CN114401424A - Verification code transmission method and system - Google Patents
Verification code transmission method and system Download PDFInfo
- Publication number
- CN114401424A CN114401424A CN202111670483.2A CN202111670483A CN114401424A CN 114401424 A CN114401424 A CN 114401424A CN 202111670483 A CN202111670483 A CN 202111670483A CN 114401424 A CN114401424 A CN 114401424A
- Authority
- CN
- China
- Prior art keywords
- verification code
- data
- encrypted
- top box
- registration server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Graphics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a method and a system for transmitting verification codes, wherein the method comprises the following steps: receiving registration information sent by a user through a client application program; generating a verification code, encrypting the verification code to obtain an encrypted verification code, sending the encrypted verification code to the IP multiplexer and simultaneously storing the encrypted verification code into the data memory; the IP multiplexer forms a composite TS stream by the encrypted verification code and sends the composite TS stream to the satellite modulator; the satellite modulator modulates the received signal and then transmits the modulated signal to the satellite space station; the satellite space station sends the received signal to a satellite set-top box; the satellite set-top box displays the verification code at the television end according to the received signal; and the user inputs the verification code into the client application program, and the registration is finished. The method comprises the following steps: ensuring that users in the area covering the signal can obtain the verification code so as to register successfully; the traditional method that the verification code is received by the mobile phone is separated; the information is completely controlled by the user without depending on mobile phone operators in different countries; the verification code has uniqueness and high safety.
Description
Technical Field
The invention relates to the technical field of DVB, in particular to a method and a system for transmitting verification codes when an account related to set top box service is registered through a mobile client.
Background
At present, more and more operators adopt mobile phone application programs to manage programs, packages and expenses of the operators aiming at value-added services of DVB (digital video broadcasting) market operators. When a client user downloads an APK (Android application package), an account needs to be registered. In China, as a plurality of application manufacturers cooperate with China telecom and China Mobile, APP of the manufacturers can forward data to mobile and telecom servers through a network, and therefore the mobile phone verification code can be obtained only by inputting a mobile phone number, and successful registration is achieved. However, in some satellite markets, because the coverage range of one satellite is wide, many countries are involved, if users of the APK of a certain satellite operator acquire the verification code through the mobile phone number, different countries all need similar telecom and mobile operators, and thus the unique verification code can be acquired.
However, communication operators in different countries may not be unified, and operators in the same country may not execute the unified standard, and even the same operator in the same country may not capture whether the user is a real user. The corresponding relation between the parameters of the mobile phone and the set top box can be realized only by binding the parameters of the mobile phone and the set top box to the server from the background by an operator or automatically binding the parameters of the mobile phone number and the set top box by a user. However, if the operator enters the binding relationship between the mobile phone number and the set-top box in the background, it is necessary to ensure that the mobile phone number provided by the user is always correct; if the user binds with the mobile phone, the user can possibly use the number of the set-top box of other people to bind with the mobile phone of the user. Therefore, both of the above methods have uncertain factors, and an operator cannot completely determine whether a user currently acquiring the verification code is a real set-top box user.
In view of the above drawbacks, a technology needs to be invented to determine that information input by a user is effective when a DVB market operator manages value-added services through a mobile phone application.
Disclosure of Invention
In order to solve the problems, the technical scheme adopted by the invention is as follows:
a method for transmitting verification codes comprises the following steps:
receiving registration information sent by a user through a client application program;
generating a verification code, encrypting the verification code to obtain an encrypted verification code, and sending the encrypted verification code data packet to an IP multiplexer and simultaneously storing the encrypted verification code data packet into a data memory;
the IP multiplexer forms the encrypted verification code into a composite TS stream and sends the composite TS stream to a satellite modulator;
the satellite modulator modulates the received signal and then transmits the modulated signal to the satellite space station;
the satellite space station sends the received signal to a satellite set top box;
the satellite set-top box displays the verification code at the television end according to the received signal;
and the user inputs the verification code into the client application program, and the registration is finished.
In the method, the working time sequence process of the verification code comprises the following steps:
s1, inputting the number SN of the set top box and the hardware number STB _ ID of the set top box by the user through the client application program, and clicking to acquire the verification code;
s2, the registration server acquires the SN number of the set top box, the STB _ ID of the hardware number and the ID of the client, and checks whether the data is valid by comparing whether the SN number and the STB _ ID can be inquired in the registration server;
s3, if the judgment result is valid, the registration server adopts the number SN of the set-top box and the hardware number STB _ ID of the set-top box to calculate and generate a key 1;
s4, the registration server acquires system time, acquires a random number by taking the system time as a seed, generates a verification code together with a set-top box hardware number STB _ ID and a set-top box number SN, and packages the verification code and data of preset display attributes in the registration server to generate a verification code data packet;
s5, the registration server calculates the crc algorithm of the verification code data packet to obtain crc check data;
s6, the registration server uses a symmetric encryption algorithm AES and the Key1 to encrypt the verification code data packet of the crc check to generate encrypted data;
s7, the register server transmits the encrypted data to the program multiplexer through a network protocol;
s8, the program multiplexer transmits the multiplex stream to the signal modulator through the network protocol;
s9, uploading the received data to a satellite space station by the signal modulator;
s10, the satellite space station sends the received data to a set top box through a satellite, and the set top box acquires the encrypted data;
s11, calculating and generating a decryption key2 by using the local SN number and the hardware number STB _ ID acquired by the set top box and the encrypted data;
s12, decrypting the encrypted data by using a symmetric encryption algorithm AES and the decryption key2, verifying the integrity of the data by a CRC algorithm, and acquiring a verification code;
s13, the set-top box outputs the verification code to a television for display;
s14, the user inputs the displayed verification code into the client application program, the registration server compares the verification code generated in S4 with the verification code sent by the client application program, and judges whether the verification code and the verification code are consistent, if so, the verification code sent by the client application program is valid;
and S15, finishing registration.
The communication between the client and the registration server is according to a secure transport protocol, which comprises the following steps:
a client and a registration server are internally provided with a rootkey of an appointed registration server;
the client requests to establish communication connection, requests a data encryption key from the registration server, and sends a client ID to the registration server;
the registration server acquires the client ID, and generates a key3 by using rootkey calculation;
the registration server calculates and generates a key4 by taking the local time as a random seed;
the registration server encrypts the key4 through a symmetric encryption algorithm 3DES and the key 3;
the registration server transmits the encrypted data to the client;
the client acquires the encrypted data and calculates and acquires a key 3;
the client decrypts the encrypted data through a symmetric encryption algorithm 3DES and key3 to obtain key 4;
the client uses key4 and a symmetric encryption algorithm 3DES to carry out encryption transmission on the communication data;
the registration server uses the key4 and the symmetric encryption algorithm 3DES to decrypt and store the communication data.
In S4, the verification code generation algorithm is:
1) the authentication code seed value is 8 bytes random value (the current system time (accurate to millisecond) is used as a random seed)
2) Identifying code ═ identifying code seed value | (-set top box hardware number (STB _ ID) ^ (identifying code seed value) | set top box number (SN) ^ identifying code seed value) | mobile phone ID)
The STB _ ID and the STB SN of the STB hardware are obtained by the following algorithm: STB _ ID — s _ byte1, s _ byte2, s _ byte3, s _ byte4, s _ byte5, s _ byte6, s _ byte7, s _ byte8
Set-top box SN-n _ byte1, n _ byte2, n _ byte3, n _ byte4, n _ byte5, n _ byte6, n _ byte7, n _ byte8
The new sequence is composed using a 4-byte first bit data exchange algorithm:
STB_ID2=n_byte5,n_byte6,n_byte7,n_byte8,s_byte5,s_byte6,s_byte7,s_byte8.
SN2=n_byte1,n_byte2,n_byte3,n_byte4,s_byte1,s_byte2,s_byte3,s_byte4;
using the first bit swap of each set of STB _ ID2 with SN2, the intermediate swap algorithm composes a new sequence:
STB_ID3=s_byte8,n_byte6,n_byte7,s_byte5,n_byte8,s_byte6,s_byte7,n_byte5
SN3=s_byte4,n_byte2,n_byte3,s_byte1,n_byte4,s_byte2,s_byte3,n_byte1。
the key1 ═ STB _ ID3^ (SN 3)
The verification code data packet is verification code + color + style + font size + display duration.
The encrypted data is the verification code data packet encrypted by using a symmetric encryption algorithm AES + encryption key 1.
The data generation algorithm involved in the secure transmission protocol:
1) specifying RootKey-byte 1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, obtaining ClientID-c _ byte1, c _ byte2, c _ byte3, c _ byte4, c _ byte5, c _ byte6, c _ byte7, c _ byte8
2) Parity swapping between rootkey and ClientID
RootKey1=byte1,c_byte2,byte3,c_byte4,byte5,c_byte6,byte7,c_byte8
ClientID1=c_byte1,byte2,c_byte3,byte4,c_byte5,byte6,c_byte7,byte8
3)Key3=(~RootKey1)^ClientID1
4) key4 ^ 8 byte random value (random seed with current system time (millisecond accurate)) ^ ClientID1
5) Encryption Key4 data 3DES symmetric algorithm + Key3 encryption
6) The encrypted instruction data is encrypted by 3DES symmetric algorithm + Key 4.
Compared with the prior art, the invention has the beneficial effects that:
1) ensuring that users in the area covering the signal can obtain the verification code so as to register successfully;
2) the traditional method that the verification code is received by the mobile phone is separated;
3) the information is completely controlled by the user without depending on mobile phone operators in different countries;
4) in the generation and transmission processes of the verification code, multilayer mixed encryption is adopted, so that the verification code has uniqueness and high safety.
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Drawings
Fig. 1 is a flowchart of a verification code transmission method according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a verification code working sequence according to a first embodiment of the present invention;
fig. 3 is a schematic diagram of a secure transmission protocol between a client and a registration server according to a first embodiment of the present invention;
fig. 4 is a flowchart of generating the verification code according to the first embodiment.
Detailed Description
Referring to fig. 1, the present embodiment provides a method for transmitting an authentication code, including the following steps:
a user opens a mobile phone application program and sends registration information to a registration server;
the registration server generates a verification code, the verification code becomes an encrypted verification code after encryption, and an encrypted verification code data packet is sent to the IP multiplexer and is simultaneously stored in the data memory;
the IP multiplexer forms a composite TS stream by the encrypted verification code and sends the composite TS stream to the satellite modulator;
the satellite modulator modulates the received signal and then transmits the modulated signal to the satellite space station;
the satellite space station sends the received signal to a satellite set-top box;
the satellite set-top box displays the verification code at the television end according to the received signal;
the user inputs the verification code to the mobile phone application program, and the registration is finished.
The above-mentioned mobile phone application program may also be other client application programs. In this embodiment, the mobile phone is only an example, and in fact, any other client may also be used, for example: computers, tablet computers, and the like.
In the above method, the verification code working timing sequence process, as shown in fig. 2, includes the following steps:
1. the user inputs the number SN of the set top box and the hardware number STB _ ID of the set top box through a mobile phone application program, and clicks to obtain a verification code;
2. the method comprises the steps that a registration server obtains an SN number of a set top box, a hardware number STB _ ID and a client ID (namely a mobile phone device ID), and whether data are valid or not is verified by comparing whether the SN number and the STB _ ID can be inquired in the registration server or not;
3. if the judgment result is valid, calculating and generating a key1 by adopting the set top box number SN and the hardware number STB _ ID of the set top box and adopting an algorithm;
4. acquiring system time (accurate to a microsecond), acquiring a random number by taking the system time as a seed, and generating a verification code by using the acquired random number, a set top box hardware number STB _ ID and a set top box number SN, wherein the format of the verification code is shown in a table 2;
5. performing crc algorithm calculation on the data of the table 2 to obtain crc check data;
6. encrypting the table 2 format data of crc check by using a symmetric encryption algorithm AES and Key1 to generate encrypted data, wherein the encrypted data is shown in table 1;
7. transmitting the encrypted data to a program multiplexer through a network protocol;
8. the program multiplexer transmits the multiplexed stream to the signal modulator through a network protocol;
9. the signal modulator uploads the received data to the satellite space station;
10. the satellite space station sends the received data to a set top box through a satellite, and the set top box acquires the encrypted data of the verification code;
11. generating a key2 through an algorithm by using the local SN number and the hardware number STB _ ID acquired by the set top box and the encrypted data;
12. decrypting the encrypted data of the verification code by using a symmetric encryption algorithm AES and a decryption key2, verifying the integrity of the data by using a CRC algorithm, and acquiring verification code data;
13. the set-top box outputs the transmission attributes of the verification code data to a television for display by using the transmission attributes of the verification code data, which are shown in table 2 and comprise color, display style and font size;
14. the user inputs the displayed verification code data into the mobile phone application program, the registration server judges whether the verification code is valid or not by comparing the verification code generated by the registration server with the verification code sent by the mobile phone application program, and if the time exceeds the preset validity period of 1 minute, the registration server deletes the verification code.
15. And finishing the registration.
During the communication between the client (i.e. the mobile phone held by the user) and the registration server, the present embodiment creates a set of secure transmission protocols to ensure the secure transmission of data between two devices, and a specific transmission flow is shown in fig. 3 and includes the following flows:
a rootkey of an appointed registration server is arranged in the client and the registration server, and the rootkey is a root key which is a fixed value;
the client requests to establish communication connection and request a data encryption key from the registration server, and sends a client ID to the registration server, and the data format is shown in Table 3;
the registration server acquires the client ID, and generates a key3 through algorithm calculation by using a rootkey;
the registration server generates keys 4 by using local time as a random seed through an algorithm;
the registration server encrypts the key4 through a symmetric encryption algorithm 3DES and the key 3;
the registration server transmits the encrypted data to the client;
the client acquires the encrypted data and acquires key3 through algorithm calculation;
the client decrypts the encrypted data through a symmetric encryption algorithm 3DES and key3 to obtain key 4;
the client side uses key4 and a symmetric encryption algorithm 3DES to carry out encryption transmission on communication data, and the transmission data format is shown in Table 4;
the registration server uses the key4 and the symmetric encryption algorithm 3DES to decrypt and store the communication data.
In the application, all data transmitted to the registration server by the mobile phone client needs to be encrypted for transmission. The communication data refers to instruction data sent by a mobile phone client, and not only comprises the encrypted data, but also comprises other instruction information data.
Tables 1-4 described above are as follows:
table 1: transmission format for generating verification code encrypted data by registration server
Table 2: authentication code packet format
| Data head | Data size | Remarks for note |
| Color | 2 bytes | Displaying |
| Style | ||
| 1 byte | | |
| FontSize | ||
| 1 byte | Display font size | |
| Duringtime | 4 bytes | Display duration |
| verfycode | 8 bytes | Verification code |
Table 3: client communication request data format
| Data head | Data size | Remarks for note |
| Header | 2 bytes | Wrapping |
| Datalen | ||
| 1 byte | Data length | |
| ClientID | 8 bytes | Client ID |
| ClientCmd | 4 bytes | Request instruction |
TABLE 4 client communication transmission encrypted data format
The data generation algorithm used in the working time sequence process of the verification code is as follows:
in step 4, the verification code generation algorithm is as follows:
1) the authentication code seed value is 8 bytes random value (the current system time (accurate to millisecond) is used as a random seed)
2) Identifying code ═ identifying code seed value | (-set top box hardware number (STB _ ID) ^ (identifying code seed value) | set top box number (SN) ^ identifying code seed value) | mobile phone ID)
Secondly, the STB _ ID and the STB SN of the STB hardware are obtained through the following algorithm:
STB_ID=s_byte1,s_byte2,s_byte3,s_byte4,s_byte5,s_byte6,s_byte7,s_byte8
set-top box SN-n _ byte1, n _ byte2, n _ byte3, n _ byte4, n _ byte5, n _ byte6, n _ byte7, n _ byte8
The new sequence is composed using a 4-byte first bit data exchange algorithm:
for example:
STB_ID2=n_byte5,n_byte6,n_byte7,n_byte8,s_byte5,s_byte6,s_byte7,s_byte8.
SN2=n_byte1,n_byte2,n_byte3,n_byte4,s_byte1,s_byte2,s_byte3,s_byte4.
using the first bit swap of each set of STB _ ID2 with SN2, the intermediate swap algorithm composes a new sequence:
STB_ID3=s_byte8,n_byte6,n_byte7,s_byte5,n_byte8,s_byte6,s_byte7,n_byte5
SN3=s_byte4,n_byte2,n_byte3,s_byte1,n_byte4,s_byte2,s_byte3,n_byte1.
in the above, the STB _ ID is the original value obtained from the set-top box, and becomes another value STB _ ID2 and SN2 after being calculated by the algorithm, and becomes STB _ ID3 and SN3 after being transformed by some algorithms, which is equivalent to the STB _ ID evolving into STB _ ID3, in the working sequence flow of the verification code, the algorithms of steps 3 and 11 both adopt the above conversion for STB _ ID and SN.
Thirdly, the encryption key1 ═ STB _ ID3^ (SN 3)
Fourthly, identifying code data packet is identifying code + color + style + font size + display duration;
fifthly, encrypting the verification code data packet by using a symmetric encryption algorithm AES + encryption key1
Sixthly, a data generation algorithm related in the secure transmission protocol:
1) specifying RootKey-byte 1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, obtaining ClientID-c _ byte1, c _ byte2, c _ byte3, c _ byte4, c _ byte5, c _ byte6, c _ byte7, c _ byte8
2) Parity swapping between rootkey and ClientID
RootKey1=byte1,c_byte2,byte3,c_byte4,byte5,c_byte6,byte7,c_byte8
ClientID1=c_byte1,byte2,c_byte3,byte4,c_byte5,byte6,c_byte7,byte8
3)Key3=(~RootKey1)^ClientID1;
4) key4 ═ 8 byte random value (random seed with current system time (in milliseconds accurate)) > ClientID 1;
5) encryption Key4 data 3DES symmetric algorithm + Key3 encryption
6) The encrypted instruction data is encrypted by 3DES symmetric algorithm + Key 4.
The ClientID is a client ID.
To facilitate understanding, the present embodiment provides a logic flow diagram for generating a verification code, as shown in fig. 4, including the following steps:
acquiring client verification code request information;
judging whether the data is valid data;
if yes, obtaining each ID of the client;
storing the ID of each item of the client in a database (belonging to a registration server);
generating a verification code;
judging whether the verification code is 8 bytes or not so as to judge whether the generated verification code is in a correct format or not; in this step, the verification code may also be set to other number of bytes, and if the determination result indicates that the verification code matches the preset number of bytes, at least the format of the verification code is correct;
if the judgment result is yes, inquiring the database, and judging whether the verification code in the database is repeated;
if the judgment result is negative, packaging data, wherein the data is in a format of table 2 and comprises the verification code and display parameters, such as color, style, time and the like, which are detailed in table 2;
encrypting the data into an encrypted data packet;
and packaging the encrypted data packet into a TS format, and sending the TS format to the multiplexer.
The method of this embodiment has the following advantages:
1) ensuring that users in the area covering the signal can obtain the verification code so as to register successfully;
2) the traditional method that the verification code is received by the mobile phone is separated;
3) the information can be completely controlled by the user without depending on mobile phone operators in different countries.
The embodiment further provides a system for implementing the authentication method according to claim 1, which is shown in fig. 1 and includes:
the registration server is used for receiving registration information sent by a user through a client application program; generating a verification code, encrypting the verification code to obtain an encrypted verification code, sending the encrypted verification code to the IP multiplexer and simultaneously storing the encrypted verification code into a data memory;
the IP multiplexer is used for receiving the encrypted verification code sent by the registration server, forming a composite TS (transport stream) by the encrypted verification code and sending the composite TS to the satellite modulator;
the satellite modulator is used for receiving the composite TS stream sent by the IP multiplexer, modulating the received signal and then ascending the modulated signal to a satellite space station;
the satellite space station is used for receiving the signal sent by the satellite modulator and sending the signal to the satellite set top box;
the satellite set-top box displays the verification code at the television end according to the received signal;
and the client application program is used for sending registration information to the registration server by the user and receiving the verification code input by the user.
The verification code is acquired through satellite signals on the basis of an operator APK (Android application package) system. Since each set-top box has a unique ID, called SN (Serial Number). When a client user registers an APK account, the APK can register by inputting an SN number, the APK can send a network card address of a mobile phone, the mobile phone number and the SN number into a registration server through a network protocol, the registration server detects whether the SN is effective or not, meanwhile, a verification code is generated under the effective condition, and the verification code is sent to a front-end multiplexer of an operator according to an encrypted data format and then sent to a satellite through a modulator. And opening the set-top box, the set-top box can acquire the encrypted verification code data packet, decrypt the data to acquire the verification code of the plaintext, and finally display the verification code on a television screen within the effective duration, so that the client user can successfully register the account number by inputting the verification code displayed on the television screen. The design thoroughly solves the problem of a method for uniformly acquiring the verification code across areas, and the valid verification code can be received only by opening the corresponding set top box, so that the correctness and uniqueness of registration are ensured.
The above embodiments are only preferred embodiments of the present invention, and the protection scope of the present invention is not limited thereby, and any insubstantial changes and substitutions made by those skilled in the art based on the present invention are within the protection scope of the present invention.
Claims (7)
1. A method for transmitting an authentication code, comprising the steps of:
receiving registration information sent by a user through a client application program;
generating a verification code, encrypting the verification code to obtain an encrypted verification code, sending the encrypted verification code to the IP multiplexer and simultaneously storing the encrypted verification code into a data memory;
the IP multiplexer forms the encrypted verification code into a composite TS stream and sends the composite TS stream to a satellite modulator;
the satellite modulator modulates the received signal and then transmits the modulated signal to the satellite space station;
the satellite space station sends the received signal to a satellite set top box;
the satellite set-top box displays the verification code at the television end according to the received signal;
and the user inputs the verification code into the client application program, and the registration is finished.
2. The method for transmitting the verification code according to claim 1, wherein the work sequence flow of the verification code comprises the following steps:
s1, inputting the number SN of the set top box and the hardware number STB _ ID of the set top box by the user through the client application program, and clicking to acquire the verification code;
s2, the registration server acquires the SN number of the set top box, the STB _ ID of the hardware number and the ID of the client, and checks whether the data is valid by comparing whether the SN number and the STB _ ID can be inquired in the registration server;
s3, if the judgment result is valid, the registration server adopts the number SN of the set-top box and the hardware number STB _ ID of the set-top box to calculate and generate a key 1;
s4, the registration server acquires system time, acquires a random number by taking the system time as a seed, generates a verification code together with a set-top box hardware number STB _ ID and a set-top box number SN, and packages the verification code and data of preset display attributes in the registration server to generate a verification code data packet;
s5, the registration server calculates the crc algorithm of the verification code data packet to obtain crc check data;
s6, the registration server uses a symmetric encryption algorithm AES and the Key1 to encrypt the verification code data packet of the crc check to generate encrypted data;
s7, the register server transmits the encrypted data to the program multiplexer through a network protocol;
s8, the program multiplexer transmits the multiplex stream to the signal modulator through the network protocol;
s9, uploading the received data to a satellite space station by the signal modulator;
s10, the satellite space station sends the received data to a set top box through a satellite, and the set top box acquires the encrypted data;
s11, calculating and generating a decryption key2 by using the local SN number and the hardware number STB _ ID acquired by the set top box and the encrypted data;
s12, decrypting the encrypted data by using a symmetric encryption algorithm AES and the decryption key2, verifying the integrity of the data by a CRC algorithm, and acquiring a verification code;
s13, the set-top box outputs the verification code to a television for display;
s14, the user inputs the displayed verification code into the client application program, the registration server compares the verification code generated in S4 with the verification code sent by the client application program, and judges whether the verification code and the verification code are consistent, if so, the verification code sent by the client application program is valid;
and S15, finishing registration.
3. The method for transmitting the verification code according to claim 2, wherein the communication between the client and the registration server is according to a secure transmission protocol, the secure transmission protocol comprising the steps of:
a client and a registration server are internally provided with a rootkey of an appointed registration server;
the client requests to establish communication connection, requests a data encryption key from the registration server, and sends a client ID to the registration server;
the registration server acquires the client ID, and generates a key3 by using rootkey calculation;
the registration server calculates and generates a key4 by taking the local time as a random seed;
the registration server encrypts the key4 through a symmetric encryption algorithm 3DES and the key 3;
the registration server transmits the encrypted data to the client;
the client acquires the encrypted data and calculates and acquires a key 3;
the client decrypts the encrypted data through a symmetric encryption algorithm 3DES and key3 to obtain key 4;
the client uses key4 and a symmetric encryption algorithm 3DES to carry out encryption transmission on the communication data;
the registration server uses the key4 and the symmetric encryption algorithm 3DES to decrypt and store the communication data.
4. The method for transmitting the verification code according to claim 2, wherein in S4, the verification code and related data generation algorithm is:
1) the seed value of the verification code is 8 bytes random;
2) identifying code ═ authentication code seed value | (-set top box hardware number (STB _ ID) ^ (identifying code seed value) | set top box number (SN) ^ authentication code seed value) | client ID);
STB_ID=s_byte1,s_byte2,s_byte3,s_byte4,s_byte5,s_byte6,s_byte7,s_byte8
set-top box SN-n _ byte1, n _ byte2, n _ byte3, n _ byte4, n _ byte5, n _ byte6, n _ byte7, n _ byte8
The new sequence is composed using a 4-byte first bit data exchange algorithm:
STB_ID2=n_byte5,n_byte6,n_byte7,n_byte8,s_byte5,s_byte6,s_byte7,s_byte8.
SN2=n_byte1,n_byte2,n_byte3,n_byte4,s_byte1,s_byte2,s_byte3,s_byte4;
using the first bit swap of each set of STB _ ID2 with SN2, the intermediate swap algorithm composes a new sequence:
STB_ID3=s_byte8,n_byte6,n_byte7,s_byte5,n_byte8,s_byte6,s_byte7,n_byte5
SN3=s_byte4,n_byte2,n_byte3,s_byte1,n_byte4,s_byte2,s_byte3,n_byte1。
the key1 is STB _ ID3^ (SN 3);
the verification code data packet is verification code + color + style + font size + display duration.
5. The verification code transmission method according to claim 4,
the encrypted data is the verification code data packet encrypted by using a symmetric encryption algorithm AES + encryption key 1.
6. The method for transmitting authentication codes according to claim 3, wherein the data generation algorithm involved in the secure transmission protocol:
1) specifying RootKey-byte 1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, obtaining ClientID-c _ byte1, c _ byte2, c _ byte3, c _ byte4, c _ byte5, c _ byte6, c _ byte7, c _ byte8
2) Parity swapping between rootkey and ClientID
RootKey1=byte1,c_byte2,byte3,c_byte4,byte5,c_byte6,byte7,c_byte8
ClientID1=c_byte1,byte2,c_byte3,byte4,c_byte5,byte6,c_byte7,byte8
3)Key3=(~RootKey1)^ClientID1;
4) key4 ═ 8 byte random value (random seed with current system time (in milliseconds accurate)) > ClientID 1;
5) the encrypted Key4 data is encrypted by 3DES symmetric algorithm + Key 3;
6) the encrypted instruction data is encrypted by 3DES symmetric algorithm + Key 4.
7. A system for implementing the authentication method of claim 1, comprising:
the registration server is used for receiving registration information sent by a user through a client application program; generating a verification code, encrypting the verification code to obtain an encrypted verification code, and sending the encrypted verification code data packet to an IP multiplexer and simultaneously storing the encrypted verification code data packet into a data memory;
the IP multiplexer is used for receiving the encrypted verification code data packet sent by the registration server, forming a composite TS (transport stream) by the encrypted verification code and sending the composite TS to the satellite modulator;
the satellite modulator is used for receiving the composite TS stream sent by the IP multiplexer, modulating the received signal and then ascending the modulated signal to a satellite space station;
the satellite space station is used for receiving the signal sent by the satellite modulator and sending the signal to the satellite set top box;
the satellite set-top box displays the verification code at the television end according to the received signal;
a client application for the user to send registration information to the registration server, an
And receiving the verification code input by the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111670483.2A CN114401424B (en) | 2021-12-31 | 2021-12-31 | Verification code transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111670483.2A CN114401424B (en) | 2021-12-31 | 2021-12-31 | Verification code transmission method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114401424A true CN114401424A (en) | 2022-04-26 |
| CN114401424B CN114401424B (en) | 2023-08-08 |
Family
ID=81229681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111670483.2A Active CN114401424B (en) | 2021-12-31 | 2021-12-31 | Verification code transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114401424B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1708988A (en) * | 2002-11-25 | 2005-12-14 | 科纳克斯公司 | GMS SMS based authentication system for digital TV |
| US20100131968A1 (en) * | 2008-11-26 | 2010-05-27 | Echostar Technologies L.L.C. | Account-Specific Encryption Key |
| CA2655845A1 (en) * | 2009-01-28 | 2010-07-28 | Elottery, Inc. | System and method for operating governmental lottery games with television-based user terminals |
| CN102509214A (en) * | 2011-10-28 | 2012-06-20 | 祝丹 | Mobile phone ordering payment method based on digital television payment platform and system |
| JP2013115468A (en) * | 2011-11-25 | 2013-06-10 | Kts:Kk | Local internet construction system |
| US20140007211A1 (en) * | 2012-06-27 | 2014-01-02 | Nhn Corporation | System, method and computer readable recording medium for linking television and smart phone using image authentication key |
| US20140181933A1 (en) * | 2012-12-21 | 2014-06-26 | Cellco Partnership D/B/A Verizon Wireless | Verifying an identity of a message sender |
| CN103957444A (en) * | 2013-04-16 | 2014-07-30 | 鸿富锦精密工业(深圳)有限公司 | System and method for data sharing through cloud |
| EP2879390A1 (en) * | 2013-11-28 | 2015-06-03 | Krea Icerik Hizmetleri Ve Produksiyon Anonim Sirketi | Method and system of transmitting conditional access authorizations between DVB-S and OTT broadcast transmission media |
| CN105791903A (en) * | 2016-03-09 | 2016-07-20 | 重庆好乐视网络科技有限公司 | Digital-video-conversion-equipment-based system and method for realizing three-screen linkage |
| CN109587534A (en) * | 2017-09-29 | 2019-04-05 | 上海赛特斯信息科技股份有限公司 | The method for controlling IPTV set top box by mobile terminal |
-
2021
- 2021-12-31 CN CN202111670483.2A patent/CN114401424B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1708988A (en) * | 2002-11-25 | 2005-12-14 | 科纳克斯公司 | GMS SMS based authentication system for digital TV |
| US20100131968A1 (en) * | 2008-11-26 | 2010-05-27 | Echostar Technologies L.L.C. | Account-Specific Encryption Key |
| CA2655845A1 (en) * | 2009-01-28 | 2010-07-28 | Elottery, Inc. | System and method for operating governmental lottery games with television-based user terminals |
| CN102509214A (en) * | 2011-10-28 | 2012-06-20 | 祝丹 | Mobile phone ordering payment method based on digital television payment platform and system |
| JP2013115468A (en) * | 2011-11-25 | 2013-06-10 | Kts:Kk | Local internet construction system |
| US20140007211A1 (en) * | 2012-06-27 | 2014-01-02 | Nhn Corporation | System, method and computer readable recording medium for linking television and smart phone using image authentication key |
| US20140181933A1 (en) * | 2012-12-21 | 2014-06-26 | Cellco Partnership D/B/A Verizon Wireless | Verifying an identity of a message sender |
| CN103957444A (en) * | 2013-04-16 | 2014-07-30 | 鸿富锦精密工业(深圳)有限公司 | System and method for data sharing through cloud |
| EP2879390A1 (en) * | 2013-11-28 | 2015-06-03 | Krea Icerik Hizmetleri Ve Produksiyon Anonim Sirketi | Method and system of transmitting conditional access authorizations between DVB-S and OTT broadcast transmission media |
| CN105791903A (en) * | 2016-03-09 | 2016-07-20 | 重庆好乐视网络科技有限公司 | Digital-video-conversion-equipment-based system and method for realizing three-screen linkage |
| CN109587534A (en) * | 2017-09-29 | 2019-04-05 | 上海赛特斯信息科技股份有限公司 | The method for controlling IPTV set top box by mobile terminal |
Non-Patent Citations (1)
| Title |
|---|
| 刘佳婧;: "基于β测试的直播卫星用户管理系统APP测试方法研究", no. 04 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114401424B (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7702904B2 (en) | Key management system and multicast delivery system using the same | |
| CN105939484B (en) | A kind of the encryption playback method and its system of audio-video | |
| CN100548044C (en) | Mobile TV playing control system and playing network and broadcasting method | |
| CN101719910B (en) | Terminal equipment for realizing content protection and transmission method thereof | |
| US7561696B2 (en) | Delivering policy updates for protected content | |
| JP4519935B2 (en) | Information communication method, communication terminal device, and information communication system | |
| US20040068659A1 (en) | Method for secure distribution of digital data representing a multimedia content | |
| EP2066127A2 (en) | A method, apparatus and system to manage access to program content | |
| US20090088068A1 (en) | Security Method and Device for Managing Access to Multimedia Contents | |
| US20030041241A1 (en) | Privacy data communication method | |
| CN104243439A (en) | File transfer processing method and system and terminals | |
| CN104298896A (en) | Method and system for managing and distributing digital rights | |
| US11308242B2 (en) | Method for protecting encrypted control word, hardware security module, main chip and terminal | |
| CN103747039B (en) | Digital film copy distribution system | |
| JP2004535704A (en) | Condition access method and system for IP service | |
| CN114401424B (en) | Verification code transmission method and system | |
| CN102427559A (en) | Identity authentication method based on digital television set card separation technology | |
| CN102843335B (en) | The processing method of streaming medium content and equipment | |
| WO2012016434A1 (en) | Management method for authentication parameters and terminal | |
| JPH09252320A (en) | Data transmitter and its method | |
| US8774414B2 (en) | Method and apparatus for transmitting/receiving encryption information in a mobile broadcast system | |
| CN112738560A (en) | Video data transmission method, receiving method, server and client | |
| KR101609095B1 (en) | Apparatus and method for data security in content delivery network | |
| JP2020178185A (en) | Content distribution device, mobile terminal, receiving device, and program thereof | |
| US8615659B2 (en) | System and method for acquiring terminal binding key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |