CN102356640A - 向pc平台递送安全的iptv服务 - Google Patents
向pc平台递送安全的iptv服务 Download PDFInfo
- Publication number
- CN102356640A CN102356640A CN2010800126809A CN201080012680A CN102356640A CN 102356640 A CN102356640 A CN 102356640A CN 2010800126809 A CN2010800126809 A CN 2010800126809A CN 201080012680 A CN201080012680 A CN 201080012680A CN 102356640 A CN102356640 A CN 102356640A
- Authority
- CN
- China
- Prior art keywords
- application
- cad
- interface
- user
- iptv service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012545 processing Methods 0.000 claims abstract description 28
- 238000000034 method Methods 0.000 claims abstract description 25
- 238000003860 storage Methods 0.000 claims abstract description 12
- 230000008569 process Effects 0.000 claims abstract description 11
- 230000004044 response Effects 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 8
- 230000003993 interaction Effects 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 4
- 230000002452 interceptive effect Effects 0.000 claims description 4
- 238000003780 insertion Methods 0.000 claims description 3
- 230000037431 insertion Effects 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims description 3
- 238000012508 change request Methods 0.000 claims 1
- 239000013256 coordination polymer Substances 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 239000000835 fiber Substances 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 210000003813 thumb Anatomy 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
- H04N7/17318—Direct or substantially direct transmission and handling of requests
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/414—Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
- H04N21/4143—Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance embedded in a Personal Computer [PC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4183—External card to be used in combination with the client device, e.g. for conditional access providing its own processing capabilities, e.g. external module for video decoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4184—External card to be used in combination with the client device, e.g. for conditional access providing storage capabilities, e.g. memory stick
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/426—Internal components of the client ; Characteristics thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/61—Network physical structure; Signal processing
- H04N21/6106—Network physical structure; Signal processing specially adapted to the downstream path of the transmission network
- H04N21/6125—Network physical structure; Signal processing specially adapted to the downstream path of the transmission network involving transmission via Internet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/637—Control signals issued by the client directed to the server or network components
- H04N21/6377—Control signals issued by the client directed to the server or network components directed to server
- H04N21/63775—Control signals issued by the client directed to the server or network components directed to server for uploading keys, e.g. for a client to communicate its public key to the server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/81—Monomedia components thereof
- H04N21/8166—Monomedia components thereof involving executable data, e.g. software
- H04N21/8173—End-user applications, e.g. Web browser, game
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Graphics (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Storage Device Security (AREA)
Abstract
为了在提供IPTV服务时防止受保护的内容失窃,条件接入设备(CAD)连接至个人计算机(PC)。在PC上通过通用串行总线(USB)从CAD启动应用。所述应用使得PC配置为允许用户接收安全的因特网协议电视(IPTV)服务。条件接入设备和IPTV服务提供商通过使用CAD上的可信计算基(TCB)以及存储在CAD上的密钥来判断用户是否有权经由网络接入IPTV服务。所述应用使用PC的处理和存储能力来对IPTV服务进行解密和解码。CAD还接收和处理从遥控接口接收的遥控信号。这些遥控信号是来自与所述应用交互的用户的请求或响应。所述应用经由PC上的用户界面来显示用户所请求的内容或对用户响应的指示。
Description
技术领域
本公开涉及通信系统和方法,并且更具体地涉及在安全环境中通过因特网将电视服务递送至例如个人计算机,其中传统有线电视用户体验被保持。
背景技术
当前的付费电视和其它广告或点播服务实施内容保护方案来防止盗窃。传统的内容保护是通过实体防卫、加密、数字版权管理和其它方案来实现的。在客户住地,诸如机顶盒(STB)或家庭媒体服务器之类的专用设备被用来加密内容并将其提供给端用户。解密是使用如下密钥来执行的:由可信计算基(TCB)使用在制造期间被“烧制”到硬件中的根密钥而导出的临时密钥以及通过服务登记处理被装载到TCB中的可能针对每订户的密钥。
然而,随着因特网协议电视(IPTV)的出现,可以通过多个网络来递送内容。另外,内容可以从STB或媒体服务器被递送至诸如个人计算机或移动设备之类的远程设备。这些新的内容分发模式为盗窃开创了另外的途径。
附图说明
图1是根据本发明实施例的IPTV分发系统的框图,其中,头端设施利用TCB与耦接至条件接入设备(CAD)的通用计算机通信。
图2是根据本发明实施例的CAD的框图的示例,该CAD被配置为执行允许用户接入IPTV服务的条件接入应用处理。
图3a和图3b描述根据本发明实施例的条件接入应用处理的流程图。
具体实施方式
概述
本发明的实施例提供一种方法以及有关的系统组件,用于检测条件接入设备(CAD)和通用计算机之间的活动接口。在通用计算机上经由活动接口从CAD启动先前存储在CAD上的应用。所述应用使得通用计算机配置为允许用户与所述应用交互以便订阅因特网协议电视(IPTV)服务、接收IPTV服务以及与IPTV服务交互、对由IPTV服务提供的内容进行解密和解码、向用户显示所述内容、处理用户请求、向用户呈现与IPTV服务相关联的选项以及使用通用计算机经由网络来接入IPTV服务。条件接入设备和IPTV服务提供商通过使用CAD上的可信计算基(TCB)并且使用从存储在该CAD上的根密钥(主密钥和密钥解密密钥)导出的密钥层级结构来判断用户是否有权经由网络接入IPTV服务,随后,在判定用户有权接入IPTV服务时,通过将由TCB提供的内容解密密钥从CAD发送给所述应用而提供对IPTV服务的接入。所述应用使用通用计算机的处理和存储能力来对IPTV服务进行解密和解码。CAD还接收和处理从遥控接口接收的遥控信号。遥控信号是来自与所述应用交互的用户的请求和响应。所述应用经由通用计算机上的用户界面来显示用户所请求的内容或对用户响应的指示。
示例实施例
首先参考图1,IPTV分发系统或网络总地用标号100示出并且包括头端设施(HEF)105、网络110、多个客户住地(CP)115(I)-115(n)、驻留在CP 115(2)中的线缆调制解调器(CM)120、耦接至电视130的机顶盒(STB)125、耦接至通用计算机(PC)140的局域网(LAN)135,PC140又耦接至CAD 150。CAD 150包括用于存储和向通用计算机装载程序的非易失性存储器、用于从遥控器170接收信号160的接收器(在图2中示出)以及利用条件接入应用处理300(以下称为“CA处理”)的TCB。线缆调制解调器120、LAN 135和PC 140可以连接至其它有线/无线数据网络设施(未示出)并且在一定意义上用作网关或接入点,经由该网关或接入点,另外的PC或消费设备(未示出)可以接入那些数据网络设施和IPTV服务。
这里提供了一种技术,借助该技术,用户可以将CAD 150连接至PC140并且从HEF 105接收IPTV服务。当用户将CAD 150连接至PC 140时,CAD检测PC和CAD之间的活动接口。在检测到活动接口时,CAD150启动CA处理300(稍后结合图3描述)。简要而言,通过CA处理300,用户将CAD 150插接至PC 140中,驻留在该AD上的应用在PC 140上被启动并且以窗口或图形用户界面(GUI)的形式向用户呈现界面,用户藉此界面获取大致具有与通过STB(例如参见美国国家标准协会(ANSI)/有线电视通信工程师协会(SCTE)标准24-10:IPCablecom安全性;以及参见联邦信息处理标准公布(FIPS PUB)140-2:密码模块的安全要求)提供的安全级别相同的安全级别的IPTV服务。
应当理解,HEF 105可以是传统的有线工业HEF、一些其它的多服务运营商(MSO)设施或可替代的服务提供商设施。HEF 105对用户接入IPTV服务的能力进行认证。HEF 105还通过网络110提供IPTV服务和内容,或引导来自另外的内容/服务提供商180的内容/服务。类似地,网络110可以包括专用混合光纤同轴(HFC))网络、公共交换电话网络(PSTN)、光纤网络、卫星网络、其它网络,或者前述网络的组合。
一旦可在CP(具体地,在CP 115(2)中)处获得IPTV服务,IPTV服务就可以由CM 120在CP 115(2)中被分发。CM 120可以将IPTV服务直接地(未示出)或通过STB 125分发给TV 130。CM 120亦可以将IPTV服务直接地(未示出)或通过LAN 140分发给PC 140。分发可以使用有线线路的或无线的(未示出)方法来完成。图1还描绘了供用户用来经由CAD 150与在PC 140上运行的应用交互的遥控器170。遥控器170亦可以与用来与STB 125通信的遥控器相同或类似。CAD 150将来自遥控器170的信号160中所包含的信息通过活动接口发送至PC 140。该信息可以被所述应用使用和/或通过使用PC 140的网络通信能力而被转发至HEF 105。HEF 105随后可以以通过所述应用而显示在PC 140上的响应来进行响应。该响应亦可以由CAD 150认证,例如如果用户请求视频点播(VOD)或其它受保护的内容(例如按次付费收视或加密的实况内容),则HEF 105对内容进行授权,CAD 150提供内容解密密钥,并且所述应用解密、解码并显示IPTV视频。
图1中示出的示例不希望是限制性的。例如,CM 120无疑可以是数字用户线路(DSL)调制解调器、光纤到户(FTTH)或其它形式的住地网关。并且,虽然对于CM 120、STB 125、TV 130、LAN 135、PC 140和CAD 150仅示出单个实例,但是,应当理解,在CP 115(2)中,每种设备可以多于一个。
参见图2,示出可以用作CAD 150的条件接入设备的框图的示例。图2描绘了被配置来执行在此所述的CA处理300的CAD 150。CAD 150包括USB连接头210、USB接口220、遥控接收器230和可信计算基(TCB)240。TCB 240将要发送的数据提供给USB接口220并处理通过USB接口接收的信号。另外,TCB 240处理从遥控接收器230接收的信号。遥控接收器230可以包括射频(RF)接收器280、红外接收器(IR)270或两者。应当理解,可以有为了简化而未示出的其它电路,诸如各种信号路径中用于在模拟信号和数字信号之间进行转换的模数转换器(ADC)和数模转换器(DAC)。
在此所述的CAD 150包括USB接口220。虽然可以使用其它接口,但是USB是优选实施例。这是因为USB作为PC类计算机上接口的普遍性并且因为CAD 150意图是便携式设备。可以想象,其可以是像通常用于个人计算机的拇指驱动器或存储条那样小。USB接口能够向CAD 150供应电力,因此可以允许尺寸缩小,但是CAD 150可以由电池或其它手段来供电。另外,USB接口是即插即用接口,用户只要将CAD 150插接至PC140中,某些功能就可以被自动使能,例如自动启动或结束CAD 150上所存储的应用。
USB接口220可以包括用于将已转换的信号提供给PC 140的发送电路和用于从PC 140接收要提供给TCB 240的信号的接收电路。接收器230包括用于检测在RF接收器280和IR接收器270处接收的信号的检测电路(未示出),并且将相应的检测到的信号提供给TCB 240。
TCB 240包括控制器250、用于主密钥存储的一次写入存储器260或其它安全存储器、用于应用存储的非易失性存储器(NVM)263或存储用于在此所述的技术的数据的其它数据存储块267。TCB 240亦可以包括对于获得期望的安全级别必不可少的其它硬件、固件和/或软件,并且可以最终形成与在此所述的示例不同的配置。存储器267可以是单独的或者是TCB 240的一部分,而一次写入存储器260和NVM 263意图是在TCB 240以内的,这是因为它们被用于密钥存储。用于执行CA处理300的指令可以存储在NVM 263中以用于由控制器250执行。在优选实施例中,存储器263将存储所述应用和完整的STB或类似STB的软件套装。通过保留STB软件套装,服务提供商的现有STB供应和控制系统可以得到维护。
控制器250可以是高级精简指令集计算机(ARM)、专用集成电路(ASIC)或适合于TCB的其它处理或控制设备。控制器250的功能可以用被编码于一个或多个有形介质中的逻辑(例如,诸如专用集成电路之类的嵌入式逻辑、数字信号处理器指令、由处理器执行的软件等等)来实现,其中,存储器263、267存储用于在此所述的计算的数据(和/或存储被运行来执行在此所述的计算的软件或处理器指令)。因此,CA处理300可以利用固定的逻辑或可编程的逻辑(例如由处理器执行的软件/计算机指令)来实现。以下结合图3a和图3b来详细描述CA处理300。
简要而言,CA处理300包括在PC 140上从CAD 150启动应用以及所述应用配置PC 140以用于交互式IPTV服务。所述应用、CAD 150和HEF105协调动作来解密、解码以及以其他方式处理内容以用于对用户的交互式呈现。
参考图3a并且继续参考图1和图2,现在更详细地描述CA处理300。在310处,CAD 150检测CAD 150和PC 140之间的活动接口。在一个示例中,CAD 150检测诸如USB之类的即插即用接口。在其它实施例中,CAD 150可以检测以太网接口、异步传输模式(ATM)接口或其它接口。TCB 240为服务提供商提供保护以免遭内容盗窃。TCB 240被设计为通过实体硬件设计防止密钥失窃来防止对硬件的物理篡改并且通过活动接口来防止黑客攻击(例如参见上述FIPS PUB 140-2)。
接着,在320处,在PC 140上经由USB接口220接口从CAD 150启动先前存储在CAD上的应用。所述应用使得PC 140配置为允许用户与所述应用交互,以便订阅IPTV服务、接收IPTV服务和与IPTV服务交互、解密和解码通过IPTV服务提供的内容、向用户显示内容、处理用户请求以及向用户呈现与IPTV服务相关联的选项。所述应用可以使用自运行配置文件或类似方法而被启动。可以提示用户来确认启动。可替换地,所述应用或应用组件的一部分可以通过因特网被下载或者在CDROM或类似介质上被提供。
在一个实施例中,所述应用将提示用户订阅IPTV服务。可以向用户询问账号信息,诸如名称、地址、账号等。信息可以是被缓存以用于下一次启动或在随后的启动时被周期地确认。为了接收IPTV服务和与之交互,可以针对口令和/或用户名来提示用户。口令可以与具体的用户账号相关联。在一个实施例中,用户账号也可以与家长控制相关联。因此,当所述应用被启动时,用户名和口令要被输入,可以实现观看约束,例如接入的持续时间、每日接入时间或家长建议级别的接入等。与IPTV服务的交互可以包括节目浏览、节目观看、与“真实”参与者的交互式博弈、视频会议、网络冲浪和游戏。从PC输入的或存储在PC上的口令和其它证书不被直接用来接入或订阅IPTV服务,而是用来“解锁”存储在CAD上的TCB存储器中的安全证书。这些证书随后在CAD上的TCB和服务提供商的网络中的HEF之间的直接的安全信道上被使用。这防止安全证书因可能影响PC的病毒或其它恶意软件而失窃。
在另一实施例中,所述应用解密和/或解码IPTV服务内容。在受保护的内容(诸如高级编程(premium programming)、VOD、或按次付费收视(PPV))的情况中,内容可以被解密和被编码并被置于诸如MPEG-2传输流(TS)或电缆数据服务接口规范(DOCSIS)兼容流之类的传输流中。TS可以进一步封装在IP(TCP/IP)中。所述应用使用由销售商或服务提供商提供的方法来对内容进行解密和解码。应用然后能够经由PC 140上的界面来向用户显示内容。另外,应用可以处理用户请求以及将与IPTV服务相关联的选项呈现给用户。这些请求可以由CAD 150或HEF105认证,并且所呈现的选项可以由CAD 150或HEF 105提供。
在330处,使用PC 140经由网络110来请求接入IPTV服务。CAD150和IPTV服务提供商,例如HEF 105,通过使用CAD 150上的TCB240以及从存储在CAD 150上的根密钥导出的密钥的层级结构来判断用户是否有权经由网络110接入IPTV服务。根密钥以及针对每用户的密钥与从HEF 105接收的会话密钥一起用来导出用于内容解密的内容密钥。这系列密钥形成用于内容解密的密钥层级结构。内容密钥是对内容进行初始加密所使用的密钥。前述密钥的层级结构包括依赖于用于CAD的根密钥或者依赖于安全地递送给CAD的密钥解密密钥的所有密钥。该密钥层级结构包含用其它密钥加密的密钥,或经由本地算法从其它密钥导出的密钥。结果形成依赖于其它密钥的密钥层级结构。用户认证处理与STB已经使用的类似并且在本领域是公知的。
参考图3b,继续讨论CA处理300。接着,在340处,一旦用户接入被请求并经认证,就提供对IPTV服务的接入。内容和其它数据从HEF105或另外的内容提供商180被流传输至PC 140。所述应用与CAD 150一起工作来获取用于解密内容的各部分的内容密钥。尽管这将内容密钥暴露于可能的泄露,但是内容密钥存活很短。所述应用使用PC 140的处理和存储能力来对IPTV服务进行解密和解码。
在350处,接收和处理遥控信号。这些信号是来自与所述应用交互的用户的请求或响应。遥控器170可以提供传统的“频道冲浪”能力或增强的能力来与IPTV可用的新服务交互。另外,遥控器可以用于数字视频记录仪(DVR)命令。虽然可以使用遥控器,但是并没有排除用户使用点选设备,诸如鼠标,或从键盘输入信息。
最后,在360处,在PC 140上显示用户所请求的内容或对来自用户的响应的指示。注意,360实际上不是CA处理300的一部分,因为其发生在PC 140上并且因此用虚线框指示。当所述应用被启动时,其可以以全屏模式打开,这样防止用户接入其它应用;所述应用可以控制PC 140的图形系统。所述应用为用户提供用来观看内容和与内容交互的显示区域。显示区域可以使得用户界面与LAN 135的用户界面相同,所以不会需要新的用户训练。
在一个实施例中,可以提供各种级别的编程。例如,最新的个人计算机可以呈现高清晰(HD)视频,但是某些较老的型号可以是不支持HD的。所述应用可以检测视频能力或允许用户配置视频设置。对于音频部分同样如此。PC 140可以仅能够制作立体声,而实际的音频流可以提供家庭影院的各种级别(多于两个声道)的声音。或者可以就像对于STB 125那样预先装备视频和音频质量。
在另一些实施例中,所述应用或CAD 150软件可以由CAD 150通过网络110来更新(升级)。更新处理可以通过采用传输安全性(例如TLS-传输层安全性)、应用代码上的数字签名或这二者来保证安全。所述应用或CAD软件可以用使用签字密钥或数字证书(公共密钥证书)的签字权来签名。CAD 150随后可以使用存储在CAD上的密钥或通过包括可信签字权的信任链来对软件更新进行认证。
尽管在此图示并描述了在一个或多个具体示例中具体化的装置、系统和方法,但是不论如何,不应限制于所示出的细节,因为在不偏离这些装置、系统和方法的范围的情况并且在权利要求的等同物的范围内,可以进行各种修改和结构变化。因此,适当地,所附权利要求应当被广义地、以与如下权利要求中所述的装置、系统和方法的范围一致的方式来解释。
Claims (22)
1.一种方法,包括:
检测条件接入设备CAD和通用计算机之间的活动接口;
在通用计算机上经由所述活动接口从CAD启动先前存储在CAD上的应用,其中,所述应用使得通用计算机配置为允许用户与所述应用交互以便订阅因特网协议电视IPTV服务、接收IPTV服务和与IPTV服务交互、对由IPTV服务提供的内容进行解密和解码、向用户显示所述内容、处理用户请求以及向用户呈现与IPTV服务相关联的选项;
使用通用计算机来请求经由网络接入IPTV服务,其中,条件接入设备和IPTV服务提供商通过使用CAD上的可信计算基TCB并且使用从存储在CAD上的根密钥导出的密钥层级结构来判断用户是否有权经由网络接入IPTV服务;
在判定用户有权接入IPTV服务时,通过将由TCB提供的内容解密密钥从CAD发送给所述应用而提供对IPTV服务的接入,其中所述应用使用通用计算机的处理和存储能力来对IPTV服务进行解密和解码;
在CAD处并由CAD接收和处理遥控信号,其中所述信号是来自与所述应用交互的用户的请求或响应;以及
显示用户所请求的内容或对来自用户的响应的指示。
2.如权利要求1所述的方法,其中,所述检测包括检测通用串行总线USB接口,其中,CAD存在于该USB上。
3.如权利要求1所述的方法,还包括:从IPTV服务提供商检测何时可获得所述应用的新版本,并且经由网络安全地更新所述应用,其中所述安全地更新包括通过使用安全通信信道和/或数字签名的应用代码来更新。
4.如权利要求1所述的方法,还包括:从IPTV服务提供商检测何时可获得CAD软件的新版本,并且经由网络安全地更新所述条件接入设备软件,其中所述安全地更新包括通过使用安全通信信道和/或数字签名的软件媒体来更新。
5.如权利要求1所述的方法,其中,所述接入包括使用数字版权管理(DRM)来接入所述内容。
6.如权利要求1所述的方法,其中,所述接收和处理包括接收和处理遥控信号,所述遥控信号包括订户账号信息、频道改变请求、数字视频记录仪命令和与IPTV相关联的交互式输入。
7.如权利要求1所述的方法,其中,所述应用要求用户名和/或口令,并且其中该用户名和/或口令与可允许的IPTV内容的级别相关联。
8.一种装置,包括:
第一接口,该第一接口被配置为与通用计算机通信;
处理套装,该处理套装包括具有非易失存储器的可信计算基,该处理套装被配置为:
经由第一接口来启动应用,其中所述应用使得通用计算机配置为允许用户与所述应用交互以便订阅IPTV服务、接收IPTV服务和与IPTV服务交互、对由IPTV服务提供的内容进行解密和解码、向用户显示所述内容、处理用户请求以及向用户呈现与IPTV服务相关联的选项;
经由密钥层级结构来生成内容解密密钥;
将所述内容解密密钥发送给所述应用,以供所述应用用来对所述内容进行解密;
存储器,该存储器用于存储所述应用、数据和处理指令集;以及
第二接口,该第二接口被配置为与遥控设备通信,其中该遥控设备允许用户与所述应用交互。
9.如权利要求8所述的装置,其中,第一接口是通用串行总线(USB)接口。
10.如权利要求8所述的装置,其中,处理套装还包括高级精简指令集计算机(ARM)。
11.如权利要求8所述的装置,其中,处理套装还被配置为安全地更新所述应用,其中处理套装使用安全通信信道和/或数字签名的应用代码来更新所述应用。
12.如权利要求8所述的装置,其中,处理套装还被配置为安全地更新所述处理指令集,其中处理套装使用安全通信信道和/或数字签名的处理指令集来更新所述应用。
13.如权利要求8所述的装置,其中,处理套装还被配置为使用数字版权管理(DRM)来控制对所述内容的接入。
14.如权利要求8所述的装置,其中,第二接口是红外接口、射频接口、有线接口中的一者。
15.如权利要求8所述的装置,其中,该装置是便携的。
16.一种系统,包括:
通用计算机,该通用计算机耦接至网络并被配置为从条件接入设备接收应用并运行所述应用,其中所述应用使得通用计算机配置为允许用户与所述应用交互以便订阅IPTV服务、接收IPTV服务和与IPTV服务交互、对由IPTV服务提供的内容进行解密和解码、向用户显示所述内容、处理用户请求以及向用户呈现与IPTV服务相关联的选项;以及
条件接入设备CAD,该条件接入设备耦接至通用计算机,该条件接入设备包括:
第一接口,该第一接口被配置为与通用计算机通信;
处理套装,该处理套装包括具有非易失存储器的可信计算基,该处理套装被配置为:
经由第一接口来启动所述应用;
经由密钥层级结构来生成内容解密密钥;
将所述内容解密密钥发送给所述应用,以供所述应用用来对所述内容进行解密;
存储器,该存储器用于存储所述应用、数据和处理指令集;以及
第二接口,该第二接口被配置为与遥控设备通信。
17.如权利要求16所述的系统,其中,CAD的第一接口是通用串行总线(USB)接口。
18.如权利要求16所述的系统,其中,CAD的处理套装还包括高级精简指令集计算机(ARM)。
19.如权利要求16所述的系统,其中,CAD的处理套装还被配置为安全地更新所述应用,其中该处理套装使用安全通信信道和/或数字签名的应用代码来更新所述应用。
20.如权利要求16所述的系统,其中,CAD的处理套装还被配置为安全地更新所述处理指令集,其中该处理套装使用安全通信信道和/或数字签名的处理指令集来更新所述应用。
21.如权利要求16所述的系统,其中,该CAD的该处理套装还被配置为使用数字版权管理(DRM)来控制对所述内容的接入。
22.如权利要求16所述的系统,其中,CAD的第二接口是红外接口、射频接口、有线接口中的一者。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/407,810 US8321950B2 (en) | 2009-03-20 | 2009-03-20 | Delivering secure IPTV services to PC platforms |
US12/407,810 | 2009-03-20 | ||
PCT/US2010/027091 WO2010107662A1 (en) | 2009-03-20 | 2010-03-12 | Delivering secure iptv services to pc platforms |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102356640A true CN102356640A (zh) | 2012-02-15 |
CN102356640B CN102356640B (zh) | 2015-11-25 |
Family
ID=42111265
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201080012680.9A Active CN102356640B (zh) | 2009-03-20 | 2010-03-12 | 向pc平台递送安全的iptv服务 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8321950B2 (zh) |
EP (1) | EP2409492B1 (zh) |
CN (1) | CN102356640B (zh) |
WO (1) | WO2010107662A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103888787A (zh) * | 2012-12-20 | 2014-06-25 | 中山大学深圳研究院 | Pc平台提供安全的iptv服务 |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9818073B2 (en) | 2009-07-17 | 2017-11-14 | Honeywell International Inc. | Demand response management system |
US9137050B2 (en) | 2009-07-17 | 2015-09-15 | Honeywell International Inc. | Demand response system incorporating a graphical processing unit |
US9124535B2 (en) * | 2009-07-17 | 2015-09-01 | Honeywell International Inc. | System for using attributes to deploy demand response resources |
US9153001B2 (en) | 2011-01-28 | 2015-10-06 | Honeywell International Inc. | Approach for managing distribution of automated demand response events in a multi-site enterprise |
KR101451421B1 (ko) * | 2011-12-08 | 2014-10-17 | 주식회사 케이티 | 서비스 제공을 위한 단말 연동 방법 및 시스템 |
EP2624580A1 (en) | 2012-02-06 | 2013-08-07 | SmarDTV S.A. | A system for receiving and prestenting media content |
EP2624584A1 (en) | 2012-02-06 | 2013-08-07 | SmarDTV S.A. | A system for receiving and presenting conditional access digital streaming content |
FR2986682B1 (fr) * | 2012-02-08 | 2014-02-28 | Bouygues Telecom Sa | Systeme de lecture de contenu numerique et procede de lecture correspondant |
CN103577724B (zh) * | 2012-08-10 | 2017-11-10 | 中兴通讯股份有限公司 | 一种基于iptv第三方应用的版权保护方法及装置 |
US20140081704A1 (en) | 2012-09-15 | 2014-03-20 | Honeywell International Inc. | Decision support system based on energy markets |
KR101441871B1 (ko) * | 2012-10-31 | 2014-09-22 | 에스케이텔레콤 주식회사 | 양방향 iptv 서비스를 수행하기 위한 단말기 및 그 방법 |
US9389850B2 (en) | 2012-11-29 | 2016-07-12 | Honeywell International Inc. | System and approach to manage versioning of field devices in a multi-site enterprise |
US9989937B2 (en) | 2013-07-11 | 2018-06-05 | Honeywell International Inc. | Predicting responses of resources to demand response signals and having comfortable demand responses |
US10346931B2 (en) | 2013-07-11 | 2019-07-09 | Honeywell International Inc. | Arrangement for communicating demand response resource incentives |
US9691076B2 (en) | 2013-07-11 | 2017-06-27 | Honeywell International Inc. | Demand response system having a participation predictor |
US9876991B1 (en) | 2014-02-28 | 2018-01-23 | Concurrent Computer Corporation | Hierarchical key management system for digital rights management and associated methods |
US9665078B2 (en) | 2014-03-25 | 2017-05-30 | Honeywell International Inc. | System for propagating messages for purposes of demand response |
US10541556B2 (en) | 2017-04-27 | 2020-01-21 | Honeywell International Inc. | System and approach to integrate and manage diverse demand response specifications for multi-site enterprises |
US10853474B2 (en) * | 2017-07-31 | 2020-12-01 | Dell Products, L.P. | System shipment lock |
WO2022146511A1 (en) * | 2020-12-28 | 2022-07-07 | Arris Enterprises Llc | Method and system for modular and universal set-top solution for different content delivery methods |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN2867759Y (zh) * | 2006-03-01 | 2007-02-07 | 聪泰科技开发股份有限公司 | 具双天线的影音信号处理器 |
US20070250872A1 (en) * | 2006-03-21 | 2007-10-25 | Robin Dua | Pod module and method thereof |
WO2007120892A2 (en) * | 2006-04-14 | 2007-10-25 | Accesskeyip, Inc. | Secure identification remote and dongle |
WO2008065264A1 (fr) * | 2006-11-07 | 2008-06-05 | Oberthur Technologies | Entite electronique portable et procede de personnalisation d'une telle entite electronique |
US20080263680A1 (en) * | 2006-05-02 | 2008-10-23 | Oberthur Card Systems Sa | Portable Electronic Entity Capable of Receiving Broadcast Multimedia Data Flow |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2378013A (en) * | 2001-07-27 | 2003-01-29 | Hewlett Packard Co | Trusted computer platform audit system |
US20060143600A1 (en) * | 2004-12-29 | 2006-06-29 | Andrew Cottrell | Secure firmware update |
US20080120668A1 (en) * | 2006-11-18 | 2008-05-22 | Frank Chuen-Foo Yau | Integrated IPTV display set and methods |
KR101314608B1 (ko) * | 2007-01-05 | 2013-10-07 | 엘지전자 주식회사 | Iptv 환경에서의 수신기 및 시청 제한 방법 |
US8588421B2 (en) | 2007-01-26 | 2013-11-19 | Microsoft Corporation | Cryptographic key containers on a USB token |
US8423778B2 (en) * | 2007-11-21 | 2013-04-16 | University Of North Texas | Apparatus and method for transmitting secure and/or copyrighted digital video broadcasting data over internet protocol network |
US8238559B2 (en) | 2008-04-02 | 2012-08-07 | Qwest Communications International Inc. | IPTV follow me content system and method |
US20090316892A1 (en) * | 2008-06-20 | 2009-12-24 | Candelore Brant L | Crypto micro-module using IEEE 1394 for stream descrambling |
-
2009
- 2009-03-20 US US12/407,810 patent/US8321950B2/en active Active
-
2010
- 2010-03-12 EP EP10710711.2A patent/EP2409492B1/en not_active Not-in-force
- 2010-03-12 WO PCT/US2010/027091 patent/WO2010107662A1/en active Application Filing
- 2010-03-12 CN CN201080012680.9A patent/CN102356640B/zh active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN2867759Y (zh) * | 2006-03-01 | 2007-02-07 | 聪泰科技开发股份有限公司 | 具双天线的影音信号处理器 |
US20070250872A1 (en) * | 2006-03-21 | 2007-10-25 | Robin Dua | Pod module and method thereof |
WO2007120892A2 (en) * | 2006-04-14 | 2007-10-25 | Accesskeyip, Inc. | Secure identification remote and dongle |
US20080263680A1 (en) * | 2006-05-02 | 2008-10-23 | Oberthur Card Systems Sa | Portable Electronic Entity Capable of Receiving Broadcast Multimedia Data Flow |
WO2008065264A1 (fr) * | 2006-11-07 | 2008-06-05 | Oberthur Technologies | Entite electronique portable et procede de personnalisation d'une telle entite electronique |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103888787A (zh) * | 2012-12-20 | 2014-06-25 | 中山大学深圳研究院 | Pc平台提供安全的iptv服务 |
Also Published As
Publication number | Publication date |
---|---|
CN102356640B (zh) | 2015-11-25 |
WO2010107662A1 (en) | 2010-09-23 |
US20100239090A1 (en) | 2010-09-23 |
EP2409492A1 (en) | 2012-01-25 |
EP2409492B1 (en) | 2017-05-03 |
US8321950B2 (en) | 2012-11-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102356640B (zh) | 向pc平台递送安全的iptv服务 | |
US7383438B2 (en) | System and method for secure conditional access download and reconfiguration | |
US9438584B2 (en) | Provisioning DRM credentials on a client device using an update server | |
CN100459697C (zh) | 一种iptv系统、加密数字节目的发布、收看方法 | |
US9479825B2 (en) | Terminal based on conditional access technology | |
CN101076109B (zh) | 数字电视双向ca系统和基于该系统的节目订购/取消方法 | |
US8160248B2 (en) | Authenticated mode control | |
EP2273405A1 (en) | Processing recordable content in a stream | |
US20120124612A1 (en) | Video streaming entitlement determined based on the location of the viewer | |
KR100969668B1 (ko) | 디지털 방송용 제한수신장치를 다운로드하는 방법 | |
CA2708924C (en) | Processing recordable content in a stream | |
US20140337927A1 (en) | Authorization of media content transfer between home media server and client device | |
CN103024474A (zh) | 广播电视内容安全接收与分发的系统、方法及网关设备 | |
CN101742249B (zh) | 一种可信双向网络数字电视系统的实现方法 | |
CN101895393A (zh) | Iptv用户安全终端 | |
KR101256558B1 (ko) | 컨텐츠 송·수신 방법 | |
Díaz-Sánchez et al. | Extended DLNA protocol: Sharing protected pay TV contents | |
CN101505402B (zh) | 单向网络数字电视条件接收系统终端解密模块的认证方法 | |
CN103747300A (zh) | 一种支持移动终端的条件接收系统 | |
KR102286784B1 (ko) | Uhd 방송 콘텐츠 보안 시스템 | |
CN103888787A (zh) | Pc平台提供安全的iptv服务 | |
KR20110028784A (ko) | 디지털 컨텐츠 처리 방법 및 시스템 | |
KR101383378B1 (ko) | 다운로드 수신제한 시스템을 이용한 모바일 iptv 서비스 시스템 및 그 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: The Middlesex County Patentee after: Xina Media Co.,Ltd. Address before: The Middlesex County Patentee before: Enders GmbH |
|
CP01 | Change in the name or title of a patent holder | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190104 Address after: The Middlesex County Patentee after: Enders GmbH Address before: California, USA Patentee before: Cisco Technology, Inc. |
|
TR01 | Transfer of patent right |