CN1394082A - Safety unit for encrypted signals transmission - Google Patents
Safety unit for encrypted signals transmission Download PDFInfo
- Publication number
- CN1394082A CN1394082A CN 01122357 CN01122357A CN1394082A CN 1394082 A CN1394082 A CN 1394082A CN 01122357 CN01122357 CN 01122357 CN 01122357 A CN01122357 A CN 01122357A CN 1394082 A CN1394082 A CN 1394082A
- Authority
- CN
- China
- Prior art keywords
- key
- memory
- coupling
- decrypting
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses the safety system of the deciphering unit used for the safety transmission operation. The deciphering key is stored on the portable storage device of the intelligent card for example. It must be matched before the deciphering unit executes so as to load the identical match cipher keys into the deciphering unit and the storage unit. The originator of transmitting the transactions can change the match cipher key remotely at any time by sending new match cipher key. In the implemented selected case, two attached match cipher keys are used. One is generated randomly by the deciphering unit and can be changed locally. The other is the static cipher key generated at the time of initializing the deciphering unit and the code. These cipher keys can be combined and compared for the matching purpose.
Description
Invention field
The present invention relates to secure transmission system, more particularly the present invention relates to the decrypting device in this system or the fail safe of descrambling unit.An application of the present invention is a subscriber television system, no matter is radiovision, cable TV or satellite television.Yet the present invention can also be applied to the secure transmission system between remote system and the local system, and wherein the local system utilization is stored in the safe and portable medium (for example: smart card) Nei key is decrypted transmission.
Background technology
In pay television system, the encrypted or scrambling of the signal of transmission so just has only the broadcasting service user can receive this signal.Fig. 1 illustrates a kind of like this system, and in Fig. 1, " remote system " is DVB broadcast head end equipment, and " local system " is television receiver set top box decodes device.Remote system utilizes signal to be broadcast that this signal is encrypted or scrambling, and set-top box (STB) is decrypted this signal in " fixed key " that the receiver user utilization is stored in STB.This fixed key is with encrypt employed key in remote system identical.Wherein signal comprises data, and does not comprise video information, and local system has the equipment of storage data.The poor stability of this prior art is because illegally enter local system easily and duplicate this fixed key.
Fig. 2 illustrates a kind of transformation system of said system.In this system, use smart cards for storage key and data (if can use) and must when the local system joint operation, insert.This system is dangerous equally, because the channel between local system and the smart card is dangerous.The hacker can monitor the agreement between local system and the smart card, forges smart card then.
Fig. 3 (also being prior art) illustrates a kind of improvement system, wherein local system and specific smart card coupling.The pairwise key that utilization produces after matching between local system and smart card and handling is realized this matching relationship.Because each local system-smart card is to being unique, so even pairwise key is attacked, the smart card of being attacked still can not be used for other local system.Carrying out under the TV broadcasting situation, can not destroy local system-smart card to and produce serious security risk.Yet in E-business applications, a local system-smart card is destroyed to also not wishing, because in this case, smart card can be used for various uses, comprises the change storing value.
Summary of the invention
The object of the invention just provides a kind of secure decryption unit that uses in various secure transmission systems.
Therefore, aspect first, present invention resides in the safety system of the decrypting device of using in the safety signal transport service between transmitting terminal and the one or more receiving terminal, this transmitting terminal is encrypted signal, this receiving terminal is decrypted such signal that its decrypted signal key or its part are stored in the memory device removably, and this safety system comprises:
Memory is positioned at described decrypting device, is used to store the first coupling key;
Be used for the described first coupling phase-key replication to the described device that loads and unloads memory device;
Be positioned at described decrypting device, be used for to load and unload the coupling of first in memory device key and be stored in the device that the coupling of first in described memory key compares;
Has only when two first coupling key agreements the device that utilizes decrypting device that signal is decrypted; Be positioned at the device that transmitting terminal is used for periodically producing the new first coupling key and this key is sent at least one decrypting device;
Be used to extract the device that is included in the new first coupling key in this signal often by transmitting terminal; And
The new signal key that is used for extracting writes the device of described memory device.
Aspect second, the decrypting device of using in the encrypted signals transmission that the present invention relates between transmitting terminal and one or more receiving terminal, carry out, this receiving terminal is decrypted this class signal that its decrypted signal key or its part are stored in the memory device removably, and this decrypting device comprises:
Memory is used to store the first coupling key;
Be used for the described first coupling phase-key replication to the described device that loads and unloads memory device;
Be used for to be stored in the device that first coupling key that can load and unload in the memory device and the first coupling key that is stored in the described memory compare;
Have only when two first coupling key agreements, just the device that signal is decrypted;
Be used to extract the device that is included in the new first coupling key in this signal often by transmitting terminal; And
The new signal key that is used for extracting writes the device of described memory device.
In this specification, term " encryption " and " deciphering " comprise " scrambling " and " descrambling " process respectively.In addition, " deciphering " comprise that " decoding " process and " decrypting device " have equivalent meaning.
Description of drawings
Fig. 1 illustrates to utilize has the block diagram that carries out encrypted transmission (prior art) that is arranged on the decruption key in the local decryption device;
Fig. 2 illustrates not only identical with system shown in Figure 1 system, but also comprises decruption key (prior art) block diagram that uses jointly and be stored in local decryption device in the smart card;
Fig. 3 illustrates and utilizes pairwise key to make the channel safety between local system and the smart card carry out improved system (prior art) to system shown in Figure 2;
Fig. 4 illustrates the block diagram that is used for overview explanation system according to the invention;
Fig. 5 illustrates and realizes more more detailed block diagram of the present invention.
Embodiment
For user's television broadcasting system, the preferred embodiments of the present invention are described now with reference to figure 4 and Fig. 5.Above-mentioned technology can be used for providing fail safe to any data that are stored in the portable memory apparatus equally.The broadcasting equipment that comprises remote system 1 produces TV signal, is utilizing before known encryption device 2 transmits, and TV station encrypts TV signal.Target local equipment 3 (is set-top box for user's TV) receives this encrypted broadcast signals, and keep to encrypt till the key of the signal cipher key match that will use with TV station is delivered to the deciphering module of subscriber equipment 3.This signal key is stored in safety device 6, and safety device is smart card preferably.When being electrically connected (insertion card reader) with local device, the signal key is sent to the decrypting device of local device 3, and broadcast singal is decrypted to be presented on the television receiver.
Smart card 6 mates to guarantee that smart card can not be used to another local system with local system 3.Local system and smart card are respectively provided to few " dynamically " key, " dynamically " key is compared coupling after, local system just can be visited the signal that is stored on the card or other protects key or data.Just be meant the key of can be at random or changing periodically by " dynamically ".This Dynamic matching key has improved fail safe greatly than static keys, to safeguard the integrality of card or channel.
Dynamic key can be single key, also can be a plurality of combination of keys that produce respectively.One be can change and key, remote cipher key 10 formed.Be that new Dynamic matching key 10 can be produced by key generator 4, and send at the broadcast singal that from the data-signal of remote cipher key interface 5, is extracted by STB, by interface ciphering engine 8 it is written into memory 7 then, crypto engine 8 writes smart card 6 by intelligent card interface 9 with new key conversely.
In this preferred embodiment, use 3 keys to be used for the protection card interface altogether.Except remote cipher key 10, also can use second dynamic key 11 and static keys 12, with further raising fail safe.
The 3rd key 12 can be stored into the storage address 15 in the safety device 6 and be used for further guaranteeing STB and the safety device coupling.This is a static coupling key, it remain unchanged and for example can by the secret sequence number of STB derive or with the secret sequence number equivalence of STB, with this secret sequence number initial duplicate when inserting this safety device and permanent storage to safety device.
In a kind of more complicated operational mode according to the present invention, do not duplicate this 3 keys 10,11 and 12, their couplings respectively between STB3 and card 6, and they are combined form a combination (change with changeable) dynamic key 16.No matter whether this key changes, and all utilizes STB3 that this phase-key replication is arrived card memory address 17.Interface ciphering engine 8 and 18 continues the key that remains in the STB is compared with the key that remains in the card.
Be used for signal and data that the signal from the remote system to the local system or data are decrypted are stored in card memory address 19 (data key mapping), and read this address by data encryption engine 20.
In one embodiment, the remote cipher key 10 of a part that is used as the Dynamic matching key is identical with the data key that is used to decipher the signal that sent by remote system or data, and the Dynamic matching key is guaranteed the fail safe of STB to card.Therefore it is copied to data key mapping 19 from remote cipher key mapping 21.
Pairing process or initialization procedure can be set up local key 12.In the pairing process, for example produce local key according to local system ID, smart card ID and the remote cipher key group that produces by remote system.In order to improve randomness, use the set of cipher key relative with single key.Right for specific local system and smart card, the local key that is produced is static.When from remote system receiving remote key, remote cipher key is stored in the remote cipher key mapping table.
No matter when produce or receive new random key or new remote cipher key at random, all just carry out Synchronous Processing between local system and smart card, the result produces the Dynamic matching key of renewal.For example carry out Synchronous Processing as follows:
(1) according to initial dynamic key, local system and smart card communications; (2) exist check to communicate the test period of process according to the Dynamic matching key that upgrades; (3) if be up to the standards, in this case renewal process is confirmed usually so; (4) if disqualified upon inspection promptly mean also to have some fault, then display alarm message.
The purposes of random key is to guarantee even connect designer (designer of design cryptographic algorithm) to decode this intelligent card interface.
Claims (8)
1. decrypting device safety system, be used for the safety signal transport service between transmitting terminal and the one or more receiving terminal, this transmitting terminal is encrypted signal, this receiving terminal is decrypted this class signal that its decrypted signal key or part are stored in the memory device removably, and this safety system comprises:
Memory is positioned at described decrypting device, is used to store the first coupling key;
Be used for the described first coupling phase-key replication to the described device that loads and unloads memory device;
Be positioned at described decrypting device, be used for to load and unload the coupling of first in memory device key and be stored in the device that the coupling of first in described memory key compares;
Has only when two first coupling key agreements the device that utilizes decrypting device that signal is decrypted; Be positioned at the device that transmitting terminal is used for periodically producing the new first coupling key and this key is sent at least a decrypting device;
Be used to extract the device that is included in the new first coupling key in this signal often by transmitting terminal; And
Be used for the new first coupling key that extracts is write the device of described memory device.
2. decrypting device safety system according to claim 1, wherein said decrypting device comprises the random number generator of the common generation second coupling key, described second key is stored in described memory, described reproducing unit with described second phase-key replication to the described memory device that loads and unloads, described comparison means compares loading and unloading described second key in the memory device and second key in the described memory, and described active device just activates the decrypted signal process of decrypting device only when first cipher key match and second cipher key match.
3. decrypting device safety system according to claim 2, wherein said decrypting device forever remains on the 3rd coupling key in the described memory, described reproducing unit with described the 3rd phase-key replication to the described memory device that loads and unloads, described comparison means compares the 3rd key that can load and unload the storage of described the 3rd key in the memory device and described store memory, and described active device just activates the decrypted signal process of decrypting device only when first cipher key match, second cipher key match and the 3rd cipher key match.
4. decrypting device safety system according to claim 1, wherein said decrypting device comprises the random number generator of the common generation second coupling key, described second key is stored in described memory, described decrypting device forever remains to described memory with the 3rd coupling key, described reproducing unit is with the described first coupling key, the second coupling key and the 3rd coupling phase-key replication copy to the described memory device that loads and unloads to memory with the formation combination key and with described combination key, described comparison means compares loading and unloading the described combination key of being stored in described combination key in the memory device and the described memory, and described active device only just activates the decrypted signal process of decrypting device when combination key is mated.
5. decrypting device safety system according to claim 1, the wherein said first coupling key is described decrypted signal key.
6. the decrypting device of using in the encrypted signals transmission that a kind is carried out between transmitting terminal and one or more receiving terminal, this receiving terminal is decrypted this class signal that its decrypted signal key or its part are stored in the memory device removably, and this decrypting device comprises:
Memory is used to store the first coupling key;
Be used for the described first coupling phase-key replication to the described device that loads and unloads memory device;
Be used for to be stored in the device that first coupling key that can load and unload in the memory device and the first coupling key that is stored in the described memory compare;
Have only when two first coupling key agreements, just the device that signal is decrypted;
Be used to extract the device that is included in the new first coupling key in this signal often by transmitting terminal; And
The new signal key that is used for extracting writes the device of described memory device.
7. decrypting device according to claim 6, this decrypting device further comprises the random number generator of the common generation second coupling key, described second key is stored in described memory, described reproducing unit with described second phase-key replication to the described memory device that loads and unloads, described comparison means compares loading and unloading second key of being stored in second key in the memory device and the described memory, and described active device activation signal decrypting process just when first cipher key match and second cipher key match only.
8. according to the described decrypting device in one of claim 6 or 7, wherein said memory permanent storage the 3rd coupling key, described reproducing unit with described the 3rd phase-key replication to the described memory device that loads and unloads, described comparison means compares with the 3rd key that is stored in the described memory the 3rd key that can load and unload in the memory device, and described active device activation signal decrypting process just when first cipher key match and second cipher key match and the 3rd cipher key match only.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB01122357XA CN100375521C (en) | 2001-07-04 | 2001-07-04 | Safety unit for encrypted signals transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB01122357XA CN100375521C (en) | 2001-07-04 | 2001-07-04 | Safety unit for encrypted signals transmission |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1394082A true CN1394082A (en) | 2003-01-29 |
| CN100375521C CN100375521C (en) | 2008-03-12 |
Family
ID=4664726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB01122357XA Expired - Fee Related CN100375521C (en) | 2001-07-04 | 2001-07-04 | Safety unit for encrypted signals transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100375521C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100466723C (en) * | 2003-02-06 | 2009-03-04 | 纳格拉影像股份有限公司 | Method for storing and transmitting data generated by a security module |
| CN101465727B (en) * | 2008-12-17 | 2011-02-02 | 成都市华为赛门铁克科技有限公司 | Method for ensuring communication safety, network appliance, device and communication system |
| CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
| CN103178967A (en) * | 2013-03-20 | 2013-06-26 | 东信和平科技股份有限公司 | Method and device for activating authentication key of blank smart card |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE59309396D1 (en) * | 1993-06-30 | 1999-04-01 | Siemens Ag | Data backup method in a pay TV system using a public key cryptosystem |
| US5761306A (en) * | 1996-02-22 | 1998-06-02 | Visa International Service Association | Key replacement in a public key cryptosystem |
| DE69834396T2 (en) * | 1998-09-01 | 2007-02-22 | Irdeto Access B.V. | Secure data signal transmission system |
| JP2000194604A (en) * | 1998-12-25 | 2000-07-14 | Fujitsu Ltd | Storage device with illegal access preventing function, data processor, and data processing system |
-
2001
- 2001-07-04 CN CNB01122357XA patent/CN100375521C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100466723C (en) * | 2003-02-06 | 2009-03-04 | 纳格拉影像股份有限公司 | Method for storing and transmitting data generated by a security module |
| CN101465727B (en) * | 2008-12-17 | 2011-02-02 | 成都市华为赛门铁克科技有限公司 | Method for ensuring communication safety, network appliance, device and communication system |
| CN103067160A (en) * | 2013-01-14 | 2013-04-24 | 江苏智联天地科技有限公司 | Method and system of generation of dynamic encrypt key of encryption secure digital memory card (SD) |
| CN103067160B (en) * | 2013-01-14 | 2018-05-15 | 江苏智联天地科技有限公司 | A kind of method and system for the dynamic key production for encrypting SD card |
| CN103178967A (en) * | 2013-03-20 | 2013-06-26 | 东信和平科技股份有限公司 | Method and device for activating authentication key of blank smart card |
| CN103178967B (en) * | 2013-03-20 | 2016-12-28 | 东信和平科技股份有限公司 | A kind of blank smart card activation certification encryption key method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100375521C (en) | 2008-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4633202B2 (en) | Method for providing secure communication between two devices and application of this method | |
| CN1181684C (en) | Matching system between receiver and security module | |
| AU749748B2 (en) | Method for protecting the audio/visual data across the NRSS interface | |
| JP4878602B2 (en) | Digital audio / video data processing unit and method for controlling access to said data | |
| CN1820482B (en) | Method for generating and managing a local area network | |
| CN100592683C (en) | Protected return path from digital rights management dongle | |
| TWI387293B (en) | Process and system for reception of a multimedia signal, cryptographic entity for this reception process and system, process and black box for the production of the cryptographic entity | |
| EP2461534A1 (en) | Control word protection | |
| US20130275755A1 (en) | Systems, methods and apparatuses for the secure transmission of media content | |
| US20040075773A1 (en) | Scrambler, descrambler and the program for scrambling or descrambling | |
| CN103004219A (en) | System and method to prevent manipulation of transmitted video data | |
| AU770758B2 (en) | Method for distributing keys among a number of secure devices, method for communicating with a number of secure devices, security system, and set of secure devices | |
| KR101083200B1 (en) | Portable security module pairing | |
| CN105191332A (en) | Method and device to embed watermark in uncompressed video data | |
| CN100375521C (en) | Safety unit for encrypted signals transmission | |
| KR101280740B1 (en) | Method to secure access to audio/video content in a decoding unit | |
| US9210137B2 (en) | Local digital network, methods for installing new devices and data broadcast and reception methods in such a network | |
| GB2377348A (en) | Security unit for encrypted signal transmission | |
| JP2001251290A (en) | Data transmission system and method for distributing and storing and reproducing contents | |
| JPH11196083A (en) | Method for transferring scramble key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: HONG KONG YUNSHI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: TIANDI DIGITAL NETWORK CO LTD Effective date: 20150826 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150826 Address after: Room 13, building 169, Kang Honghui electric road, North Point, Hongkong, China C Patentee after: Hongkong cloud Vision Technology Co., Ltd. Address before: Room 6301-06, 63 / F, central central, 99 Queen's road, central, Hongkong, China Patentee before: Tiandi Digital Network Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080312 Termination date: 20190704 |