CN101977299A - Method and system for protecting mobile TV contents - Google Patents
Method and system for protecting mobile TV contents Download PDFInfo
- Publication number
- CN101977299A CN101977299A CN201010288945XA CN201010288945A CN101977299A CN 101977299 A CN101977299 A CN 101977299A CN 201010288945X A CN201010288945X A CN 201010288945XA CN 201010288945 A CN201010288945 A CN 201010288945A CN 101977299 A CN101977299 A CN 101977299A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- business cipher
- cipher key
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the field of mobile TVs, in particular to a method and system for protecting mobile TV contents, solving the problem of poorer protection effect of the mobile TV contents in the prior art. The method comprises the steps of: encrypting broadcast TV contents by using content secret keys through a mobile TV service system, encrypting the content secret keys by using service secret keys, and encrypting the service secret keys by using user secret keys through the mobile TV service system, wherein the user secret keys are public keys in an asymmetric user secret key pair; and the mobile TV service system issues the broadcast TV contents encrypted by adopting the content secret keys and the content secret keys encrypted by adopting the service secret keys, and adopts service secret keys encrypted by adopting the public keys. According to the technical scheme, the encryption of the content secret keys, the service secret keys and the user secret keys has better protection function to the mobile TV contents.
Description
Technical field
The present invention relates to field of mobile phone, relate in particular to a kind of method and system of mobile phone television contents protection.
Background technology
Mobile TV is the trend of the times of global 3G business development, we can say, countries in the world are all relatively paid attention to the development of mobile TV.Along with the arriving of 3G, will there be more than several hundred million 3G subscriptions in the whole world, and mobile TV just becomes big business naturally.Each side is to all relatively attention of 3G development, and natural mobile TV also becomes one of important content.Mobile TV progressively began commercialization in recent years all over the world, will adopt the scheme of mobile phone television contents protection in the application of mobile TV, but relatively poor to mobile TV content protecting effect in the prior art.
Summary of the invention
In order to solve in the prior art, the invention provides a kind of method and system of mobile phone television contents protection to the relatively poor problem of mobile TV content protecting effect.
The method of a kind of mobile phone television contents protection that the embodiment of the invention provides comprises:
The mobile TV service system is used content key, and broadcast television content is encrypted, and uses business cipher key that content key is encrypted;
The mobile TV service system uses user key that business cipher key is encrypted, and described user key is the PKI of asymmetric user key centering;
The mobile TV service system issues the broadcast television content behind the employing content key encryption and adopts the business cipher key encrypted content key, and adopts the business cipher key behind the public key encryption.
The embodiment of the invention also provides a kind of system of mobile phone television contents protection, comprise: mobile phone television broadcasting system, be used to use content key, broadcast television content is encrypted, use business cipher key that content key is encrypted, issue and adopt the broadcast television content behind the content key encryption and adopt the business cipher key encrypted content key;
The business cipher key management system is used to use user key that business cipher key is encrypted, and described user key is the PKI of asymmetric user key centering, issues the business cipher key that adopts behind the public key encryption.
Because the scheme that the embodiment of the invention provides is encrypted better to the mobile TV content protecting by content key, business cipher key and user key.
Description of drawings
The realization and the operation flow of the mobile TV service system that Fig. 1 provides for the embodiment of the invention;
The mobile TV service system structure chart that Fig. 2 provides for the embodiment of the invention;
The generation of the digital certificate that Fig. 3 provides for the embodiment of the invention and sign and issue flow chart;
The business cipher key that Fig. 4 provides for the embodiment of the invention is encrypted and is issued flow chart;
The charging decision flow chart that Fig. 5 provides for the embodiment of the invention;
The charging that Fig. 6 provides for the embodiment of the invention confirms that again the business cipher key encryption issues flow chart.
Embodiment
Below in conjunction with embodiment and accompanying drawing the present invention is described in further details.The scheme of present embodiment is mainly described the realization and the operation flow of mobile TV service system, comprises the steps: as shown in Figure 1
In order to narrate conveniently, this paper uses the back CW*[television content] represent with the broadcast television content after the CW encryption.
In order to narrate conveniently this paper back SK*[CW] expression SK encrypted content key CW.
In order to narrate conveniently this paper back PDK_public*[SK] expression PDK_public encrypted service key SK.
In mobile TV system based on the digital broadcasting technology, SK*[CW] information is included among the Entitlement Control Message ECM, during broadcast program, the CW*[television content] and ECM message encapsulated by scrambler, multiplexing through multiplexer then, broadcast the convenience of the embodiment of the invention in order to narrate to terminal, prevent that technical term is too much, mainly with SK*[CW] carry out the elaboration of scheme.
In mobile TV system based on multimedia broadcasting and multicast MBMS technology, employed stream secrete key MTK (MBMS traffic key) just is equivalent to content key CW, MSK is equivalent to business cipher key SK, the convenience of the embodiment of the invention in order to narrate, prevent that technical term is too much, still carry out the elaboration of scheme with CW, SK.
In mobile TV system, PDK_public*[SK based on the digital broadcasting technology] information can also be included among the Entitlement Management Message EMM, and handset server broadcasts to all terminals with EMM.Certainly present embodiment preferably adopts point-to-point passage to issue PDK_public*[SK to terminal].
In order better to realize goal of the invention of the present invention, the mobile TV service system 10 in the scheme of present embodiment is divided into following subsystem according to service logic: mobile TV CA (Certification Authority, certification authority) center 11; Business cipher key management system 12; Accounting mobile TV system 13; Mobile phone television broadcasting system 14.Structural relation will be narrated respectively as shown in Figure 2 below between the above-mentioned subsystem.
Mobile TV CA (Certification Authority) center 11 its Core Features, be exactly by the mobile communications network carrier, to the digital certificate CERT (in order to express easily this paper further part adopts CERT to represent digital certificate) of mobile phone TV terminal sign and issue, verify, revoke, filing management etc.Specifically describe as follows:
Receive and verify the digital certificate request CERT_REQ (in order to express easily this paper further part adopts CERT_REQ to represent the digital certificate request) of mobile phone terminal;
To examining of mobile phone number of terminals word certificate request CERT_REQ;
Examine by after, CERT_REQ is signed and issued, become CERT.Provide CERT and give mobile phone terminal;
Receive the certificate revocation request of mobile phone terminal, the service of certificate query is provided;
Regularly produce and issue CRL (CRL);
Certificate and historical data archiving.
Above-mentioned business will can not produce expense for the mobile phone terminal user.
Business cipher key management system 12 is the most crucial subsystems of present embodiment scheme, be responsible for the management of business cipher key SK comprehensively, carry out the exchange of significant data with synchronously with other subsystem,, carry out the SK encrypted transmission with mobile phone terminal by the point-to-point passage of mobile communications network.Specifically describe as follows:
According to mobile TV program arrangement in every month, formulate each channel SK of mobile TV and plan update time, for each television channel, each SK that upgrades can distribute a unique sign SK_ID, by this SK_ID, can from system, obtain the SK term of validity, television channel under the SK, information such as interior this channel TV program unit price of the SK term of validity, conversely, determined channel information, timestamp can inquire SK_ID from professional key management system.
When certain television channel SK upgrades, notify mobile phone television broadcasting system immediately, SK and channel information are passed to mobile phone television broadcasting system, make it can calculate the up-to-date encryption control word SK*[CW of this channel].
When mobile phone terminal request SK, the employed CERT of mobile phone terminal is carried out a series of checkings by mobile TV CA center.
After checking CERT passes through, " mobile phone terminal identity ID (generally can be ESN or MEID); the SK_ID that the user will apply for " passes to the accounting mobile TV system with following information, and the accounting mobile TV system returns following result " whether arrearage of user, whether channel SK applies for independent counting ".Do not need independent counting for the monthly payment user; For the set meal user, if the channel of application SK does not need independent counting in the set meal scope; For the single consumption user, need independent counting, the channel of set meal user applies SK needs independent counting not in the set meal scope.The terminal that the television channel charges paid is divided in set meal user finger in the present embodiment.
After the not arrearage of verification terminal, judge if not the independent counting state, directly with PDK_public*[SK] mobile phone terminal passed to, mobile phone terminal uses the PDK_public*[SK of PDK_private to receiving] be decrypted, calculate business cipher key SK.Need to prove that SK has comprised the term of validity information of two adeditive attribute: SK; Whether this SK application wants independent counting, and these two adeditive attributes were narrated for the meaning preamble of mobile phone terminal, just repeated no more here.
After the not arrearage of verification terminal, judge if the independent counting state, earlier with this SK term of validity, this watches that information such as expense passes to mobile phone terminal, requiring mobile phone terminal to carry out the SK request confirms again, after mobile phone terminal is received, can give the user with this secondary key of text prompt term of validity, and expense, please the user confirm whether ask SK again.
Mobile phone terminal carries out SK request confirm again after, with PDK_public*[SK] mobile phone terminal passed to, and following information " mobile phone terminal identity ID (generally can be ESN or MEID); application SK is constantly; SK information; expense " passed to the accounting mobile TV system, the system of being convenient to charges and forms record, is convenient to the user and prints detailed charge bill.
Accounting mobile TV system 13 is closely connected with business cipher key management system 12, and its major function is two aspects, and inquiry service is provided, inquiry cellphone subscriber telephone expenses remaining sum, detailed list etc.; The key management system request of accepting business is chargeed to mobile phone television user.Specifically describe as follows:
Business cipher key management system 12 is passed to 13 mobile phone terminal identity ID of accounting mobile TV system such as ESN (Electronic Serial Number, Electronic Serial Number) or MEID (Mobile Equipment Identifier, mobile terminal identification number) information, whether arrearage of this cellphone subscriber of accounting mobile TV system queries, the accounting mobile TV system passes to the business cipher key management system with the arrearage situation of mobile phone terminal.
The business cipher key management system sends " terminal identity ID (generally can be ESN or MEID), SK_ID " information, whether this SK application of inquiry mobile phone terminal needs independent counting, the accounting mobile TV system can judge according to information such as cellphone subscriber's set meal relation of ordering, SK attributes, return three kinds of results: need not to charge; Expense is paid; Need independent counting.Charge system will be introduced in follow-up method step flow process in detail for the mobile phone terminal determination flow of independent counting whether.
The business cipher key management system sends " terminal identity ID (generally can be ESN or MEID), SK_ID " information, and request is chargeed to this cellphone subscriber, and charge system will be chargeed and forms detail record this mobile phone terminal.Accounting mobile TV system charging formula is as follows:
The corresponding TV programme unit price of corresponding business key label institute/(having business cipher key term of validity finish time of corresponding business key label-have the business cipher key term of validity zero hour of corresponding business key label) * (moment of business cipher key request is obtained in the business cipher key term of validity finish time-terminal transmission with corresponding business key label).
The major function of mobile phone television broadcasting system is, with the broadcast television content after the CW encryption, use radio network, broadcasting issuing the CW*[television content] information (each television channel), with SK content ciphering key W is encrypted, broadcasting issues SK*[CW] information (each television channel).SK*[CW wherein] information is included among the Entitlement Control Message ECM, during broadcast program, CW*[television content] and ECM message encapsulated by scrambler, multiplexing through multiplexer then, broadcast to terminal.The present invention program's mobile phone television broadcasting system specifically describes as follows:
When control word CW changes (common 5~10 seconds change once), mobile phone television broadcasting system will recomputate the CW*[television content], SK*[CW] information, broadcasting issuing then.
When certain television channel business cipher key SK changes, in time provided by the business cipher key management system, this subsystem will recomputate SK*[CW], broadcasting issues then.
As long as mobile phone TV terminal can obtain PDK_public*[SK from professional key management system], just can use the PDK_private deciphering, obtain business cipher key SK, use SK deciphering SK*[CW then], obtain control word CW, use CW to decrypt television content at last.
Because embodiment of the invention scheme adopts the solution of public key architecture PKI (Public Key Infrastrcture) and digital certificate (Digital Certificate), carry out generation, use and the management of user key PDK.So mobile phone terminal before televiewing, must be held digital certificate.
In order better to understand the scheme of present embodiment, the PKI technology that present embodiment is adopted describes below, the PKI technology is exactly the infrastructure that the information security service is provided of utilizing the PKI theory and technology to set up, it is the security authentication mechanism of internationally recognized internet electronic business, the unified technological frame that it utilizes the public key cryptography technology in the contemporary cryptology to provide data encryption and digital signature to serve in open Internet network environment.The PKI system is present most widely used a kind of encryption system, and in this system, encryption key and decruption key have nothing in common with each other, and the people who sends information utilizes recipient's PKI to send enciphered message, and the recipient utilizes own proprietary private key to be decrypted again.This mode had both guaranteed the confidentiality of information, can guarantee information have non repudiation again.At present, the PKI system is widely used for fields such as ca authentication, digital signature and cipher key change.
PKI security mechanism in the internet electronic business is incorporated into key and the certificate management platform system that the cover of one in the wireless network environment is followed set standard, be so-called wireless public key architecture WPKI, manage public-key cryptography and the digital certificate that in mobile network environment, uses with it, effectively set up safety and trustworthy wireless network environment.WPKI is the optimization expansion that traditional PKI technology is applied to wireless environment.It has adopted the ECC elliptic curve cryptography of optimization and the X.509 digital certificate of compression.Its same certificate management PKI that adopts is by third-party trusted mechanism---the checking user's of authentication center (CA) identity, thereby the safe transmission of the information of realization.
Digital certificate be one with identity binding to the file of associated public key, this binding is by credible third party---(Certification Authority CA) confirms and signs and issues certification authority.Except comprising PKI and identity information, digital certificate also comprises some out of Memory usually, as the various flag informations at the date of issuance, the term of validity, the CA center of signing and issuing etc.
When carrying out encipherment protection or authentication, the digital certificate notion is actual to comprise two parts: one, private key.Private key is privately owned by the secure communication individuality, must guarantee the safety of private key, and general private key data file all can be encrypted storage, sometimes in order further to improve fail safe, adopts specialized hardware to store, as electron key etc.Two, certificate.Certificate has mainly comprised public key data, and information such as identity, the date of issuance, the term of validity, the institute CA center of signing and issuing, and certificate is disclosed, and any communication entity can both obtain the other side's certificate.
The safest digital certificate implementation method is at present, need the individuality of secure communication to adopt random number generator and public key algorithm, (certificate request is exactly the certificate of signing and issuing without the CA center oneself to generate private key and certificate request, do not contain the person's of signing and issuing information, can not be used for coded communication, after must signing and issuing through the CA center, can use), the communication individuality can adopt certain communication mode, can be non-safe communication mode, submit to the CA center to sign and issue certificate request, authentication be carried out to the individual information that comprises in this certificate request in the CA center, sign and issue then or refuse and sign and issue, certificate request will contain the person's of signing and issuing information, and can't distort after signing and issuing through the CA center, become the valid certificate that can carry out secure communication, communication is individual obtains or downloads the digital certificate of oneself to the CA center.This process, the individual private key of communicating by letter are that individuality is held always, accomplished to be perfectly safe, and certificate request and certificate itself are exactly disclosed, so can adopt non-secure communication mode to transmit.
As shown in Figure 3, the generation of embodiment of the invention digital certificate that scheme is used is with to sign and issue process step as follows:
Step 301: mobile phone terminal operation random number generator and public key algorithm generate private key PDK_private and certificate request CERT_REQ.
Need explanation, the identity entity of mobile phone terminal (ESN or MEID) information is added in the subject information of CERT_REQ.
Step 302: mobile phone terminal sends to mobile TV CA center by the mobile communications network carrier with certificate request CERT_REQ, and request is signed and issued CERT_REQ.
Need explanation, mobile phone terminal can pass through EMS, MMS, and modes such as WAP surfing Internet with cell phone, but be not limited to these modes, transmit CERT_REQ and give mobile TV CA center.
Step 303: mobile TV CA center is to the checking of mobile phone terminal identity, and checking is passed through, execution in step 304; Checking is not passed through, and then sends the message that refusal is signed and issued CERT_REQ to mobile phone terminal.
Need explanation, this step, mobile TV CA mainly checks the mobile phone terminal legitimacy in the center, the arrearage situation, whether the identity entity of the mobile phone terminal that comprises among the CERT_REQ (ESN or MEID) is consistent with the mobile phone terminal identity of setting up link.This step 1 crucial meaning is, after mobile phone terminal has been carried out step 301, changes usim card, and CERT_REQ is signed and issued in request then, and in this case, CERT_REQ will be illegal, and this step can detect this situation.So mobile phone terminal must re-execute step 301 after changing usim card, can continue next step.
Need explanation, mobile TV CA center sends the message that refusal is signed and issued CERT_REQ to mobile phone terminal, can be modes such as SMS, EMS, MMS, WAP PUSH, but be not limited to these modes.
Step 304: mobile TV CA center will carry out legitimacy authentication and CERT_REQ added examining formation to CERT_REQ, examine, and examine by, execution in step 305; Examine and do not pass through, then send the message that refusal is signed and issued CERT_REQ to mobile phone terminal.
It is whether checking CERT_REQ form meets the requirements that CERT_REQ is carried out the legitimacy authentication, need explanation, the approval process of CERT_REQ, it is a step before CERT_REQ is signed and issued at the CA center, each CA center will be examined CERT_REQ according to the strategy of examining of oneself, and the scheme of the embodiment of the invention will not limit this process.
Need explanation, mobile TV CA center sends the message that refusal is signed and issued CERT_REQ to mobile phone terminal, can be modes such as SMS, EMS, MMS, WAP PUSH, but be not limited to these modes.
Step 305: mobile TV CA signs and issues CERT_REQ at the center, become certificate CERT, CERT is carried out database filing, send certificate issuance success notification message to mobile phone terminal, contain CERT in the message and deposit path (URL, FTP path etc.), the notice mobile phone terminal lands this file server or the URL network address removes to download the CERT of oneself.
Need explanation, mobile TV CA center can be modes such as SMS, EMS, MMS, WAP PUSH, but be not limited to these modes to the certificate issuance success notification message that mobile phone terminal sends.
Step 306: mobile phone terminal lands specified file server or URL network address, downloads the certificate CERT of oneself.
The present invention program adopts the solution of public key architecture PKI (Public Key Infrastrcture) and digital certificate (Digital Certificate), carry out generation, use and the management of user key PDK, thereby can solve the problem that adopts the symmetric encipherment algorithm cipher key management difficult, solve the deficiency of rivest, shamir, adelman aspect authentication simultaneously.Can also not rely on simultaneously the smart card of specific function.
The four elements that once more the present embodiment scheme is used is set forth below: PDK_private (privately owned user key); PDK_public (open user key); CERT (certificate); CERT_REQ (certificate request).Because the scheme that the present invention has adopted asymmetric user key PDK that business cipher key SK is protected, so PDK certainly exists a pair of, one is exactly PDK_private, one is PDK_public, PDK_private has only mobile phone terminal institute safety to hold, the external world can't read by any way visit, accomplish to be perfectly safe; And PDK_public is included in CERT or the CERT_REQ information, and CERT or CERT_REQ are disclosed to external world, can carry out non-secured fashion transmission.CERT_REQ (certificate request) is exactly the CERT (certificate) that signs and issues without the CA center.
By the above-mentioned flow process of the embodiment of the invention, make mobile phone TV terminal hold digital certificate, after holding digital certificate, mobile phone terminal is by the point-to-point passage of mobile communications network as previously mentioned, business cipher key SK to business cipher key management system application television channel, the business cipher key management system will be issued PDK_public*[SK to terminal by point-to-point passage], follow-up mobile phone terminal uses the PDK_public*[SK of PDK_private to receiving] be decrypted, calculate business cipher key SK.
As shown in Figure 4, it is as follows that the encryption of the present invention program's business cipher key issues process step:
Step 401: mobile phone terminal uses own digital certificate CERT, waits to watch the business cipher key SK of television channel to the business cipher key management system requested.
Need explanation, this step mobile phone terminal passes through mobile communications network, set up the point-to-point communication link with the business cipher key management system, it can be the link setup mode of Traffic Channel, it also can be the on-link mode (OLM) of surfing Internet with cell phone, after the link establishment, mobile phone terminal will send CERT and channel identication information (for example channel 1), ask the business cipher key SK of this channel.
Step 402: the business cipher key management system verifies that to the mobile phone terminal identity authentication is passed through, execution in step 403; Authentication is not passed through, and sends the message that refusal issues SK to mobile phone terminal, disconnects communication link.
Need explanation, the authentication key point is to verify whether the mobile phone terminal identity ID (ESN or MEID) that comprises among the CERT is consistent with the mobile phone terminal identity of setting up link.The meaning of this step is, mobile phone terminal is obtaining employed usim card when signing and issuing CERT, the usim card that uses during with application SK, it or not a card, the mobile phone terminal of this situation belongs to the disabled user, must re-execute embodiment of the invention step 301 to 306, regenerates PDK_private and CERT_REQ, ask mobile TV CA center to be signed and issued then, obtain and sign and issue back certificate CERT.
Step 403: business cipher key management system and mobile TV CA center communicate, and request checks that to CERT validity inspection is passed through, execution in step 404; Check and do not pass through, send the message that refusal issues SK, disconnect communication link to mobile phone terminal.
Need explanation, mobile TV CA center is to the CERT validity check, mainly be to detect the CERT structure whether to meet the requirements, the current time whether in the CERT term of validity, whether whether legal, the CERT of the CERT person of signing and issuing revoked, or the like.The function that present all CA centers all possess, all there is inspection policy separately at each CA center, and the present invention program does not limit this process.
Step 404: business cipher key management system, stab information (be mobile phone terminal to time that the business cipher key management system requested waits to watch the business cipher key SK of television channel) according to the current time, the television channel information to be watched of mobile phone terminal request, inquiry obtains the business cipher key corresponding service key ID number of this request, i.e. Dui Ying SK_ID.
For example, it is respectively SK_0, SK_1, SK_2...SK_98, SK_99 that SK_ID one has 100, stabs information 10:10 and waits to watch television channel information channel 10 according to the current time, and the SK_ID that can inquire about the SK correspondence of this request of acquisition is SK_10.
Step 405: business cipher key management system and accounting mobile TV system communicate, and send following information " mobile phone terminal identity ID, corresponding SK_ID " and give the accounting mobile TV system; Ask three parameters " whether arrearage of user, whether SK applies for independent counting, the independent counting amount of money ".
Step 406: the accounting mobile TV system carries out inner querying flow, corresponding " mobile phone terminal identity ID, the corresponding SK_ID " that receives, obtain following parameter " whether arrearage of user; whether SK applies for independent counting, the independent counting amount of money ", send to the business cipher key management system.
Need explanation, accounting mobile TV internal system processing logic is not need independent counting for the monthly payment user; For the set meal user, if the channel of application SK does not need independent counting in the set meal scope; For the single consumption user, need independent counting, the channel of set meal user applies SK needs independent counting not in the set meal scope.Fig. 5 judges this SK for the accounting mobile TV system and whether applies for the flow chart of independent counting.Accounting mobile TV system-computed independent counting amount of money formula is as follows:
The corresponding corresponding TV programme unit price of SK_ID institute/(having SK term of validity finish time of corresponding SK_ID-have the SK term of validity zero hour of corresponding SK_ID) * (the SK term of validity finish time-mobile phone terminal application with corresponding SK_ID waits to watch the channel SK moment).
Step 407: the business cipher key management system is judged, if user's arrearage is sent the message that refusal issues SK to mobile phone terminal, disconnects communication link; Not arrearage, execution in step 408.
Step 408: the business cipher key management system is judged according to mobile phone terminal identity ID, whether this SK application needs independent counting, if do not need independent counting, then issues secure service key PDK_public*[SK to terminal], the business cipher key encryption issues flow process and finishes, and communication session finishes; Independent counting is then carried out independent counting and is confirmed that again the business cipher key encryption issues flow process if desired.
Need explanation, additionally contain information among the SK: business cipher key term of validity information; Whether this SK application wants charges paid.
The business cipher key that the present embodiment scheme relates to issues mode, adopts the scheme of mobile phone terminal active request business cipher key, at utmost solves congested and loading problem.
In the scheme of present embodiment, the business cipher key SK that handset television service system issues has comprised the term of validity information of at least two adeditive attributes: SK; Whether this SK applies for charges paid.Business cipher key term of validity information, meaning are that mobile phone terminal can be known and when should upgrade business cipher key; Whether this SK applies for that charges paid, meaning are that mobile phone terminal can select to upgrade automatically business cipher key, perhaps point out the user to upgrade business cipher key by hand.Do not need independent counting for the monthly payment user; For the set meal user, if the channel of application SK does not need independent counting in the set meal scope; For the single consumption user, need independent counting, the channel of set meal user applies SK needs independent counting not in the set meal scope.
The situation that does not need independent counting, business cipher key are upgraded and be carried out automatically, need not allow the user know, the user is not watched can cause interference like this; And needing the situation of independent counting, mobile phone terminal should point out the user whether to carry out key updating.Prepare to watch certain channel mobile TV when mobile phone terminal, perhaps carry out the switching channels operation, and this channel service key not in the mobile phone terminal, perhaps this channel service key is expired, then all can trigger the process that a business cipher key request is upgraded.
Above-mentioned process step 406, the accounting mobile TV system judges this SK applies for whether independent counting is a sub-process, and as shown in Figure 5, it judges that in detail process step is as follows:
Step 501: business cipher key management system and accounting mobile TV system communicate, and send following information " mobile phone terminal identity ID, SK_ID " and give the accounting mobile TV system; Ask three parameters " whether arrearage of user, whether this SK applies for independent counting, the independent counting amount of money ".
Need explanation, whether arrearage parameter of user is very easy to inquiry, below step the parameter of no longer mentioning arrearage is described, only describe this SK and apply for the whether judgement of independent counting and independent counting amount of money parameter.
Step 502: the accounting mobile TV system inquires about its set meal and orders relation according to Termination ID, determines that just this terminal use's identity is attributes such as monthly payment, set meal or single consumption.
Alleged terminal use's identity is monthly payment in the present embodiment, refers to the equal charges paid of whole television channels, and the television channel charges paid is divided in the set meal finger, and single consumption refers to the situation except that aforementioned two kinds, promptly non-all with also non-part television channel charges paid.
Step 503: the accounting mobile TV system judges whether this terminal use is the monthly payment user, if, give business cipher key management system return results, explain this user and need not to charge; If not, execution in step 504.
Step 504: the accounting mobile TV system judges whether this terminal use is the set meal user, if not, give business cipher key management system return results, explaining this user needs independent counting, and the charging amount of money; If, execution in step 505.
Need explanation: it is as follows to calculate independent counting amount of money formula:
The corresponding corresponding TV programme unit price of SK_ID institute/(having SK term of validity finish time of corresponding SK_ID-have the SK term of validity zero hour of corresponding SK_ID) * (the SK term of validity finish time-mobile phone terminal application with corresponding SK_ID waits to watch the channel SK moment).
Step 505: the accounting mobile TV system is according to the SK_ID of correspondence, and inquiry has the SK subordinate channel of corresponding SK_ID.
Step 506: the SK subordinate channel with corresponding SK_ID is judged whether in user's set meal by the accounting mobile TV system, if, give business cipher key management system return results, explain this user and need not to charge; If not, execution in step 507.
Step 507: judge whether the user successfully applied for the SK of SK_ID correspondence, and paid expense; If, give business cipher key management system return results, explain these SK application expenses and pay; If not, give business cipher key management system return results, explaining this user needs independent counting, and the charging amount of money.
Need explanation, this step is to prevent that charge system from repeating to charge to the user.For example the cellphone subscriber is the single consumption user, applies for business cipher key SK first, and has paid expense, and the cellphone subscriber has carried out application SK operation again when expired when SK does not have, and this scene cannot repeat to charge.
In conjunction with an example this scene is described again below: according to the arrangement of certain operator's mobile TV program table, entertainment channel SK_ID is 10052521 business cipher key SK, its term of validity is defined as the time of video display arenas at midnight, from 2010/05/25 21:00 to 2010/05/25 23:00, totally 120 minutes, 2 yuan of price location.Certain cellphone subscriber is the single consumption user of the non-set meal of non-monthly payment, open mobile TV in 2010/05/25 21:00, prepare to watch the entertainment channel program, to handset television service system application SK this moment, when system issues PDK_public*[SK for this user] after, 2 yuan of expenses can be produced.And worked as the user before 23:00, if repeat to have applied for entertainment channel SK, will no longer produce any expense.
From step 501 to 507 as can be seen, the accounting mobile TV system returns three kinds of different results can for the business cipher key management system: 1, need not to charge; 2, expense is paid; 3, need independent counting.For preceding two results, business cipher key management system handling process is almost completely identical, can be according to not chargeing, directly issue secure service key PDK_public*[SK] handle, unique not same, be exactly SK adeditive attribute difference, for need not charging result, the SK adeditive attribute is not chargeed for this SK application; For expense payment result, the SK adeditive attribute needs independent counting for this SK application.And for need independent counting result, the business cipher key management system will be carried out charging and confirm that again the business cipher key encryption issues flow process, and the content of present embodiment back will be described this flow process in detail.
Top description can be summarized by table 1:
Table 1
The SK adeditive attribute is mentioned in summary of the invention for the meaning of mobile phone terminal: the situation of not chargeing, business cipher key are upgraded and be carried out automatically, need not allow the user know, the user is not watched can cause interference like this; And needing the situation of independent counting, mobile phone terminal should point out the user whether to carry out key updating.Certainly during the mobile phone terminal specific implementation, can utilize this adeditive attribute of SK, also can not make and adopt other SK update strategy in this way.
By top explanation as can be known, the mobile TV service system is carried out the definition of mobile TV set meal according to different television channels, and a kind of set meal can comprise a plurality of channels, and some channels also can be comprised by a plurality of set meals.The monthly payment user can watch all channels, and the set meal user can watch specific several channel, and when the set meal user constantly will watch TV programme set meal outside, this set meal user is equal to the single consumption user at this moment again so.This point can define flexibly, comprises channel 1, channel 4, channel 6, channel 9 as set meal A.Set meal B comprises channel 1, channel 3, channel 5, channel 7.Set meal C comprises channel 2, channel 4, channel 6, channel 8.
Operator to media releasing, is selected information such as the Promgramming of various set meals, expenses standard for monthly payment, set meal cellphone subscriber.
In order to take into account set meal user, the charging way of consumption user in due order, the mobile TV service system will be closely connected with the program arrangement of mobile TV on the business cipher key Renewal Time.Specifically, after the listing of certain channel is determined, then business cipher key updated time table also should be determined, for the single consumption user, apply for one time business cipher key, can produce primary charging (when business cipher key does not have expired and situation that repeat to apply for, can not repeat to charge, this point is guaranteed by the accounting mobile TV system), so in the television channel, the TV programme unit price of each effective traffic period of key also should be determined.
Operator is with business cipher key updated time table, and the TV programme unit price information of each channel effective traffic period of key is announced to medium, selects to use for the single consumption user.
Single consumption user charging method is as follows:
The corresponding corresponding TV programme unit price of SK_ID institute/(having SK term of validity finish time of corresponding SK_ID-have the SK term of validity zero hour of corresponding SK_ID) * (the SK term of validity finish time-mobile phone terminal application with corresponding SK_ID waits to watch the channel SK moment).
Illustrate the aforementioned calculation formula:
According to the arrangement of certain operator's mobile TV program table, the term of validity of certain business cipher key SK of sports channel is defined as the beginning and the end of a football match, and totally 110 minutes, price was decided to be 2 yuan.Certain cellphone subscriber is the single consumption user of the non-set meal of non-monthly payment, and when this user opened mobile TV and begins to watch, football match had been carried out 55 minutes, and the first half finishes, and is carrying out halftime, enters second half of the match at once.Charge system is according to the aforementioned calculation formula so, and it is 1 yuan that this consumption of this user is chargeed.
Operator should rationally arrange the business cipher key Renewal Time, renewal frequency is high more, the program that can realize pinpoint accuracy charges, the choice of single consumption user can be more more, but the burden and the management cost of system have been increased, renewal frequency is low excessively, and single consumption user choice can be seldom, and system burden and management cost can reduce.So operator according to s own situation, rationally arranges the business cipher key Renewal Time, select time spot or rubbish time after a complete programs finishes to carry out the renewal of business cipher key as far as possible.
As shown in Figure 6, independent counting confirms that again business cipher key encrypts that to issue process step as follows:
Step 601: the business cipher key management system is handed down to mobile phone terminal with " corresponding SK_ID has the SK term of validity of corresponding SK_ID, the independent counting amount of money ", requires mobile phone terminal to carry out the SK application and confirms.
Need explanation, this step meaning is, the business cipher key management system can require mobile phone terminal to confirm for the key application of independent counting again, have only terminal to confirm again after, just can carry out SK and encrypt and issue, and charge.After mobile phone terminal is received, can give the user with this secondary key of text prompt term of validity, and expense, select whether to want continuation application SK by the cellphone subscriber.
Step 602: after mobile phone terminal receives that SK applies for confirmation again, can be with mode word prompting mobile telephone set user, effective off period of SK and expense, whether the inquiry user continuation application SK.If the cellphone subscriber selects to abandon the SK application, the business cipher key management system will finish this communication session after receiving and abandoning the SK solicitation message; If the cellphone subscriber selects to continue the SK application, after the business cipher key management system is received continuation application message, execution in step 603.
Need explanation, this step also may be by another kind of situation, be exactly that the cellphone subscriber does not select whether to confirm the SK application for a long time, this situation, the business cipher key management system has timeout mechanism and handles, set when mobile phone terminal again and not confirm SK application in the time limit again, then the business cipher key management system can finish this communication session.Mobile phone terminal is follow-up if when watching this channel TV program, must apply for again that SK encrypts to issue.
Step 603: the business cipher key management system issues PDK_public*[SK to mobile phone terminal], issue and finish this communication session after finishing.
Step 604: the business cipher key management system sends " terminal identity ID, SK_ID " and gives the accounting mobile TV system, and request is chargeed.
Step 605: the accounting mobile TV system charges to the cellphone subscriber.
Need explanation, accounting mobile TV system charging formula is the same.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (20)
1. the method for a mobile phone television contents protection is characterized in that, comprising:
The mobile TV service system is used content key, and broadcast television content is encrypted, and uses business cipher key that content key is encrypted;
The mobile TV service system uses user key that business cipher key is encrypted, and described user key is the PKI of asymmetric user key centering;
The mobile TV service system issues the broadcast television content behind the employing content key encryption and adopts the business cipher key encrypted content key, and adopts the business cipher key behind the public key encryption.
2. the method for claim 1 is characterized in that, the mobile TV service system uses user key that business cipher key is encrypted, and described user key is also to comprise before the PKI step of asymmetric user key centering:
The digital certificate request that mobile TV service system receiving terminal sends, when the digital certificate request examine by after, send digital certificate to terminal and sign and issue success message.
3. method as claimed in claim 2 is characterized in that, also comprises before the digital certificate request is examined:
Identity to the terminal that sends the digital certificate request authenticates, and authentication is examined digital certificate request by the back.
4. the method for claim 1 is characterized in that, is specially to the business cipher key that terminal issues after adopting public key encryption by point-to-point passage:
The request of obtaining business cipher key that the mobile TV service system sends according to terminal, the business cipher key after terminal issues the employing public key encryption.
5. method as claimed in claim 4 is characterized in that, the mobile TV service system is according to the request of obtaining business cipher key, and the business cipher key that issues after adopting public key encryption to terminal is specially:
The request that mobile TV service system receiving terminal sends obtains the business cipher key of waiting to watch television channel;
The mobile TV service system according to terminal request wait watch that television channel and terminal send the time of obtaining the business cipher key request, obtain the business cipher key corresponding service key identification of this request, the business cipher key after terminal issues the employing public key encryption with corresponding business key label.
6. method as claimed in claim 5 is characterized in that, also comprises: the mobile TV service system identifies according to terminal identity, judges whether charges paid of terminal;
The business cipher key with corresponding business key label after terminal issues the employing public key encryption is specially: when charges paid, and the business cipher key after terminal issues the employing public key encryption with corresponding business key label.
7. method as claimed in claim 6 is characterized in that, to terminal issuing service key adeditive attribute information, adeditive attribute information comprises: whether business cipher key term of validity information and this business cipher key application of expression the information of charges paid.
8. method as claimed in claim 7 is characterized in that, whether charges paid is specially to judge terminal:
The mobile TV service system judges according to sending the terminal identity sign whether this terminal is the terminal of the equal charges paid of all television channels, if then determine the terminal charges paid, otherwise, judge whether this terminal is the terminal of part television channel charges paid, if, sign according to the corresponding service key, inquire about television channel to be watched, judge and wait to watch whether television channel belongs to the television channel of charges paid, if then determine the terminal charges paid, otherwise, judge whether terminal had sent request and the charges paid that obtains the business cipher key with corresponding business key label before, if then determine the terminal charges paid.
9. method as claimed in claim 8, it is characterized in that, also comprise: if do not send the request of obtaining business cipher key before the terminal with corresponding business key label, then the mobile TV service system is with the sign of corresponding service key, the business cipher key term of validity and the charging amount of money are handed down to terminal, require the terminal carrying out service key request to confirm, abandon the feedback of business cipher key request if receive terminal, then stop the business cipher key after terminal issues the employing public key encryption with corresponding business key label, otherwise, if receive that terminal check carries out the feedback of business cipher key request, then issue business cipher key after adopting public key encryption with corresponding business key label to terminal;
Sign according to terminal identity sign and corresponding service key is chargeed to terminal.
10. method as claimed in claim 9 is characterized in that, terminal is chargeed to be specially:
Adopt following formula that terminal is chargeed,
The corresponding TV programme unit price of corresponding business key label institute/(having business cipher key term of validity finish time of corresponding business key label-have the business cipher key term of validity zero hour of corresponding business key label) * (moment of business cipher key request is obtained in the business cipher key term of validity finish time-terminal transmission with corresponding business key label).
11. the system of a mobile phone television contents protection is characterized in that, comprising:
Mobile phone television broadcasting system is used to use content key, and broadcast television content is encrypted, and uses business cipher key that content key is encrypted, and issues to adopt the broadcast television content behind the content key encryption and adopt the business cipher key encrypted content key;
The business cipher key management system is used to use user key that business cipher key is encrypted, and described user key is the PKI of asymmetric user key centering, issues the business cipher key that adopts behind the public key encryption.
12. the system of mobile phone television contents protection as claimed in claim 11; it is characterized in that, also comprise: mobile TV certification authority center is used for the digital certificate request that receiving terminal sends; when the digital certificate request examine by after, send digital certificate to terminal and sign and issue success message.
13. the system of mobile phone television contents protection as claimed in claim 12; it is characterized in that; mobile TV certification authority center also is used for the identity of the terminal that sends the digital certificate request is authenticated, and authentication is examined digital certificate request by the back.
14. the system of mobile phone television contents protection as claimed in claim 11 is characterized in that, the business cipher key management system also is used for the request of obtaining business cipher key according to the terminal transmission, the business cipher key after terminal issues the employing public key encryption.
15. the system of mobile phone television contents protection as claimed in claim 14; it is characterized in that; the business cipher key management system; obtaining of being used for also that receiving terminal sends waits to watch the request of the business cipher key of television channel; according to terminal request wait watch that television channel and terminal send the time of obtaining the business cipher key request; obtain the business cipher key corresponding service key identification of this request, the business cipher key after terminal issues the employing public key encryption with corresponding business key label.
16. the system of mobile phone television contents as claimed in claim 15 protection is characterized in that, also comprises: the accounting mobile TV system, be used for according to the terminal identity sign, judge whether charges paid of terminal;
The business cipher key management system also is used for when charges paid, the business cipher key with corresponding business key label after terminal issues the employing public key encryption.
17. the system of mobile phone television contents protection as claimed in claim 16; it is characterized in that; the business cipher key management system; also be used for to terminal issuing service key adeditive attribute information, adeditive attribute information comprises: whether business cipher key term of validity information and this business cipher key application of expression the information of charges paid.
18. the system of mobile phone television contents protection as claimed in claim 17; it is characterized in that; the accounting mobile TV system; also be used for judging according to sending the terminal identity sign whether this terminal is the terminal of the equal charges paid of all television channels; if then determine the terminal charges paid; otherwise; judge whether this terminal is the terminal of part television channel charges paid; if; sign according to the corresponding service key; inquire about television channel to be watched; judge to wait to watch whether television channel belongs to the television channel of charges paid, if then determine the terminal charges paid, otherwise; whether sent request and the charges paid that obtains business cipher key before judging terminal, if then determine the terminal charges paid with corresponding business key label.
19. the system of mobile phone television contents protection as claimed in claim 18, it is characterized in that, the business cipher key management system, also be used for if do not send the request of obtaining business cipher key before the terminal with corresponding business key label, then the mobile TV service system is with the sign of corresponding service key, the business cipher key term of validity and the charging amount of money are handed down to terminal, require the terminal carrying out service key request to confirm, abandon the feedback of business cipher key request if receive terminal, then stop the business cipher key after terminal issues the employing public key encryption with corresponding business key label, otherwise, if receive that terminal check carries out the feedback of business cipher key request, then issue business cipher key after adopting public key encryption, and terminal is chargeed according to the sign of terminal identity sign and corresponding service key with corresponding business key label to terminal;
The accounting mobile TV system also is used for according to the sign of terminal identity sign and corresponding service key terminal being chargeed.
20. the system of mobile phone television contents protection as claimed in claim 19 is characterized in that the accounting mobile TV system also is used to adopt following formula that terminal is chargeed,
The corresponding TV programme unit price of corresponding business key label institute/(having business cipher key term of validity finish time of corresponding business key label-have the business cipher key term of validity zero hour of corresponding business key label) * (moment of business cipher key request is obtained in the business cipher key term of validity finish time-terminal transmission with corresponding business key label).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010288945XA CN101977299A (en) | 2010-09-19 | 2010-09-19 | Method and system for protecting mobile TV contents |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010288945XA CN101977299A (en) | 2010-09-19 | 2010-09-19 | Method and system for protecting mobile TV contents |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101977299A true CN101977299A (en) | 2011-02-16 |
Family
ID=43577142
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010288945XA Pending CN101977299A (en) | 2010-09-19 | 2010-09-19 | Method and system for protecting mobile TV contents |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101977299A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016086788A1 (en) * | 2014-12-02 | 2016-06-09 | 阿里巴巴集团控股有限公司 | Method and apparatus for encrypting/decrypting data on mobile terminal |
| CN117896179A (en) * | 2024-03-14 | 2024-04-16 | 深圳市小溪流科技有限公司 | Combined URL signature authentication method, device and storage medium thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1595873A (en) * | 2004-06-23 | 2005-03-16 | 北京邮电大学 | Network examination system based on mixed architecture and multiple safety mechanism, and implementing method thereof |
| CN1921433A (en) * | 2006-09-20 | 2007-02-28 | 华为技术有限公司 | Method, system and application server for providing broadcast multicast service |
| CN1960267A (en) * | 2006-09-18 | 2007-05-09 | 中兴通讯股份有限公司 | System and method for implementing prepaid services in mobile multimedia broadcast |
| CN101166259A (en) * | 2006-10-16 | 2008-04-23 | 华为技术有限公司 | Mobile phone TV service protection method, system, mobile phone TV server and terminal |
| CN101179377A (en) * | 2006-11-09 | 2008-05-14 | 中兴通讯股份有限公司 | Cipher key distributing and updating system of multimedia broadcasting service |
| CN101827247A (en) * | 2010-05-19 | 2010-09-08 | 中兴通讯股份有限公司 | Method and system for accounting mobile TV |
-
2010
- 2010-09-19 CN CN201010288945XA patent/CN101977299A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1595873A (en) * | 2004-06-23 | 2005-03-16 | 北京邮电大学 | Network examination system based on mixed architecture and multiple safety mechanism, and implementing method thereof |
| CN1960267A (en) * | 2006-09-18 | 2007-05-09 | 中兴通讯股份有限公司 | System and method for implementing prepaid services in mobile multimedia broadcast |
| CN1921433A (en) * | 2006-09-20 | 2007-02-28 | 华为技术有限公司 | Method, system and application server for providing broadcast multicast service |
| CN101166259A (en) * | 2006-10-16 | 2008-04-23 | 华为技术有限公司 | Mobile phone TV service protection method, system, mobile phone TV server and terminal |
| CN101179377A (en) * | 2006-11-09 | 2008-05-14 | 中兴通讯股份有限公司 | Cipher key distributing and updating system of multimedia broadcasting service |
| CN101827247A (en) * | 2010-05-19 | 2010-09-08 | 中兴通讯股份有限公司 | Method and system for accounting mobile TV |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016086788A1 (en) * | 2014-12-02 | 2016-06-09 | 阿里巴巴集团控股有限公司 | Method and apparatus for encrypting/decrypting data on mobile terminal |
| US11134377B2 (en) | 2014-12-02 | 2021-09-28 | Advanced New Technologies Co., Ltd. | Encrypting/decrypting data on mobile terminal |
| CN117896179A (en) * | 2024-03-14 | 2024-04-16 | 深圳市小溪流科技有限公司 | Combined URL signature authentication method, device and storage medium thereof |
| CN117896179B (en) * | 2024-03-14 | 2024-05-17 | 深圳市小溪流科技有限公司 | Combined URL signature authentication method, device and storage medium thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100380270C (en) | Method and apparatus for security data transmission in a mobile communication systeme | |
| CN101166259B (en) | Mobile phone TV service protection method, system, mobile phone TV server and terminal | |
| CN103067914B (en) | Be present in the mobile confidence platform (MTP) on WTRU | |
| CN103109495B (en) | Method for authenticating and registering devices | |
| CN1933393B (en) | Inter-entity coupling method, apparatus and system for content protection | |
| CN101094062B (en) | Method for implementing safe distribution and use of digital content by using memory card | |
| CN101515851A (en) | Method and apparatus for security in a data processing system | |
| CN102857911A (en) | Positioning method, terminal and server | |
| CN100403814C (en) | Packet broadcasting service key controlling method | |
| CN104365127A (en) | Method for tracking a mobile device onto a remote displaying unit | |
| CN101820624B (en) | Method and apparatus for security in a data processing system | |
| CN106803980B (en) | Guard method, hardware security module, master chip and the terminal of encrypted control word | |
| CN100551034C (en) | A kind of mobile multi-media service implementation method and condition receiving system | |
| CN100433684C (en) | Method, system and application server for providing broadcast multicast service | |
| CN100544429C (en) | A kind of mobile phone TV services content protecting method | |
| CN101425862B (en) | Mobile multimedia broadcast service operation management system and method | |
| CN101656583A (en) | Key management system and key management method | |
| CN101521668A (en) | Method for authorizing multimedia broadcasting content | |
| CN101448286A (en) | A roaming authorization method of mobile digital TV user | |
| CN101977299A (en) | Method and system for protecting mobile TV contents | |
| CN103581872A (en) | Method and system for processing service roaming of mobile terminal | |
| CN101150707B (en) | A method for realizing secure multimedia broadcast | |
| CN103546767A (en) | Content protection method and system of multimedia service | |
| KR100524646B1 (en) | A key generation method for broadcast encryption | |
| CN101867895A (en) | Consumption method based on mobile terminal and messages, mobile terminal and business system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110216 |