CN102256176B - Method for achieving card-free certificate authority (CA) information security - Google Patents
Method for achieving card-free certificate authority (CA) information security Download PDFInfo
- Publication number
- CN102256176B CN102256176B CN 201110178336 CN201110178336A CN102256176B CN 102256176 B CN102256176 B CN 102256176B CN 201110178336 CN201110178336 CN 201110178336 CN 201110178336 A CN201110178336 A CN 201110178336A CN 102256176 B CN102256176 B CN 102256176B
- Authority
- CN
- China
- Prior art keywords
- app
- security
- security vault
- code
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method for achieving card-free certificate authority (CA) information security. The method comprises the following two parts in a system: 1, a FLASH of a set-top box is divided into a locked zone and an unlocked zone, the data of the locked zone is forbidden to be modified or deleted once being written in, and a security library, BOOT codes and a security library data region are arranged in the locked zone; and 2, the system also comprises an application (APP) part, an APP binary code is required to be provided for processing after the porting of a porting manufacturer is finished and tests are successfully performed, and an APP CA kernel can pass check. A strict checking mechanism for the copying and modification of the FLASH can completely prevent authority and the like from being changed by copying the set-top box by the FLASH and modifying the FLASH. Security library checking and APP checking can be performed independently, and APP can be flexibly upgraded without modifying the security library.
Description
Technical field
The present invention relates to a kind of solution of digital TV network information security, be specifically related to a kind of based on the security solution method under the no card CA environment of the unique ChipID of advanced security chip.
Background technology
In recent years, Digital Television developed rapidly, and customer volume is also increasing, and digital TV network is a kind of open network, so fail safe is an important problem.How could design the system of a safety? present most of CA guarantees system safety by using smart card CA.Each sheet smart card has the ID of oneself, and important data will use the relevant key of this ID to be encrypted protection.When needs deciphering TS stream, at first obtain authorization data from smart card, secret key decryption CW is set then returns to set-top box, by set-top box CA deciphering TS stream is set again.Exactly because the CW that smart card decrypts need return to set-top box, so a lot of illegal molecule utilizes this communication process therefrom to intercept and capture CW, share then.There is not the problem that card CA can well solve this aspect, because there is not the process that card CA does not exist smart card and set top box interactive, deciphering CW and deciphering TS is set flows through journey and finish at chip internal does not simultaneously have communicating by letter of any clear text key with the outside, has strengthened the fail safe of system greatly.But, do not have card CA some other problems also arranged, such as copying FLASH, dis-assembling set-top box program cracks etc., the present invention just at present no card CA present situation a kind of security solution based on the safety encipher chip is provided.
Summary of the invention
The invention provides a kind of method that realizes not having card CA information security.
The present invention is achieved in that
A kind of method that realizes not having card CA information security is included in following two parts in the system.
One is that set-top box FLASH is divided into locking subregion and non-locking subregion, does not allow to be modified or to delete after in a single day the locking partition data writes, and in the locking subregion, comprises security vault, BOOT code and security vault data field several sections;
Its two, also comprise the APP part in the system, transplant after the test that finishes passes through when transplanting manufacturer, need provide the APP binary code to handle, the APP program CA kernel after the processing could check and pass through.
Specifically be discussed below:
It requires to transplant manufacturer when transplanting CA, must transplant security vault (determining to have transplanted security vault by checking the BOOT source code), carries out safety inspection by security vault then.Security vault can check whether the consistent FLASH of guaranteeing is not replicated the enciphered data that the transplanting manufacturer's information, hardware information of this set-top box produce, and checks simultaneously whether the corresponding set-top box binary program is not modified with the consistent FALSE of guaranteeing program.Each user's private key can not be stored among the FALSH simultaneously, has only when need use just can dynamically produce, and all keys all can not returned out the CA kernel.For the APP code, also can carry out corresponding verification.The present invention separately carries out the inspection of security vault and the inspection of APP, and whether the security vault inspection is mainly used in the inspection machine top box legal, is to start the CA functional module.APP checks whether major limitation APP program is modified, and APP checks part also in the APP code, so the APP program can be upgraded separately.
The present invention has following innovation and effect:
1. FALSH copy and modification there are tight checking mechanism, can prevent from fully changing mandate etc. by FALSH copy duplicator top box and modification FLASH.
2. security vault inspection and APP check and independently to carry out, and can upgrade the APP program flexibly and need not change security vault.
3. adopt multiple publicly-owned algorithm and privately owned comprehensive use, variable-key has very high security.
4. having unique key produces and administrative mechanism.
5. key data can not carry out with external program entirely in the operational management of CA kernel alternately.
6. algorithms library is standard C independence storehouse, can conveniently transplant and be built in the chip.
7. private key for user can not deposited among the FLASH, just calculates by algorithm during use to produce.
8. what carry out when carrying out the key comparison is that ciphertext compares, and has improved fail safe.
Description of drawings
Fig. 1 starts flow chart for security vault;
Fig. 2 is APP checking process figure.
Embodiment:
Carry out the elaboration of specific embodiments below with regard to content of the present invention, but protection content of the present invention is not limited in this.
1. security vault part
Set-top box FLASH will be divided into locking subregion and non-locking subregion two large divisions, wherein lock not allow to be modified or to delete after in a single day partition data writes, and mainly comprise security vault, BOOT code and security vault data field several sections.
Wherein the BOOT code need be transplanted security vault, the security vault data field deposit the relevant many encrypt datas of set-top box safety and some version date information and transplant manufacturer's information.
Each transplants manufacturer, will be assigned with a unique transplanting supplier number.Transplant supplier number by this, can adopt privately owned algorithm to produce a key, this key is called as YKey (YKey dynamically generates).When the issuing machine top box, issuing procedure can obtain the true sequence number of hardware by the tool interface that the hardware vendor provides, and this sequence number will be deposited in the security vault data field after will using YKey to adopt total algorithm and privately owned algorithm for encryption.
Each is transplanted manufacturer and determines that at the BOOT code back is (by checking source code, the BOOT code has necessarily loaded security vault), the preservation of must signing, this signature is produced by checking algorithm by the BOOT binary code, after in case signature is finished, the BOOT code can not be modified, otherwise safety inspection can't pass through, because should bind with BOOT binary system source code by signature.This signature is deposited in the database of security vault after can using YKEY to encrypt when the issuing machine top box.Deposit in the secure data district after also having other important data also to adopt YKEY to encrypt simultaneously.When data write finish after, security vault data field data can produce a verification (privately owned checking algorithm), deposit in the lump in the security vault data field.
When issuing procedure issuing machine top box, we can control a hardware sequence number and be merely able to issue a set-top box, in case certain hardware sequence number is released, the box of identical chips number can not be re-issued, the behavior of a plurality of identical false chip box duplicator top boxs can be effectively prevented from using.Simultaneously, publishing system can carry out record to the set-top box number of distribution, authorizes the set-top box that all can only issue the corresponding data amount each time, also can effectively prevent from distributing indiscriminately capable set-top box.
The flow process that security vault starts as shown in Figure 1, when starting, security vault can check earlier whether the check of security vault data field is correct, obtain the hardware sequence number of set-top box after correct again by interface, the transplanting manufacturer's information that reads the security vault data field then obtains transplanting supplier number, calculate behind YKey and the encryption hardware sequence number and deposit in security vault data field real hardware sequence number ciphertext and compare, if comparative result is inconsistent, then security vault can be forbidden the correlation function of CA.After relatively passing through, security vault can carry out the BOOT area code verification and calculate, and obtains the binary code signature value in BOOT district, should compare with the signature value ciphertext of depositing signature value encryption back then, if comparative result is inconsistent, also can forbid the CA correlation function.Pass through when all checkings, then enable the CA correlation function.
2.APP part
Transplant after the test that finishes passes through when transplanting manufacturer, need provide the APP binary code to handle, the APP program CA kernel after the processing could check and pass through.
When CA starts, can check whether the APP code is modified, and copies etc., if check failure, the CA function is with disabled.
As shown in Figure 2, CA startup flow process is as follows:
The Boot guiding starts the CA storehouse, guarantees that the CA storehouse is legal startup;
CA library code check, verification APP signature judges whether the APP code is illegally modified;
The verification of CA database data, verification CA data field enciphered data judges whether CA information is illegally modified.
3.CA part
CA mainly comprises 3 data fields, comprises data A district, and B district and C district, A district are used for depositing radio and TV operator's information and some initial informations of user data, and B deposits user authorization data in the district, and C deposits in the district some index informations.There is the check code of oneself each data field, and data all can not be illegally modified.CA gets access to the authorization data ciphertext from stream after, it is preserved according to certain rule, when needs use, can produce private key by hardware sequence number and operator's informaiton its deciphering back is used.The key that process produces can not return out the CA kernel.
Claims (1)
1. a system that realizes not having card CA information security is characterized in that: be included in following two parts in the system;
One is that set-top box FLASH is divided into locking subregion and non-locking subregion, does not allow to be modified or to delete after in a single day the locking partition data writes, and in the locking subregion, comprises security vault, BOOT code and security vault data field several sections;
Its two, also comprise the APP part in the system, transplant after the test that finishes passes through when transplanting manufacturer, need provide the APP binary code to handle, the APP program CA kernel after the processing could check and pass through;
Described security vault can check earlier when starting whether the check of security vault data field is correct, obtain the hardware sequence number of set-top box after correct again by interface, the transplanting manufacturer's information that reads the security vault data field then obtains transplanting supplier number, calculate behind YKey and the encryption hardware sequence number and deposit in security vault data field real hardware sequence number ciphertext and compare, if comparative result is inconsistent, then security vault can be forbidden the correlation function of CA; After relatively passing through, security vault can carry out the BOOT area code verification and calculate, and obtains the binary code signature value in BOOT district, should compare with the signature value ciphertext of depositing signature value encryption back then, if comparative result is inconsistent, also can forbid the CA correlation function; Pass through when all checkings, then enable the CA correlation function;
Wherein YKey is by transplanting the secret key that supplier number adopts privately owned algorithm to produce;
The checking process of described APP part is as follows:
The Boot guiding starts the CA storehouse, guarantees that the CA storehouse is legal startup;
CA library code check, verification APP signature judges whether the APP code is illegally modified; If be not illegally modified, be illegally modified if then enter CA database data checking routine, then forbid the CA correlation function;
The verification of CA database data, verification CA data field enciphered data judges whether CA information is illegally modified; If be not illegally modified, then enter CA normal process flow process; If be illegally modified, then forbid the CA correlation function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110178336 CN102256176B (en) | 2011-06-29 | 2011-06-29 | Method for achieving card-free certificate authority (CA) information security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110178336 CN102256176B (en) | 2011-06-29 | 2011-06-29 | Method for achieving card-free certificate authority (CA) information security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102256176A CN102256176A (en) | 2011-11-23 |
| CN102256176B true CN102256176B (en) | 2013-08-28 |
Family
ID=44983112
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110178336 Active CN102256176B (en) | 2011-06-29 | 2011-06-29 | Method for achieving card-free certificate authority (CA) information security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102256176B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104079994B (en) * | 2014-07-07 | 2017-05-24 | 四川金网通电子科技有限公司 | Authorization system and method based on set top box card-free CA |
| CN105812877A (en) * | 2016-03-23 | 2016-07-27 | 福建新大陆通信科技股份有限公司 | Set-top box starting method and system based on Chip ID |
| CN114286141B (en) * | 2022-03-01 | 2022-06-28 | 深圳佳力拓科技有限公司 | Method for realizing card-free condition receiving and set top box |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1123620A1 (en) * | 1998-10-19 | 2001-08-16 | General Instrument Corporation | Television set-top box with configurable functionality |
| CN101014083A (en) * | 2006-11-28 | 2007-08-08 | 俞鹏里 | Network TV terminal and information server system thereof |
| JP4683067B2 (en) * | 2008-04-17 | 2011-05-11 | ソニー株式会社 | Audio processing apparatus, audio processing method and program |
| CN101562686A (en) * | 2009-04-29 | 2009-10-21 | 山东泰信电子有限公司 | Method for downloading software of universal set-top box (STB) platform |
| CN101742072A (en) * | 2009-12-18 | 2010-06-16 | 四川长虹电器股份有限公司 | Anti-copy method for set-top box software |
-
2011
- 2011-06-29 CN CN 201110178336 patent/CN102256176B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN102256176A (en) | 2011-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1891766B1 (en) | System and method for remote device registration | |
| CN101490687B (en) | Control system and method using identity objects | |
| CN101908106B (en) | Memory system with versatile content control | |
| AU776027B2 (en) | Method and system for enforcing access to a computing resource using a licensing attribute certificate | |
| US8769675B2 (en) | Clock roll forward detection | |
| CN106462438A (en) | Attestation of a host containing a trusted execution environment | |
| CN102906755A (en) | Content control method using certificate revocation lists | |
| KR20150011802A (en) | Method and system for process working set isolation | |
| CN104794388B (en) | application program access protection method and application program access protection device | |
| CN104700002A (en) | Software protecting, authorizing and registering method | |
| CN101819612A (en) | Versatile content control with partitioning | |
| CN106233292B (en) | Synthesize document access | |
| CN103839011B (en) | The guard method of confidential document and device | |
| CN109800050A (en) | A kind of EMS memory management process of virtual machine, device, relevant device and system | |
| CN109492421A (en) | Data processing method, electronic equipment and the storage medium of security middleware based on android system | |
| US7249105B1 (en) | BORE-resistant digital goods configuration and distribution methods and arrangements | |
| CN112181922B (en) | Block chain data sharing method, system, device and medium | |
| Bond | Understanding Security APIs | |
| EP3782059A1 (en) | User-protected license | |
| CN111125245A (en) | Data processing method and device based on block chain and storage medium | |
| US20070239617A1 (en) | Method and apparatus for temporarily accessing content using temporary license | |
| CN106022143A (en) | A method, a device and a system for database security classification mark security gateway operation | |
| US6651169B1 (en) | Protection of software using a challenge-response protocol embedded in the software | |
| CN102256176B (en) | Method for achieving card-free certificate authority (CA) information security | |
| CN100596058C (en) | System and method for managing credible calculating platform key authorization data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |