CN113727196A - Method and device for realizing CAS terminal authorization on demand - Google Patents
Method and device for realizing CAS terminal authorization on demand Download PDFInfo
- Publication number
- CN113727196A CN113727196A CN202110817272.0A CN202110817272A CN113727196A CN 113727196 A CN113727196 A CN 113727196A CN 202110817272 A CN202110817272 A CN 202110817272A CN 113727196 A CN113727196 A CN 113727196A
- Authority
- CN
- China
- Prior art keywords
- authorization
- cas terminal
- cas
- demand
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 250
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012546 transfer Methods 0.000 claims abstract description 4
- 230000004044 response Effects 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 4
- 230000006854 communication Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2543—Billing, e.g. for subscription services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/475—End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data
- H04N21/4753—End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data for user identification, e.g. by entering a PIN or password
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Computer Networks & Wireless Communication (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a method for realizing CAS terminal authorization on demand, which comprises the steps of receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request; determining authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier; and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can obtain a control word according to the service key and descramble the received scrambled program stream according to the control word. The invention also discloses a device for realizing the authorization of the CAS terminal as required and a computer readable storage medium. The invention sends the authorization information to the CAS terminal by receiving the authorization request sent by the CAS terminal and further sending the authorization information to the CAS terminal in a unicast mode, thereby solving the problem that the authorization information occupies a large amount of bandwidth when the authorization information is unidirectionally broadcast to all CAS terminals.
Description
Technical Field
The invention relates to the technical field of digital televisions, in particular to a method and a device for realizing on-demand authorization of a CAS (conditional access system) terminal and a computer readable storage medium.
Background
Conditional Access system cas (conditional Access system) is a core technology of pay digital television broadcasting, and its main function is to prevent illegal intrusion into the digital broadcasting network and to allow authorized users to watch specific programs and to make unauthorized users unable to watch. The rationale for CAS authorization is: the scrambler of the CAS headend system provides a scrambling Control word CW (Control word) key for scrambling the program stream to an entitlement Control Message generator ECMG (entitlement Control Message generator), which encapsulates the CW into entitlement Control Message ECM (entitlement Control Message) and returns the ECM to the scrambler, which multiplexes the ECM into a transport stream ts (transport stream) and broadcasts it to the transport network. In addition, an entitlement Management Message generator emmg (entitlement Management Message generator) generates entitlement Management messages EMM (entitlement Management Message) and pushes them to the scrambler, which also multiplexes the EMM into the TS and broadcasts it into the transmission network. The CAS terminal STB (set Top Box) analyzes the identification codes of ECM and EMM from the CA-descriptor field in the program mapping table PMT (program Map Table) and the conditional Access table CAT (conditional Access Table) of the TS stream, then filters the ECM and EMM from the TS stream, decodes the scrambling control word CW therefrom, and then sends the CW to a descrambler to descramble and play the program. However, based on the above basic principle, the EMM message is transmitted to all CAS terminals by means of unidirectional broadcasting, which results in a large bandwidth occupied by the EMM message in the case where there are a large number of CAS terminals.
Disclosure of Invention
The invention mainly aims to provide a method, a device and a computer readable storage medium for realizing CAS terminal authorization on demand, and aims to solve the problem that in the prior art, authorization information occupies a large amount of bandwidth when being distributed to all CAS terminals in a one-way broadcast mode.
In order to achieve the above object, the present invention provides a method for implementing CAS terminal authorization on demand, wherein the method for implementing CAS terminal authorization on demand comprises the following steps:
receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request;
determining authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier;
and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can obtain a control word according to the service key and descramble the received scrambled program stream according to the control word.
Optionally, the step of determining the authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier includes:
performing security authentication on the CAS terminal according to the CAS terminal identifier;
and if the authentication is successful, executing the step of determining the EMM data corresponding to the CAS terminal identifier according to the CAS terminal identifier.
Optionally, the step of performing security authentication on the CAS terminal according to the CAS terminal identifier includes:
and if the authentication fails, sending a rejection response containing rejection of the authorization request to the CAS terminal.
Optionally, the step of receiving the authorization request of the CAS terminal and acquiring the CAS terminal identifier corresponding to the authorization request further includes, before the step of receiving the authorization request of the CAS terminal:
after receiving an initial program stream, generating a control word corresponding to the initial program stream;
packaging the control word into the initial program stream to generate a scrambled program stream and generating authorization control information according to the control word, wherein the authorization control information comprises the control word encrypted by a service secret key;
and transmitting the authorization control information and the scrambled program stream to the CAS terminal through a broadcasting network.
A method for realizing CAS terminal authorization on demand comprises the following steps:
receiving a program playing request of a user, acquiring the scrambled program stream according to the program playing request and sending an authorization request to the CAS front end;
and descrambling the scrambled program stream according to the authorization information after receiving the authorization information sent by the CAS front end.
Optionally, the step of descrambling the scrambled program stream acquired from the broadcast network according to the authorization information further includes:
decrypting the authorization information according to the individual distribution secret key to obtain a corresponding service secret key;
decrypting the authorization control information according to the service secret key to obtain a control word in the authorization control information;
and descrambling the scrambled program stream according to the control word.
Optionally, the authorization request includes a CAS terminal identifier corresponding to the CAS terminal.
In addition, in order to achieve the above object, the present invention further provides a device for implementing on-demand CAS terminal authorization, where the device for implementing on-demand CAS terminal authorization includes: the system comprises a memory, a processor and a program for realizing CAS terminal on-demand authorization stored on the memory and capable of running on the processor, wherein the program for realizing CAS terminal on-demand authorization realizes the steps of the method for realizing CAS terminal on-demand authorization as described above when executed by the processor.
In addition, to achieve the above object, the present invention further provides a computer readable storage medium, which stores thereon a program for implementing CAS terminal on-demand authorization, and when the program for implementing CAS terminal on-demand authorization is executed by a processor, the steps of the method for implementing CAS terminal on-demand authorization as described above are implemented.
According to the method, the device and the computer readable storage medium for realizing the on-demand authorization of the CAS terminal, which are provided by the embodiment of the invention, the CAS terminal is legally authenticated according to the authorization request by receiving the authorization request sent by the CAS terminal, and after the CAS terminal is successfully authenticated, the authorization information corresponding to the CAS terminal is sent to the CAS terminal, so that the on-demand authorization of the CAS terminal is realized.
Drawings
Fig. 1 is a schematic structural diagram of a digital television conditional access system according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a method for implementing on-demand authorization of a CAS terminal according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of the method for implementing on-demand authorization of a CAS terminal according to the present invention;
fig. 4 is a flowchart illustrating a third embodiment of the method for implementing CAS terminal authorization on demand according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request; determining authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier; and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can obtain a control word according to the service key and descramble the received scrambled program stream according to the control word.
As shown in fig. 1, fig. 1 is a schematic structural diagram of a conditional access system of a digital television according to an embodiment of the present invention.
The digital television conditional receiving system comprises a CAS front end and a CAS terminal;
the CAS front-end comprises:
a scrambler for generating a control word;
an authorization control information generator for generating ECM data according to the control word and the service key;
the authorization server is used for receiving an authorization request sent by the CAS terminal and returning EMM data corresponding to the authorization request to the CAS terminal;
the CAS terminal includes:
a descrambler for descrambling the scrambled data stream;
a secret key box for storing a personal assigned key and sending an authorization request to the CAS front end.
Referring to fig. 1, the scrambler establishes two-way communication with the authorization control information generator and the authorization server, the scrambler sends the generated control word to the authorization control information generator, and the authorization control information generator generates authorization control information according to the control word and sends the authorization control information to the scrambler, wherein the authorization control information includes a control word encrypted by a service key.
Optionally, the authorization control information generator is configured to generate a service key, and encrypt the control word according to the service key to generate the authorization control information.
Optionally, the authorization server establishes bidirectional data communication with a key box of the CAS terminal through a preset http interface, and is configured to receive an authorization request sent by the key box, where the authorization request includes a CAS terminal identifier corresponding to the CAS terminal, and the CAS terminal identifier is used to characterize the CAS terminal. Optionally, the authorization request further includes a program ID, and when the CAS terminal needs to obtain authorization information of some programs, the secret key box sends the program ID corresponding to the program to the authorization server, so that the authorization server generates authorization information. And after receiving an authorization request sent by the secret key box, the authorization server performs security authentication on the CAS terminal according to the CAS terminal identifier corresponding to the authorization request, and after the authentication is passed, returns the generated authorization information to the secret key box sending the authorization request.
Optionally, the CAS terminal includes a descrambler and a secret key box, the descrambler establishes bidirectional communication with the secret key box, the descrambler is configured to receive a scrambled data stream sent by the scrambler, where the scrambled data stream includes a program mapping table and authorization control information, the descrambler analyzes the program mapping table, the program mapping table stores a correspondence between the authorization control information and an identification code, and further obtains an identification code corresponding to the authorization control information, identifies the authorization control information from the scrambled data stream according to the identification code, and further sends the authorization control information to the secret key box, so that the secret key box obtains the control word according to the authorization control information.
Optionally, the secret key box and the authorization server establish bidirectional data communication through a preset http interface, and after receiving the authorization control information sent by the descrambler, the secret key box sends an authorization request to the connected authorization server, where the authorization request is sent to the authorization server through the preset http interface. After the key box receives the authorization information sent by the authorization server through an http interface, decrypting the authorization information according to a personal distribution key stored in the key box, further obtaining a service key, further decrypting the authorization control information sent by the descrambler according to the service key, further obtaining a control word corresponding to the authorization control information, further sending the control word to the descrambler, so that the descrambler can analyze the scrambled data stream through the control word sent by the key box, and further playing the analyzed scrambled data stream.
Optionally, referring to fig. 2, based on the conditional access system for digital television described in fig. 1, the method for implementing on-demand authorization of a CAS terminal provided by the present invention is applied to a CAS front end of the conditional access system for digital television, and the steps of the method for implementing on-demand authorization of a CAS terminal include:
step S10, receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request;
step S20, determining authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier;
step S30, sending the authorization information to the CAS terminal sending the authorization request through a preset http interface, where the authorization information includes an encrypted service key, so that the CAS terminal obtains a control word according to the service key, and then descrambles the received scrambled program stream according to the control word.
In the prior art, after the authorization server generates authorization information, the authorization information is sent to the scrambler, the scrambler broadcasts the authorization information to all CAS terminals in a single-way manner, and the authorization information needs to occupy a large amount of bandwidth based on the existence of a large number of CAS terminals. For example, one program corresponds to one data packet, the number of the existing programs is 60, the number of the CAS terminals is 60 ten thousand, and the data volume of each authorization message is 100 bytes, so that the total data volume of the authorization messages is 600000 × 100 × 8 × 60 — 28800Mb, and the larger the data volume is, the larger the occupied bandwidth is. Based on this, the embodiment of the invention provides a user authorization method, which solves the problem that a large amount of bandwidth is occupied by authorization information.
In this embodiment of the application, an authorization server at a CAS front end receives, through an http interface, an authorization request sent by a key box of a CAS terminal, where the authorization request includes but is not limited to a request token, a CAS terminal identifier, and a program ID, where the program ID is a program ID corresponding to a program requested by the CAS terminal to be authorized to be played.
Optionally, after obtaining the authorization request, the authorization server determines whether the CAS terminal has the right to access the authorization server according to a request token corresponding to the authorization request, and obtains the CAS terminal identifier and the program ID when the CAS terminal has the right to access, so as to determine authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier.
Optionally, the step S20 includes:
legally authenticating the CAS terminal according to the CAS terminal identifier;
if the authentication is successful, executing the step of determining EMM data corresponding to the CAS terminal identifier according to the CAS terminal identifier;
and if the authentication fails, sending a rejection response containing rejection of the authorization request to the CAS terminal.
In the embodiment of the application, the CAS terminal identifiers correspond to the CAS terminals one to one, and the CAS terminals are legally authenticated according to the CAS terminal identifiers.
Optionally, the method for legally authenticating the CAS terminal includes the following steps:
firstly, judging whether the area position corresponding to the CAS terminal identifier is legal or not; further judging whether the CAS terminal corresponding to the CAS terminal identifier is in a white list, wherein the white list is stored in the authorization server; and further judging whether the CAS terminal corresponding to the CAS terminal identification has the authority of watching the program to be played corresponding to the program ID to be played. For example: when the program requesting to be authorized for playing is a program A, the playing condition of the program A is playing in a zone B, a CAS terminal is in a white list and has a playing right for playing the program A, when an authorization request of a certain CAS terminal C is received, whether the CAS terminal C has the right for accessing the authorization server is judged according to a request token corresponding to the authorization request, after the CAS terminal C has the right for accessing the authorization server, position information of the CAS terminal C is obtained, whether the CAS terminal C is in the zone B is judged according to the position information, when the position information is in the zone B, whether the CAS terminal is in the white list is judged, after the CAS terminal C is in the white list, whether the CAS terminal C has the playing right for playing the program A is judged, after the CAS terminal C has the playing right for playing the program A, and judging that the CAS terminal C is successfully authenticated.
Optionally, after the CAS terminal is successfully authenticated, authorization information corresponding to the CAS terminal identifier is acquired, where the authorization information includes a service key, and the authorization information is further sent to a secret key box of the CAS terminal through a preset http interface. For example, after the CAS terminal passes authentication, a status code "200 OK" is returned to the secret key box, and the authorization information is returned, where the status code is used to represent that the authorization request has successfully responded, and the key box obtains the authorization information after receiving the status code.
Optionally, to ensure security of the service key and prevent an illegal device from obtaining the service key, the authorization server encrypts the service key in advance by using a Personal Distribution Key (PDK).
Optionally, when the CAS terminal is determined to be illegal, a reject response including rejection of the authorization request is returned to the key box. For example, when the CAS terminal is illegal, a status code "403 Forbidden" is returned to the key box, and the "403 Forbidden" is a rejection response for rejecting the authorization request.
In the embodiment of the application, by receiving an authorization request sent by a CAS terminal, and then performing legal authentication on the CAS terminal according to a CAS terminal identifier corresponding to the authorization request, when the CAS terminal is judged to be legal, authorization information corresponding to the CAS terminal is determined according to the CAS terminal identifier, and then the authorization information is returned to the CAS terminal through a downlink channel, so that the CAS terminal plays a program according to the authorization information, and by sending the authorization information to the CAS terminal after the authorization request is obtained, the problem that a large amount of bandwidth is occupied when the authorization information is distributed to all CAS terminals in a unidirectional broadcast manner in the prior art is solved.
Optionally, based on fig. 2, the step S10 further includes, before step S10:
step S40, after receiving an initial program stream, generating a control word corresponding to the initial program stream;
step S41, encapsulating the control word into the initial program stream to generate a scrambled program stream, and generating authorization control information according to the control word, where the authorization control information includes a control word encrypted by a service key;
step S42, sending the entitlement control message and the scrambled program stream to the CAS terminal through a broadcast network.
In the embodiment of the present application, after the scrambler receives the initial program stream sent by the encoder head end in the form of UDP unicast or multicast, a control word is generated by a random word generator, wherein the initial data stream is a program stream of the scrambled program stream before scrambling, and the control word is further encapsulated in the initial program stream to generate a scrambled program stream, meanwhile, the scrambler sends the control word to the authorization control information generator, so that the authorization control information encrypts the control word by using a Service Key, further generating authorization control information corresponding to the control word, further sending the authorization control information to the scrambling machine, so that the scrambling machine multiplexes the authorization control information into the scrambled data stream, and further sending the scrambled data stream and the authorization control information to the CAS terminal through a broadcast network. It is to be understood that the authorization control information includes a control word encrypted by a service key, and optionally, the authorization control information further includes program information such as a program source, a time, a content category, and a program price.
Optionally, the control words for different programs are different and the service keys for different programs are also different. Therefore, the entitlement control information for different programs is also different.
Optionally, the broadcast network is a Fiber coaxial network (Hybrid Fiber-Coax), and the scrambled program stream and the entitlement control message are transmitted to the CAS terminal through the broadcast network.
In this embodiment of the application, the CAS front end generates a control word through the scrambler, scrambles the initial program stream according to the control word to generate a scrambled program stream, and simultaneously generates authorization control information according to the control word and a service key, so as to send the authorization control information and the scrambled data stream to the CAS terminal through a broadcast network, scrambles the initial program stream through the control word, and encrypts the control word through the service key, thereby ensuring the security of the initial program stream.
Based on the foregoing embodiments, referring to fig. 4, the method for implementing the CAS terminal authorization on demand further includes:
step S50, receiving a program playing request of a user, acquiring the scrambled program stream according to the program playing request and sending an authorization request to the CAS front end;
step S51, after receiving the authorization information sent by the CAS front end, descrambling the scrambled program stream according to the authorization information.
In this embodiment of the present application, the CAS terminal receives a program playing request of a user, and receives a scrambled program stream corresponding to the program playing request from the broadcast network according to the program playing request. After obtaining the scrambled program stream, analyzing the scrambled program stream to further obtain a program mapping table, and then the identification code corresponding to the authorization control information in the scrambled program stream is searched according to the program mapping table, and then obtaining authorization control information from the scrambled program stream according to the identification code, and further sending the authorization control information to the secret key box, after receiving the authorization control information, the secret key box sends an authorization request to the authorization server, after receiving the authorization request, the authorization server judges whether the CAS terminal is legal or not according to the authorization request, when the CAS terminal is legal, authorization information is returned to the key box sending the authorization request, and the CAS terminal descrambles the scrambled program stream according to the authorization information so as to play the program corresponding to the scrambled program stream for the user.
Optionally, the step S70 includes:
decrypting the authorization information according to the individual distribution secret key to obtain a corresponding service secret key;
decrypting the authorization control information according to the service secret key to obtain a control word in the authorization control information;
and descrambling the scrambled program stream according to the control word.
In this embodiment of the application, when the key box obtains authorization information, the authorization information is decrypted according to a Personal Distribution Key (PDK) stored in the key box, so as to obtain a service key, after the service key is obtained, authorization control information corresponding to the scrambled program stream is decrypted according to the service key, so as to obtain a control word, and after the key box obtains the control word, the control word is returned to the descrambler, so that the descrambler descrambles the scrambled data stream according to the control word, so as to obtain an initial program stream, and then the initial program stream is analyzed and rendered, so that the CAS terminal plays a program corresponding to the initial data stream, so as to allow a user to view the program.
In the embodiment of the application, after a play request of a user is received, a corresponding scrambled program stream is obtained according to the play request, an identification code corresponding to authorization control information is obtained according to a program mapping table corresponding to the scrambled data stream, the authorization control information is filtered from the scrambled program stream according to the identification code, and then the authorization control information is sent to the secret key box, so that the secret key box sends an authorization request to the authorization server according to the authorization control information, and then receives the authorization information sent by the authorization server, and then decrypts the authorization information according to a private key to obtain a service secret key, and then decrypts the authorization control information according to the service secret key to obtain a control word, and then sends the control word to the descrambler, so that the descrambler descrambles the scrambled program stream according to the control word, the embodiment of the invention sends the authorization request to the CAS front end spontaneously through the program playing request of the user, and then acquires the authorization information, thereby realizing the authorization of the user as required without sending the authorization information to all CAS terminals by the CAS terminal, and saving the bandwidth of the authorization information.
In addition, an embodiment of the present invention further provides a device for implementing on-demand authorization of a CAS terminal, where the device for implementing on-demand authorization of a CAS terminal includes: the system comprises a memory, a processor and a program for realizing CAS terminal on-demand authorization stored on the memory and capable of running on the processor, wherein the program for realizing CAS terminal on-demand authorization realizes the steps of the method for realizing CAS terminal on-demand authorization as described above when executed by the processor.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores a program for implementing CAS terminal on-demand authorization, and the program for implementing CAS terminal on-demand authorization implements the above-mentioned steps of the method for implementing CAS terminal on-demand authorization when executed by a processor.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (9)
1. A method for realizing CAS terminal authorization on demand is applied to a CAS front end of a digital television conditional access system, and the method for realizing CAS terminal authorization on demand comprises the following steps:
receiving an authorization request sent by a CAS terminal, and acquiring a CAS terminal identifier corresponding to the authorization request;
determining authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier;
and sending the authorization information to the CAS terminal sending the authorization request through a preset hypertext transfer protocol (http) interface, wherein the authorization information comprises an encrypted service key, so that the CAS terminal can obtain a control word according to the service key and descramble the received scrambled program stream according to the control word.
2. The method for implementing CAS terminal authorization on demand according to claim 1, wherein the step of determining the authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier comprises:
legally authenticating the CAS terminal according to the CAS terminal identifier;
and if the authentication is successful, executing the step of determining the authorization information corresponding to the CAS terminal identifier according to the CAS terminal identifier.
3. The method for implementing CAS terminal authorization on demand according to claim 2, wherein the step of legally authenticating the CAS terminal according to the CAS terminal identity comprises:
and if the authentication fails, sending a rejection response containing rejection of the authorization request to the CAS terminal.
4. The method for implementing CAS terminal authorization on demand according to claim 1, wherein the step of receiving the authorization request from the CAS terminal and acquiring the CAS terminal identifier corresponding to the authorization request further comprises:
after receiving an initial program stream, generating a control word corresponding to the initial program stream;
packaging the control word into the initial program stream to generate a scrambled program stream and generating authorization control information according to the control word, wherein the authorization control information comprises the control word encrypted by a service secret key;
and transmitting the authorization control information and the scrambled program stream to the CAS terminal through a broadcasting network.
5. A method for realizing CAS terminal authorization on demand is characterized in that the method for realizing CAS terminal authorization on demand comprises the following steps:
receiving a program playing request of a user, acquiring the scrambled program stream according to the program playing request and sending an authorization request to the CAS front end;
and descrambling the scrambled program stream according to the authorization information after receiving the authorization information sent by the CAS front end.
6. The method for enabling CAS terminal on-demand authorization according to claim 5, wherein the step of descrambling the scrambled program stream according to the authorization information further comprises:
decrypting the authorization information according to the individual distribution secret key to obtain a corresponding service secret key;
decrypting the authorization control information according to the service secret key to obtain a control word in the authorization control information;
and descrambling the scrambled program stream according to the control word.
7. The method for implementing CAS terminal on-demand authorization according to claim 5, wherein the authorization request includes a CAS terminal identity corresponding to the CAS terminal.
8. An apparatus for implementing CAS terminal authorization on demand, the apparatus comprising: memory, processor and an enabling CAS terminal on-demand authorization program stored on the memory and executable on the processor, wherein the enabling CAS terminal on-demand authorization program when executed by the processor implements the steps of the method for enabling CAS terminal on-demand authorization as claimed in any one of claims 1 to 7.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a program for implementing CAS terminal on-demand authorization, which when executed by a processor implements the steps of the method for implementing CAS terminal on-demand authorization according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110817272.0A CN113727196B (en) | 2021-07-19 | 2021-07-19 | Method, device and storage medium for realizing CAS terminal authorization on demand |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110817272.0A CN113727196B (en) | 2021-07-19 | 2021-07-19 | Method, device and storage medium for realizing CAS terminal authorization on demand |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113727196A true CN113727196A (en) | 2021-11-30 |
| CN113727196B CN113727196B (en) | 2023-09-15 |
Family
ID=78673550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110817272.0A Active CN113727196B (en) | 2021-07-19 | 2021-07-19 | Method, device and storage medium for realizing CAS terminal authorization on demand |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113727196B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217358A (en) * | 2007-01-05 | 2008-07-09 | 中国移动通信集团公司 | An activation method of digital broadcast service system and digital broadcast service |
| CN101247508A (en) * | 2008-03-07 | 2008-08-20 | 北京握奇数据系统有限公司 | Method for terminal implementing service authorization in conditioned receiving system |
| US20120114121A1 (en) * | 2010-11-10 | 2012-05-10 | Souhwan Jung | Method of transmitting and receiving content |
| KR20120072030A (en) * | 2010-12-23 | 2012-07-03 | 한국전자통신연구원 | The apparatus and method for remote authentication |
| CN102761778A (en) * | 2012-07-30 | 2012-10-31 | 山东泰信电子股份有限公司 | Data encrypting and decrypting system and method based on bidirectional terminal |
| CN102769776A (en) * | 2012-07-30 | 2012-11-07 | 山东泰信电子股份有限公司 | System and method for enabling CAS (Conditional Access System) terminal to timely obtain entitlement |
| US20130058484A1 (en) * | 2010-03-17 | 2013-03-07 | Sylvain Delagrange | Method and system for secured broadcasting of a digital data stream |
-
2021
- 2021-07-19 CN CN202110817272.0A patent/CN113727196B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217358A (en) * | 2007-01-05 | 2008-07-09 | 中国移动通信集团公司 | An activation method of digital broadcast service system and digital broadcast service |
| CN101247508A (en) * | 2008-03-07 | 2008-08-20 | 北京握奇数据系统有限公司 | Method for terminal implementing service authorization in conditioned receiving system |
| US20130058484A1 (en) * | 2010-03-17 | 2013-03-07 | Sylvain Delagrange | Method and system for secured broadcasting of a digital data stream |
| US20120114121A1 (en) * | 2010-11-10 | 2012-05-10 | Souhwan Jung | Method of transmitting and receiving content |
| KR20120072030A (en) * | 2010-12-23 | 2012-07-03 | 한국전자통신연구원 | The apparatus and method for remote authentication |
| CN102761778A (en) * | 2012-07-30 | 2012-10-31 | 山东泰信电子股份有限公司 | Data encrypting and decrypting system and method based on bidirectional terminal |
| CN102769776A (en) * | 2012-07-30 | 2012-11-07 | 山东泰信电子股份有限公司 | System and method for enabling CAS (Conditional Access System) terminal to timely obtain entitlement |
Non-Patent Citations (1)
| Title |
|---|
| 闫一功;董国珍;: "一种免智能卡的有线电视条件接收技术的研究", 计算机与现代化, no. 08 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113727196B (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7299362B2 (en) | Apparatus of a baseline DVB-CPCM | |
| CN101529905B (en) | Method of transmitting a complementary datum to a receiving terminal | |
| US8205243B2 (en) | Control of enhanced application features via a conditional access system | |
| US10091537B2 (en) | Method and multimedia unit for processing a digital broadcast transport stream | |
| CN1643924A (en) | Smart card mating protocol | |
| KR20110004333A (en) | Processing recordable content in a stream | |
| CN102724568A (en) | Authentication certificates | |
| JP2005518035A (en) | Method and system for conditional access | |
| KR20090018636A (en) | Methods for broadcasting and receiving a scrambled multimedia programme, network head, terminal, receiver and security processor for these methods | |
| WO2007076694A1 (en) | Subscriber authorization method and system, and authorization controlling system and terminal device thereof | |
| KR20110004332A (en) | Processing recordable content in a stream | |
| CN105245944A (en) | DVB (Digital Video Broadcasting)-based multi-terminal program playing method and system, set top box and mobile terminal | |
| CN104272751A (en) | Receiving audio/video content | |
| KR100194790B1 (en) | Conditional Conditional Access System and Conditional Conditional Access Service Processing Method Using It | |
| US8813254B2 (en) | Conditional access system switcher | |
| US20120060034A1 (en) | Digital information stream communication system and method | |
| CN113727196B (en) | Method, device and storage medium for realizing CAS terminal authorization on demand | |
| KR100696823B1 (en) | Pseudo scrambling method in digital broadcasting system | |
| US20160165279A1 (en) | Method of transmitting messages between distributed authorization server and conditional access module authentication sub-system in renewable conditional access system, and renewable conditional access system headend | |
| US8225346B2 (en) | System and method for providing conditional access to data in an MHP or DCAP broadcast system | |
| JP2004005365A (en) | Device for baseline digital video broadcasting-cpcm | |
| CN103634624A (en) | Digital television live broadcasting method and system based on IP (Internet protocol) network | |
| KR101383378B1 (en) | Mobile iptv service system using downloadable conditional access system and method thereof | |
| JP4802699B2 (en) | Limited reception control method, limited reception control system, and limited reception control apparatus in VOD pre-scramble system | |
| GB2516319A (en) | A host device method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |