EP1974523A1 - Verfahren, vorrichtung, computerprogramm, datenträger und computerprogramm-produkt zum verhindern eines empfangs von mediendaten eines multicast-dienstes durch eine unberechtigte vorrichtung - Google Patents

Verfahren, vorrichtung, computerprogramm, datenträger und computerprogramm-produkt zum verhindern eines empfangs von mediendaten eines multicast-dienstes durch eine unberechtigte vorrichtung

Info

Publication number
EP1974523A1
EP1974523A1 EP07703850A EP07703850A EP1974523A1 EP 1974523 A1 EP1974523 A1 EP 1974523A1 EP 07703850 A EP07703850 A EP 07703850A EP 07703850 A EP07703850 A EP 07703850A EP 1974523 A1 EP1974523 A1 EP 1974523A1
Authority
EP
European Patent Office
Prior art keywords
data
security
media data
transmission connection
data transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07703850A
Other languages
German (de)
English (en)
French (fr)
Inventor
Matthias Franz
Günther Horn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Publication of EP1974523A1 publication Critical patent/EP1974523A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/4104Peripherals receiving signals from specially adapted client devices
    • H04N21/4126The peripheral being portable, e.g. PDAs or mobile phones
    • H04N21/41265The peripheral being portable, e.g. PDAs or mobile phones having a remote control device for bidirectional communication between the remote control device and client device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • H04L65/611Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for multicast or broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/64Addressing
    • H04N21/6405Multicasting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Definitions

  • the invention relates to a method, a system, a computer program, a data carrier and a computer program product for transmitting media data of a multicast service.
  • a transmitter for.
  • a server for multicast services outgoing media data transmitted simultaneously to multiple receivers.
  • Such media data is for example audio data, video data or streaming media. If the transmission takes place in a continuous data stream and the processing of the received data stream, in particular the decoding and display, is carried out continuously in the terminal during the transmission, this is referred to as "streaming".
  • the data transmitted over a multicast connection is intended only for a particular group of receivers and is therefore encrypted.
  • a new recipient who wants to use a multicast service must first authenticate to the server to obtain additional information that will enable him to decrypt the data stream.
  • the messages or data between receiver and server may be integrity protected. Such security functions as authentication, integrity protection or encryption and decryption may include steps that can only be performed on a particular device of a user or user.
  • the document DE 102 15 747 B4 relates to the protected downloading of an electronic object. It shows the distribution of various functionalities necessary for a protected downloading of the electronic object, e.g. As software, on several, by a personal area network (PAN) connected devices are needed. These features may include control functions, backup functions, and transfer functions.
  • the backup task (SA) must be carried out, by means of which a security check of the electronic object (IE) is carried out.
  • SA security check of the electronic object
  • the protected downloading is only then completed or completely carried out, ie the downloaded electronic object is only accepted by the receiving device when one or more security checks have been carried out successfully.
  • DE 102 15 747 B4 describes that it is sufficient to have the backup task or the security check of the downloaded electronic object carried out by a functional unit in the PAN, so that if the check result is positive, the electronic object is at the level of the PAN, ie for all functional units of the PAN, is considered safe.
  • the document DE 102 15 747 B4 thus aims to enable the receiver to verify the security properties of the received object by carrying out suitable security checks. This method is therefore exclusively for the protection of the receiver.
  • the method according to the document DE 102 15 747 B4 is not suitable for restricting the reception of the electronic objects exclusively to authorized recipients.
  • a typical means for verification of security properties is the verification of a digital signature.
  • Cryptographic keys may be public (e.g., public key).
  • a typical means of preventing unauthorized reception is the closure of by the sender and the distribution of the encryption key exclusively to authorized recipients.
  • the security data required to prevent unauthorized reception, eg cryptographic keys must, however, be secret.
  • SIM which the user has received from the network operator by subscribing to a mobile network and which is checked by the UMTS network operator during the WLAN access.
  • the protocol used is EAP-SIM in the case of a SIM card or EAP-AKA in the case of a USIM application on a UICC.
  • the method requires the further use of the security standard for WLANs according to IEEE 802. Hi or the use of the IPsec security standard for IP networks in accordance with IETF RFC2401. However, these security methods are for the protection of multicast or multicast methods.
  • Another object is to provide a protected transmission of media data of a multicast service by means of a division of the necessary for the multicast service functions or processes on multiple devices.
  • an object of the present invention is to enable a protected transmission of media data of a multicast service via a transmission connection adapted to the respective multicast service and in particular to the respective terminal.
  • At least one of these objects is achieved by a method with the features of claim 1 and by a system having the features of claim 17 and by a computer program having the features of claim 18 and by a data carrier having the features of claim 20 and by a computer program Product with the features of claim 21 solved.
  • a method for transmitting media data of a multicast service by a first device to a plurality of second devices, which is suitable for preventing reception of the media data by an unauthorized second device by means of a security process, the method comprising the following Comprising: providing a first device by means of which the media data protected by a security process can be provided, providing one third device, by means of which the security process between the first device and the third device is performed, and at least exchange security data between the first device and the third device for providing the media data, selections of a second device, by means of which at least one receiving process for receiving the media data can be carried out, selections of a first data transmission connection, by means of which the first device and the second device can be coupled at least for the transmission of the media data, and passages of the reception process for receiving the provided media data by means of the second device via the first data transmission connection.
  • An advantage of the invention is that a single subscription of the third device or its user to a multicast service is sufficient to use different devices or second devices for receiving the media data of the multicast service.
  • a subscriber or user need not re-register with each receiving device in the multicast service. Instead, it is sufficient to couple the receiving device (second device) with the third device, which has stored the credential for the multicast service in the form of the security data.
  • This allows a user-friendly, cost-effective, location-independent and receiver-specific independent connection to a multicast service.
  • the inventive method advantageously makes it possible to realize on the user's side the reception of the media data on the one hand and the required security functions or the security process on the other hand in different devices or devices. Furthermore, it is an advantage of the present invention that the distribution of processes, such as receiving process and security process, to different devices of the user regardless of the communication between the first device and the third device for carrying out the security process.
  • the user can choose freely between the devices or second devices available to him. For example, suppose the security parameters or security data required for reception are stored in a mobile telephone (third device). Then, the user can display the media data on another device (second device), which has a larger display or a larger display and / or a faster connection or connection to the network, via which the reception takes place, and / or which is more appropriate to decrypt the media data (with, for example, the security data provided by the mobile phone).
  • second device has a larger display or a larger display and / or a faster connection or connection to the network, via which the reception takes place, and / or which is more appropriate to decrypt the media data (with, for example, the security data provided by the mobile phone).
  • the user can freely choose between the distribution networks or first data transmission connections available to him, such as UMTS or WLAN or DSL access.
  • the optimal transmission quality and / or the most advantageous and cost-effective tariff can be achieved.
  • a second data transmission connection is selected, by means of which the third device and the second device can be coupled at least for transmitting the security data, wherein at least a portion of the generated during the passage of the security process between the first device and the third device Security data is transmitted from the third to the second device.
  • the data of the security process between the first device and the third device is exchanged via the first data transmission connection coupled with the second data transmission connection, wherein the second device only forwards this data.
  • a third data transmission connection is selected, by means of which the first device and the third device can be coupled at least for transmitting the security data, wherein at least the security data generated during the execution of the security process between the first device and the third device via the third data transmission connection to provide the media data are exchanged.
  • the security data and / or the media data and / or control data is transmitted via the first data transmission connection and / or the second data transmission connection and / or the third data transmission connection.
  • the transmission of the control data in particular from the third device to the second device, allows a kind of remote control for the second device, which carries out the reception process and in particular also the presentation process of the media data.
  • the transmission of control data in all other transmission directions is also conceivable in order in particular to transmit parameters which are necessary for optimized transmission and representation of the media data, such as screen resolution and suitable transmission rates.
  • the media data are transmitted by means of a streaming method.
  • gen in which the media data from the second device during the transmission continuously processed, in particular displayed on a display of the second device.
  • the transmission of the media data is carried out by downloading an electronic object in a download process, in which the media data are processed by the second device only after complete reception of the electronic object and in particular on the display of the second device are displayed.
  • the first device as a server and / or the third device as
  • Mobile telephone and / or smartcard and / or the second device as laptop, personal computer, personal digital assistant or mobile telephone and / or the first data transmission connection as WLAN, DSL or UMTS connection and / or the second data transmission connection as Bluetooth , Infrared, WLAN or cable connection and / or the third data transmission connection as a WLAN, DSL or UMTS connection formed.
  • the first data transmission connection and / or the second data transmission connection and / or the third data transmission connection are selected by a user, in particular by a user of the third device, or by the third device or by the second device.
  • the user or user can therefore freely choose between the distribution networks or data transmission connections available to him, such as UMTS, WLAN or DSL. This can advantageously be achieved in each case the best possible transmission quality and / or the most favorable tariff.
  • the first data transmission connection and / or the second data transmission secured connection and / or the third data transmission connection secured are secured.
  • the third device provides at least one first parameter and / or the second device at least one second parameter for selecting the first data transmission connection and / or the second data transmission connection and / or the third data transmission connection.
  • the first parameter and / or the second parameter which are designed for example as an optimized transmission rate or optimized screen resolution, the optimal data transmission connection can be selected for the respective multicast service.
  • the security process has a registration process and / or an authentication process and / or an integrity process and / or a coding process, which in particular includes encryption and decryption of the media data.
  • the security data comprises registration data and / or cryptographic data, in particular keys and / or digital signatures, and / or synchronization data.
  • a part of the security data that is required for the authorized reception of the media data is identical at least for a predetermined group of the plurality of second devices.
  • the method according to the invention is used in or in conjunction with an MBMS security architecture.
  • MBMS security architecture reference is made to the technical specification 3GPP TS 33.246 "Security of Multimedia Broadcasting / Multicast Service", which at the filing date of the present application at the Internet address http: //www.3gpp.org/ftp/Specs/html-info/33-series .htm is retrievable, referenced.
  • the second device and the third device are each part of a single Personal Area Network (PAN).
  • PAN Personal Area Network
  • a presentation process for the visual and / or audible presentation of the received media data is performed.
  • FIG. 1 shows a schematic flow diagram of a preferred exemplary embodiment of the method according to the invention
  • FIG. 2 shows a schematic block diagram of a first exemplary embodiment of the coupling of the first, second and third apparatus according to the present invention.
  • Figure 3 a schematic block diagram of a second
  • FIG. 1 shows a schematic flow diagram of a preferred exemplary embodiment of the method according to the invention for transmitting media data MD of a multicast service by a first device S to a plurality of second devices D.
  • the inventive method is suitable for preventing reception of the media data MD by an unauthorized second device D by means of a security process.
  • the inventive method comprises the following method steps S1-S6:
  • Step S1 A first device S is provided, by means of which the media data MD protected by a security process can be provided.
  • the first device S is designed as a server in a network, in particular the Internet.
  • a third device M is provided, by means of which the security process with the first device S is carried out.
  • the third device M is preferably designed as a mobile phone and / or smart card.
  • the security process has a registration process and / or an authentication process and / or an integrity process and / or a coding process with encryption and decryption of the media data.
  • the security process is performed between the first device S and the third device M.
  • at least security data SD is exchanged between the first device S and the third device M to provide the media data MD.
  • the security data SD preferably has registration data and / or cryptographic data, in particular keys and / or digital signatures, and / or synchronization data.
  • the security data SD which are required for the legitimate receipt of the media data MD, can be identical at least for a predetermined group of the plurality of second devices D.
  • a second device D is selected, by means of which at least one receiving process for receiving the media data MD can be carried out.
  • the second device D is a laptop, personal computer (PC), personal digital
  • the second device D and the third device M are each part of a single Personal Area Network (PAN).
  • PAN Personal Area Network
  • a first data transmission connection 1 is selected, by means of which the first device S and the second device D can be coupled at least for the transmission of the media data MD.
  • the first data transmission connection 1 is preferably designed as a WLAN, DSL or UMTS connection.
  • the receiving process for receiving the provided media data MD by means of the second device D is carried out via the first data transmission connection 1.
  • the media data MD is transmitted by means of a streaming method.
  • the media data MD is continuously processed by the second device D during transmission.
  • the second device D displays the media data MD during continuous processing on an integrated display.
  • a presentation process for the visual and / or acoustic representation of the received media data MD is performed.
  • the transfer of the media data MD can take place by downloading an electronic object in a download method in which the media data MD is processed by the second device D only after complete reception of the electronic object and in particular on the Display the second device D are displayed.
  • the method according to the invention can be used in conjunction with an MBMS security architecture.
  • inventive method according to Figure 1 can be used for example in an arrangement according to Figure 2 or in an arrangement according to Figure 3.
  • a second data transmission connection 2 is selected, by means of which the third device M and the second device D can be coupled at least to transmit the security data SD.
  • the generated security data SD is then exchanged between the first device S and the third device M via the first data transmission connection 1 and via the second data transmission connection 2 for providing the media data MD.
  • Control data StD can also be transmitted via the second data transmission connection 2, by means of which the third device M acts as a type of remote control for the second device D.
  • the second data transmission connection 2 is designed, for example, as a Bluetooth connection.
  • a third data transmission connection 3 by means of which the first device S and the third device M can be directly coupled at least for transmission of the security data SD. Then the security data SD generated during the execution of the security process is exchanged between the first device S and the third device M directly via the third data transmission connection 3 for providing the media data MD.
  • the third data transmission connection 3 is designed, for example, as a WLAN, DSL or UMTS connection.
  • the channel DS is independent of the channel MS.
  • the first device S, the second device D and the third device M are designated by their reference symbols S, D and M.
  • M and S share a secret that is part of the security data SD and that is bound to the identities of M and S.
  • This secret arises in particular from the subscription of M to S.
  • M and S have a security relation.
  • this secret may be established, for example, by a generic bootstrapping architecture.
  • the technical specification 3GPP TS 33.220 "Generic Bootstrapping Architecture" is available at the filing date of the present application under the Internet address http: //www.3gpp.org/ftp/Specs/html-info/33-series .htm. Both examples below have the property that M transmits only as few security-relevant data to D as is absolutely necessary for D to be able to decrypt the multicast data stream.
  • the authentication of M to S is based on a challenge-response method.
  • AJ Menezes, PC van Oorschot, SA Vanstone, "Handbook of Applied Cryp- tography", CRC Press, Boca Raton 1997 is available on the Internet at the time of the filing date of this application at http: // /www.cacr.math.uwaterloo.ca/hac available, referenced.
  • the associated response is calculated by M on the basis of the secret shared with S and sent back to S.
  • S will send a new challenge with each response from this time onwards, on the basis of which M calculates and sends a response to a new message to S. This saves some messages from the - also possible - method in which M responds to each message first with a challenge.
  • S is authenticated by M.
  • This authentication can also be realized by a challenge-response method or by the use of sequence numbers, as described in 3GPP TS 33.102 "Security Architecture".
  • Example 1 M with safety and control function
  • M has the possibility to send commands or messages to the displaying device D. This allows it to play the role of remote control for D. Essentially D directs the Control messages or commands from M to the server S on and vice versa. In addition, D checks these messages, thereby gaining knowledge of when S sends data streams. This then does not forward D to S, but displays it. Further, D can send messages to M to learn the key needed for decryption.
  • the user selects a broadcast x at M, for example in response to a received text message.
  • M sends a request to D to register with the server for shipment x.
  • D forwards the message received from M to S.
  • This request contains a challenge.
  • M calculates the response associated with the challenge and sends it back to D.
  • M may terminate the reception of the transmission x and generates a message related thereto.
  • M checks whether it has the key required for decrypting the key y. If so, then the key y is decrypted. Otherwise, the key required for decryption is first requested. In both cases, OK will be returned
  • the server transmits a new key z to all multicast users. In order for only registered participants to be able to use the key z, it is encrypted using another key y, which is known to several / all authorized subscribers.
  • D does not know the key required for decryption and forwards the message to M.
  • M checks whether it has the key y necessary for decrypting the key z. If so, then the new key z is decrypted. Otherwise, the first thing needed is the decryption
  • M needs the key y and sends a corresponding key request to D.
  • Key z S sends the encrypted data stream in a multicast procedure to all subscribers.
  • D - ⁇ M request key z
  • the multicast data is decrypted by D.
  • the required key z is requested by D of M. If M does not have the key z, M initiates a key request and waits for the subsequent acknowledgment.
  • M transmits the requested key z to D.
  • Example 2 all dialogues between D and M of D are based on the user's side.
  • the communication between D and M is therefore similar to that between a mobile phone and its built-in smart card. Otherwise, example 2 corresponds to example 1.
  • only M can create messages to S because D can not sign them.
  • the user selects a transmission x for reception, such as an electronic program guide displayed on the screen.
  • M - * D Authentication Response M calculates the response associated with the challenge and returns it to D.
  • D needs a deregistration message that D can not create himself.
  • the server S transmits the key y separately to each multicast user. In order for only registered participants to be able to use the key y separately, this is done with the help of the only S and the respective one Multicast participant M known secret encrypted.
  • M checks whether it has the key required for decrypting the key y. If so, then y is decrypted and
  • M ⁇ D OK returned. Otherwise, M requests the request of the key 3 required for decryption. M ⁇ D: Error message together with request message for key y (including authentication)
  • Key z S sends the encrypted data stream in a multicast procedure to all subscribers.
  • the multicast data is decrypted by D.
  • the key required for this is requested by D from M. 3.
  • M transmits the requested key z to D. If M does not have the requested key z, communication continues instead of the last step as follows: 3. M ⁇ D: error message along with request message for key y (including authentication) M signals that the key y is needed and sends a corresponding request to D. 4. D - * S: Forward Request Message Key y D forwards the request to S. 5. S ⁇ D: OK

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Graphics (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP07703850A 2006-01-20 2007-01-15 Verfahren, vorrichtung, computerprogramm, datenträger und computerprogramm-produkt zum verhindern eines empfangs von mediendaten eines multicast-dienstes durch eine unberechtigte vorrichtung Withdrawn EP1974523A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102006002892A DE102006002892A1 (de) 2006-01-20 2006-01-20 Verfahren, System, Computerprogramm, Datenträger und Computerprogramm-Produkt zum Übertragen von Mediendaten eines Multicast-Dienstes
PCT/EP2007/050334 WO2007082860A1 (de) 2006-01-20 2007-01-15 Verfahren, vorrichtung, computerprogramm, datenträger und computerprogramm-produkt zum verhindern eines empfangs von mediendaten eines multicast-dienstes durch eine unberechtigte vorrichtung

Publications (1)

Publication Number Publication Date
EP1974523A1 true EP1974523A1 (de) 2008-10-01

Family

ID=37964747

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07703850A Withdrawn EP1974523A1 (de) 2006-01-20 2007-01-15 Verfahren, vorrichtung, computerprogramm, datenträger und computerprogramm-produkt zum verhindern eines empfangs von mediendaten eines multicast-dienstes durch eine unberechtigte vorrichtung

Country Status (6)

Country Link
US (1) US8745382B2 (zh)
EP (1) EP1974523A1 (zh)
JP (1) JP2009524309A (zh)
CN (1) CN101371553A (zh)
DE (1) DE102006002892A1 (zh)
WO (1) WO2007082860A1 (zh)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8108532B2 (en) 2006-08-29 2012-01-31 Samsung Electronics Co., Ltd. Service distribution apparatus and method
KR101458205B1 (ko) * 2007-09-17 2014-11-12 삼성전자주식회사 휴대 방송 시스템에서 방송 서비스 송수신 방법 및 장치
DE202019104321U1 (de) * 2019-08-06 2020-09-11 Tiger Media Deutschland Gmbh Verwaltungssystem für digitale Medien
DE202019104317U1 (de) * 2019-08-06 2020-09-11 Tiger Media Deutschland Gmbh System für einen gesteuerten Zugriff auf digitale Medieninhalte sowie Datenserver
DE202019104316U1 (de) * 2019-08-06 2020-04-01 Tiger Media Deutschland Gmbh Wiedergabevorrichtung, System und Datenserver

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001527326A (ja) * 1997-12-19 2001-12-25 ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー データ通信
SE516066C2 (sv) * 1999-01-20 2001-11-12 Netcom Ab Metod, system och nätverksnod för tillhandahållande av tjänster på Internet
US7185362B2 (en) * 2001-08-20 2007-02-27 Qualcomm, Incorporated Method and apparatus for security in a data processing system
EP1436946B1 (en) * 2001-10-19 2007-02-28 Nokia Corporation Transmission of multicast and broadcast multimedia services via a radio interface
DE10215747B4 (de) * 2002-04-10 2004-11-18 Siemens Ag Verfahren, Computerprogramm mit Programmcode-Mitteln und Computerprogramm-Produkt zu einem geschützten Herunterladen eines elektronischen Objekts in ein Personal Area Network (PAN) sowie Personal Area Network (PAN)
US7177658B2 (en) * 2002-05-06 2007-02-13 Qualcomm, Incorporated Multi-media broadcast and multicast service (MBMS) in a wireless communications system
ES2221535B1 (es) * 2002-07-31 2006-03-01 Airtel Movil, S.A. Un dispositivo de telefonia movil y un metodo de gestion de datos.
CN1476259A (zh) * 2002-08-16 2004-02-18 ��������ͨ�ż����о����޹�˾ 多媒体广播和组播业务寻呼的方法
JP4021288B2 (ja) * 2002-09-17 2007-12-12 株式会社エヌ・ティ・ティ・ドコモ 情報送信システム、情報送信装置、情報送信方法
MXPA04006758A (es) * 2002-09-23 2004-11-10 Lg Electronics Inc Esquema de comunicacion por radio para proveer servicios de difusion y multidifusion de multimedia.
ATE387069T1 (de) * 2003-05-09 2008-03-15 Motorola Inc VERFAHREN UND VORRICHTUNG ZUR KONTROLLE DES ZUGRIFFS AUF ßMULTIMEDIA BROADCAST MULTICAST SERVICEß IN EINEM PAKETDATENKOMMUNIKATIONSSYSTEM
ATE343882T1 (de) * 2003-05-16 2006-11-15 Siemens Ag Verfahren zum betreiben eines mbms (multimedia broadcast multicast service) für eine mobilstation nach ort oder qualität des signals
US7991396B2 (en) 2003-06-09 2011-08-02 Qualcomm Incorporated Method and apparatus for broadcast application in a wireless communication system
US8098818B2 (en) * 2003-07-07 2012-01-17 Qualcomm Incorporated Secure registration for a multicast-broadcast-multimedia system (MBMS)
AR045904A1 (es) * 2003-07-08 2005-11-16 Qualcomm Inc Metodo, aparato y medio legible por maquina para la seguridad en un sistema de procesamiento de datos
JP2005039607A (ja) 2003-07-16 2005-02-10 Sanyo Electric Co Ltd ウェブ接続機能を有する携帯電話機
US7646762B2 (en) * 2003-08-06 2010-01-12 Motorola, Inc. Method and apparatus for providing session data to a subscriber to a multimedia broadcast multicast service
US20050043035A1 (en) * 2003-08-21 2005-02-24 Diesen Michael J. Method and apparatus for providing multimedia broadcast multicast service data to a subscriber to a multimedia broadcast multicast service
US20050070277A1 (en) * 2003-09-30 2005-03-31 Teck Hu Method of initiating multimedia broadcast multicast services
US8437347B2 (en) * 2003-10-14 2013-05-07 Qualcomm Incorporated Scalable encoding for multicast broadcast multimedia service
SE0400055D0 (sv) * 2004-01-09 2004-01-09 Ericsson Telefon Ab L M MBMS linking for PMM idel mobiles
SE0400340D0 (sv) * 2004-02-11 2004-02-11 Ericsson Telefon Ab L M Method in a communication system
CN100499456C (zh) * 2004-04-14 2009-06-10 华为技术有限公司 一种多媒体广播/组播业务的会话开始方法
CN100394827C (zh) * 2004-09-10 2008-06-11 上海贝尔阿尔卡特股份有限公司 多媒体广播多播业务的去激活方法及有关设备
CN1303799C (zh) * 2004-10-28 2007-03-07 华为技术有限公司 一种控制多媒体广播/组播服务会话进行的方法
CN100581283C (zh) * 2004-11-16 2010-01-13 北京三星通信技术研究有限公司 适用于多媒体广播与组播业务的密码管理方法
US20060171369A1 (en) * 2005-02-03 2006-08-03 Telefonaktiebolaget L M Ericsson (Publ) Resource utilization for multimedia broadcast multicast services (MBMS)
US7796982B2 (en) * 2005-12-07 2010-09-14 Tor Anumana, Inc. Wireless controller device
US20080022325A1 (en) * 2006-06-30 2008-01-24 Advanced Micro Devices, Inc. Portable computing platform including wireless communication functionality and extended multimedia broadcast multicast service functionality
US8843118B2 (en) * 2006-08-21 2014-09-23 Interdigital Technology Corporation Multi-cell coordination for multimedia broadcast multicast services in a wireless communication system
US20080101270A1 (en) * 2006-10-10 2008-05-01 Nokia Corporation Enhanced multicast broadcast multimedia service
US20080130548A1 (en) * 2006-11-03 2008-06-05 Nokia Corporation Control signaling for multimedia broadcast multicast service point-to-multipoint over high speed downlink packet access information
US9008701B2 (en) * 2007-03-19 2015-04-14 Sharp Laboratories Of America, Inc. Multimedia broadcast and multicast service notification in long term evolution

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
None *
See also references of WO2007082860A1 *

Also Published As

Publication number Publication date
WO2007082860A1 (de) 2007-07-26
US8745382B2 (en) 2014-06-03
CN101371553A (zh) 2009-02-18
US20090138719A1 (en) 2009-05-28
DE102006002892A1 (de) 2007-08-02
JP2009524309A (ja) 2009-06-25

Similar Documents

Publication Publication Date Title
DE102006042554B4 (de) Verfahren und System zum kontinuierlichen Übertragen von verschlüsselten Daten eines Broadcast-Dienstes an ein mobiles Endgerät
DE60213650T2 (de) Zugriff auf verschlüsselten rundsendeinhalt
DE60209475T2 (de) Datensicherungs-kommunikationsvorrichtung und -verfahren
DE102010037271A1 (de) Verfahren zum Bereitstellen eines drahtlosen Fahrzeugzugangs
DE10307403A1 (de) Verfahren zum Bilden und Verteilen kryptographischer Schlüssel in einem Mobilfunksystem und Mobilfunksystem
DE102006060040B4 (de) Verfahren und Server zum Bereitstellen einer geschützten Datenverbindung
DE102011016513A1 (de) Bedrohungsmilderung in einem Fahrzeug-zu-Fahrzeug-Kommunikationsnetz
EP1284568A1 (de) Verfahren und Datenverarbeitungsvorrichtung zum Übertragen von Daten über verschiedene Schittstellen
WO2010145979A1 (de) Verfahren zum einbuchen eines mobilfunkgeräts in ein mobilfunknetz
EP2014010B1 (de) Verfahren, vorrichtungen und computerprogrammprodukt zum ver- und entschlüsseln von mediendaten
EP1974523A1 (de) Verfahren, vorrichtung, computerprogramm, datenträger und computerprogramm-produkt zum verhindern eines empfangs von mediendaten eines multicast-dienstes durch eine unberechtigte vorrichtung
DE112008002860T5 (de) Verfahren und Vorrichtung für das Bereitstellen einer sicheren Verknüpfung mit einer Benutzeridentität in einem System für digitale Rechteverwaltung
EP1673921B1 (de) Verfahren zur sicherung des datenverkehrs zwischen einem mobilfunknetz und einem ims-netz
EP1680903B1 (de) Verfahren zum bertragen von verschl sselten nutzdateno bjekten
WO2008037670A1 (de) Verfahren zum bereitstellen eines symmetrischen schlüssels zum sichern eines schlüssel-management-protokolls
EP1406464A1 (de) Verfahren sowie Kommunikationsendgerät zum gesicherten Aufbau einer Kommunikationsverbindung
EP2677791B1 (de) Verfahren und vorrichtung zum übermitteln einer prüfanfrage an ein identifizierungsmodul
DE10140446A1 (de) Verfahren und Datenverarbeitungsvorrichtung zum Übertragen von Daten über verschiedene Schnittstellen
WO2007131825A2 (de) Verfahren zur signalisierung einer verbindungsaufforderung zwischen datenverarbeitungsgeräten, bei dem über rundfunk ein verbindungsaufruf ausgestrahlt wird
EP1468520B1 (de) Verfahren zur datenverkehrssicherung in einer mobilen netzumgebung
DE102006054091B4 (de) Bootstrapping-Verfahren
WO2021228537A1 (de) Verfahren zur kopplung eines authentifizierungsmittels mit einem fahrzeug
DE10238928B4 (de) Verfahren zur Authentifizierung eines Nutzers eines Kommunikationsendgerätes bei Nutzung eines Dienstnetzes
EP1680906B1 (de) Authentizität und aktualität von sitzungsschlüssel-generierungen zwischen einem dienste-netzknoten und mindestens einem kommunikationsendgerät mit einer identifikationskarte
WO2004098218A1 (de) Verfahren zur installation oder deinstallation eines programmcodes in einer teilnehmerstation eines funkkommunikationssystems sowie teilnehmerstation

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20080605

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

17Q First examination report despatched

Effective date: 20081215

DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SIEMENS AKTIENGESELLSCHAFT

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAJ Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted

Free format text: ORIGINAL CODE: EPIDOSDIGR1

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 12/18 20060101ALI20180321BHEP

Ipc: H04L 29/06 20060101AFI20180321BHEP

Ipc: H04L 9/08 20060101ALI20180321BHEP

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

INTG Intention to grant announced

Effective date: 20180406

INTG Intention to grant announced

Effective date: 20180430

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20180911