CN109728912A - Broadcasting content safe transmission method, system and terminal - Google Patents
Broadcasting content safe transmission method, system and terminal Download PDFInfo
- Publication number
- CN109728912A CN109728912A CN201711038944.8A CN201711038944A CN109728912A CN 109728912 A CN109728912 A CN 109728912A CN 201711038944 A CN201711038944 A CN 201711038944A CN 109728912 A CN109728912 A CN 109728912A
- Authority
- CN
- China
- Prior art keywords
- key
- terminal
- content
- drm platform
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention provides a kind of broadcasting content safe transmission method, system and terminal, method therein includes: to be authenticated in terminal booting with digital copyright management DRM platform, and terminal issues terminal key to DRM platform request after through certification;Content key after encryption is sent to terminal by DRM platform, and terminal is decrypted the content key after encryption based on terminal key, obtains content key and the broadcasting content that DRM platform issues is decrypted based on content key.Method and Internet of things system of the invention constructs high safety trust chain using level Four key, trust chain is implemented into terminal and session-level, greatly improves the safety of content key;The root key advantage for taking full advantage of the safety chip of terminal, substantially increases the efficiency of copyright protection, carries out the copyright protection application scenarios of full 4K business etc. suitable for current scale.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of broadcasting content safe transmission methods, system and terminal.
Background technique
With the development of the technologies such as 4K (4096 × 2160 pixel resolutions)/Virtual Reality, content (film, video
Deng) value it is higher and higher.For pirate mode increasingly hiddenization of content, sharing model is mainly downloaded by P2P, steals chain
Mode, Dropbox mode, movement/OTT aggregation scheme etc., so that anti-piracy and evidence obtaining difficulty is continuously increased.Currently, content provides
Quotient CP increasingly payes attention to copyright protection, and industry has generally been implemented to carry out DRM (Digital Rights to high-definition content
Management, digital copyright management) protection, it prevents content from being used by piracy, still, currently prevents from letting out due to key not yet
Leakage and caused by the effective ways that fail comprehensively of content antitheft mechanism.
Summary of the invention
One or more embodiments of the invention provides a kind of broadcasting content safe transmission method, system and terminal.
According to one aspect of the disclosure, a kind of broadcasting content safe transmission method is provided, comprising: in terminal booting,
The terminal is authenticated with digital copyright management DRM platform;If authenticated successfully, the terminal is asked to the DRM platform
It asks and issues terminal key;The terminal sends encrypted content playing request to the DRM platform, and the DRM platform will be by adding
It is close that treated that content key is sent to the terminal;The terminal be based on the terminal key to described after encryption
Content key be decrypted, obtain the content key and the DRM platform issued based on the content key
Broadcasting content is decrypted.
Optionally, it includes: that the terminal receives what the DRM platform was sent that the terminal and DRM platform, which carry out certification,
Session key public key and the first challenge word;The terminal obtains the sequence number SN and identification number IN of itself, is based on the SN and institute
It states IN and calculates the second challenge word;The first challenge word is compared the terminal with the second challenge word, if compared
As a result identical as the second challenge word for the first challenge word, then authenticate success.
Optionally, the SN and IN is as the burning of hardware trusted root key in the safety chip OTP of the terminal.
Optionally, it includes: that the terminal generates authen session that the terminal, which issues terminal key to DRM platform request,
Key R1 and label Token will use the R1 after the session key public key encryption and the Token to be sent to described
DRM platform;The DRM platform using after session key private key pair encryption the R1 and the Token be decrypted, obtain
It takes and stores the R1 and the Token;The DRM platform uses the R1 ciphering terminal secret key and private key, and will be encrypted
Terminal key private key is handed down to the terminal;Place is decrypted to encrypted terminal key private key using the R1 in the terminal
Reason, obtains the terminal key private key.
Optionally, the terminal key private key includes: the private key of terminal, certificate;The terminal is using the R1 to encryption
Private key, the certificate of terminal afterwards are decrypted, and obtain the terminal key private key, and by the private key of the terminal, certificate
It is stored in trusted application environment TEE.
Optionally, the terminal receives the request for playing encrypted content, and Xiang Suoshu DRM platform reports the Token;Institute
DRM platform use terminal key public key encryption content key corresponding with the Token is stated, and will be under encrypted content key
Issue the terminal;The terminal is decrypted using the content key after the terminal key private key pair encryption, is obtained
The content key.
Optionally, the content key is arranged in licensing, and the DRM platform uses the terminal key public key encryption
The licensing;The terminal is decrypted using the licensing after the terminal key private key pair encryption, described in acquisition
The content key in licensing.
Optionally, the terminal includes: set-top box.
According to another aspect of the present disclosure, a kind of terminal is provided, comprising: authentication module, for booting when and digital version
Power managing drm platform is authenticated, if authenticated successfully, issues terminal key to DRM platform request;Key obtains mould
Block, for sending encrypted content playing request to the DRM platform, receive that the DRM platform sends after encryption
Content key;Content decryption module, for based on the terminal key to the content key after encryption into
Row decryption processing is obtained the content key and is carried out based on the content key to the broadcasting content that the DRM platform issues
Decryption.
Optionally, the authentication module, for receiving the session key public key and the first challenge that the DRM platform is sent
Word obtains itself sequence number SN and identification number IN, calculates the second challenge word based on the SN and IN;Described first is chosen
War word is compared with the second challenge word, if comparison result is the first challenge word and the second challenge word phase
Together, then success is authenticated.
Optionally, the SN and IN is as the burning of hardware trusted root key in the safety chip OTP of the terminal.
Optionally, the Key Acquisition Module will use described for generating authen session key R1 and label Token
The R1 and the Token after session key public key encryption are sent to the DRM platform;Wherein, the DRM platform uses meeting
The encrypted R1 and the Token is decrypted in words secret key and private key, obtains and store the R1 and described
Token;The DRM platform uses the R1 ciphering terminal secret key and private key, and encrypted terminal key private key is handed down to institute
State Key Acquisition Module;The Key Acquisition Module is also used for the R1 and solves to encrypted terminal key private key
Close processing obtains the terminal key private key.
Optionally, the terminal key private key includes: the private key of terminal, certificate;The Key Acquisition Module is also used to make
It is decrypted with private key, certificate of the R1 to encrypted terminal, obtains the terminal key private key, and by the end
Private key, the certificate at end are stored in trusted application environment TEE.
Optionally, the content decryption module, for receiving the request for playing encrypted content, Xiang Suoshu DRM platform is reported
The Token;Wherein, DRM platform use terminal key public key encryption content key corresponding with the Token, and will
Encrypted content key is handed down to the content decryption module;It is close to be also used for the terminal for the content decryption module
Content key after key private key pair encryption is decrypted, and obtains the content key.
Optionally, the content key is arranged in licensing, and the DRM platform uses the terminal key public key encryption
The licensing;The content decryption module, the licensing after being also used for the terminal key private key pair encryption are solved
Close processing obtains the content key in the licensing.
Optionally, the terminal includes: set-top box.
According to the another aspect of the disclosure, a kind of broadcasting content secure transmission system is provided, comprising: DRM platform, institute as above
The terminal stated.
According to the another aspect of the disclosure, a kind of terminal is provided, comprising: memory;And it is coupled to the memory
Processor, the processor is configured to based on the instruction stored in the memory, broadcasting content peace in execution
Full transmission method.
According to the another further aspect of the disclosure, a kind of computer readable storage medium is provided, computer program is stored thereon with
The step of instruction, which realizes method as described above when being executed by one or more processors.
Broadcasting content safe transmission method, system and the terminal of the disclosure, terminal and digital copyright management in booting
DRM platform is authenticated, and terminal issues terminal key to DRM platform request after through certification;DRM platform will be by encryption
Content key after reason is sent to terminal, and place is decrypted to the content key after encryption based on terminal key in terminal
Reason is obtained content key and the broadcasting content that DRM platform issues is decrypted based on content key;It is constructed using level Four key
Trust chain is implemented into terminal and session-level by high safety trust chain, greatly improves the safety of content key;It makes full use of
The root key advantage of the safety chip of terminal, substantially increases the efficiency of copyright protection, be suitable for current scale carry out it is complete
The copyright protection application scenarios of 4K business etc..
Detailed description of the invention
In order to illustrate more clearly of the embodiment of the present disclosure or technical solution in the prior art, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only
Some embodiments of the present disclosure, for those of ordinary skill in the art, without any creative labor, also
Other drawings may be obtained according to these drawings without any creative labor.
Fig. 1 is the flow diagram according to one embodiment of the broadcasting content safe transmission method of the disclosure;
Fig. 2 is the flow diagram according to another embodiment of the broadcasting content safe transmission method of the disclosure;
Fig. 3 is the schematic diagram of level Four key mechanism;
Fig. 4 is the module diagram according to one embodiment of the terminal of the disclosure;
Fig. 5 is the schematic diagram according to one embodiment of the broadcasting content secure transmission system of the disclosure;
Fig. 6 is the module diagram according to another embodiment of the terminal of the disclosure.
Specific embodiment
The disclosure is described more fully with reference to the accompanying drawings, wherein illustrating the exemplary embodiment of the disclosure.Under
Face will combine the attached drawing in the embodiment of the present disclosure, and the technical solution in the embodiment of the present disclosure is clearly and completely described, and show
So, described embodiment is only disclosure a part of the embodiment, instead of all the embodiments.Based on the reality in the disclosure
Example is applied, every other embodiment obtained by those of ordinary skill in the art without making creative efforts all belongs to
In the range of disclosure protection.
" first " hereinafter, " second " etc. are only used for distinguishing in description, and there is no other special meanings.
Fig. 1 is according to the flow diagram of one embodiment of the broadcasting content safe transmission method of the disclosure, such as Fig. 1 institute
Show
Step 101, when terminal is switched on, terminal is authenticated with digital copyright management DRM platform.Terminal can be machine top
Box, intelligent terminal etc..Certification can be two-way authentication etc..
Step 102, if authenticated successfully, terminal issues terminal key to DRM platform request.
Step 103, terminal sends encrypted content playing request to DRM platform, and DRM platform will be in after encryption
Hold key and is sent to terminal.
Step 104, terminal is decrypted the content key after encryption based on terminal key, in acquisition
Hold key and the broadcasting content that DRM platform issues is decrypted based on content key.
In one embodiment, it is two-way authentication that terminal and DRM platform, which carry out certification,.Terminal receives DRM platform transmission
Session key public key and the first challenge word, challenge word can be for a numeric string or character string etc..Terminal obtains the sequence of itself
Row number SN and identification number IN calculates the second challenge word based on SN and IN.Terminal compares the first challenge word and the second challenge word
It is right, if comparison result is that the first challenge word is identical as the second challenge word, authenticate success.
SN and IN as the burning of hardware trusted root key terminal safety chip OTP (One Time Programable)
In, it can the burning before terminal is dispatched from the factory.When terminal is switched on, safety chip carries out the two-way of DRM platform and terminal using SN and IN
Certification.
Terminal issues terminal key to DRM platform request can be there are many mode, for example, terminal generates authen session key
R1 and label Token, will use the R1 after session key public key encryption and Token to be sent to DRM platform, session key R1 is by end
End is generated when being switched on certification.
DRM platform using after session key private key pair encryption R1 and Token be decrypted, obtain and store R1 and
Token.DRM platform uses R1 ciphering terminal secret key and private key, and encrypted terminal key private key is handed down to terminal.Terminal is close
Key includes pairs of terminal key public key and terminal key private key, can be generated by DRM platform.
For example, terminal key private key includes: the private key of terminal, certificate, certificate can be manufacturer's signing certificate.Terminal uses
Private key, the certificate of encrypted terminal is decrypted in R1, obtains terminal key private key, and by the private key of terminal, certificate
It is stored in trusted application environment TEE.TrustZone technology is that a kind of safe operation for hardware level that ARM company proposes solves
Scheme.System has been divided into two regions TEE and REE by TrustZone, runs android system in REE, and TEE has independence
Operation, storage resource, be isolated entirely from REE.The program needs run on TEE are individually signed by manufacturer and could be run.
In user's click play encrypted content, terminal receives the request for playing encrypted content, reports to DRM platform
Token.DRM platform use terminal key public key encryption content key corresponding with Token, and will be under encrypted content key
Issue terminal.Encrypted content key is decrypted in terminal using terminal secret key and private key, obtains content key.Content
Key can be set in licensing, DRM platform using terminal public key encrypted permission card.Terminal using terminal secret key and private key
Encrypted licensing is decrypted, the content key in licensing is obtained.
In one embodiment, as shown in figure 3, the level Four key machine that the hardware trusted root key based on set-top box constructs
System, comprising: root key SN and IN, session key R1, terminal key DK and content key CK.
The first order is SN+IN.SN and IN are stored in safety chip OTP as hardware root of trust.SN is readable data,
IN is unreadable data, each terminal has unique SN (chip unique tag serial number) and IN, and (chip interior is uniquely marked
Knowledge number, can not read and write).When terminal is switched on, safety chip carries out the two-way authentication of DRM platform and terminal using SN and IN.
The second level is authen session key R1.R1 is generated by terminal when being switched on and authenticating, and is sent to DRM platform, is completed
Certification.After the completion of certification, DRM platform uses R1 ciphering terminal key in terminal D RM initialization procedure.
The third level is terminal key, private key, certificate including terminal.After booting authenticates successfully, carrying out, terminal D RM is initial
When change, terminal uses authen session Token, from DRM platform requesting terminal key.DRM platform is obtained corresponding using Token
Encrypted terminal secret key, certificate are returned to terminal, terminal decrypts in TEE and saves terminal with R1 ciphering terminal private key by R1
Private key, certificate.
The fourth stage is content key, is used for encrypted content.Content key is in licensing, using terminal public key encryption.?
When content is decrypted, terminal using terminal private key decrypts the content key in licensing.
Fig. 2 is according to the flow diagram of another embodiment of the broadcasting content safe transmission method of the disclosure, such as Fig. 2
It is shown:
Step 201, terminal booting, first progress bidirectional identity authentication.
Step 202, DRM platform issue session key public key and challenge word to terminal.
Step 203, terminal calculate challenge word using SN+IN, are compared with value is issued, complete two-way authentication.
Step 204, terminal generate authen session key R1 and Token, using being sent to DRM after session key public key encryption
Platform, DRM platform save R1 and Token after being decrypted with session key private key.
Step 205, DRM platform use R1 ciphering terminal secret key and private key, and are handed down to terminal, and terminal is obtained after being decrypted using R1
Obtain terminal key private key.
Step 206, terminal report Token to DRM platform according to user's click play encrypted content.
Step 207, DRM platform use terminal key public key encryption content key corresponding with Token, are handed down to terminal.
Step 208, terminal using terminal secret key and private key obtain content key after being decrypted, and solve to encrypted content
It is close.
Broadcasting content safe transmission method provided by the above embodiment constructs high safety trust chain using level Four key, fills
Divide the root key advantage that the safety chip of terminal is utilized, trust chain is implemented into terminal and session-level, greatly improves interior
The safety for holding key, substantially increases the efficiency of copyright protection.
In one embodiment, as shown in figure 4, the disclosure provides a kind of terminal 40, comprising: authentication module 41, key obtain
Modulus block 42 and content decryption module 43.As shown in figure 5, the disclosure provides a kind of broadcasting content secure transmission system, comprising:
DRM platform 50, terminal 40 as above.
Authentication module 41 is authenticated in booting with digital copyright management DRM platform 50, if authenticate successfully, to
DRM platform 50 requests to issue terminal key.Key Acquisition Module 42 sends encrypted content playing request to DRM platform 50, receives
The content key after encryption that DRM platform 50 is sent.Content decryption module 43 is based on terminal key to by encrypting
Treated, and content key is decrypted, the broadcasting for obtaining content key and being issued based on content key to DRM platform 50
Content is decrypted.
Authentication module 41 receives the session key public key that DRM platform 50 is sent and the first challenge word, obtains the sequence of itself
Number SN and identification number IN calculates the second challenge word based on SN and IN.Authentication module 41 by first challenge word with second challenge word into
Row compares, if comparison result is that the first challenge word is identical as the second challenge word, authenticates success.SN and IN trusts as hardware
Root key burning is in the safety chip OTP of terminal.
Key Acquisition Module 42 generates authen session key R1 and label Token, after using session key public key encryption
R1 and Token be sent to DRM platform 50.DRM platform 50 using after session key private key pair encryption R1 and Token solved
Close processing obtains and stores R1 and Token.DRM platform 50 uses R1 ciphering terminal secret key and private key, and encrypted terminal is close
Key private key is handed down to Key Acquisition Module 42.Key Acquisition Module 42 is decrypted encrypted terminal key private key using R1
Processing obtains terminal key private key.
Terminal key private key includes: the private key of terminal, certificate.Key Acquisition Module 42 is using R1 to encrypted terminal
Private key, certificate are decrypted, and obtain terminal key private key, and the private key of terminal, certificate are stored in trusted application environment
In TEE.
Content decryption module 43 receives the request for playing encrypted content, reports Token to DRM platform 50.DRM platform 50 makes
Content decryption mould is handed down to terminal key public key encryption content key corresponding with Token, and by encrypted content key
Block 43.Encrypted content key is decrypted in 43 using terminal secret key and private key of content decryption module, and it is close to obtain content
Key.
Content key is arranged in licensing, 50 using terminal public key encrypted permission of DRM platform card.Content decrypts mould
Encrypted licensing is decrypted in 43 using terminal secret key and private key of block, obtains the content key in licensing.
Fig. 6 is the module diagram according to another embodiment of terminal disclosed by the invention.As shown in fig. 6, the device
It may include memory 61, processor 62, communication interface 63 and bus 64.Memory 61 for storing instruction, 62 coupling of processor
Memory 61 is closed, processor 62 is configured as realizing above-mentioned broadcasting content safety based on the instruction execution that memory 61 stores
Transmission method.
Memory 61 can be high speed RAM memory, nonvolatile memory (NoN-volatile memory) etc., deposit
Reservoir 61 is also possible to memory array.Memory 61 is also possible to by piecemeal, and block can be combined into virtually by certain rule
Volume.Processor 62 can be central processor CPU or application-specific integrated circuit ASIC (Application Specific
Integrated Circuit), or it is arranged to implement one of broadcasting content safe transmission method disclosed by the invention
Or multiple integrated circuits.
In one embodiment, the disclosure also provides a kind of computer readable storage medium, wherein computer-readable storage
Media storage has computer instruction, and instruction realizes that the broadcasting content that any embodiment as above is related to passes safely when being executed by processor
Transmission method.It should be understood by those skilled in the art that, embodiment of the disclosure can provide as method, apparatus or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the disclosure
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the disclosure, which can be used in one or more,
The calculating implemented in non-transient storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) can be used
The form of machine program product.
The disclosure is reference according to the method for the embodiment of the present disclosure, the flow chart of equipment (system) and computer program product
And/or block diagram describes.It should be understood that each process in flowchart and/or the block diagram can be realized by computer program instructions
And/or the combination of the process and/or box in box and flowchart and/or the block diagram.It can provide these computer programs to refer to
Enable the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to generate
One machine so that by the instruction that the processor of computer or other programmable data processing devices executes generate for realizing
The device for the function of being specified in one or more flows of the flowchart and/or one or more blocks of the block diagram.
So far, the disclosure is described in detail.In order to avoid covering the design of the disclosure, it is public that this field institute is not described
The some details known.Those skilled in the art as described above, completely it can be appreciated how implementing technology disclosed herein
Scheme.
Broadcasting content safe transmission method, system and terminal provided by the above embodiment, terminal and number in booting
Copyright management DRM platform is authenticated, and terminal issues terminal key to DRM platform request after certification;DRM platform will be by adding
Close treated that content key is sent to terminal, and terminal solves the content key after encryption based on terminal key
Close processing is obtained content key and the broadcasting content that DRM platform issues is decrypted based on content key;Utilize level Four key
High safety trust chain is constructed, the root key advantage of the safety chip of terminal is taken full advantage of, trust chain is implemented into terminal and meeting
Rank is talked about, the safety of content key is greatly improved, substantially increases the efficiency of copyright protection, melted suitable for current scale
Open up the copyright protection application scenarios of full 4K business etc..
Disclosed method and system may be achieved in many ways.For example, can by software, hardware, firmware or
Software, hardware, firmware any combination realize disclosed method and system.The said sequence of the step of for method is only
In order to be illustrated, the step of disclosed method, is not limited to sequence described in detail above, especially says unless otherwise
It is bright.In addition, in some embodiments, also the disclosure can be embodied as to record program in the recording medium, these programs include
For realizing according to the machine readable instructions of disclosed method.Thus, the disclosure also covers storage for executing according to this public affairs
The recording medium of the program for the method opened.
The description of the disclosure is given for the purpose of illustration and description, and is not exhaustively or by the disclosure
It is limited to disclosed form.Many modifications and variations are obvious for the ordinary skill in the art.It selects and retouches
Embodiment is stated and be the principle and practical application in order to more preferably illustrate the disclosure, and those skilled in the art is enable to manage
The solution disclosure is to design various embodiments suitable for specific applications with various modifications.
Claims (19)
1. a kind of broadcasting content safe transmission method, comprising:
In terminal booting, the terminal is authenticated with digital copyright management DRM platform;
If authenticated successfully, the terminal issues terminal key to DRM platform request;
The terminal sends encrypted content playing request to the DRM platform, and the DRM platform will be in after encryption
Hold key and is sent to the terminal;
The terminal is decrypted the content key after encryption based on the terminal key, obtains institute
It states content key and the broadcasting content issued based on the content key to the DRM platform is decrypted.
2. the method for claim 1, wherein the terminal, which authenticate with DRM platform, includes:
The terminal receives the session key public key that the DRM platform is sent and the first challenge word;
The terminal obtains the sequence number SN and identification number IN of itself, calculates the second challenge word based on the SN and IN;
The first challenge word is compared the terminal with the second challenge word, if comparison result is chosen for described first
Word of fighting is identical as the second challenge word, then authenticates success.
3. method according to claim 2, wherein
The SN and IN is as the burning of hardware trusted root key in the safety chip OTP of the terminal.
4. method according to claim 2, wherein the terminal issues terminal key to DRM platform request and includes:
The terminal generates authen session key R1 and label Token, will use after the session key public key encryption described in
R1 and the Token are sent to the DRM platform;
The DRM platform using after session key private key pair encryption the R1 and the Token be decrypted, obtain simultaneously
Store the R1 and the Token;
The DRM platform uses the R1 ciphering terminal secret key and private key, and encrypted terminal key private key is handed down to described
Terminal;
The terminal is decrypted encrypted terminal key private key using the R1, and it is private to obtain the terminal key
Key.
5. method as claimed in claim 4, wherein the terminal key private key includes: the private key of terminal, certificate;
The terminal is decrypted using private key, certificate of the R1 to encrypted terminal, obtains the terminal key
Private key, and the private key of the terminal, certificate are stored in trusted application environment TEE.
6. method as claimed in claim 4, wherein further include:
The terminal receives the request for playing encrypted content, and Xiang Suoshu DRM platform reports the Token;
DRM platform use terminal key public key encryption content key corresponding with the Token, and by encrypted content
Delivering key gives the terminal;
The terminal is decrypted using the content key after the terminal key private key pair encryption, and it is close to obtain the content
Key.
7. method as claimed in claim 6, wherein
The content key is arranged in licensing, and the DRM platform uses licensing described in the terminal key public key encryption;
The terminal is decrypted using the licensing after the terminal key private key pair encryption, is obtained in the licensing
The content key.
8. the method for claim 1, wherein
The terminal includes: set-top box.
9. a kind of terminal, comprising:
Authentication module, for being authenticated in booting with digital copyright management DRM platform, if authenticated successfully, Xiang Suoshu
DRM platform request issues terminal key;
Key Acquisition Module receives what the DRM platform was sent for sending encrypted content playing request to the DRM platform
Content key after encryption;
Content decryption module, for place to be decrypted to the content key after encryption based on the terminal key
Reason, obtains the content key and the broadcasting content issued based on the content key to the DRM platform is decrypted.
10. terminal as described in claim 1, wherein
The authentication module obtains itself for receiving the session key public key and the first challenge word that the DRM platform is sent
Sequence number SN and identification number IN calculates the second challenge word based on the SN and IN;By the first challenge word and described the
Two challenge words are compared, if comparison result is that the first challenge word is identical as the second challenge word, authenticate success.
11. terminal as claimed in claim 10, wherein
The SN and IN is as the burning of hardware trusted root key in the safety chip OTP of the terminal.
12. terminal as claimed in claim 10, wherein
The Key Acquisition Module will use the session key public key for generating authen session key R1 and label Token
The encrypted R1 and the Token are sent to the DRM platform;
Wherein, the DRM platform using after session key private key pair encryption the R1 and the Token be decrypted,
It obtains and stores the R1 and the Token;The DRM platform uses the R1 ciphering terminal secret key and private key, and will be after encryption
Terminal key private key be handed down to the Key Acquisition Module;
The Key Acquisition Module is also used for the R1 and encrypted terminal key private key is decrypted, and obtains
The terminal key private key.
13. terminal as claimed in claim 12, wherein the terminal key private key includes: the private key of terminal, certificate;
The Key Acquisition Module is also used for the R1 and private key, the certificate of encrypted terminal is decrypted, obtains
The terminal key private key is taken, and the private key of the terminal, certificate are stored in trusted application environment TEE.
14. terminal as claimed in claim 12, wherein
The content decryption module, for receiving the request for playing encrypted content, Xiang Suoshu DRM platform reports the Token;
Wherein, DRM platform use terminal key public key encryption content key corresponding with the Token, and will be after encryption
Content key be handed down to the content decryption module;
Place is decrypted in the content decryption module, the content key after being also used for the terminal key private key pair encryption
Reason, obtains the content key.
15. terminal as claimed in claim 14, wherein the content key is arranged in licensing, and the DRM platform uses
Licensing described in the terminal key public key encryption;
The content decryption module, the licensing after being also used for the terminal key private key pair encryption are decrypted,
Obtain the content key in the licensing.
16. terminal as claimed in claim 9, wherein
The terminal includes: set-top box.
17. a kind of broadcasting content secure transmission system, comprising:
The described in any item terminals of DRM platform, such as claim 9 to 16.
18. a kind of terminal, comprising:
Memory;And
It is coupled to the processor of the memory, the processor is configured to the instruction based on storage in the memory,
Execute such as broadcasting content safe transmission method described in any item of the claim 1 to 8.
19. a kind of computer readable storage medium, is stored thereon with computer program instructions, which is handled by one or more
The step of method described in claim 1 to 8 any one is realized when device executes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711038944.8A CN109728912A (en) | 2017-10-30 | 2017-10-30 | Broadcasting content safe transmission method, system and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711038944.8A CN109728912A (en) | 2017-10-30 | 2017-10-30 | Broadcasting content safe transmission method, system and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109728912A true CN109728912A (en) | 2019-05-07 |
Family
ID=66292578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711038944.8A Pending CN109728912A (en) | 2017-10-30 | 2017-10-30 | Broadcasting content safe transmission method, system and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109728912A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110752929A (en) * | 2019-09-29 | 2020-02-04 | 华为终端有限公司 | Application program processing method and related product |
| CN112969094A (en) * | 2021-02-26 | 2021-06-15 | 江西格灵如科科技有限公司 | Virtual reality video decryption system and method |
| CN113766344A (en) * | 2020-06-19 | 2021-12-07 | 天翼智慧家庭科技有限公司 | Method and system for constructing dynamic trust root based on high-security set top box |
| CN116775062A (en) * | 2023-08-22 | 2023-09-19 | 深圳市华曦达科技股份有限公司 | Encryption burning method for producing key |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1633062A (en) * | 2004-12-31 | 2005-06-29 | 北京中星微电子有限公司 | A secure transmission method for media content |
| CN1700765A (en) * | 2005-06-30 | 2005-11-23 | 广东省电信有限公司研究院 | A private key acquiring method for use in set-top box |
| CN101527818A (en) * | 2009-04-23 | 2009-09-09 | 天柏宽带网络科技(北京)有限公司 | Licence managing method of internet protocol television copyright management system |
| CN101621379A (en) * | 2009-08-04 | 2010-01-06 | 中国联合网络通信集团有限公司 | Method for realizing digital copyright management system and digital right management system |
| CN202364334U (en) * | 2011-10-08 | 2012-08-01 | 北京视博数字电视科技有限公司 | License management device capable of detecting clone and system |
| US20130232337A1 (en) * | 2012-03-02 | 2013-09-05 | Electronics And Telecommunications Research Institute | User terminal and method for playing digital rights management content |
| CN106845160A (en) * | 2015-12-03 | 2017-06-13 | 国家新闻出版广电总局广播科学研究院 | A kind of digital copyright management for intelligent operating system(DRM)Method and system |
-
2017
- 2017-10-30 CN CN201711038944.8A patent/CN109728912A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1633062A (en) * | 2004-12-31 | 2005-06-29 | 北京中星微电子有限公司 | A secure transmission method for media content |
| CN1700765A (en) * | 2005-06-30 | 2005-11-23 | 广东省电信有限公司研究院 | A private key acquiring method for use in set-top box |
| CN101527818A (en) * | 2009-04-23 | 2009-09-09 | 天柏宽带网络科技(北京)有限公司 | Licence managing method of internet protocol television copyright management system |
| CN101621379A (en) * | 2009-08-04 | 2010-01-06 | 中国联合网络通信集团有限公司 | Method for realizing digital copyright management system and digital right management system |
| CN202364334U (en) * | 2011-10-08 | 2012-08-01 | 北京视博数字电视科技有限公司 | License management device capable of detecting clone and system |
| US20130232337A1 (en) * | 2012-03-02 | 2013-09-05 | Electronics And Telecommunications Research Institute | User terminal and method for playing digital rights management content |
| CN106845160A (en) * | 2015-12-03 | 2017-06-13 | 国家新闻出版广电总局广播科学研究院 | A kind of digital copyright management for intelligent operating system(DRM)Method and system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110752929A (en) * | 2019-09-29 | 2020-02-04 | 华为终端有限公司 | Application program processing method and related product |
| WO2021057982A1 (en) * | 2019-09-29 | 2021-04-01 | 华为技术有限公司 | Application processing method and related product |
| CN110752929B (en) * | 2019-09-29 | 2022-04-22 | 华为终端有限公司 | Application program processing method and related product |
| CN113766344A (en) * | 2020-06-19 | 2021-12-07 | 天翼智慧家庭科技有限公司 | Method and system for constructing dynamic trust root based on high-security set top box |
| CN113766344B (en) * | 2020-06-19 | 2024-08-23 | 天翼数字生活科技有限公司 | Method and system for constructing dynamic trust root based on high-security set top box |
| CN112969094A (en) * | 2021-02-26 | 2021-06-15 | 江西格灵如科科技有限公司 | Virtual reality video decryption system and method |
| CN116775062A (en) * | 2023-08-22 | 2023-09-19 | 深圳市华曦达科技股份有限公司 | Encryption burning method for producing key |
| CN116775062B (en) * | 2023-08-22 | 2023-12-22 | 深圳市华曦达科技股份有限公司 | Encryption burning method for producing key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181720B (en) | Service processing method and device based on trusted execution environment | |
| US9853957B2 (en) | DRM protected video streaming on game console with secret-less application | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| CN107959567B (en) | Data storage method, data acquisition method, device and system | |
| CN105408912B (en) | Handle certification and resource grant | |
| US9602282B2 (en) | Secure software and hardware association technique | |
| US20190260716A1 (en) | Managed securitized containers and container communications | |
| KR100746030B1 (en) | Method and apparatus for generating rights object with representation by commitment | |
| CN103366102B (en) | For content transmission and the system for numeral copyright management of distribution | |
| CN103210396B (en) | Comprise the method and apparatus of the framework for the protection of sensitive code and data | |
| US7975312B2 (en) | Token passing technique for media playback devices | |
| CN103440436B (en) | Access system for numeral copyright management and the method for the content from intelligence memory | |
| TW202009778A (en) | Firmware upgrade method and device | |
| CN104246784B (en) | For protecting the method, apparatus and system with safely transmission media content | |
| CN105468940B (en) | Method for protecting software and device | |
| US8266707B2 (en) | Tamper resistant method, apparatus and system for secure portability of digital rights management-protected content | |
| CN109728912A (en) | Broadcasting content safe transmission method, system and terminal | |
| CN105893792B (en) | Digital copyright management method, device and system | |
| US11734394B2 (en) | Distributed license encryption and distribution | |
| JP6199712B2 (en) | Communication terminal device, communication terminal association method, and computer program | |
| CN103703718A (en) | System and method for obfuscating initiation values of cryptography protocol | |
| EP4016921A1 (en) | Certificate management method and apparatus | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| US8755521B2 (en) | Security method and system for media playback devices | |
| CN114936365B (en) | System, method and device for protecting secret data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190507 |
|
| RJ01 | Rejection of invention patent application after publication |