CN102035643A

CN102035643A - Method, device and communication system for sending and obtaining key

Info

Publication number: CN102035643A
Application number: CN 200910176694
Authority: CN
Inventors: 刘光远; 张园园; 石腾; 乐培玉; 张楚雄; 田永辉; 袁卫忠
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2009-09-25
Filing date: 2009-09-25
Publication date: 2011-04-27

Abstract

The embodiment of the invention discloses a method, device and communication system for sending and obtaining a key and relates to the communication field. The invention aims to solve the problem that when the information with a hierarchical structure is transmitted, the occupied network resources for the transmission of the key are more. The technical scheme provided by the invention comprises the following steps: selecting a dependent layer from one base layer and more than one of the enhancement layers of the information to be transmitted according to a preset key dependency relationship; generating a key for the dependent layer; sending the key of the dependent layer and the key dependency relationship; obtaining the key dependency relationship and the key of the dependent layer; and deriving the keys of the base layer and other enhancement layers except the more than one enhancement layer of the information to be transmitted according to the key dependency relationship and the key of the dependent layer. The technical scheme provided by the embodiment of the invention can be applied in the process for transmitting the encryption key of the hierarchical information.

Description

Send and obtain method, device and the communication system of key

Technical field

The present invention relates to the communications field, relate in particular to a kind of method, device and communication system that sends and obtain key.

Background technology

Scalable video coding (Scalable Video Coding, SVC) user terminal that can solve different resolution is watched the unmatched problem of the resolution that video brought of same resolution simultaneously, and this technology can be divided into a basic layer and an above enhancement layer with video by once encoding.The user terminal of low resolution receives the basic layer of this video, can watch the video of low resolution after the decoding; High-resolution user terminal receives the basic layer and the enhancement layer of this video simultaneously, can watch high-resolution video after the decoding.

At present, prior art can provide the method for two kinds of safe transmission SVC videos:

First method is, produce the ephemeral keys and the long term keys of every layer of correspondence of SVC video by the key generation module of transmitting terminal, encrypt the video content of respective layer with the ephemeral keys of each layer, obtain video flowing, encrypt the ephemeral keys of respective layer with the long term keys of each layer, obtain ephemeral keys stream, video flowing, ephemeral keys stream and the long term keys of each layer sent; The receiving terminal reception is flowed and video flowing with long term keys stream, the ephemeral keys of the corresponding level of resolution that the user orders, and obtains ephemeral keys with the ephemeral keys of each layer long term keys deciphering respective layer, and the video flowing of deciphering respective layer with ephemeral keys obtains video content.

Second method is, produce the ephemeral keys and the long term keys of every layer of correspondence of SVC video by transmitting terminal key generation module, encrypt the video content of this layer with the ephemeral keys of each layer, obtain video flowing, be higher than the ephemeral keys that the long term keys of the video layer of this layer is encrypted this layer respectively with every layer long term keys and resolution, obtain ephemeral keys stream, described video flowing, ephemeral keys stream and long term keys are sent; Top long term keys stream and each layer ephemeral keys stream and the video flowing corresponding in the resolution that receiving terminal reception user orders with resolution, decipher the ephemeral keys stream of each layer with described top long term keys, obtain the ephemeral keys of each layer correspondence, the video flowing of deciphering corresponding level with the ephemeral keys of each layer correspondence obtains video content.

In realizing process of the present invention, the inventor finds, when prior art all needs to encrypt separately for needs Delamination Transmission and every layer of information waiting for transmission, during as transmission SVC video, need transmission a large amount of long term keys and ephemeral keys, the network transmission resource that takies is more.

Summary of the invention

Embodiments of the invention provide a kind of method, device and communication system that sends and obtain key, can save the shared network transmission resource of transmission security key.

For achieving the above object, embodiments of the invention adopt following technical scheme:

A kind of method that sends key, informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this method comprises: choose from one of information to be transmitted basic layer and above enhancement layer according to the key dependence that sets in advance and rely on layer; For described dependence layer generates key; Send described key and the described key dependence that relies on layer.

A kind of method of obtaining key, informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, this method comprises: obtain the key dependence and rely on the key of layer, this dependences layer is chosen acquisition according to described key dependence for transmitting terminal from one basic layer of information to be transmitted and an above enhancement layer; According to described key dependence with rely on the key of layer, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer.

A kind of device that sends key, informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this device comprises:

Choose the unit, be used for choosing the dependence layer from a basic layer and an above enhancement layer of information to be transmitted according to the key dependence that sets in advance;

Generation unit is used to the described dependence layer of choosing unit selection to generate key;

First transmitting element is used to send the key and the described key dependence of the dependence layer that described generation unit generates.

A kind of device that obtains key, informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this device comprises:

Acquiring unit is used to obtain the key dependence and relies on the key of layer, and this dependences layer is chosen acquisition according to described key dependence for transmitting terminal from one basic layer of information to be transmitted and an above enhancement layer;

Derive from the unit, be used for key dependence of obtaining according to described acquiring unit and the key that relies on layer, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer.

A kind of communication system, informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this system comprises:

Send the device of key, be used for choosing the dependence layer from a basic layer and an above enhancement layer of information to be transmitted according to the key dependence that sets in advance, be that this relies on layer and generates key, the key and the described key dependence of this dependences layer sent to the device that obtains key;

The described device that obtains key, be used for obtaining the key of key dependence and dependence layer from the device of described transmission key, according to this key dependence with rely on the key of layer, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer.

The transmission that the embodiment of the invention provides and obtain method, device and the communication system of key is applied to informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all needs to encrypt separately scene.Wherein send in the device of key and set in advance the key dependence, the device of described transmission key can be chosen from treat one of transmission information basic layer and above enhancement layer according to this key dependence and rely on layer, the key and the dependence that also will rely on layer for this dependence layer generation key send to the device that obtains key, the device that obtains key is after receiving the key and key dependence that relies on layer, can derive the key of other layer according to the key and the key dependence of this dependence layer, thereby realize the transmission of key; The embodiment of the invention only need be transmitted key and the key dependence that relies on layer, reduced the shared Internet resources of transmission security key when informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all need to encrypt separately, solved the prior art transmission security key and taken the more problem of Internet resources.

Description of drawings

In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.

The method flow diagram of the transmission key that Fig. 1 provides for the embodiment of the invention;

The method flow diagram that obtains key that Fig. 2 provides for another embodiment of the present invention;

Transmission that Fig. 3 provides for further embodiment of this invention and the method flow diagram that obtains key;

Fig. 4 is the flow chart of step 303 shown in Figure 3;

Transmission that Fig. 5 provides for yet another embodiment of the invention and the method flow diagram that obtains key;

Fig. 6 is the flow chart of step 507 shown in Figure 5;

The apparatus structure schematic diagram one of the transmission key that Fig. 7 provides for the embodiment of the invention;

The apparatus structure schematic diagram two of the transmission key that Fig. 8 provides for the embodiment of the invention;

Fig. 9 is the structural representation that derives from the unit in the device of transmission key shown in Figure 8;

The apparatus structure schematic diagram that obtains key that Figure 10 provides for the embodiment of the invention;

Figure 11 is for deriving from the structural representation of unit in the device that obtains key shown in Figure 10;

The communication system architecture schematic diagram that Figure 12 provides for the embodiment of the invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.

In order to solve when transmission has the information of hierarchy, the problem that the Internet resources that transmission security key takies are more, the embodiment of the invention provide a kind of method, device and communication system that sends and obtain key.

As shown in Figure 1, the method for the transmission key that the embodiment of the invention provides, informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this method comprises:

Step 101 is chosen from one of information to be transmitted basic layer and above enhancement layer according to the key dependence that sets in advance and to be relied on layer.

In the present embodiment, information to be transmitted is the SVC video information, and in the application process of reality, information to be transmitted also can have the information of hierachical structure for other, does not do herein and gives unnecessary details; The key dependence can be the ephemeral keys dependence, also can rely on for long term keys, wherein, ephemeral keys is used for the media content of every layer of information to be transmitted (as the SVC video information) (a basic layer and an above enhancement layer) is encrypted, and long term keys is used for the corresponding ephemeral keys of every layer of information to be transmitted (as the SVC video information) (a basic layer and an above enhancement layer) is encrypted.

In the present embodiment, the key dependence can be set up according to the dependence between one of information to be transmitted basic layer and the above enhancement layer.For example: when carrying out SVC video safe transmission, when the key dependence is the dependence of ephemeral keys, can be according to the dependence between each layer in the media content information waiting for transmission (SVC layered video information) (a basic layer and an above enhancement layer), the dependence of setting up ephemeral keys is: the ephemeral keys of an above enhancement layer depends on the ephemeral keys of basic layer, perhaps, basic layer and above enhancement layer ephemeral keys on the middle and senior level depend on the ephemeral keys of adjacent low layer; When the key dependence is the dependence of long term keys, can be according to the dependence between the corresponding ephemeral keys of each layer in the media content information waiting for transmission (SVC layered video information) (basic layer and an above enhancement layer), the dependence of setting up long term keys is: the long term keys of low layer depends on the long term keys of adjacent high level in one basic layer and the above enhancement layer.Certainly, more than only for concrete illustrating, in the use of reality, can also set up the key dependence in other way, every kind of situation is not given unnecessary details one by one herein.

Further, when described key dependence was the ephemeral keys dependence, relying on layer was the basic layer of described information to be transmitted; And/or when described key dependence was the long term keys dependence, relying on layer was the highest enhancement layer of described information to be transmitted.

Step 102 generates key for relying on layer.

Step 103 sends the key and the key dependence that rely on layer.

In the present embodiment, when described key was ephemeral keys, step 103 adopted the long term keys that relies on layer that the ephemeral keys of this dependence layer is encrypted, and generates the ephemeral keys message that relies on layer, sends the ephemeral keys message of this dependence layer; When described key was long term keys, step 103 adopted the user's who orders media content user key that the long term keys of this dependence layer is encrypted, and generates the long term keys message that relies on layer, sends the long term keys message of this dependence layer.

In the present embodiment, step 103 can send described key dependence by the conversation description of session description protocol format or the business guide of extend markup language form:

Particularly, when the key dependence is the dependence of ephemeral keys, the business guide of the conversation description of session description protocol format or extend markup language form comprises: rely on sign, derivation dependence ephemeral keys traffic identifier and first derivation and rely on the long term keys sign.Wherein, rely between the ephemeral keys that sign is used to indicate a basic layer of information to be transmitted and an above enhancement layer correspondence whether have dependence; Derive from and rely on the ephemeral keys that the ephemeral keys traffic identifier is used to indicate the dependence layer; First derives from dependence long term keys sign, is used to indicate long term keys required when deriving from ephemeral keys.

When the key dependence was the long term keys dependence, the business guide of the conversation description of session description protocol format or extend markup language form comprised: rely on sign and second and derive from dependence long term keys sign.Wherein, rely between the long term keys that sign is used to indicate a basic layer of information to be transmitted and an above enhancement layer correspondence whether have dependence; Second derives from dependence long term keys sign is used to indicate the long term keys that relies on layer.

Certainly, in the use of reality, step 103 can also send the key dependence by other modes, every kind of situation is not given unnecessary details one by one herein.

Set in advance the key dependence in the method for the transmission key that the embodiment of the invention provides, from one of information to be transmitted basic layer and above enhancement layer, chosen in advance according to this key dependence and to have relied on layer, in the time will sending key, for relying on layer, this generates key, and send the key and the key dependence of this dependence layer, thereby reach the purpose that sends key, because the method that the embodiment of the invention provides only need send key and the key dependence that relies on layer, do not need the key of each layer of information to be transmitted is all sent, so reduced the shared Internet resources of transmission security key, solved the prior art transmission security key and taken the more problem of Internet resources.

As shown in Figure 2, another embodiment of the present invention provides a kind of method of obtaining key, and informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this method comprises:

Step 201 is obtained the key dependence and is relied on the key of layer, and this dependences layer is chosen acquisition according to described key dependence for transmitting terminal from one basic layer of information to be transmitted and an above enhancement layer.

In the present embodiment, the key dependence can comprise: when the key dependence is the ephemeral keys dependence, the ephemeral keys of an above enhancement layer of information to be transmitted (SVC video information) depends on the ephemeral keys of basic layer, perhaps, one of information to be transmitted (SVC video information) basic layer and above enhancement layer ephemeral keys on the middle and senior level depend on the ephemeral keys of adjacent low layer; And/or when the key dependence was the long term keys dependence, the long term keys of low layer depended on the long term keys of adjacent high level in one of information to be transmitted (SVC video information) basic layer and the above enhancement layer.

Step 202 according to the key dependence with rely on the key of layer, derives from the key of other layer in basic layer of information to be transmitted and the above enhancement layer, can comprise:

When key is ephemeral keys, obtain the long term keys of the enhancement layer correspondence of waiting to derive from ephemeral keys in the information to be transmitted, be this enhancement layer derivation ephemeral keys according to key dependence, the ephemeral keys that relies on layer, the long term keys of enhancement layer correspondence of waiting to derive from ephemeral keys and the ephemeral keys generating function that sets in advance; Perhaps, obtain high-rise corresponding long term keys adjacent in the information to be transmitted with relying on layer, according to key dependence, the ephemeral keys that relies on layer, the high-rise corresponding long term keys adjacent with the dependence layer and the ephemeral keys generating function that sets in advance is that this high level derives from ephemeral keys, and should high level as new dependence layer, this ephemeral keys is as the ephemeral keys of new dependence layer; And/or,

When described key is long term keys, according to key dependence, the long term keys that relies on layer and the long term keys seed that sets in advance and long term keys generating function is that adjacent low layer derives from long term keys with relying on layer in the described information to be transmitted, and with this low layer as new dependence layer, this long term keys is as the long term keys of new dependence layer, wherein, the long term keys generating function is an one-way function, and the long term keys seed is an arbitrary constant.

The method of obtaining key that the embodiment of the invention provides can receive the key and the key dependence that rely on layer, and derives the key of other layer in the information to be transmitted according to the key and the key dependence that rely on layer, thereby has realized the transmission of key; Because the key that the technical scheme that the embodiment of the invention provides can derive other layer according to the key and the key dependence of dependence layer, make and when cipher key delivery, only need transmit key and the key dependence that relies on layer, reduced the shared Internet resources of transmission security key, solved the prior art transmission security key and taken the more problem of Internet resources.

In order to make those skilled in the art can more be expressly understood the technical scheme that the embodiment of the invention provides, transmission that the embodiment of the invention is provided below by specific embodiment and the method for obtaining key are elaborated.

Another embodiment provided by the invention is with in the process of transmission SVC video information, and sending and obtain ephemeral keys is that example describes.

As shown in Figure 3, the transmission that further embodiment of this invention provides and obtain the method for key comprises:

Step 301 is for a basic layer and an above enhancement layer of information to be transmitted are set up the ephemeral keys dependence.

In the present embodiment, information to be transmitted is the SVC video information, the SVC video information is divided into basic layer (L0) and three enhancement layer (L1, L2 and L3), wherein, L0 is QVGA resolution (320 * 240), L1 is VGA resolution (640 * 480), and L2 is 720p resolution (1280 * 720), and L3 is 1080p resolution (1920 * 1080 line by line); Enhancement layer L1 depends on basic layer L0, and enhancement layer L2 depends on enhancement layer L1, and enhancement layer L3 depends on enhancement layer L2.

Step 301 can be set up the dependence of ephemeral keys according to the dependence between each layer (L0, L1, L2 and L3) in the above-mentioned SVC video information.Particularly, the dependence of described ephemeral keys can all depend on the ephemeral keys of basic layer L0 for: the ephemeral keys of enhancement layer L1, L2 and L3; Perhaps, the ephemeral keys of enhancement layer L1 depends on the ephemeral keys of basic layer L0, and the ephemeral keys of enhancement layer L2 depends on the ephemeral keys of enhancement layer L1, and the ephemeral keys of enhancement layer L3 depends on the ephemeral keys of enhancement layer L2.

Present embodiment can be applied in third generation partner program multimedia broadcast-multicast service (Third Generation Partnership Project Multimedia Broadcast/Multicast Service, 3GPP MBMS) in the protection scheme, also can be applied in the exploitation mobile alliance organizes in Mobile Broadcast Services (Open Mobile Alliance Mobile Broadcast Standard, the OMA BCAST) protection scheme; In the time of in being applied in 3GPP MBMS protection scheme; step 301 is carried out by the key management functions module; the ephemeral keys of each layer of SVC video information correspondence is MBMS Traffic Key (MBMS Traffic Key; MTK); in the time of in being applied in the OMABCAST protection scheme; step 301 is carried out by protection management assembly module, the ephemeral keys of each layer of SVC video information correspondence be traffic encryption key (Traffic Encryption Key, TEK).

Step 302, the ephemeral keys dependence of setting up according to step 301 is chosen from basic layer of information to be transmitted and above enhancement layer and is relied on layer, is that this relies on layer generation ephemeral keys.

The ephemeral keys dependence of setting up according to step 301 as can be known, the ephemeral keys of each enhancement layer of SVC video information (L1, L2 and L3) all directly or indirectly depends on the ephemeral keys of basic layer L0, so, can choose basic layer in the present embodiment for relying on layer.

Further, when present embodiment was applied in the 3GPP MBMS protection scheme, step 302 was that basic layer L0 generates ephemeral keys MTK0 by the MTK generation module; When present embodiment was applied in the OMABCAST protection scheme, step 302 was that basic layer L0 generates ephemeral keys TEK0 by the ephemeral keys generation module.

Step 303, the ephemeral keys of the dependence layer that generates according to the ephemeral keys dependence of setting up in the step 301 and step 302 derives from the ephemeral keys of other layer in basic layer of information to be transmitted and the above enhancement layer.

In the present embodiment, the ephemeral keys of dependence layer is the ephemeral keys of basic layer L0 in the SVC video information.As shown in Figure 4, step 303 can comprise:

Step 3031 is set up the ephemeral keys generating function.

In the present embodiment, the core algorithm of ephemeral keys generating function employing can comprise: md5-challenge (MD5), SHA (SHA-1), data encryption standard (DES) or Advanced Encryption Standard (AES) etc.

Step 3032 is obtained the long term keys of the enhancement layer correspondence of waiting to derive from ephemeral keys in the information to be transmitted.

In the present embodiment, the enhancement layer of waiting to derive from ephemeral keys is L1, L2 and L3, can obtain the long term keys of this enhancement layer L1, L2 and L3 correspondence respectively.

Step 3033 according to the ephemeral keys of ephemeral keys dependence, basic layer, wait to derive from the long term keys and the ephemeral keys generating function of the enhancement layer correspondence of ephemeral keys, derives from ephemeral keys for waiting the enhancement layer that derives from ephemeral keys.

Particularly, when the ephemeral keys dependence is that the ephemeral keys of enhancement layer L1, L2 and L3 is when all depending on the ephemeral keys of basic layer L0, with the ephemeral keys generating function that the ephemeral keys input step 3031 of the long term keys of enhancement layer L1 and basic layer L0 is set up, obtain the ephemeral keys of enhancement layer L1; With the ephemeral keys generating function that the ephemeral keys input step 3031 of the long term keys of enhancement layer L2 and basic layer L0 is set up, obtain the ephemeral keys of enhancement layer L2; With the ephemeral keys generating function that the ephemeral keys input step 3031 of the long term keys of enhancement layer L3 and basic layer L0 is set up, obtain the ephemeral keys of enhancement layer L3.

When the ephemeral keys dependence is the ephemeral keys that the ephemeral keys of enhancement layer L1 depends on basic layer L0, the ephemeral keys of enhancement layer L2 depends on the ephemeral keys of enhancement layer L1, when the ephemeral keys of enhancement layer L3 depends on the ephemeral keys of enhancement layer L2, with the ephemeral keys generating function that the ephemeral keys input step 3031 of the long term keys of enhancement layer L1 and basic layer L0 is set up, obtain the ephemeral keys of enhancement layer L1; With the ephemeral keys generating function that the ephemeral keys input step 3031 of the long term keys of enhancement layer L2 and enhancement layer L1 is set up, obtain the ephemeral keys of enhancement layer L2; With the ephemeral keys generating function that the ephemeral keys input step 3031 of the long term keys of enhancement layer L3 and enhancement layer L2 is set up, obtain the ephemeral keys of enhancement layer L3.

In step 3033, can also in the ephemeral keys generating function, import other parameters when deriving from ephemeral keys and further adjust the ephemeral keys generating function, wherein, described other parameters can be adjusted parameter (specific constant of operator's appointment or character) etc. for operator.

Further, when present embodiment is applied in the 3GPP MBMS protection scheme, step 303 derives from module according to the ephemeral keys dependence of step 301 foundation and the dependence layer ephemeral keys MTK0 of step 302 generation by MTK, derives from ephemeral keys MTK1, MTK2 and the MTK3 of enhancement layer (L1, L2 and L3) in the SVC video information; When present embodiment is applied in the OMA BCAST protection scheme; step 303 derives from module according to the ephemeral keys dependence of step 301 foundation and the dependence layer ephemeral keys TEK0 of step 302 generation by ephemeral keys, derives from ephemeral keys TEK1, TEK2 and the TEK3 of enhancement layer (L1, L2 and L3) in the SVC video information.

Step 304, the ephemeral keys of other layer that the ephemeral keys of the dependence layer that employing step 302 generates and step 303 derive from is encrypted respectively a basic layer and an above enhancement layer of information to be transmitted, the information to be transmitted after generation is encrypted.

When present embodiment was applied in the 3GPP MBMS protection scheme, step 304 adopted ephemeral keys MTK0 that basic layer L0 in the SVC video information encrypted by the transmission encrypting module, generates the video flowing of basic layer L0; Adopt ephemeral keys MTK1 that enhancement layer L1 in the SVC video information is encrypted, generate the video flowing of enhancement layer L1; Adopt ephemeral keys MTK2 that enhancement layer L2 in the SVC video information is encrypted, generate the video flowing of enhancement layer L2; Adopt ephemeral keys MTK3 that enhancement layer L3 in the SVC video information is encrypted, generate the video flowing of enhancement layer L3.

When present embodiment was applied in the OMA BCAST protection scheme, step 304 adopted ephemeral keys TEK0 that basic layer L0 in the SVC video information encrypted by the encrypted component module, generates the video flowing of basic layer L0; Adopt ephemeral keys TEK1 that enhancement layer L1 in the SVC video information is encrypted, generate the video flowing of enhancement layer L1; Adopt ephemeral keys TEK2 that enhancement layer L2 in the SVC video information is encrypted, generate the video flowing of enhancement layer L2; Adopt ephemeral keys TEK3 that enhancement layer L3 in the SVC video information is encrypted, generate the video flowing of enhancement layer L3.

Step 305 sends to user terminal with the information to be transmitted after step 304 encryption.

In 3GPP MBMS protection scheme, step 305 sends to user terminal with the video flowing after encrypting in the step 304 by radio network by the session transmissions functional module; In OMA BCAST protection scheme, step 305 sends to user terminal with the video flowing after encrypting in the step 304 by radio network by BCAST distribution adaptation module.

Step 306 sends the ephemeral keys that relies on layer to user terminal.

In 3GPP MBMS protection scheme, step 306 adopts the long term keys that relies on layer that the ephemeral keys that relies on layer is encrypted by the key management functions module, send to user terminal after the ephemeral keys message encapsulation format encapsulation of ephemeral keys according to 3GPP MBMS protection scheme with the dependence layer after encrypting;

In OMA BCAST protection scheme, step 306 can adopt the long term keys that relies on layer that the ephemeral keys that relies on layer is encrypted by the key distribution module, sends to user terminal after the ephemeral keys message encapsulation format encapsulation of ephemeral keys according to the professional protection scheme of 3GPP smart card of OMA BCAST with the dependence layer after encrypting; Also can adopt the long term keys that relies on layer that the ephemeral keys that relies on layer is encrypted by the protection Management Unit; generate the ephemeral keys message that relies on layer; the ephemeral keys message that will rely on layer is again passed to the key distribution module, by sending to user terminal after the ephemeral keys message encapsulation format encapsulation of key distribution module according to the professional protection scheme of 3GPP smart card of OMA BCAST.

Step 307 sends the ephemeral keys dependence to user terminal.

In the present embodiment, the ephemeral keys dependence can be carried in the conversation description of session description protocol format and send, and also can be carried in the business guide of extend markup language form to send.

The business guide of the conversation description of described session description protocol format or extend markup language form can comprise: dependence sign, derivation rely on information such as the ephemeral keys traffic identifier and the first derivation dependence long term keys sign etc.Wherein, the purposes that dependence sign, derivation rely on the ephemeral keys traffic identifier and the first derivation dependence long term keys sign is consistent with the description in the abovementioned steps 102.

Particularly, in 3GPP MBMS protection scheme, step 307 can send to user terminal with the ephemeral keys dependence by the radio network or the Internet by the key management functions module, and concrete implementation method can comprise following two kinds:

Method 1: the conversation description of the session description protocol format that the customer service of key management functions module expansion 3GPP MBMS is described, the ephemeral keys dependence is described.The conversation description of the session description protocol format that the customer service of expansion 3GPP MBMS is described is described the ephemeral keys school and is given birth to dependence information, and conversation description is defined as follows:

Dependentflag: rely on sign, whether have dependence between the indication ephemeral keys, if be true, there is dependence in expression, can produce ephemeral keys by the derivation mode; Default to false, there is not dependence in expression, can not produce ephemeral keys by the derivation mode;

Dependentstreamid: derive from dependence ephemeral keys traffic identifier, the sign of the ephemeral keys stream that indication relies on, in the present embodiment, dependentstreamid points to layer ephemeral keys stream substantially;

Keyid: first derives from dependence long term keys sign, the sign of required long term keys when indication is derived from, and in the present embodiment, keyid points to layer corresponding long term keys sign of waiting to derive from ephemeral keys.

The example of the conversation description of the session description protocol format of a SVC video under 3GPP MBMS environment can be represented by coding form as follows:

v＝0

o＝svcsrv?289083124289083124IN?IP4host.example.com

s＝LAYERED?VIDEO?SIGNALING?Seminar

t＝00

c＝IN?IP4192.0.2.1/127

a＝group:DDP?L1L2L3

m＝video?40000RTP/AVP?96

b＝AS:90

a＝framerate:15

a＝rtpmap:96H264/90000

a＝mid:L1

a＝mtkstream:10

m＝video?40002RTP/AVP?98

b＝AS:64

a＝framerate:15

a＝rtpmap:98H264-SVC/90000

a＝mid:L2

a＝depend:98lay?L1:96；

a＝mtkstream:11

m＝video?40004RTP/AVP?100

b＝AS:128

a＝framerate:30

a＝rtpmap:100H264-SVC/90000

a＝mid:L3

a＝depend:100lay?L2:98；

a＝mtkstream:12

m＝application?2269udp?3gpp.MTK

c＝IP4224.2.17.12/127

a＝fmtp:3gpp.MTK?streamid＝10；

m＝application?0?udp?3gpp.MTK

a＝fmtp:3gpp.MTK?streamid＝11；dependentflag＝true；dependentstreamid＝10；keyid＝123456780

m＝application?0udp?3gpp.MTK

a＝fmtp:3gpp.MTK?streamid＝12；dependentflag＝true；dependentstreamid＝10；keyid＝123456781

Method 2: the security descriptor burst (metadata of extend markup language form) that the key management functions module is described by the customer service of expansion 3GPP MBMS, the ephemeral keys dependence is described.

The security descriptor burst that the customer service of expansion 3GPP MBMS is described adds " MTKDependentDescription " element, describes ephemeral keys and relies on information, and description is defined as follows:

" MTKDependentDescription " element comprises following attribute:

" MTKDependentDescription " element comprises following element: " DependentRef "

" DependentRef " element comprises following attribute:

Keystreamid: the sign of ephemeral keys stream;

MSKkeyid: first derives from dependence long term keys sign, the sign of required long term keys when indication is derived from, and in the present embodiment, MSKkeyid points to layer corresponding long term keys sign of waiting to derive from ephemeral keys.

In OMA BCAST protection scheme, step 307 can send to user terminal with the ephemeral keys dependence by the BCAST subscription management module, and concrete implementation method can comprise following two kinds:

Method 1:BCAST subscription management module is described the ephemeral keys dependence by the conversation description of the session description protocol format in the access burst of the business guide of expansion OMABCAST.To the description of original ephemeral keys stream, key stream is described and is comprised derivation dependence information in the conversation description of the session description protocol format in the access burst of the business guide of expansion OMABCAST, and the conversation description of session description protocol format is defined as follows:

Dependentflag: rely on sign with reference to the definition in the conversation description of the session description protocol format of the customer service description of 3GPP MBMS;

Dependentstreamid: the definition in the conversation description of the session description protocol format of describing with reference to the customer service of 3GPP MBMS;

Keyid: the definition in the conversation description of the session description protocol format of describing with reference to the customer service of 3GPP MBMS.

The example of the conversation description of the session description protocol format of a SVC video under the OMABCAST environment can be represented by coding form as follows:

v＝0

o＝svcsrv?289083124289083124IN?IP4host.example.com

s＝LAYFRED?VIDEOSIGNALING?Seminar

t＝00

c＝IN?IP4192.0.2.1/127

a＝group:DDP?L1L2L3

m＝video?40000RTP/AVP?96

b＝AS:90

a＝framerate:15

a＝rtpmap:96H264/90000

a＝mid:L1

a＝stkmstream:10

m＝video?40002RTP/AVP?98

b＝AS:64

a＝framerate:15

a＝rtpmap:98H264-SVC/90000

a＝mid:L2

a＝depend:98lay?L1:96；

a＝stkmstream:11

m＝video?40004RTP/AVP?100

b＝AS:128

a＝framerate:30

a＝rtpmap:100H264-SVC/90000

a＝mid:L3

a＝depend:100lay?L2:98；

a＝stkmstream:12

m＝application?49230udp?vnd.oma.bcast.stkm

c＝IP4224.2.17.12/127

a＝fmtp:vnd.oma.bcast.stkm streamid＝10；serviceprovider＝DiscountBcast；kmstype＝oma-bcast-drm-pki

m＝application?0?udp?vnd.oma.bcast.stkm

a＝fmtp:vnd.oma.bcast.stkm?streamid＝11；serviceprovider＝DiscountBcast；kmstype＝oma-bcast-drm-pki；dependentflag＝true；dependentstreamid＝10；keyid＝123456780

m＝application?0udp?vnd.oma.bcast.stkm

a＝fmtp:vnd.oma.bcast.stkm?streamid＝12；serviceprovider＝DiscountBcast；kmstype＝oma-bcast-drm-pki；dependentflag＝true；dependentstreamid＝10；keyid＝123456781

Method 2:BCAST subscription management module is described the dependence between ephemeral keys by the access burst of the business guide of OMABCAST." SessionDescription " element of the access burst of the business guide of expansion OMA BCAST, the ephemeral keys of describing between key stream according to " DependentDescription " element key stream relies on information, and description is defined as follows:

" DependentDescription " element comprises following attribute:

" DependentDescription " element comprises following element: " DependentRef "

" DependentRef " element comprises following attribute:

Keystreamid: the sign of ephemeral keys stream;

Keyid: derive from dependence long term keys sign, the sign of required long term keys when indication is derived from, in the present embodiment, keyid points to layer corresponding long term keys sign of waiting to derive from ephemeral keys.

Above-described method to user terminal transmission ephemeral keys dependence only is concrete giving an example, and can also send the ephemeral keys dependence to user terminal by additive method in the use of reality, every kind of situation is not given unnecessary details one by one herein.

Step 308, user terminal are obtained the ephemeral keys dependence.

In the present embodiment, user terminal can obtain the ephemeral keys dependence from the business guide of the conversation description of session description protocol format or extend markup language form.

Particularly, in 3GPP MBMS protection scheme, user terminal can receive conversation description or the security descriptor that comprises the ephemeral keys dependency information, and this conversation description or security descriptor are resolved, and obtains the ephemeral keys dependence; In OMA BCAST protection scheme; user terminal can receive the OMA BCAST that comprises the ephemeral keys dependency information business guide the access burst or insert conversation description in the burst; the access burst of the business guide of this OMA BCAST or the conversation description that inserts in the burst are resolved, obtain the ephemeral keys dependence.

Step 309, user terminal receives the ephemeral keys that relies on layer, and in the present embodiment, the ephemeral keys that relies on layer is the ephemeral keys of the basic layer L0 of SVC video information.

In 3GPP MBMS protection scheme, step 309 can receive the ephemeral keys stream of basic layer L0 by MTK decrypt messages module, adopt the long term keys of the basic layer L0 that obtains in advance that this ephemeral keys stream is deciphered, obtain the ephemeral keys MTK0 of basic layer L0; In the OMABCAST protection scheme; step 309 can receive the ephemeral keys stream of layer L0 substantially by the 3GPP smart card of OMA BCAST or the security client assembly of user terminal; adopt the long term keys of the basic layer L0 that obtains in advance that this ephemeral keys stream is deciphered, obtain the ephemeral keys TEK0 of basic layer L0.

The ephemeral keys of the dependence layer that ephemeral keys dependence that step 310, user terminal are obtained according to step 308 and step 309 are obtained derives from the ephemeral keys of other layer in basic layer of information to be transmitted and the above enhancement layer.

In the present embodiment, information to be transmitted is the SVC video information, and the specific implementation method of step 310 can be described referring to step shown in Figure 4 in the step 303, repeats no more herein.The ephemeral keys generating function that this step is set up is identical with the ephemeral keys generating function of foundation in the step 303.

Need to prove that in 3GPP MBMS protection scheme, step 310 specifically derives from module by MTK to be carried out; In the OMABCAST protection scheme; step 310 specifically derives from module by ephemeral keys to be carried out; further, this ephemeral keys derives from the part that module can belong to the security client assembly of user terminal, also can belong to the part of the security client assembly of smart card.

Step 311, user terminal receive described information to be transmitted.

In the present embodiment, information to be transmitted is the SVC video information, and user terminal can be determined the SVC video information layer that needs receive according to the concrete resolution of ordering, and receives the video flowing of each layer correspondence.For example: when the resolution of user terminal subscription was 1080p, this user terminal can receive the basic layer L0 of SVC video information and the video flowing of enhancement layer L1, L2 and L3 correspondence.

Step 312, other layer ephemeral keys that dependence layer ephemeral keys that user terminal use step 309 is obtained and step 310 derive from is decrypted the information to be transmitted that step 311 receives.

For example: when the resolution of user terminal subscription is 1080p, user terminal can obtain the ephemeral keys of basic layer L0 in step 309, user terminal can derive the ephemeral keys of enhancement layer L1, L2 and L3 correspondence in step 310, in this step, the ephemeral keys that user terminal can adopt basic layer L0 is decrypted the video flowing of the basic layer L0 that step 311 receives, obtains the video information of basic layer L0 correspondence; The ephemeral keys of employing enhancement layer L1 is decrypted the video flowing of the enhancement layer L1 that step 311 receives, obtains the video information of enhancement layer L1 correspondence; The ephemeral keys of employing enhancement layer L2 is decrypted the video flowing of the enhancement layer L2 that step 311 receives, obtains the video information of enhancement layer L2 correspondence; The ephemeral keys of employing enhancement layer L3 is decrypted the video flowing of the enhancement layer L3 that step 311 receives, obtains the video information of enhancement layer L3 correspondence, and then obtains the video information of 1080p resolution.

The transmission that the embodiment of the invention provides and obtain the method for key, the transmitting terminal of ephemeral keys has set in advance the ephemeral keys dependence, the transmitting terminal of this ephemeral keys is chosen basic layer as relying on layer according to the ephemeral keys dependence from the SVC video information, and be this dependence layer generation ephemeral keys, the transmitting terminal of ephemeral keys only sends to user terminal with the ephemeral keys of ephemeral keys dependence and basic layer, after user terminal receives the ephemeral keys of ephemeral keys dependence and basic layer, can derive the ephemeral keys of other layer in the SVC video information, reach the purpose of transmission ephemeral keys; Because the embodiment of the invention only needs to transmit the ephemeral keys of ephemeral keys dependence and basic layer, and do not need to transmit the ephemeral keys of each layer of SVC video information correspondence, so saved the shared Internet resources of transmission ephemeral keys, solved prior art transmission ephemeral keys and taken the more problem of Internet resources.

An embodiment more provided by the invention is with in the process of transmission SVC video information, and sending and obtain ephemeral keys is that example describes.

As shown in Figure 5, the transmission that yet another embodiment of the invention provides and obtain the method for key comprises:

Step 501 is for a basic layer and an above enhancement layer of information to be transmitted are set up the long term keys dependence.

In the present embodiment, information to be transmitted is the SVC video information, but the associated description in the layering of SVC video information and each layer dependence refer step 301.

Step 501 can be set up the dependence of long term keys according to the dependence between each layer in the SVC video information (L0, L1, L2 and L3).Need to set up linear dependence between the long term keys, particularly, the dependence of described long term keys can for: the long term keys of enhancement layer L2 depends on the long term keys of enhancement layer L3, the long term keys of enhancement layer L1 depends on the long term keys of enhancement layer L2, and the long term keys of basic layer L0 depends on the long term keys of enhancement layer L1.

Present embodiment can be applied in the 3GPP MBMS protection scheme, also can be applied in the OMA BCAST protection scheme; In the time of in being applied in 3GPP MBMS protection scheme; step 501 is carried out by the key management functions module; the long term keys of each layer of SVC video information correspondence is MBMS Service Key (MBMS Service Key; MSK); in the time of in being applied in the OMABCAST protection scheme; step 501 is carried out by the BCAST subscription management module, the long term keys of each layer of SVC video information correspondence be traffic encryption key (Service Encryption Key, SEK).

Step 502, the long term keys dependence of setting up according to step 501 is chosen from basic layer of information to be transmitted and above enhancement layer and is relied on layer, is that this relies on layer generation long term keys.

The long term keys dependence of setting up according to step 501 as can be known, exist between the long term keys of each layer in the SVC video information linear dependence one by one the long term keys of enhancement layer L2 depend on the long term keys of enhancement layer L3, the long term keys of enhancement layer L1 depends on the long term keys of enhancement layer L2, the long term keys of basic layer L0 depends on the long term keys of enhancement layer L1, so step 502 can be chosen the highest enhancement layer (L3) for relying on layer.

Further, when present embodiment was applied in the 3GPP MBMS protection scheme, step 502 generated long term keys MSK3 by the MTK generation module for enhancement layer L3; When present embodiment was applied in the OMA BCAST protection scheme, step 5302 generated long term keys SEK3 by the long term keys generation module for enhancement layer L3.

Step 503 sends the long term keys that relies on layer to user terminal.

In 3GPP MBMS protection scheme, the concrete resolution that step 503 is subscribed to according to the user by the key management functions module, adopt user's user key that the long term keys that relies on layer is encrypted, with of the long term keys message format encapsulation of encrypted long term keys, send to user terminal by the radio network or the Internet according to 3GPP MBMS protection scheme; In OMA BCAST protection scheme; the concrete resolution that step 503 is subscribed to according to the user by BCAST distribution adaptation module; adopt user's user key that the long term keys that relies on layer is encrypted, send to user terminal after the ephemeral keys message encapsulation format encapsulation of long term keys with the dependence layer after encrypting according to the professional protection scheme of 3GPP smart card of OMA BCAST.

Step 504 sends the long term keys dependence to user terminal.

In the present embodiment, the long term keys dependence can be carried in the conversation description of session description protocol format and send, and also can be carried in the business guide of extend markup language form to send.

The business guide of the conversation description of described session description protocol format or extend markup language form can comprise: rely on sign and second and derive from dependence long term keys sign etc.Wherein, the dependence sign and second description of deriving from the purposes and aforementioned 102 that relies on the long term keys sign are consistent.

Particularly, in 3GPP MBMS protection scheme, step 504 can send to user terminal with the ephemeral keys dependence by the key management functions module, and concrete implementation method can comprise following two kinds:

Method 1: the customer service of key management functions module expansion 3GPP MBMS is described, and describes the long term keys dependence.Particularly, in the present embodiment, the key management functions module is described the long term keys dependence by " KeyID " element in the security descriptor burst of the customer service description of expansion 3GPP MBMS.

" KeyID " element extended attribute is defined as follows:

Dependentflag: rely on sign, whether have dependence between the indication long term keys, if be true, there is dependence in expression, can produce long term keys by the derivation mode; Default to fase, there is not dependence in expression, can not produce long term keys by the derivation mode;

Dependentkeyid: second derive to rely on the long term keys sign, indication long term keys sign, and in the present embodiment, the dependentkeyid indication waits to derive from the long term keys of last layer of the layer of long term keys.

Method 2: the conversation description of the session description protocol format during the key management functions module is described by the customer service of expansion 3GPP MBMS, the long term keys dependence is described.

The session attribute of the conversation description of the session description protocol format during the customer service of expansion 3GPP MBMS is described increases the description to the dependence between long term keys, and conversation description is defined as follows:

a＝keydependent:KeyID?XXXX?dependentkeyid?XXXX，...，...，

Keyid: long term keys sign;

In OMA BCAST protection scheme, step 504 can send to user terminal with the long term keys dependence by the BCAST subscription management module, and concrete implementation method can comprise following two kinds:

Method 1:BCAST subscription management module is described the long term keys dependence by the business guide of expansion OMA BCAST.Particularly, in the present embodiment, the BCAST subscription management module is described the long term keys dependence by " ProtectionKeyID " element in professional burst, content fragment or the purchase burst of the business guide of expansion OMABCAST.

" ProtectionKeyID " element extended attribute is defined as follows:

Dependentflag: rely on sign, whether have dependence between the indication long term keys, if be true, there is dependence in expression, can produce long term keys by the derivation mode; Default to false, there is not dependence in expression, can not produce long term keys by the derivation mode;

Method 2:BCAST subscription management module is described the long term keys dependence by the conversation description that obtains the session description protocol format in the access burst of the business guide of expansion OMA BCAST.

The session attribute that obtains the conversation description that inserts the session description protocol format in the burst of the business guide of expansion OMA BCAST increases the description to the dependence between long term keys, and the conversation description of session description protocol format is defined as follows:

a＝keydependent:KeyID?XXXX?dependentkeyid?XXXX，...，...，

Keyid: long term keys sign;

Above-described method to user terminal transmission long term keys dependence only is concrete giving an example, and can also send the long term keys dependence to user terminal by additive method in the use of reality, every kind of situation is not given unnecessary details one by one herein.

Step 505, user terminal are obtained the long term keys dependence.

In the present embodiment, user terminal can obtain the long term keys dependence from the business guide of the conversation description of session description protocol format or extend markup language form.

Particularly, in 3GPP MBMS protection scheme, user terminal can receive the customer service that comprises the long term keys dependency information and describe, and to resolving that this customer service is described, obtains the long term keys dependence; In OMA BCAST protection scheme; user terminal can receive professional burst, the content fragment of the business guide of the OMA BCAST that comprises the long term keys dependency information or buy burst; to professional burst, the content fragment of the business guide of this OMA BCAST or buy burst and resolve, obtain the long term keys dependence.

Step 506, user terminal receive to rely on the long term keys of layer, and in the present embodiment, the long term keys that relies on layer is the long term keys of the highest enhancement layer of SVC video information.

In the present embodiment, user terminal can be determined the long term keys of the dependence layer that needs receive according to the resolution of ordering, and for example: when the user had ordered 1080p resolution, needing the long term keys of the dependence layer of reception was the long term keys of enhancement layer L3; When the user had ordered 720p resolution, needing the long term keys of the dependence layer of reception was the long term keys of enhancement layer L2.

The long term keys of the dependence layer that long term keys dependence that step 507, user terminal are obtained according to step 505 and step 506 are obtained derives from the long term keys of other layer in basic layer of information to be transmitted and the above enhancement layer.

Present embodiment is ordered 1080p resolution with the user, and the long term keys that relies on layer is that the long term keys of enhancement layer L3 is that example describes.

As shown in Figure 6, step 507 can comprise:

Step 5071 is set up the long term keys generating function.

In this example, the long term keys generating function is an one-way function, and the core algorithm that this long term keys generating function adopts can comprise: md5-challenge (MD5), SHA (SHA-1), data encryption standard (DES) or Advanced Encryption Standard (AES) etc.

Step 5072, according to long term keys dependence, the long term keys generating function set up of the long term keys of high enhancement layer and the long term keys seed that sets in advance and step 5071, derive from the long term keys of other layer, wherein, the long term keys seed can be arbitrary constant, also can be long term keys ID etc.

Particularly, step 5072 can be input to the long term keys generating function that step 5071 is set up with the long term keys of the highest enhancement layer L3 and the long term keys seed that sets in advance according to the long term keys dependence, obtains the long term keys of enhancement layer L2; The long term keys of enhancement layer L2 and the long term keys seed that sets in advance are input to the long term keys generating function that step 5071 is set up, obtain the long term keys of enhancement layer L1; The long term keys of enhancement layer L1 and the long term keys seed that sets in advance are input to the long term keys generating function that step 5071 is set up, obtain the long term keys of basic layer L0.

In step 5072, can also in the long term keys generating function, import other parameters when deriving from long term keys and further adjust the long term keys generating function, wherein, described other parameters can be adjusted parameter (specific constant of operator's appointment or character) etc. for operator.

Further, when present embodiment is applied in the 3GPP MBMS protection scheme, step 507 derives from the long term keys MSK3 of the dependence layer (enhancement layer L3) that long term keys dependence that module obtains according to step 505 and step 506 obtain by MSK, derives from long term keys MSK0, MSK1 and the MSK2 of basic layer L0 and enhancement layer (L1 and L2) in the SVC video information; When present embodiment is applied in the OMA BCAST protection scheme; step 507 derives from the long term keys SEK3 of the dependence layer (enhancement layer L3) that long term keys dependence that module obtains according to step 505 and step 506 obtain by long term keys, derives from long term keys SEK0, SEK1 and the SEK2 of basic layer L0 and enhancement layer (L1 and L2) in the SVC video information.

Further, in the present embodiment, long term keys derives from the part that module can belong to the security client assembly of user terminal, also can belong to the part of the security client assembly of smart card.

The transmission that the embodiment of the invention provides and obtain the method for key, the transmitting terminal of long term keys has set in advance the long term keys dependence, the transmitting terminal of this long term keys is chosen the highest enhancement layer as relying on layer according to the long term keys dependence from the SVC video information, and be this dependence layer generation long term keys, the transmitting terminal of long term keys only with the long term keys dependence and the long term keys of high enhancement layer send to user terminal, user terminal receives the long term keys dependence and after the long term keys of high enhancement layer, can derive the long term keys of other layer in the SVC video information, reach the purpose of transmission long term keys; Because the embodiment of the invention only needs to transmit the long term keys dependence and the long term keys of high enhancement layer, and do not need to transmit the long term keys of each layer of SVC video information correspondence, so saved the shared Internet resources of transmission long term keys, solved prior art transmission long term keys and taken the more problem of Internet resources.

As shown in Figure 7, the embodiment of the invention also provides a kind of device that sends key, and informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this device comprises:

Choose unit 701, be used for choosing the dependence layer from a basic layer and an above enhancement layer of information to be transmitted according to the key dependence that sets in advance;

Generation unit 702 is used to the described dependence layer of choosing unit 701 of choosing to generate key;

First transmitting element 703 is used to send the key and the described key dependence of the dependence layer that described generation unit 702 generates.

Further, as shown in Figure 8, shown in send key device can also comprise:

Derive from unit 704, be used for the key of the dependence layer that generates according to the described key dependence that sets in advance and described generation unit 702, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer;

Ciphering unit 705, be used for adopting the key of the dependence layer that described generation unit 702 generates and a basic layer that described derivation unit 704 generates and the key of above other layer of enhancement layer, each layer to described information to be transmitted encrypted respectively, generates the information to be transmitted after encrypting;

Second transmitting element 706 is used to send the information to be transmitted after described ciphering unit 705 is encrypted.

Further, as shown in Figure 9, described derivation unit 704 can comprise:

First derives from subelement 7041, be used for when described key is ephemeral keys, obtain the long term keys of the enhancement layer correspondence of waiting to derive from ephemeral keys in the described information to be transmitted, be this enhancement layer derivation ephemeral keys according to described key dependence, the ephemeral keys that relies on layer, the long term keys of enhancement layer correspondence of waiting to derive from ephemeral keys and the ephemeral keys generating function that sets in advance; Perhaps, obtain in the described information to be transmitted and the described adjacent high-rise corresponding long term keys of layer that rely on, according to described key dependence, the ephemeral keys that relies on layer, the high-rise corresponding long term keys adjacent with described dependence layer and the second ephemeral keys generating function that sets in advance is that this high level derives from ephemeral keys, and should high level as new dependence layer, this ephemeral keys is as the ephemeral keys of new dependence layer; And/or,

Second derives from subelement 7042, be used for when described key is long term keys, according to described key dependence, the long term keys that relies on layer and the long term keys seed that sets in advance and long term keys generating function is to derive from long term keys with the described adjacent low layer of layer that rely in the described information to be transmitted, and with this low layer as new dependence layer, this long term keys is as the long term keys of new dependence layer.

Transmission that the device specific implementation method of the transmission key that the embodiment of the invention provided can provide referring to the embodiment of the invention and the method for obtaining key are described, repeat no more herein.

The device of the transmission key that the embodiment of the invention provides, being applied to informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all needs the scene of encrypting separately.This method has set in advance the key dependence, from one of information to be transmitted basic layer and above enhancement layer, chosen in advance according to this key dependence and to have relied on layer, in the time will sending key, for relying on layer, this generates key, and send the key and the key dependence of this dependence layer, thereby reach the purpose that sends key, because the device that the embodiment of the invention provides only need send key and the key dependence that relies on layer, do not need the key of each layer of information to be transmitted is all sent, so reduced the shared Internet resources of transmission security key, solved the prior art transmission security key and taken the more problem of Internet resources.

As shown in figure 10, the embodiment of the invention also provides a kind of device that obtains key, and informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this device comprises:

Acquiring unit 1001 is used to obtain the key dependence and relies on the key of layer, and this dependences layer is chosen acquisition according to described key dependence for transmitting terminal from one basic layer of information to be transmitted and an above enhancement layer;

Derive from unit 1002, be used for key dependence of obtaining according to described acquiring unit 1001 and the key that relies on layer, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer.

Further, as shown in figure 11, described derivation unit 1002 can comprise:

First derives from subelement 10021, be used for when described key is ephemeral keys, obtain the long term keys of the enhancement layer correspondence of waiting to derive from ephemeral keys in the described information to be transmitted, be this enhancement layer derivation ephemeral keys according to described key dependence, the ephemeral keys that relies on layer, the long term keys of enhancement layer correspondence of waiting to derive from ephemeral keys and the ephemeral keys generating function that sets in advance; Perhaps, obtain in the described information to be transmitted and the described adjacent high-rise corresponding long term keys of layer that rely on, according to described key dependence, the ephemeral keys that relies on layer, the high-rise corresponding long term keys adjacent with described dependence layer and the ephemeral keys generating function that sets in advance is that this high level derives from ephemeral keys, and should high level as new dependence layer, this ephemeral keys is as the ephemeral keys of new dependence layer; And/or,

Second derives from subelement 10022, be used for when described key is long term keys, according to described key dependence, the long term keys that relies on layer and the long term keys seed that sets in advance and long term keys generating function is to derive from long term keys with the described adjacent low layer of layer that rely in the described information to be transmitted, and with this low layer as new dependence layer, this long term keys is as the long term keys of new dependence layer.

Transmission that the device specific implementation method of obtaining key that the embodiment of the invention provides can provide referring to the embodiment of the invention and the method for obtaining key are described, repeat no more herein.

The device that obtains key that the embodiment of the invention provides, being applied to informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all needs the scene of encrypting separately.This method can receive key and the key dependence that relies on layer, and derives the key of other layer in the information to be transmitted according to the key and the key dependence that rely on layer, thereby has realized the transmission of key; Because the key that the technical scheme that the embodiment of the invention provides can derive other layer according to the key and the key dependence of dependence layer, make and when cipher key delivery, only need transmit key and the key dependence that relies on layer, reduced the shared Internet resources of transmission security key, solved the prior art transmission security key and taken the more problem of Internet resources.

As shown in figure 12, the embodiment of the invention also provides a kind of communication system, and informational needs Delamination Transmission wherein to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this system comprises:

Send the device 1201 of key, be used for choosing the dependence layer from a basic layer and an above enhancement layer of information to be transmitted according to the key dependence that sets in advance, be that this relies on layer and generates key, the key and the described key dependence of this dependences layer sent to the device 1202 that obtains key;

The described device 1202 that obtains key, be used for obtaining the key of key dependence and dependence layer from the device 1201 of described transmission key, according to this key dependence with rely on the key of layer, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer.

Transmission that the communication system specific implementation method that the embodiment of the invention provides can provide referring to the embodiment of the invention and the method for obtaining key are described, repeat no more herein.

The communication system that the embodiment of the invention provides, be applied to informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted and all need the scene of encrypting separately, set in advance the key dependence in the device of this method transmission key, the device of described transmission key can be chosen from treat one of transmission information basic layer and above enhancement layer according to this key dependence and rely on layer, the key and the dependence that also will rely on layer for this dependence layer generation key send to the device that obtains key, the device that obtains key is after receiving the key and key dependence that relies on layer, can derive the key of other layer according to the key and the key dependence of this dependence layer, thereby realize the transmission of key; The embodiment of the invention only need be transmitted key and the key dependence that relies on layer, has reduced the shared Internet resources of transmission security key, has solved the prior art transmission security key and has taken the more problem of Internet resources.

The transmission that the embodiment of the invention provides and method, device and the communication system of obtaining key can be applied in the process of transmitting layered information encryption key, specifically can be applied in as in 3GPP MBMS protection scheme or the OMABCAST protection scheme etc.

One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in the computer-readable recording medium, as ROM/RAM, magnetic disc or CD etc.

The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection range with claim.

Claims

1. a method that sends key is characterized in that, informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this method comprises:

Choose from one of information to be transmitted basic layer and above enhancement layer according to the key dependence that sets in advance and to rely on layer;

For described dependence layer generates key;

Send described key and the described key dependence that relies on layer.

2. method according to claim 1 is characterized in that, described key dependence comprises:

When described key dependence is the ephemeral keys dependence, the ephemeral keys of an above enhancement layer of described information to be transmitted depends on the ephemeral keys of basic layer, perhaps, described information to be transmitted basic layer and above enhancement layer ephemeral keys on the middle and senior level depend on the ephemeral keys of adjacent low layer; And/or,

When described key dependence was the long term keys dependence, the long term keys of low layer depended on the long term keys of adjacent high level in one of described information to be transmitted basic layer and the above enhancement layer.

3. method according to claim 1 is characterized in that, described key dependence is carried in the conversation description of session description protocol format and sends, and perhaps is carried in the business guide of extend markup language form to send.

4. method according to claim 3 is characterized in that,

When described key dependence is the dependence of ephemeral keys, the conversation description of described session description protocol format, perhaps the business guide of extend markup language form comprises: rely on sign, derivation dependence ephemeral keys traffic identifier and first derivation and rely on the long term keys sign

Wherein, described dependence sign, be used to indicate between the ephemeral keys of a basic layer of described information to be transmitted and an above enhancement layer correspondence and whether have dependence, described derivation relies on the ephemeral keys traffic identifier, be used to indicate the ephemeral keys that relies on layer, described first derives from dependence long term keys sign, is used to indicate long term keys required when deriving from ephemeral keys.

5. method according to claim 3 is characterized in that,

When described key dependence is the long term keys dependence, the conversation description of described session description protocol format, the perhaps business guide of extend markup language form comprises: relies on sign and second and derives from and rely on long term keys and identify,

Wherein, described dependence sign is used to indicate between the long term keys of a basic layer of described information to be transmitted and an above enhancement layer correspondence whether have dependence, and described second derives from and rely on the long term keys sign, is used to indicate the long term keys that relies on layer.

6. according to any described method among the claim 1-5, it is characterized in that, also comprise:

According to the key of described key dependence that sets in advance and described dependence layer, derive from the key of other layer in one of described information to be transmitted basic layer and the above enhancement layer;

Adopt the key of other layer in a described key that relies on layer and a described basic layer and the above enhancement layer, each layer of described information to be transmitted is encrypted the information to be transmitted after the generation encryption respectively;

Send the information to be transmitted after the described encryption.

7. method according to claim 6 is characterized in that, described key according to described key dependence that sets in advance and described dependence layer, and the key that derives from other layer in one of described information to be transmitted basic layer and the above enhancement layer comprises:

When described key is ephemeral keys, obtain the long term keys of the enhancement layer correspondence of waiting to derive from ephemeral keys in the described information to be transmitted, be this enhancement layer derivation ephemeral keys according to described key dependence, the ephemeral keys that relies on layer, the long term keys of enhancement layer correspondence of waiting to derive from ephemeral keys and the ephemeral keys generating function that sets in advance; Perhaps, obtain in the described information to be transmitted and the described adjacent high-rise corresponding long term keys of layer that rely on, according to described key dependence, the ephemeral keys that relies on layer, the high-rise corresponding long term keys adjacent with described dependence layer and the ephemeral keys generating function that sets in advance is that this high level derives from ephemeral keys, and should high level as new dependence layer, this ephemeral keys is as the ephemeral keys of new dependence layer; And/or,

When described key is long term keys, according to described key dependence, the long term keys that relies on layer and the long term keys seed that sets in advance and long term keys generating function is to derive from long term keys with the described adjacent low layer of layer that rely in the described information to be transmitted, and with this low layer as new dependence layer, this long term keys is as the long term keys of new dependence layer, and wherein said long term keys generating function is an one-way function.

8. a method of obtaining key is characterized in that, informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this method comprises:

Obtain the key dependence and rely on the key of layer, this dependences layer is chosen acquisition according to described key dependence for transmitting terminal from one basic layer of information to be transmitted and an above enhancement layer;

According to described key dependence with rely on the key of layer, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer.

9. method according to claim 8 is characterized in that, described key dependence comprises:

10. method according to claim 8 is characterized in that, and is described according to described key dependence with rely on the key of layer, derives from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer, comprising:

11. a device that sends key is characterized in that, informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this device comprises:

12. device according to claim 11 is characterized in that, also comprises:

Derive from the unit, be used for the key of the dependence layer that generates according to the described key dependence that sets in advance and described generation unit, derive from the key of other layer in basic layer of described information to be transmitted and the above enhancement layer;

Ciphering unit, be used for adopting the key of the dependence layer that described generation unit generates and a basic layer that described derivation unit generates and the key of above other layer of enhancement layer, each layer to described information to be transmitted encrypted respectively, generates the information to be transmitted after encrypting;

Second transmitting element is used to send the information to be transmitted after described ciphering unit is encrypted.

13. device according to claim 12 is characterized in that, described derivation unit comprises:

First derives from subelement, be used for when described key is ephemeral keys, obtain the long term keys of the enhancement layer correspondence of waiting to derive from ephemeral keys in the described information to be transmitted, be this enhancement layer derivation ephemeral keys according to described key dependence, the ephemeral keys that relies on layer, the long term keys of enhancement layer correspondence of waiting to derive from ephemeral keys and the ephemeral keys generating function that sets in advance; Perhaps, obtain in the described information to be transmitted and the described adjacent high-rise corresponding long term keys of layer that rely on, according to described key dependence, the ephemeral keys that relies on layer, the high-rise corresponding long term keys adjacent with described dependence layer and the second ephemeral keys generating function that sets in advance is that this high level derives from ephemeral keys, and should high level as new dependence layer, this ephemeral keys is as the ephemeral keys of new dependence layer; And/or,

Second derives from subelement, be used for when described key is long term keys, according to described key dependence, the long term keys that relies on layer and the long term keys seed that sets in advance and long term keys generating function is to derive from long term keys with the described adjacent low layer of layer that rely in the described information to be transmitted, and with this low layer as new dependence layer, this long term keys is as the long term keys of new dependence layer.

14. a device that obtains key is characterized in that, informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this device comprises:

15. device according to claim 14 is characterized in that, described derivation unit comprises:

16. a communication system is characterized in that, informational needs Delamination Transmission to be transmitted and every layer of information to be transmitted all need to encrypt separately, and this system comprises: