CN109391594A - Security certification system and method - Google Patents
Security certification system and method Download PDFInfo
- Publication number
- CN109391594A CN109391594A CN201710673014.3A CN201710673014A CN109391594A CN 109391594 A CN109391594 A CN 109391594A CN 201710673014 A CN201710673014 A CN 201710673014A CN 109391594 A CN109391594 A CN 109391594A
- Authority
- CN
- China
- Prior art keywords
- terminal
- authentication information
- video server
- public key
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a kind of safety certifying method and systems, are related to information security field.Safety certifying method include: video server sent in response to terminal access request, according to the first public key generate include the second public key the first authentication information, and to terminal return the first authentication information;Terminal carries out the first certification to the first authentication information using the first private key in the inter-trust domain module of terminal;Terminal generates the second authentication information using the second public key in the first authentication information, and returns to the second authentication information to video server;Video server carries out the second certification to the second authentication information using the second private key;Pass through in response to the first certification and the second certification, video server or terminal determine that safety certification passes through.To guarantee the legitimacy of terminal, and can guarantee the legitimacy of the video server of terminal access, effectively prevent the digital publishing rights of video content by unauthorized theft, realize the protection to video content.
Description
Technical field
The present invention relates to information security field, in particular to a kind of security certification system and method.
Background technique
The resolution ratio of original TV is substantially improved 4K video, has reached 3840x2160 pixel or more, can enable view
The visual effect of frequency is greatly improved, and improves the experience of user's perception.
There is 4K video content in major content copyright side stringent digital publishing rights requirement, is distinctly claimed and interacts in operation
It needs to carry out copyright guarantor to video content when the business such as formula Web TV (IPTV, Internet Protocol Television)
Shield, relevant system or equipment must have content protecting ability, prevent from being played by illegal piracy.
However, the audio/video player systems such as IPTV in the prior art are not verified the safety of equipment, or by taking
Business device simply verifies terminal, keeps the safety of system lower, and video content is easy by unauthorized theft.
Summary of the invention
One technical problem to be solved by the embodiment of the invention is that: how to improve the safety of video content protection.
First aspect according to an embodiment of the present invention provides a kind of safety certifying method, comprising: video server response
In terminal send access request, according to the first public key generate the first authentication information, and to terminal return the first authentication information,
In, it include the second public key in the first authentication information;Terminal is authenticated using the first private key in the inter-trust domain module of terminal to first
Information carries out the first certification, wherein the first public key and the first private key are pairwise key;Terminal is using the in the first authentication information
Two public keys generate the second authentication information, and return to the second authentication information to video server;Video server uses the second private key
Second certification is carried out to the second authentication information, wherein the second public key and the second private key are pairwise key;In response to first certification and
Second certification passes through, and video server or terminal determine that safety certification passes through.
In one embodiment, the access request that video server sends the second public key and terminal using the first public key
In terminal iidentification carry out encryption generate the first authentication information, and to terminal return the first authentication information.
In one embodiment, terminal encrypts the first authentication information using the second public key in the first authentication information
The second authentication information is generated, and returns to the second authentication information to video server.
In one embodiment, further includes: terminal reading terminals from inter-trust domain module identify, and send out to video server
Send the access request including terminal iidentification.
In one embodiment, terminal iidentification includes equipment mark code and 4K host ID.
In one embodiment, safety certifying method further include: terminal passes through in response to safety certification, using inter-trust domain mould
The encrypted video that video key pair video server in block is sent is decrypted.
In one embodiment, terminal is set-top box.
The second aspect according to an embodiment of the present invention provides a kind of security certification system, comprising: terminal, terminal can
The first private key is stored in letter domain module, terminal is configured as receiving the first authentication information of video server transmission and use
First private key carries out the first certification to the first authentication information, and generates second using the second public key in the first authentication information and recognize
It demonstrate,proves information and returns to the second authentication information to video server;Video server is stored with the first public key, the second public key and
Two private keys, it includes the second public key that the access request that video server is configured to respond to terminal transmission is generated according to the first public key
The first authentication information and return to the first authentication information to terminal, and the is carried out to the second authentication information using the second private key
Two certifications, and pass through in response to the first certification and the second certification, determine that safety certification passes through;Wherein, the first public key and first
Private key is pairwise key, and the second public key and the second private key are pairwise key.
In one embodiment, video server is configured to using the first public key to the second public key and terminal
Terminal iidentification in the access request of transmission carries out encryption and generates the first authentication information, and returns to the first authentication information to terminal.
In one embodiment, terminal is configured to recognize using the second public key in the first authentication information first
Card information carries out encryption and generates the second authentication information, and returns to the second authentication information to video server.
In one embodiment, terminal is additionally configured to from inter-trust domain module reading terminals and identifies, and to Video service
Device sends the access request including terminal iidentification.
In one embodiment, terminal iidentification includes equipment mark code and 4K host ID.
In one embodiment, terminal is additionally configured to pass through in response to safety certification, using the view in inter-trust domain module
The encrypted video that frequency key pair video server is sent is decrypted.
In one embodiment, terminal is set-top box.
One embodiment in foregoing invention have the following advantages that or the utility model has the advantages that the terminal in the present invention to Video service
Device is authenticated, video server also authenticates terminal, so that realize between terminal and video server two-way recognizes
Card can either guarantee the legitimacy of terminal, avoid revealing copyrighted content from terminal side, and can guarantee that terminal accesses
Video server legitimacy, avoid terminal from receiving the content that illegal server provides, effectively prevent the number of video content
Letter is weighed by unauthorized theft, and the protection to video content is realized.
By referring to the drawings to the detailed description of exemplary embodiment of the present invention, other feature of the invention and its
Advantage will become apparent.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the structure chart of one embodiment of security certification system of the present invention.
Fig. 2 is the flow chart of one embodiment of safety certifying method of the present invention.
Fig. 3 is the flow chart of another embodiment of safety certifying method of the present invention.
Fig. 4 is the flow chart of another embodiment of safety certifying method of the present invention.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Below
Description only actually at least one exemplary embodiment be it is illustrative, never as to the present invention and its application or make
Any restrictions.Based on the embodiments of the present invention, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall within the protection scope of the present invention.
Unless specifically stated otherwise, positioned opposite, the digital table of the component and step that otherwise illustrate in these embodiments
It is not limited the scope of the invention up to formula and numerical value.
Simultaneously, it should be appreciated that for ease of description, the size of various pieces shown in attached drawing is not according to reality
Proportionate relationship draw.
Technology, method and apparatus known to person of ordinary skill in the relevant may be not discussed in detail, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing part of specification.
It is shown here and discuss all examples in, any occurrence should be construed as merely illustratively, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, then in subsequent attached drawing does not need that it is further discussed.
Fig. 1 is the structure chart of one embodiment of security certification system of the present invention.As shown in Figure 1, the short message of the embodiment
Receive-transmit system includes video server 11 and terminal 12.
Video server 11 is the equipment of network side, such as can be the content server of video website, terminal management system
Equipment in system (Terminal Management System, TMS), is also possible to be exclusively used in the server of safety certification.Depending on
Frequency server 11 provides video content and other related datas to terminal 12, so that terminal 12 plays out or shows.
The first public key, the second public key and the second private key are stored in video server 11.
Terminal 12 be user side equipment, for receive video server 11 transmission video, and play or after treatment
Other users equipment is transferred to play out.The equipment such as can be set-top box, TV box of terminal 12.
The first private key is stored in terminal 12, and the first private key is stored in the inter-trust domain module of terminal 12.Inter-trust domain
Module is the safety zone of terminal 12, does not provide modification authority to user, and the content in inter-trust domain module can only be read out behaviour
Make.
First private key for example can terminal 12 dispatch from the factory when burning in the safety zone of terminal 12.
In an embodiment of the present invention, the first public key and the first private key are pairwise key, and the second public key and the second private key are
Pairwise key.That is, can be decrypted using the first private key by the content after the first public key encryption, after the second public key encryption
Content can be decrypted using the second private key.
Terminal 12 is configured as receiving the first authentication information of the transmission of video server 11 and using the first private key to first
Authentication information carries out the first certification, and using the second public key in the first authentication information generates the second authentication information and to view
Frequency server 11 returns to the second authentication information;Video server 11 be configured to respond to terminal 12 transmission access request according to
First public key, which generates, includes that the first authentication information of the second public key simultaneously returns to the first authentication information to terminal 12, and using the
Two private keys carry out the second certification to the second authentication information.
Video server 11 or terminal 12 pass through in response to the first certification and the second certification, determine that safety certification passes through.
Through the foregoing embodiment, the terminal in the present invention authenticates video server, video server is also to terminal
It is authenticated, to realize the two-way authentication between terminal and video server, can either guarantee the legitimacy of terminal, avoid
Copyrighted content is revealed from terminal side, and can guarantee the legitimacy of the video server of terminal access, avoid terminal
The content that illegal server provides is received, the digital publishing rights of video content is effectively prevented by unauthorized theft, realizes to video
The protection of content.
The encrypted object of video server 11 and terminal 12 can be the data that both sides have.
In one embodiment, video server 11 was configured to using the first public key to the second public key and end
The terminal iidentification in access request that end 12 is sent carries out encryption and generates the first authentication information, and returns to the first certification to terminal 12
Information.
In one embodiment, terminal 12 is configured to using the second public key in the first authentication information to first
Authentication information carries out encryption and generates the second authentication information.
Referring to the terminal and video server, the safety certification for describing in conjunction with Fig. 2 one embodiment of the invention in Fig. 1
Method.
Fig. 2 is the flow chart of one embodiment of safety certifying method of the present invention.As shown in Fig. 2, the safety of the embodiment
Authentication method includes step S202~S210.
In step S202, access request that video server 11 is sent in response to terminal generates the according to the first public key
One authentication information, and the first authentication information is returned to terminal, wherein it include the second public key in first authentication information.
Terminal 12 for example can send access request to video server 11 when accessing video server 11, or ask
The preparation of video server 11 is asked to send access request when issuing video.Certainly, other hairs also can be set in those skilled in the art
Opportunity or the mode of access request are sent, which is not described herein again.
In one embodiment, terminal 12 reading terminals can be identified from the inter-trust domain module of terminal 12, and to video
Server 11 sends the access request including terminal iidentification.
Video server 11 can carry out the information that the second public key and video server 11 and terminal 12 are provided simultaneously with
Encryption.For example, if in access request including terminal iidentification, video server 11 can to the second public key and terminal iidentification into
Row encryption, terminal iidentification for example may include equipment mark code and 4K host ID;In another example video server 11 can root
According to the facility information of the source address inquiry terminal 12 in access request, and the second public key and facility information are encrypted;Again
It is encrypted for example, video server 11 can stab the sending time of the second public key and access request.As needed, ability
Field technique personnel can also be using other cipher modes, and which is not described herein again.
In step S204, terminal 12 using terminal 12 inter-trust domain module in the first private key to the first authentication information into
Row first authenticates.
First public key and the first private key are pairwise key.Therefore, terminal 12 can believe the first certification using the first private key
Breath is decrypted, and compares the corresponding informance of decrypted result and the storage of terminal 12.If pair that decrypted result and terminal 12 store
Answer information consistent, then the first certification passes through.
Terminal 12 can obtain the second public key in the first authentication information after successful decryption, and carry out step S206.
In step S206, terminal 12 generates the second authentication information using the second public key in the first authentication information, and to
Video server 11 returns to the second authentication information.
The information that terminal 12 can be provided simultaneously with video server 11 and terminal 12 encrypts.Specific embodiment
Step S202 can be referred to.
In step S208, video server 11 carries out the second certification to the second authentication information using the second private key.
Second public key and the second private key are pairwise key.Therefore, video server 11 can be using the second private key to second
Authentication information is decrypted, and compares the corresponding informance that decrypted result and video server 11 store.If decrypted result and view
The corresponding informance that frequency server 11 stores is consistent, then the second certification passes through.
In step S210, pass through in response to the first certification and the second certification, video server 11 or terminal 12 determine peace
Full certification passes through.
After determining that safety certification passes through, video server 11 can establish data content transmission with terminal 12 and connect,
So that video server 11 issues video content to terminal 12.
Through the foregoing embodiment, the two-way authentication between terminal and video server is realized, can either guarantee terminal
Legitimacy avoids revealing copyrighted content from terminal side, and can guarantee the legal of the video server that terminal accesses
Property, avoid terminal from receiving the content that illegal server provides, effectively prevent the digital publishing rights of video content by unauthorized theft, it is real
The protection to video content is showed.
Video server 11 and terminal 12 in Fig. 1 embodiment can also be further configured.
In one embodiment, terminal 12 can be additionally configured to the reading terminals mark from the inter-trust domain module of terminal 12
Know, and sends the access request including terminal iidentification to video server 11.
Terminal iidentification for example may include equipment mark code and 4K host ID.
4K video has higher requirement to the safety of broadcasting, such as requires to be only capable of playing using particular device.Therefore, eventually
The equipment mark codes that end 12 can send itself, for example, device numbering, hardware identifier, equipment Serial Number (Serial Number,
) or fixed network address etc. SN;In addition, terminal 12 can also send 4K host ID, to show that terminal 12 has permission
Play 4K video.
To which security certification system provided by the invention can provide safe transmission environment for 4K video.
The safety certifying method of another embodiment of the present invention is described below with reference to Fig. 3.
Fig. 3 is the flow chart of another embodiment of safety certifying method of the present invention.As shown in figure 3, the side of the embodiment
Method includes step S302~S320, can also include step S322 as needed.
In step s 302, terminal 12 reads equipment mark code and 4K host ID from inter-trust domain module.
In step s 304, it includes connecing for equipment mark code and 4K host ID that terminal 12 is sent to video server 11
Enter request.
In step S306, video server 11 is using the first public key to the equipment mark in the second public key and access request
Know code and 4K host ID carries out encryption and generates the first authentication information.
Video server 11 can be respectively written into the second public key in the preset position in preset field or character string, set
Standby identification code and 4K host ID, so that terminal 12 can obtain the corresponding contents of each part after decryption.
In step S308, video server 11 returns to the first authentication information to terminal 12.
In step s310, terminal 12 using terminal 12 inter-trust domain module in the first private key to the first authentication information into
Row decryption.
First public key and the first private key are pairwise key.
In step S312, terminal 12 compares the equipment mark code stored in inter-trust domain module and 4K host ID and solution
Whether the corresponding contents in result after close are identical.
If it is different, terminal 12 determines that safety certification does not pass through.At this point, terminal 12 can notify the safety of video server 11
Authenticate unacceptable as a result, being transmitted without data therebetween.Terminal 12 can re-initiate request, or selection connects it
His server.
If identical, the first certification passes through, and executes step S314.
In step S314, terminal 12 carries out encryption to the first authentication information using the second public key and generates the second certification letter
Breath.
In step S316, terminal 12 returns to the second authentication information to video server 11.
In step S318, video server 11 is decrypted the second authentication information using the second private key.
Second public key and the second private key are pairwise key.
In step s 320, video server 11 compares first that the result after decryption is pre-generated with video server 11
Whether authentication information is identical.
If it is different, video server 11 determines that safety certification does not pass through.At this point, video server 11 can notify terminal
12 safety certifications are unacceptable as a result, transmitting without data therebetween.Terminal 12 can re-initiate request, or selection
Connect other servers.
If identical, video server 11 determines that safety certification passes through.At this point, video server 11 can notify terminal 12
It is that safety certification passes through as a result, it is between the two can establish transmission of video connection.
For example, may include step S322.
In step S322, transmission of video connection is established between video server 11 and terminal 12.
In addition, the encrypted video that terminal 12 can also be sent using the video key pair video server in inter-trust domain module
It is decrypted.
To further ensure the safety of digital content.
Method through the foregoing embodiment can provide safe transmission environment for 4K video, realize in 4K video
The protection of appearance.
In a network, for partial programme source, equipment needs to carry out it stringent content protecting, and partial programme source
Security requirement is then relatively low.The net that the present disclosure applies equally to two kinds of security levels different program source or playback equipment and deposit
Network or system.The safety certifying method of another embodiment of the invention is described below with reference to Fig. 4.
Fig. 4 is the flow chart of another embodiment of safety certifying method of the present invention.As shown in figure 4, the side of the embodiment
Method includes step S402~S416.
In step S402, video server 11 receives the access request that terminal 12 is sent.
In step s 404, video server 11 judges whether to need to carry out safety according to the terminal iidentification in access request
Certification.
If terminal iidentification corresponds to higher security level, such as has 4K host ID in terminal iidentification, then judge
It needs to carry out safety certification, executes step S406~S416;If terminal iidentification corresponds to lower security level, such as terminal mark
There is no 4K host ID in knowledge, which is ordinary terminal, then without carrying out safety certification, directly execution step S416.
In step S406, video server 11 generates the first authentication information including the second public key according to the first public key,
And the first authentication information is returned to terminal 12.
In step S408, terminal 12 using terminal 12 inter-trust domain module in the first private key to the first authentication information into
Row first authenticates.
First public key and the first private key are pairwise key
In step S410, terminal 12 generates the second authentication information using the second public key, and returns to video server 11
Second authentication information.
In step S412, video server 11 carries out the second certification to the second authentication information using the second private key.
Second public key and the second private key are pairwise key.
In step S414, pass through in response to the first certification and the second certification, video server 11 or terminal 12 determine peace
Full certification passes through.
In step S416, video server 11 and terminal 12 are established data transmission and are connected.
Method through the foregoing embodiment, video server 11 can be the terminal with different demand for security types simultaneously
It is serviced, so that the video content that there is different content protection to require is handed down to different types of terminal.
After through safety certification, the terminal 12 that the embodiment of the present invention provides can also be in playing process further
Improve safety.
In one embodiment, terminal 12 can be additionally configured to pass through in response to safety certification, using inter-trust domain module
In video key pair video server send encrypted video be decrypted.
To which the video content after decryption can be transferred to playing module to play out by terminal 12.
The embodiment of the present invention also provides a kind of computer readable storage medium, is stored thereon with computer program, special
Sign is that the program realizes any one aforementioned short message receiving-transmitting method when being executed by processor.
Those skilled in the art should be understood that the embodiment of the present invention can provide as method, system or computer journey
Sequence product.Therefore, complete hardware embodiment, complete software embodiment or combining software and hardware aspects can be used in the present invention
The form of embodiment.Moreover, it wherein includes the calculating of computer usable program code that the present invention, which can be used in one or more,
Machine can use the meter implemented in non-transient storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of calculation machine program product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It is interpreted as to be realized by computer program instructions each in flowchart and/or the block diagram
The combination of process and/or box in process and/or box and flowchart and/or the block diagram.It can provide these computer journeys
Sequence instruct to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices processor with
A machine is generated, so that the instruction generation executed by computer or the processor of other programmable data processing devices is used for
Realize the dress for the function of specifying in one or more flows of the flowchart and/or one or more blocks of the block diagram
It sets.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (14)
1. a kind of safety certifying method characterized by comprising
Access request that video server is sent in response to terminal generates the first authentication information according to the first public key, and to terminal
Return to the first authentication information, wherein include the second public key in first authentication information;
Terminal carries out the first certification to first authentication information using the first private key in the inter-trust domain module of terminal, wherein
First public key and the first private key are pairwise key;
Terminal generates the second authentication information using the second public key in the first authentication information, and returns to second to video server and recognize
Demonstrate,prove information;
Video server carries out the second certification to second authentication information using the second private key, wherein the second public key and second
Private key is pairwise key;
Pass through in response to first certification and second certification, video server or terminal determine that safety certification passes through.
2. safety certifying method according to claim 1, which is characterized in that
The terminal iidentification in access request that video server sends the second public key and terminal using the first public key adds
It is dense to return to the first authentication information at the first authentication information, and to terminal.
3. safety certifying method according to claim 1, which is characterized in that
Terminal carries out encryption to the first authentication information using the second public key in the first authentication information and generates the second authentication information, and
The second authentication information is returned to video server.
4. the safety certifying method stated according to claim 1, which is characterized in that further include:
Terminal reading terminals from the inter-trust domain module identify, and sending to video server includes connecing for the terminal iidentification
Enter request.
5. safety certifying method according to claim 2 or 4, which is characterized in that the terminal iidentification includes device identification
Code and 4K host ID.
6. safety certifying method described in any one of -4 according to claim 1, which is characterized in that further include:
Terminal passes through in response to the safety certification, is sent using the video key pair video server in the inter-trust domain module
Encrypted video be decrypted.
7. safety certifying method described in any one of -4 according to claim 1, which is characterized in that the terminal is set-top box.
8. a kind of security certification system characterized by comprising
Terminal, is stored with the first private key in the inter-trust domain module of terminal, and the terminal, which is configured as receiving video server, to be sent
The first authentication information and using the first private key to first authentication information carry out first certification, and using first certification
The second public key in information generates the second authentication information and returns to the second authentication information to video server;
Video server, is stored with the first public key, the second public key and the second private key, and the video server is configured to respond to
The access request that terminal is sent is generated according to the first public key to be included the first authentication information of the second public key and returns to first to terminal
Authentication information, and the second certification is carried out to second authentication information using the second private key, and recognize in response to described first
Card and second certification pass through, and determine that safety certification passes through;
Wherein, the first public key and the first private key are pairwise key, and the second public key and the second private key are pairwise key.
9. security certification system according to claim 8, which is characterized in that the video server is configured to
The terminal iidentification in access request sent using the first public key to the second public key and terminal is carried out encryption and generates the first certification
Information, and the first authentication information is returned to terminal.
10. security certification system according to claim 8, which is characterized in that the terminal is configured to use
The second public key in first authentication information carries out encryption to the first authentication information and generates the second authentication information, and to video server
Return to the second authentication information.
11. security certification system according to claim 8, which is characterized in that the terminal is additionally configured to from inter-trust domain
Reading terminals identify in module, and send the access request including the terminal iidentification to video server.
12. the security certification system according to claim 9 or 11, which is characterized in that the terminal iidentification includes equipment mark
Know code and 4K host ID.
13. the security certification system according to any one of claim 8-11, which is characterized in that the terminal is also configured
To pass through in response to safety certification, carried out using the encrypted video that the video key pair video server in inter-trust domain module is sent
Decryption.
14. the security certification system according to any one of claim 8-11, which is characterized in that the terminal is machine top
Box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710673014.3A CN109391594B (en) | 2017-08-09 | 2017-08-09 | Security authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710673014.3A CN109391594B (en) | 2017-08-09 | 2017-08-09 | Security authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109391594A true CN109391594A (en) | 2019-02-26 |
| CN109391594B CN109391594B (en) | 2021-07-30 |
Family
ID=65413966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710673014.3A Active CN109391594B (en) | 2017-08-09 | 2017-08-09 | Security authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109391594B (en) |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008045773A2 (en) * | 2006-10-10 | 2008-04-17 | Qualcomm Incorporated | Method and apparatus for mutual authentication |
| CN101222488A (en) * | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| CN101431415A (en) * | 2008-12-12 | 2009-05-13 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method |
| US20090199303A1 (en) * | 2008-02-01 | 2009-08-06 | Samsung Electronics Co., Ltd. | Ce device management server, method of issuing drm key by using ce device management server, and computer readable recording medium |
| CN101719910A (en) * | 2009-11-16 | 2010-06-02 | 北京数字太和科技有限责任公司 | Terminal equipment for realizing content protection and transmission method thereof |
| CN101958904A (en) * | 2010-10-12 | 2011-01-26 | 高斯贝尔数码科技股份有限公司 | User identity (Id) security authentication system and method for interactive digital television system |
| US20110314284A1 (en) * | 2010-06-21 | 2011-12-22 | Che-Yang Chou | Method for securing transmission data and security system for implementing the same |
| CN102868519A (en) * | 2011-07-04 | 2013-01-09 | 周哲仰 | Data security method and system |
| CN103095704A (en) * | 2013-01-15 | 2013-05-08 | 杭州华三通信技术有限公司 | Trusted medium online validation method and device |
| CN105530253A (en) * | 2015-12-17 | 2016-04-27 | 河南大学 | Wireless sensor network access authentication method based on CA certificate and under Restful architecture |
| CN105554747A (en) * | 2016-01-29 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Wireless network connecting method, device and system |
| CN105872848A (en) * | 2016-06-13 | 2016-08-17 | 北京可信华泰信息技术有限公司 | Credible two-way authentication method applicable to asymmetric resource environment |
| WO2017004470A1 (en) * | 2015-06-30 | 2017-01-05 | Visa International Service Association | Mutual authentication of confidential communication |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| EP3193486A1 (en) * | 2016-01-15 | 2017-07-19 | Fujitsu Limited | Mutual authentication method, authentication apparatus, and authentication program |
-
2017
- 2017-08-09 CN CN201710673014.3A patent/CN109391594B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008045773A2 (en) * | 2006-10-10 | 2008-04-17 | Qualcomm Incorporated | Method and apparatus for mutual authentication |
| CN101222488A (en) * | 2007-01-10 | 2008-07-16 | 华为技术有限公司 | Method and network authentication server for controlling client terminal access to network appliance |
| US20090199303A1 (en) * | 2008-02-01 | 2009-08-06 | Samsung Electronics Co., Ltd. | Ce device management server, method of issuing drm key by using ce device management server, and computer readable recording medium |
| CN101431415A (en) * | 2008-12-12 | 2009-05-13 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method |
| CN101719910A (en) * | 2009-11-16 | 2010-06-02 | 北京数字太和科技有限责任公司 | Terminal equipment for realizing content protection and transmission method thereof |
| US20110314284A1 (en) * | 2010-06-21 | 2011-12-22 | Che-Yang Chou | Method for securing transmission data and security system for implementing the same |
| CN101958904A (en) * | 2010-10-12 | 2011-01-26 | 高斯贝尔数码科技股份有限公司 | User identity (Id) security authentication system and method for interactive digital television system |
| CN102868519A (en) * | 2011-07-04 | 2013-01-09 | 周哲仰 | Data security method and system |
| CN103095704A (en) * | 2013-01-15 | 2013-05-08 | 杭州华三通信技术有限公司 | Trusted medium online validation method and device |
| WO2017004470A1 (en) * | 2015-06-30 | 2017-01-05 | Visa International Service Association | Mutual authentication of confidential communication |
| CN105530253A (en) * | 2015-12-17 | 2016-04-27 | 河南大学 | Wireless sensor network access authentication method based on CA certificate and under Restful architecture |
| EP3193486A1 (en) * | 2016-01-15 | 2017-07-19 | Fujitsu Limited | Mutual authentication method, authentication apparatus, and authentication program |
| CN105554747A (en) * | 2016-01-29 | 2016-05-04 | 腾讯科技(深圳)有限公司 | Wireless network connecting method, device and system |
| CN105872848A (en) * | 2016-06-13 | 2016-08-17 | 北京可信华泰信息技术有限公司 | Credible two-way authentication method applicable to asymmetric resource environment |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109391594B (en) | 2021-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2352985C2 (en) | Method and device for authorisation of operations with content | |
| RU2504005C2 (en) | Digital rights management apparatus and method | |
| KR100746030B1 (en) | Method and apparatus for generating rights object with representation by commitment | |
| US7224805B2 (en) | Consumption of content | |
| US7698743B2 (en) | Authentication server, method and system for detecting unauthorized terminal | |
| US7788728B2 (en) | Method and apparatus for limiting number of times contents can be accessed using hash chain | |
| CN100365972C (en) | Method of establishing home domain through device authentication using smart card, and smart card for the same | |
| CN1812416B (en) | Method for managing consumption of digital contents within a client domain and devices implementing this method | |
| CN101977190B (en) | Digital content encryption transmission method and server side | |
| CN103440436A (en) | Digital rights management system and methods for accessing content from an intelligent storag | |
| CN106033503A (en) | Method, device and system of online writing application secret key into digital content equipment | |
| CN1604522A (en) | Method of creating domain based on public key cryptography | |
| CN106571951A (en) | Audit log obtaining, generating and verifying method and system and device | |
| CN102281300A (en) | digital rights management license distribution method and system, server and terminal | |
| CN103841469A (en) | Digital film copyright protection method and device | |
| CN109151507A (en) | Audio/video player system and method | |
| US8220059B2 (en) | Method and apparatus for generating rights object by reauthorization | |
| CN104462877B (en) | A kind of digital resource acquisition method under copyright protection and system | |
| CN102546528A (en) | Stream media playing method and stream media playing equipment | |
| CN106131603B (en) | A kind of video broadcasting method and system based on dynamic dictionary | |
| CN103442020B (en) | The method sharing digital license authorization certificate between terminal unit | |
| CN109391594A (en) | Security certification system and method | |
| CN104994411A (en) | Digital copyright protection system for high-definition videos of mobile Internet | |
| CN101404573A (en) | Authorization method, system and apparatus | |
| JP2023012090A (en) | Verification system, distribution server and browser |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |