CN1917566A - System and method for registering, authenticating, and authorizing digital TV - Google Patents
System and method for registering, authenticating, and authorizing digital TV Download PDFInfo
- Publication number
- CN1917566A CN1917566A CNA2006101127081A CN200610112708A CN1917566A CN 1917566 A CN1917566 A CN 1917566A CN A2006101127081 A CNA2006101127081 A CN A2006101127081A CN 200610112708 A CN200610112708 A CN 200610112708A CN 1917566 A CN1917566 A CN 1917566A
- Authority
- CN
- China
- Prior art keywords
- message
- entitlement
- user
- module
- top box
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The system thereof comprises a master console, several slave control desks and multi set-top box transplantation databases distributed on the set-top box. Wherein, the master console communicates with the slave control desks using virtual private network; the set-top transplantation databases communicate with the master console using the two-way return network. With newly-added user register management module, key management module, distributed sub-system interface, two-way service gateway module, improved authorization information generator and authorization information inserter, the invention can achieves the dynamic distribution of dynamic key and authorization management information.
Description
Technical field
The present invention relates to a kind of authentication registration authoring system (abbreviating the RAS system as) that is used for digital television system, also relate to simultaneously the method for utilizing this Digital Television authentication registration authoring system to realize dynamic key mechanism, the dynamic distribution mechanisms of Entitlement Management Message and the anti-piracy mechanism of active, belong to the digital television techniques field.
Background technology
The Digital Television industry of China has entered Rapid development stage.SARFT(The State Administration of Radio and Television) has worked out and has issued the relevant policies that advance the whole conversion of television digitization successively, and issued " China's cable TV is to the digitlization transition timetable ", requirement is at round Realization digital broadcast television in 2010, stops the broadcast of analog TV broadcasting in 2015.According to " broadcast and television information " issue " report of 2005-2006 China Digital TV industry " demonstration, by the end of the year 2005, Chinese cable digital TV user reaches 439.3 ten thousand, to the end of the year 2006 this numeral will break through 1,000 ten thousand.
Digital television system mainly comprises front end broadcast system, business management system, HFC (hybrid fiber coax) network and passback service network.Wherein, the front end broadcast system comprises decoder, multiplexer, scrambler and modulator, is used to realize the broadcast of digital television signal; Business management system comprises service distribution system, RAS authentication registration authoring system, Subscriber Management System and switch etc.; The HFC net is the catv network that carries out wideband digital communication, and it provides the base hardware platform of digital television service.The passback service network is the communication network that provides information interaction to serve for digital cable customers and business management system.
A kind of important technology characteristics of Digital Television are to provide interactive video on demand service.The future thrust of TV has been represented in this video on demand service, is a revolution to traditional tv, is the main motive force of Digital Television.Because the user can in order to safeguard television program designing person's interests, be necessary by certain technological means user's rights of using to be managed concentratedly and controlled according to the needs demand TV program of self.This technological means is exactly a RAS authentication registration authoring system, and it is one of key link that realizes the Digital Television industrialization.
At present, mainly contain the IPTV system, this 2 class technology of IP_QAM VOD system is supported the two-way interaction digital television business.The IPTV system transmits audio/video program on IP network, be the application that is tending towards traditional Internet, and therefore defectives such as delivery flow rate is big, network requirement height are arranged.IP_QAM transmits audio/video program in hfc plant, band is outer to transmit the program request instruction, and it is limited to have an access point access capability, shortcomings such as system implementation cost height, system topological complexity.
In application number is 200310110728.1 Chinese invention patent application " two-way real-time authentication digital television conditional access system ", with the CA in the digital TV front-end system (condition reception) access server by IP (interconnection protocol) network with by the IP module, IP module in the user side set-top box of DVB (digital television broadcasting) module and descrambler composition is connected, the IP module is connected with DVB module in the user side set-top box, the DVB module is connected with the descrambler of user side set-top box, and descrambler rises by HFC (hybred fiber-coax) network and mixing in the digital TV front-end system and is connected.It is safe and reliable, has avoided by the overall danger that cracks, and can monitor in real time online user's state, in time finds the disabled user in the network, can realize interactive application truly such as TVOD (video request program), real-time audience rating statistical.
But the research emphasis of existing digital television conditional access system mainly is in the realization to the scrambling control of program, then do not have in the tissue of business, realization or consideration is seldom arranged, and lacks the corresponding techniques means.Because the existence of these defectives, it is professional single to have caused existing Digital Television industry to exist, and promotes the defective of difficulty.
Under the situation that merging constantly appears in digital broadcast television network and various bilateral network, an urgent demand has a kind of characteristics that can make full use of digital broadcast television network and bilateral network, and the Digital Television authentication registration authoring system of organization business supports the development of digital television business flexibly.This authentication registration authoring system should be able to be at existing hfc plant inner tissue sound, video product, in bilateral network, transmit instruction, receive user's interactive service request, simultaneously guarantee benefits of operators, refinement is carried out scrambling control to program, hits rampant piracy.But just known to the inventor, still there is not the Digital Television authentication registration authoring system that satisfies above-mentioned requirements at present.
Summary of the invention
The purpose of this invention is to provide a kind of authentication registration authoring system that is used for Digital Television.This system is the digital TV terminal receiving equipment to registration, the authentication of front end system, authorizes, adds the plateform system of descrambling, is applicable to the digital television business that possesses the passback path.
Another object of the present invention provides the method for utilizing above-mentioned Digital Television authentication registration authoring system to realize dynamic key mechanism, the dynamic distribution mechanisms of Entitlement Management Message and the anti-piracy mechanism of active.These methods are effective managing digital television users, safeguard the key point of program provider interests.
For realizing above-mentioned goal of the invention, the present invention adopts following technical scheme:
A kind of authentication registration authoring system that is used for digital television system is characterized in that:
Described system comprises master console unit, several branch platform control desk unit that are provided with as required and a plurality of set-top box transplanting storehouse that is distributed on the set-top box;
Wherein, realize communicating by letter by VPN with dividing platform control desk unit in described master console unit, and described set-top box is transplanted the storehouse and communicated by two-way return network and master console unit;
Have the authentication registration authorization message at digital cable customers in described master console unit and the branch platform control desk unit, described set-top box is transplanted described digital cable customers is controlled in the storehouse according to this authentication registration authorization message rating.
Wherein more preferably,
Described master console unit comprises master console, user's registration management module, key management module, distributed subsystem interface, two-way services gateway module;
Also comprise EMM Generator, Entitlement Control Message Generator, Entitlement Management Message inserter and digital TV subscriber management system interface, TV program guide system interface, supervision interface,
Described each module connects center RAS database by local area network (LAN).
Platform control desk unit comprised branch platform control desk, distributed subsystem interface, Entitlement Control Message Generator, Entitlement Management Message inserter in described minute;
Described each module connects by local area network (LAN) and divides platform RAS database.
Described set-top box is transplanted the storehouse and is communicated by two-way return network and described two-way services gateway module.
Described two-way return network is for providing the mobile radio communication of gprs service.
A kind of Digital Television authentication registration authoring system is realized the method for dynamic key mechanism, it is characterized in that:
Key management module dynamically generates private key, generates Entitlement Management Message by EMM Generator, utilizes the two-way services gateway module to be distributed to registration and effective user in the middle of user's registration management module;
The private key that described key management module generates is transferred to the authorization message control generator and is enabled with ciphered program in good time.
Wherein more preferably, the private key of described generation is sent to EMM Generator, and the form that is encapsulated as Entitlement Management Message by EMM Generator is published in the Entitlement Management Message memory module;
The Entitlement Management Message inserter produces the broadcast notice, and notified set-top box obtains private key by two-way return network in the Entitlement Management Message memory module, and the user who has taken private key away no longer appears in the broadcast notice.
A kind of Digital Television authentication registration authoring system is realized the method for the dynamic distribution mechanisms of Entitlement Management Message, it is characterized in that:
During EMM Generator user's in generating user's registration management module Entitlement Management Message, generate a brief new message notification and a complete user authorization management information simultaneously at particular user;
Brief new message notification is inserted in the middle of the broadcasting stream by the Entitlement Management Message inserter;
Complete user authorization management information then stores the thesaurus of two-way services gateway module inside into by the two-way services gateway module.
Wherein more preferably, after set-top box is received described new message notification, in the Entitlement Management Message memory module, obtain complete user authorization management information, return confirmation after the achieving success by two-way return network;
Described authentication registration authoring system is recalled new message notification according to this confirmation in message queue.
A kind of Digital Television authentication registration authoring system is realized the initiatively method of anti-piracy mechanism, it is characterized in that:
User's registration management module is formulated rating sampling rule, simultaneously the rating sample information is passed to Entitlement Control Message Generator;
Entitlement Control Message Generator inserts sample information when eligible, and is broadcast to set-top box transplanting storehouse with Entitlement Control Message;
Set-top box is transplanted the storehouse and by the two-way services gateway module rating record of sampling is delivered to center RAS database at the fixed time;
User's registration management module is located unusual set-top box device after the rating record of uploading is carried out mining analysis;
By EMM Generator and Entitlement Management Message inserter, unusual set-top box is closed down processing.
Digital Television authentication registration authoring system provided by the present invention and authorization method can be used for carrying out in the professional digit broadcasting system such as digital television interaction business, interactive value-added service, one-way digital television business.It is on the basis that present digital television conditional access system all functions are provided, utilize two-way return path to realize, and bidirectional identity authentication and authentication can be provided based on the generation fast of user authorization management information, secure distribution and terminal processes under in-band message notice and the outer safe transmission pattern of band.
Description of drawings
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
Fig. 1 is the composition structural representation of RAS provided by the present invention system.
Fig. 2 is the operation principle schematic diagram of RAS system.
Fig. 3 generates the sequential chart of dynamic key for key management unit.
Fig. 4 realizes the principle schematic of dynamic distribution authorization management information for the RAS system.
Fig. 5 realizes the dynamically sequential chart of distribution of Entitlement Management Message for the RAS system.
Fig. 6 realizes the initiatively sequential chart of anti-piracy mechanism for the RAS system.
Fig. 7 is that the RAS system connects exemplary plot at the equipment of practical application.
Embodiment
RAS provided by the present invention system is the development to digital television conditional access system (abbreviating cas system as).It contains the function of digital television conditional access system on function, but with digital television conditional access system tangible difference is arranged on principle, mechanism, below this is launched detailed explanation.
As shown in Figure 1, this RAS system comprises master console unit, several branch platform control desk unit that are provided with as required and a plurality of set-top box transplanting storehouse that is distributed on the set-top box.Wherein, realize communicating by letter by VPN (VPN) with dividing platform control desk unit in the master console unit, and set-top box is transplanted the storehouse and then communicated by two-way return network and master console unit.The two-way return network here can be a mobile radio communication, wherein preferably can guarantee the gprs service net of user's online at any time.The digital television signal that the HPC network transmits sends above-mentioned master console unit respectively to, divides platform control desk unit and set-top box to transplant the storehouse.
The master console unit mainly comprises master console, has registration, user's registration management module of authentication, management, anti-clone's strategy, have dynamic key issue and managerial ability key management module, be used for the distributed operation of back-up system the distributed subsystem interface, support the issue of dynamic authorization management information and carry out the two-way services gateway module of pirate strategy.In addition, the master console unit also comprises EMM Generator, the generation Entitlement Control Message that generates the privately owned Entitlement Management Message of user, realize Entitlement Control Message Generator, Entitlement Management Message inserter and digital TV subscriber management system interface, TV program guide system interface, the supervision interface of anti-piracy strategy, they also are the parts that native system and traditional CAS module are owned together simultaneously.These modules connect center RAS database by the Local Area Network of 10/100/1000M.
Divide platform control desk unit to comprise branch platform control desk, distributed subsystem interface, Entitlement Control Message Generator, Entitlement Management Message inserter, they connect by the 10/100/1000M local area network (LAN) and divide platform RAS database.The distributed subsystem interface is the master console unit and divides the platform control desk interface that the unit communicates.
In the digital TV network that uses this digital TV authentication registration authoring system,, therefore among set-top box, need the coil insertion device top box to transplant the storehouse because set-top box must be supported RAS mechanism.This set-top box is transplanted the storehouse and is realized communicating by letter with the two-way services gateway module in the master console unit by two-way return network.In this communication process, need BG (borde gateway), operational support systems such as OSS (OSS), VAA provide corresponding support.
In RAS system shown in Figure 1, user's registration management module, key management module, distributed subsystem interface and two-way services gateway module all are the functional modules that the present invention increases newly, and EMM Generator and Entitlement Management Message inserter also are to strengthen on the basis of corresponding function module in existing cas system and improve, thereby can realize the irrealizable function of cas system.
Wherein, the effect of user's registration management module is:
Enable anti-piracy strategy by Entitlement Control Message Generator
By the anti-piracy flow process of EMM Generator start-up system
Collect sampled data
The effect of key management module is:
Key management module dynamically generates password, generates secret Entitlement Management Message by EMM Generator, is distributed to registration and effective user in the middle of user's registration management module by the two-way services gateway module; The password of key management module generation is simultaneously transferred to the authorization message control generator in due course and is enabled ciphered program.
The effect of two-way services gateway module is:
The effect of EMM Generator module is:
End message is synchronous, scheduling broadcast channel content
During the user of EMM Generator in the middle of generating user's registration management module Entitlement Management Message, a brief at particular user new message notification and a complete user authorization management information with generating simultaneously.Brief new message notification information is inserted in the middle of the broadcasting stream by the Entitlement Management Message inserter, stores the branch platform into by the distributed subsystem interface simultaneously, is inserted in the middle of the broadcasting stream by the Entitlement Management Message inserter of minute platform; Complete user authorization management information then stores the thesaurus of two-way services gateway module inside into by the two-way services gateway module.
The effect of Entitlement Management Message inserter module and distribution subsystem interface module is:
Broadcast channel sends the instruction of terminal new message notification
Utilize above-mentioned EMM Generator module, two-way services gateway module and Entitlement Management Message inserter module, distributed subsystem interface module, can constitute dynamic authorization management information (PEMM) distribution mechanisms.To launch detailed explanation to this below.
Fig. 2 has shown the operation principle of this RAS system.Multiplexing module wherein, scrambling module, receiving equipment, programme information generator, information on services generator, SimulCrypt Synchronizer, control word generator, event information managing module all are digital television system front end institute general hardware equipment, do not repeat them here.Access criteria generator, system's Private Data Generator, privately owned programme information generator, privately owned information on services generator, EMM Generator, Entitlement Management Message inserter, Entitlement Management Message memory module, key management unit and anti-piracy manager etc. can realize with software mode, wherein key management unit belongs to above-mentioned key management module, and anti-piracy manager belongs to above-mentioned two-way services gateway module.
This RAS system compares with traditional cas system, and main improvement is embodied in: (1) has strengthened key management; (2) changed the distribution mechanisms of Entitlement Management Message, (3) provide initiatively anti-piracy detecting mechanism.These technological improvements are embodied in to be carried out scrambling to the front end program data and encrypts, and terminal use's data are carried out the descrambling deciphering, in each link to user's empowerment management and anti-piracy mechanism.
Launch specific description below respectively.
1. front end data scrambling encryption flow and terminal descrambling are deciphered flow process
In RAS provided by the present invention system, basic identical about the scrambling encryption flow and the existing C AS system of front end program, but also have significantly difference.This difference is mainly reflected in the flexible management mechanism that the RAS system has adopted key, can realize dynamic key management.
Also there are a great difference in the terminal descrambling deciphering flow process and the existing C AS system of this RAS system.RAS uses the RAS-SIM card to replace common smart card, that the RAS-SIM jig has is safe and reliable, speed fast, can by mobile radio communication realize the subscription authentication authentication, can point-to-point renewal card data etc. series of advantages.
When inserting the watching scrambling ciphered program of the set-top box of RAS-SIM, the authorization message of elder generation's reading and saving in the RAS-SIM card, press traditional approach deciphering, descrambling, decoding, the backstage is from being dynamically connected radio communication channel simultaneously, check the authorization message or the private key data of redaction, if any then collecting content corresponding, return confirmation.
The key that key management module generates can be applied to channel, column, on the time period.The Entitlement Management Message maker is when the Entitlement Management Message that generates, and the different authorization conditions according to the user comprise needed key.Entitlement Control Message Generator uses the key of key management module appointment to encrypt as a level of encrypting when generating Entitlement Control Message.Set-top box is transplanted the storehouse when the deciphering program, and the key that uses appointment is as being decrypted operation.
A main innovation of the present invention just is embodied on the dynamic key mechanism.In the traditional CAS system, the function of key generator is limited, and only has annexation in logic between the EMM Generator; And in RAS provided by the present invention system, there be actual closely the connection between key management unit and EMM Generator and the Entitlement Management Message inserter, at each product (business), key management unit can produce corresponding new private key (secret key).Before new private key was used, the RAS system need confirm the arrival distribution of new private key by the mode of replying with set-top box, enables new private key under the scheduling strategy management.
Key management unit is according to service needed, is in charge of the key of many levels in the whole RAS system, provide key generation, come into force, management such as inefficacy, safeguard the safety of whole RAS system.Key management unit dynamically produces business cipher key (private key), can be each business or private key of service groups distribution.In Set For Current, key management unit is private key of each channel allocation.
Fig. 3 generates the sequential chart of dynamic key for key management unit.The generation of dynamic key, management and issue are finished by key management unit, Entitlement Control Message Generator, EMM Generator, Entitlement Management Message inserter and Entitlement Management Message memory module are collaborative.The private key that generates is sent to EMM Generator, the form that is encapsulated as Entitlement Management Message by EMM Generator is published in the Entitlement Management Message memory module, the Entitlement Management Message inserter produces the broadcast notice, and notified set-top box obtains private key by the radio communication channel of two-way return network in the Entitlement Management Message memory module; All users that taken private key away do not continue to appear in the broadcast notice.When satisfying dispatching management tactful, trigger the renewal of new private key, Entitlement Control Message Generator is brought into use new encrypted private key control word.
Whether the safety of key mainly shows as and is replicated easily and is cracked.In existing C AS system, have only permanent key or " accurate permanent " key of individual layer, and key information is all deposited in terminal, the possibility increase that therefore is replicated.And in this RAS system, key is divided into permanent key and temporary key, need be used jointly.Some level in the middle of the key can be provided with flexibly, and can change fast, this just means has increased the difficulty that key is cracked, as using control word to come the scrambling audio frequency and video, all know control word mechanism, but common people there are not enough conditions to crack control word firmly.
In addition, key can carry out relatedly with the many levels of programme information, can provide the more products organizational form like this, and can refine to and provide independent protection to product.Therefore, multiple program levels such as multichannel packing, single channel, column, time period can be accomplished to control by this RAS system.
The key that key management module generates can be applied to channel, column, on the time period.The Entitlement Management Message maker is when the Entitlement Management Message that generates, and the different authorization conditions according to the user comprise needed key.Entitlement Control Message Generator uses the key of key management module appointment to encrypt as a level of encrypting when generating Entitlement Control Message.Set-top box is transplanted the storehouse when the deciphering program, and the key that uses appointment is as being decrypted operation.
2. subscriber authorisation flow process
There is a great difference in this RAS system about the flow process and the cas system of subscriber authorisation.Use for satisfying user ultra-large under the two-way net environment, the RAS system has adopted the dynamic authorization management distribution of information mechanism that is applicable to two-way net: every user's authorization message is generated independently Entitlement Management Message bag, in radio network, transmit and collect the message informing of new mandate, transmit actual authorization packets by duplex channels such as GPRS.This distribution mechanisms had both satisfied the large user and had measured down requirement to bandwidth and response time, the situation of sending to that can follow the tracks of concrete mandate again.
In this RAS system, the distribution mechanisms of Entitlement Management Message among the CAS under use authority management information generator, Entitlement Management Message memory module, the Entitlement Management Message inserter realization bidirectional conditional.
Fig. 4 is the dynamically sequential chart of distribution of Entitlement Management Message for the RAS system realizes the principle schematic of dynamic distribution authorization management information, Fig. 5.The EMM Generator of RAS produces the mandate (Entitlement Management Message) at the sole user under the process prerequisite of authentification of user, the sole user's of generation Entitlement Management Message leaves in the Entitlement Management Message memory module; RAS is generated user's authorization messages notice by the Entitlement Management Message inserter in broadcast channel, in the code stream be message informing because the Entitlement Management Message inserter is inserted into, and its size only is 1% of traditional Entitlement Management Message; After set-top box is received message informing, in the Entitlement Management Message memory module, obtain real authorization message, return confirmation after successfully obtaining by two-way nets such as GPRS; RAS judges the situation of sending to of authorized user message in view of the above, and message informing was recalled in message queue when mandate had been sent to.
By recalling of outer transmission of the band of Entitlement Management Message authorization packets and message informing, effectively reduce because the user increases the pressure that brings code stream bandwidth and response speed.
In this RAS system, Entitlement Management Message is stored in the Entitlement Management Message memory module, only just new message notification is stored in broadcasting stream loop body.Because the message length of new message notification will be far smaller than traditional Entitlement Management Message, therefore with in the existing cas system Entitlement Management Message all is stored in the broadcast cycle body compares, shared broadcasting stream loop body will reduce greatly.
In existing cas system, Entitlement Management Message is according to the life cycle storage of setting.And in this RAS system, Entitlement Management Message can permanent storage, and the life cycle of new message notification determines according to terminal access.After set-top box receives new message notification and obtains new Entitlement Management Message, this user's new message notification will be deleted by the RAS system from broadcast cycle, to reduce the amount of information in the broadcast cycle.In life cycle, no matter Entitlement Management Message whether is taken away by set-top box, Entitlement Management Message is retained in the broadcast cycle all the time; After life cycle finishes, do not obtain the user who receives Entitlement Management Message and can not collect this Entitlement Management Message.
Among the present invention,, can effectively reduce because the user increases the pressure that brings code stream bandwidth and response speed by recalling of outer transmission of the band of Entitlement Management Message bag and message informing.
After the set-top box transplanting storehouse of coil insertion device top box receives the central new message notification by the insertion of Entitlement Management Message inserter of broadcasting stream, arrive the two-way services gateway module by bilateral network and extract complete user authorization management information; The user authorization management information module is notified user's registration management module after affirmation conveys to complete user authorization management information in set-top box transplanting storehouse, the central new message notification at this user of user's registration management module delete authority management information inserter.
User's registration management module is formulated rating sampling rule, simultaneously the rating sample information is passed to Entitlement Control Message Generator, and Entitlement Control Message Generator inserts sample information when eligible, and is broadcast to set-top box transplanting storehouse with Entitlement Control Message.Set-top box is transplanted the storehouse in due course, by the two-way services gateway module rating record of sampling is delivered to center RAS database.After user's registration management module is carried out mining analysis to the rating record of uploading, locate unusual set-top box device, by EMM Generator and Entitlement Management Message inserter, can close down processing to unusual set-top box, thereby realize empowerment management the user.
3. anti-piracy flow process
In unidirectional network, do not possess the pirate mechanism of initiatively finding, have only by way to manage note abnormalities phenomenon (as the defaulting subscriber do not continue to pay dues all the time, running off appears in promoting service difficulty, user etc.) time, could suspect occur pirate, and can not accurately navigate to which card by pirate or which user by piracy.In case confirm pirate the appearance, can only change key or change card by broadcast channel, replacement cost is high.
At the problems referred to above, this RAS system can provide initiatively anti-piracy early warning mechanism.It carries out data mining according to the user watched behavioural analysis of collecting in anti-piracy manager.When the same user of appearance watches different programs in the identical time period, data analysis will pipe off this user, the possibility that prompting has pirate user to occur.After further confirming, will stop all rating authorities of this user.
This RAS system provides key generator among the key management unit replaced C AS, has realized under the bidirectional conditional among the CAS distribution mechanisms of Entitlement Management Message and increase anti-piracy manager realizing initiatively anti-piracy detecting mechanism with EMM Generator, Entitlement Management Message memory module, Entitlement Management Message inserter.
Fig. 6 is that this RAS system realizes the initiatively sequential chart of anti-piracy mechanism.The Entitlement Management Message inserter sends the instruction of collecting user watched record to the user in a lot number section or zone, the set-top box of this lot number section can be delivered to anti-piracy manager with the rating record successively on the backstage, this part data is carried out Accurate Analysis, when the user who jack per line occurs watches different programs in the identical time period, data analysis will be listed this user in and pay close attention to list, the possibility that prompting has pirate user to occur.After further confirming, pipe off, stop all rating authorities of this number, utilize the customer service means to ensure the rating rights and interests of validated user simultaneously.
Whether the anti-piracy mechanism of this active of RAS not only can confirm to have pirate card to occur, and all right accurate localization which open card by pirate.The rating authority of this card occurs only needing to stop in case confirming pirate card,, avoid the unfavorable situation that occurs changing key on a large scale or change card owing to be that the sole user is handled.
Compare with traditional cas system, this RAS system is finding on the pirate method, adopts the unified mode of collecting, gathering terminal data, confirms abnormal conditions by the analysing terminal behavior, and accurate location can be provided.At abnormal terminals, this RAS system can control specially, and output needle is to report, the notice of abnormal terminals.
Fig. 7 is that this RAS system connects exemplary plot at the equipment of practical application.In the middle of this example, the userbase maximum can be 1,000 ten thousand, divides platform quantity maximum to be 1000 accordingly.In order to satisfy so large-scale application requirements, system can adopt modular organization, and can be by piling up the capacity of using the system that further expands.By distributed level two design and deployment, can realize that the scrambling of the whole network broadcast items under the multistage network topology is encrypted.
Above Digital Television authentication registration authoring system of the present invention and method thereof are had been described in detail.For one of ordinary skill in the art, any conspicuous change of under the prerequisite that does not deviate from connotation of the present invention it being done all will constitute to infringement of patent right of the present invention, with corresponding legal responsibilities.
Claims (10)
1. authentication registration authoring system that is used for digital television system is characterized in that:
Described system comprises master console unit, several branch platform control desk unit that are provided with as required and a plurality of set-top box transplanting storehouse that is distributed on the set-top box;
Wherein, realize communicating by letter by VPN with dividing platform control desk unit in described master console unit, and described set-top box is transplanted the storehouse and communicated by two-way return network and master console unit;
Have the authentication registration authorization message at digital cable customers in described master console unit and the branch platform control desk unit, described set-top box is transplanted described digital cable customers is controlled in the storehouse according to this authentication registration authorization message rating.
2. the authentication registration authoring system that is used for digital television system as claimed in claim 1 is characterized in that:
Described master console unit comprises master console, user's registration management module, key management module, distributed subsystem interface, two-way services gateway module;
Also comprise EMM Generator, Entitlement Control Message Generator, Entitlement Management Message inserter and digital TV subscriber management system interface, TV program guide system interface, supervision interface,
Described each module connects center RAS database by local area network (LAN).
3. the authentication registration authoring system that is used for digital television system as claimed in claim 1 is characterized in that:
Platform control desk unit comprised branch platform control desk, distributed subsystem interface, Entitlement Control Message Generator, Entitlement Management Message inserter in described minute;
Described each module connects by local area network (LAN) and divides platform RAS database.
4. the authentication registration authoring system that is used for digital television system as claimed in claim 1 or 2 is characterized in that:
Described set-top box is transplanted the storehouse and is communicated by two-way return network and described two-way services gateway module.
5. the authentication registration authoring system that is used for digital television system as claimed in claim 1 is characterized in that:
Described two-way return network is for providing the mobile radio communication of gprs service.
6. a Digital Television authentication registration authoring system is realized the method for dynamic key mechanism, it is characterized in that:
Key management module dynamically generates private key, generates Entitlement Management Message by EMM Generator, utilizes the two-way services gateway module to be distributed to registration and effective user in the middle of user's registration management module;
The private key that described key management module generates is transferred to the authorization message control generator and is enabled with ciphered program in good time.
7. Digital Television authentication registration authoring system as claimed in claim 6 is realized the method for dynamic key mechanism, it is characterized in that:
The private key of described generation is sent to EMM Generator, and the form that is encapsulated as Entitlement Management Message by EMM Generator is published in the Entitlement Management Message memory module;
The Entitlement Management Message inserter produces the broadcast notice, and notified set-top box obtains private key by two-way return network in the Entitlement Management Message memory module, and the user who has taken private key away no longer appears in the broadcast notice.
8. a Digital Television authentication registration authoring system is realized the method for the dynamic distribution mechanisms of Entitlement Management Message, it is characterized in that:
During EMM Generator user's in generating user's registration management module Entitlement Management Message, generate a brief new message notification and a complete user authorization management information simultaneously at particular user;
Brief new message notification is inserted in the middle of the broadcasting stream by the Entitlement Management Message inserter;
Complete user authorization management information then stores the thesaurus of two-way services gateway module inside into by the two-way services gateway module.
9. Digital Television authentication registration authoring system as claimed in claim 8 is realized the method for the dynamic distribution mechanisms of Entitlement Management Message, it is characterized in that:
After set-top box is received described new message notification, in the Entitlement Management Message memory module, obtain complete user authorization management information, return confirmation after the achieving success by two-way return network;
Described authentication registration authoring system is recalled new message notification according to this confirmation in message queue.
10. a Digital Television authentication registration authoring system is realized the initiatively method of anti-piracy mechanism, it is characterized in that:
User's registration management module is formulated rating sampling rule, simultaneously the rating sample information is passed to Entitlement Control Message Generator;
Entitlement Control Message Generator inserts sample information when eligible, and is broadcast to set-top box transplanting storehouse with Entitlement Control Message;
Set-top box is transplanted the storehouse and by the two-way services gateway module rating record of sampling is delivered to center RAS database at the fixed time;
User's registration management module is located unusual set-top box device after the rating record of uploading is carried out mining analysis;
By EMM Generator and Entitlement Management Message inserter, unusual set-top box is closed down processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101127081A CN100499736C (en) | 2006-08-30 | 2006-08-30 | System and method for registering, authenticating, and authorizing digital TV |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006101127081A CN100499736C (en) | 2006-08-30 | 2006-08-30 | System and method for registering, authenticating, and authorizing digital TV |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1917566A true CN1917566A (en) | 2007-02-21 |
| CN100499736C CN100499736C (en) | 2009-06-10 |
Family
ID=37738451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006101127081A Expired - Fee Related CN100499736C (en) | 2006-08-30 | 2006-08-30 | System and method for registering, authenticating, and authorizing digital TV |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100499736C (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105491409A (en) * | 2015-12-24 | 2016-04-13 | 北京腾锐视讯科技有限公司 | Enhancement CA system in digital television system |
| CN105704526A (en) * | 2015-12-30 | 2016-06-22 | 北方联合广播电视网络股份有限公司 | DRM implementation method and system for digital television, television gateway and terminal |
-
2006
- 2006-08-30 CN CNB2006101127081A patent/CN100499736C/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105491409A (en) * | 2015-12-24 | 2016-04-13 | 北京腾锐视讯科技有限公司 | Enhancement CA system in digital television system |
| CN105491409B (en) * | 2015-12-24 | 2019-01-08 | 北京腾锐视讯科技有限公司 | Enhance CA system in a kind of digital television system |
| CN105704526A (en) * | 2015-12-30 | 2016-06-22 | 北方联合广播电视网络股份有限公司 | DRM implementation method and system for digital television, television gateway and terminal |
| CN105704526B (en) * | 2015-12-30 | 2019-02-12 | 北方联合广播电视网络股份有限公司 | DRM method and system, TV gateway and the terminal of DTV |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100499736C (en) | 2009-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1168304C (en) | Global copy protection system for digital home networks | |
| CN1241350C (en) | Key allocation method and device in conditional receiving system | |
| CN100548044C (en) | Mobile TV playing control system and playing network and broadcasting method | |
| CN1465159A (en) | Secure packet-based data broadcasting architecture | |
| CN1483258A (en) | Access control enhancements, network access unit and service provider server for delivery of video and other services | |
| US10091537B2 (en) | Method and multimedia unit for processing a digital broadcast transport stream | |
| CN101077006A (en) | Method and apparatus for secure transfer and playback of multimedia content | |
| CN1529987A (en) | System for securely delivering pre-encvypted content on demand with access control | |
| CN101061666A (en) | Method for managing digital rights in broadcast/multicast service | |
| CN1558676A (en) | Multimedia information demanding system and demanding method | |
| US20080059993A1 (en) | Method and system for transmitting and receiving authorization message | |
| CN1372731A (en) | Broadcasting and receiving messages | |
| CN1163073C (en) | Method and system for handling two CA systems in same receiver | |
| CN1946024A (en) | Method and system for identifying service block | |
| CN1549595A (en) | Information transmitting method and apparatus for interactive digital broadcast television system | |
| CN1607831A (en) | Bidirectional real-time authentication digital television conditional receiving system | |
| CN1863041A (en) | Method for implementing network television programme preview | |
| CN1744706A (en) | Method for protecting broadband video-audio broadcasting content | |
| CN1443421A (en) | Secure digital content delivery system and method over broadcast network | |
| CN1720732A (en) | Messaging over mobile phone network for digital multimedia network | |
| CN101031067A (en) | Method for accessing network Tv-set system and terminal and user terminal access apparatus | |
| CN1917566A (en) | System and method for registering, authenticating, and authorizing digital TV | |
| CN101047829A (en) | Mobile multimedia service implementing method and condition receiving system | |
| CN1294755C (en) | Multimedia terminal | |
| CN1615017A (en) | Remote controlled single channel outputting method for concentrating controller in digital analog Tv-set |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090610 Termination date: 20170830 |