CN103546767A - Content protection method and system of multimedia service - Google Patents

Content protection method and system of multimedia service Download PDF

Info

Publication number
CN103546767A
CN103546767A CN201210246709.0A CN201210246709A CN103546767A CN 103546767 A CN103546767 A CN 103546767A CN 201210246709 A CN201210246709 A CN 201210246709A CN 103546767 A CN103546767 A CN 103546767A
Authority
CN
China
Prior art keywords
terminal
key
terminal use
server
cek
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210246709.0A
Other languages
Chinese (zh)
Other versions
CN103546767B (en
Inventor
罗世新
郭宝安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201210246709.0A priority Critical patent/CN103546767B/en
Publication of CN103546767A publication Critical patent/CN103546767A/en
Application granted granted Critical
Publication of CN103546767B publication Critical patent/CN103546767B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention provides a content protection method and system of multimedia service. Aiming to protection requirements of video and audio streams when the program content of the multimedia service is transmitted in the network, four-layered key systems of an identity key TIK, a private key or domain key PK/DK, a service key SK and control words CW are arranged on the real-time program streams, three-layered key systems of an identity key TIK, and a private key or domain key PK/DK and a private key or domain key PK/DK are arranged on non-real-time program streams. Application security problems can be solved through authorization and management control of real-time stream four-layered keys and non-real-time three-layered keys of the multimedia service; the method adopts a cryptographic algorithm with national intellectual property rights, an identification mechanism is introduced, and the method is flexible and reliable and easy to prompt and implement.

Description

The content protecting method of multimedia service and system
Technical field
The present invention relates to multimedia technology field, relate in particular to a kind of content protecting method and system of multimedia service.
Background technology
Mobile TV, refers to take that the portable handheld terminals such as mobile phone are as equipment, propagates technology or the application of audio-visual content.At present, the implementation of mobile phone TV services mainly contains two kinds: the first is communication mode, utilizes mobile communication technology, by wireless communication networks, to mobile phone is point-to-point, provides multimedia service; The second is broadcast mode, utilizes digital broadcast television technology, by ground or satellite broadcasting television nerve of a covering to the point-to-area broadcast TV program that provides of mobile phone, PDA, MP3, MP4, digital camera, notebook computer and the Miniature Receive Terminal on car and boat.
At present, the multimedia services such as mobile phone TV services receive the concern of many mobile operator, broadcasting and TV company, carry out one after another the test of various bearing technologies, and mobile TV commercial business appears at all over the world.The bearing technology variation of mobile phone TV services, and regional feature is obvious, is difficult to form unified mobile TV standard.The operator of different geographical or country variant tends to use the mobile TV standard developing based on this area, this national digital television standard when disposing mobile phone TV services.
The media content of mobile TV is the Digital Media after digitized processing, be easy to storage, lossless copy and propagation, the media file that particularly request program and confession terminal use download, can download easily, storage, batch duplicating, a large amount of piracies of growing thus and nonstandard usage behavior, will cause huge impact to mobile TV industry.Therefore it is very necessary, developing a kind of method that the multimedia service contents such as mobile TV are carried out effectively protecting.
Summary of the invention
Embodiments of the invention provide a kind of content protecting method and system of multimedia service, to realize, the multimedia service contents such as mobile TV are effectively protected.
A content protective system for multimedia service, comprising:
Server unit, for completing the encryption of the programme content of multimedia service, key management and terminal use's empowerment management, and the authentication of realization and terminal interaction information;
Terminal unit, for completing the deciphering of the programme content of multimedia service, key at different levels or authority, realizes the interactive authentication of terminal and server, carries out terminal use's business tine corresponding to authority.
A content protecting method for multimedia service, comprising:
Server completes the encryption of the programme content of multimedia service, key management and terminal use's empowerment management, and the authentication of realization and terminal interaction information;
Terminal completes the deciphering of the programme content of multimedia service, key at different levels or authority, realizes the interactive authentication of terminal and server, carries out terminal use's business tine corresponding to authority.
The technical scheme being provided by the embodiment of the invention described above can be found out; the embodiment of the present invention is by adopting four layers of key code system to live broadcast service; program request or downloading service are adopted to three layers of key code system; and because all cryptographic algorithms itself are all safe; in password use flow process, key information and cipher-text information are all safe; all need to all effectively protection by the information of cryptoguard, thus the safety of the programme content of the multimedia services such as mobile TV effectively guaranteed.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The concrete structure figure of the content protective system of the multimedia service that Fig. 1 provides for the embodiment of the present invention one;
The key architecture figure of the content protective system of the multimedia service that Fig. 2 provides for the embodiment of the present invention one;
The distribution flow figure of the live broadcast service Protective Key in the content protective system of the multimedia service that Fig. 3 provides for the embodiment of the present invention one;
Program request in the content protective system of the multimedia service that Fig. 4 provides for the embodiment of the present invention one or the distribution flow figure of downloading service Protective Key;
Fig. 5 is the process chart of the content protecting method of the multimedia service that proposes of the embodiment of the present invention two.
Embodiment
For ease of the understanding to the embodiment of the present invention, below in conjunction with accompanying drawing, take several specific embodiments and be further explained explanation as example, and each embodiment does not form the restriction to the embodiment of the present invention.
Embodiment mono-
The symbol description that the present invention uses is as follows:
‖: link.As C=A ‖ B, represent the low segment data using B as C, the high segment data using A as C, the bit length of C is the bit length sum of A and B.
E: symmetric cryptographic algorithm SM1(SHANGMI1).
PE: asymmetric cryptographic algorithm SM2(SHANGMI2).
EK: what use SM1 algorithm and key K were carried out adds or decrypt operation.
PEK: encryption or deciphering or signature or the computing of solution signature of using SM2 algorithm and key K to carry out.
H: use SM3(SHANGMI3) the Hash computing that algorithm carries out.
R, r: be random number
P: representative and CW(Control Word, control word key) associated control parameter.
The present invention can be applied to the multimedia services such as mobile phone TV services, and the mobile phone TV services of take below illustrate the embodiment of the present invention as example.
The concrete structure of the content protective system of a kind of multimedia service that this embodiment provides as shown in Figure 1, comprising:
Server unit 11, for completing the encryption of the programme content of the multimedia services such as mobile TV, key management and terminal use's empowerment management, and the authentication of realization and terminal interaction information;
Terminal unit 12; be used for the deciphering of the programme content of multimedia service, key at different levels or authority; realize the interactive authentication of terminal and server, carry out terminal use's business tine corresponding to authority, thereby realize the control to the protection of programme content and consumer behavior.
Described server unit 11 comprises: server key administration module 111, server authorizes administration module 112 and content scrambling module 113.
Described server key administration module 111, for realizing the function such as generation, storage, renewal, granting of key that native system is used.Comprise:
Symmetric key management: PK(Personal Key, personal key) or DK(Domain Key, domain key), SK(Service Key, business cipher key), CEK(Content Encryption Key, contents encryption key), the key such as CW produces, encrypts storage, secure distribution, safety and change etc.
Unsymmetrical key management: realize by card sending system, comprise generation, distribution, renewal or the issue of all ECC public private key pairs of server and terminal in system and relevant parameter etc., and set up and upgrade the black entry record of ECC, the audit of information of terminal user record etc.
The main body key code system that native system adopts as shown in Figure 2, by the mandate of four layers of key of live broadcast service and program request or three layers of key of downloading service and management are controlled to the application safety problem that solves.Described server key administration module 111 also for:
1) live broadcast service is adopted to four layers of key code system:
The 1st layer: the identity key SlK(Service Identity Key of server unit) and terminal use's identity key TIK(TerminaI Identity Key).ECC key is to being respectively SIK prior SIK puband TIK prior TIK pub, the authentication of distributing online and realizing that terminal use registers etc. between application Shi Yu mechanism for the protection of PK or DK.This key is that off-line produces and write card.
The 2nd layer: PK or DK, be respectively used to realize the empowerment management of terminal use or terminal use's group and protect SK to distribute online.
The 3rd layer: SK, provides in real time for realizing control mandate and the protection CW of classify traffic, separate traffic or service groups.
The 4th layer: CW, for realizing the transmission protection of media content, with the regularly online distribution of program stream information.
2) program request or downloading service are adopted to three layers of key code system:
The 1st layer: server unit and terminal use's identity key, ECC key is to being respectively SIK prior SIK puband TIK prior TIK pub, this layer of key and live the 1st layer of ECC key share, and for realizing under interactive application the bidirectional identity authentication between terminal use and server end and protection PK or DK, distribute online.
The 2nd layer: PK or DK, this layer of key and live the 2nd layer of PK or DK key share, and for realizing, terminal use or terminal use organize empowerment management and protection CEK distributes online.
The 3rd layer: CEK, realizes the encryption of on-demand media stream and media content download.
Described server key administration module 111, also for when system initialization or the terminal security module initialization, with offline mode by described terminal use's ECC key to being distributed to terminal;
When terminal use registers, the mode by online or off-line under the protection of described terminal use's ECC public key encryption is distributed to terminal by described terminal use's PK or DK;
When terminal to apply business, under described terminal use's PK or DK encipherment protection, described terminal use's SK is distributed to described terminal;
When the programme content that system broadcasts is encrypted, under described terminal use's SK encipherment protection by described terminal use's CW with being distributed to described terminal by the programme content of scrambling;
When the mandate of terminal to apply non-real-time service, under described terminal use's PK or DK encipherment protection, described terminal use's CEK is distributed to described terminal.
Described server authorizes administration module 112, for realizing terminal user authentication and terminal user authority information management, according to license and the rights of using of terminal use's authority granting terminal user respective program.Comprise:
Rights management: the rights management of live, program request or downloading service is provided, comprises that terminal user authority information produces and safeguards.
Authorization messages produces: authorization messages comprises key and authority information, it and the associated generation of key management, Content Management and terminal user management authorization messages.Native system has two class authority message: RMM(entitlement management message, Right Management Message) and ECM(authorization control message, Entitle Control Message).
Authorization messages (containing key) is encrypted, and comprises RMM encryption equipment and ECM encryption equipment.
Terminal user authentication: as terminal use's access authentication, online registration authentication, at line service application authentication etc., comprise signature or checking, PKI adds or deciphering module.
The distribution of authorization messages right and payment.
Described content scrambling module 113, realizes respectively scrambling and security control to programme televised live and program request or program downloading, and according to specified format encapsulation code stream.Comprise:
Real-time scrambling device: realize the scrambling to programme televised live content flow under the effect of cryptographic algorithm and ciphering key W.
Pre-scrambler: realize the pre-scrambling to request program and download file content flow under cryptographic algorithm, ciphering key EK effect, the content after pre-scrambling deposits program server in.
Described terminal unit 12 comprises: terminal key management 121, authorization terminal administration module 122 and content descrambling module 123.
Described terminal key administration module 121, for the various keys that complete terminal use as the store and management of ECC key, symmetric key and relevant parameter;
Described authorization terminal administration module 122, for completing authorization messages deciphering, authority information maintenance, authority execution, authentication and uploading the processing procedures such as information encryption.Specifically comprise:
Authorization messages deciphering module 1221, for complete the deciphering of terminal use's each layer of key and authority information according to the RMM receiving and ECM, extracts terminal use's rating condition as key, the term of validity, Play Control parameter etc.
Authority information maintenance module 1222, for the authorization messages according to receiving, preservation, renewal, maintenance terminal user's authority information.
Authority Executive Module 1223, the transmission according to key between the authority information control key reception receiving, key use and controller card, reaches the object of controlling program decryption and broadcasting.
Authentication module 1224, realizes signature or the checking computing of interaction data.
Upload information encryption module 1225, complete that interactive information that terminal to server submits to produces and encryption etc.
Described content descrambling module 123, under the control in described key management module 121, adopts the method corresponding with server to complete the descrambling of live, program request and downloads of media programme content.Under the effect of cryptographic algorithm and ciphering key W, realize the descrambling to programme televised live content flow.Under cryptographic algorithm, ciphering key EK effect, realize the descrambling to request program and download file content flow.
Fig. 3 is the distribution flow figure of the live broadcast service Protective Key in said system, and Fig. 4 is program request in said system or the distribution flow figure of downloading service Protective Key.With reference to Fig. 3 and Fig. 4; in the present invention, the principle of key distribution and protection is not only to ensure the confidentiality of key; also will ensure the integrality of key and the reliability in source, all keys of distribution all must guarantee to only have the legal authorization terminal user of authentication to obtain.
In the present invention, all keys are all to adopt successively protected mode distribution; adopt the ways of distribution of upper strata secret key encryption lower floor key; except personal key (PK) and domain key (DK) are that other key under it is all by symmetric cryptographic algorithm SM1 encipherment protection by the protection of ECC algorithm.Meanwhile, each key bundlees rear encryption distribution together with service condition, and terminal use is merely able to (use C according to specified rule xrepresent) use key.Specific as follows:
RMM p or D=PE tIKpub(PK or DK ‖ C p or D) ‖ PE sIKpri(H (PK or DK ‖ C p or D))
RMM s=E pK or DK(SK ‖ C s) ‖ H (SK ‖ C s)
RMM c=E pK or DK(CEK ‖ C c) ‖ H (CEK ‖ C c)
ECM=E SK(CW‖P)‖H(CW‖P)
The distribution of each key is that substep completes.Wherein, ECC key is to completing distribution with offline mode when system initialization or the terminal security module initialization; Personal key PK or domain key DK are terminal uses while registering, and the mode by online or off-line under the protection of terminal use's ECC public key encryption is distributed to terminal use; Business cipher key SK adopts PK or DK encipherment protection, is when terminal use applies for business, to be distributed to terminal; CW employing SK encrypts, and when the programme content of system broadcasts encryption, with stream, distributes in real time; CEK adopts PK or DK encipherment protection, is distributed to online designated terminal when terminal use applies for non-real-time service mandate.
Except transmission Control Word is with being distributed by the programme content of scrambling, other key is to be all independent of programme content distribution.
While there is a plurality of similar key in system, in cipher key distribution message, to specify key identifier KID simultaneously, and in programme content, also will comprise for encrypting the key identifier KID of this content.
In the present invention, when terminal use holds the application for registration of end-user's mind Ka Xiang operator, because the initialization of system is safe and reliable, operator and terminal use have obtained the other side's PKI credibly before being stuck in and registering, both sides all sign to information mutual in registration process, therefore assailant cannot, by replacing or distort these information, still can succeed in registration both sides in the situation that receiving spurious information.Once terminal use succeeds in registration, just possessed distribution RMM p or Dit is the condition of personal key PK and domain key DK.
With reference to Fig. 3 and Fig. 4, in the present invention, server key administration module produces personal key PK and domain key DK, and is kept in storage medium.Server unit calculates RMM p or d=PE tIKpub(PK or DK ‖ C p or D) ‖ PE sIKpri(H (PK or DK ‖ C p or D)), by RMM p or Dwith Entitlement Management Message RMM through the multiplexing terminal that sends to.Through demultiplexing, terminal key administration module calculates (PK or DK ‖ C p or D) '=PE tIKpri(PE tIKpub(PK or DK ‖ C p or D)), and verify RMM p or Dvalidity (calculate PE sIKpub(PE sIKpri(H (PK or DK ‖ C p or D))), and with the H calculating ((PK or DK ‖ C p or D) ') value relatively, equal think (PK or the DK) deciphering '==PK or DK), terminal key administration module is only accepted legal PK or DK and C p or d, and be stored in the safety zone of terminal key administration module.
With reference to Fig. 3, in the present invention, server key administration module produces business cipher key SK, and is kept in storage medium.Server unit calculates RMM s=E pK or DK(SK ‖ C s) ‖ H (SK ‖ C s), by RMM swith Entitlement Management Message through the multiplexing terminal that sends to.Through demultiplexing, terminal key administration module calculates (SK ‖ C s) '=E pK or DK(E pK or DK(SK ‖ C s)), and verify SK ‖ C sintegrality (calculate h ((SK ‖ C s) '), and with h (the SK ‖ C receiving s) value relatively, equal think the SK '==SK of deciphering), terminal key is managed and is only accepted legal SK and C s, and be stored in the safety zone of terminal key administration module.
With reference to Fig. 3, in the present invention, server key administration module produces Control Word and calculates ECM=E sK(CW ‖ P) ‖ H (CW ‖ P), sends to terminal by ECM with the programme content of scrambling.Terminal key administration module calculates (CW ‖ P) '=E sK(E sK(CW ‖ P)), and verify the integrality (calculate h ((CW ‖ P) ') of CW ‖ P, and compare with h (the CW ‖ P) value receiving, equal think deciphering CW '==CW), terminal key administration module is only accepted legal Control Word, and CW and P are outputed to descrambling module for content descrambling.
With reference to Fig. 4, in the present invention, server key administration module produces contents encryption key CEK and calculates RMM c=E pK or DK(CEK ‖ C c) ‖ H (CEK ‖ C c), by RMM cwith Entitlement Management Message, send to terminal.Through demultiplexing, terminal key administration module calculates (CEK ‖ C c) '=EP k or DK(E pK or DK(CEK ‖ C c)), and verify that the integrality of CW ‖ P (calculates h (CEK ‖ C c) '), and with h (the CW ‖ P) value receiving relatively, equal think the CEK '==CEK deciphering), terminal key administration module is only accepted legal contents encryption key CEK, and by CEK and C coutput to descrambling module for content descrambling.
With reference to Fig. 3 and Fig. 4, in the present invention, server scrambling operation is video-voice frequency flow to be carried out to scrambling, the video-voice frequency flow after formation scrambling with symmetric cryptographic algorithm and Control Word or contents encryption key CEK; Terminal descrambling operation is that the video-voice frequency flow after to scrambling carries out descrambling, the plaintext video-voice frequency flow that formation can be watched with symmetric cryptographic algorithm and the Control Word that decrypts or contents encryption key CEK.The assailant only audio/video flow after obtaining under the prerequisite of Control Word or contents encryption key CEK, could utilizing symmetric cryptographic algorithm to scrambling carries out descrambling.
In the present invention, the symmetric encipherment algorithm of employing, rivest, shamir, adelman and hash cryptographic algorithm are domestic algorithm, and the fail safe that national authorities tissue has been passed through in its fail safe detects, and is safe and reliable.
In the present invention, when distribution PK or DK, server calculates Message Authentication Code H(PK or the DK of PK or DK) and utilize privacy key SIK pritherefore sign, through end-user's mind card, verified signature and H(PK or DK) effectively PK or DK ciphertext be all believable, the PK decrypting or DK are believable.
In the present invention, when distribution SK, server calculates the Message Authentication Code H(SK of SK), because PK or DK and SK maintain secrecy, and PK or DK are believable, assailant cannot pretend to be server unit to calculate H(SK), therefore through terminal use, block checking H(SK) effectively SK ciphertext be all believable, the SK decrypting is believable.
In the present invention, when distribution CW, server calculates the Message Authentication Code H(CW of CW), because PK or DK, SK and CW maintain secrecy, and SK is believable, assailant cannot pretend to be server unit to calculate H(CW), therefore through terminal use, block checking H(CW) effectively CW ciphertext be all believable, the CW decrypting is believable.
In the present invention, when distribution CEK, server calculates the Message Authentication Code H(CEK of CEK), because PK or DK and CEK maintain secrecy, and PK or DK are believable, assailant cannot pretend to be server unit to calculate H(CEK), therefore through terminal use, block checking H(CEK) effectively CEK ciphertext be all believable, the CEK decrypting is believable.
Embodiment bis-
The handling process of the content protecting method of the multimedia service that the present invention proposes as described in Figure 5, comprises the following steps:
Password flow process and the agreement of step 51, system initialization and terminal use's registration.
I) system initialization
Determine the cryptographic algorithm that system is used: E, PE and H.
Server unit produces ECC key pair, determines the sign SID(service end identifier of self, Service Identifier) and elliptic curve parameter and basic point P thereof, and produce the key of server unit based on ECC to (SIK pub, SIK pri).
TSM(terminal security module, as smart card, Terminal Safety Module) initialization
For each TSM produces and distributes unique TID(terminal identifier, Terminal Identifier);
In TSM, write SID, TID and SIK pub;
The key of terminal use based on ECC is to being (TIK pub, TIK pri), and by TIK pubcharge to system database;
Operator distributes TSM to terminal use, comprises SM2, SM1, SM3 scheduling algorithm in TSM, and TIK pri, TIK pub, SIK pub, SID and TID.
Mobile terminal initialization
The mobile terminals such as mobile phone that server is terminal use add carrier aircraft cartoon letters and media add the block cipher SM1 that descrambling is used;
Server unit produces TSK(terminal security key at random, Terminal Safety Key), and be written in the descrambling module of mobile terminal.
II) terminal use's registration
Password flow process and the agreement of terminal use's registration are as follows:
Terminal use holds TSM and mobile terminal is registered to operator's off-line or online application, and explanation is individual's registration or packet registration.
Server unit is that TSM produces TM(terminal user management information, Terminal Management) and random number r, SIK used prito TM signature, and TM and signature thereof are write to TSM.That is:
TM‖r‖PE SIKpri(TM‖r)
TSM is with SIK pubthe validity of checking operator to TM signature, as invalid registration of signing unsuccessfully finish, as the effectively TSM that signs returns to TID ‖ TM and uses TIK to server unit prisignature to TID ‖ TM, that is:
TID‖TM‖r‖PE TIKpri(TID‖TM‖r)
Server unit extracts TIK from database according to TID pubthe validity of checking TSM to TID ‖ TM signature, as invalid registration of signing unsuccessfully finish, as signed, effectively TID ‖ TM and TSM is recorded into database to the signature of TID ‖ TM.
Server unit is connected key, Terminal Link Key to TSM with terminal distribution TLK(machine cartoon letters).?
PE TIKpub(TLK‖r)‖PE SIKpri(PE TIKpub(TLK‖r))
With
E TSK(TLK‖r)‖H(TLK‖r)
Step 52, distribution RMM p or Dpassword flow process and agreement.
Terminal use PK or DK authorization messages are at RMM p or Din distribution, concrete password flow process and agreement are as follows:
Operator organizes the generation authority information C associated with PK or DK for designated terminal user or terminal use p or D, this C p or Dcomprise PK or the DK key term of validity, the available type of service of server, key service regeulations etc.
Produce RMM p or D(entitlement management message, Right Management Message)
RMM p or D=PE tIKpub(PK or DK ‖ C p or D) ‖ PE sIKpri(H (PK or DK ‖ C p or D))
As PK or DK ‖ C p or Dwhen data are greater than 256bit, can use digital envelope to produce RMM p or D:
RMM p or D=EK(PK or DK ‖ C p or D) ‖ PETIK pub(K) ‖ PESIK pri(H (K ‖ C p or D))
By RMM p or Dsend to terminal use's mobile terminal.
Mobile terminal receives RMM p or D, deciphering PK or DK.Terminal receives RMM p or Dafter, use private key TIK prideciphering RMM p or D, obtain PK or DK and C p or Dexpressly, and utilize the PKI SIK of ECC signature verification module and server unit pubchecking RMM p or Dvalidity, if effectively retain PK or DK and C p or D, the invalid data decryption of abandoning.
Step 53, distribution RMM spassword flow process and the agreement of (entitlement management message, Right Management Message) and ECM.
When terminal use has applied for after live broadcast stream media mandate, password flow process and the agreement of authorization messages distribution are as follows:
I) the business cipher key SK of issue and reception programme televised live
Server by utilizing SK generation module produces SK at random, and produces authority information C s, this CS comprises the authority information of programme televised live, as the program term of validity, broadcasting condition, service regeulations etc.
PK(or DK for server unit) to SK and C sbe encrypted, obtain the entitlement message RMM of SK s:
RMM s=E pK or DK(SK ‖ C s) ‖ H (SK ‖ C s)
By RMM swith the authorization of appointment, send to the mobile terminal of appointment.
Used for mobile terminal PK or DK deciphering RMM sobtain SK ‖ C s, calculate H(SK ‖ C s), and with the H(SK ‖ C receiving s) value relatively, equal accept SK, otherwise refuse to accept SK.
If when a terminal use has applied for N kind business and has had the rating right of this N item business, can:
RMM s=E pK or DK(SK 0‖ SK 1‖ ... SK n-1‖ C s) ‖ H (SK 0‖ SK 1‖ ... SK n- 1‖ C s)
II) ECM of programme televised live is received in issue and reception
Server by utilizing CW generation module produces CW at random, and produces the control parameter P that uses this CW.
With SK, CW is encrypted and is calculated HASH, obtain ECM:
ECM=E SK(CW‖P)‖H(CW‖P)
ECM is sent to mobile terminal with program stream.
Used for mobile terminal terminal use's SK decrypts CW, calculates H(CW ‖ P) and with ECM in HASH value relatively, equal accept CW, otherwise refuse to accept CW.
When broadcast items content, terminal is deferred to P and C s, under authority management module is controlled, with CW and SM1, broadcast program stream cipher is deciphered.
Step 54, terminal use apply for password flow process and the agreement of program request or downloading service mandate RMMc.
Password flow process and agreement when terminal use applies for demand (telecommunication) service and downloading service mandate are as follows:
I) terminal use's mobile terminal sends REQ by interactive channel t(interactive service authorization requests, Request)
REQ t=E pK or DK(TID ‖ CID ‖ W ‖ r) ‖ PE tIKpri(H (TID ‖ CID ‖ W ‖ r))
CID: program identification information, as channel, programm name, program ID or KID etc.
W: the relevant informations such as consumption demand of application business.
Server receives REQ tand certifying signature
Server receives REQ t, first with this terminal use's PK or DK, decipher, then use terminal use's identity key PKI TIK pubthe validity of certifying signature, calculates PE tIKpub(H(TID ‖ CID ‖ W ‖ r)).As the invalid authentication failure message of refusing to authorize and feed back of signing; As sign effectively, then by authoring system, check terminal use's authority, if meet, authorize and require to continue, otherwise feedback authorization failure information.
II) server sends program request or downloads RES s(file authorizing message, Response)
RES s=RMM c=E pK or DK(CEK ‖ CC ‖ r) ‖ H (CEK ‖ CC ‖ r)
CC: the application program authority information of authorizing, as the term of validity, broadcasting condition, service regeulations etc.Wherein service regeulations have been stipulated terminal use's broadcasting condition.
III) mobile terminal receives program request or download file by broadcast or interactive channel
Used for mobile terminal terminal use's PK or DK decrypt CEK ‖ CC ‖ r, calculate H, and and RES sin H value relatively, relatively r value, all equates to accept CEK, otherwise refuses to accept CEK.Then, terminal, according to authority information CC, is decrypted program request or download file with CEK.
If when a terminal use has applied for N kind interactive service and has had the rating right of this N item business, CEK that can a plurality of programs of disposable distribution, above-mentioned CEK can replace with:
CEK=CEK 1‖CEK 2…‖CEK N
If same program has N terminal use's application, (the rating authority of supposing this N terminal use is the same to need that same CEK is distributed to several terminal uses.):
RMM c=E PK1(CEK‖CC‖r)‖E PK2(CEK‖CC‖r)‖
…E PKN(CEK‖CC‖r))‖H(CEK‖CC‖r)
Step 55, terminal use initiate password flow process and the agreement of authorization requests.
Another kind of situation is that terminal use fails correctly to receive when cipher key broadcasting, but terminal use can initiatively specify application PK, DK or SK to system, and they specify in KID and CID.
I) terminal use's mobile terminal sends key application
Terminal use's mobile terminal is authentication management system transmission key and the right request to server unit by backward channel:
REQT=PESIKpub(TID‖CID‖W‖r)‖PETIKpri(H(TID‖CID‖W‖r))
Or
REQT=EK(TID‖CID‖W‖r)‖PESIKpub(K)
‖PETIKpri(H(TID‖CID‖W‖r))
Wherein K and r are random number.
II) server carries out signature verification and scope check to terminal use.
III) for meeting terminal use's distribution rights of authority
According to CID identification terminal user application, do following distribution:
PK or DK distribution:
RESS=RMMP or D=PETIKpub (PK or DK ‖ CP or G ‖ r) ‖ PESIKpri (H (PK or DK ‖ CP or D ‖ r))
Or
RESS=RMMP or D=EKPK or DK ‖ CP or D ‖ r) ‖ PETIKpub1 (K) ‖ PESIKpri (H (K ‖ CP or G ‖ r))
SK distribution protocol:
RESS=EPK or DK (SK ‖ CS ‖ r) ‖ H (SK ‖ CS ‖ r)
After the correct identification terminal user of system, the key of applying for to terminal use's distribution.
Step 56, server are initiated password flow process and the agreement of right distribution.
Under direct-seeding, terminal use can correctly not accept (as terminal use does not start shooting) when system broadcasts key, or correctly not receiving under some broadcast mode, server can initiatively be distributed designated terminal user's PK, DK, SK or CEK key by point-to-point mode, and they are specified by KID.Agreement is as follows:
I) server unit sends PK or DK distribution command to terminal use's mobile terminal transmission right distribution prompt command COMS authentication management system to designated terminal user:
COMS=PETIKpub(SID ‖ r ‖ KIDPK or DK) ‖ PESIKpri(H(SID ‖ r ‖ KIDPK or DK))
Authentication management system sends SK or CEK distribution command to designated terminal user:
COMS=EPK or DK(SID ‖ r ‖ KIDSK or CEK) ‖ PESIKpri(H(SID ‖ r ‖ KIDSK or CEK)) key identification of KIDPK or DK:PK or DK.
The key identification of KIDSK or CEK:SK or CEK.
II) terminal use's end is recognized system identity and and transmission response REST
Terminal use's mobile terminal receives COMS.The identity of deciphering verification system.As signed, effective or invalidly accept or abandon, feedback authentication success or failure information.
PK or DK distribution command are confirmed:
REST=PESIKpub(TID‖r‖F)‖PETIKpri(H(TID‖r‖F))
SK or CEK distribution command are confirmed:
REST=EPK or DK(TID ‖ r ‖ F) ‖ PETIKpri(H(TID ‖ r ‖ F))
F: authentication success or the sign such as unsuccessfully.
R: the random number that receiving system is sent.
III) server is to terminal use's mobile terminal distribution rights
Server is basic identical to cipher protocol and aforementioned " right distribution " part of terminal use's mobile terminal distribution rights, that is:
RMMP or D=PETIKpub (PK or DK ‖ CP or G ‖ r) ‖ PESIKpri (H (PK or DK ‖ CP or D ‖ r))
Or
RMMP or D=EK(PK or DK ‖ CP or G ‖ r) ‖ PETIKpub (K) ‖ PESIKpri (H (K ‖ CP or D ‖ r))
RMMS=EPK or DK (SK ‖ CS ‖ r) ‖ H (SK ‖ CS ‖ r)
RMMc=EPK or DK (CEK ‖ CC ‖ r) ‖ H (CEK ‖ CC ‖ r)
In sum; the embodiment of the present invention is by adopting four layers of key code system to live broadcast service; program request or downloading service are adopted to three layers of key code system; and because all cryptographic algorithms itself are all safe; in password use flow process, key information and cipher-text information are all safe, all need to all effectively protection by the information of cryptoguard.In the multimedia service flow processs such as whole mobile TV (transmission from system initialization to scrambled program and watch), assailant both cannot obtain secret information surreptitiously to see program, also cannot cheat end-user's mind card with the cipher key related information of forging or programme information, thereby effectively guaranteed the safety of the programme content of the multimedia services such as mobile TV, maintain media content or television program designing person, provider, operator, service provider and legal terminal user's thereof interests, improve media content producer's enthusiasm, produce quality higher, abundanter program, guarantee continuing of the multimedia services such as mobile TV, develop in a healthy way.
In embodiments of the present invention, ciphering key W, SK, PK or DK that system adopts can upgrade according to certain cycle and strategy as required, to improve the fail safe of system.Terminal use's TIK upgrades and is about 2 years interval time.Terminal use's personal key PK or domain key DK with the existence of terminal use or territory terminal use's rating authority effectively, in right continuing phase its to upgrade interval time be 1-2.The renewal of programme televised live business cipher key SK can be the term of validity of one day decision SK of Huo Yi Ge Yue,You operator.Renewal interval interval time of Control Word is made by oneself by server unit, generally can be 30-90 second.And CEK is consistent with the file term of validity of claim, generally do not need to upgrade, with the term of validity of encrypted file, exist.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, to come the hardware that instruction is relevant to complete by computer program, described program can be stored in a computer read/write memory medium, this program, when carrying out, can comprise as the flow process of the embodiment of above-mentioned each side method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc.
The above; be only the present invention's embodiment preferably, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (14)

1. a content protective system for multimedia service, is characterized in that, comprising:
Server unit, for completing the encryption of the programme content of multimedia service, key management and terminal use's empowerment management, and the authentication of realization and terminal interaction information;
Terminal unit, for completing the deciphering of the programme content of multimedia service, key at different levels or authority, realizes the interactive authentication of terminal and server, carries out terminal use's business tine corresponding to authority.
2. the content protective system of multimedia service according to claim 1, is characterized in that, described server unit comprises:
Server key administration module, for realizing generation, storage, renewal and the granting of key that native system is used, described key comprises symmetric key and unsymmetrical key, described symmetric key comprises: personal key PK or domain key DK, business cipher key SK, control word ciphering key W and contents encryption key CEK, and described unsymmetrical key comprises: the error checking of server and terminal and correction ECC public private key pair and relevant parameter;
Server authorizes administration module, for realizing terminal user authentication and terminal use's managing authority information, according to license and the rights of using of terminal use's authority granting terminal user respective program, generation and transmitting terminal user's authorization messages, described terminal user authentication comprises: terminal use's access authentication, online registration authentication, at line service application authentication, and described terminal use's authority comprises: to terminal use, provide live, the authority of program request or the authority of terminal use's downloading service;
Content scrambling module, for realizing the scrambling of programme televised live, program request or program downloading and security control, and according to specified format encapsulation program stream.
3. the content protective system of multimedia service according to claim 2, is characterized in that:
Described server key administration module, also for live broadcast service being adopted to four layers of following key management system:
The 1st layer: the identity key SIK of server and terminal use's identity key TIK, distribute online and realize the authentication between terminal use and server end for the protection of PK or DK;
The 2nd layer: PK or DK, wherein PK distributes with protection terminal use's SK online for realizing terminal use's empowerment management, and DK is for realizing the empowerment management of terminal use's group and protecting the SK of terminal use's group to distribute online;
The 3rd layer: SK, provides in real time for realizing control mandate and the protection CW of classify traffic, separate traffic or service groups;
The 4th layer: CW, for realizing the transmission protection of media content, with the regularly online distribution of program stream information;
Program request or downloading service are adopted to three layers of following key code system:
The 1st layer: the identity key SIK of server and terminal use's identity key TIK, distribute online and realize the authentication between terminal use and server end for the protection of PK or DK;
The 2nd layer: PK or DK, wherein PK distributes with protection terminal use's contents encryption key CEK online for realizing terminal use's empowerment management, and DK is for realizing the empowerment management of terminal use's group and protecting the CEK of terminal use's group to distribute online;
The 3rd layer: CEK, for realizing the encryption of on-demand media stream and media content download.
4. the content protective system of multimedia service according to claim 3, is characterized in that:
Described server key administration module, also for when system initialization or the terminal security module initialization, with offline mode by described terminal use's ECC key to being distributed to terminal;
When terminal use registers, the mode by online or off-line under the protection of described terminal use's ECC public key encryption is distributed to terminal by described terminal use's PK or DK;
When terminal to apply business, under described terminal use's PK or DK encipherment protection, described terminal use's SK is distributed to described terminal;
When the programme content that system broadcasts is encrypted, under described terminal use's SK encipherment protection by described terminal use's CW with being distributed to described terminal by the programme content of scrambling;
When the mandate of terminal to apply non-real-time service, under described terminal use's PK or DK encipherment protection, described terminal use's CEK is distributed to described terminal.
5. the content protective system of multimedia service according to claim 2, is characterized in that, described content scrambling module comprises:
Real-time scrambling device, for realizing the scrambling to programme televised live under the effect at cryptographic algorithm and CW;
Pre-scrambler, for realize the pre-scrambling to request program and program downloading under cryptographic algorithm, CEK effect, the programme content after pre-scrambling deposits program server in.
6. according to the content protective system of the multimedia service described in claim 1 to 5 any one, it is characterized in that, described terminal unit comprises:
Terminal key administration module, for completing terminal use's various keys and the store and management of relevant parameter, described key comprises: ECC key, symmetric key;
Authorization terminal administration module, for completing authorization messages deciphering, authority information maintenance, authority execution, authentication and uploading information encryption and process;
Content descrambling module, under the control at described terminal key administration module, authorization terminal administration module, adopts with the programme content scrambling of server and processes the scramble process that corresponding method completes live, program request or downloads of media programme content.
7. the content protective system of multimedia service according to claim 6, is characterized in that, described authorization terminal administration module comprises:
Authorization messages deciphering module, for complete the deciphering of terminal use's each layer of key and authority information according to the entitlement management messages receiving and authorization control message, extract terminal use's rating conditional information, this rating conditional information comprises key, the term of validity, Play Control parameter;
Authority information maintenance module, the authorization messages receiving for basis, preservation, renewal, maintenance terminal user's authority information;
Authority Executive Module, for according to the transmission of key between the authority information control key reception receiving, key use and controller card, reaches the object of controlling program decryption and broadcasting;
Authentication module, for realizing signature or the checking computing of interaction data between terminal and server;
Upload information encryption module, interactive information generation and the encryption for completing terminal to server, submitted to.
8. a content protecting method for multimedia service, is characterized in that, comprising:
Server completes the encryption of the programme content of multimedia service, key management and terminal use's empowerment management, and the authentication of realization and terminal interaction information;
Terminal completes the deciphering of the programme content of multimedia service, key at different levels or authority, realizes the interactive authentication of terminal and server, carries out terminal use's business tine corresponding to authority.
9. the content protecting method of multimedia service according to claim 8, is characterized in that, described method also comprises:
Described server adopts four layers of following key management system to live broadcast service:
The 1st layer: the identity key SIK of server and terminal use's identity key TIK, distribute online and realize the authentication between terminal use and server end for the protection of PK or DK;
The 2nd layer: PK or DK, wherein PK distributes with protection terminal use's SK online for realizing terminal use's empowerment management, and DK is for realizing the empowerment management of terminal use's group and protecting the SK of terminal use's group to distribute online;
The 3rd layer: SK, provides in real time for realizing control mandate and the protection CW of classify traffic, separate traffic or service groups;
The 4th layer: CW, for realizing the transmission protection of media content, with the regularly online distribution of program stream information;
Described server adopts three layers of following key code system to program request or downloading service:
The 1st layer: the identity key SIK of server and terminal use's identity key TIK, distribute online and realize the authentication between terminal use and server end for the protection of PK or DK;
The 2nd layer: PK or DK, wherein PK distributes with protection terminal use's contents encryption key CEK online for realizing terminal use's empowerment management, and DK is for realizing the empowerment management of terminal use's group and protecting the CEK of terminal use's group to distribute online;
The 3rd layer: CEK, for realizing the encryption of on-demand media stream and media content download.
10. the content protecting method of multimedia service according to claim 7, is characterized in that, described method also comprises:
Described server when system initialization or terminal security module initialization, with offline mode by described terminal use's ECC key to being distributed to terminal;
Described server is when terminal use registers, and the mode by online or off-line under the protection of described terminal use's ECC public key encryption is distributed to terminal by described terminal use's PK or DK;
Described server, when terminal to apply business, is distributed to described terminal by described terminal use's SK under described terminal use's PK or DK encipherment protection;
Described server when the programme content that system broadcasts is encrypted, under described terminal use's SK encipherment protection by described terminal use's CW with being distributed to described terminal by the programme content of scrambling;
Described server, when the mandate of terminal to apply non-real-time service, is distributed to described terminal by described terminal use's CEK under described terminal use's PK or DK encipherment protection.
The content protecting method of 11. multimedia services according to claim 10, is characterized in that, described method also comprises:
Described server produces described terminal use's PK or DK and the authority information C associated with PK or DK p or D, by described terminal use's PK or DK and C p or Dpreserve;
Described server produces entitlement management message RMM p or D
RMM p or D=PE tIKpub(PK or DK ‖ C p or D) ‖ PE sIKpri(H (PK or DK ‖ C p or d)), by described RMM p or Dafter encryption, send to terminal use's terminal, described PE is asymmetric cryptographic algorithm SM2, the Hash computing of described H for using SM3 algorithm to carry out, and described ‖ is link;
Described terminal receives described RMM p or Dafter, use terminal use's private key TIK pridecipher described RMM p or D, obtain described PK or DK and C p or Dexpressly, and utilize the PKI SIK of described server pubverify described RMM p or Dvalidity, if RMM described in demonstration validation p or deffectively, preserve PK or DK and C that described deciphering obtains p or D; Otherwise, abandon PK or DK and C that described deciphering obtains p or D.
The content protecting method of 12. multimedia services according to claim 10, is characterized in that, described method also comprises:
The random SK and the authority information C associated with SK that produces described terminal use of described server s, with described terminal use's PK or DK to SK and C sbe encrypted, obtain the entitlement message RMM of SK s:
RMM s=E pK or DK(SK ‖ C s) ‖ H (SK ‖ C s)
Described E represents symmetric cryptographic algorithm SM1;
Described server is by RMM sauthorization with appointment sends to described terminal;
Described terminal receives described RMM safter, with described terminal use's PK or DK deciphering RMM sobtain SK ‖ C s, calculate H(SK ‖ C s), by the H(SK ‖ C calculating s) with deciphering after RMM sin the H(SK ‖ C that comprises s) be worth relatively, if described comparative result is for equal, described terminal is accepted SK and the C that described deciphering obtains s; Otherwise refusal is accepted SK and the C that described deciphering obtains s.
The content protecting method of 13. multimedia services according to claim 10, is characterized in that, described method also comprises:
The random CW that produces described terminal use of described server, and produce the control parameter P that uses this CW, with described terminal use's SK, described terminal use's CW being encrypted and calculating HASH, control message ECM obtains the authorization:
ECM=E SK(CW‖P)‖H(CW‖P)
Described server sends to terminal by described ECM with program stream;
Described terminal receives after described ECM, with the SK of oneself, decipher described ECM, obtain the CW and the P that in the ECM after deciphering, comprise, calculate H(CW ‖ P), by the H(CW ‖ P calculating) with deciphering after ECM in the H(CW ‖ P that comprises) value comparison, if described comparative result is for equating, described terminal is accepted CW and the P that described deciphering obtains; Otherwise refusal is accepted CW and the P that described deciphering obtains.
The content protecting method of 14. multimedia services according to claim 10, is characterized in that, described method also comprises:
Described terminal sends interactive service authorization requests REQ by interactive channel to server t
REQ t=E pK or DK(TID ‖ CID ‖ W ‖ r) ‖ PE tIKpri(H (TID ‖ CID ‖ W ‖ r))
Described CID is program identification information, and described W is the consumption demand information of application business,
Described server receives described REQ tafter, with described terminal use's PK or DK, decipher described REQ t, with described terminal use's identity key PKI TIK pubverify described REQ tthe validity of signature;
Described server is at the described REQ of checking tsignature effectively after, send program request or download file authorization messages RES s
RES s=RMM c=E pK or DK(CEK ‖ CC ‖ r) ‖ H (CEK ‖ CC ‖ r)
Described CC is the application program authority information of authorizing;
Described terminal receives described RES safter, with oneself PK or DK, decipher described RES s, obtain the RES after deciphering sin the CEK ‖ CC ‖ r that comprises, calculate H(CEK ‖ CC ‖ r), by the H(CEK ‖ CC ‖ r calculating) with deciphering after RES sin the H(CEK ‖ CC ‖ r that comprises) value relatively, if described comparative result for equating, described terminal is accepted the CEK that described deciphering obtains, and according to authority information CC, with CEK, program request or download file is decrypted; Otherwise refusal is accepted the CEK that described deciphering obtains.
CN201210246709.0A 2012-07-16 2012-07-16 Content protection method and system of multimedia service Active CN103546767B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210246709.0A CN103546767B (en) 2012-07-16 2012-07-16 Content protection method and system of multimedia service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210246709.0A CN103546767B (en) 2012-07-16 2012-07-16 Content protection method and system of multimedia service

Publications (2)

Publication Number Publication Date
CN103546767A true CN103546767A (en) 2014-01-29
CN103546767B CN103546767B (en) 2017-01-25

Family

ID=49969758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210246709.0A Active CN103546767B (en) 2012-07-16 2012-07-16 Content protection method and system of multimedia service

Country Status (1)

Country Link
CN (1) CN103546767B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735653A (en) * 2015-04-13 2015-06-24 东信和平科技股份有限公司 Wireless communication system and method based on Guomi SM1 algorithm
CN110650196A (en) * 2019-09-25 2020-01-03 北京达佳互联信息技术有限公司 Business processing system, method, electronic device and storage medium
CN112511299A (en) * 2020-12-14 2021-03-16 深圳数字电视国家工程实验室股份有限公司 Interface data transmission method and device, electronic equipment and storage medium
CN113746943A (en) * 2021-11-08 2021-12-03 云丁网络技术(北京)有限公司 Method and device for transmitting data, server and Internet of things system

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549595A (en) * 2003-05-09 2004-11-24 华为技术有限公司 Information transmitting method and apparatus for interactive digital broadcast television system
CN1822165A (en) * 2005-01-24 2006-08-23 汤姆森许可贸易公司 Secure pre-recorded digital medium
CN101076109A (en) * 2007-05-11 2007-11-21 天栢宽带网络科技(上海)有限公司 Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it
CN101409592A (en) * 2008-11-17 2009-04-15 普天信息技术研究院有限公司 Method, system and apparatus for implementing multi-application business based on condition receiving card
CN101505400A (en) * 2009-03-10 2009-08-12 深圳华为通信技术有限公司 Bi-directional set-top box authentication method, system and related equipment
CN101626488A (en) * 2008-07-08 2010-01-13 索尼株式会社 Content distribution system, content reception terminal, content distribution method and processing method performed when viewing streaming contents
CN101790735A (en) * 2007-06-26 2010-07-28 数码基石有限公司 Systems and methods for conditional access and digital rights management
CN101902611A (en) * 2009-06-01 2010-12-01 航天信息股份有限公司 Method for realizing IPTV digital rights management
JP4801515B2 (en) * 2005-11-18 2011-10-26 日本放送協会 Scramble key management device, scramble key management information transmission device, scramble key output management method, scramble key management program, license information management device, license management information transmission device, license information output management method, and license information management program
CN102238422A (en) * 2010-05-07 2011-11-09 航天信息股份有限公司 Digital television broadcasting conditional access system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549595A (en) * 2003-05-09 2004-11-24 华为技术有限公司 Information transmitting method and apparatus for interactive digital broadcast television system
CN1822165A (en) * 2005-01-24 2006-08-23 汤姆森许可贸易公司 Secure pre-recorded digital medium
JP4801515B2 (en) * 2005-11-18 2011-10-26 日本放送協会 Scramble key management device, scramble key management information transmission device, scramble key output management method, scramble key management program, license information management device, license management information transmission device, license information output management method, and license information management program
CN101076109A (en) * 2007-05-11 2007-11-21 天栢宽带网络科技(上海)有限公司 Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it
CN101790735A (en) * 2007-06-26 2010-07-28 数码基石有限公司 Systems and methods for conditional access and digital rights management
CN101626488A (en) * 2008-07-08 2010-01-13 索尼株式会社 Content distribution system, content reception terminal, content distribution method and processing method performed when viewing streaming contents
CN101409592A (en) * 2008-11-17 2009-04-15 普天信息技术研究院有限公司 Method, system and apparatus for implementing multi-application business based on condition receiving card
CN101505400A (en) * 2009-03-10 2009-08-12 深圳华为通信技术有限公司 Bi-directional set-top box authentication method, system and related equipment
CN101902611A (en) * 2009-06-01 2010-12-01 航天信息股份有限公司 Method for realizing IPTV digital rights management
CN102238422A (en) * 2010-05-07 2011-11-09 航天信息股份有限公司 Digital television broadcasting conditional access system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735653A (en) * 2015-04-13 2015-06-24 东信和平科技股份有限公司 Wireless communication system and method based on Guomi SM1 algorithm
CN110650196A (en) * 2019-09-25 2020-01-03 北京达佳互联信息技术有限公司 Business processing system, method, electronic device and storage medium
CN110650196B (en) * 2019-09-25 2022-05-24 北京达佳互联信息技术有限公司 Business processing system, method, electronic device and storage medium
CN112511299A (en) * 2020-12-14 2021-03-16 深圳数字电视国家工程实验室股份有限公司 Interface data transmission method and device, electronic equipment and storage medium
CN112511299B (en) * 2020-12-14 2023-09-15 深圳数字电视国家工程实验室股份有限公司 Interface data transmission method and device, electronic equipment and storage medium
CN113746943A (en) * 2021-11-08 2021-12-03 云丁网络技术(北京)有限公司 Method and device for transmitting data, server and Internet of things system
CN113746943B (en) * 2021-11-08 2022-03-22 云丁网络技术(北京)有限公司 Method and device for transmitting data, server and Internet of things system

Also Published As

Publication number Publication date
CN103546767B (en) 2017-01-25

Similar Documents

Publication Publication Date Title
US8761393B2 (en) Method and apparatus for providing secure internet protocol media services
CN100459697C (en) IPTV system, enciphered digital programme issuing and watching method
CN102802036B (en) System and method for identifying digital television
US9385997B2 (en) Protection of control words employed by conditional access systems
CN101094062B (en) Method for implementing safe distribution and use of digital content by using memory card
CN101019427A (en) System and method for providing authorized access to digital content
US9277259B2 (en) Method and apparatus for providing secure internet protocol media services
CN102724568A (en) Authentication certificates
CN101902611A (en) Method for realizing IPTV digital rights management
CN101061714B (en) System and method for providing authorized access to digital content
CN103748890A (en) Receiver software protection
CN101562520B (en) Method and system for distributing service secret keys
CN102111681A (en) Key system for digital television broadcast condition receiving system
CN106803980B (en) Guard method, hardware security module, master chip and the terminal of encrypted control word
CN102917252B (en) IPTV (internet protocol television) program stream content protection system and method
CN103546767A (en) Content protection method and system of multimedia service
CN101521668B (en) Method for authorizing multimedia broadcasting content
CN101505400B (en) Bi-directional set-top box authentication method, system and related equipment
CN100521771C (en) A conditional reception system merging Internet and cable television network environments
CN101247508B (en) Method for terminal implementing service authorization in conditioned receiving system
CN1997147A (en) A method for content protection of the handset TV service
CN100588244C (en) Method and system for implementing broadcasting network condition receiving
CN101552793B (en) Method for downloading digital multimedia file and program order commission
CN103747300A (en) Conditional access system capable of supporting mobile terminal
CN102238422B (en) Digital television broadcasting conditional access system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant