductKey_Odd ') is decrypted, to obtain this strange product key; Utilize this strange product key (ProductKey_Odd ') that the strange control word of this encryption (CW_Odd ') is decrypted then, to obtain this control word (CW).
Step 405 is utilized this control word that the program stream of scrambling is carried out descrambling, and can be play the program behind the descrambling, so that the user can watch this program.
In addition, front end also can use strange product key (ProductKey_Odd ') and even product key (ProductKey_Even ') to encrypt control word, generating this ECM packet can be in the following way: strange product key of front end utilization (ProductKey_Odd ') and even product key (ProductKey_Even ') are encrypted the control word of the scrambled program that produces, the identification information of two control words will encrypting then, the product mark of program correspondence, presently used product key and operator's numbering packing generate this ECM packet.Like this, after receiving, terminal finds corresponding product key deciphering control corresponding word, to obtain this control word according to identification information.
In addition, at front end:
Front end also can utilize the device identification STBID of terminal equipment to send displaying information on screen (OSD) or mail terminal equipment application data bags such as (Email) for the addressing element to terminal equipment.This application data bag also can be the EMM packet, can comprise device identification, displaying information on screen or e-mail messages, in addition, also can comprise the type specification symbol, represents that this packet belongs to OSD or belongs to Email.
At terminal equipment:
The EMM packet that the terminal equipment receiving front-end sends, type specification symbol judgement according to this EMM packet belongs to displaying information on screen (OSD) or mail (Email), the displaying information on screen or the mail of terminal equipment under then can filtering out according to this Terminal Equipment Identifier, if this terminal equipment do not receive this displaying information on screen (OSD), then this displaying information on screen (OSD) is resolved and show.If this terminal equipment do not receive this mail (Email), then this mail is resolved and show by certain sortord.If this terminal equipment was received displaying information on screen (OSD) or mail (Email), then abandon this information and no longer repeat to receive.
From the above, but the ECM packet that this terminal equipment receiving front-end sends, and utilize the product authorization message of device identification and the encryption of acquisition in advance that this ECM packet is handled, to obtain control word, thereby utilize this control word that program stream is carried out descrambling, so that the user watches the program behind the descrambling.Therefore, this terminal equipment does not need to use smart card to handle EMM packet and ECM packet that front end sends, not only saves equipment cost but also be user-friendly to.
In addition, the product key of this encryption is 1 when above, if when potential safety hazard appears in the product key of the encryption of current use, can in time change the other products key and encrypt CW, and change the beacon information of product key in the ECM bag simultaneously.Therefore, terminal equipment can remove to seek the product key that this encrypts the CW use according to the variation of product key beacon information after receiving the ECM bag that changes product key.In addition, for the product key that potential safety hazard occurs itself, front end can be changed the operation of key, and front end generates the old key that a new product key replaces having potential safety hazard.Simultaneously, front end resends changes authorization message new behind the product key to terminal equipment, both can guarantee that terminal equipment can seamlessly watch program when the change product key, but guarantee information safety of transmission again.
Embodiment 3
The embodiment of the invention provides a kind of terminal equipment, and as shown in Figure 5, this terminal equipment comprises Entitlement Control Message receiving element 501, authorizes determining unit 502, safe arithmetic element 503 and descrambling unit 504; Wherein,
Entitlement Control Message receiving element 501 is used for the Entitlement Control Message that receiving front-end sends, and this Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
Authorize determining unit 502 to be connected with Entitlement Control Message receiving element 501, be used for after receiving Entitlement Control Message, determine to have the product authorization message corresponding with this product mark, this product authorization message comprises the product key of the encryption corresponding with this product mark;
Safe arithmetic element 503 is connected with authorizing determining unit 502, when determining to have the product authorization message corresponding with product mark, the product key of the Device keys of the terminal equipment that utilization prestores and encryption is decrypted the control word of this encryption, to obtain control word;
Descrambling unit 504 is connected with safe arithmetic element 503, is used to the program that utilizes this control word descrambling to receive.
In the present embodiment, front end can adopt different product keys to encrypt control word.When adopting different product keys to encrypt control word, Entitlement Control Message also comprises the identification information of presently used product key; And the product key of the encryption of the product mark correspondence of product authorization message is more than one.
Like this, the product key of the Device keys of the terminal equipment that safe arithmetic element 503 utilizations prestore and the encryption corresponding with this identification information is decrypted the control word of encrypting, to obtain control word.
In the present embodiment, authorize determining unit 502 can utilize product mark in terminal equipment, to search the product authorization message corresponding with product mark, make safe computing unit 503 can utilize the Device keys DSK of the terminal equipment that prestores, and the product key of the encryption corresponding with this identification information is decrypted the control word of this encryption, to obtain control word, can be in the following way: at first utilize the Device keys DSK that prestores in this terminal equipment that the product key of encrypting is decrypted, to obtain product key, wherein, this product key is the product key of this identification information correspondence.Then, the product key that utilization obtains is decrypted the control word of the encryption in this ECM packet, to obtain control word.
In the present embodiment, this Device keys DSK can write when this terminal equipment initialization, the pairing Device keys DSK of different terminal equipments difference is if different terminal equipments represents that with device identification (STBID) separately then this Device keys DSK is corresponding one by one with this device identification STBID.Can utilize this Device keys DSK security product key at front end, therefore, on this terminal equipment, utilize the Device keys DSK that prestores that the product key of encrypting is decrypted, to obtain this product key.
By the foregoing description as can be known, when this nothing card terminal equipment receives the ECM packet of front end transmission, can directly utilize the device identification of this terminal equipment and product authorization message that this ECM packet is handled, do not need to use intelligent card in processing, like this, cost-saved, easy to use; In addition, by using a plurality of product keys, the fail safe that can improve system transmissions information.
Embodiment 4
The embodiment of the invention provides a kind of terminal equipment, and as shown in Figure 6, this terminal equipment comprises Entitlement Control Message receiving element 501, authorizes determining unit 502, safe arithmetic element 503 and descrambling unit 504, and its effect is similar to Example 3, repeats no more herein.
In the present embodiment, this terminal equipment also can comprise the display unit (not shown), is used to show the program behind the descrambling.
As shown in Figure 6, this terminal equipment also comprises Entitlement Management Message receiving element 601, information filtering unit 602 and information analysis unit 603; Wherein,
Entitlement Management Message receiving element 601 is used for the Entitlement Management Message that receiving front-end sends, and this Entitlement Management Message comprises the device identification and the product authorization message of terminal equipment;
In the present embodiment, this Entitlement Management Message can be the EMM packet.For example, when product key is 2, this product authorization message can comprise information as shown in table 1, as the device identification (STBID) of terminal equipment, operator numbering (OperatorID), product mark (ProductID), zero-time (StartDate), expired time (EndDate), strange product key (ProductKey_Odd ') and even product key (ProductKey_Even '), version information (not shown in the table 1).
Information filtering unit 602 is connected with Entitlement Management Message receiving element 601, is used for filtering out according to this device identification the Entitlement Management Message of affiliated terminal equipment;
Information analysis unit 603 is connected with information filtering unit 602, is used for this Entitlement Management Message is resolved, to obtain this product authorization message.
As shown in Figure 6, this terminal equipment also comprises authorization message memory cell 604 and Device keys memory cell 605; Wherein, authorization message memory cell 604 is connected with safe arithmetic element 503 with authorizing determining unit 502, is used to store the product authorization message of acquisition; Device keys memory cell 605 is connected with safe arithmetic element 503, is used to store this terminal equipment corresponding equipment key DSK.Like this, this safe arithmetic element 503 can be handled the ECM packet according to Device keys DSK that prestores and product authorization message, to obtain control word.
In the present embodiment, if after filter element 602 filtered out the EMM packet of affiliated terminal equipment, this terminal equipment also can be judged the validity of this EMM packet earlier.Therefore, as shown in Figure 6, this terminal equipment also can comprise validity determining unit 606, is connected with information filtering unit 602, is used for determining whether this Entitlement Management Message is effective after the Entitlement Management Message of terminal equipment under information filtering unit 602 filters out; Wherein, the mode of determining validity repeats no more as described in the embodiment 2 herein.
If this validity determining unit 606 determines that this Entitlement Management Message is effective, then resolve this Entitlement Management Message when this Entitlement Management Message is effective information analysis unit 603, to obtain this product authorization message.
If this validity determining unit 606 determines that this Entitlement Management Message is invalid, can think that this Entitlement Management Message is anti-authorization data packets, can remove the product authorization message that authorization message memory cell 605 has been deposited like this.Like this, as shown in Figure 6, this terminal equipment also comprises erasing of information unit 607, is connected with this validity determining unit 606, is used for removing already present this product authorization message when definite this Entitlement Management Message is invalid.
In the present embodiment, this Entitlement Management Message also can comprise version information, and like this, this terminal equipment also comprises determining unit and information acquisition unit (not shown); Wherein,
This determining unit can be connected with information filtering unit 602, is used to determine whether received this EMM packet.
Information acquisition unit is connected with this determining unit, is used for obtaining the product authorization message in this EMM packet when determining not receive this EMM.
In addition, this terminal equipment also can comprise application message receiving element, application message filter element and application message processing unit (not shown); Wherein, this application message receiving element is used for displaying information on screen or the mail that receiving front-end sends, and this displaying information on screen or mail comprise Terminal Equipment Identifier; This application message filter element is connected with receiving element, is used for filtering out according to this Terminal Equipment Identifier the displaying information on screen or the mail of affiliated terminal equipment; This application message processing unit is connected with this filter element, is used for when this terminal equipment was not received this displaying information on screen or mail, and this displaying information on screen or mail are resolved and shown.
From the above, but the ECM packet that this terminal equipment receiving front-end sends, and utilize the product authorization message of device identification and the encryption of acquisition in advance that this ECM packet is handled, to obtain control word, thereby utilize this control word that program stream is carried out descrambling, so that the user watches the program behind the descrambling.Therefore, this terminal equipment does not need to use smart card to handle EMM packet and ECM packet that front end sends, not only saves equipment cost but also be user-friendly to.The processing procedure of this terminal equipment is similar to Example 2, repeats no more herein.
In addition, the product key of this encryption is more than 1, like this, if mistake appears in the product key of the encryption of current use, then can in time use the product key of the product key of other encryption, in addition as current use, can change for wrong product key occurring, change the back gravity treatment and send new authorization message, both can guarantee that the mandate of terminal equipment was unaffected to terminal equipment, but guarantee information safety of transmission again.
Embodiment 5
The embodiment of the invention provides a kind of condition receiving system, and as shown in Figure 7, this condition receiving system comprises front end 701 and terminal equipment 702.
As shown in Figure 8, this front end 701 comprises Entitlement Control Message generation unit 801 and Entitlement Control Message transmitting element 802, this Entitlement Control Message generation unit 801 is used for generating Entitlement Control Message according to the program configuration information, this Entitlement Control Message transmitting element 802 is connected with Entitlement Control Message generation unit 801, be used for this Entitlement Control Message is sent to terminal equipment the control word that this Entitlement Control Message comprises product mark, encrypted by product key.
In the present embodiment, as shown in Figure 8, this front end 701 also can comprise:
Entitlement Management Message generation unit 803, this Entitlement Management Message generation unit 803 is used for asking to generate Entitlement Management Message according to the user, and this Entitlement Management Message comprises the device identification and the product authorization message of terminal equipment;
Entitlement Management Message transmitting element 804 is connected with this Entitlement Management Message generation unit 803, is used for this Entitlement Management Message is sent to terminal equipment.
In addition, this front end also comprises the memory cell (not shown), is used to store the device identification and the corresponding apparatus key DSK of terminal equipment.
In the above-described embodiments, the mode that generates Entitlement Management Message and Entitlement Control Message repeats no more as described in the embodiment 2 herein.
As shown in Figure 8, this front end also can comprise:
Application message generation unit 805 is used to generate displaying information on screen or mail;
Application message transmitting element 806 is connected with application message generation unit 805, and the displaying information on screen or the mail that are used for generating send to terminal equipment.
The formation of this terminal equipment 702 and effect repeat no more as described in the embodiment 4 herein.
In the present embodiment, the Entitlement Control Message transmitting element 802 in the front end, Entitlement Management Message transmitting element 803 and information transmitting unit 806 can adopt same transmitting element to realize.
By the foregoing description as can be known, this conditional access system front-end generates EMM packet and ECM packet, and this EMM packet and ECM packet are issued to terminal equipment.
In the present embodiment, this formation of not having a card terminal equipment repeats no more as described in the embodiment 3,4 herein.
This terminal equipment need not smart card and can utilize the product authorization message of device identification and the encryption of acquisition in advance that this ECM packet is handled, to obtain control word, thereby utilize this control word that program stream is carried out descrambling, so that the user watches the program behind the descrambling.Therefore, this terminal equipment does not need to use smart card to handle EMM packet and ECM packet that front end sends, not only saves equipment cost but also be user-friendly to.The processing procedure of this terminal equipment is similar to Example 2, repeats no more herein.
In addition, the product key of this encryption is more than 1, like this, if when potential safety hazard appears in the product key of the encryption of current use, then can in time use the product key of the product key of other encryption, in addition as current use, can change for the product key that potential safety hazard occurs, change the back gravity treatment and send new authorization message, both can guarantee that the mandate of terminal equipment was unaffected to terminal equipment, but guarantee information safety of transmission again.
Above-described embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is the specific embodiment of the present invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (25)
1. the method that receives of a realization condition is characterized in that described method comprises:
There is not the Entitlement Control Message that card terminal equipment receiving front-end sends, the control word that described Entitlement Control Message comprises product mark, encrypted by product key;
If there be the product authorization message corresponding with described product mark, described product authorization message comprises the product key of product mark and the encryption corresponding with described product mark, the product key that then utilizes the Device keys of the terminal equipment prestore and encryption is decrypted the control word of described encryption, to obtain control word;
The program that utilizes described control word descrambling to receive.
2. method according to claim 1 is characterized in that, when front end adopted different product keys to encrypt control word, described Entitlement Control Message also comprised the identification information of presently used product key;
The product key of the encryption of the described product mark correspondence of described product authorization message is more than one;
And the Device keys of the terminal equipment that utilization prestores and the product key of encryption are decrypted the control word of described encryption, comprising:
The product key of the Device keys of the terminal equipment that utilization prestores and the encryption corresponding with described identification information is decrypted the control word of described encryption, to obtain control word.
3. method according to claim 1 is characterized in that, the Device keys of the terminal equipment that described utilization prestores and the product key of encryption are decrypted the control word of described encryption, to obtain control word, comprising:
Utilize described Device keys that the product key of described encryption is decrypted, to obtain described product key;
Utilize described product key that the control word of described encryption is decrypted, to obtain described control word.
4. method according to claim 1 is characterized in that, described method also comprises:
The Entitlement Management Message that receiving front-end sends, described Entitlement Management Message comprises the device identification and the product authorization message of terminal equipment;
The Entitlement Management Message that filters out affiliated terminal equipment according to described device identification is resolved described Entitlement Management Message, to obtain described product authorization message.
5. method according to claim 4 is characterized in that, after the Entitlement Management Message of terminal equipment, described method also comprises under filtering out according to described device identification:
Determine whether described Entitlement Management Message is effective;
If described Entitlement Management Message is effective, then triggers described Entitlement Management Message is resolved, to obtain described product authorization message.
6. method according to claim 5 is characterized in that, described product authorization message also comprises the time started and the expired time of the product of described product mark correspondence, and described definite Entitlement Management Message is effective, comprising:
If the expired time in the described product authorization message that obtains, determines then that described product authorization message is effective greater than the time started;
If the expired time in the described product authorization message that obtains, determines then that described product authorization message is invalid less than the time started;
If determine that described authorization message is invalid, and the product authorization message of described product mark correspondence exists, then removes already present product authorization message in the terminal equipment.
7. method according to claim 4 is characterized in that, after the Entitlement Management Message of terminal equipment, described method also comprises under filtering out according to described device identification:
If described no card terminal equipment did not receive described Entitlement Management Message, then store the product authorization message that comprises in the described Entitlement Management Message.
8. method according to claim 1 is characterized in that, described method also comprises:
Displaying information on screen or mail that receiving front-end sends, described displaying information on screen or mail comprise Terminal Equipment Identifier;
Filter out the displaying information on screen or the mail of affiliated terminal equipment according to described Terminal Equipment Identifier;
If described terminal equipment do not receive described displaying information on screen or mail, then described displaying information on screen or mail are resolved and show.
9. a terminal equipment is characterized in that, described terminal equipment comprises:
The Entitlement Control Message receiving element is used for the Entitlement Control Message that receiving front-end sends, the control word that described Entitlement Control Message comprises product mark, encrypted by product key;
Authorize determining unit, be connected with described Entitlement Control Message receiving element, be used for after receiving described Entitlement Control Message, determine to have the product authorization message corresponding with described product mark, described product authorization message comprises the product key of product mark and encryption;
Safe arithmetic element, be connected with described mandate determining unit, when determining to have the product authorization message corresponding with described product mark, the Device keys of the terminal equipment that utilization prestores and the product key of encryption are decrypted the control word of described encryption, to obtain control word;
The descrambling unit is connected with described safe arithmetic element, is used to the program that utilizes described control word descrambling to receive.
10. terminal equipment according to claim 9 is characterized in that, when front end adopted different product keys to encrypt control word, described Entitlement Control Message also comprised the identification information of presently used product key;
The product key of the encryption of the described product mark correspondence of described product authorization message is more than one;
The product key of the Device keys of the terminal equipment that described safe arithmetic element utilization prestores and the encryption corresponding with described identification information is decrypted the control word of described encryption, to obtain control word.
11. terminal equipment according to claim 9 is characterized in that, described terminal equipment also comprises:
The Entitlement Management Message receiving element is used for the Entitlement Management Message that receiving front-end sends, and described Entitlement Management Message comprises the device identification and the product authorization message of terminal equipment;
The information analysis unit is used for described Entitlement Management Message is resolved, to obtain described product authorization message.
12. terminal equipment according to claim 11 is characterized in that, described terminal equipment also comprises:
The authorization message memory cell is connected with described mandate determining unit, is used to store described product authorization message;
The Device keys memory cell is connected with described safe arithmetic element, is used to store described terminal equipment corresponding equipment key.
13. terminal equipment according to claim 11 is characterized in that, described terminal equipment also comprises:
The validity determining unit is connected with described Entitlement Management Message receiving element, is used for after described Entitlement Management Message receiving element receives Entitlement Management Message, determines whether described Entitlement Management Message is effective;
Resolve described Entitlement Management Message when described Entitlement Management Message is effective then described information analysis unit, to obtain described product authorization message.
14. terminal equipment according to claim 13 is characterized in that, described terminal equipment also comprises:
The erasing of information unit is connected with described validity determining unit, is used for when definite described Entitlement Management Message is invalid, removes already present described product authorization message in the terminal equipment.
15. terminal equipment according to claim 11 is characterized in that, described terminal equipment also comprises:
Determining unit is connected with described Entitlement Management Message receiving element, is used to determine whether received described Entitlement Management Message;
Information acquisition unit is connected with described determining unit, is used for obtaining the product authorization message in the described Entitlement Management Message when determining not receive described Entitlement Management Message.
16. terminal equipment according to claim 9 is characterized in that, described terminal equipment also comprises:
The application message receiving element is used for displaying information on screen or mail that receiving front-end sends, and described displaying information on screen or mail comprise Terminal Equipment Identifier;
The application message processing unit was used for when described terminal equipment was not received described displaying information on screen or mail, and described displaying information on screen or mail are resolved and shown.
17. the method that realization condition receives is characterized in that described method comprises:
Generate Entitlement Control Message according to the program configuration information, described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
The described Entitlement Control Message that generates is sent to terminal equipment.
18. method according to claim 17 is characterized in that, described Entitlement Control Message also comprises the identification information of presently used product key.
19. method according to claim 17 is characterized in that, described method also comprises:
Ask to generate Entitlement Management Message according to the user, described Entitlement Management Message comprises the device identification and the product authorization message of terminal equipment;
Described Entitlement Management Message is sent to terminal equipment.
20. method according to claim 17 is characterized in that, described method also comprises:
Generate displaying information on screen or mail;
The described displaying information on screen or the mail that generate are sent to described terminal equipment.
21. a conditional access system front-end is characterized in that, described front end comprises:
The Entitlement Control Message generation unit is used for generating Entitlement Control Message according to the program configuration information, and described Entitlement Control Message comprises product mark and the control word of being encrypted by product key;
The Entitlement Control Message transmitting element is connected with described Entitlement Control Message generation unit, is used for described Entitlement Control Message is sent to terminal equipment.
22. front end according to claim 21 is characterized in that, described Entitlement Control Message also comprises the identification information of presently used product key.
23. front end according to claim 21 is characterized in that, described front end also comprises:
The Entitlement Management Message generation unit, described Entitlement Management Message generation unit is used for asking to generate Entitlement Management Message according to the user, and described Entitlement Management Message comprises the device identification and the product authorization message of terminal equipment; Described product authorization message comprises product mark and the product key of being encrypted by Device keys;
The Entitlement Management Message transmitting element is connected with described Entitlement Management Message generation unit, is used for described Entitlement Management Message is sent to terminal equipment.
24. front end according to claim 21 is characterized in that, described front end also comprises:
The application message generation unit is used to generate displaying information on screen or mail;
The application message transmitting element is connected with described information generating unit, and the described displaying information on screen or the mail that are used for generating send to described terminal equipment.
25. front end according to claim 23 is characterized in that, described front end also comprises memory cell, is connected with described Entitlement Management Message generation unit, is used to store the device identification and the corresponding product key of terminal equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910086610.7A CN101924907B (en) | 2009-06-12 | 2009-06-12 | Method for realizing condition receiving, terminal equipment and front end thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910086610.7A CN101924907B (en) | 2009-06-12 | 2009-06-12 | Method for realizing condition receiving, terminal equipment and front end thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101924907A true CN101924907A (en) | 2010-12-22 |
| CN101924907B CN101924907B (en) | 2013-08-28 |
Family
ID=43339508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910086610.7A Active CN101924907B (en) | 2009-06-12 | 2009-06-12 | Method for realizing condition receiving, terminal equipment and front end thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101924907B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140344850A1 (en) * | 2011-10-28 | 2014-11-20 | Irdeto B.V. | Constructing a transport stream |
| CN104202621A (en) * | 2014-09-11 | 2014-12-10 | 北京视博数字电视科技有限公司 | System and method for operation of digital television subscriber management system |
| CN104853242A (en) * | 2015-05-13 | 2015-08-19 | 青岛海信电器股份有限公司 | Descrambling method and apparatus of digital television set |
| CN105916031A (en) * | 2016-05-09 | 2016-08-31 | 青岛海信宽带多媒体技术有限公司 | Entitlement management message processing method and device |
| CN106488321A (en) * | 2016-12-22 | 2017-03-08 | 深圳Tcl数字技术有限公司 | TV decryption method and system |
| CN106803980A (en) * | 2017-02-28 | 2017-06-06 | 国家新闻出版广电总局广播科学研究院 | The guard method of encrypted control word, hardware security module, master chip and terminal |
| WO2019062305A1 (en) * | 2017-09-30 | 2019-04-04 | 深圳市九洲电器有限公司 | Set-top box cardless condition receiving system production method and system |
| CN114286141A (en) * | 2022-03-01 | 2022-04-05 | 深圳佳力拓科技有限公司 | Method for realizing card-free condition receiving and set top box |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009553A (en) * | 2006-12-30 | 2007-08-01 | 中兴通讯股份有限公司 | Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system |
| CN101212642A (en) * | 2006-12-25 | 2008-07-02 | 北京握奇数据系统有限公司 | Broadcast signal processing method, system, and receiver |
| CN101217358A (en) * | 2007-01-05 | 2008-07-09 | 中国移动通信集团公司 | An activation method of digital broadcast service system and digital broadcast service |
| CN101286994A (en) * | 2008-05-19 | 2008-10-15 | 北京大学 | Digital literary property management method, server and system for content sharing within multiple devices |
-
2009
- 2009-06-12 CN CN200910086610.7A patent/CN101924907B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212642A (en) * | 2006-12-25 | 2008-07-02 | 北京握奇数据系统有限公司 | Broadcast signal processing method, system, and receiver |
| CN101009553A (en) * | 2006-12-30 | 2007-08-01 | 中兴通讯股份有限公司 | Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system |
| CN101217358A (en) * | 2007-01-05 | 2008-07-09 | 中国移动通信集团公司 | An activation method of digital broadcast service system and digital broadcast service |
| CN101286994A (en) * | 2008-05-19 | 2008-10-15 | 北京大学 | Digital literary property management method, server and system for content sharing within multiple devices |
Non-Patent Citations (1)
| Title |
|---|
| 梁龙飞: "数字电视广播系统的条件接收及传输流复用技术的研究", 《工学博士学位论文》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140344850A1 (en) * | 2011-10-28 | 2014-11-20 | Irdeto B.V. | Constructing a transport stream |
| US11025977B2 (en) * | 2011-10-28 | 2021-06-01 | Irdeto B.V. | Constructing a transport stream |
| CN104202621B (en) * | 2014-09-11 | 2017-12-26 | 北京视博数字电视科技有限公司 | A kind of method and system of digital TV subscriber management system operation |
| CN104202621A (en) * | 2014-09-11 | 2014-12-10 | 北京视博数字电视科技有限公司 | System and method for operation of digital television subscriber management system |
| CN104853242A (en) * | 2015-05-13 | 2015-08-19 | 青岛海信电器股份有限公司 | Descrambling method and apparatus of digital television set |
| CN105916031A (en) * | 2016-05-09 | 2016-08-31 | 青岛海信宽带多媒体技术有限公司 | Entitlement management message processing method and device |
| CN105916031B (en) * | 2016-05-09 | 2020-03-10 | 青岛海信宽带多媒体技术有限公司 | Method and device for processing authorization management information |
| CN106488321B (en) * | 2016-12-22 | 2020-03-17 | 深圳Tcl数字技术有限公司 | Television decryption method and system |
| CN106488321A (en) * | 2016-12-22 | 2017-03-08 | 深圳Tcl数字技术有限公司 | TV decryption method and system |
| CN106803980A (en) * | 2017-02-28 | 2017-06-06 | 国家新闻出版广电总局广播科学研究院 | The guard method of encrypted control word, hardware security module, master chip and terminal |
| WO2018157724A1 (en) * | 2017-02-28 | 2018-09-07 | 国家新闻出版广电总局广播科学研究院 | Method for protecting encrypted control word, hardware security module, main chip and terminal |
| US11308242B2 (en) | 2017-02-28 | 2022-04-19 | Academy Of Broadcasting Science, Nrta | Method for protecting encrypted control word, hardware security module, main chip and terminal |
| WO2019062305A1 (en) * | 2017-09-30 | 2019-04-04 | 深圳市九洲电器有限公司 | Set-top box cardless condition receiving system production method and system |
| CN114286141A (en) * | 2022-03-01 | 2022-04-05 | 深圳佳力拓科技有限公司 | Method for realizing card-free condition receiving and set top box |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101924907B (en) | 2013-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101924907B (en) | Method for realizing condition receiving, terminal equipment and front end thereof | |
| EP0148235B1 (en) | Encrypted broadcast television system | |
| JP3965126B2 (en) | Playback device for playing content | |
| US20040083364A1 (en) | Method of secure transmission of digital data from a source to a receiver | |
| US8996870B2 (en) | Method for protecting a recorded multimedia content | |
| CN101018320A (en) | A digital TV condition receiving system and its encryption method | |
| JP2000023137A (en) | Broadcasting system and broadcasting transmitter- receiver | |
| CN101931784B (en) | By the method for HDCP double secret key encrypting and decrypting recorded program | |
| CN104919810B (en) | Receive audio/video content | |
| CN100502496C (en) | Digital TV user authentication system based on mobile device | |
| CN102256170A (en) | Encryption method and decryption method based on no-card CA (Certificate Authority) | |
| CN101626484A (en) | Method for protecting control word in condition access system, front end and terminal | |
| CN100425074C (en) | Method for realizing master-slave intelligent card for one-user multiple-terminal management | |
| JP3965207B2 (en) | Playback device for playing content | |
| CN101370076A (en) | Method for implementing set-card separation based on USB interface | |
| CN101583012B (en) | Method for realizing two-stage condition receiving system and front end and final end of two-stage condition receiving system | |
| CN101563920B (en) | Method for managing the number of visualisations, security processor and terminal for said method | |
| JP2004088280A (en) | Scramble broadcast transmitter and receiver | |
| CN106559682A (en) | A kind of method and device of DTV finger water-print protection | |
| CN101790073A (en) | Method for establishing safety communication channel and communication device thereof | |
| CN101350910A (en) | Method for separating machine and card of digital television receive terminal | |
| CN101355642A (en) | Digital television receiving terminal | |
| JP3965208B2 (en) | Playback device for playing content | |
| JP3965206B2 (en) | Playback device for playing content | |
| CN101340528A (en) | Machine-card separation method of digital television receiving terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |