CN1988539A

CN1988539A - System and method for compensable sending classified content based on radio digital broadcast path

Info

Publication number: CN1988539A
Application number: CN 200610145570
Authority: CN
Inventors: 夏团利
Original assignee: Individual
Current assignee: Individual
Priority date: 2006-11-22
Filing date: 2006-11-22
Publication date: 2007-06-27
Anticipated expiration: 2026-11-22
Also published as: CN1988539B

Abstract

A categorized content paid-distribution system based on the wireless digital broadcasting channel includes: authentication system to supply the encryption authorized information, data program making platform to accept the encryption authorized information of authentication system to encrypt the program content from wholesalers or distributors and send the encrypted program and related encryption authorized information, Data Broadcasting Gateway to receive the above program and information from the data program making platform to broadcast to user terminal, user terminal to receive the program and information and decrypt the program by the use of the decryption authorized information. The invention also provides the related method.

Description

Based on the paid system and method for distributing of the categorised content of radio digital broadcast path

Technical field

The present invention relates to the radio broadcasting field, relate in particular to and in the digital radio broadcast passage, realize content distribution and the method and system of selling.Wherein, radio digital broadcast path is meant and comprises DAB, DVB-S, and DVB-T, DVB-H, DMB etc. are in the interior radio broadcasting service based on numeral.

Background technology

Because the application of digitlization sound, technique for video broadcasting makes and transmits high-quality sound, video content is achieved to the business of user side.In addition,, make the user side that content can transmit under the situation of zero defect because content-data adopted error correcting technique in transmission course, thereby, opened up a kind of efficient and do not have the content distribution of medium cost and a new channel of selling.

In existing wireless digital broadcasting communication protocol, all reserved data channel, controlled the business that the user accepts to permit according to the technology of channel scrambling with difference.For example: the encapsulation mode of having stipulated data channel in the DAB agreement is to be different from the channel scrambling method of other audio programs.Utilize data channel just can transmit the data content of various non-broadcasting sounds, video frequency program, for example can transmit contents such as electronic chart, picture, music or film, paid download service is provided.

The wireless digital broadcasting technology is to distinguish different channel by the method for logical partitioning channel, can satisfy the bandwidth requirement of different business transfer of data when carrying out the data content download service by the logical channel of binding varying number.For example, in the DAB agreement, can carry the data volume of 1.2Mbps among each 2MhzEnsample, inside can be divided into n 128kbps or n 192kbps. wherein, and each 128kps or 192kbps can independently transmit a channel program.Just can improve the capacity of transfer of data for data download service by the channel that distributes a plurality of 128kbps or 192kbps.

The existing method that is used for the paid distribution of digital content mainly may be summarized to be two classes: a class is based on the condition receiving method of cable tv broadcast technology.The another kind of real-time authentication method that is based on interactive type communication.

The condition receiving method that is used for cable tv broadcast (DVB-C) is the central controlled system of user, take independently broadcasting the mode that transmits user's licence list in the frequency band, by the operation of terminal according to this terminal authority execute permission shown in user's licence list.This technology has realized that non real-time user receives authorization, but it can't be applied to the paid content distribution service of wireless digital broadcasting.At first, the customer volume of wireless digital broadcasting carrying is big, the overlay area is big, therefore can cause user's licence list information capacity huge, if in user's licence list, add the purchase of each content is authorized, then increased the capacity of list information more, thereby user side can't be obtained in time and renewal; Secondly, because the band resource of wireless digital broadcasting is limited, therefore, it is huge to provide separate bands to transmit user's licence list cost; Once more, because content-based sale need be carried out real-time credit authorization and permission, do not having under the situation of return path, the central controlled system of user can't realize real-time.

Real-time authentication method based on interactive type communication comprises subscriber authorisation authentication method (AAA) or the online payment method that is widely used in the Internet, and based on the content purchase of mobile phone wireless communication and the digital copyright management method (DRM) of content-based issue.Because these methods all based on interactively traffic model, therefore, can't independently be finished the paid distribution of content in the wireless data broadcasting service that does not have return path.Even bundle mobile phone as down going channel by wireless data broadcasting, the purchase of data content can be realized as the mode of uploading channel in phone or the Internet, but it has increased the terminal cost, and the effect of movable wireless data broadcast communication and advantage have been limited as cheap.

Based on the real time communication pattern whether whether digital copyright management (DRM) no matter, and it all can not be as the general content distribution authorization mechanism of a kind of complete sum.At first, the kind and the form of content are varied, and the making of content and sales section disengaging, be difficult to reach unified standard and fix information such as selling price in content.Secondly, exist the content publisher of competitive relation may adopt different digital copyright management mechanism, therefore need an intermediate layer to isolate the compatibility issue that the difference because of content compression and coding causes.DRM will be used for the secondary distribution of categorised content and control content, but is not having DRM under the prerequisite of return path can not finish mandate and authentication mechanism to the user independently.

Summary of the invention

An object of the present invention is to create a kind of wireless data broadcasting distribution mechanisms, by this mechanism in the mandate and the authentication that do not have also can finish independently under the prerequisite of return path to the user.

The invention provides the paid system that distributes of a kind of categorised content based on radio digital broadcast path, comprising: authentication and authorization system provides encryption authorization information; The data content program production platform, be coupled to authentication and authorization system, accept the encryption authorization information of authentication and authorization system, according to the programme content of this encryption authorization information encryption from content whole seller or publisher, and programme content and associated encryption authorization message after the transmission encryption; The data broadcasting gateway is coupled to above-mentioned data content program production platform, receives from programme content after the encryption of data content program production platform and associated encryption authorization message, is broadcast to user terminal; After the user terminal that comprises the terminal authentication module, user terminal receive programme content and associated encryption authorization message after the encryption, the terminal authentication module with wherein the decrypt authorized information of being stored in to the programme content deciphering after encrypting.

The present invention also provides the system of the paid distribution of a kind of categorised content based on radio digital broadcast path, comprising: authentication and authorization system, encrypted symmetric key is provided and unsymmetrical key that this encrypted symmetric key is encrypted again right; The data content program production platform, be coupled to authentication and authorization system, the unsymmetrical key that acceptance is encrypted from the encrypted symmetric key of authentication and authorization system with to this encrypted symmetric key again is right, with the programme content of encrypted symmetric key encryption from content whole seller or publisher, with the private key of above-mentioned unsymmetrical key centering to encryption keys, with the private key of above-mentioned top CA public key encryption, with the programme content after encrypting to above-mentioned unsymmetrical key centering, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA regularly sends; The data broadcasting gateway, be coupled to above-mentioned data content program production platform, the programme content of reception after from the encryption of data content program production platform, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, with the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, regularly they are broadcast to user terminal; The user terminal that comprises the terminal authentication module, user terminal receives the programme content after the encryption, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, behind the PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, whether the PKI of judging local original unsymmetrical key centering is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local original unsymmetrical key centering, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, decipher programme content after the above-mentioned encryption, the decryption content after obtaining deciphering with this encryption key as decruption key.

The present invention also provides a kind of categorised content based on radio digital broadcast path paid method of distributing, and comprising: encryption authorization information is provided; According to the programme content of this encryption authorization information encryption from content whole seller or publisher, and programme content behind the broadcast enciphering and associated encryption authorization message; User terminal receives programme content and the associated encryption authorization message after encrypting, and with the decrypt authorized information that is stored in the user terminal programme content after encrypting is deciphered.

The present invention also provides the method for the paid distribution of a kind of categorised content based on radio digital broadcast path, comprising: encrypted symmetric key is provided and unsymmetrical key that this encrypted symmetric key is encrypted again right; With the programme content of encrypted symmetric key encryption from content whole seller or publisher, with the private key of above-mentioned unsymmetrical key centering to encryption keys, with the private key of above-mentioned top CA public key encryption to above-mentioned unsymmetrical key centering, with the programme content after encrypting, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, with the PKI periodic broadcasting of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA to user terminal; User terminal receives the programme content after encrypting, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, whether the PKI of judging local original unsymmetrical key centering is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local original unsymmetrical key centering, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, decipher programme content after the above-mentioned encryption, the decryption content after obtaining deciphering with this encryption key as decruption key.

By the terminal authentication module in authentication and authorization system of the present invention and the user terminal separate encrypted transmission and decrypt authorized mechanism, uniaxially has realized that the user buys permission, thereby has solved in the prior art in the problem that does not have can not finish independently under the prerequisite of return path to user's mandate and authentication.

Description of drawings

Fig. 1 is concept principle figure of the present invention.

Fig. 2 is the block diagram of system of the present invention.

Fig. 3 is the block diagram according to the logic flow of expression data distribution of the present invention.

Fig. 4 is data encapsulation of the present invention and enciphering/deciphering illustraton of model.

Fig. 5 is the schematic diagram of digital content distribution index of the present invention.

Fig. 6 is unilateral authentication of the present invention and take grant model figure.

Fig. 7 is a distributed data broadcast gateway topological diagram of the present invention.

Fig. 8 is that the present invention broadcasts the subchannel illustraton of model.

Embodiment

(1) basic principle of the present invention

Introduce basic principle of the present invention earlier.The present invention be directed to a cover classifying content encapsulation that proposes based on the paid distribution services of the content of wireless data broadcasting, the agreement (being specifically related to system and method) that content purchase guides and unidirectional subscriber authorisation is permitted.Can be implemented in by this agreement in the radio network of no return path the user is carried out real-time authorization and authentication,, reduced management data taking simultaneously to greatest extent band resource to reach purpose to content access permission and purchase.The present invention can use in interactive network equally, by with being connected of payment system, can realize the real-time purchase of content.In wireless broadcast network, can realize that by the present invention the non real-time of content is bought.

Relation between the channel scrambler technology of the present invention, wireless data broadcasting agreement, the DRM technology of content production as shown in Figure 1.The present invention proposes to increase content with innovating and stores and the controlling mechanism of buying 15 between the channel access control mechanisms 13 of prior art and copyright control mechanism 14, the content that reaches based on different copyright control mechanism can realize paid distribution or sale in the passage of same wireless data broadcasting.And this realization is unidirectional subscriber authorisation and the authentication mechanism that does not rely on return path.Shown in the bottom of Fig. 1, the content of different copyright control mechanism is broadcasted in same wireless broadcast data passage (passage of the present invention is a channel), middle controlling mechanism 15 through content storage of the present invention and purchase is carried out content distribution/purchase management to it, paid distribution or sale have been realized, kind and othernesses such as varied compression that causes of form and coding as for content, be DRM copyright control mechanism 14 things to be solved of leaving the back for, the present invention just plays a function served as bridge between channel access control mechanisms 13 and copyright control mechanism 14, realization can realize paid distribution or sale based on the content of different copyright control mechanism in the passage of same wireless data broadcasting, and does not need return path.

(2) describe, in general terms of the present invention

Fig. 2 is the block diagram of system of the present invention.The paid system that distributes of a kind of categorised content based on radio digital broadcast path of the present invention comprises:

Authentication and authorization system (1): provide encryption authorization information, access modules of wherein having ready conditions (18) (conditional access module can be introduced in the back in detail) and close word machine (11) (close word machine mainly generates information such as symmetric key, unsymmetrical key).The condition of unilateral authentication licensing mode of the present invention is accepted system, the authentication authorization and accounting authoring system, be core of the present invention, the so-called unidirectional separate operation that is meant encrypted transmission by authentication and authorization system CAS (1) and aftermentioned terminal authentication module PMS-C (5) and decrypt authorized is finished the user and is bought permission.The authentication and authorization system (1) that comprises close word generation machine (Code Machine-CM) is realized authentication of the present invention jointly with terminal authentication system (PMS-C).The function of CAS should comprise: program (program of the present invention is a content) is encrypted with symmetric key and is generated and management system; The authentication that symmetric key is encrypted is encrypted with unsymmetrical key generation and management system with transmission; Program and transmission security key distribution and life cycle management system; Pay dues and authorize the credit code generation system; Timestamp or sequence number generate and prevent the repeated code management; The area code management; The management of zone C AS agency plant; Close word machine pre-authorization code generates and management system in batches; Real time communication submodule with PPM (2); With real time communication submodule of PG (3) etc.

Data content program production platform (PPM) (2), be coupled to authentication and authorization system (1), accept the encryption authorization information of authentication and authorization system (1), according to the programme content of this encryption authorization information encryption from content whole seller or publisher, and programme content and associated encryption authorization message after the transmission encryption.Digital content of the present invention is made platform and is made up of modules such as digital content distribution index DCDI (Digital Content Delivery Index) making platform, digital coding machine, regional program production platforms.The function of PPM comprises: the DCDI layout, and the DCDI retrieval is revised, deletion; The channel coding management, data type encode management, program category encode management, content type encode management; The digital coding machine is according to DCDI layout encrypted content program; The digital coding machine is integrated DCDI, key and management information data and content program data flow; With the real time communication submodule of cas system, with real time communication submodule of multiplexer Ensemble/Multiplexer etc.

Data broadcasting gateway (BG) (3) is coupled to above-mentioned data content program production platform (2), receives from programme content after the encryption of data content program production platform (2) and associated encryption authorization message, is broadcast to user terminal.BG of the present invention is responsible for the distribution of data content.Because there are two kinds of local covering frequence and national covering frequences in the Frequency Distribution of broadcast system such as DAB/DVB, if based on local covering frequence then need before all local concentrator/multiplexers, set up data content gateway of the present invention, be used for the data flow that long-range transmission promptly will be distributed, and this data flow is incorporated in the multiplexer.Function comprises: the management of distributed data gateway; Data Receiving and telemanagement; The data broadcasting clock synchronization; Local data such as uploads at function.Simultaneously when area data input interface function is provided, the function that this platform can integrated part PPM is as the local DCDI management and data creating management of area contents distributors.

After the user terminal (4) that comprises terminal authentication module (5), user terminal (4) receive programme content and associated encryption authorization message after the encryption, terminal authentication module (5) with wherein the decrypt authorized information of being stored in to the programme content deciphering after encrypting.

In one aspect of the invention, described decrypt authorized information is regularly to be generated or upgraded by authentication and authorization system (1), and propagates into user terminal (4) via data content program production platform (2), data broadcasting gateway (3).

From another kind of angle, the present invention proposes the paid system that distributes of a kind of categorised content based on radio digital broadcast path, comprising:

Authentication and authorization system (1), encrypted symmetric key is provided and unsymmetrical key that this encrypted symmetric key is encrypted again right.

Data content program production platform (2), be coupled to authentication and authorization system (1), the unsymmetrical key that acceptance is encrypted from the encrypted symmetric key of authentication and authorization system (1) with to this encrypted symmetric key again is right, with the programme content of encrypted symmetric key encryption from content whole seller or publisher, with the private key of above-mentioned unsymmetrical key centering to encryption keys, with the private key of above-mentioned top CA public key encryption, with the programme content after encrypting to above-mentioned unsymmetrical key centering, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA regularly sends.

Data broadcasting gateway (3), be coupled to above-mentioned data content program production platform (2), the programme content of reception after from the encryption of data content program production platform (2), with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, with the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, regularly they are broadcast to user terminal.

The user terminal (4) that comprises terminal authentication module (5), user terminal (4) receives the programme content after the encryption, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, behind the PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, whether the PKI of judging local original unsymmetrical key centering is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local original unsymmetrical key centering, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, decipher programme content after the above-mentioned encryption, the decryption content after obtaining deciphering with this encryption key as decruption key.

In one aspect of the invention, authentication and authorization system (1) is also with above-mentioned encrypted symmetric key, unsymmetrical key offers data content program production platform (2) right life cycle, data content program production platform (2) with these life cycles with the encrypted private key of above-mentioned unsymmetrical key centering after data broadcasting gateway (3) is broadcast to user terminal (4), whether the life cycle of the PKI of the unsymmetrical key centering that the terminal authentication module (5) in the user terminal (4) inspection is stored is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local unsymmetrical key centering of being stored, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, and with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of the unsymmetrical key centering of storing, association store life cycle that obtain the life cycle corresponding with the PKI of the unsymmetrical key centering of above-mentioned broadcasting, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this unsymmetrical key centering, the life cycle association store corresponding with the symmetric key of above-mentioned broadcasting.

Because the present invention has used this life cycle of information, just can find out in time whether symmetric key or unsymmetrical key be expired, if the effect of the key information that can upgrade in time is played in expired timely replacing.

In one aspect of the invention, data content program production platform (2) is also distributed data content index DCDI and is broadcast to user terminal (4) through data broadcasting gateway (3), this DCDI comprises the content indexing of the broadcasted content in one or more cycles, and intert broadcast in advance on the content stream discontinuous ground of playing continuously prior to the playback period of the content of being predicted among the DCDI, this DCCI and content, management information is broadcast to user terminal (4) together, user terminal (4) is isolated this DCDI, and from DCDI, select to want the index of downloaded contents in response to the user, this index is placed in the interior downloading task district of user terminal (4), waits for carrying out when this content-data download period begins and download.

Because the present invention is provided with DCDI, this DCDI is periodic broadcasting, just makes the user to have realized effective distribution of content of the present invention easily according to this DCDI selection option wherein, and content of the present invention is selected according to this DCDI, has made things convenient for the tissue of content.

In one aspect of the invention, the content in each cycle is play two-wheeled at least continuously, plays the content indexing of the content in the next cycle in current period.

No matter guarantee to have selected the content among the DCDI, can guarantee that at least chance receives this content when by above-mentioned feature.

In one aspect of the invention, data content program production platform (2) is divided into following two types of encapsulation respectively with data:

Data type one is for encrypted content data adds content code, encapsulated content code externally after content-data is encrypted, and content code is the code of sign content-data, user terminal identification is also downloaded and the reorganization packet according to content code.

Data type two is a management data information, comprises DCDI, with the encrypted symmetric key of the encrypted private key of CA end unsymmetrical key, with the PKI of the unsymmetrical key of the encrypted private key of unsymmetrical key, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, use concealed password with the supplementing with money of encrypted private key of unsymmetrical key.

Each packet all has type of message ID, and the various management data for data type two has the information type ID that is used for various management data, and user terminal is handled respectively according to type i D recombination data bag and by dissimilar.

By above-mentioned encapsulation mode, realized that terminal can carry out the recombination data bag and handle respectively according to type of message.

In one aspect of the invention, the content that data content program production platform (2) is encrypted according to the DCDI layout encapsulates the content of programmed encryption, and content code and type of message ID are sticked in encapsulation packet header, be used for the traffic identification and the reorganization of user terminal, form encrypted content data stream; To hold the encrypted symmetric key of the encrypted private key of unsymmetrical key with CA, with the PKI of the unsymmetrical key of the encrypted private key of unsymmetrical key, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, encapsulate with the supplementing with money of encrypted private key of unsymmetrical key with concealed password, type of message ID is sticked in encapsulation packet header, form the key information data flow, carry out the transmission of repetition according to the period frequency that configures; Encrypted content data stream, key information data flow and DCDI data flow are carried out the multiplexing integration encapsulation of difference.

At described user terminal, when the expired needs of the PKI of the local unsymmetrical key of storing of user terminal are downloaded the PKI of new unsymmetrical key, accept data download, verifying and receiving type of message ID is the packet of management information, verification and stored information type i D are the packet with the PKI of the unsymmetrical key of the encrypted private key of unsymmetrical key, PKI with the unsymmetrical key of this locality storage is deciphered this packet, upgrades the PKI of local unsymmetrical key with the PKI of the new unsymmetrical key of acquisition.

When deciphering acquisition content-encrypt symmetric key with the PKI of new local unsymmetrical key, user terminal is verified and received type of message ID is the packet of management information, stored information type i D is the packet with the encrypted symmetric key of the encrypted private key of unsymmetrical key, decipher this packet with the PKI of new local unsymmetrical key, take out encrypted symmetric key as separating key, programs stored is separated key then, for the continuous download in the term of validity.

User terminal obtains program separate key after, the content airtime in the index among the DCDI that verification is chosen, and before content is gone on the air be tuned to content distribution channel and start and to accept data, verifying type of message ID is content-data, and verifying content code is after the selected content this content to be carried out this locality storage and reorganization bag.

In one aspect of the invention, the data flow of integrating after encapsulating also comprises the EPG that is used for broadcast program.

By above-mentioned feature, just can broadcast broadcast program with synchronization of data streams ground.

In one aspect of the invention, system of the present invention also comprises payment gateway (6) (as the dotted line of Fig. 2), and it is networked to user's bank account, and the user deposits money to bank, by note or phone will supplement demand with money and user terminal address sends to payment gateway.Payment gateway (6) will be supplemented demand and user terminal address with money by note or dial the payment phone and send to payment gateway in response to the user, whether pay the bill to the bank account checking that is networked to, payment gateway is with the successful payment information of bank, user terminal address information and quantity purchase information send to authentication and authorization system (1), authentication and authorization system (1) is according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user through payment gateway (6), the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first use Message Digest 5 (as MD5, algorithm known) comparison local data base information integrity (it is attainable that this operation is based on prior art), if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed (method of prior art) with for future reference with local message digest algorithm (as MD5), user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value.

Because the weakness of digital broadcasting pattern is that itself does not possess the data return path, therefore, content distribution platform of the present invention must solve the renewal Authorized operation of the passback in user's off line method of supplementing with money and the process of supplementing with money of paying the fees.By aforesaid operations, realized realizing supplementing with money of user by the mode of asynchronous return authorization sign indicating number.

In one aspect of the invention, also comprise online service management system (7), its in response to the user by the success of paying of Internet bank's card mode, with successful payment information, user terminal address information and quantity purchase information send to authentication and authorization system (1), authentication and authorization system (1) is according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user through online service management system (7), the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first use Message Digest 5 (as MD5) comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with local message digest algorithm (as MD5), user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value.

In one aspect of the invention, this system also support prepaid card supplements with money, authentication and authorization system (1) is concentrated and is generated the pre-authorization code, it is non-repetitive and comprises the set of authorized quantity information, the pre-authorization code can store in the close word generation machine that is distributed to the agent point standby, user terminal code in response to the input of user Xiang Mi word generation machine, close word machine user terminal code and pre-authorization code, timestamp and a concealed password generate authorization message jointly, and generate authorization code with Message Digest 5 (as MD5) and be used for the user and supplement input with money, the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first use Message Digest 5 (as MD5) comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI and described concealed password with local unsymmetrical key are untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with local message digest algorithm (as MD5), user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value.

The method that payment gateway of the present invention (6), online service management system (7) and prepaid card are supplemented with money is arranged side by side, adopts wherein a kind of just passable.

In one aspect of the invention, in in the downloading task district that this index is placed in the user terminal (4), carry out the automatic subscriber scope check, user terminal is checked the integrality of user right data by Message Digest 5 (as MD5) signature, with credit information and digital signature comparison, if arithmetic result is signed identical with the local digital of storage before then there is modification in explanation, otherwise then there is modification (this checking method is a prior art) in explanation, if existence is revised then is reminded the user to do the data initialization, if data integrity then check the user and whether have enough residual competences promptly to remain credit value to pay this purchase, if insufficient permission, then remind the user to supplement with money, otherwise wait for downloads.

By this scope check of the present invention, prevented that the user from altering the possibility of authority information.

In one aspect of the invention, data broadcasting gateway (3) is a distributed network gate, is deployed in the front end of DAB/DMB assembler.

By distributed network gate, can be implemented in the unified operation that big zone covers (as the whole nation).

In one aspect of the invention, passage in the data broadcasting gateway (3) is divided into the plurality of sub passage, for each subchannel provides a special subchannel code, data in subchannel transmit, user terminal is isolated different DCDI and corresponding data according to different subchannel codes, content is transmitted in different subchannels respectively with the key management data, and different contents can be transmitted in different subchannels.

The present invention can deposit multilingual program in different subchannels, be convenient to the demand of local user for the voice otherness.

In one aspect of the invention, the function of data broadcasting gateway (3) integrated part data content program production platform (2) is as the local DCDI management and data creating management platform of area contents distributors.

By this feature, area contents distributors can directly look for data broadcasting gateway (3) to carry out program making, increases applicability of the present invention.

In one aspect of the invention, the index among the DCDI comprises content type, broadcast time and pricing information.

In one aspect of the invention, user terminal is stored the terminal address information of the top conditional access module CA signature in the authenticated authoring system (1) and the PKI and the life cycle of unsymmetrical key, and the user terminal of PKI that the renewal of asymmetric public keys need be held the unsymmetrical key of top CA signature can carry out.

By above-mentioned feature, increased the reliability of authentication.

In one aspect of the invention, described decrypt authorized information is regularly to generate or renewal.

The present invention proposes the method for the paid distribution of a kind of categorised content based on radio digital broadcast path, comprising: encrypted symmetric key is provided and unsymmetrical key that this encrypted symmetric key is encrypted again right; With the programme content of encrypted symmetric key encryption from content whole seller or publisher, with the private key of above-mentioned unsymmetrical key centering to encryption keys, with the private key of above-mentioned top CA public key encryption to above-mentioned unsymmetrical key centering, with the programme content after encrypting, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, with the PKI periodic broadcasting of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA to user terminal; User terminal receives the programme content after encrypting, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, whether the PKI of judging local original unsymmetrical key centering is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local original unsymmetrical key centering, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, decipher programme content after the above-mentioned encryption, the decryption content after obtaining deciphering with this encryption key as decruption key.

In one aspect of the invention, above-mentioned encrypted symmetric key also is provided, the life cycle that unsymmetrical key is right, be broadcast to user terminal behind the encrypted private key with above-mentioned unsymmetrical key centering these life cycles, whether the life cycle of the PKI of the unsymmetrical key centering that user terminal (4) inspection is stored is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local unsymmetrical key centering of being stored, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, and with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of the unsymmetrical key centering of storing, association store life cycle that obtain the life cycle corresponding with the PKI of the unsymmetrical key centering of above-mentioned broadcasting, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this unsymmetrical key centering, the life cycle association store corresponding with the symmetric key of above-mentioned broadcasting.

In one aspect of the invention, also data content is distributed index DCDI and be broadcast to user terminal, this DCDI comprises the content indexing of the broadcasted content in one or more cycles, and intert broadcast in advance on the content stream discontinuous ground of playing continuously prior to the playback period of the content of being predicted among the DCDI, this DCCI and content, management information is broadcast to user terminal together, user terminal is isolated this DCDI, and from DCDI, select to want the index of downloaded contents in response to the user, this index is placed in the downloading task district in the user terminal, waits for that this content-data downloads the period and carry out when beginning and download.

In one aspect of the invention, data are divided into following two types of encapsulation respectively:

In one aspect of the invention, the content of encrypting according to the DCDI layout encapsulates the content of programmed encryption, and content code and type of message ID are sticked in encapsulation packet header, are used for the traffic identification and the reorganization of user terminal, form encrypted content data stream; Will be with the encrypted symmetric key of the encrypted private key of unsymmetrical key, with the PKI of the unsymmetrical key of the encrypted private key of unsymmetrical key, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, encapsulate with the supplementing with money of encrypted private key of unsymmetrical key with concealed password, type of message ID is sticked in encapsulation packet header, form the key information data flow, carry out the transmission of repetition according to the period frequency that configures; Encrypted content data stream, key information data flow and DCDI data flow are carried out the multiplexing integration encapsulation of difference.

In one aspect of the invention, to supplement demand and user terminal address with money by note or dial the payment phone and send in response to the user, solve pay the bill after, according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user, the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first use Message Digest 5 (as MD5) comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with local message digest algorithm (as MD5), user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value.

In one aspect of the invention, introduce online service management system (7), make online service management system (7) in response to the user by the success of paying of Internet bank's card mode, with successful payment information, user terminal address information and quantity purchase information send to authenticate, when authentication according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user through online service management system (7), the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first use Message Digest 5 (as MD5) comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with local message digest algorithm (as MD5), user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value.

In one aspect of the invention, this method also support prepaid card is supplemented with money, concentrate and generate the pre-authorization code, it is non-repetitive and comprises the set of authorized quantity information, the pre-authorization code can store in the close word generation machine that is distributed to the agent point standby, user terminal code in response to the input of user Xiang Mi word generation machine, close word machine user terminal code and pre-authorization code, timestamp and a concealed password generate authorization message jointly, and generate authorization code with Message Digest 5 (as MD5) and be used for the user and supplement input with money, the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first use Message Digest 5 (as MD5) comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI and described concealed password with local unsymmetrical key are untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with local message digest algorithm (as MD5), user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value.

In one aspect of the invention, in in the downloading task district that this index is placed in the user terminal, carry out the automatic subscriber scope check, user terminal is checked the integrality of user right data by Message Digest 5 (as MD5) signature, with credit information and digital signature comparison, if arithmetic result is signed identical with the local digital of storage before then there is modification in explanation, otherwise then there is modification in explanation, if existence is revised then is reminded the user to do the data initialization, if data integrity then check the user and whether have enough residual competences promptly to remain credit value to pay this purchase, if insufficient permission is then reminded the user to supplement with money, otherwise is waited for downloads.

In one aspect of the invention, adopt the distributed data broadcast gateway to the user terminal broadcast data, this distributed data broadcast gateway is deployed in the front end of DAB/DMB assembler.

In one aspect of the invention, data broadcasting gateway (3) integrated part data content program making function is as the local DCDI management and data creating management platform of area contents distributors.

In one aspect of the invention, user terminal storage is through the terminal address information of top conditional access module CA signature and the PKI and the life cycle of unsymmetrical key, and the user terminal of PKI that the renewal of asymmetric public keys need be held the unsymmetrical key of top CA signature can carry out.

(3) content distribution method principle explanation

The input of step S1--content-data, this content-data is imported by content whole seller (20), content whole seller (20) with local publisher's (19) difference is: content whole seller is that responsible (for example whole nation) on a large scale large batch of content is wholesale, and local publisher's (19) traffic carrying capacity is less, but for its reason of making content program be the same.It should be to be sent in the fixing memory device with the storage medium transmission or by network mode that the original contents data are provided.The original contents data will be done the conversion of content corresponding coded format and set up searching database on program production platform PPM.

The local content-data input of step S2--.Local content-data input is meant that program production platform (PPM) offers local publisher (19) and uses data content making platform of the present invention (2) to sell the management interface of its local content.The management function that PPM offers local content input comprises: content-data is uploaded, the content-data format conversion, (DCDI), data encapsulation made in the digital content distribution index, the data encapsulation analog detection, online service management system of the present invention (7) management interface, user feedback and download statistics.Step S1 is parallel with S2.According to being the optional one of content whole seller or local publisher.In addition, data broadcasting gateway (3) also can be integrated a part of data content and make platform (2), and local publisher can directly go to sell its content to data broadcasting gateway (3).

Step S3--content key and KI.Program key and KI the relation of having represented between PPM (2) and the authentication and authorization system (CAS) (1) is provided.Authentication and authorization system (1) further comprises database (16), user management module (17), conditional access module (18), it is the division on the function, and those skilled in the art can judge that it is which module by the authentication and authorization system content realizes according to the function of authentication and authorization system.Relation between PPM and the authentication and authorization system comprises: CAS offers the PPM symmetric key to program encryption before the content-data encapsulation.CAS offers the private key (PRIV KEY) of the local unsymmetrical key of PPM (as the pairing key of the rivest, shamir, adelman of RSA) to the program decryption secret key encryption.CAS provides the information and the lastest imformation of the PKI (PUBCKEY) of unsymmetrical key and use the private key of unsymmetrical key and the encrypted private key of top CA respectively life cycle of program decryption key.

Step S4--content-encrypt, DCDI and conditional access key.PPM carries out the data flow encapsulation, and the content stream data after will integrating through PPM passes to data broadcasting gateway (Broadcast Gateway) and is used for the whole network broadcasting.Data flow after the integration will be according to time sequencing (FIFO) encapsulation, and the data assembling of terminal also will be according to the time sequencing reorganization of encapsulation.Data flow comprises: the program of content data encrypted, content retrieval serial number code, encryption is separated key (be called encryption key when encrypting, be sent to behind the user terminal for user terminal to separating key) and encrypted secret key lastest imformation, DCDI etc.If broadcast broadcast program, then comprise the EPG digital content distribution index (DCDI) synchronous of broadcast program in the data flow with broadcast with synchronization of data streams.

Step S5--authorizes and distribution credit sign indicating number.The user pays in bank, and user terminal address and the request that requires to buy are dealt into payment gateway (6) by note or calling, and payment gateway is after bank account is solved, and user's payment information is delivered to conditional access module and user management module by payment gateway.Payment gateway can be supported multiple Payment Methods, comprises by SMS (SMS) payment, and by telephone bank's payment, the Credit Card Payments by supporting telephone dial feature terminal etc.After payment gateway is accepted the user-pay successful information, transmit user terminal address information (PMS MAC) and quantity purchase information and be used to generate authorization code to conditional access module.

Step S6--payment and embedding credit sign indicating number.Conditional access module generates authorization code and authorization code is delivered to payment gateway and is used for user terminal (the personal music center of Fig. 3) supplementing with money (PMS).It comprises: conditional access module is according to station address (PMS MAC), and quantity purchase information and timestamp generate pre-authorization information jointly.The local asymmetric privacy keys of pre-authorization information via (as the pairing private key of the rivest, shamir, adelman of RSA) is encrypted the authorization code that generates the 8-20 word length.The user supplements operation with money promptly at user terminal (5) input authorization code to terminal (PMS), and terminal is supplemented with money according to the authorization message that authorization code carries.The operating process of user terminal comprises: user terminal at first with the Message Digest 5 comparison local data base information integrity as MD5, if the vestige of modification is arranged then shut-down operation, is asked user's initialization data storehouse.Check local authorization code database if user profile is complete, definite this time supplemented with money and come into force.PKI (as the pairing PKI of the rivest, shamir, adelman of RSA) with local unsymmetrical key is untied the pre-authorization information of encryption, checks timestamp, if in the term of validity then effective authorized quantity of user is upgraded.Sign for future reference to the result and the authorization code service recorder that upgrade as the Message Digest 5 of MD5 with this locality at last.

Step S7--authorizes and distribution credit sign indicating number.This obtains being operating as by online service system of the present invention (7) of mandate and carries out the process that network is bought authorization code.Can buy the content distribution authorization by online service management system PMS of the present invention.The user pays by Internet bank's card mode after the success, the online service system sends to cas system with information such as user terminal address, according to user terminal address (PMS MAC), authorized quantity information and timestamp generate pre-authorization information to cas system (1) jointly equally.Pre-authorization information via CAS asymmetric privacy keys (as the pairing private key of the rivest, shamir, adelman of RSA) is encrypted the authorization code that the back generates the 8-20 word, is used for user terminal and supplements operation with money.This step and S5 are concurrency relations, if there is S5 just S7 needn't be arranged, vice versa.

Step S8--pays and obtains the credit sign indicating number.This process is identical with the operating process S6 that obtains authorization code by gateway, comprises same relation.S6 and S8 also are coordinations, only carry out one.

Step S9--authentication and content are downloaded.The user buys the down operation process that authorizes of content.This relation comprises, 1) .DCDI upgrades automatically, comprises that user terminal receives the downstream data flow of acquiescence broadcasting frequency, isolates DCDI and is stored in local for future reference; 2). content distribution preselected operation, comprise that the user chooses the downloaded contents of wanting from DCDI, can multiselect, deposit in the downloading task district and wait for that this content-data download period begins preceding executable operations.3). the automatic subscriber authority is verified, the operation of depositing the downloading task district in execution simultaneously, system by as the Message Digest 5 signature of MD5 check the integrality of user right data, if having modification then remind the user to do the data initialization.If data integrity then check the user whether enough residual competences are arranged.If insufficient permission then remind the user to supplement with money, otherwise wait for downloads.4). the automatic down operation of content, system start-up Data Receiving operation before the broadcasting of predetermined download content is according to the context identifier in the broadcast data (ID) storage packet.The symmetrical program decoding key of the local storage of extraction is accepted the program of network transmission and is separated key if this key is expired, separate key with local asymmetric public key decoding program, program is separated key store standby.Separate the key decoded data packets with the up-to-date program that obtains, and be stored in local download directory, wait for user archive.5). the Data Update operation, upgrade the remaining weights of user, and user data is signed for future reference with Message Digest 5 as MD5.

Step S10--prepaid card is supplemented with money.User of the present invention supplements with money and supports general and simple prepaid card to supplement with money.The purchase of this prepaid card can be at drugstore chain, and ground such as gas station are bought.The generative process of prepaid card comprises that cas system is concentrated in batches and generated the pre-authorization code, and this code packages is non-repetitive and comprises the set of authorized quantity information.The pre-authorization code can store close word into and generate in machine or the database standby.Close word generates machine will be distributed to each retail agent's point, can also can pass through the pre-authorization code off line mandate of this machine storage by the online mandate of dialing.The generative process of close word comprises, behind the input user terminal code (PMS MAC), close word machine algorithm user terminal code and pre-authorization code, a timestamp and a concealed password (Password) generate authorization message jointly, and are used for the user jointly with the close word of signature that generates the 8-20 word as the Message Digest 5 of MD5 and supplement input with money.Though the authorization code where formula is obtained subscriber terminal side to supplement operating process with money identical.

(4) classifying content encapsulation mode

The data encapsulation model of data content program production platform of the present invention (PPM) is divided into two types of encapsulation respectively with data as shown in Figure 4.In the data flow of reality, each packet all has the type of message label, and terminal is carried out the recombination data bag according to type label and handled respectively.

Data type one is for content-data adds content code, and wherein content part is an enciphered data.Encapsulated content code externally after the data encryption, user terminal identification is also downloaded and the reorganization packet according to content code.

Data type two is a management data information, comprise DCDI, the symmetrical program of encrypting with the private key (as the pairing private key of the rivest, shamir, adelman of RSA) of CA end unsymmetrical key is separated key (separating key as the symmetrical program that the symmetric encipherment algorithm of DES/RC4 produces), private key (as the pairing private key of the rivest, shamir, adelman of RSA) encrypted secret key life cycle and lastest imformation, the renewal that private key (private key of top CA) is encrypted is with the PKI of unsymmetrical key and reinstate the date and (change the PKI of user side asymmetric encryption if desired, do not need generally speaking to upgrade), the concealed password of the renewal of encrypted private key (supplementing use with money).

Each packet all has type of message ID, sign is first type or second type, various management data for data type two, have the information type ID that is used for various management data, user terminal is handled respectively according to type i D recombination data bag and by dissimilar.

Data flow after the encapsulation comprises: content data encrypted, content retrieval serial number code, the program of encryption are separated key and encrypted secret key lastest imformation and DCDI.If broadcast broadcast program, then comprise the EPG digital content distribution index (DCDI) synchronous of broadcast program in the data flow with broadcast with synchronization of data streams.

Content distribution of the present invention will be adopted the data encapsulation mode transfer of DAB/DMB.Be sent to DAB/DMB assembler (ensemble) Last call to terminal through the data flow after the PPM data encapsulation by data broadcasting gateway (BG).Because DMB adopts the data encapsulation pattern of DAB equally, so the deployment of content distributing service of the present invention in the DMB network is identical with the DAB system with the transmission encapsulation mode.

(5) digital content distribution index

Fig. 5 is the schematic diagram of digital content distribution index of the present invention and broadcast model.

The broadcasting PUSH technology that is based on content distribution function of the present invention realizes that the user wants to select in advance to want downloaded contents in the DCDI that transmits in advance.DCDI is by content code (Content ID), content name, and the singer, in the creation age, contents such as download time are formed, and merge according to content type classification.

Each DCDI generally only comprises the index (promptly guiding) of the broadcasted content of one-period, and at content this DCDI of broadcasting at intermittence in the continuous cycle of playing.Promptly suppose 12 hours be a broadcast cycle, in order to guarantee that the user can receive content, the content in each cycle is broadcasted (wheel) at least continuously twice, then DCDI only comprises the content guide in this cycle, and one-period is downloaded the DCDI that is about to broadcast in advance, shifts to an earlier date the DCDI that one-period more renews.In what, selected the content among the DCDI no matter can guarantee the user like this in broadcast cycle, can guarantee that at least chance receives this content.As shown in Figure 5, be at the 1st day back 12 hours for the index of the 2nd day broadcast program and intert second day preceding 12 hours and to display by screens.Because replayed second day preceding 12 hours programs at second day back 12 hours, even therefore the user has only received and has interted the DCDI of second day program of displaying by screens second day preceding 12 hours, the user still once chance see and oneself want the program seen.The broadcast frequency period of DCDI can be controlled, and for example, broadcasting in per 3 minutes once.DCDI broadcasts frequency and is dependent on the shared bandwidth of DCDI.A DCDI generally comprises the guide of the first content of 200-500, and every accounts for 60bytes, and then total amount of data is about 12kbytes-30kbytes (96kbps-240kbps).

According to the needs of business, also can be programmed in the guide of continuous different cycles simultaneously among the DCDI, in this case, depend on total content life period the life cycle of this DCDI.Simultaneously, the content of DCDI should provide time validity prompting, has an opportunity to download to guarantee user-selected content.

(6) unilateral authentication and licensing mode

One of core technology of content delivering system of the present invention is unidirectional authorization identifying technology, and the innovation part of this technology is to have solved that conventional conditions access modules (CA) needs to transmit the user profile tabulation and the disadvantage that takies the mass communication bandwidth.Traditional C A system needs regular update user list every day, then needs special-purpose bandwidth to ensure when customer volume is big.For example: suppose every user profile be 50kbps then the data volume at 50 general-purpose families be 2.5Gbps.Extensive use the type CA system in the CATV television broadcasting system, and transmit user list with special 5Mhz.And in the network of terrestrial wireless broadcast technology such as DAB/DMB, band resource is very limited, and for example a 1.5Mhz valid data bandwidth is about 1.15Mbps, the wherein multiplexing again broadcast channel that goes out 4-6 280-192kbps, broadcast program of each Channel Transmission.Therefore the minimum channel that only takies one of them 192kbps of content distributing service of the present invention can not rely on transmission user list mode to realize authentication.

The unilateral authentication pattern of the present invention's innovation relies on the cooperation of intelligent subscriber terminal (PMS) and conditional access system to realize the identification and the authorization control of user side.Implementation procedure as shown above, concrete decomposable process is as follows:

The input of step N1--content-data, the input of represent content initial data.

Step N2--program RC4 Mi Yao ﹠amp; Lastest imformation, initial data are encrypted with the key granting and comprised: A.PPM request CA provides the program key (program key that produces as the symmetric encipherment algorithm of DES/RC4) of symmetric cryptography, uses this secret key encryption content-data.B.PPM accepts to separate key and relevant key information through the program that the private key (as the pairing private key of the rivest, shamir, adelman of RSA) of CA unsymmetrical key is encrypted.

Step N3--Jia Mishuoju ﹠amp; DCDI﹠amp; CA key, data flow assembling comprise: A. transmits encapsulation with the content of encrypting, and traffic identification and the reorganization that content ID and data type ID are used for terminal sticked in encapsulation packet header; B. encrypted secret key and key information data are transmitted encapsulation, data type ID is sticked in encapsulation packet header, and the transmission of carrying out repetition according to the period frequency that configures is to guarantee whenever the user starts shooting, and can obtain program at short notice fast and separate key; C. with encrypted content data stream, key information data flow and DCDI data flow are carried out the multiplexing integration encapsulation of difference.

The Message Digest 5 User Recognition of step N4--such as MD5, data are sent to licensing process behind the user terminal (PMS) at first for subscriber authentication: during content in the user selects, and the one or more contents whether this user of terminal automatic checking has enough credit values to be used to select.The method of determining is at first to use the subscriber identity information of this locality being stored as the Message Digest 5 of MD5, and credit information carries out the digital signature comparison, represents local information effective if arithmetic result is identical with the signature that is stored in this locality before.User terminal requests checking local user credit value.

Step N5--user credit value is verified, and with the local credit value of local secret key decryption, checks whether credit value is enough to pay this purchase.If the credit value deficiency then reminds the user to supplement with money, and be directed to and supplement the interface with money.

Step N6--obtains the PKI as the rivest, shamir, adelman of RSA, if the user credit abundance is then extracted local PKI, checks the PKI effective information, if up-to-date PKI expired then that accept to broadcast download.PKI is replaced and is seen step N9.

Step N7--deciphering program key and lastest imformation, obtain effective PKI after, separate key and key information with the program that this PKI deciphering receives download.The process that program receiving is separated key is: verifying and receiving type of message ID is the packet of management information, stored information type i D is the packet that ciphered program is separated key, uses the PKI decrypted data packet, takes out program and separates key, programs stored is separated key then, has been equipped with the continuous download in the term of validity.

Step N8--checks ID﹠amp; Xie Mineirong ﹠amp; Download, after obtaining program and separating key, verify the content airtime, and content is gone on the air before, automatically tune to the content distribution channel in the several seconds and data are accepted in startup, the type of message ID that verifies data is a content-data, and verifying content ID is that selected content is carried out this locality storage and bag reorganization again.

Step N9--upgrades PKI and preserves program key, and programs stored is separated key and replaced PKI.The program of deciphering is separated key and can be used continuously in the cycle at a program, and it is for future reference therefore need to store this locality into.PKI replacement method is: accept data download, verifying and receiving data message type ID is the packet of management information, verifying also, stored information type i D uses the packet of encrypted public key information for upgrading, decipher this packet and replace PKI with the original PKI in this locality, preserve replacement information and effective information.

Step N10--upgrades number of credits and generates as the Message Digest 5 of MD5 and signs, and after content is distributed successfully, changes user's credit value, and with the Message Digest 5 signature credit value as MD5, to prevent change and to usurp.

(7) terminal recharge method

Because the weakness of digital broadcasting pattern is that itself does not possess the data return path, therefore, content distribution platform of the present invention must solve the renewal Authorized operation of the passback in user's off line method of supplementing with money and the process of supplementing with money of paying the fees.The user of the present invention innovation supplements model with money, and the mode by asynchronous return authorization code realizes supplementing with money of user.At end side of the present invention (PMS), a complete business service process comprises user's credit purchase process (pay the fees and supplement with money) and data downloading process.The off line process mainly is divided into by the Internet or dialing passback uses the record feedback.

With reference to Fig. 3, the terminal use buys the entire flow of credit (supplementing with money) by mobile phone short messages: the user with terminal address (MAC) by note or dial the payment phone send to payment gateway, payment gateway sends to conditional access system (CA) with the successful payment information of bank, and conditional access system (CA) generates the authorization code that is loaded with user terminal address, timestamp and quantity information and common concealed password and sends to user mobile phone by note.The user is input to terminal (PMS) with authorization code, judge by terminal system whether supplement close word with money effective, this machine whether, whether expired, and determine that local identity supplements the number of credits information in the authorization code in the system with money after legal, and write down this authorization code, last encrypting storing user's credit information.

Promptly allowing the user to choose content among the DCDI after user terminal (PPM) is supplemented with money is placed into the mission area and waits for downloads.Terminal system automatic frequency adjustment before the content of mission area is about to broadcasting begins to accept program and separates key to data channel, judge separate key effectively after, beginning received content data, and the storage that will have a selected content program ID is also assembled.Change the user credit value at last, key is separated in storage, is used for the direct use in the term of validity.

(8) distributed broadcast gateway

Fig. 7 is the distributed broadcast gateway topological diagram of the present invention.

Distributed broadcast gateway is the core part of content distributing network platform of the present invention.Distributed broadcast gateway comprises data broadcasting gateway (3) and payment gateway (6) two classes, because the payment gateway of the existing banking system of payment gateway utilization, therefore, distributed network gate of the present invention mainly is meant the data broadcasting gateway.

Distributed network gate will be deployed in the front end of DAB/DMB multiplexer (25).According to the different radio frequency policy of each country with the zone, it is secondary with device and regional multiplexer that multiplexer (25) is disposed the country that can be divided into the unification of the motherland frequency, and the deployment of distributed network gate is disposed according to DAB/DAM multiplexer position.DAB/DMB multiplexer (25) will carry out multiplexing from data broadcasting gateway (3) data of launching and the data of launching from other data source (for example B broadcasting station (26)), be transmitted into receiver (27).Because adopt the configuration of this distributed network gate, these distributed network gates can be distributed to different areas, as the C city (29) among Fig. 7, A country (28).

Broadcast gateway adopts software or example, in hardware to realize all can according to the difference of using.

(9) subchannel model

Fig. 8 is that local digital content of the present invention is downloaded and the subchannel illustraton of model.

The present invention downloads demand with assurance at the local user's custom and the content of language difference for the interface that local (independence) program merchant provides the content input.The pattern that provides local content to download can be divided into two kinds, a kind of for the pattern that goes up by subchannel in local data broadcast gateway (BG) provides a service code (Sub Channel ID) specially, can isolate different DCDI and music data according to service code on the user terminal.

Another kind of pattern is, local program is uploaded to regional program production platform (PPM), and program is incorporated among the unified DCDI and data flow, and the user directly downloads according to music code and need not to select the program source.But this pattern can be wasted the bandwidth resources of high coverage rate, and it is many and concentrated therefore to be confined to local user colony, and this locality has the area of regional program production platform.

As shown in Figure 8, local media (33) has multiple choices, and for example BBC music media DCDI (34) can issue media database (16) and make platform (2) making via data content of the present invention; BBC synchronized media data (35) can enter the subchannel (32) of coded data passage (30), passes the data of coming with media database (16) via main channel (31) and is launched by data broadcasting gateway (3) in coded data passage (30); BBC radio broadcasting (36) also can directly enter DAB/DMB multiplexer (25) and be transmitted into receiver (27).

(10) main points of the present invention

Now the main points may be summarized as follows with of the present invention:

Content is sticked on classification through classification, price, rank, subchannel etc. sign and through encrypting or scrambler.

Formulate purchase according to the characteristic of content and guide, list content type, information such as broadcast time and price.

In a time cycle, content will be by two circulations of minimum broadcasting.Buy to guide and minimumly to propose previous circulation broadcast.

Content key regularly upgrades, and keeps information life cycle (or record recycles plan).

Adopt the privacy key of rivest, shamir, adelman (as RSA) to hold key and information encryption life cycle and broadcast (sites) in turn.

Asymmetric cryptographic key keeps information life cycle to upgrading.During renewal by encrypted private key and the broadcast (sites) in turn of top CA.

Terminal storage through the PKI of the raw address information of top CA signature and unsymmetrical key and life cycle information.

The renewal of asymmetric public keys need be held the authorization terminal of the PKI of top CA and just can operate.

Before buying content, terminal is by verifying the authenticity and the availability of raw address information and credit information as the Message Digest 5 of MD5.

Before buying content, terminal will be determined the validity of asymmetric public keys, if the invalid then public keys of down loading updating at first.

Terminal is extracted program key with effective asymmetric public keys, and with program key descrambling or deciphering, filters and download and store the content of being bought.

Behind the content purchase, terminal is revised the credit information that subscriber's local is stored according to the program price sign, and with the Message Digest 5 as MD5 new credit information and time stamp is united signature.

The data broadcasting passage is divided a plurality of subchannels, and content is transmitted in different subchannels respectively with the key management data, and simultaneously, different contents can be transmitted in different subchannels.

Aforementioned terminal is meant client program module that should agreement, and can be embedded in the decoding terminals equipment (for example: DAB, DMB, receivers such as DVB) of the digital Radio Broadcasting Agreements of any support.

Use the digital broadcast terminal decoding device of this agreement, should support storage, show and input function.

The terminal equipment of decoding of support double frequency or full rate demodulation output interface can be realized the transparent operation of digital content purchase, promptly when listening to, watching program, downloads the content of being bought.

Content purchase guides and can set up corresponding relation with the EPG of digital broadcast program, so that the terminal use hears or when seeing the content of wanting to buy, by linking the purchase operation that directly enters content.

The recharge method of user credit can pass through SMS, supplements password with money, rechargeable card, and multiple mode such as IC-card realizes supplementing with money.

(11) terminological interpretation

CAS-Condition Access System condition is accepted system

PPM-Program Producer Management program production platform

UMS-User Management System user management platform

PG-Payment Gateway payment gateway

BG-Broadcast Gateway data broadcasting gateway

I-PMS-Internet Personal Music Station interconnection network personal Music center

B-PMS-Broadcast Personal Music Station broadcasting personal music center

CM-Coding Machine credit code generator

DCDI---Digital Content Delivery Index digital content distribution index

DVB-C-Digital Video Broadcast-Cable cable digital video broadcasting

DVB-S-Digital Video Broadcast-Satellite satellite digital video broadcast

DVB-H-Digital Video Broadcast-Handset hand-held digital video broadcast

DVB-T-Digital Video Broadcast-Terrestrial digital video broadcast-terrestrial

DAB-Digital Audio Broadcast digital audio broadcasting

DMB-Digital Multimedia Broadcast DMB

Ensemble-DAB ensemble (Only in this article) DAB integrator

Multiplexer-DAB Multiplexer Only in this article) DAB channel multiplexer

CA-Condition Access conditional access module

RSA-RSA Encryption algorithm RSA public key encryption algorithm

PRIV-Private Key of RSA Encryption (RSA private key)

PUBC-Public Key of RSA Encryption (the publicly-owned key of RSA)

MD5-MD5 message-digest algorithm MD5 Message Digest 5

DES-DES Encryption algorithm des encryption algorithm

Credit Code-Code for Top up Credit authorizes credit code

PreCredit Code-Code generated in advance and saved inCoding machine pre-authorization sign indicating number

PMS MAC-Identify machine address code for PMS PMS device address

The programme of EPG-Electronic Program Guide electronic programming

PID-Program Identity Number program category code

Type PID-Data Type Identity Number data type code

Channel ID-Channel Identity Number channel identication number

DRM-Digital Right Management digital copyright management

Illustrative embodiments of the present invention has more than been described.Should be understood that this description is exemplary, is not restrictive.Those skilled in the art can make various modifications and distortion to this example embodiment under the situation of the purport of claim and spirit.In addition, though in the description of embodiments of the present invention, use the MD5 algorithm, one skilled in the art will appreciate that and also can use other Message Digest 5 well known in the prior art.And the symmetric encipherment algorithm that adopts among the present invention is one kind of DES/RC4 not only, also can be other algorithm well known in the art.Also not only RSA Algorithm is a kind of for the rivest, shamir, adelman that adopts among the present invention, can be other algorithm well known in the art.

Claims

1. system based on the paid distribution of the categorised content of radio digital broadcast path comprises:

Authentication and authorization system (1) provides encryption authorization information;

Data content program production platform (2), be coupled to authentication and authorization system (1), accept the encryption authorization information of authentication and authorization system (1), according to the programme content of this encryption authorization information encryption from content whole seller or publisher, and programme content and associated encryption authorization message after the transmission encryption;

Data broadcasting gateway (3) is coupled to above-mentioned data content program production platform (2), receives from programme content after the encryption of data content program production platform (2) and associated encryption authorization message, is broadcast to user terminal;

2. according to the system of claim 1, wherein said decrypt authorized information is regularly to be generated or upgraded by authentication and authorization system (1), and propagates into user terminal (4) via data content program production platform (2), data broadcasting gateway (3).

3. system based on the paid distribution of the categorised content of radio digital broadcast path comprises:

Authentication and authorization system (1), encrypted symmetric key is provided and unsymmetrical key that this encrypted symmetric key is encrypted again right, authentication and authorization system (1) comprises conditional access module CA;

Data content program production platform (2), be coupled to authentication and authorization system (1), the unsymmetrical key that acceptance is encrypted from the encrypted symmetric key of authentication and authorization system (1) with to this encrypted symmetric key again is right, with the programme content of encrypted symmetric key encryption from content whole seller or publisher, with the private key of above-mentioned unsymmetrical key centering to encryption keys, with the private key of top CA public key encryption, with the programme content after encrypting to above-mentioned unsymmetrical key centering, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA regularly sends;

Data broadcasting gateway (3), be coupled to above-mentioned data content program production platform (2), the programme content of reception after from the encryption of data content program production platform (2), with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, with the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, regularly they are broadcast to user terminal;

The user terminal (4) that comprises terminal authentication module (5), user terminal (4) receives the programme content after the encryption, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, behind the PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of top CA, whether the PKI of judging local original unsymmetrical key centering is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local original unsymmetrical key centering, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, decipher programme content after the above-mentioned encryption, the decryption content after obtaining deciphering with this encryption key as decruption key.

4. according to the system of claim 3, wherein authentication and authorization system (1) is also with above-mentioned encrypted symmetric key, unsymmetrical key offers data content program production platform (2) right life cycle, data content program production platform (2) with these life cycles with the encrypted private key of above-mentioned unsymmetrical key centering after data broadcasting gateway (3) is broadcast to user terminal (4), whether the life cycle of the PKI of the unsymmetrical key centering that the terminal authentication module (5) in the user terminal (4) inspection is stored is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local unsymmetrical key centering of being stored, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, and with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of the unsymmetrical key centering of storing, association store life cycle that obtain the life cycle corresponding with the PKI of the unsymmetrical key centering of above-mentioned broadcasting, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this unsymmetrical key centering, the life cycle association store corresponding with the symmetric key of above-mentioned broadcasting.

5. according to the system of claim 3, wherein data content program production platform (2) is also distributed data content index DCDI and is broadcast to user terminal (4) through data broadcasting gateway (3), this DCDI comprises the content indexing of the broadcasted content in one or more cycles, and intert broadcast in advance on the content stream discontinuous ground of playing continuously prior to the playback period of the content of being predicted among the DCDI, this DCCI and content, management information is broadcast to user terminal (4) together, user terminal (4) is isolated this DCDI, and from DCDI, select to want the index of downloaded contents in response to the user, this index is placed in the interior downloading task district of user terminal (4), waits for carrying out when this content-data download period begins and download.

6. according to the system of claim 4, wherein the content in each cycle is play two-wheeled at least continuously, plays the content indexing of the content in the next cycle in current period.

7. according to the system of claim 4, wherein data content program production platform (2) is divided into following two types of encapsulation respectively with data:

Data type one is for encrypted content data adds content code, encapsulated content code externally after content-data is encrypted, and content code is the code of sign content-data, user terminal identification is also downloaded and the reorganization packet according to content code;

Data type two is a management data information, comprise DCDI, with the encrypted symmetric key of the encrypted private key of CA end unsymmetrical key, with the PKI of the unsymmetrical key of top CA encryption, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, use concealed password with the supplementing with money of encrypted private key of unsymmetrical key

8. according to the system of claim 7, wherein data content program production platform (2) is according to the content of DCDI layout encryption, the content of programmed encryption is encapsulated, content code and type of message ID are sticked in encapsulation packet header, be used for the traffic identification and the reorganization of user terminal, form encrypted content data stream; To hold the encrypted symmetric key of the encrypted private key of unsymmetrical key with CA, with the PKI of the unsymmetrical key of the encrypted private key of top CA, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, encapsulate with the supplementing with money of encrypted private key of unsymmetrical key with concealed password, type of message ID is sticked in encapsulation packet header, form the key information data flow, carry out the transmission of repetition according to the period frequency that configures; Encrypted content data stream, key information data flow and DCDI data flow are carried out the multiplexing integration encapsulation of difference,

At described user terminal, when the expired needs of the PKI of the local unsymmetrical key of storing of user terminal are downloaded the PKI of new unsymmetrical key, accept data download, verifying and receiving type of message ID is the packet of management information, verification and stored information type i D are the packet with the PKI of the unsymmetrical key of the encrypted private key of top CA, PKI with the unsymmetrical key of this locality storage is deciphered this packet, upgrades the PKI of local unsymmetrical key with the PKI of the new unsymmetrical key of acquisition

When deciphering acquisition content-encrypt symmetric key with the PKI of new local unsymmetrical key, user terminal is verified and received type of message ID is the packet of management information, stored information type i D is the packet with the encrypted symmetric key of the encrypted private key of unsymmetrical key, decipher this packet with the PKI of new local unsymmetrical key, take out encrypted symmetric key as separating key, programs stored is separated key then, for the continuous download in the term of validity

9. system according to Claim 8, the data flow of wherein integrating after the encapsulation also comprises the EPG that is used for broadcast program.

10. according to the system of claim 7, wherein also comprise payment gateway (6), it is networked to user's bank account, payment gateway (6) will be supplemented demand and user terminal address with money by note or dial the payment phone and send to payment gateway in response to the user, whether pay the bill to the bank account checking that is networked to, payment gateway is with the successful payment information of bank, user terminal address information and quantity purchase information send to authentication and authorization system (1), authentication and authorization system (1) is according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user through payment gateway (6), the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first with Message Digest 5 comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with the local message digest algorithm, user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value, a kind of of wherein said Message Digest 5 is MD5.

11. system according to claim 7, wherein also comprise online service management system (7), its in response to the user by the success of paying of Internet bank's card mode, with successful payment information, user terminal address information and quantity purchase information send to authentication and authorization system (1), authentication and authorization system (1) is according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user through online service management system (7), the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first with Message Digest 5 comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with the local message digest algorithm, user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value, a kind of of wherein said Message Digest 5 is MD5.

12. system according to claim 7, wherein this system also the support prepaid card supplement with money, authentication and authorization system (1) is concentrated and is generated the pre-authorization code, it is non-repetitive and comprises the set of authorized quantity information, the pre-authorization code can store in the close word generation machine that is distributed to the agent point standby, user terminal code in response to the input of user Xiang Mi word generation machine, close word machine user terminal code and pre-authorization code, timestamp and a concealed password generate authorization message jointly, and generate authorization code with Message Digest 5 and be used for the user and supplement input with money, the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first with Message Digest 5 comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI and described concealed password with local unsymmetrical key are untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with the local message digest algorithm, user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value, a kind of of wherein said Message Digest 5 is MD5.

13. according to claim 10,11 or 12 system, in wherein in the downloading task district that this index is placed in the user terminal (4), carry out the automatic subscriber scope check, user terminal is checked the integrality of user right data by the Message Digest 5 signature, with credit information and digital signature comparison, if arithmetic result is signed identical with the local digital of storage before then there is modification in explanation, otherwise then there is modification in explanation, if existence is revised then is reminded the user to do the data initialization, if data integrity then check the user and whether have enough residual competences promptly to remain credit value to pay this purchase, if insufficient permission, then remind the user to supplement with money, otherwise wait for downloads.

14. according to the system of claim 3, wherein data broadcasting gateway (3) is a distributed network gate, is deployed in the front end of DAB/DMB assembler.

15. system according to claim 3, wherein the passage in the data broadcasting gateway (3) is divided into the plurality of sub passage, for each subchannel provides a special subchannel code, data in subchannel transmit, user terminal is isolated different DCDI and corresponding data according to different subchannel codes, content is transmitted in different subchannels respectively with the key management data, and different contents can be transmitted in different subchannels.

16. system according to Claim 8, wherein the function of data broadcasting gateway (3) integrated part data content program production platform (2) is as the local DCDI management and data creating management platform of area contents distributors.

17. system according to Claim 8, wherein the index among the DCDI comprises content type, broadcast time and pricing information.

18. system according to Claim 8, wherein user terminal is stored the terminal address information of the top conditional access module CA signature in the authenticated authoring system (1) and the PKI and the life cycle of unsymmetrical key, and the user terminal of PKI that the renewal of asymmetric public keys need be held the unsymmetrical key of top CA signature can carry out.

19. the method based on the paid distribution of categorised content of radio digital broadcast path comprises:

Encryption authorization information is provided;

According to the programme content of this encryption authorization information encryption from content whole seller or publisher, and programme content behind the broadcast enciphering and associated encryption authorization message;

User terminal receives programme content and the associated encryption authorization message after encrypting, and with the decrypt authorized information that is stored in the user terminal programme content after encrypting is deciphered.

20. according to the method for claim 19, wherein said decrypt authorized information is regularly to generate or renewal.

21. the method based on the paid distribution of categorised content of radio digital broadcast path comprises:

The unsymmetrical key that encrypted symmetric key is provided and this encrypted symmetric key is encrypted again is right;

With the programme content of encrypted symmetric key encryption from content whole seller or publisher, with the private key of above-mentioned unsymmetrical key centering to encryption keys, with the private key of top conditional access module CA public key encryption to above-mentioned unsymmetrical key centering, with the programme content after encrypting, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, with the PKI periodic broadcasting of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA to user terminal;

User terminal receives the programme content after encrypting, with the encryption key behind the encrypted private key of above-mentioned unsymmetrical key centering, PKI with the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA, whether the PKI of judging local original unsymmetrical key centering is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of above-mentioned top CA with the PKI of local original unsymmetrical key centering, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, decipher programme content after the above-mentioned encryption, the decryption content after obtaining deciphering with this encryption key as decruption key.

22. method according to claim 21, above-mentioned encrypted symmetric key wherein also is provided, the life cycle that unsymmetrical key is right, be broadcast to user terminal behind the encrypted private key with above-mentioned unsymmetrical key centering these life cycles, whether the life cycle of the PKI of the unsymmetrical key centering that user terminal (4) inspection is stored is expired, if it is expired then decipher the PKI of the above-mentioned unsymmetrical key centering behind the encrypted private key of the above-mentioned top CA of above-mentioned usefulness with the PKI of local unsymmetrical key centering of being stored, PKI with the unsymmetrical key centering that obtains is replaced the PKI of local original unsymmetrical key centering, and with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of the unsymmetrical key centering of storing, association store life cycle that obtain the life cycle corresponding with the PKI of the unsymmetrical key centering of above-mentioned broadcasting, decipher the encryption key behind the encrypted private key of the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this stylish unsymmetrical key centering, obtain this encryption key, with its with by behind the encrypted private key of deciphering the above-mentioned unsymmetrical key centering of above-mentioned usefulness with the PKI of this unsymmetrical key centering, the life cycle association store corresponding with the symmetric key of above-mentioned broadcasting.

23. method according to claim 21, wherein also data content is distributed index DCDI and be broadcast to user terminal, this DCDI comprises the content indexing of the broadcasted content in one or more cycles, and intert broadcast in advance on the content stream discontinuous ground of playing continuously prior to the playback period of the content of being predicted among the DCDI, this DCCI and content, management information is broadcast to user terminal together, user terminal is isolated this DCDI, and from DCDI, select to want the index of downloaded contents in response to the user, this index is placed in the downloading task district in the user terminal, waits for that this content-data downloads the period and carry out when beginning and download.

24. according to the method for claim 22, wherein the content in each cycle is play two-wheeled at least continuously, plays the content indexing of the content in the next cycle in current period.

25., wherein data are divided into following two types of encapsulation respectively according to the method for claim 22:

Data type two is a management data information, comprise DCDI, with the encrypted symmetric key of the encrypted private key of CA end unsymmetrical key, with the PKI of the unsymmetrical key of the encrypted private key of unsymmetrical key, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, use concealed password with the supplementing with money of encrypted private key of unsymmetrical key

26. method according to claim 25, the content of encrypting according to the DCDI layout wherein encapsulates the content of programmed encryption, and content code and type of message ID are sticked in encapsulation packet header, be used for the traffic identification and the reorganization of user terminal, form encrypted content data stream; Will be with the encrypted symmetric key of the encrypted private key of unsymmetrical key, with the PKI of the unsymmetrical key of the encrypted private key of top CA, with the relevant life cycle of the PKI with this symmetric key and unsymmetrical key of the encrypted private key of unsymmetrical key, encapsulate with the supplementing with money of encrypted private key of unsymmetrical key with concealed password, type of message ID is sticked in encapsulation packet header, form the key information data flow, carry out the transmission of repetition according to the period frequency that configures; Encrypted content data stream, key information data flow and DCDI data flow are carried out the multiplexing integration encapsulation of difference,

At described user terminal; When the expired needs of the PKI of the local unsymmetrical key of storing of user terminal are downloaded the PKI of new unsymmetrical key; Accept downloading data; Verifying also, receipt message type I D is the packet of management information; Verification and storage information type ID are the packet with the PKI of the unsymmetrical key of the encrypted private key of unsymmetrical key; PKI with the unsymmetrical key of this locality storage is deciphered this packet; Upgrade the PKI of local unsymmetrical key with the PKI of the new unsymmetrical key that obtains

27. according to the method for claim 26, wherein the data flow of integrating after encapsulating also comprises the EPG that is used for broadcast program.

28. method according to claim 25, wherein will supplement demand and user terminal address with money by note or dial the payment phone and send in response to the user, solve pay the bill after, according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user, the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first with Message Digest 5 comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with the local message digest algorithm, user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value, a kind of of wherein said Message Digest 5 is MD5.

29. method according to claim 25, wherein introduce online service management system (7), make online service management system (7) in response to the user by the success of paying of Internet bank's card mode, with successful payment information, user terminal address information and quantity purchase information send to authenticate, when authentication according to user terminal address, quantity purchase information and timestamp generate pre-authorization information jointly, the local unsymmetrical key of pre-authorization information via to encrypted private key generate authorization code, return to the user through online service management system (7), the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first with Message Digest 5 comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI with local unsymmetrical key is untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with the local message digest algorithm, user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value, a kind of of wherein said Message Digest 5 is MD5.

30. method according to claim 25, wherein this method also the support prepaid card supplement with money, concentrate and generate the pre-authorization code, it is non-repetitive and comprises the set of authorized quantity information, the pre-authorization code can store in the close word generation machine that is distributed to the agent point standby, user terminal code in response to the input of user Xiang Mi word generation machine, close word machine user terminal code and pre-authorization code, timestamp and a concealed password generate authorization message jointly, and generate authorization code with Message Digest 5 and be used for the user and supplement input with money, the authorization code database is arranged in the user terminal, user terminal is imported authorization code in response to the user at user terminal, at first with Message Digest 5 comparison local data base information integrity, if the vestige of modification is arranged then shut-down operation, request user initialization data storehouse, check local authorization code database if user profile is complete, determine this time to supplement with money to come into force, PKI and described concealed password with local unsymmetrical key are untied authorization code, check timestamp, if before the deadline then effective authorized quantity of user is upgraded, at last the result and the authorization code service recorder that upgrade are signed with for future reference with the local message digest algorithm, user terminal can be in response to the selection of user to the index among the DCDI then, this index of choosing is put into the mission area to wait for downloads and this index content corresponding, after receiving corresponding contents and storage and assembling, change user credit value, a kind of of wherein said Message Digest 5 is MD5.

31. according to claim 28,29 or 30 method, in wherein in the downloading task district that this index is placed in the user terminal, carry out the automatic subscriber scope check, user terminal is checked the integrality of user right data by the Message Digest 5 signature, with credit information and digital signature comparison, if arithmetic result is signed identical with the local digital of storage before then there is modification in explanation, otherwise then there is modification in explanation, if existence is revised then is reminded the user to do the data initialization, if data integrity then check the user and whether have enough residual competences promptly to remain credit value to pay this purchase, if insufficient permission, then remind the user to supplement with money, otherwise wait for downloads, a kind of of wherein said Message Digest 5 is MD5.

32. according to the method for claim 21, wherein adopt the distributed data broadcast gateway to the user terminal broadcast data, this distributed data broadcast gateway is deployed in the front end of DAB/DMB assembler.

33. method according to claim 32, wherein the passage in the data broadcasting gateway (3) is divided into the plurality of sub passage, for each subchannel provides a special subchannel code, data in subchannel transmit, user terminal is isolated different DCDI and corresponding data according to different subchannel codes, content is transmitted in different subchannels respectively with the key management data, and different contents can be transmitted in different subchannels.

34. according to the method for claim 32, wherein data broadcasting gateway (3) integrated part data content program making function is as the local DCDI management and data creating management platform of area contents distributors.

35. according to the method for claim 26, wherein the index among the DCDI comprises content type, broadcast time and pricing information.

36. method according to claim 26, wherein user terminal storage is through the terminal address information of top conditional access module CA signature and the PKI and the life cycle of unsymmetrical key, and the user terminal of PKI that the renewal of asymmetric public keys need be held the unsymmetrical key of top CA signature can carry out.