CN102256178B - Set-top box authentication method as well as certificate proxy terminal and system - Google Patents

Set-top box authentication method as well as certificate proxy terminal and system Download PDF

Info

Publication number
CN102256178B
CN102256178B CN2011101959036A CN201110195903A CN102256178B CN 102256178 B CN102256178 B CN 102256178B CN 2011101959036 A CN2011101959036 A CN 2011101959036A CN 201110195903 A CN201110195903 A CN 201110195903A CN 102256178 B CN102256178 B CN 102256178B
Authority
CN
China
Prior art keywords
certificate
top box
terminal
media system
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2011101959036A
Other languages
Chinese (zh)
Other versions
CN102256178A (en
Inventor
李铭轩
刘红旗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN2011101959036A priority Critical patent/CN102256178B/en
Publication of CN102256178A publication Critical patent/CN102256178A/en
Application granted granted Critical
Publication of CN102256178B publication Critical patent/CN102256178B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种机顶盒的认证方法、证书代理终端及系统,其中,机顶盒的认证方法包括:机顶盒向证书代理终端发送第一请求消息,所述第一请求消息包括待获取证书的标识信息,所述证书代理终端中存储有机顶盒用以接入媒体系统时所使用的证书;所述机顶盒接收所述证书代理终端根据所述待获取证书的标识信息发送的证书的关键字信息;所述机顶盒根据所述证书的关键字信息接入所述媒体系统。上述方法通过证书代理终端管理证书实现了证书管理的安全性,同时提高了证书管理的可靠性能。

Figure 201110195903

The invention discloses an authentication method of a set-top box, a certificate agent terminal and a system, wherein the authentication method of the set-top box includes: the set-top box sends a first request message to the certificate agent terminal, the first request message includes identification information of a certificate to be obtained, The certificate agent terminal stores the certificate used by the set-top box to access the media system; the set-top box receives the keyword information of the certificate sent by the certificate agent terminal according to the identification information of the certificate to be obtained; the set-top box Accessing the media system according to the key information of the certificate. The above method realizes the security of certificate management through certificate agent terminal management certificate, and improves the reliability performance of certificate management at the same time.

Figure 201110195903

Description

The authentication method of set-top box, certification agency terminal and system
Technical field
The present invention relates to the communication technology, relate to especially a kind of authentication method, certification agency terminal and system of set-top box.
Background technology
Set-top box is a kind of terminal equipment at present comparatively commonly used, and various traditional subscriber equipmenies such as TV etc., can access media system by set-top box.
In the prior art, for making the set-top box that accesses media system safe and legal, media system needs set-top box to provide the certificate corresponding with media system so that set-top box is carried out safety certification, concrete grammar is as follows: set-top box is before the access media system, need to and preserve from the certificate granting terminal downloads certificate of authority, and then the keyword message of the certificate of authority that this locality can be preserved during media system in login of set-top box is sent to media system, media system is sent to the certificate granting terminal with the keyword message of the certificate of authority and verifies, if checking is passed through, then media system allows set-top box access media system.
Yet the security performance of existing set-top box self is not high, so that the certificate of authority of preserving in this set-top box is cracked easily.
Summary of the invention
The invention provides a kind of authentication method, certification agency terminal and system of set-top box, in order to realize the fail safe of certificate management, improved the unfailing performance of certificate management.
One aspect of the present invention provides a kind of authentication method of set-top box, comprising:
Set-top box sends the first request message to the certification agency terminal, and described the first request message comprises the identification information of certificate to be obtained, and stores described set-top box employed certificate when accessing media system in the described certification agency terminal;
Described set-top box receives described certification agency terminal according to the keyword message of the certificate of the identification information transmission of certificate described to be obtained;
Described set-top box accesses described media system according to the keyword message of described certificate.
The present invention provides a kind of authentication method of set-top box on the other hand, comprising:
The first request message that certification agency terminal receiver top box sends, this first request message comprises the identification information of certificate to be obtained, and stores described set-top box employed certificate when accessing media system in the described certification agency terminal;
Described certification agency terminal is sent to described set-top box according to the identification information of certificate described to be obtained with the keyword message of certificate, so that described set-top box accesses described media system according to the keyword message of described certificate.
The present invention provides a kind of set-top box on the other hand, comprising:
The first sending module is used for sending the first request message to the certification agency terminal, and described the first request message comprises the identification information of certificate to be obtained, and stores set-top box employed certificate when accessing media system in the described certification agency terminal;
The first receiver module is used for receiving the keyword message of the certificate that described certification agency terminal sends according to the identification information of certificate described to be obtained, so that described set-top box accesses described media system according to the keyword message of described certificate.
The present invention provides a kind of certification agency terminal on the other hand, comprising:
Memory module is used for memory machine top box employed certificate when accessing media system;
The second receiver module is used for the first request message that receiving set up box sends, and this first request message comprises the identification information of certificate to be obtained;
The second sending module is used for according to the identification information of certificate described to be obtained the keyword message of certificate being sent to described set-top box, so that described set-top box accesses described media system according to the keyword message of described certificate.
The present invention provides a kind of communication system on the other hand, comprise aforesaid set-top box, certification agency terminal, certificate granting terminal and media system, wherein, set-top box and certification agency terminal interaction, certification agency terminal and certificate granting terminal interaction, set-top box and media system are mutual, media system and certificate granting terminal interaction.
As shown from the above technical solution, the authentication method of set-top box of the present invention, certification agency terminal and system, by certification agency terminal management certificate, and then first request message that can send according to the set-top box keyword message of issuing licence under the set-top box, realize the fail safe of certificate management, improved simultaneously the unfailing performance of certificate management.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, the below will do one to the accompanying drawing of required use in embodiment or the description of the Prior Art and introduce simply, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The flow chart of the authentication method of the set-top box that Fig. 1 provides for one embodiment of the invention;
The flow chart of the authentication method of the set-top box that Fig. 2 provides for another embodiment of the present invention;
The flow chart of the authentication method of the set-top box that Fig. 3 provides for another embodiment of the present invention;
The flow chart of the authentication method of the set-top box that Fig. 4 provides for another embodiment of the present invention;
The structural representation of the set-top box that Fig. 5 provides for one embodiment of the invention;
The structural representation of the certification agency terminal that Fig. 6 provides for another embodiment of the present invention;
The structural representation of the communication system that Fig. 7 provides for one embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
The flow chart of the authentication method of the set-top box that Fig. 1 provides for one embodiment of the invention, as shown in Figure 1, the authentication method of set-top box is as described below.
101, set-top box sends the first request message to the certification agency terminal, and this first request message comprises the identification information of certificate to be obtained, and stores set-top box employed certificate when accessing media system in the described certification agency terminal.
For instance, the identification information of certificate to be obtained can be the coding of certificate.
102, set-top box acceptance certificate proxy terminal is according to the keyword message of the certificate of the identification information transmission of certificate to be obtained, so that set-top box is according to the keyword message access media system of certificate.
For instance, the keyword message of certificate can be the key of certificate.Further, the set-top box in the present embodiment is not preserved the keyword message of certificate.
In the present embodiment, before the step 101, the authentication method of set-top box also comprises:
Set-top box sends the request log messages to media system;
The first response message that set-top box receiving media system sends according to the request log messages, the first response message comprises the identification information of certificate.In actual applications, this first response message comprises that also request provides the information of the keyword message of certificate.
And then step 101 can be specially: set-top box sends the first request message according to the first response message to the certification agency terminal.
In actual applications, before step 102, the authentication method of set-top box also comprises: the certification agency terminal is carried out authentication to set-top box, and then, the message that the authentication that set-top box acceptance certificate proxy terminal sends is passed through.
Especially, set-top box also the certificate to be obtained that sends of acceptance certificate proxy terminal exist and effective state information.
If the non-existent state information of certificate described to be obtained that set-top box acceptance certificate proxy terminal sends, then set-top box sends response message according to the non-existent state information of certificate to be obtained to the certification agency terminal, so that the certification agency terminal is obtained certificate according to response message to the certificate granting terminal.
In addition, if the state information that the certificate to be obtained that set-top box acceptance certificate proxy terminal sends lost efficacy, then set-top box sends response message according to the state information that certificate to be obtained lost efficacy to the certification agency terminal, so that the certification agency terminal is obtained certificate according to response message to the certificate granting terminal.
The authentication method of the set-top box in above-described embodiment, by certification agency terminal management certificate, and the keyword message of issuing licence under the set-top box according to the request of set-top box, realized the fail safe of certificate management, reduce simultaneously the performance requirement of set-top box in the prior art, enlarged the range of application of set-top box.
On the basis of above-described embodiment, as shown in Figure 2, Fig. 2 shows the flow chart of the authentication method of the set-top box that another embodiment of the present invention provides, and wherein, the authentication method of set-top box is as mentioned below.
201, set-top box sends the request log messages to media system.
202, media system receives after the request log messages, sends the first response message to set-top box, and this first response message comprises the identification information of certificate and the information that request provides the keyword message of certificate.
203, set-top box receives after the first response message, send the first request message to the certification agency terminal, the identification information that comprises certificate to be obtained in this first request message stores set-top box employed certificate when accessing media system in the certification agency terminal.
The identification information of certificate to be obtained can be title, coding, identification code of certificate to be obtained etc.
204, after the certification agency terminal receives the first request message, search its inside according to the identification information of certificate to be obtained and whether store the certificate that remains to be obtained.
If the certificate that storage remains to be obtained in the 205 certification agency terminals, and it is effective that the certification agency terminal views certificate described to be obtained, then send certificate existence and effective state information to set-top box, and the keyword message of certificate that will be to be obtained is sent to set-top box, so that set-top box is according to the keyword message access media system of certificate.
If do not store certificate to be obtained in the 206 certification agency terminals, then the certification agency terminal sends the non-existent state information of certificate to set-top box, so that set-top box sends response message to the certification agency terminal after receiving the non-existent state information of described certificate, and then the certification agency terminal is obtained certificate according to response message to the certificate granting terminal.
If the certificate that storage remains to be obtained in the 207 certification agency terminals, but the certification agency terminal views certificate to be obtained to lose efficacy, then the certification agency terminal sends the state information that certificate lost efficacy to set-top box, so that send response message to the certification agency terminal after the state information that the set-top box acceptance certificate lost efficacy, and then the certification agency terminal is obtained certificate according to response message to the certificate granting terminal.
The authentication method of the set-top box in above-described embodiment, by certification agency terminal management certificate, and the keyword message of issuing licence under the set-top box according to the request of set-top box, realized the fail safe of certificate management, reduce simultaneously the performance requirement of set-top box in the prior art, enlarged the range of application of set-top box.
On the basis of above-described embodiment, as shown in Figure 3, Fig. 3 shows the schematic flow sheet of authentication method of the set-top box of another embodiment of the present invention, and wherein, the authentication method of set-top box is as mentioned below.Need to prove that the certification agency terminal in the present embodiment can be managed the certificate that a plurality of set-top box are used in order to access media system.
301, set-top box sends the request log messages to media system.
302, media system receives after the request log messages, sends first response message of asking log messages to set-top box, and this first response message comprises the identification information of certificate and the information that request provides the keyword message of certificate.
303, set-top box receives after the first response message, sends the first request message according to the first response message to the certification agency terminal, comprises the identification information of certificate to be obtained and the identification information of set-top box in this first request message.
The identification information of set-top box can be the coding of set-top box in the present embodiment.The identification information of certificate to be obtained can be title, coding, identification code of certificate to be obtained etc.
304, after the certification agency terminal receives the first request message, according to the identification information of set-top box set-top box is carried out authentication, if authentication pass through, execution in step 305, otherwise, send the unsanctioned message of authentication to set-top box.
If 305 certification agency terminals are passed through the set-top box authentication, set-top box is searched its inside according to the identification information of certificate to be obtained and whether is stored the certificate that remains to be obtained.
If the certificate that storage remains to be obtained in the 306 certification agency terminals, and it is effective that the certification agency terminal views certificate to be obtained, then send certificate existence and effective state information to set-top box, and the keyword message of certificate that will be to be obtained is sent to set-top box.
307, behind the keyword message of the certificate that sends of set-top box acceptance certificate proxy terminal, the keyword message of certificate is sent to media system.
308, media system is sent to the certificate granting terminal with the keyword message of the certificate of set-top box transmission, so that whether the keyword message of this certificate granting terminal authentication certificate is correct.If correct, execution in step 309, otherwise, to the message of media system transmission certificate error, and then the access of media system refusal set-top box.
If 309 certification authentications are passed through, the certificate granting terminal will be verified the message informing media system that passes through, and the message that media system passes through according to checking allows the set-top box access.
In the application process of reality, the certification agency terminal can regularly detect the validity of each certificate of storage inside.If detecting certificate, described certification agency terminal lost efficacy, then the certification agency terminal is searched the identification information of set-top box corresponding to this certificate, and issue licence under the set-top box according to the identification information of described set-top box and to need the message upgraded, comprise the identification information of certificate in this message.
After set-top box receives the message that described certificate need upgrade, send response message to the certification agency terminal, the certification agency terminal is obtained the valid certificate of corresponding this set-top box according to response message to the certificate granting terminal, and with the valid certificate storage of obtaining.
The authentication method of the set-top box in above-described embodiment, by certification agency terminal management certificate, and the keyword message of issuing licence under the set-top box according to the request of set-top box, realized the fail safe of certificate management, reduce simultaneously the performance of set-top box in the prior art, enlarged the range of application of set-top box.
On the basis of above-described embodiment, as shown in Figure 4, Fig. 4 shows the schematic flow sheet of authentication method of the set-top box of another embodiment of the present invention, and wherein, the authentication method of set-top box is as mentioned below.
401, the first request message of sending of certification agency terminal receiver top box, this first request message comprises the identification information of certificate to be obtained, and stores set-top box employed certificate when accessing media system in the described certification agency terminal;
402, the identification information of described certification agency terminal basis certificate to be obtained is sent to described set-top box with the keyword message of certificate, so that described set-top box is according to the keyword message access media system of certificate.
In the present embodiment, before step 402, the authentication method of set-top box also comprises:
The certification agency terminal is carried out authentication to set-top box, if authentication is passed through, then sends the message that authentication is passed through to set-top box.
Further, the certification agency terminal determines according to the identification information of certificate to be obtained that certificate to be obtained exists and effectively, and will certificate be obtained exist and effectively state information be sent to set-top box.
In actual applications, the authentication method of set-top box also comprises:
The certification agency terminal can repeat or regularly detect the validity of each certificate of this certification agency terminal inner storage, if detecting inner certificate, the certification agency terminal lost efficacy, then the certification agency terminal is searched the set-top box corresponding with this certificate, and issue licence under the set-top box and need the message upgraded, comprise the identification information of certificate in this message;
The certification agency terminal is after receiving the response message of described set-top box to certificate need updating message, in order to obtain effective certificate and storage according to response message to the certificate granting terminal.
The authentication method of the set-top box in above-described embodiment by certification agency terminal management certificate, and according to the keyword message that the request of set-top box is issued licence under the set-top box, has been realized the fail safe of certificate management, has improved the unfailing performance of certificate management.
According to a further aspect in the invention, the embodiment of the invention also provides a kind of set-top box, and as shown in Figure 5, Fig. 5 shows the structural representation of set-top box in an embodiment of the present invention, and wherein, set-top box comprises: the first sending module 51 and the first receiver module 52.Particularly, the first sending module 51 is used for sending the first request message to the certification agency terminal, and this first request message comprises the identification information of certificate to be obtained, and stores set-top box employed certificate when accessing media system in the certification agency terminal; The first receiver module 52 is used for the acceptance certificate proxy terminal according to the keyword message of the certificate of the identification information transmission of certificate to be obtained, so that set-top box is according to the keyword message access media system of certificate.
In the present embodiment, the first sending module 51 also is used for sending the request log messages to media system; The first receiver module 52 also is used for the first response message that the receiving media system sends according to the request log messages, and the first response message comprises the identification information of certificate; At this moment, the first sending module 51 is concrete for sending the first request message according to the first response message to the certification agency terminal.
For instance, the first above-mentioned receiver module 52 also is used for the message that authentication that the acceptance certificate proxy terminal sends is passed through.In addition, the certification agency terminal according to determine wait the identification information that obtains certificate wait obtain that certificate exists and effectively after, the first receiver module 52 is used for also that certificate to be obtained that the acceptance certificate proxy terminal sends exists and effective state information.The concrete function of this place's set-top box can be with reference to the description in the as above embodiment of the method.
Set-top box in above-described embodiment can be passed through certification agency terminal management certificate, and the keyword message of issuing licence under the set-top box according to the request of set-top box, realize the fail safe of certificate management, reduced simultaneously the performance of set-top box in the prior art, enlarged the range of application of set-top box.
According to a further aspect in the invention, the embodiment of the invention also provides a kind of certification agency terminal, as shown in Figure 6, Fig. 6 shows the structural representation of certification agency terminal in an embodiment of the present invention, wherein, the certification agency terminal comprises: memory module 60, the second receiver module 61 and the second sending module 62.Particularly, memory module 60 is used for memory machine top box employed certificate when accessing media system, and the second receiver module 61 is used for the first request message that receiving set up box sends, and this first request message comprises the identification information of certificate to be obtained; The second sending module 62 is used for according to the identification information of certificate to be obtained the keyword message of certificate being sent to set-top box, so that described set-top box is according to the keyword message access media system of certificate.
For instance, in the certification agency terminal according to determining wait the identification information that obtains certificate wait obtaining that certificate exists and effectively after the state information, the second sending module 62 also be used for will certificate be obtained exist and effectively state information be sent to set-top box.
Certification agency terminal in the present embodiment also comprises: the first authentication module is used for set-top box is carried out authentication; If authentication is passed through, the message that the second sending module 62 also is used for authentication is passed through is sent to set-top box.
Further, the certification agency terminal also comprises: detection module, and for detection of the validity of each certificate in the memory module 60.
Certification agency terminal in the present embodiment can provide for a set-top box service of certificate management, the service of certificate management also can be provided for a plurality of set-top box, for example, can be in a Small-scale LAN, the certification agency terminal can be the service that a plurality of set-top box provide certificate management.Further, by certification agency terminal management certificate, so that the security performance of certificate management improves.
According to a further aspect in the invention, the present invention also provides a kind of communication system, as shown in Figure 7, this communication system comprises the described set-top box 71 of any embodiment of the present invention, certification agency terminal 72, certificate granting terminal 73 and media system 74, and wherein, set-top box 71 is mutual with certification agency terminal 72, certification agency terminal 72 is mutual with certificate granting terminal 73, set-top box 71 is mutual with media system 74, and media system 74 is mutual with certificate granting terminal 73, so that set-top box 71 access media systems 74.
Need to prove: for aforesaid each embodiment of the method, for simple description, so it all is expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not subjected to the restriction of described sequence of movement, because according to the present invention, some can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in the specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, do not have the part that describes in detail among certain embodiment, can be referring to the associated description of other embodiment.The those skilled in the art can be well understood to, and is the convenience described and succinct, the system of foregoing description, and the specific works process of device and unit can with reference to the corresponding process among the preceding method embodiment, not repeat them here.
In several embodiment that the application provides, should be understood that, disclosed system, apparatus and method can realize by another way.For example, device embodiment described above only is schematic, for example, the division of described unit, only be that a kind of logic function is divided, during actual the realization other dividing mode can be arranged, for example a plurality of unit or assembly can in conjunction with or can be integrated into another system, or some features can ignore, or do not carry out.Another point, the shown or coupling each other discussed or direct-coupling or communication connection can be by some interfaces, indirect coupling or the communication connection of device or unit can be electrically, machinery or other form.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (10)

1.一种机顶盒的认证方法,其特征在于,包括:1. An authentication method of a set-top box, characterized in that, comprising: 机顶盒向证书代理终端发送第一请求消息,所述第一请求消息包括待获取证书的标识信息,所述证书代理终端中存储有所述机顶盒用以接入媒体系统时所使用的证书;The set-top box sends a first request message to the certificate proxy terminal, the first request message includes identification information of the certificate to be obtained, and the certificate proxy terminal stores the certificate used by the set-top box to access the media system; 所述机顶盒接收所述证书代理终端根据所述待获取证书的标识信息发送的证书的关键字信息;The set-top box receives the keyword information of the certificate sent by the certificate proxy terminal according to the identification information of the certificate to be obtained; 所述机顶盒根据所述证书的关键字信息接入所述媒体系统;The set-top box accesses the media system according to the keyword information of the certificate; 所述机顶盒接收所述证书代理终端根据所述待获取证书的标识信息发送的证书的关键字信息之前,还包括:Before the set-top box receives the keyword information of the certificate sent by the certificate proxy terminal according to the identification information of the certificate to be obtained, it further includes: 所述机顶盒接收所述证书代理终端发送的所述待获取证书存在且有效的状态信息;The set-top box receives the status information that the certificate to be obtained exists and is valid sent by the certificate agent terminal; 所述机顶盒接收所述证书代理终端发送的鉴权通过的消息。The set-top box receives the authentication passing message sent by the certificate proxy terminal. 2.根据权利要求1所述的机顶盒的认证方法,其特征在于,所述机顶盒向证书代理终端发送第一请求消息之前,还包括:2. the authentication method of set-top box according to claim 1, is characterized in that, before described set-top box sends the first request message to certificate agent terminal, also comprises: 所述机顶盒向所述媒体系统发送请求登录消息;The set-top box sends a login request message to the media system; 所述机顶盒接收所述媒体系统根据所述请求登录消息发送的第一响应消息,所述第一响应消息包括所述证书的标识信息。The set-top box receives a first response message sent by the media system according to the login request message, where the first response message includes identification information of the certificate. 3.根据权利要求1所述的机顶盒的认证方法,其特征在于,若所述机顶盒接收所述证书代理终端发送的所述待获取证书不存在的状态信息;3. The authentication method of a set-top box according to claim 1, wherein if the set-top box receives the state information that the certificate to be obtained does not exist sent by the certificate agent terminal; 则所述机顶盒根据所述待获取证书不存在的状态信息向所述证书代理终端发送响应消息,以使所述证书代理终端根据所述响应消息向证书授权终端获取所述证书。Then, the set-top box sends a response message to the certificate proxy terminal according to the state information that the certificate to be obtained does not exist, so that the certificate proxy terminal obtains the certificate from the certificate authority terminal according to the response message. 4.一种机顶盒的认证方法,其特征在于,包括:4. An authentication method for a set-top box, comprising: 证书代理终端接收机顶盒发送的第一请求消息,该第一请求消息包括待获取证书的标识信息,所述证书代理终端中存储有所述机顶盒用以接入媒体系统时所使用的证书;The certificate proxy terminal receives the first request message sent by the top box, the first request message includes the identification information of the certificate to be obtained, and the certificate proxy terminal stores the certificate used by the set-top box to access the media system; 所述证书代理终端根据所述待获取证书的标识信息将证书的关键字信息发送至所述机顶盒,以使所述机顶盒根据所述证书的关键字信息接入所述媒体系统;所述证书代理终端根据所述待获取证书的标识信息将证书的关键字信息发送至所述机顶盒之前,还包括:The certificate proxy terminal sends the key information of the certificate to the set-top box according to the identification information of the certificate to be obtained, so that the set-top box accesses the media system according to the key information of the certificate; the certificate proxy Before the terminal sends the keyword information of the certificate to the set-top box according to the identification information of the certificate to be obtained, it further includes: 所述证书代理终端根据所述待获取证书的标识信息确定所述待获取证书存在且有效,并将所述待获取证书存在且有效的状态信息发送至所述机顶盒;The certificate proxy terminal determines that the certificate to be obtained exists and is valid according to the identification information of the certificate to be obtained, and sends the status information that the certificate to be obtained exists and is valid to the set-top box; 所述证书代理终端对所述机顶盒进行鉴权,若鉴权通过,则向所述机顶盒发送鉴权通过的消息。The certificate proxy terminal authenticates the set-top box, and if the authentication passes, sends an authentication-passed message to the set-top box. 5.根据权利要求4所述的机顶盒的认证方法,其特征在于,还包括:所述证书代理终端重复检测该证书代理终端内部存储的各证书的有效性。5 . The authentication method for a set-top box according to claim 4 , further comprising: the certificate proxy terminal repeatedly checking the validity of each certificate stored in the certificate proxy terminal. 6 . 6.根据权利要求5所述的机顶盒的认证方法,其特征在于,还包括:6. the authentication method of set-top box according to claim 5, is characterized in that, also comprises: 若所述证书代理终端检测到所述证书失效,则所述证书代理终端向与所述证书对应的机顶盒发送证书需更新的消息,该消息中包括所述证书的标识信息;If the certificate proxy terminal detects that the certificate is invalid, the certificate proxy terminal sends a message that the certificate needs to be updated to the set-top box corresponding to the certificate, and the message includes the identification information of the certificate; 所述证书代理终端在接收到所述机顶盒对所述证书需更新消息的响应消息后,向证书授权终端获取所述证书。The certificate proxy terminal obtains the certificate from the certificate authorization terminal after receiving the response message from the set-top box to the certificate update message. 7.一种机顶盒,其特征在于,包括:7. A set-top box, characterized in that, comprising: 第一发送模块,用于向证书代理终端发送第一请求消息,所述第一请求消息包括待获取证书的标识信息,所述证书代理终端中存储有机顶盒用以接入媒体系统时所使用的证书;The first sending module is configured to send a first request message to the certificate agent terminal, the first request message includes the identification information of the certificate to be obtained, and the certificate agent terminal stores the information used by the set-top box to access the media system Certificate; 第一接收模块,用于接收所述证书代理终端根据所述待获取证书的标识信息发送的证书的关键字信息,以使所述机顶盒根据所述证书的关键字信息接入所述媒体系统;The first receiving module is configured to receive the key information of the certificate sent by the certificate agent terminal according to the identification information of the certificate to be obtained, so that the set-top box can access the media system according to the key information of the certificate; 所述第一接收模块还用于,接收所述证书代理终端发送的所述待获取证书存在且有效的状态信息;接收所述证书代理终端发送的鉴权通过的消息。The first receiving module is further configured to receive the status information that the certificate to be obtained exists and is valid sent by the certificate agent terminal; receive the authentication passing message sent by the certificate agent terminal. 8.根据权利要求7所述的机顶盒,其特征在于,8. The set-top box according to claim 7, characterized in that, 所述第一发送模块,还用于向所述媒体系统发送请求登录消息;The first sending module is further configured to send a login request message to the media system; 所述第一接收模块,还用于接收所述媒体系统根据所述请求登录消息发送的第一响应消息,所述第一响应消息包括所述证书的标识信息。The first receiving module is further configured to receive a first response message sent by the media system according to the login request message, where the first response message includes identification information of the certificate. 9.一种证书代理终端,其特征在于,包括:9. A certificate agent terminal, characterized in that it comprises: 存储模块,用于存储机顶盒用以接入媒体系统时所使用的证书;The storage module is used for storing the certificate used when the set-top box is used to access the media system; 第二接收模块,用于接收所述机顶盒发送的第一请求消息,该第一请求消息包括待获取证书的标识信息;The second receiving module is configured to receive a first request message sent by the set-top box, where the first request message includes identification information of the certificate to be obtained; 第二发送模块,用于根据所述待获取证书的标识信息将证书的关键字信息发送至所述机顶盒,以使所述机顶盒根据所述证书的关键字信息接入所述媒体系统;The second sending module is configured to send the keyword information of the certificate to the set-top box according to the identification information of the certificate to be obtained, so that the set-top box can access the media system according to the keyword information of the certificate; 第一鉴权模块,用于对所述机顶盒进行鉴权;The first authentication module is used to authenticate the set-top box; 若鉴权通过,所述第二发送模块,还用于将鉴权通过的消息发送至所述机顶盒;If the authentication is passed, the second sending module is further configured to send a message of passing the authentication to the set-top box; 检测模块,用于检测所述存储模块中各证书的有效性;A detection module, configured to detect the validity of each certificate in the storage module; 若所述待获取证书有效,所述第二发送模块,还用于将所述待获取证书有效的状态信息发送至所述机顶盒。If the certificate to be obtained is valid, the second sending module is further configured to send the status information that the certificate to be obtained is valid to the set-top box. 10.一种通信系统,其特征在于,包括如上权利要求7或8所述的机顶盒、如上权利要求9所述的证书代理终端、证书授权终端及媒体系统,其中,机顶盒与证书代理终端交互,证书代理终端与证书授权终端交互,机顶盒与媒体系统交互,媒体系统与证书授权终端交互。10. A communication system, characterized in that it comprises the set-top box according to claim 7 or 8, the certificate proxy terminal, the certificate authorization terminal and the media system according to claim 9, wherein the set-top box interacts with the certificate proxy terminal, The certificate agent terminal interacts with the certificate authorization terminal, the set-top box interacts with the media system, and the media system interacts with the certificate authorization terminal.
CN2011101959036A 2011-07-13 2011-07-13 Set-top box authentication method as well as certificate proxy terminal and system Active CN102256178B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011101959036A CN102256178B (en) 2011-07-13 2011-07-13 Set-top box authentication method as well as certificate proxy terminal and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011101959036A CN102256178B (en) 2011-07-13 2011-07-13 Set-top box authentication method as well as certificate proxy terminal and system

Publications (2)

Publication Number Publication Date
CN102256178A CN102256178A (en) 2011-11-23
CN102256178B true CN102256178B (en) 2013-03-20

Family

ID=44983114

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011101959036A Active CN102256178B (en) 2011-07-13 2011-07-13 Set-top box authentication method as well as certificate proxy terminal and system

Country Status (1)

Country Link
CN (1) CN102256178B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114518977B (en) * 2020-11-19 2024-08-23 青岛海信宽带多媒体技术有限公司 Method, device and terminal for detecting and recovering data damage of high-security partition

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100885559B1 (en) * 2002-10-14 2009-02-24 엘지전자 주식회사 User Authentication Method in Data Broadcasting
CN100584008C (en) * 2006-05-09 2010-01-20 中国科学院研究生院 Scrambling non-scrambling transmission flow real-time authenticating device and television device with same
CN101198015B (en) * 2007-12-27 2011-06-15 上海全景数字技术有限公司 Digital television authentication system and encryption method thereof
CN101547097B (en) * 2009-02-11 2011-05-04 广州杰赛科技股份有限公司 Digital media management system and management method based on digital certificate
CN101958904B (en) * 2010-10-12 2012-07-11 高斯贝尔数码科技股份有限公司 User identity (Id) security authentication system and method for interactive digital television system

Also Published As

Publication number Publication date
CN102256178A (en) 2011-11-23

Similar Documents

Publication Publication Date Title
CN108810006B (en) Resource access method, device, equipment and storage medium
CN104021333B (en) Mobile security watch bag
US10460309B2 (en) Payment verification method, apparatus and system
CN103095659B (en) Account logon method and system in a kind of the Internet
CN109756446B (en) Access method and system for vehicle-mounted equipment
JP2019512976A (en) Identity registration method and device
CN103517273A (en) Authentication method, managing platform and Internet-of-Things equipment
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN103944737A (en) User identity authentication method, third-party authentication platform and operator authentication platform
CN110958119A (en) Identity verification method and device
CN106936772A (en) A kind of access method, the apparatus and system of cloud platform resource
US20130160094A1 (en) OTA Bootstrap Method and System
CN104717192A (en) Validity verification method and intermediate server
CN103780580A (en) Method, server and system for providing capability access strategy
KR20200102213A (en) Method and System for Providing Security on in-Vehicle Network
CN110519764B (en) Security verification method, system, computer device and medium of communication device
CN103178969A (en) Service authentication method and system
CN111131303A (en) Request data verification system and method
CN104348616A (en) Method for visiting terminal security component, device thereof and system thereof
CN110943840B (en) Signature verification method
CN117882337A (en) Certificate Revocation as a Service at Data Centers
CN105100068A (en) System and method for realizing single sign-on
CN108449348A (en) An online authentication system and method supporting user identity privacy protection
CN110717770A (en) Anti-counterfeiting detection method, device, equipment and storage medium for vehicle parts
CN106576239B (en) Method and device for content management in a security unit

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant