KR101413418B1 - Method and System for Acquiring TBK of changed terminal in Broadcast System using Smartcard - Google Patents

Abstract

The present invention relates to a terminal binding key (TBK) acquisition system in a mobile communication system, and more particularly, to a system and method for acquiring a terminal binding key (TBK) from a service guide / A first terminal for receiving acquisition information for subscribing to at least one service using the service guide and acquiring the service guide and an ID of the subscribed service to a smart card; And transmits the acquisition information to the second terminal in response to a first request message for acquiring the acquisition information received from the second terminal, The ID of the subscribed service in the response message to the second request message for obtaining the ID of the subscribed service received from the terminal A service guide according to the acquisition information is received from the BSD / A by transmitting the third request message requesting the service guide according to the acquisition information to the BSD / A to the second terminal, And transmits the second request message to the smart card to receive the ID of the subscribed service, acquires the TBK information necessary for TBK acquisition using the ID of the subscribed service in the service guide according to the acquisition information, And the second terminal for acquiring the TBK by performing an authentication process using the information.

BCAST, TBK, SMART CARD

Description

TECHNICAL FIELD [0001] The present invention relates to a method and system for acquiring an encryption key of a terminal changed in a broadcasting system using a smart card,

The present invention relates to a method of managing encrypted information in a mobile broadcast system, and more particularly, to a system and method in which a new terminal acquires an encryption key when a terminal using a smart card is changed.

Generally, a broadcast service refers to transmitting an encrypted service from a server managing a broadcast service and receiving the encrypted service from a plurality of terminals. At this time, in a plurality of terminals, the encrypted service provided from the server is decrypted using the pre-stored encryption key so that the corresponding service can be used.

Meanwhile, due to the need for copyright protection technology to prevent indiscriminate duplication of distribution, such standard services such as 3rd Generation Partnership Project (3GPP) and Open Mobile Alliance (3GPP) OMA) introduced a variety of technologies based on the flexibility and convenience of user rights information (RO).

With this technology, the Smart Card Profile of the Open Mobile Alliance (OMA) BCAST v1.0 standard proposes a broadcasting service and content protection technique using a smart card. Rights portability is possible using the above-mentioned smart card. The right portability stores the DRM related information in a smart card such as a Universal Subscriber Identity Module (SIM) card and a User Identity Module (UIM) Means a function capable of playing back the pre-installed broadcast content. That is, the rights portability function enables the terminals to utilize the broadcast service and contents subscribed by the users from various terminals by using the DRM related information such as the Terminal Binding Key (TBK) stored in the smart card.

Hereinafter, a method of receiving a broadcast service and contents using a smart card will be described with reference to FIG.
FIG. 1 is a diagram illustrating a conventional method in which a terminal performs an authentication process with a BSM to receive a service.

Referring to FIG. 1, in step 110, the terminal A 103 receives a service guide including information on a service, parameters, and the like from the BSM 101 managing subscription information of a subscriber for receiving a broadcast service. In step 115, the terminal A 103 performs the GBA_U through the bidirectional connection with the BSM 101. [ The GBA_U is an authentication technique between a terminal and a smart card defined in 3GPP TS 33.220. In step 120, the terminal A 103 receives a service encryption key (SEK) / service authentication key (SAK) or a program encryption key (PEK) / program authentication key (BSK) from the BSM 101 : Long-Term Key Message (LTKM) containing the PAK (PAK). Then, in step 125, the terminal A 103 transmits the obtained LTKM to the smart card 105.

In step 130, the terminal A 103 acquires the TBK through a bidirectional connection with the BSM 101. The mobile terminal 103 obtains a Permission Issuer URL from which the TBK can be obtained from the service guide. The Permission Issuer URL refers to a specific BSM. OMA BCAST v1.0 uses TBK to confirm that it is a secure terminal for broadcast content protection (Content Protection). That is, the terminal that has undergone the authentication process with the BSM acquires the TBK. The terminal A 103 and the BSM 101 form an authentication and secure channel through HTTPS (Secure HTTP) used in the OMA BCAST v1.0. The BSM 101 transmits the TBK to the terminal A 130 do.

In step 135, the BSM 101 generates a short-term key message (STKM) by digitally signing the short-term key message created with other parameters including the encrypted traffic encryption key with the service authentication key, send. Then, in step 140, the terminal A 103 transmits the received STKM to the smart card 105.

In step 145, the smart card 105 detects a TEK from the received SKTM and transmits the TEK to the terminal 103. In step 150, the terminal A 103 can receive the encrypted service and contents transmitted from the BSM 101 using the TEK.

Since the TEK (Traffic Encryption Key) extracted in step 145 is encrypted by the TBK, the TBK decryption is performed only in the authenticated terminal that already owns the TBK.

However, the above-described method has a disadvantage that when a user changes a terminal, the broadcast service purchased and used by the user becomes impossible to use, and the subscription process is repeated again at a new terminal.

That is, the TBK (Terminal Binding Key) is a cryptographic key provided to a terminal authenticated in a smart card profile. Accordingly, when the user changes to a new terminal, a method for receiving a TBK from a new terminal must be provided.

However, OMA BCAST v1.0 does not specify the transmission of the TBK information to the smart card, which may be a problem in implementation of Rights Portability. That is, when receiving a broadcast service to a new terminal, when a TBK is required, a new terminal must acquire a TBK. However, at present, the OMA BCAST v1.0 Enabler does not specify how a new terminal acquires TBK when a smart card containing service information of an existing subscription is used in a new terminal.

SUMMARY OF THE INVENTION Accordingly, it is an object of the present invention to provide a system and method for managing terminals and smart cards using TBK information using a service guide for right portability.

Another object of the present invention is to provide an apparatus and method for storing TBK information in a smart card and a method for retrieving information from a smart card to a new terminal in order to implement Rights Portability.

It is another object of the present invention to provide an apparatus and method for setting a terminal binding key (TBK) related to an existing service in a terminal that is changed based on a smart card profile.

delete

delete

The system of the present invention is a terminal binding key (TBK) acquisition system in a mobile communication system, in which information required for reception of each service is stored from a service distribution / adaptation (BSD / A) A first terminal for receiving the service guide, subscribing to at least one service using the service guide, and acquiring acquisition information for acquiring the service guide and an ID of the subscribed service to the smart card; The acquisition information and the ID of the subscribed service and transmits the acquisition information to the second terminal in response to a first request message for acquiring the acquisition information received from the second terminal, In response to the second request message for obtaining the ID of the subscribed service received from the second terminal, Transmits a third request message requesting a service guide according to the acquisition information to the BSD / A to receive a service guide corresponding to the acquisition information from the BSD / A Transmits the second request message to the smart card to receive the ID of the subscribed service, acquires the TBK information necessary for TBK acquisition using the ID of the subscribed service in the service guide according to the acquisition information And the second terminal for acquiring the TBK by performing an authentication process using the TBK information.
A method for acquiring a Terminal Binding Key (TBK) in a mobile communication system, the method comprising the steps of: receiving a service from a service distribution / adaptation (BSD / A) Receiving service guide in which necessary information is stored, subscribing to at least one service using the service guide, acquiring acquisition information for acquiring the service guide, and transmitting the ID of the subscribed service to the smart card Storing the acquisition information and the ID of the subscribed service in the smart card; transmitting a third request message requesting a service guide according to the acquisition information from the second terminal to the BSD / A; BSD / A and receiving a service guide according to the acquisition information from the BSD / A; Receiving an ID of the subscribed service by transmitting a second request message for acquiring the ID of the subscribed service to the smart card; Obtaining TBK information necessary for TBK acquisition using the TBK information, and performing an authentication process using the TBK information to obtain the TBK.

delete

According to the present invention, when a user desires to use a service and contents required for a TBK using a new terminal, a new terminal can be provided with a TBK to enable safe use of services and contents.

In addition, the present invention allows a changed terminal to receive a service guide through a bi-directional channel in order to allow a user to use a service already subscribed to by a changed terminal.

Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In the following detailed description, exemplary embodiments of the present invention will be described.

The embodiments of the present invention will use the names of the entities defined in the 3GPP standard of the asynchronous mobile communication system or OMA, the application standard mechanism of the mobile terminal, for convenience of description, And is applicable to a system having a similar technical background

Hereinafter, a system configuration to which the present invention is applied will be described with reference to FIG.

2 is a block diagram showing a network configuration of a mobile broadcast system.

In FIG. 2, a content provider (BC) 210 is a provider of a broadcast service (BCAST service), and the BCAST service is a conventional voice / video broadcast service, a file (music file or data file) The BCAST service application unit (BSA) 220 receives the BCAST service data from the content provider (CC) 210 and processes the BCAST service data into a form suitable for the BCAST network of FIG. 2, And also generates standardized metadata necessary for the guidance of the mobile broadcasting service.

2, a BCAST Service Distribution / Adaptation (BSD / A) 230 establishes a bearer for transmitting BCAST service data supplied from the BCAST service application unit (BSA) Determines a transmission schedule, and plays a role of generating a mobile broadcast guide according to an embodiment of the present invention. The BCAST Subscription Management (BSM) 240 manages subscriber's subscription information for receiving the BCAST service, BCAST service provision information, and device information for the mobile terminal receiving the BCAST service.

2, a terminal 250 is a terminal capable of receiving a BCAST service and has a function of being able to be connected to a cellular network according to the performance of the terminal.

Generally, in a BCAST service, a plurality of mobile terminals receive encrypted service data when a server managing the broadcast service transmits the encrypted service data. At this time, a plurality of mobile terminals can use the corresponding service by deciphering the encrypted service data provided from the server by using a predetermined encryption key stored in advance in the terminal. In this regard, the methods of encrypting broadcast contents and services are classified into two aspects, that is, service protection and content protection. Herein, the service protection refers to the protection of a transport channel between the BCAST service distribution / adaptation unit (BSD / A) 230 and the mobile terminal 250. The content protection is performed by the BCAST service application unit (BSA) End-to-end protection between terminals 250. FIG.

Although not shown in FIG. 2, the terminal has a built-in smart card or an external smart card. The smart card may include (U) SIM and (R-) UIM.

A description will now be made of a method for acquiring the encryption of the changed terminal according to the present invention on the system as described above.

The modified encryption method of the terminal of the present invention proposes two embodiments.

The first embodiment is a method for acquiring the TBK using the TBK information through the broadcast channel in the second terminal, and the second embodiment will describe a method for acquiring the TBK using the TBK information through the mutual channel.

Hereinafter, a method of acquiring TBK using TBK related information through a broadcast channel according to a first embodiment of the present invention will be described with reference to FIG.

Referring to FIG. 3, in step 310, the BSD / A 301 transmits a service guide to the terminal A 303 subscribed to a specific broadcast service. Although not shown in the figure, when the TBK is requested for the broadcast service to which the terminal A 303 is subscribed, the terminal A 303 acquires the TBK through authentication with the BSM 302. Authentication with the BSM 302 and acquisition of the TBK follow the specifications specified in the OMA BCAST v1.0 standard.

In step 320, the terminal A 303 transmits a Globalservice ID indicating the IDs of the subscribed services to the smart card 305. In step 330, the smart card 305 establishes a connection with the new terminal B 304. Then, in step 340, the smart card 305 transmits the IDs of the subscribed services to the new terminal B 304. In step 350, the terminal B 304 receives a service guide from the BSD / A 301 through a broadcast channel.

 In step 360, the terminal B 304 compares the service IDs subscribed by the user with the service guide transmitted by the smart card in the received service guide, and searches the TBK information necessary for TBK acquisition. This is done by checking if there is a TBK related field in the service guide.

In step 360, the terminal B 304 connects with the BSM 302 corresponding to the permission issuer URL of the TBK information included in the service guide, and performs an HTTPS authentication process defined in the OMA BCAST v1.0 . In step 370, the TBK of the service requiring the TBK is acquired.

Next, TBK is acquired using TBK-related information through an interaction channel according to the second embodiment of the present invention.

Referring to FIG. 4, in step 410, the BSD / A 401 transmits to the terminal A 401 a service guide in which information necessary for receiving each service is stored. In step 420, the terminal A 401 subscribes to at least one service using the service guide, and acquires the service guide acquisition information for acquiring the service guide and the identifier of the subscribed service, To the card 405.

The service guide acquisition information includes an identifier of a fragment of a service guide related to the subscribed services and url information (SG Acquosotion URL) that can acquire the service guide.
The smart card 405 stores the acquisition information and the ID of the subscribed service. In step 430, the smart card 405 is connected to a new terminal B404. In step 440, the terminal B 404 acquires an identifier related to the Access Fragment of the service guide including the TBK related information from the smart card 405, and also receives the URL information capable of searching for or obtaining the service guide . For this, in step 440, the terminal B 404 transmits the following "Retrieve request message" to the smart card 405, and in response, the smart card 405 transmits the following "Retrieve response message" to the terminal 404 do. That is, the Tag field of the " Retreive request message " is set to 1, and the " Retrieve response message " includes TBK ID and Permission Issuer URI,

In step 450, the terminal B 404 transmits a service guide request message requesting the service guide according to the acquisition information to the BSD / A 401 using the identifier and URL information acquired from the smart card 405 send. In step 460, the terminal B (460) receives the requested service guide from the BSD / A (401).
In step 470 and step 480, the terminal B 404 designates the TAG field of the "Retrieve request message" below as "0" to acquire the GlobalService ID indicating the ID of the subscribed service among the TBK related information and transmits it to the smart card 405 The terminal B 404 receives the following "Retrieve response message" containing the GlobalServiceID from the smart card 405. In step 490, the terminal B 404 searches TBK information (TerminalBindingKeyID, PermissionIssuerURI, etc.) necessary for TBK acquisition using the GlobalServiceID in the received service guide. That is, the terminal B 404 is made by confirming that the TBK related field is present in the service guide. In other words, the terminal B 404 can acquire the TBK through the HTTPS authentication process defined in the OMA BCAST v1.0 by connecting to the permission issuer URL specified in the service guide.

delete

<Retrieve request message format>

The 'Retrieve Request Message' below is a message used when the terminal requests specific information from the smart card.

Name T
y
p
e C
a
t
e
g
o
r
y C
a
r
d
i
n
a
l
i
t
y Description Data Type RetrieveRequest E Retrieve request message Requested A O One Identifier of this request message unsignedInt Tag A M One Information requested by this message
0 Subscribed Service IDs
1 TBK Acquisition Information unsignedByte

<Retrieve response message format>

The following 'Retrieve response message' is a message transmitted from the smart card at the request of the terminal.

Name T
y
p
e C
a
t
e
g
o
r
y C
a
r
d
i
n
a
l
i
t
y Description Data Type RetrieveResponse E Retrieve response message Requested A M One Identifier of this request message unsignedInt GlobalStatusCode A M One Code value for result of processing RetrieveRequest message unsignedByte Permission Issuer URI A O 0..1 URL required to obtain service guide anyURI Fragment id A O 0..1 Identifier of fragment anyURI GlobalServiceID A O 0..n A unique identifier for the service anyURI

The method set in FIG. 4 is used for TBK acquisition, but can be used for acquiring the entire service guide in the new terminal B. To do this, the terminal B assigns a value in the message body of HTTP / 1.1 in the format of <key> - <value> in step 450. In other words, specify "all" for <key> and "true" for <value> to BSD / A. In response, the terminal B can receive the requested full service guide from the BSD / A.

1 is a signal flow diagram illustrating an encryption key acquisition and SAC establishment method for a broadcast service according to the prior art;

2 is a diagram showing a configuration of a mobile broadcast system;

3 is a signal flow diagram illustrating a service guide and an encryption key acquisition method over a broadcast channel in accordance with a first embodiment of the present invention.

4 is a signal flow diagram illustrating a service guide and an encryption key acquisition method over an interaction channel according to a second embodiment of the present invention.

Claims (6)

A system for acquiring a Terminal Binding Key (TBK) in a mobile communication system, Receiving a service guide in which information necessary for reception of each service is stored from a service distribution / adaptation unit (BSD / A), subscribing to at least one service using the service guide, A first terminal for transmitting acquisition information for acquiring the ID of the subscribed service to the smart card, Storing the acquisition information and the ID of the subscribed service, transmitting the acquisition information to the second terminal in response to a first request message for acquiring the acquisition information received from the second terminal, The smart card transmitting the ID of the subscribed service to the second terminal in response to the second request message for obtaining the ID of the subscribed service received from the terminal, Transmits a third request message requesting a service guide according to the acquisition information to the BSD / A to receive a service guide according to the acquisition information from the BSD / A, and transmits the second request message to the smart card Acquiring TBK information necessary for TBK acquisition using the ID of the subscribed service in a service guide according to the acquisition information, performing an authentication process using the TBK information, And the second terminal acquiring the TBK from the second terminal. The method according to claim 1, Wherein the TBK information comprises: A TBK ID corresponding to the subscribed service, and an address capable of issuing a TBK corresponding to the subscribed service. The method according to claim 1, The acquiring information includes: An address from which the service guide can be obtained, and a fragment ID of the service guide. A method for acquiring a Terminal Binding Key (TBK) in a mobile communication system, The first terminal receives a service guide in which information necessary for reception of each service is stored from a service distribution / adaptation (BSD / A), subscribes to at least one service using the service guide Transmitting acquisition information for acquiring the service guide and an ID of the subscribed service to a smart card; storing the acquisition information and the ID of the subscribed service in the smart card; Receiving a service guide according to the acquisition information from the BSD / A by transmitting a third request message requesting a service guide according to the acquisition information to the BSD / A in a second terminal; Transmitting a second request message for acquiring an ID of the subscribed service from the second terminal to the smart card to receive the ID of the subscribed service; Acquiring the TBK information necessary for TBK acquisition using the ID of the subscribed service in the service guide according to the acquisition information at the second terminal and performing the authentication process using the TBK information to acquire the TBK Wherein the TBK acquisition method comprises the steps of: 5. The method of claim 4, Wherein the TBK information comprises: A TBK ID corresponding to the subscribed service, and an address capable of issuing a TBK corresponding to the subscribed service. 5. The method according to claim 4, An address from which the service guide can be obtained, and a fragment ID of the service guide.

Images