CN106454435A - Conational access method, related device, and system - Google Patents

Conational access method, related device, and system Download PDF

Info

Publication number
CN106454435A
CN106454435A CN201510483860.XA CN201510483860A CN106454435A CN 106454435 A CN106454435 A CN 106454435A CN 201510483860 A CN201510483860 A CN 201510483860A CN 106454435 A CN106454435 A CN 106454435A
Authority
CN
China
Prior art keywords
key
root key
terminal unit
new
new root
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510483860.XA
Other languages
Chinese (zh)
Other versions
CN106454435B (en
Inventor
党茂昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201510483860.XA priority Critical patent/CN106454435B/en
Publication of CN106454435A publication Critical patent/CN106454435A/en
Application granted granted Critical
Publication of CN106454435B publication Critical patent/CN106454435B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key

Abstract

The invention discloses a conational access method, a related device, and a system. A terminal device is used to generate a new root key according to a root key generating parameter in key update information issued by a television emission center and a set key generating algorithm stored locally in the terminal device, and is used to acquire a descrambling key according to the new root key, and is used to descramble a program issued by the television emission center according to the acquired descrambling key to acquire a program clearing stream. A problem of a prior art that long time is required to update the device key to realize the program descrambling, when a user receives the program by using a conventional CA system is solved, and therefore the receiving efficiency of the CA system is improved, and the application experience of the user is improved.

Description

A kind of condition receiving method and relevant device and system
Technical field
The application is related to digital TV Broadcasting Techniques field, a kind of more particularly, to CA (Conational Access, Condition reception) method and relevant device and system.
Background technology
CA system refers to for controlling user (Subscriber) that broadcast service or program are received System, that is, user can only watch through mandate broadcast service or program.CA system is to realize personalization The key of service, its basic object is in television station's television system, user to be carried out with authorization control and authorizes pipe Reason, thus realize the paid service of Radio Data System.
Specifically, as shown in figure 1, it is the ultimate principle configuration diagram of existing CA system.By Fig. 1 Understand, CA system adopts three layers of encryption method:Adopt Ks (descramble key) right in TV programme sender Program scrambling, and transmit during Ks pass through Kw (working key) encryption transmission, and the transmission of Kw further through Kd (root key) encrypts;In television programme reception side, user decrypts Kw by Kd, then adopts Kw decrypts Ks, finally by Ks, TV programme is descrambled for clear stream.
Wherein, Ks, Kw can by ECM (Entitlement Control Message, Entitlement Control Message), EMM (Entitlement Management Message, Entitlement Management Message) and TV programme stream one rise (specifically, Ks can be sent to user by ECM, and Kw can be sent to use by EMM to give user Family), and Kd does not transmit in the air.Specifically, Kd is only capable of by secure fashion warrant distributing, by secret Close mode updates.As, at terminal unit, Kd typically passes through the special of setting by terminal unit manufacturer Equipment writes in corresponding IC-card it is impossible to dynamic change.
That is, current CA system uses the mode of fixing equipment key, device keyses are (e.g., Kd) it is saved in IC-card, cannot dynamically change, when device keyses (e.g., Kd) are stolen or are cracked When, device keyses (e.g., Kd) can only be completed by way of changing IC-card or changes terminal equipment Updating, thus leading to user when carrying out receiving using corresponding CA system, needing cost longer Time carries out the descrambling updating to realize program of device keyses, reduces the receiving efficiency of CA system, Make Consumer's Experience poor.
Content of the invention
The embodiment of the present application provides a kind of condition receiving method and relevant device and system, existing in order to solve The more low problem of receiving efficiency existing for CA system.
Specifically, the embodiment of the present application provides a kind of condition receiving method, including:
Terminal unit receives the key of the root key generation parameter including setting that transmission of television center issues Fresh information;
Generated according to the key of described root key generation parameter and the local setting preserving of described terminal unit Algorithm generates new root key;
Descramble key is obtained according to described new root key, and according to the descramble key getting to described TV The program stream that launching centre issues is descrambled, and obtains program clear stream.
Correspondingly, the embodiment of the present application additionally provides a kind of terminal unit, including:
Receiver module, for receiving the root key generation parameter including setting that transmission of television center issues Key updating information;
Update module, for setting of locally being preserved according to described root key generation parameter and described terminal unit Fixed key schedule generates new root key;
Descrambling module, for obtaining descramble key according to described new root key, and according to the descrambling getting The program stream that key issues to described transmission of television center descrambles, and obtains program clear stream.
Further, the embodiment of the present application additionally provides a kind of condition receiving system, including transmission of television center And terminal unit, wherein:
Described terminal unit, for receiving the root key life including setting that described transmission of television center issues Become the key updating information of parameter;And locally protected according to described root key generation parameter and described terminal unit The key schedule of the setting deposited generates new root key;And, solution is obtained according to described new root key Disturb key, and solved according to the program stream that the descramble key getting issues to described transmission of television center Disturb, obtain program clear stream.
The application has the beneficial effect that:
The embodiment of the present application provides a kind of condition receiving method and relevant device and system, and terminal unit can root According to the root key generation parameter in the key updating information that transmission of television center issues and described terminal unit The key schedule of the local setting preserving generates new root key, and is obtained according to described new root key Descramble key, and, flow to according to the program that the descramble key getting issues to described transmission of television center Row descrambling, obtains program clear stream, thus solving user when carrying out receiving using existing CA system, Need to spend longer time to carry out the problem updating to realize the descrambling of program of device keyses, improve The receiving efficiency of CA system, improves the application experience of user.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present application, below will be to institute in embodiment description Need the accompanying drawing using to briefly introduce it should be apparent that, drawings in the following description are only the application Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 show the ultimate principle configuration diagram of existing CA system;
Fig. 2 show the schematic flow sheet of the condition receiving method described in the embodiment of the present application one;
Fig. 3 show a kind of possible structural representation of the terminal unit described in the embodiment of the present application two;
Fig. 4 show a kind of possible structural representation of the condition receiving system described in the embodiment of the present application three Figure.
Specific embodiment
In order that the purpose of the application, technical scheme and advantage are clearer, below in conjunction with accompanying drawing to this Shen Please be described in further detail it is clear that described embodiment is only some embodiments of the present application, Rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing The all other embodiment being obtained under the premise of going out creative work, broadly falls into the scope of the application protection.
Embodiment one:
The embodiment of the present application one provides a kind of condition receiving method, as shown in Fig. 2 it is implemented for the application The schematic flow sheet of condition receiving method described in example one, described condition receiving method may include following steps:
Step 201:Terminal unit receives the root key generation ginseng including setting that transmission of television center issues The key updating information of number.
Alternatively, what described terminal unit can receive that transmission of television center issues in the following manner includes The key updating information of the root key generation parameter setting:
Receive the EMM information that described transmission of television center issues;
Original device mark using described terminal unit finds and described terminal from described EMM information The information of equipment itself correlation, and the original root key based on described terminal unit is to finding and described end The information of end equipment itself correlation is decrypted, and obtains including the key of the root key generation parameter of setting more Fresh information.
That is, described key updating information is typically described transmission of television being handed down to centrally through EMM Described terminal unit, the embodiment of the present application does not repeat to this.
Further, described root key generation parameter (i.e. Kd generation parameter can be designated Kr) is typically Security server (is issued to terminal unit as determined to authorize when determining and device keyses need to be updated When the device keyses such as Kd are stolen or are cracked), it is handed down in transmission of television via KMC The heart and then described terminal unit is issued to by transmission of television center.
Alternatively, described root key generation parameter is in security server, KMC, transmission of television Transmittance process between center and terminal unit can be as described below:
Security server determine device keyses need to be updated when, based on set key schedule with And the root key generation parameter setting generates new root key, and will comprise described root key generation parameter and The first key fresh information of described new root key is sent to key pipe by the safe tool for transmitting setting Reason center;
KMC after receiving described first key fresh information, according to described first key more Fresh information updates key database, and will comprise described root key generation parameter but do not comprise described new Second key updating information of root key sends to transmission of television center;
Transmission of television center, after receiving described second key updating information, will comprise described root key life The 3rd key updating information becoming parameter but not comprising described new root key is issued to corresponding terminal and sets Standby, described root key generation parameter is handed down to corresponding terminal unit.
That is, in the transmittance process of root key generation parameter, security server can be using setting The point-to-point root key new accordingly to KMC's transmission of safe tool for transmitting and root key generate ginseng Number, i.e. key transmission is limited between security server and KMC, in case key and key The leakage of generation parameter, improves the safety of device keyses;Wherein, the safe tool for transmitting of described setting Can be generally that KMC provides, the embodiment of the present application does not repeat to this.
Further, it should be noted that security server is when carrying out the generation of new root key, institute The key schedule of the described setting of foundation can be set in advance in by corresponding device fabrication side (i.e. this key schedule operates in the peace of safety precaution to privately owned secret algorithm in described security server On all computer), by this key schedule, can be according to specific root key generation parameter (i.e. Kd Generation parameter, can be designated Kr) generate a new Kd.So, Kd generation parameter can pass in the air Passing, even if being intercepted and captured by third party, due to there is no corresponding key schedule, also cannot generate corresponding Kd is it is ensured that the safety of device keyses.
In addition, it is necessary to explanation, security server when carrying out the generation of new root key, institute's foundation Described setting root key generation parameter (i.e. Kd generation parameter) be usually a M position (bit) random Number (described M is any positive integer), and, this Kd generation parameter generally need to meet following condition:According to This Kd generation parameter well-determined can generate corresponding Kd, generates ginseng including the Kd based on the history generation The Kd of number uniquely generated correspondence generation.
Alternatively, in herein described embodiment, with the random number that Kd generation parameter is one 32 it is Example, security service implement body can come in the following manner based on the key schedule setting and setting Root key generation parameter generates new root key:
According to the shifting algorithm setting, shifting processing is carried out to this 32 random number, obtain Y individual new The random number of 32;For example, this random number ring shift left of 32 8 can be obtained 3 new 32 The random number of position;
The Y obtaining a new random number of 32 is combined with the random number of initial 32, obtains (Y+1) random number of * 32;For example, the random number of 4 32 obtained by merging above-mentioned steps, Obtain the random number of 128 (16Byte);
Based on the matrix algorithm setting, conversion process is carried out to described (Y+1) * 32 random number, obtains To new (Y+1) random number of * 32 and described new (Y+1) obtaining * 32 is random Number is as the new root key generating;
Wherein, described Y is positive integer, and, described setting similar with the key schedule setting Matrix algorithm can be specifically to be set in advance in described security server by corresponding device fabrication side Privately owned secret algorithm, the embodiment of the present application does not repeat to this.
Step 202:Terminal unit locally preserves according to described root key generation parameter and described terminal unit The key schedule of setting generate new root key.
Wherein, described terminal unit is carrying out the life of new root key according to the root key generation parameter getting Cheng Shi, the key schedule of described setting of institute's foundation and security server carry out the generation of new root key When the key schedule that used be same algorithm, and can be generally by related to described terminal unit Device fabrication side is set in advance in the privately owned guarantor in the secure storage section (Trust zone) of described terminal unit Close algorithm, i.e. key schedule does not transmit in the air, but be embedded in terminal unit, to ensure The safety of device keyses.
Alternatively, the process of new root key in herein described embodiment, is generated with security server Similar, terminal unit specifically can be in the following manner taking the random number that Kd generation parameter is one 32 as a example To generate new root key:
According to the shifting algorithm setting, shifting processing is carried out to this 32 random number, obtain Y individual new The random number of 32;For example, this random number ring shift left of 32 8 can be obtained 3 new 32 The random number of position;
The Y obtaining a new random number of 32 is combined with the random number of initial 32, obtains (Y+1) random number of * 32;For example, the random number of 4 32 obtained by merging above-mentioned steps, Obtain the random number of 128 (16Byte);
Based on the matrix algorithm setting, conversion process is carried out to described (Y+1) * 32 random number, obtains To new (Y+1) random number of * 32 and described new (Y+1) obtaining * 32 is random Number is as the new root key generating;
Wherein, described Y is positive integer;And, described setting similar with the key schedule setting Matrix algorithm can be specifically the private being set in advance in described terminal unit by corresponding device fabrication side There is secret algorithm, the embodiment of the present application does not repeat to this.
Step 203:Terminal unit obtains descramble key according to described new root key, and according to getting The program stream that descramble key issues to described transmission of television center descrambles, and obtains program clear stream.
It should be noted that after being updated due to Kd, (work is close to there is the Kw of corresponding corresponding relation to it Key) it is also required to be updated, i.e. KMC is after the renewal receiving security server transmission In addition it is also necessary to generate Kw (Kw after updating) new accordingly using the Kd after this renewal after Kd, And via transmission of television center, this new Kw is sent to terminal unit, and (specifically, transmission of television center can New Kw after encryption obtained by being encrypted using the Kd after this renewal is carried in key updating letter It is sent to terminal unit in breath), thus, correspondingly, descramble key is obtained according to described new root key, May include:
It is decrypted according to the working key after the renewal to encryption for the described new root key, updated Working key afterwards;
Carry according in the ECM that the working key after described renewal issues to described transmission of television center The descramble key of encryption is decrypted, and obtains descramble key.
That is, in herein described embodiment, terminal unit can issue according to transmission of television center Key updating information in root key generation parameter and the local setting preserving of described terminal unit close Key generating algorithm generates new root key, and obtains descramble key according to described new root key, and, Descrambled according to the program stream that the descramble key getting issues to described transmission of television center, saved Mesh clear stream, thus solving user when carrying out receiving using existing CA system, needs cost longer Time carry out the problem to realize the descrambling of program for the renewal of device keyses, improve connecing of CA system Produce effects rate, improve the application experience of user.
Further, it should be noted that due to security server based on set key schedule And after the root key generation parameter setting generates new root key, also can be according to described new root key History be sequentially generated new root key generation number (generation number after updating), and by corresponding terminal equipment Original device mark (original device ID) low N position replace with described new root key generation number, shape (device identification after updating, wherein, for positive integer and its value is usual for described N for the device identification of Cheng Xin Not less than digit shared by root key generation number), and, by described new root key generation number via key pipe Transmission of television center is handed down at reason center, is carried described new root key generation number by transmission of television center It is issued to corresponding terminal unit in key updating information;Thus, in herein described embodiment, Terminal unit after receiving the key updating information that transmission of television center issues, also can wrap by methods described Include following steps:
According to the new root key generation number carrying in described key updating information, described terminal unit is former The low N position of beginning device identification replaces with described new root key generation number, forms new device identification;Wherein, For positive integer and its value is not less than digit shared by root key generation number to described N.
Wherein it is desired to explanation, because the span of root key generation number generally can be 0~255, that is, 8 unitss (bit) generally can be accounted for, thus, the low N position of the original device mark of terminal unit is replaced with Described new root key generation number, forms new device identification, can be embodied as:Terminal unit is former The least-significant byte of beginning device identification replaces with described new root key generation number, forms new device identification.In addition, It should be noted that device identification (the setting after including original device mark and updating of described terminal unit Standby mark) generally can account for 64 unitss (bit), the embodiment of the present application does not repeat to this.
Correspondingly, as shown in the above, described root key generation parameter is in security server, key pipe Transmittance process between reason center, transmission of television center and terminal unit specifically also can be as described below:
Security server determine device keyses need to be updated when, based on set key schedule with And the root key generation parameter setting generates new root key, and the history order according to described new root key Generate new root key generation number, and the low N position of the original device mark of corresponding terminal equipment is replaced with institute State new root key generation number, form new device identification, and, will comprise described root key generation parameter, Described new root key, the first key fresh information of described new root key generation number pass through the safety setting Tool for transmitting is sent to KMC;
KMC after receiving described first key fresh information, according to described first key more Fresh information updates key database, and will comprise described root key generation parameter and described new root key Generation number but the second key updating information of not comprising described new root key send to transmission of television The heart;
Transmission of television center, after receiving described second key updating information, will comprise described root key life Become parameter and described new root key generation number but do not comprise the 3rd key of described new root key more Fresh information is issued to corresponding terminal unit.
For example, root key generation parameter is in security server, key management taking an instantiation as a example Transmittance process between the heart, transmission of television center and terminal unit specifically can be as described below:
User is issued to once authorizing due to Kd, user needs to ensure that it is not leaked, if Kd lets out accidentally Leak or (this situation generally cannot avoid) is stolen by hacker, then corresponding device fabrication can be by corresponding Security server generates new Kd fresh information, including:{ (root key generates for the generation number after renewal, Kr Parameter), update after root key Kd, update after device id, and above-mentioned Kd fresh information is passed through Safe tool for transmitting is sent to KMC (i.e. RMP center);RMP center is by above-mentioned Kd more The data base of fresh information typing unified management, and removing all information after Kd, including { after renewal Generation number, Kr, the device id after renewal } issue each transmission of television center, will be connect by transmission of television center The data base of the corresponding information typing unified management receiving, and after setting duration (as two days), pass through { generation number after renewal, Kr } is handed down to the terminal unit of user by EMM information;Terminal unit is receiving To after corresponding information, can be parsed by original device ID and original Kd and decipher EMM information, obtain phase The Kd fresh information { generation number after renewal, Kr } answered, and according to the Kd fresh information obtaining { after renewal Generation number, Kr, start end side Kd more new technological process, realize the renewal of device keyses.
It should be noted that due to Kd update after, to its exist the Kw of corresponding corresponding relation be also required to into Row updates, thus, KMC, after the Kd after the renewal receiving security server transmission, goes back Need to generate new accordingly Kw (Kw after updating) using this Kd, and this new Kw and more Generation number after new, Kr, device id after renewal etc. send jointly to transmission of television center, are sent out by TV Hit the heart and this new Kw and Kr is sent jointly to terminal unit so that terminal unit is according to corresponding After Kr generates the Kd after updating, obtain this new Kw using the Kd after this renewal, and and then according to this New Kw obtains descramble key Ks, and realizes the descrambling of program according to the Ks getting.
Further, in herein described embodiment, terminal unit is generating root key new accordingly And after new device identification, methods described may also include:
The new root key generating and new device identification are saved in the safety storage of described terminal unit In region.That is, can be using secure storage section encrypted memory device key it is ensured that the safety of device keyses Property.
Alternatively, the new root key generating and new device identification are saved in described terminal unit In secure storage section, it may include:
Using described new root key generation number as index, in the secure storage section of described terminal unit Generate a new file for preserving described new root key and described new device identification;And, Described new root key and described new device identification are saved within this new file, and by institute State new root key and after described new device identification is saved within described new file, will be described new The attribute of file be set to only to read (read only) (i.e. all renewals be to add and update it is impossible to replace Change).
That is, in herein described embodiment, can be by creating the SFS (peace with generation number for index Whole file system) file, complete the additional renewal to Kd, i.e. can be all using updating generation number management Device keyses update.Correspondingly, also can be by searching the SFS file with generation number for index, it is right to complete The retrieval of Kd, the embodiment of the present application does not all repeat to this.
Further, it should be noted that due to root key generation number and root key exist corresponding one by one Corresponding relation, thus, described terminal unit is receiving the key updating information that transmission of television center issues Afterwards, can first determine whether whether the root key generation number in this key updating information is stored in terminal equipment side, If the determination result is YES, then can obtain and this root from terminal equipment side directly according to this root key generation number The corresponding root key of key generation number, and need not execute again according to the root in described key updating information The key schedule of cipher generating parameter and the local setting preserving generates the operation of new root key, To reduce processing delay and the processing pressure of system, the embodiment of the present application does not also repeat to this.
The embodiment of the present application one provides a kind of condition receiving method, and terminal unit can be according to transmission of television center Root key generation parameter in the key updating information issuing and the local setting preserving of described terminal unit Key schedule generate new root key, and descramble key is obtained according to described new root key, and, Descrambled according to the program stream that the descramble key getting issues to described transmission of television center, obtain program Clear stream, thus solving user when carrying out receiving using existing CA system, needs cost longer Time carries out the problem updating to realize the descrambling of program of device keyses, improves the reception of CA system Efficiency, improves the application experience of user.
Embodiment two:
Based on same inventive concept, the embodiment of the present application two provides a kind of terminal unit, this terminal unit It is embodied as can be found in the associated description in said method embodiment one, repeats no more in place of repetition, such as Fig. 3 Shown, this terminal unit mainly may include:
Receiver module 31, can be used for receiving the root key generation ginseng including setting that transmission of television center issues The key updating information of number;
Update module 32, can be used for locally being preserved according to described root key generation parameter and described terminal unit The key schedule of setting generate new root key;Wherein, the key schedule of described setting be by The device fabrication side related to described terminal unit is set in advance in the secure storage section of described terminal unit Interior privately owned secret algorithm;Described root key generation parameter is the random number of a M position, and described M is any Positive integer, and, corresponding root key well-determined can be generated according to described root key generation parameter;
Descrambling module 33, can be used for obtaining descramble key according to described new root key, and according to getting The program stream that descramble key issues to described transmission of television center descrambles, and obtains program clear stream.
Further, going back portability in described key updating information has the work after the renewal of encryption close Key;
Described descrambling module 33, is particularly used in the renewal to described encryption according to described new root key Working key afterwards is decrypted, the working key after being updated, and according to the work after described renewal The descramble key of the encryption carrying in the ECM that key issues to described transmission of television center is decrypted, Obtain descramble key.
Further, going back portability in described key updating information has new root key generation number;
Described update module 32, it may also be used for according to described new root key generation number by described terminal unit The low N position of original device mark replace with described new root key generation number, form new equipment mark Know;Wherein, for positive integer and its value is not less than digit shared by root key generation number to described N.
Further, described terminal unit may also include memory module 34:
Described memory module 34, can be used for being saved in the new root key generating and new device identification In the secure storage section of described terminal unit.
Alternatively, described memory module 34 is particularly used in using described new root key generation number as index, Generate in the secure storage section of described terminal unit one new for preserve described new root key and The file of described new device identification;And, described new root key and described new device identification are protected Exist within described file, and described being saved in described new root key and described new device identification After within file, the attribute of described file is set to only read.
In addition, it is necessary to illustrate, described memory module 34 can be additionally used in storing the former of described terminal unit The parameter such as beginning device identification and original root key;And, specifically, can described terminal unit original generation Code name is index, stores the parameters such as the original device mark of described terminal unit and original root key, this Shen This please not repeated embodiment.
Further, it should be noted that due to the root key generation parameter that includes setting key more Fresh information is typically transmission of television and is sent to described terminal unit centrally through EMM information, thus, institute State receiver module 31 be particularly used in receive described transmission of television center issue carry described key updating The EMM information of information, and identified from described EMM information using the original device of described terminal unit Find the information related to itself, and, the original root key based on described terminal unit is to finding The information related to itself be decrypted, obtain including the key of the root key generation parameter of setting more Fresh information.
In addition, it is necessary to illustrate, described receiver module 31 can be additionally used in reception transmission of television center and issues ECM, and receive program stream of issuing of transmission of television center etc., the embodiment of the present application is not gone to live in the household of one's in-laws on getting married to this State.
Based on same inventive concept, the embodiment of the present application two additionally provides a kind of condition receiving system, this condition Reception system be embodied as can be found in the associated description in said method embodiment one, no longer superfluous in place of repetition State, as shown in figure 4, this condition receiving system mainly may include transmission of television center 41 and terminal unit 42, wherein:
Described transmission of television center 41, can be used for issuing the key of the root key generation parameter including setting more Fresh information gives described terminal unit 42;
Described terminal unit 42, can be used for receiving that described transmission of television center 41 issues includes setting The key updating information of root key generation parameter;And set according to described root key generation parameter and described terminal The key schedule of the setting of standby 42 local preservations generates new root key;And, according to described new Root key obtains descramble key, and according to the descramble key getting, described transmission of television center 41 is issued Program stream descrambled, obtain program clear stream.
Further, it should be noted that in described condition receiving system except include transmission of television center 41 And outside terminal unit 42, may also include the equipment such as security server 43, KMC 44, its In:Described security server 43 can be used for when determination need to be updated to device keyses, based on set The root key generation parameter of key schedule and setting generates new root key, and described root key is given birth to Parameter is become to be handed down to described KMC 44;Described KMC 44 can be used for described safety The root key generation parameter that server 43 issues is handed down to transmission of television center 41, and the embodiment of the present application is to this Do not repeat.
It will be understood by those skilled in the art that embodiments herein can be provided as method, device (equipment), Or computer program.Therefore, the application can using complete hardware embodiment, complete software embodiment, Or combine the form of the embodiment of software and hardware aspect.And, the application can using one or more its In include computer-usable storage medium (the including but not limited to disk storage of computer usable program code Device, CD-ROM, optical memory etc.) the upper computer program implemented form.
The application is with reference to according to the method for the embodiment of the present application, device (equipment) and computer program Flow chart and/or block diagram describing.It should be understood that can by computer program instructions flowchart and/or Each flow process in block diagram and/or the flow process in square frame and flow chart and/or block diagram and/or square frame In conjunction with.These computer program instructions can be provided to general purpose computer, special-purpose computer, Embedded Processor Or the processor of other programmable data processing device with produce a machine so that by computer or other The instruction of the computing device of programmable data processing device produce for realizing in one flow process of flow chart or The device of the function of specifying in multiple flow processs and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and computer or other programmable datas can be guided to process and set So that being stored in this computer-readable memory in the standby computer-readable memory working in a specific way Instruction produce and include the manufacture of command device, the realization of this command device is in one flow process or multiple of flow chart The function of specifying in flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, makes Obtain and series of operation steps is executed on computer or other programmable devices to produce computer implemented place Reason, thus the instruction of execution is provided for realizing in flow chart one on computer or other programmable devices The step of the function of specifying in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
Although having been described for the preferred embodiment of the application, those skilled in the art once know base This creative concept, then can make other change and modification to these embodiments.So, appended right will Ask and be intended to be construed to including preferred embodiment and fall into being had altered and changing of the application scope.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this Shen to the application Spirit and scope please.So, if the application these modification and modification belong to the application claim and Within the scope of its equivalent technologies, then the application is also intended to comprise these changes and modification.

Claims (16)

1. a kind of condition receiving method is it is characterised in that include:
Terminal unit receives the key of the root key generation parameter including setting that transmission of television center issues Fresh information;
Generated according to the key of described root key generation parameter and the local setting preserving of described terminal unit Algorithm generates new root key;
Descramble key is obtained according to described new root key, and according to the descramble key getting to described TV The program stream that launching centre issues is descrambled, and obtains program clear stream.
2. the method for claim 1 is it is characterised in that described key updating information is described electricity Depending on launching centre, described terminal unit is handed down to by Entitlement Management Message EMM.
3. method as claimed in claim 1 or 2 is it is characterised in that go back in described key updating information Carry the working key after the renewal of encryption;Then descramble key is obtained according to described new root key, Including:
It is decrypted according to the working key after the renewal to described encryption for the described new root key, obtain Working key after renewal;
The Entitlement Control Message described transmission of television center being issued according to the working key after described renewal The descramble key of the encryption carrying in ECM is decrypted, and obtains descramble key.
4. method as claimed in claim 1 or 2 is it is characterised in that go back in described key updating information Carry new root key generation number;Methods described also includes:
According to described new root key generation number, the low N position of the original device mark of described terminal unit is replaced It is changed to described new root key generation number, form new device identification;Wherein, described N be positive integer and its Value is not less than digit shared by root key generation number.
5. method as claimed in claim 4 is it is characterised in that methods described also includes:
The new root key generating and new device identification are saved in the safety storage of described terminal unit In region.
6. method as claimed in claim 5 is it is characterised in that by the new root key generating and new Device identification be saved in the secure storage section of described terminal unit, including:
Using described new root key generation number as index, in the secure storage section of described terminal unit Generate a new file for preserving described new root key and described new device identification;And, Described new root key and described new device identification are saved within described file, and will be described After new root key and described new device identification are saved within described file, by the genus of described file Property is set to only read.
7. method as claimed in claim 1 or 2 is it is characterised in that the key of described setting generates and calculates Method is to be deposited by the safety that the device fabrication side related to described terminal unit is set in advance in described terminal unit Privately owned secret algorithm in storage area domain.
8. the method for claim 1 is it is characterised in that described root key generation parameter is a M The random number of position, described M is any positive integer;And, can be unique according to described root key generation parameter The generation determining corresponds to root key.
9. a kind of terminal unit is it is characterised in that include:
Receiver module, for receiving the root key generation parameter including setting that transmission of television center issues Key updating information;
Update module, for setting of locally being preserved according to described root key generation parameter and described terminal unit Fixed key schedule generates new root key;
Descrambling module, for obtaining descramble key according to described new root key, and according to the descrambling getting The program stream that key issues to described transmission of television center descrambles, and obtains program clear stream.
10. terminal unit as claimed in claim 9 is it is characterised in that go back in described key updating information Carry the working key after the renewal of encryption;
Described descrambling module, after according to the renewal to described encryption for the described new root key Working key is decrypted, the working key after being updated, and according to the working key after described renewal The descramble key of the encryption carrying in the Entitlement Control Message ECM that described transmission of television center is issued enters Row deciphering, obtains descramble key.
11. terminal units as claimed in claim 9 are it is characterised in that go back in described key updating information Carry new root key generation number;
Described update module, is additionally operable to according to described new root key generation number, described terminal unit is former The low N position of beginning device identification replaces with described new root key generation number, forms new device identification;Its In, for positive integer and its value is not less than digit shared by root key generation number to described N.
12. terminal units as claimed in claim 11 are it is characterised in that described terminal unit also includes Memory module:
Described memory module, described for being saved in the new root key generating and new device identification In the secure storage section of terminal unit.
13. terminal units as claimed in claim 12 it is characterised in that
Described memory module, specifically for using described new root key generation number as index, at described end Generate in the secure storage section of end equipment one new for preserving described new root key and described new The file of device identification;And, described new root key and described new device identification are saved in institute State within file, and described new root key and described new device identification are being saved in described file Within after, the attribute of described file is set to only read.
14. terminal units as claimed in claim 9 are it is characterised in that the key of described setting generates and calculates Method is to be deposited by the safety that the device fabrication side related to described terminal unit is set in advance in described terminal unit Privately owned secret algorithm in storage area domain.
15. terminal units as claimed in claim 9 are it is characterised in that described root key generation parameter is The random number of one M position, described M is any positive integer;And, can according to described root key generation parameter Well-determined generation corresponds to root key.
A kind of 16. condition receiving systems it is characterised in that including transmission of television center and terminal unit, Wherein:
Described terminal unit, for receiving the root key life including setting that described transmission of television center issues Become the key updating information of parameter;And locally protected according to described root key generation parameter and described terminal unit The key schedule of the setting deposited generates new root key;And, solution is obtained according to described new root key Disturb key, and solved according to the program stream that the descramble key getting issues to described transmission of television center Disturb, obtain program clear stream.
CN201510483860.XA 2015-08-07 2015-08-07 Conditional access method and related equipment and system Active CN106454435B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510483860.XA CN106454435B (en) 2015-08-07 2015-08-07 Conditional access method and related equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510483860.XA CN106454435B (en) 2015-08-07 2015-08-07 Conditional access method and related equipment and system

Publications (2)

Publication Number Publication Date
CN106454435A true CN106454435A (en) 2017-02-22
CN106454435B CN106454435B (en) 2020-01-24

Family

ID=58092421

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510483860.XA Active CN106454435B (en) 2015-08-07 2015-08-07 Conditional access method and related equipment and system

Country Status (1)

Country Link
CN (1) CN106454435B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156494A (en) * 2017-12-27 2018-06-12 青岛海信电器股份有限公司 The method, apparatus and digital TV terminal of digital television program descrambling
CN114531237A (en) * 2022-04-21 2022-05-24 八维通科技有限公司 Root key upgrading method of integrated gateway based on embedded platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236959A1 (en) * 2003-05-23 2004-11-25 Henri Kudelski Security key generation method
CN201127083Y (en) * 2007-09-19 2008-10-01 中兴通讯股份有限公司 Equipment for implementing multimedia broadcast safety
CN102752635A (en) * 2012-02-23 2012-10-24 中央电视台 Downloadable and replaceable condition receiving system
CN102752662A (en) * 2012-02-23 2012-10-24 中央电视台 Root key generation method, module and chip of conditional access system receiving terminal and receiving terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040236959A1 (en) * 2003-05-23 2004-11-25 Henri Kudelski Security key generation method
CN201127083Y (en) * 2007-09-19 2008-10-01 中兴通讯股份有限公司 Equipment for implementing multimedia broadcast safety
CN102752635A (en) * 2012-02-23 2012-10-24 中央电视台 Downloadable and replaceable condition receiving system
CN102752662A (en) * 2012-02-23 2012-10-24 中央电视台 Root key generation method, module and chip of conditional access system receiving terminal and receiving terminal

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156494A (en) * 2017-12-27 2018-06-12 青岛海信电器股份有限公司 The method, apparatus and digital TV terminal of digital television program descrambling
CN108156494B (en) * 2017-12-27 2020-12-22 海信视像科技股份有限公司 Method and device for descrambling digital television program and digital television terminal
CN114531237A (en) * 2022-04-21 2022-05-24 八维通科技有限公司 Root key upgrading method of integrated gateway based on embedded platform
CN114531237B (en) * 2022-04-21 2022-07-19 八维通科技有限公司 Root key upgrading method of integrated gateway based on embedded platform

Also Published As

Publication number Publication date
CN106454435B (en) 2020-01-24

Similar Documents

Publication Publication Date Title
CA3041664C (en) Data transmission method, apparatus and system
CN105260668A (en) File encryption method and electronic device
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN105450620A (en) Information processing method and device
CN101018320A (en) A digital TV condition receiving system and its encryption method
CN106571915A (en) Terminal master key setting method and apparatus
CN106452770A (en) Data encryption method and apparatus, data decryption method and apparatus, and system
CN107707562B (en) Method and device for encrypting and decrypting algorithm of asymmetric dynamic token
CN103067166A (en) Grading mixing encryption method and device of intelligent family system
CN101562520B (en) Method and system for distributing service secret keys
CN113326518B (en) Data processing method and device
CN106454435A (en) Conational access method, related device, and system
CN114244493A (en) Block chain-based key management method capable of being updated inadvertently with threshold
CN101399662B (en) Method, system, conditional receiving module and customer terminal for obtaining service key
CN109428712A (en) Data Encrypt and Decrypt method and data Encrypt and Decrypt system
CN108134777A (en) A kind of communication encryption system based on timestamp
CN107872312B (en) Method, device, equipment and system for dynamically generating symmetric key
CN105978876B (en) A kind of instruction encryption method applied in broadcast communication
US9735956B2 (en) Key ladder apparatus and method
CN114401148A (en) Communication data encryption and decryption optimization method
CN114866312A (en) Common data determination method and device for protecting data privacy
CN114710693A (en) Video stream distributed transmission method and device
CN106357390A (en) Dynamic encryption method and device
CN109426727A (en) Data ciphering method, decryption method, encryption system and decryption system
EP2668737A1 (en) Controlled security domains

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1233405

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant