CN1527600A - Safe access method and device for digital broadcast television network - Google Patents
Safe access method and device for digital broadcast television network Download PDFInfo
- Publication number
- CN1527600A CN1527600A CNA031192238A CN03119223A CN1527600A CN 1527600 A CN1527600 A CN 1527600A CN A031192238 A CNA031192238 A CN A031192238A CN 03119223 A CN03119223 A CN 03119223A CN 1527600 A CN1527600 A CN 1527600A
- Authority
- CN
- China
- Prior art keywords
- internet
- authentication
- terminal part
- interactive
- service management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention discloses safe access method and device for digital broadcast television network. The method includes: establishing interactive digital broadcast television system; performing interactive user access network confirmation of the terminal part with the user access protocol of the interactive network while turning on the terminal; performing the user access system confirmation of the terminal part based on the user information; and accessing the terminal passing through the confirmation into digital broadcast television system. The safe access device has front end part including recombiner, scrambler, control word generator and service management control unit; and terminal part including decombiner, descrambler and interactive service processing unit. The present invention also discloses corresponding front end device and back end device. The present invention overcomes the demerit of relying cipher key alone with poor safety and is simple in structure, easy to realize and easy in system control.
Description
Technical field
The present invention relates to the access technology of television network broadcast, particularly a kind of safety access method of digital broadcast television network and device.
Background technology
Present television network broadcast great majority have been ignored safety problem at first stage of construction, even considered safety problem, also just security mechanism is based upon on the physical security mechanism, along with the expansion of the interconnected degree of television network broadcast, this security mechanism performs practically no function for network environment.For example: cable TV network and satellite television network that some is regional have been subjected to rogue attacks, and people's normal rating is interfered or interrupts, and TV network is caused great destruction, brings enormous economic loss, have more caused extremely abominable social influence.Therefore, be necessary also should adopt measure in logic, for example security protocol, cryptographic technique, safety management etc. to strengthen access authentication, are stopped disabled user's invasion.
Just to achieve these goals, solve the full spectrum of threats of current broadcast network security, a kind of efficient ways develops Digital Television exactly, because the condition in the digital television system platform inserts the safeguard protection effect that (CA) system plays core.The CA system is meant the condition access mechanism of digital broadcast television system; it is the basic operation support facility of protection digital TV contents provider and television network broadcast operator lawful operation income; by digital television program and information are carried out real-time scrambling at television transmission network front end; carry out the descrambling reduction at user side; to the online mandate of charges paid user; can make the TV user of paying normally watch program; unpaid TV user can't be watched program, thus the CA system also be a kind of be the charging control system that basic goal utilizes encryption technology to realize with protection television operator interests.Because the CA system relates to digital TV front-end, transmission network and user side, that is to say and relate to whole television network broadcast, so it also be can resist because of commerce or political motives by the safety system of the Digital Television of malicious attack, its main Security Target is to prevent the digital cable customers authorization device because commercial object is forged in a large number or duplicated by the bootlegger, and stops forbidden digit TV programme or information to be sneaked in the digital broadcast television network.
Present CA system, at the design of One-to-All Broadcast TV network, its implementation is referring to Fig. 1, and Fig. 1 is the realization block diagram of CA system in the existing unidirectional digital broadcast television system.As shown in Figure 1, the fore-end 110 of existing digital broadcast television system comprises: recombiner 111, scrambler 112, encryption equipment 113, encryption equipment 114, business information (SI) generator 115, SAS Subscriber Authorization System 116, control word (CW) generator 117, program information management system 118 and Subscriber Management System 119; Terminal part (STB) comprises: descrambler 132, separate recombiner 131, decipher 133, decipher 134, safe processor 135.Terminal part 130 has comprised a smart card system 136.
In above-mentioned unidirectional digital broadcast television system, the CA system realizes that by access authentication of user and service authorization the fail safe of its realization concentrates on terminal fully, provides its detailed process below.
At fore-end, existing CA system adopts triple key mechanisms to come the transmission program is encrypted:
1, with scrambler 112, control word according to 117 generations of control word (CW) generator, to the pseudo-random sequence generator start trigger, produce new pseudo random sequence business information is carried out scrambling, control word is one group of random number, every a few second change at random once, receiving terminal will be under the control of same control word descrambling;
2, the control word that produces with 114 pairs of control words of encryption equipment (CW) generator 117 is encrypted, and puts into Entitlement Control Message (ECM);
3, the customer management information that provides with 113 pairs of Subscriber Management Systems 119 of encryption equipment is encrypted, and forms Entitlement Management Message (EMM).Information after the encryption and programme information (PSI) are compound through recombiner 111, form business information, and this business information is transferred to terminal part 130 by radio network 120 after scrambler 112 scramblings.
At terminal part 130, existing CA system is deciphered EMM by decipher 134 usefulness PDK (individual subscriber distributing key) earlier, takes out business cipher key (SK), sends to safe processor 135, and judges whether this terminal has the right to receive professional.If have the right, then use business cipher key SK that the control word CW among the ECM is deciphered out by decipher 133, then CW is offered descrambler 132 and use.This control word of descrambler 132 usefulness is carried out descrambling, and the information behind the descrambling sends to separates recombiner 131; Otherwise can not receive business information.
Existing CA system user access authentication from above and service authorization scheme because of the CA system is subjected to the restriction of unilateral network, makes this scheme not only complicated, and have some shortcomings aspect fail safes as can be seen:
1. the ability that depends on terminal is concentrated in its fail safe, in case algorithm is cracked all being exposed to fully under the stolen threat of separating Anywhere in the systemic effect field.
2. existing C A system can't authenticate concrete service authorization, so be difficult to prevent illegal business.
3. because of the one-way of existing CA system configuration, the complete and apparatus bound of its enciphering and deciphering algorithm has enough opportunity analysiies to crack scheme fully so steal the person of separating, and ancillary methods such as backup algorithm also can't remedy this essential defect.Therefore existing CA security of system is not high.
Europe DVB (Digital Video Broadcasting) tissue once proposed the scheme of relevant interactive digital broadcast TV network, in this scheme, fore-end not only links to each other with terminal part by radio network, fore-end also links to each other with terminal part by the Internet simultaneously, use this scheme and can realize interactive services such as broadcasting service and program request, that is to say the interactive function that can increase the digital broadcast television network.The interactive digital broadcast TV network can increase the two-way interactive function of television network broadcast, can set up powerful user and Business Management Platform simultaneously, and runing of radio data system of realization can be managed.Though also do not have actual implementation at present,, have bright development prospect because the power that the interactive digital broadcast TV network has is a direction of digital broadcast television network development.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of safety access method and device of digital broadcast television network, improve the fail safe of digital broadcast television network.
For achieving the above object, the safety access method that a kind of digital broadcast television system is provided of the present invention, this method may further comprise the steps:
1) fore-end at digital broadcast television system is provided with the service management control unit, at the terminal part of digital broadcast television network system the interactive service processing unit is set,
Described service management control unit is connected to the Internet, described interactive service processing unit is connected to the Internet, set up the interactive digital broadcast television system;
2) when terminal part is started shooting, use user's access protocol of the Internet itself that this terminal part is carried out user's access interaction network authentication, the Internet will send to the service management control unit of fore-end by the user profile of user's access interaction network authentication;
3) the service management control unit carries out the subscriber access system authentication according to the user profile that receives to the terminal part by user's access interaction network authentication, will insert digital broadcast television system by the terminal part of subscriber access system authentication.
Wherein, the authentication of the described subscriber access system of step 3) can compare realization by the user profile that will receive and self stored user information by the service management control unit.
This method may further include: after the subscriber access system authentication is passed through, business begin or professional the switching before, terminal part is by user profile and the service management information of the Internet with self, send to the service management control unit of fore-end, the service management control unit carries out the customer service authorization identifying according to this user profile and service management information, authentication result is returned to terminal part by the Internet, and terminal part obtains business information according to authentication result.
The described Internet can be the wireless interaction network, comprise: global system for mobile communications (GSM) network or GPRS (GPRS) network, or Wideband Code Division Multiple Access (WCDMA) (WCDMA) cordless communication network, or CDMA 2000 cordless communication networks, or mobile broadband wireless inserts (MBWA) network.Described step 1) can further include: the service management control unit is set to interconnective service management module and message control module, message control module is linked to each other with system original recombiner, simultaneously message control module is linked to each other with the Internet by the authentication interactive interface, the service management module links to each other with the Internet by business interface.
When the Internet is the WCDMA network, described step 2) can for: at first terminal part reads user profile from smart card system, the terminal part and the Internet connect then, carry out user's registration, core net (CN) in the Internet sends to smart card system with authentication request message by the interactive service processing unit in the terminal part simultaneously, smart card system carries out the authentication computing according to this message, and authenticating result sent to CN by the interactive service processing unit in the terminal part again, CN carries out the access interaction network authentication according to this authenticating result to the user of terminal part, will send to the message control module of fore-end by the user profile of access interaction network authentication by the authentication interactive interface; The interactive service processing unit of terminal part will do not returned to by the user profile of access interaction network authentication.
Described step 2), can be by the aaa authentication server among the CN, authenticate according to the wireless aaa authentication agreement of the Internet itself.
Described step 2) can further include: during the terminal part start, the interactive service processing unit will send to the Internet by the individual subscriber identification number (PIN) that smart card system receives, and the Internet carries out authentication to this number.
When the Internet is the WCDMA network, the detailed process of described customer service authorization identifying can for: terminal part is with user profile and service requesting information, send to the GPRS node (SGSN) of CN in the Internet by the interactive service processing unit, SGSN is forwarded to gateway GPRS node (GGSN) with this information, after the GGSN route, this information is sent to the service management module of fore-end by business interface, the service management module is finished the real time business switching according to service requesting information, message control module judges according to service requesting information and user profile whether this user has authority to use this business simultaneously, if have, to confirm that then authorization message through the service management module, returns to terminal part by the Internet again by business interface; Otherwise will not carry out business information and return to terminal part.
The described authorization message of returning terminal part can be the professional control word of control word generator generation, and terminal part carries out descrambling to the business of being asked by descrambler according to the professional control word of receiving, obtains corresponding service.
Described customer service authorization identifying process may further include: message control module begins the user of terminal part is chargeed returning the affirmation authorization message to terminal part when.
Simultaneously, the invention provides a kind of safe access device of digital broadcast television system, be applied to the interactive digital broadcast TV network, this device comprises fore-end and terminal part, and its fore-end comprises recombiner, scrambler, control word generator, and recombiner links to each other with scrambler, scrambler links to each other with radio network, terminal part comprises separates recombiner, descrambler, separates recombiner and links to each other with descrambler, and descrambler links to each other with radio network;
Described fore-end, further comprise the service management control unit, this service management control unit is used for receiving from the Internet, and the user profile of having passed through the access interaction network authentication carries out the subscriber access system authentication, and authentication result returned to terminal part through the Internet; Wherein,
Control word generator is connected between the scrambler and the Internet, and the service management control unit is connected between the recombiner and the Internet;
Described terminal part, further comprise the interactive service processing unit, this interactive service processing unit is used for the user profile that will read from smart card system, send to the Internet and carry out the access interaction network authentication, and receive access interaction network authentication result and subscriber access system authentication result from the Internet; Wherein,
The interactive service processing unit is connected between the descrambler and the Internet, the interactive service processing unit with separate recombiner and link to each other, and the interactive service processing unit links to each other with a smart card system.
Described service management control unit can further comprise: service management module and message control module, described message control module is used to receive and is sent from the Internet by the authentication interactive interface, and passed through the user profile of access interaction network authentication, and carry out subscriber access system authentication, and authentication result is returned to terminal part by the authentication interactive interface through the Internet according to this user profile; Wherein,
Service management module and message control module interconnect, and message control module links to each other with recombiner, and message control module by the authentication interactive interface link to each other with the Internet, the service management module links to each other with the Internet by business interface.
The present invention also provides a kind of safety of digital broadcast television system to insert fore device, is applied to the interactive digital broadcast TV network, and this device comprises recombiner, scrambler, control word generator, and recombiner links to each other with scrambler, and scrambler links to each other with radio network,
This device further comprises the service management control unit; Be used for and user profile that passed through access interaction network authentication that receive from the Internet are carried out the subscriber access system authentication, and authentication result is sent through the Internet; Wherein,
Control word generator is connected between the scrambler and the Internet, and the service management control unit is connected between the recombiner and the Internet.
Described service management control unit can further comprise: service management module and message control module; Described message control module is used to receive and is sent from the Internet by the authentication interactive interface, and passed through the user profile of access interaction network authentication, and carry out subscriber access system authentication, and authentication result is sent by the authentication interactive interface according to this user profile; Wherein,
Service management module and message control module interconnect, and message control module links to each other with recombiner, and message control module by the authentication interactive interface link to each other with the Internet, the service management module links to each other with the Internet by business interface.
The present invention provides a kind of safety of digital broadcast television system device that accesses terminal again, is applied to the interactive digital broadcast TV network, and this device comprises separates recombiner, descrambler, separates recombiner and links to each other with descrambler, and descrambler links to each other with radio network,
This device further comprises the interactive service processing unit, be used for the user profile that will read from smart card system, send to the Internet and carry out the access interaction network authentication, and receive access interaction network authentication result and subscriber access system authentication result from the Internet; Wherein,
The interactive service processing unit is connected between the descrambler and the Internet, the interactive service processing unit with separate recombiner and link to each other, and the interactive service processing unit links to each other with a smart card system.
Wherein, smart card system can be the SIM card system.
By technical scheme of the present invention as seen, the safety access method of this digital broadcast television network of the present invention, be start access authentication and the service authorization authentication that realizes the interactive digital broadcast TV by the Internet, overcome original CA system fully by secret key encryption and the defective of poor stability, simultaneously on structure, simple more than original system, also just easier realization.The core of encryption mechanism of the present invention is the authentication and authorization of front end, is in controllable state concerning operator, and the core that has solved existing CA system encryption mechanism is the key of terminal, then is in the problem of uncontrollable state for operator.
Description of drawings
Fig. 1 is the realization schematic diagram of CA system in the existing unidirectional digital broadcast television system;
Fig. 2 is the interactive digital broadcast television system schematic diagram of a preferred embodiment of inventive method;
Fig. 3 is a terminal part access interaction digital broadcast television system process schematic diagram embodiment illustrated in fig. 2;
Fig. 4 is a terminal part service authorization verification process schematic diagram embodiment illustrated in fig. 2.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, below in conjunction with embodiment and accompanying drawing, the present invention is described in more detail.
The invention provides a kind of safety access method and device of digital broadcast television network, its main method is to set up the interactive digital broadcast television system, set up the mutual of bi-directional point to multipoint by the Internet, the safety that realizes terminal part inserts, and its safe access device is provided with by this method.The invention enables authentication and authorization fully by control centre's unified management of front end, therefore make equipment break away from safety system fully, thereby make equipment platform open fully, steal the person of separating and also just lost the ample scope for abilities.
Referring to Fig. 2, Fig. 2 is the interactive digital broadcast television system schematic diagram of a preferred embodiment of inventive method.The present invention transforms existing unidirectional digital broadcast television system, has formed safe access device of the present invention:
Just in the fore device, be provided with service management control unit 213 at fore-end 210, keep recombiner 211, scrambler 212, control word generator 214 in the original system; Connect recombiner 211 and scrambler 212, connect scrambler 212 and radio network 221, control word generator 214 is connected between the scrambler 212 and the Internet 222, service management control unit 213 is arranged between the recombiner 211 and the Internet 222.
In the present embodiment, service management control unit 213 is split as interconnective service management module 215 and message control module 216, message control module 216 is linked to each other with recombiner 211, simultaneously message control module 216 is linked to each other with the Internet 222 by the authentication interactive interface, service management module 215 links to each other with the Internet 222 by business interface.
In the present embodiment, do not use two encryption equipments 113 and 114 in the original system, certainly, if hand in the radio data system of family, not all terminal part 230 all links to each other with the Internet 222, and exist severally during not with terminal part 230 that the Internet 222 is connected, and should keep this two encryption equipments, the terminal part 230 that does not connect the Internet 222 equally also should keep corresponding two deciphers.
Just in the terminal installation, be provided with interactive service processing unit 233 at terminal part 230, keep and separate recombiner 231, descrambler 232 in the original system; Connect and separate recombiner 231 and descrambler 232, connect descrambler 232 and radio network 221, interactive service processing unit 233 is arranged between the descrambler 232 and the Internet 222, connect interactive service processing unit 233 simultaneously and separate recombiner 231, and connecting an interactive service processing unit 233 and a smart card system 234, smart card system 234 can be the SIM card system that uses always.
The Internet 222 that is connected among the present invention can be the wireless interaction network, can adopt main flow honeycomb standard: global system for mobile communications (GSM) network or GPRS (GPRS) network, or Wideband Code Division Multiple Access (WCDMA) (WCDMA) cordless communication network, or CDMA 2000 cordless communication networks, it also can be the mobile broadband wireless access networks network (MBWA) of non-mainstream system, but but take all factors into consideration from technology maturation, cost generalization etc., should select the honeycomb standard.In the present embodiment with the WCDMA cordless communication network as the wireless interaction network formats, realize.
Therefore, as shown in Figure 2, message control module 216 links to each other by the wireless aaa authentication server 224 in the wireless core network packet domain 223 in authentication interface and the Internet 222 in the present embodiment; Service management module 215 is by business interface, and Gi interface just in the present embodiment links to each other with fire compartment wall 225 in the wireless core network packet domain 223; Interactive service processing unit 233 links to each other with WCDMA wireless access network 228 in the Internet 222.
Referring to Fig. 3, Fig. 3 is a terminal part access interaction digital broadcast television system process schematic diagram embodiment illustrated in fig. 2;
As shown in Figure 3, two basic processes that comprise of terminal part access interaction digital broadcast television system are:
The first, user's access interaction network authentication.
When terminal part is started shooting, at first terminal part reads user profile from smart card system, the terminal part and the Internet connect then, the SGSN that user profile is sent among the CN in the Internet carries out user's registration, and user profile sent to the WAAA server, the WAAA server sends to smart card system with authentication request message by the interactive service processing unit in the terminal part, smart card system carries out the authentication computing according to this message, and authenticating result sent to WAAA server among the CN by the interactive service processing unit in the terminal part again, CN according in this authenticating result of WAAA server terminal part is carried out user's access interaction network authentication.
Whole authentication process is that the wireless aaa authentication agreement according to WCDMA network itself authenticates, and the start verification process when this process inserts the WCDMA network to the WCDMA mobile phone is similar, and just user profile is different.
By the user profile of authentication, authenticated interactive interface sends to the message control module of fore-end, does not return to the interactive service processing unit of terminal part by the user profile of authentication.
In addition, during the terminal part start, the interactive service processing unit can also send to the Internet by the individual subscriber identification number (PIN) that smart card system receives, and the Internet carries out authentication to this number.This process is also identical with the process that the WCDMA network carries out authentication to WCDMA cellphone subscriber PIN (PIN).
Second: the subscriber access system authentication.
Message control module compares to carry out the subscriber access system authentication by user profile and self stored user information that will receive.
That is to say that message control module carries out the subscriber access system authentication to the user profile that receives by the interactive authentication interface from the WAAA server.Message control module is according to user profile indication user's bill information, balance amount information and professional control, the control etc. of loading, judge this user using system business of can having the right, provide judgement information and utilize the Internet to pass user terminal back by the interactive authentication interface once more.
Like this, by the Internet, terminal prevents the disabled user as long as carry out above-mentioned authentication once starting shooting.
In the present embodiment,, when obtaining business, also need to carry out the service authorization authentication, prevent illegal business through the legal terminal part after the authentication.Promptly business begin and professional the switching before, service request from user is carried out the service authorization authentication.
Fig. 4 is a terminal part service authorization verification process schematic diagram embodiment illustrated in fig. 2.
As shown in Figure 4, at first terminal part is with user profile and service requesting information, send to the GPRS node (SGSN) of CN in the Internet by the interactive service processing unit, SGSN is forwarded to gateway GPRS node (GGSN) with this information, GGSN provides route this information to be sent to the service management module of fore-end by business interface, the service management module is transmitted to message control module with this information, the service management module is finished the real time business switching according to service requesting information, message control module judges according to service requesting information and user profile whether this user has authority to use this business simultaneously, if have, then will confirm authorization message, the professional control word of control word generator generation just returns to terminal part by the Internet through the service management module again by business interface; Otherwise will not carry out business information and return to terminal part.Terminal part is beamed back confirmation to message control module, according to the professional control word of receiving the business of being asked is carried out descrambling by descrambler simultaneously, obtains corresponding service.Message control module begins the user of terminal part is chargeed returning the affirmation authorization message to terminal part when.
User terminal is in case wish to stop professional, then send termination message, be similar to the service authorization process, user profile and request stop business information, reach the service management module by the Internet through the Gi interface, the service management module stops business information according to request and finishes the real time business termination, and message control module stops this user is chargeed simultaneously, then professional terminate-ack information is passed again back the user of terminal part by the Internet by the Gi interface through the service management module.
By the above embodiments as seen, the safety access method of this digital broadcast television network of the present invention has overcome original CA system fully by secret key encryption and the defective of poor stability, and simultaneity factor is simple in structure, realizes easily.The core of encryption mechanism is the authentication and authorization of front end among the present invention, is in controllable state concerning operator, and the core that has solved existing CA system encryption mechanism is the key of terminal, then is in the problem of uncontrollable state for operator.
Claims (17)
1, a kind of safety access method of digital broadcast television system is characterized in that, this method may further comprise the steps:
1) fore-end at digital broadcast television system is provided with the service management control unit, at the terminal part of digital broadcast television network system the interactive service processing unit is set,
Described service management control unit is connected to the Internet, described interactive service processing unit is connected to the Internet, set up the interactive digital broadcast television system;
2) when terminal part is started shooting, use user's access protocol of the Internet itself that this terminal part is carried out user's access interaction network authentication, the Internet will send to the service management control unit of fore-end by the user profile of user's access interaction network authentication;
3) the service management control unit carries out the subscriber access system authentication according to the user profile that receives to the terminal part by user's access interaction network authentication, will insert digital broadcast television system by the terminal part of subscriber access system authentication.
2, safety access method as claimed in claim 1 is characterized in that, the described subscriber access system authentication of step 3) is that the service management control unit compares realization by user profile and self stored user information that will receive.
3, safety access method as claimed in claim 1, it is characterized in that, this method further comprises: after the subscriber access system authentication is passed through, business begin or professional the switching before, terminal part is by user profile and the service management information of the Internet with self, send to the service management control unit of fore-end, the service management control unit carries out the customer service authorization identifying according to this user profile and service management information, authentication result is returned to terminal part by the Internet, and terminal part obtains business information according to authentication result.
4, safety access method as claimed in claim 3, it is characterized in that, the described Internet is the wireless interaction network, comprise: global system for mobile communications (GSM) network or GPRS (GPRS) network, or Wideband Code Division Multiple Access (WCDMA) (WCDMA) cordless communication network, or CDMA 2000 cordless communication networks, or mobile broadband wireless inserts (MBWA) network.
5, as claim 1 or 4 described safety access methods, it is characterized in that, described step 1) further comprises: the service management control unit is set to interconnective service management module and message control module, message control module is linked to each other with system original recombiner, simultaneously message control module is linked to each other with the Internet by the authentication interactive interface, the service management module links to each other with the Internet by business interface.
6, safety access method as claimed in claim 5, it is characterized in that, when the Internet is the WCDMA network, described step 2) be: at first terminal part reads user profile from smart card system, the terminal part and the Internet connect then, carry out user's registration, core net (CN) in the Internet sends to smart card system with authentication request message by the interactive service processing unit in the terminal part simultaneously, smart card system carries out the authentication computing according to this message, and authenticating result sent to CN by the interactive service processing unit in the terminal part again, CN carries out the access interaction network authentication according to this authenticating result to the user of terminal part, will send to the message control module of fore-end by the user profile of access interaction network authentication by the authentication interactive interface; The interactive service processing unit of terminal part will do not returned to by the user profile of access interaction network authentication.
7, safety access method as claimed in claim 6 is characterized in that, described step 2), be by the aaa authentication server among the CN, recognize according to the wireless aaa authentication agreement of the Internet itself and levy.
8, safety access method as claimed in claim 6, it is characterized in that, described step 2) further comprises: during the terminal part start, the interactive service processing unit will send to the Internet by the individual subscriber identification number (PIN) that smart card system receives, and the Internet carries out authentication to this number.
9, safety access method as claimed in claim 5, it is characterized in that, when the Internet is the WCDMA network, the detailed process of described customer service authorization identifying is: terminal part sends to user profile and service requesting information the GPRS node (SGSN) of CN in the Internet by the interactive service processing unit, SGSN is forwarded to gateway GPRS node (GGSN) with this information, after the GGSN route, business interface sends to this information the service management module of fore-end, the service management module is finished the real time business switching according to service requesting information, message control module judges according to service requesting information and user profile whether this user has authority to use this business simultaneously, if have, to confirm that then authorization message through the service management module, returns to terminal part by the Internet again by business interface; Otherwise will not carry out business information and return to terminal part.
10, safety access method as claimed in claim 9, it is characterized in that, the described authorization message of returning terminal part is the professional control word that control word generator produces, and terminal part carries out descrambling to the business of being asked by descrambler according to the professional control word of receiving, obtains corresponding service.
11, safety access method as claimed in claim 9, it is characterized in that, described customer service authorization identifying process further comprises: message control module begins the user of terminal part is chargeed returning the affirmation authorization message to terminal part when.
12, a kind of safe access device of digital broadcast television system, be applied to the interactive digital broadcast TV network, this device comprises fore-end and terminal part, its fore-end comprises recombiner, scrambler, control word generator, recombiner links to each other with scrambler, and scrambler links to each other with radio network, and terminal part comprises separates recombiner, descrambler, separate recombiner and link to each other with descrambler, descrambler links to each other with radio network; It is characterized in that:
Described fore-end, further comprise the service management control unit, this service management control unit is used for receiving from the Internet, and the user profile of having passed through the access interaction network authentication carries out the subscriber access system authentication, and authentication result returned to terminal part through the Internet; Wherein,
Control word generator is connected between the scrambler and the Internet, and the service management control unit is connected between the recombiner and the Internet;
Described terminal part, further comprise the interactive service processing unit, this interactive service processing unit is used for the user profile that will read from smart card system, send to the Internet and carry out the access interaction network authentication, and receive access interaction network authentication result and subscriber access system authentication result from the Internet; Wherein,
The interactive service processing unit is connected between the descrambler and the Internet, the interactive service processing unit with separate recombiner and link to each other, and the interactive service processing unit links to each other with a smart card system.
13, safe access device as claimed in claim 12, it is characterized in that, described service management control unit further comprises: service management module and message control module, described message control module is used to receive and is sent from the Internet by the authentication interactive interface, and passed through the user profile of access interaction network authentication, and carry out subscriber access system authentication, and authentication result is returned to terminal part by the authentication interactive interface through the Internet according to this user profile; Wherein,
Service management module and message control module interconnect, and message control module links to each other with recombiner, and message control module by the authentication interactive interface link to each other with the Internet, the service management module links to each other with the Internet by business interface.
14, a kind of safety of digital broadcast television system inserts fore device, is applied to the interactive digital broadcast TV network, and this device comprises recombiner, scrambler, control word generator, and recombiner links to each other with scrambler, and scrambler links to each other with radio network, it is characterized in that:
This device further comprises the service management control unit; Be used for and user profile that passed through access interaction network authentication that receive from the Internet are carried out the subscriber access system authentication, and authentication result is sent through the Internet; Wherein,
Control word generator is connected between the scrambler and the Internet, and the service management control unit is connected between the recombiner and the Internet.
15, safety as claimed in claim 14 inserts fore device, it is characterized in that described service management control unit further comprises: service management module and message control module; Described message control module is used to receive and is sent from the Internet by the authentication interactive interface, and passed through the user profile of access interaction network authentication, and carry out subscriber access system authentication, and authentication result is sent by the authentication interactive interface according to this user profile; Wherein,
Service management module and message control module interconnect, and message control module links to each other with recombiner, and message control module by the authentication interactive interface link to each other with the Internet, the service management module links to each other with the Internet by business interface.
16, a kind of safety of digital broadcast television system device that accesses terminal is applied to the interactive digital broadcast TV network, and this device comprises separates recombiner, descrambler, separates recombiner and links to each other with descrambler, and descrambler links to each other with radio network, it is characterized in that:
This device further comprises the interactive service processing unit, be used for the user profile that will read from smart card system, send to the Internet and carry out the access interaction network authentication, and receive access interaction network authentication result and subscriber access system authentication result from the Internet; Wherein,
The interactive service processing unit is connected between the descrambler and the Internet, the interactive service processing unit with separate recombiner and link to each other, and the interactive service processing unit links to each other with a smart card system.
17, the safety as claimed in claim 16 device that accesses terminal, it is characterized in that: described smart card system is the SIM card system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031192238A CN1315324C (en) | 2003-03-05 | 2003-03-05 | Safe access method and device for digital broadcast television network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031192238A CN1315324C (en) | 2003-03-05 | 2003-03-05 | Safe access method and device for digital broadcast television network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1527600A true CN1527600A (en) | 2004-09-08 |
| CN1315324C CN1315324C (en) | 2007-05-09 |
Family
ID=34285021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031192238A Expired - Fee Related CN1315324C (en) | 2003-03-05 | 2003-03-05 | Safe access method and device for digital broadcast television network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1315324C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100383695C (en) * | 2005-05-11 | 2008-04-23 | 联想(北京)有限公司 | Safety turn-on method in visual range |
| CN101848049A (en) * | 2010-03-18 | 2010-09-29 | 鸿富锦精密工业(深圳)有限公司 | Information service system based on digital broadcasting |
| CN101399960B (en) * | 2007-09-25 | 2010-12-01 | 中兴通讯股份有限公司 | Program stream key encryption method and system in broadcast type mobile television service |
| CN102075524A (en) * | 2010-12-28 | 2011-05-25 | 广东楚天龙智能卡有限公司 | Method for starting digital media interactive service through intelligent card |
| CN101513044B (en) * | 2006-09-04 | 2012-06-27 | 诺基亚西门子通信有限责任两合公司 | Personalizing any TV gateway |
| CN103024474A (en) * | 2012-11-30 | 2013-04-03 | 北京视博数字电视科技有限公司 | System and method for safely receiving and distributing of radio and television contents and internet gateway device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101146209B (en) * | 2007-09-26 | 2011-05-25 | 中兴通讯股份有限公司 | A method and system for program stream secret key encryption in mobile multi-media broadcasting service |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5574787A (en) * | 1994-07-25 | 1996-11-12 | Ryan; John O. | Apparatus and method for comprehensive copy protection for video platforms and unprotected source material |
| US5586121A (en) * | 1995-04-21 | 1996-12-17 | Hybrid Networks, Inc. | Asymmetric hybrid access system and method |
| GB2334361A (en) * | 1997-09-29 | 1999-08-18 | Nds Ltd | A portable subscriber unit for controlling access to television transmissions via wireless communication |
| US20020188566A1 (en) * | 2001-06-11 | 2002-12-12 | Eastman Kodak Company | Access to electronic content over a network using a hybrid optical disc for authentication |
-
2003
- 2003-03-05 CN CNB031192238A patent/CN1315324C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100383695C (en) * | 2005-05-11 | 2008-04-23 | 联想(北京)有限公司 | Safety turn-on method in visual range |
| CN101513044B (en) * | 2006-09-04 | 2012-06-27 | 诺基亚西门子通信有限责任两合公司 | Personalizing any TV gateway |
| CN101399960B (en) * | 2007-09-25 | 2010-12-01 | 中兴通讯股份有限公司 | Program stream key encryption method and system in broadcast type mobile television service |
| CN101848049A (en) * | 2010-03-18 | 2010-09-29 | 鸿富锦精密工业(深圳)有限公司 | Information service system based on digital broadcasting |
| CN102075524A (en) * | 2010-12-28 | 2011-05-25 | 广东楚天龙智能卡有限公司 | Method for starting digital media interactive service through intelligent card |
| CN102075524B (en) * | 2010-12-28 | 2013-04-17 | 广东楚天龙智能卡有限公司 | Method for starting digital media interactive service through intelligent card |
| CN103024474A (en) * | 2012-11-30 | 2013-04-03 | 北京视博数字电视科技有限公司 | System and method for safely receiving and distributing of radio and television contents and internet gateway device |
| CN103024474B (en) * | 2012-11-30 | 2018-05-04 | 北京视博数字电视科技有限公司 | Broadcast television content receives safely system, method and the gateway device with distribution |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1315324C (en) | 2007-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2547446C2 (en) | Method of access to services provided by subscriber module | |
| KR101334763B1 (en) | Method of controlling access to a scrambled content | |
| CN101192926B (en) | Account protection method and system | |
| CN101076109B (en) | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it | |
| CN1643924A (en) | Smart card mating protocol | |
| CN100442839C (en) | Information transmitting method and apparatus for interactive digital broadcast television system | |
| CN1303538C (en) | Method ans system for distribution of encrypted data in a mobile network | |
| CN1518361A (en) | System for receiving broadcast digital data | |
| US20070204290A1 (en) | Method for Protecting Contents of Broadband Video/Audio Broadcast | |
| CN102685086A (en) | File access method and system | |
| JP2002016901A (en) | Broadcast reception method and broadcast receiver, information distribution method and information distributing device | |
| WO2010062028A2 (en) | Method for downloading conditional access system for digital broadcasting | |
| CN110427762B (en) | Encryption and decryption method for realizing video security transmission of power monitoring system | |
| CN100344160C (en) | Method for realizing acquisition of user on-line information | |
| CN1315324C (en) | Safe access method and device for digital broadcast television network | |
| CN101018317A (en) | A virtual intelligent card security authentication method and system | |
| US20080103973A1 (en) | Electronic surveillance method and system | |
| CN100551034C (en) | A kind of mobile multi-media service implementation method and condition receiving system | |
| CN100574320C (en) | A kind of method and terminal installation thereof that improves the safety certification video monitoring | |
| CN111246259A (en) | Broadcast encryption system based on zero knowledge proof | |
| CN1174620C (en) | Impulse pay per use method and system for data and multimedia service | |
| CN1992710A (en) | Secure interactive method for user terminal accessing soft switching network | |
| KR20080088012A (en) | Method of combined certification of plural terminals using user identification | |
| CN101438564A (en) | Device, system and method for service delivery with anti-emulation mechanism | |
| CN108400967A (en) | A kind of method for authenticating and right discriminating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070509 Termination date: 20200305 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |