CN102256170A - Encryption method and decryption method based on no-card CA (Certificate Authority) - Google Patents
Encryption method and decryption method based on no-card CA (Certificate Authority) Download PDFInfo
- Publication number
- CN102256170A CN102256170A CN2011101982653A CN201110198265A CN102256170A CN 102256170 A CN102256170 A CN 102256170A CN 2011101982653 A CN2011101982653 A CN 2011101982653A CN 201110198265 A CN201110198265 A CN 201110198265A CN 102256170 A CN102256170 A CN 102256170A
- Authority
- CN
- China
- Prior art keywords
- pki
- end server
- control word
- top box
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to encryption and decryption technology of digital television signals, and discloses an encryption method and a decryption method based on no-card CA (Certificate Authority), solving the problem of low security of the encryption method in the conventional technology. The technical scheme is characterized in that: a, a front end server generates a cipher text, and generates a secret key, a public key and a public key index according to the ID (Identification) of a set-top box chip; b, the front end server encrypts a control word with the public key to obtain the encrypted control word; c, the front end server encrypts the encrypted control word with the cipher text to get authorization control information; d, the front end server encrypts the cipher text and the public key index with the secret key to obtain authorization management information; and e, the front end server transmits the authorization control information and the authorization management information to a digital television network. The methods provided by the invention are suitable for encryption and decryption of the digital television signals.
Description
Technical field
The present invention relates to the digital television signal encryption and decryption technology, relate to a kind of specifically based on encryption method and the decryption method of not having card CA.
Background technology
Old-fashioned set-top box in the past adopts smart card and set-top box master chip to finish mandate, task of decryption jointly.Adopt the set-top box of this mode of operation, smart card is connected with the set-top box circuit by card slot, occurs the situation of loose contact sometimes, influences the stability of set-top box; And smart card and set-top box are frequently carried out communication, the risk that exists algorithm to be intercepted, if cracked by the hacker, benefits of operators can incur loss.Along with the development of technology, a kind of new technology has appearred in recent years, promptly there is not card CA, it is the master chip that CA (Conditional Access) card is integrated in set-top box, so just do not need to adopt between smart card and the set-top box master chip and carry out communication, reduced cost, aspect fail safe, increase yet.
Traditional encryption method based on there not being card CA is as follows: 1. front-end server produces SK (business cipher key), and produces CK (PKI), PDK (private key) according to set-top-box chip ID; 2. encrypt CW after CW (control word) obtains encrypting with CK; 3. adopt SK that the CW after encrypting is encrypted, generate ECM (Entitlement Control Message) information and send in the digital TV network; 4. adopt PDK that SK is encrypted, generate EMM (Entitlement Management Message) information and send in the digital TV network; Wherein, CW is the data that generated at random by front-end server, and PDK is the one group of private key data that is stored in the set-top-box chip.
Traditional decryption method based on there not being card CA is as follows: 1. after terminal receives the EMM data, utilize set-top-box chip build in serial number and PDK pairing, decrypt SK; 2. after terminal receives the ECM data, utilize the CW after SK decrypts encryption; 3. the CW after will encrypting imports in the set-top box CPU, decrypts CW jointly by inner decipherment algorithm of CPU and chip id; 4. CW is set in the descrambler audio, video data that descrambler is encrypted by the CW descrambling.
The crucial PKI SK that will decipher usefulness owing to server end in the conventional art is transferred in the digital TV network, might be intercepted and captured by the hacker, and fail safe is low, can't guarantee benefits of operators; And the PDK that is stored in the set-top-box chip has only one group, so its decipherment algorithm fixes, and fail safe is also lower.
Summary of the invention
Technical problem to be solved by this invention is: propose a kind of new encryption method and decryption method based on nothing card CA, solve the low problem of fail safe that the encipher-decipher method in the conventional art exists.
The present invention solves the problems of the technologies described above the technical scheme that is adopted: the encryption method based on there not being card CA may further comprise the steps:
A. front-end server produces ciphertext, and produces key, PKI, PKI index according to set-top-box chip ID;
B. front-end server public key encryption control word obtains encrypted control word;
C. front-end server is encrypted encrypted control word with ciphertext, authorized control information;
D. front-end server is encrypted ciphertext and PKI index with key, authorized management information;
E. front-end server is sent to Entitlement Control Message and Entitlement Management Message in the digital TV network.
Among the step a, front-end server is preserved set-top-box chip ID, key and PKI; Described key and PKI also are stored in the set-top-box chip.
Decryption method based on there not being card CA may further comprise the steps:
A. the set-top box deciphering module is decrypted Entitlement Management Message with the key of preserving in the chip, obtains ciphertext and PKI index;
B. set-top box deciphering module decrypt ciphertext Entitlement Control Message obtains encrypted control word;
C. the set-top box deciphering module sends PKI index and encrypted control word to set-top box CPU, by the PKI of set-top box CPU according to PKI index reduction correspondence;
D. set-top box CPU is decrypted encrypted control word with PKI, controlled word;
E. the control word that deciphering is come out is set in the descrambler of set-top box, the audio, video data that descrambler comes descrambling to encrypt by control word.
The invention has the beneficial effects as follows: because PKI itself do not transmit in digital TV network, but utilize the PKI index to reduce PKI, avoided PKI in transmission course, to be intercepted, improved fail safe at STB terminal; Decipher at the inner random algorithm that adopts of set-top box CPU, only to the CPU outside as seen EMM, ECM information have further improved fail safe.
Description of drawings
Fig. 1 is the encryption method flow chart among the embodiment;
Fig. 2 is the decryption method flow chart among the embodiment.
Embodiment
In this application, the PKI that has all legal MPEG chips on the front-end server, the MPEG chip internal has the private key of oneself, server goes to encrypt CT and SCKI data with the CDK PKI, use the CDK private key of oneself to go to decipher the EMM data at the set-top box end and obtain CT and SCKI, by SCKI reduction SCK, ECM obtains ECW with the CT deciphering then, and ECW obtains CW with the SCK deciphering.SCK is N the key that is stored in the MPEG chip internal among the application, finds by the SCKI index and finally which removes to decipher ECW with and obtain CW.
Referring to Fig. 1, the encryption method based on nothing card CA in this example, adopt following steps to realize:
A. front-end server produces CT (ciphertext), and produces CDK (key), SCK (PKI), SCKI (PKI index) according to CUID (set-top-box chip ID); Wherein, CDK is group key data that are stored in set-top box master chip inside, and SCK is N (N>=2) the group secret key data that are stored in chip internal, preserves CUID, CDK and the SCK of all chips on the front-end server.
B. front-end server is encrypted CW (control word) with SCK, obtains encrypted control word ECW;
C. front-end server is encrypted encrypted control word ECW with CT, obtains ECM (Entitlement Control Message);
D. front-end server is encrypted CT and SCKI with CDK, obtains EMM (Entitlement Management Message);
E. front-end server is sent to ECM and EMM in the digital TV network.
Referring to Fig. 2, the decryption method based on nothing card CA in this example, adopt following steps to realize:
A. STB terminal at first is decrypted EMM with the CDK that preserves in the chip by deciphering module after receiving EMM and ECM information, obtains CT and SCKI;
B. the set-top box deciphering module is deciphered ECM with CT, obtains encrypted control word ECW;
C. the set-top box deciphering module sends SCKI and encrypted control word ECW to set-top box CPU, by the SCK of set-top box CPU according to SCKI reduction correspondence;
D. set-top box CPU is decrypted encrypted control word ECW with SCK, controlled word CW;
E. the CW that deciphering is come out is set in the descrambler of set-top box, and the audio, video data that descrambler comes descrambling to encrypt by CW is realized the audio frequency and video broadcast.
Example: front-end server produces one group of data CT at random, and produce one group of CDK, 8 groups of SCK (SCK1, SCK2, SCK3, SCK4, SCK5, SCK6, SCK7, SCK8) according to GUID, and also store CDK and 8 groups of SCK of one group of correspondence in the set-top-box chip, so, if front-end server has selected for use SCK3 to encrypt CW at random, generate ECW, can generate an index related so with SCK3, be SCKI, front-end server adopts CT to encrypt ECW, generate ECM information, and adopt the CDK of oneself that CT and SCKI are encrypted, generate EMM information; Set-top box is after receiving EMM information, also adopt the CDK of oneself to be decrypted, can obtain CT and SCKI, decipher ECM, obtain ECW with CT, then SCKI and ECW are sent into set-top box CPU inside, set-top box CPU is resolved SCKI, and that learn its correspondence is SCK3, so just adopts the SCK3 that preserves in the chip that ECW is decrypted, obtain CW, at last CW is sent into the descrambling of realizing in the descrambler audio, video data.
Claims (3)
1. based on the encryption method of not having card CA, it is characterized in that, may further comprise the steps:
A. front-end server produces ciphertext, and produces key, PKI, PKI index according to set-top-box chip ID;
B. front-end server public key encryption control word obtains encrypted control word;
C. front-end server is encrypted encrypted control word with ciphertext, authorized control information;
D. front-end server is encrypted ciphertext and PKI index with key, authorized management information;
E. front-end server is sent to Entitlement Control Message and Entitlement Management Message in the digital TV network.
2. the encryption method based on nothing card CA as claimed in claim 1 is characterized in that among the step a, front-end server is preserved set-top-box chip ID, key and PKI; Described key and PKI also are stored in the set-top-box chip.
3. based on the decryption method of not having card CA, it is characterized in that, may further comprise the steps:
A. the set-top box deciphering module is decrypted Entitlement Management Message with the key of preserving in the chip, obtains ciphertext and PKI index;
B. set-top box deciphering module decrypt ciphertext Entitlement Control Message obtains encrypted control word;
C. the set-top box deciphering module sends PKI index and encrypted control word to set-top box CPU, by the PKI of set-top box CPU according to PKI index reduction correspondence;
D. set-top box CPU is decrypted encrypted control word with PKI, controlled word;
E. the control word that deciphering is come out is set in the descrambler of set-top box, the audio, video data that descrambler comes descrambling to encrypt by control word.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101982653A CN102256170A (en) | 2011-07-15 | 2011-07-15 | Encryption method and decryption method based on no-card CA (Certificate Authority) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101982653A CN102256170A (en) | 2011-07-15 | 2011-07-15 | Encryption method and decryption method based on no-card CA (Certificate Authority) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102256170A true CN102256170A (en) | 2011-11-23 |
Family
ID=44983106
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101982653A Pending CN102256170A (en) | 2011-07-15 | 2011-07-15 | Encryption method and decryption method based on no-card CA (Certificate Authority) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102256170A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752635A (en) * | 2012-02-23 | 2012-10-24 | 中央电视台 | Downloadable and replaceable condition receiving system |
| CN102752636A (en) * | 2012-02-23 | 2012-10-24 | 中央电视台 | Generation method of root key at transmitting end of condition receiving system |
| CN104038757A (en) * | 2014-06-20 | 2014-09-10 | 深圳市九洲电器有限公司 | Method and system for testing digital television terminal |
| CN105516763A (en) * | 2015-12-09 | 2016-04-20 | 深圳市纽格力科技有限公司 | Encryption and decryption method of certificate authorization card identifying information, device and digital program system |
| CN106550255A (en) * | 2016-12-22 | 2017-03-29 | 深圳Tcl数字技术有限公司 | TV far-end encryption method and system |
| CN107645679A (en) * | 2017-09-30 | 2018-01-30 | 深圳市九洲电器有限公司 | The production method and system of set top box cardless conditional access system |
| CN112449215A (en) * | 2019-08-27 | 2021-03-05 | 武汉佳世创科技有限公司 | Method and system for supporting card-holding and card-free condition receiving based on digital television |
| CN114286141A (en) * | 2022-03-01 | 2022-04-05 | 深圳佳力拓科技有限公司 | Method for realizing card-free condition receiving and set top box |
| CN114448641A (en) * | 2021-12-30 | 2022-05-06 | 北京航天晨信科技有限责任公司 | Privacy encryption method, electronic equipment, storage medium and chip |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004010698A1 (en) * | 2002-07-24 | 2004-01-29 | Nagracard Sa | Method and electronic module for secure data transmission |
| US20050025316A1 (en) * | 2003-07-31 | 2005-02-03 | Pelly Jason Charles | Access control for digital content |
| CN101282456A (en) * | 2008-04-11 | 2008-10-08 | 青岛海信电器股份有限公司 | Method and apparatus for receiving digital television condition |
| CN101611631A (en) * | 2007-02-12 | 2009-12-23 | 索尼株式会社 | Use the key list of storage to carry out packaged media encryption |
| CN101720013A (en) * | 2009-12-15 | 2010-06-02 | 四川长虹电器股份有限公司 | Anti-decryption set-top box conditional receiving method |
-
2011
- 2011-07-15 CN CN2011101982653A patent/CN102256170A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004010698A1 (en) * | 2002-07-24 | 2004-01-29 | Nagracard Sa | Method and electronic module for secure data transmission |
| US20050025316A1 (en) * | 2003-07-31 | 2005-02-03 | Pelly Jason Charles | Access control for digital content |
| CN101611631A (en) * | 2007-02-12 | 2009-12-23 | 索尼株式会社 | Use the key list of storage to carry out packaged media encryption |
| CN101282456A (en) * | 2008-04-11 | 2008-10-08 | 青岛海信电器股份有限公司 | Method and apparatus for receiving digital television condition |
| CN101720013A (en) * | 2009-12-15 | 2010-06-02 | 四川长虹电器股份有限公司 | Anti-decryption set-top box conditional receiving method |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102752636A (en) * | 2012-02-23 | 2012-10-24 | 中央电视台 | Generation method of root key at transmitting end of condition receiving system |
| CN102752636B (en) * | 2012-02-23 | 2015-01-21 | 中央电视台 | Generation method of root key at transmitting end of condition receiving system |
| CN102752635B (en) * | 2012-02-23 | 2015-03-18 | 中央电视台 | Downloadable and replaceable condition receiving system |
| CN102752635A (en) * | 2012-02-23 | 2012-10-24 | 中央电视台 | Downloadable and replaceable condition receiving system |
| CN104038757A (en) * | 2014-06-20 | 2014-09-10 | 深圳市九洲电器有限公司 | Method and system for testing digital television terminal |
| CN105516763B (en) * | 2015-12-09 | 2019-05-31 | 深圳市纽格力科技有限公司 | Encipher-decipher method, device and the digital program system of certificate granting card identification information |
| CN105516763A (en) * | 2015-12-09 | 2016-04-20 | 深圳市纽格力科技有限公司 | Encryption and decryption method of certificate authorization card identifying information, device and digital program system |
| CN106550255A (en) * | 2016-12-22 | 2017-03-29 | 深圳Tcl数字技术有限公司 | TV far-end encryption method and system |
| CN106550255B (en) * | 2016-12-22 | 2020-04-10 | 深圳Tcl数字技术有限公司 | Television far-end encryption method and system |
| CN107645679A (en) * | 2017-09-30 | 2018-01-30 | 深圳市九洲电器有限公司 | The production method and system of set top box cardless conditional access system |
| CN107645679B (en) * | 2017-09-30 | 2020-02-07 | 深圳市九洲电器有限公司 | Production method and system of card-free condition receiving system of set top box |
| CN112449215A (en) * | 2019-08-27 | 2021-03-05 | 武汉佳世创科技有限公司 | Method and system for supporting card-holding and card-free condition receiving based on digital television |
| CN112449215B (en) * | 2019-08-27 | 2022-11-08 | 武汉佳世创科技有限公司 | Method and system for supporting card-holding and card-free condition receiving based on digital television |
| CN114448641A (en) * | 2021-12-30 | 2022-05-06 | 北京航天晨信科技有限责任公司 | Privacy encryption method, electronic equipment, storage medium and chip |
| CN114286141A (en) * | 2022-03-01 | 2022-04-05 | 深圳佳力拓科技有限公司 | Method for realizing card-free condition receiving and set top box |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102256170A (en) | Encryption method and decryption method based on no-card CA (Certificate Authority) | |
| CN102164320B (en) | A kind of terminal based on conditional access technology of improvement | |
| JP5106845B2 (en) | How to descramble a scrambled content data object | |
| EP2362573A1 (en) | Device and method for establishing secure trust key | |
| CN1383296A (en) | Method for managing symmetrical secret key in communication network, and device for carrying out such method | |
| CN106658093B (en) | The exchange method and system of set-top box and server | |
| CN102075812B (en) | Data receiving method and system of digital television | |
| CN102802036A (en) | System and method for identifying digital television | |
| GB2489672A (en) | Authentication certificate distribution to set top boxes | |
| CN102075802B (en) | Method for realizing secure communication between set-top box and intelligent card | |
| US9191621B2 (en) | System and method to record encrypted content with access conditions | |
| JP2012510743A (en) | Content decryption apparatus and encryption system using additional key layer | |
| US11308242B2 (en) | Method for protecting encrypted control word, hardware security module, main chip and terminal | |
| RU2605923C2 (en) | Secure transmission method and apparatus for transport stream | |
| CN101626484A (en) | Method for protecting control word in condition access system, front end and terminal | |
| CN101720013B (en) | Anti-decryption set-top box conditional receiving method | |
| CN102714593A (en) | Methods for decrypting, transmitting and receiving control words, storage medium for executing said methods | |
| CN102427559A (en) | Identity authentication method based on digital television set card separation technology | |
| US20160165279A1 (en) | Method of transmitting messages between distributed authorization server and conditional access module authentication sub-system in renewable conditional access system, and renewable conditional access system headend | |
| US10075419B2 (en) | Method and device to protect a decrypted media content before transmission to a consumption device | |
| CN103402129B (en) | The method of a kind of condition reception, equipment and system | |
| EP3610652B1 (en) | Receiving audio and/or video content | |
| US9077854B2 (en) | Preventing the use of modified receiver firmware in receivers of a conditional access system | |
| CN100588244C (en) | Method and system for implementing broadcasting network condition receiving | |
| CN103634624A (en) | Digital television live broadcasting method and system based on IP (Internet protocol) network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111123 |