KR20130050715A - Method and apparatus for encryption of entitlement control message - Google Patents
Method and apparatus for encryption of entitlement control message Download PDFInfo
- Publication number
- KR20130050715A KR20130050715A KR1020110115932A KR20110115932A KR20130050715A KR 20130050715 A KR20130050715 A KR 20130050715A KR 1020110115932 A KR1020110115932 A KR 1020110115932A KR 20110115932 A KR20110115932 A KR 20110115932A KR 20130050715 A KR20130050715 A KR 20130050715A
- Authority
- KR
- South Korea
- Prior art keywords
- control message
- encryption key
- entitlement control
- subscriber
- entitlement
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/441—Acquiring end-user identification, e.g. using personal code sent by the remote control or by inserting a card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
Abstract
The present invention relates to a method and apparatus for encrypting entitlement control message.
The entitlement control message encryption method according to an embodiment of the present invention includes receiving entitlement control message request information transmitted from a subscriber station, and transmitting a claim control message encryption key for encrypting a claim control message requested by the subscriber station. Requesting the subscriber encryption key database, if the subscriber encryption key database cannot transmit the entitlement control message encryption key, generating the entitlement control message encryption key, requested by the subscriber station using the generated entitlement control message encryption key Encrypting the entitlement control message, and transmitting the encrypted entitlement control message.
According to the present invention, even if a failure occurs in the subscriber encryption key database, the encryption key can be quickly provided through an emergency encryption method.
Description
The present invention relates to a method and apparatus for encrypting a message, in particular a credential control message in a security system of an Internet Protocol Television (IPTV) based on a Conditional Access System.
IPTV service is an interactive TV service based on the Internet Protocol, and provides a VOD service so that subscribers can selectively use desired content at a desired time. On the other hand, IPTV service allows subscribers to pay the content usage fee in order to provide high quality and stable VOD service, and introduces a cryptographic system to control such limited use. That is, when the content is transmitted in an encrypted state, only the subscriber having the right to use the corresponding content can decrypt and use the encrypted content, thereby providing a service that can use the paid content only to a subscriber having the right to use the right. .
The reception restriction system, which is one of the encryption systems of the IPTV service, is a system that enables the contents to be used by decrypting the encrypted contents using a content encryption key provided separately when the subscriber terminal executes the provided encrypted contents. In this case, the content encryption key provided to the subscriber terminal is included in the Entitlement Control Message, and the entitlement control message is also encrypted to prevent the encryption key from being exposed. The layered encryption key is stored, maintained and managed for each subscriber in a subscriber encryption key database.
However, if the encryption key is not provided due to a failure in the subscriber encryption key database, the requested entitlement control message cannot be encrypted until the failure is recovered, and thus, a seamless VOD service cannot be provided to the subscriber.
It is an object of the present invention to provide a seamless VOD service to a subscriber by generating an encryption key and encrypting an entitlement control message even when a failure occurs in a database storing the subscriber encryption key.
An object of the present invention is to generate an encryption key using the entitlement control message request information received from the subscriber station, so that the entitlement control message can be encrypted more quickly without additional information exchange between the cryptographic system and the subscriber station.
The objects of the present invention are not limited to the above-mentioned objects, and other objects and advantages of the present invention which are not mentioned can be understood by the following description and more clearly understood by the embodiments of the present invention. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
In accordance with an aspect of the present invention, there is provided a method for encrypting a credential control message, the method comprising: receiving credential control message request information transmitted from a subscriber station; Requesting transmission to the subscriber encryption key database, generating a credential control message encryption key if the subscriber encryption key database cannot send the requested credential control message encryption key, using the generated credential control message encryption key And encrypting the entitlement control message requested by the subscriber station and transmitting the encrypted entitlement control message.
In addition, the present invention provides an apparatus for entitlement control message encryption, comprising: a receiver for receiving entitlement control message request information transmitted from a subscriber station, and transmission of an entitlement control message encryption key for encrypting an entitlement control message requested by the subscriber station; An encryption key generation unit for requesting a key database and generating a credential control message encryption key when the subscriber encryption key database cannot transmit the requested credential control message encryption key. The subscriber terminal using the generated credential control message encryption key. And an encryption unit for encrypting the requesting entitlement control message and a transmitting unit for transmitting the encrypted entitlement control message.
According to the present invention as described above, even if a failure occurs in the database in which the subscriber encryption key is stored, the encryption key can be generated directly to provide a seamless VOD service to the subscriber by encrypting the entitlement control message.
In addition, according to the present invention, by generating an encryption key using the entitlement control message request information received from the subscriber station, there is an advantage that the entitlement control message can be more quickly encrypted without additional information exchange between the encryption system and the subscriber station.
1 is a block diagram of a credential control message encryption apparatus according to an embodiment of the present invention.
2 is a diagram for explaining a credential control message encryption method according to one embodiment of the present invention;
3 is a flowchart illustrating a method for encrypting entitlement control message according to an embodiment of the present invention.
The above and other objects, features, and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings, which are not intended to limit the scope of the present invention. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, the same reference numerals are used to denote the same or similar elements.
1 is a block diagram of a credential control message encryption apparatus according to an embodiment of the present invention.
Referring to FIG. 1, the entitlement control
The
The encryption
In this case, the encryption
The
The
2 is a diagram illustrating a method for encrypting a qualification control message according to an embodiment of the present invention.
Referring to FIG. 2, the
In the present embodiment, the content encryption key is stored separately from the content, and delivered to the subscriber when the subscriber requests. That is, when the user wants to use the encrypted content, the
The
The
The entitlement control
However, when a failure occurs in the subscriber
In one embodiment of the present invention, the entitlement
The entitlement
Subsequently, the entitlement
When the
3 is a flowchart illustrating a credential control message encryption method according to an embodiment of the present invention.
Referring to FIG. 3, first, a qualification control message request information transmitted from a subscriber station is received (302).
Subsequently, the request for transmission of the entitlement control message encryption key for encrypting the entitlement control message requested by the subscriber station to the subscriber encryption key database (304).
If the subscriber encryption key database is unable to send the entitlement control message encryption key, the entitlement control message encryption key is generated directly (306). In this case, the entitlement control message encryption key may be generated using a specific bit extracted from the subscriber authentication hash value included in the entitlement control message request information.
Thereafter, the entitlement control message requested by the subscriber station may be encrypted using the generated entitlement control message encryption key (308).
Subsequently, an encrypted entitlement control message may be transmitted to the subscriber station (310). In this case, the encrypted entitlement control message may include failure occurrence information indicating a failure of the subscriber encryption key database.
As described above, the present invention may be variously deformed, modified, and changed without departing from the technical spirit of the present invention by those skilled in the art. It is not limited by.
Claims (6)
Requesting a subscriber encryption key database to transmit a credential control message encryption key for encrypting a credential control message requested by the subscriber station;
Generating the entitlement control message encryption key if the subscriber encryption key database is unable to transmit the entitlement control message encryption key;
Encrypting a credential control message requested by the subscriber station using the generated credential control message encryption key; And
Transmitting the encrypted entitlement control message
Entitlement control message encryption method that includes.
Generating the entitlement control message encryption key,
Generating the entitlement control message encryption key using a specific bit extracted from the subscriber authentication hash value included in the entitlement control message request information;
Entitlement control message encryption method that includes.
The encrypted entitlement control message is
A failure occurrence information indicating a failure of the subscriber encryption key database;
Entitlement Control Message Encryption Method.
Requesting transmission of a credential control message encryption key for encrypting a credential control message requested by the subscriber station, and if the subscriber encryption key database cannot transmit the credential control message encryption key, the credential An encryption key generator for generating a control message encryption key;
An encryption unit for encrypting the entitlement control message requested by the subscriber station using the generated entitlement control message encryption key; And
A transmitter for transmitting the encrypted entitlement control message
Entitlement control message encryption device comprising.
The encryption key generation unit
Generating the entitlement control message encryption key using a specific bit extracted from the subscriber authentication hash value included in the entitlement control message request information;
Entitlement Control Message Encryption Device.
The encrypted entitlement control message is
A failure occurrence information indicating a failure of the subscriber encryption key database;
Entitlement Control Message Encryption Device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020110115932A KR20130050715A (en) | 2011-11-08 | 2011-11-08 | Method and apparatus for encryption of entitlement control message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020110115932A KR20130050715A (en) | 2011-11-08 | 2011-11-08 | Method and apparatus for encryption of entitlement control message |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20130050715A true KR20130050715A (en) | 2013-05-16 |
Family
ID=48661000
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020110115932A KR20130050715A (en) | 2011-11-08 | 2011-11-08 | Method and apparatus for encryption of entitlement control message |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20130050715A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20180037815A (en) * | 2016-10-05 | 2018-04-13 | 에스케이텔레콤 주식회사 | Networlk device and terminal device, control method thereof |
-
2011
- 2011-11-08 KR KR1020110115932A patent/KR20130050715A/en not_active Application Discontinuation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20180037815A (en) * | 2016-10-05 | 2018-04-13 | 에스케이텔레콤 주식회사 | Networlk device and terminal device, control method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2595082B1 (en) | Method and authentication server for verifying access identity of set-top box | |
CN101448130B (en) | Method, system and device for protecting data encryption in monitoring system | |
CN109218825B (en) | Video encryption system | |
JP6452205B2 (en) | Key distribution in satellite systems | |
CN109151508B (en) | Video encryption method | |
US20100098249A1 (en) | Method and apparatus for encrypting data and method and apparatus for decrypting data | |
JP4519935B2 (en) | Information communication method, communication terminal device, and information communication system | |
KR20110004333A (en) | Processing recordable content in a stream | |
US8176331B2 (en) | Method to secure data exchange between a multimedia processing unit and a security module | |
CN104735484A (en) | Method and device for playing video | |
KR20110004332A (en) | Processing recordable content in a stream | |
US20060104442A1 (en) | Method and apparatus for receiving broadcast content | |
US11308242B2 (en) | Method for protecting encrypted control word, hardware security module, main chip and terminal | |
CN101626484A (en) | Method for protecting control word in condition access system, front end and terminal | |
CN105191332A (en) | Method and device to embed watermark in uncompressed video data | |
CN101202883A (en) | System for numeral copyright management of IPTV system | |
KR101005844B1 (en) | Conditional access system for ts packet processing based on memory card | |
US10411900B2 (en) | Control word protection method for conditional access system | |
KR20130050715A (en) | Method and apparatus for encryption of entitlement control message | |
CN201830399U (en) | Front end and client of conditional access system | |
CN105959738B (en) | A kind of bidirectional conditional reception system and method | |
US20160165279A1 (en) | Method of transmitting messages between distributed authorization server and conditional access module authentication sub-system in renewable conditional access system, and renewable conditional access system headend | |
KR102516004B1 (en) | System for security key managing of video file and method for key generating thereof | |
KR101609095B1 (en) | Apparatus and method for data security in content delivery network | |
KR101703489B1 (en) | Broadcast scrambling system based on file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |