WO2006042467A1 - Procede de traitement d'acces a un signal de television par cable - Google Patents

Procede de traitement d'acces a un signal de television par cable Download PDF

Info

Publication number
WO2006042467A1
WO2006042467A1 PCT/CN2005/001718 CN2005001718W WO2006042467A1 WO 2006042467 A1 WO2006042467 A1 WO 2006042467A1 CN 2005001718 W CN2005001718 W CN 2005001718W WO 2006042467 A1 WO2006042467 A1 WO 2006042467A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
top box
set top
data stream
descrambling
Prior art date
Application number
PCT/CN2005/001718
Other languages
English (en)
Chinese (zh)
Inventor
Yong Li
Original Assignee
Beijing Watch Data System Co. Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Watch Data System Co. Ltd filed Critical Beijing Watch Data System Co. Ltd
Publication of WO2006042467A1 publication Critical patent/WO2006042467A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44231Monitoring of peripheral device or external card, e.g. to detect processing problems in a handheld device or the failure of an external recording device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only

Definitions

  • the invention relates to the field of communication and is applied to a conditional receiving system in the field of pay television.
  • it relates to a method for descrambling and decrypting cable television signals on a smart card.
  • the Conditional Access system is the core technology for pay TV. It is to ensure that paid users (called authorizations) can receive the TV programs and services they have subscribed to, but not for unpaid users.
  • authorizations paid users
  • Conditional reception of pay TV consists of two mutually independent key parts, the descrambling part and the receiving control part (data and decryption), where descrambling and decryption are undoubtedly a security-critical information process.
  • CA Conditional Access
  • the first generation is characterized by equipment and is typically used in analog systems. Many years ago, in order to realize the effective charging of cable TV, the analog signal was scrambled at the front end so that the ordinary TV set could not be viewed. Only the user who installed the scrambler could watch it normally.
  • Such a system can control the descrambler switch of a single user through the addressing of the front end.
  • the system can achieve full-band scrambling and channel scrambling.
  • the methods are usually video inversion, horizontal sync overlap, vertical sync overlap, digital random video line jitter, etc., which usually cause loss of signal.
  • the second generation of the basic principle is to use the scrambling control word CW encryption transmission method, the user side uses the IC card to decrypt. Due to the use of digital technology, there is no loss of signal, and the confidentiality and reliability of the system are greatly improved.
  • DVB has a standard; the encryption algorithm for control words is generally Adopt RSA and 3DES algorithm:
  • Adopt RSA and 3DES algorithm For the encryption system, different systems are very different. There are two kinds of technologies: one is the password circulation system represented by Irdeto system, and the other is the utilization system represented by NDS system. There are algorithms to protect.
  • the object of the present invention is to provide a cable television signal receiving processing method for enhancing the problem that an existing data stream is easily monitored, and also solves the problem that the set top box in the prior art cannot achieve a well-formed production.
  • a cable television signal receiving and processing method which uses a smart card and a set top box for data stream descrambling and decryption processing, and is characterized in that: authorization management information (EEC processing unit, authorization control information (ECM) processing unit, and descrambling unit are set on the smart card, When receiving a signal, the following steps are included:
  • the smart card transmits the packet identifier in the program specific information (PSI) according to the decoding device. (PID), find E read, and decrypt the E read to obtain the service key (SK); the smart card uses SK to decrypt the ECM to obtain the control word (CW);
  • PSI program specific information
  • the smart card uses the CW to perform descrambling processing through the descrambling unit, and sends the descrambled data stream to the set top box;
  • the set top box sends the descrambled data stream to the video terminal for playing.
  • the CW is randomly generated.
  • the SK is preset.
  • the smart card performs data interaction with the set top box through the USB interface.
  • the step A is to perform mutual authentication between the set top box and the smart card.
  • authentication is specified in advance between the set top box and the smart card, and the certificate is issued to match the correspondence between the set top box and the smart card for authentication.
  • the root certificate is saved in the set top box and the smart card, and the authentication is performed by authenticating the root certificate.
  • the step B further includes the step of verifying whether the user has the right to receive the data stream, and if yes, proceeding to step C, and if not, displaying the insufficient authority information prompt.
  • the step C further includes the step of verifying whether the specified amount of payment is completed. If yes, the process proceeds to step D. If not, the unpaid information prompt is displayed.
  • the invention achieves the separation of the set top box and the smart card, conforms to the DVB-related CI standard, and is further improved from the security, and is widely applicable to the pay television system.
  • the invention solves the problem that the cable signal is descrambled and decrypted on the smart card from the perspective of security, and solves the weakness that the data flow at the interface of the general smart card and the descrambler can be monitored. Prevent the resulting replay and pseudo-card attacks.
  • the descrambler can be made general-purpose and easy to mass-produce.
  • Figure 1 is a schematic diagram showing the flow of data between the smart card and the set top box of the present invention
  • FIG. 2 is a schematic diagram of pin settings of a smart card used in an embodiment of the present invention.
  • FIG. 3 is a schematic flow chart of the data stream processing of the present invention. detailed description
  • the present invention performs a method for descrambling and decrypting cable television signals on a smart card, and uses the reserved contacts C4 and C8 to realize the transmission of descrambled data, using the original data I/O. Realize the transmission of encrypted and decrypted data. Use the USB interface to implement the data interface with the set-top box. This realizes the function of fully modularizing the descrambling and decryption functions on the smart card. Therefore, the present invention sets the Eli processing module, the ECM processing module and the descrambling processing module on the smart card, and performs corresponding processing.
  • the advantage of the present invention lies in the separation of the set-top box and the conditional receiving function, and the function of receiving the condition by the smart card.
  • the data processing between the various parts is shown in Fig. 1.
  • the interface between the smart card and the set top box is a USB interface. Since the smart card is designed as a descrambling and decryption module of the set-top box, the USB interface is designed in the same way as the set-top box and the smart card.
  • data stream 1 and data stream 2 are respectively pre-disturbed and descrambled video data streams, and in the present invention, the rate requirements of the MPEG2 data stream used in general can be satisfied.
  • Data stream 3 is ECM information and data stream 4 is EMM information.
  • the pin assignment and USB interface description of the smart card of the present invention are as shown in FIG. 2, and according to IS0/IEC 7816-2, regarding the arrangement of eight pins of the integrated circuit IC card, S can be set as follows: 8 references 5 ⁇ The feet are arranged in two columns, each column of 4, each pin scale is 2 * 17, column spacing 5. 62 ⁇ , pin longitudinal distance 1.7 wake up.
  • the eight pins are numbered Cl, C2, C3, C4, C5, C6, C7, C8, where CI is the supply voltage, C2 is the reset signal, C3 is the clock signal, C5 is the ground, C6 is the programming voltage, C7 is the input and output, and C4 and C8 are defined as the input and output of the descrambled video stream.
  • This pin implements data transfer via the USB interface.
  • USB is the interface between the set-top box and the smart card.
  • FIG. 3 it is a schematic flowchart of the data stream receiving process of the present invention. As can be seen from the figure, the present invention mainly includes the following steps:
  • the external authentication is first performed to authenticate the legitimacy of the set-top box and the smart card.
  • the authentication is performed between the set-top box and the smart card.
  • the authentication mode is selected.
  • One is the authentication specified between the set-top box and the smart card.
  • the certificate is issued to match the correspondence between the set-top box and the smart card, so that the designated smart card can only be used on the designated set-top box. It is the authentication of the same conditional receiving system service.
  • By storing the root certificate in the set-top box and the smart card authentication is implemented to limit the use of one smart card in the same service domain.
  • the smart card can only be connected to the specified set-top box device to protect the smart card. If you want to implement the authentication function used by a smart card in multiple conditional access systems, you need to save multiple root certificates in the smart card, so you can choose different root certificates for different systems.
  • the set-top box receives the PSI transmitted by the smart card, and the set-top box finds the EMM processing unit according to the PID in the PSI.
  • the smart card uses the user key to decrypt E and get SK.
  • the ECM processing unit of the smart card uses SK to decrypt the ECM to obtain the CW, and verifies whether the user has paid the specified fee for receiving the data stream. If the verification fails, the unpaid information is prompted, and the user is required to pay the relevant fee. If the verification is passed, the following processing is performed.
  • the CW is sent to the descrambling unit, and the video stream sent by the descrambling unit receiver top box is descrambled and sent back to the set top box. After the set-top box is delivered to the user's terminal video device, the corresponding content can be viewed.
  • the descrambling unit of the present invention mainly supports TS layer (Transport Stream) descrambling.
  • TS layer Transport Stream
  • the video and audio are scrambled with the same control word (CW), and the CW is transmitted in an ECM stream of the same PID.
  • a high-speed decryption mechanism is provided by means of a built-in 3DES chip.
  • the decryption method of the present invention mainly supports symmetric and asymmetric encryption algorithms for all current applications. Decrypt the ECM and E and get CW and SK. Smart cards provide a hardware-level protection mechanism that protects the security of the keys.
  • the CW control word of the invention is randomly generated and frequently updated (updated every 5-20S).
  • the management of SK generally adopts a preset mode, and the method of prefabricating SK directly decrypts the ECM by using SK, and the scheme can be used in the descrambling chip. In design, some changes, such as encryption that supports voice and image separation, support faster encryption algorithms.
  • security algorithms commonly used by smart cards include 3DES, RSA, and algorithms issued by the Secret Office. It is generally considered that the RSA algorithm of more than 1024 bits has sufficient security for the application of the CA system;
  • the 3DES algorithm is the main algorithm used in current viewing cards, so it can be considered that the security of the algorithm itself can meet the needs of general commercial TV stations.
  • the production of the smart card of the invention is a process for the user to make a card, and the user authorization information and the key are initialized. If the pre-made SK method is adopted, a SK needs to be set in the card issuance process.
  • the invention is inserted into the set-top box for the first time, and the initialization is completed.
  • the work including the initialization of the root certificate of the CA. Determine the correspondence between the smart card and the set top box. To enhance security, it can also be initialized when the set-top box is sold.
  • the scrambled data stream of the control word ECM enters the smart card, and after receiving the ECM, the smart card checks the validity of the current SK by verifying the ECM authentication code, and then decompresses the CW and simultaneously deducts the ECM from the public wallet. The amount indicated in the charge.
  • the CW is passed to the descrambling module, and the CW is used for descrambling, and the descrambled data stream is transmitted back to the set top box.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

procédé de traitement d'accès à un signal de télévision par câble selon lequel le flux de données est désembrouillé et décrypté par une carte à puce coopérant avec un boîtier décodeur. La carte à puces comporte une unité de traitement EMM, un circuit de traitement ECM et une unité de désembrouillage. La procédure d'accès selon ce procédé englobe les opérations suivantes: A) authentification réciproque entre la carte à puce et le boîtier décodeur; B) repérage de l'unité EMM par la carte à puce conformément à l'identifiant de paquets dans les informations de spécifications de programme fournies par le dispositif de décodage, puis décryptage de l'unité EMM et obtention de la clé de servie; C) décryptage de l'ECM par la carte à puces au moyen de la clé de service, et obtention du mot de commande; D) désembrouillage par la carte à puce via l'unité de désembrouillage au moyen du mot de commande et transmission du flux de données désembrouillé au boîtier décodeur; et E) transmission par le boîtier décodeur du flux de données désembrouillé au dispositif vidéo pour affichage. Ce procédé permet de séparer facilement le boîtier décodeur et la carte à puce, de satisfaire à la norme CI correspondante de DVB, d'améliorer la sécurité et peut s'appliquer largement aux systèmes payants de télévision par câble.
PCT/CN2005/001718 2004-10-22 2005-10-20 Procede de traitement d'acces a un signal de television par cable WO2006042467A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200410083894.1 2004-10-22
CNB2004100838941A CN100477785C (zh) 2004-10-22 2004-10-22 一种有线电视信号接收处理方法

Publications (1)

Publication Number Publication Date
WO2006042467A1 true WO2006042467A1 (fr) 2006-04-27

Family

ID=36202677

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/001718 WO2006042467A1 (fr) 2004-10-22 2005-10-20 Procede de traitement d'acces a un signal de television par cable

Country Status (2)

Country Link
CN (1) CN100477785C (fr)
WO (1) WO2006042467A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100744340B1 (ko) * 2005-10-13 2007-07-30 삼성전자주식회사 디지털 방송 제한 수신 시스템 및 그 방법
CN101399662B (zh) * 2008-09-27 2011-02-16 北京创毅视讯科技有限公司 获取业务密钥的方法、系统、条件接收模块及用户终端
CN101616301B (zh) * 2009-07-28 2012-10-03 北京惠信博思技术有限公司 一种数字版权管理方法和终端
CN102404629B (zh) * 2010-09-17 2014-08-06 中国移动通信有限公司 电视节目数据的处理方法及装置
CN102457774B (zh) * 2010-10-20 2014-03-12 中国移动通信有限公司 电视节目数据的处理方法、装置及系统
CN102523484B (zh) * 2011-12-27 2013-12-25 山东泰信电子股份有限公司 一种数字电视数据加扰系统及方法
CN105554539B (zh) * 2015-12-09 2019-01-01 深圳市纽格力科技有限公司 数字视频处理装置、数字节目系统及其匹配方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001074075A1 (fr) * 2000-03-29 2001-10-04 Sony Electronics, Inc. Interface amovible de carte a puce, destinee a un boitier de decodage
CN1318255A (zh) * 1998-09-16 2001-10-17 卡纳尔股份有限公司 接收机/译码器中的数据管理
CN1353909A (zh) * 1999-03-30 2002-06-12 索尼电子有限公司 保障控制字安全的方法和设备

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1318255A (zh) * 1998-09-16 2001-10-17 卡纳尔股份有限公司 接收机/译码器中的数据管理
CN1353909A (zh) * 1999-03-30 2002-06-12 索尼电子有限公司 保障控制字安全的方法和设备
WO2001074075A1 (fr) * 2000-03-29 2001-10-04 Sony Electronics, Inc. Interface amovible de carte a puce, destinee a un boitier de decodage

Also Published As

Publication number Publication date
CN100477785C (zh) 2009-04-08
CN1764268A (zh) 2006-04-26

Similar Documents

Publication Publication Date Title
US9479825B2 (en) Terminal based on conditional access technology
KR101449478B1 (ko) 디지털 텔레비전 제한수신시스템 및 그 수신방법
JP4913989B2 (ja) ブロードキャストディジタルデータ受信システム
US20090210701A1 (en) Multi-Media Access Device Registration System and Method
US20040151315A1 (en) Streaming media security system and method
US8160248B2 (en) Authenticated mode control
WO2006042467A1 (fr) Procede de traitement d'acces a un signal de television par cable
US20150003614A1 (en) Method and apparatus for providing secure internet protocol media services
WO2006012788A1 (fr) Procede d'autorisation d'abonnes et systeme d'autorisation
US8782417B2 (en) Method and processing unit for secure processing of access controlled audio/video data
EP2104346A1 (fr) Procédé et système de traitement d'un signal de télédiffusion et terminal de réception d'un signal de télédiffusion
JP5129449B2 (ja) セキュリティ集積回路
CN102340702A (zh) IPTV网络播放系统及其基于USB Key的权限管理及解扰方法
JP4521392B2 (ja) デコーダ及びスマートカードに関連した有料テレビジョンシステム、そのようなシステムにおける権利失効方法、及びそのようなデコーダに送信されたメッセージ
WO2008031292A1 (fr) Procédé de chiffrement pour disque dur dans un décodeur de système de câblodistribution
TW201203991A (en) Protection method, decrypting method, recording medium and terminal for this protection method
CN103988513B (zh) 用于解扰数字传输流的内容分组的方法、加密系统和安全模块
CN101505402B (zh) 单向网络数字电视条件接收系统终端解密模块的认证方法
CN103747300A (zh) 一种支持移动终端的条件接收系统
JP4709323B1 (ja) 限定受信システムおよびカードアダプタ
CN102857821A (zh) Iptv安全终端
KR20090045769A (ko) Cas에 대한 시큐리티 장치 및 방법 그리고 stb
JP2007036380A (ja) 受信装置、casモジュール、配信方法
KR101138152B1 (ko) 디지털 방송 수신기의 저장 제한 시스템 및 방법
KR100681637B1 (ko) 방송 수신 제한 시스템 및 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05801930

Country of ref document: EP

Kind code of ref document: A1