WO2007112650A1 - System, method and bm-sc for mbms service - Google Patents

System, method and bm-sc for mbms service Download PDF

Info

Publication number
WO2007112650A1
WO2007112650A1 PCT/CN2007/000760 CN2007000760W WO2007112650A1 WO 2007112650 A1 WO2007112650 A1 WO 2007112650A1 CN 2007000760 W CN2007000760 W CN 2007000760W WO 2007112650 A1 WO2007112650 A1 WO 2007112650A1
Authority
WO
WIPO (PCT)
Prior art keywords
broadcast
user
key
service
msk
Prior art date
Application number
PCT/CN2007/000760
Other languages
French (fr)
Chinese (zh)
Inventor
Shile Wang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007112650A1 publication Critical patent/WO2007112650A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Definitions

  • the present invention relates to multimedia broadcast multicast technologies, and in particular, to a multimedia broadcast service system, method, and broadcast multicast service center.
  • a Broadcast Multicast Service Center (BM-SC) is added.
  • a GPRS Support Node (GGSN, Gateway GPRS Support Node), a Serving GPRS Support Node (SGSN), a 3G Radio Access Network (UTRAN, UMTS Terrestrial Radio Access Network), and a User Equipment (UE, User Equipment)
  • GGSN Gateway GPRS Support Node
  • SGSN Serving GPRS Support Node
  • UTRAN Universal Terrestrial Radio Access Network
  • UE User Equipment
  • the boundary of the MBMS bearer service is a Gmb and Gi reference point, respectively providing a service of a control plane and a user plane.
  • the GGSN and the BM-SC perform related signaling interactions: establishment and release of the MBMS bearer context; notifying the GGSN about the start and stop of the MBMS session, and the network service quality of the service (QoS, Quality of Service) parameters, etc.
  • the BM-SC is the core of the MBMS system, and implements the provision and control of the MBMS service, and implements access control and charging for the mobile terminal in the multicast service.
  • the BM-SC is an entry of a Content Provider (CP) for authorizing and initiating MBMS bearer services in the mobile network, and scheduling and transmitting MBMS content.
  • CP Content Provider
  • the BM-SC includes: a member management unit, a session and transmission unit, a proxy and forwarding unit, a service announcement unit, and a security unit.
  • the member management unit is mainly used for managing the subscription relationship of the service user, authenticating the service used by the user, and providing the subscription relationship data to other units for use.
  • the session and transmission unit mainly performs scheduling of the MBMS session and is capable of scheduling retransmission of the MBMS session.
  • the session and transmission unit puts a session identifier for each MBMS session, and the Temporary Mobile Group Identity (TMGI) is assigned by the session and transmission unit.
  • TMGI Temporary Mobile Group Identity
  • Each transmission of the MBMS session and subsequent retransmissions are identified by a common MBMS session identifier (2-30ctets), passed through the content to the application layer, and simultaneously in MBMS in a short format (ie the smallest important octet)
  • the session start request message is sent to the radio network controller (RNC, the Radio Network Controller, the session and the transmission unit provides transmission-related parameters, such as QoS, MBMS monthly service area, to the GGSN; and may also apply for or release the MBMS bearer resource and use Broadcast data transmission; can also apply favorable fault tolerance mechanisms, such as the use of dedicated MBMS encoding or forward error correction mechanism to ensure the integrity of the transmitted data.
  • Session and transmission unit needs to be external (such as: streaming media, multimedia short messages, etc.)
  • the data input unit performs access authentication and can obtain output content data.
  • the proxy and transport unit are intermediate devices that send data to the GGSN by the session and transport unit, and can be divided into proxy units (such as: Gmb) and transport units (manage multicast load). That is, the proxy and transport unit are the proxy for Gmb reference point signaling between the GGSN and other BM-SC units (member management units, sessions, and transport units).
  • the proxy and transmission unit provide signaling routing functions, which are transparent to the GGSN.
  • the proxy and transport unit can generate a charging record for the CP/SP, and the CP/SP name is provided to the proxy and transport unit by session start signaling via the Gmb interface.
  • the service announcement unit provides a service delivery function for the multicast and broadcast MBMS user service, and can provide the UE with the media description of the MBMS service to be advertised (eg, audio and video format and encoding, etc.) through the media description, and can be described as a UE by using the session.
  • the business announcement unit utilizes the protocol specified by the Internet Engineering Task Force (IETF) Send media and session descriptions.
  • IETF Internet Engineering Task Force
  • the transmission of the service announcement is triggered by the BM-SC, but can be sent by other external components.
  • the MBMS user service is announced through MBMS bearer capability, WAP PUSH, Uniform Resource Location (URL), SMS (Peer-to-Peer Short Message), and SMS cell broadcast.
  • the security unit is mainly used to ensure the integrity and confidentiality of MBMS broadcast data.
  • Security features include the distribution of MBMS keys and the authentication capabilities of end users.
  • the MBMS broadcast service user activates (Activation) and de-activates the service, it only needs to be completed by the UE, and the whole process does not interact with the network, nor is it on the SGSN, the GGSN, and the UE.
  • Create the context of the communication (MBMS UE Contexts ). Therefore, the BM-SC can only output CDRs based on the start of the session and the end of the session, the amount of data sent, the name of the CP/SP, etc., and submit the CDRs to the operating billing system to charge the CP/SP.
  • the MBMS broadcast service cannot perform authentication and accounting for users and cannot meet the service promotion and operation requirements of operators.
  • the technical problem to be solved by the embodiments of the present invention is to provide a multimedia broadcast service system, method, and broadcast multicast service center, so as to solve the problem that the current technology cannot effectively control user access and content transmission.
  • the technical solution for solving the technical problem in the embodiment of the present invention is: providing a multimedia broadcast Method, including the steps:
  • the user subscribes to the multimedia broadcast service
  • the broadcast multicast service center obtains user subscription information; and provides a decryption key to the terminal of the user currently subscribed to the broadcast service;
  • the broadcast multicast service center encrypts and broadcasts the broadcast data stream
  • the user terminal decrypts the received broadcast data stream using the aforementioned decryption key.
  • the embodiment of the present invention further provides a multimedia broadcast service system, including: an operation charging system, configured to receive subscription information of a user and send the information to a broadcast multicast service center; and a broadcast multicast service center, configured to The user's subscription information, providing a decryption key to the user terminal currently subscribed to the broadcast service, and encrypting the broadcast data stream for broadcasting;
  • a multimedia broadcast service system including: an operation charging system, configured to receive subscription information of a user and send the information to a broadcast multicast service center; and a broadcast multicast service center, configured to The user's subscription information, providing a decryption key to the user terminal currently subscribed to the broadcast service, and encrypting the broadcast data stream for broadcasting;
  • the user terminal is configured to receive the decryption key and the broadcast data stream, and decrypt the broadcast data stream by using the received decryption key.
  • the embodiment of the present invention further provides a broadcast multicast service center, including:
  • An obtaining unit configured to obtain user subscription information of a current subscription broadcast service
  • a key generation unit configured to generate a key according to the user subscription information and a key generation policy of the broadcast service
  • a key distribution unit configured to send the key to a user terminal that has subscribed to the broadcast service according to a key distribution policy of the broadcast service
  • an encryption unit configured to encrypt and broadcast the broadcast data stream by using the key.
  • the beneficial effects of the embodiments of the present invention are:
  • the system and the method according to the embodiment of the present invention make full use of the subscription data of the user to subscribe to the multimedia broadcast service, and provide the key to the terminal of the user who currently subscribes to the broadcast service, and
  • the broadcasted multimedia data stream is encrypted such that only the user who has subscribed to the broadcast service can decrypt the encrypted broadcast data stream, and the unordered user cannot decrypt the encrypted broadcast data stream because the key is not obtained.
  • FIG. 1 is a schematic diagram of a mobile network supporting MBMS services in the prior art
  • Figure 2 is a block diagram showing the structure of the BM-SC shown in Figure 1;
  • FIG. 3 is a structural block diagram of an MBMS system according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a multimedia broadcasting method according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of a multimedia broadcast system according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of a broadcast multicast service center according to an embodiment of the present invention.
  • the embodiment of the present invention is based on the broadcast service system architecture in the MBMS protocol, and combines the security control function of the multicast service in the protocol, by enhancing the BM-SC.
  • the User Management function cooperates with the operation billing system to complete the control and billing functions for the MBMS broadcast service.
  • FIG. 3 is a structural block diagram of an MBMS system according to an embodiment of the present invention.
  • the MBMS system includes: a broadcast multicast service center (BM-SC) 300, a content management platform (CMS) 310, a streaming media system 320, a database 330, an operation billing system 340, a bill collection system 350, and a unified network management system 360.
  • the Broadcast Multicast Service Center (BM-SC) 300 is connected to each of the systems. among them
  • the Content Management Platform (CMS) 310 is used for programming and content management of MBMS broadcasts, including management of content such as streaming media, downloads, and multimedia messages.
  • CMS Content Management Platform
  • the content management platform 310 simultaneously notifies the streaming media system 320 that the streaming media system 320 delivers the media stream on time.
  • the database 330 is used to store system data required by the BM-SC 300, user subscription relationship data, and broadcast service related data.
  • the operational billing system 340 performs user management, service ordering, and billing functions.
  • the operation billing system 340 notifies the BM-SC 300 through the SMAP interface (company internal interface).
  • the BM-SC 300 is also notified via the SMAP protocol when the user changes the number, cancels the account, or changes the order relationship.
  • the bill collection system 350 collects a service service usage record (CDR, Call Detail Record) from the BM-SC 300 for billing or statistics to the operation billing system 340.
  • CDR service service usage record
  • the streaming media system 320 plays a unicast stream to the BM-SC 300 according to the program list, or accepts The BM-SC 300 requests and delivers the specified content stream.
  • the unified network management system 360 performs network management on the BM-SC 300, and sends configuration data and the like.
  • the short message center/cell broadcast 370 delivers a service announcement through a short message or a cell broadcast.
  • the Push Proxy Gateway (PPG) 380 issues a service announcement through Wap Push.
  • the BM-SC 300 functions as an MBMS service management and control center, and receives a Packet Service Subsystem (RPS, Real-time Transport Protocol) stream, and converts the unicast stream into a broadcast stream.
  • RPS Packet Service Subsystem
  • the GGSN 390 is connected to the content management platform 310 and the operating billing system 340 to complete management functions such as service users, service content, and user service subscription; and simultaneously completes connection with the Push Proxy Gateway 380, the Short Message Center/Cell Broadcast 370, and the like.
  • the BM-SC also needs to establish an interface with the unified network management system 360 and accept the management of the unified network management system 360.
  • the service announcement can be delivered in a manner other than short message, WAP PUSH, and MBMS bearer, which may increase the interface between the BM-SC 300 and the corresponding external components.
  • the BM-SC 300 can also obtain the MMS content by connecting to the MMS (MMS) with the MM7 interface.
  • SQLAPI internal TCP/IP interface with the database, using SQLAPI reduction, system logarithm
  • SMAP internal protocol
  • TCP/IP interfaces with the operating billing system for functions such as service ordering, cancel ordering, account cancellation, number change, and service authentication.
  • the operating billing system 340 receives the subscription information of the user and sends the subscription information to the BM-SC 300, and implements charging for the user according to the subscription information; the BM-SC 300 The user who has subscribed to the broadcast service issues a decryption key, encrypts the broadcast data stream, and broadcasts it;
  • the UE 400 receives the decryption key and the broadcast data stream and decrypts the broadcast data stream using the decryption key.
  • the user can subscribe to the MBMS service through the operation billing system 340 in the business hall, or subscribe to the MBMS service through the user website Portal (the Provisioning interface provided by the operation billing system to the Portal).
  • the operational billing system 340 will synchronize the order data to the BM-SC 300.
  • the canceling order process is similar to the ordering process.
  • the BM-SC 300 updates the service key (MSK, MBMS Service Key) on the UE 400 to cancel the user's usage rights.
  • operation billing system 340 informs BM-SC 300 to complete the account cancellation and renumbering.
  • the key processed by the BM-SC 300 includes the MBMS User Key (MUK, MBMS User)
  • the MSK is used to encrypt the MTK when transmitting the MTK, and the MTK is used to encrypt the transmitted media stream.
  • the MSK is also a group key, and all users share a group of MSK keys.
  • the number of MSKs is determined according to the number of users of the broadcast service, and the specific number can be configured (recommended value 128); the MTK is a group key. , all users share a set of MTK keys, each wide The specific MTK ID specified in the broadcast service stream.
  • the BM-SC 300 periodically distributes the MSK to the UE 400 that subscribes to the MBMS broadcast service according to the MSK distribution policy, and saves the data to the system database 330.
  • the BM-SC 300 can correctly deliver the MSK to the UE according to the user subscription relationship data saved in the database 330.
  • the BM-SC 300 can encrypt and deliver the delivered media stream using the MTK.
  • the operating billing system 340 completes the monthly billing and deduction function according to the subscription relationship of the MBMS broadcast service of the user, and the operating billing system 340 needs to notify the BM-SC 300 when the user monthly fee is failed. Cancel the subscription relationship and terminate the user's usage rights.
  • the UE 400 applies for a MUK to the Bootstrapping Server Function (BSF) before saving the message to the UE 630 or before receiving the MSK update message of the BM-SC 300.
  • BSF Bootstrapping Server Function
  • the save mode needs to notify the BM-SC 300.
  • the UE 400 may initiate a request for the MSK to the BM-SC 300 when the MSK expires or no MSK according to the 3GPP TS 33.246 protocol, and decrypt the returned MSK data using the MUK decryption, and generate an MBMS request key (MRK, MBMS Request Key) when requested. .
  • the MSK update request that is actively sent by the BM-SC 300 can also be handled correctly according to the protocol.
  • the MRK is used for authentication when the UE 400 applies for the MSK to the BM-SC 300, and the MRK can derive the MUK as a parameter.
  • the UE 400 may also wait for the BM-SC 300 to initiate an MTK update when the MTK expires or no MTK according to the 3GPP TS 33.246 protocol, and use the MSK to decrypt the MTK encrypted data to obtain the MTK.
  • the UE 400 can correctly process the encrypted MBMS broadcast service data delivered by the BM-SC 300 using the MTK.
  • FIG. 4 is a flowchart of a multimedia broadcasting method according to an embodiment of the present invention.
  • the method includes:
  • Step S410 the user subscribes to the MBMS broadcast service
  • Step S420 the BM-SC acquires user subscription information; and sends a decryption key to the user terminal that has subscribed to the broadcast service
  • the key is an MBMS service key (MSK, MBMS Service Key)
  • MSK MBMS Service Key
  • the encryption of the broadcast data stream uses the MBMS transport key (MTK, MBMS Traffic)
  • the broadcast data stream also includes MTK's Multimedia Internet Key Management (MIKEY) packets encrypted with MSK.
  • MIKEY Multimedia Internet Key Management
  • Step S440 the user terminal decrypts the received broadcast data stream by using the foregoing decryption key.
  • the decryption comprises the user terminal using the obtained MSK, decrypting the received MTK data, obtaining the MTK, and decrypting the broadcast data stream by using the MTK.
  • the operating billing system charges the subscribers for subscription based on the subscriber subscription information.
  • the user subscribes to the MBMS broadcast service to the operating billing system.
  • Users can order MBMS broadcast services at the front desk of the business hall or through the operator portal (Portal). Specifically, the user can subscribe to the MBMS service through the operating billing system in the business hall, or subscribe to the MBMS service through the Portal (provided by the operating billing system to provide the Provisioning interface to the Portal).
  • the operating billing system then sends the order data to the BM-S (:.
  • the operating billing system generates order information based on the user's ordering process, synchronizes the user's ordering information to the BM-SC, and notifies the ordering service or order relationship update.
  • the BM-SC delivers the MBMS service key to the UE of the user who has subscribed to the broadcast service according to the user subscription relationship data.
  • the MBMS service key is used to encrypt the MTK during the MBMS transport key delivery process.
  • the MTK is used to encrypt service data when the service data is delivered.
  • the BM-SC encrypted broadcast data stream can be decrypted, and the unordered user cannot decrypt the BM-SC encrypted broadcast data stream because the MSK is not obtained. , thereby achieving restrictions on unsubscribed users.
  • the MSK when the MSK is sent to the UE, if there is no MBMS user key (MUK, MBMS User Key) on the UE, the UE applies for the MUK according to the 3GPP TS 33.246 protocol, and saves it to the terminal interface (UICC) or UE.
  • MUK MBMS User Key
  • the MUK is used to encrypt point-to-point MSK data between the BM-SC and the UE.
  • the BM-SC may also periodically update the MSK to the UE.
  • the UE may apply to the BM-SC for application or update.
  • the operating billing system can charge the user's MBMS broadcast service fee according to the user's subscription information.
  • the operating billing system provides a periodic charging function for the user, such as a monthly billing method.
  • the BM-SC updates the user status and sends an invalid MSK to the UE to terminate the user's use. If the delivery fails, the original MSK validity period expires. Also, the BM-SC periodically cleans up invalid user subscription data to the historical library.
  • FIG. 5 is a structural block diagram of a multimedia broadcast system according to an embodiment of the present invention.
  • the method includes: an operation billing system 340, a broadcast multicast service center 300, and a user terminal 39 0.
  • the operating billing system 340 is configured to receive the subscription information of the user and send it to the broadcast multicast service center 300.
  • the broadcast multicast service center 300 is configured to: subscribe the user of the broadcast service according to the subscription information of the user.
  • the terminal provides a decryption key, and encrypts the broadcast data stream according to the decryption key for broadcasting; that is, the user sends the decryption key of the MSK to the user terminal 390 that currently subscribes to the broadcast service, encrypts the MTK with the MSK, and encrypts with the MTK.
  • the terminal 390 is configured to receive the decryption key and the broadcast data stream, and decrypt the broadcast data stream by using the received decryption key, that is, to receive the decryption key and the broadcast data stream, and use the MSK
  • the decryption key decrypts the MTK information and decrypts the broadcast data stream using the decryption key of the MTK.
  • the operational billing system 340 includes a subscriber order information processing unit 341 and a subscriber billing unit
  • the BM-SC 300 includes a key generation unit 310, a key distribution unit 320, and an encryption unit 330.
  • the user order information processing unit 341 is configured to receive data from the user, synchronize the information to the BM-SC 300 when the user subscribes/cancels the broadcast service, and notify the BM-SC 300 to complete the sale when the user cancels/renames the account.
  • the user billing unit 342 is connected to the user order information processing unit 341, and is configured to complete the billing and deduction function according to the subscription relationship of the MBMS broadcast service of the user.
  • the key generation unit 310 is configured to generate a key according to a key generation policy of the broadcast service.
  • the key generation strategy of 3GPP TS 33.246 is mainly used for multicast. Different from broadcast, the number of users of a single multicast service may not have a large number of broadcast service users, and different MSKs may be generated for each user.
  • the MTK is under MBMS. At the time of transmission, the amount of data of the corresponding MIKEY request packet is also within an acceptable range.
  • the number of users is limited only by the network capacity. If each user has an independent MSK, because the MTK is sent with MSK encryption, when the MTK is intercepted and sent by the MBMS, the amount of data will follow. The number of users varies, and when the amount of users is large, it may cause intermittent interruptions in the business playback process. Therefore, the key generation strategy of the broadcast service is that the BM-SC 300 hashes the users according to the user number, and one group of users uses the same MSK. The number of user groups can be configured.
  • the key distribution unit 320 is connected to the key generation unit 310 and the user terminal 3 90 respectively, and is configured to send a key to the terminal of the user who has subscribed to the broadcast service according to the key distribution policy of the broadcast service.
  • the key distribution strategy of the broadcast service includes: MUK is updated as a key associated with the user as required by the agreement.
  • the MSK can be updated once a week (configurable for the update period), hashed by user number, and the same group of users using the same MSK.
  • the users are evenly distributed to the update period, and the busy hours are configured in the system, and the MSK update is sent in the idle time to reduce the impact on the network.
  • the MTK is updated every hour, and the MIK packet of the MTK encrypted by the MSK is delivered in the broadcast stream.
  • the MTK is repeatedly distributed before and during the delivery of the media content.
  • the delivery period can be several seconds or even minutes, and the specific time can be configured.
  • the encryption unit 330 is configured to encrypt and broadcast the broadcast data stream by using the key.
  • the encryption of the broadcast data stream is implemented by using MTK.
  • the broadcast data stream further includes a MIKEY data packet of the MTK encrypted by the MSK, but is not limited to the disclosed manner, and may be other encryption methods.
  • the BM-SC initiates an MSK update request to the UE, and updates the MSK on the UE to an illegal value, and cancels the user's usage right.
  • the terminal can initiate an MSK application or update request to the BM-SC to obtain or update the MSK when the user goes online to use the service.
  • a structural block diagram of a broadcast multicast service center includes: an obtaining unit 61, a key generating unit 62, and a key distributing unit 63.
  • the obtaining unit 61 is configured to acquire user subscription information of the current subscription broadcast service.
  • the process of obtaining at least includes the following: when the user subscribes/cancels the broadcast service through the front desk of the business hall or through the operator portal website.
  • the operation billing system synchronizes the information to the broadcast multicast service center; when the user cancels the account/rename through the front desk of the business hall or through the operator portal, the operation billing system notifies the broadcast multicast service center to complete the account cancellation/change No.
  • the key generating unit 62 is configured to generate a key according to the user ordering information and a key generation policy of the broadcast service; wherein the key generation policy is mainly used for multicast, and the broadcast service is different from the broadcast.
  • the number of users may not have a large number of broadcast service users, and each user may generate a different MSK.
  • the MTK is delivered by MBMS, the amount of data of the corresponding MIKEY request packet may also be Accepted within the scope.
  • the key distribution unit 63 is configured to send the key to a user terminal that has subscribed to the broadcast service according to a key distribution policy of the broadcast service.
  • the encryption unit 64 is configured to encrypt and broadcast the broadcast data stream by using the key.
  • the encryption of the broadcast data stream is implemented by using MTK.
  • the broadcast data stream further includes a MIKEY data packet of the MTK encrypted by the MSK, but is not limited to the disclosed manner, and may be other encryption methods.
  • the embodiment of the present invention can provide a function for authenticating and charging a user for an MBMS broadcast service.
  • MBMS broadcast services For mobile TV, horse racing, stock market analysis and other user-friendly content, operators can operate through MBMS broadcast services, which can make full use of network resources and increase the application scenarios of MBMS broadcast services, which is conducive to the use and promotion of MBMS broadcast services. .

Abstract

A method, a system and BM-SC for MBMS service. The method includes: Users subscribe for a MBMS service; BM-SC gets the subscribers' information, and provides the user key to the users' terminals that have subscribed the MBMS service; the BM-SC encrypts the MBMS data and broadcasts it; the users' terminals use the user key to decrypt the MBMS data received. The corresponding means includes: Charging center, which receives the subscribers' information and sends it to BM-SC; BM-SC, which provides the user key to current subscribers according to the subscribers' information, and then encrypts and broadcasts the MBMS data; Users' terminals, which receive the user key and the data, use the user key to decrypt the data. The BM-SC includes: the subscribers' information getting unit, key creating unit and key distributing unit.

Description

2007/000760  2007/000760
-1- 多某体广播业务系统、 方法及广播组播业务中心 本申请要求于 2006 年 3 月 30 日提交中国专利局、 申请号为 200610066373.4、 发明名称为"一种多媒体广播业务系统及方法,,的中国专利 申请的优先权, 其全部内容通过引用结合在本申请中。 -1- Multicast Broadcasting Service System, Method and Broadcast Multicast Service Center This application is filed on March 30, 2006 and submitted to the China Patent Office, application number 200610066373.4, and the invention name is "a multimedia broadcasting service system and method. The priority of the Chinese Patent Application, the entire contents of which is incorporated herein by reference.
技术领域 Technical field
本发明涉及多媒体广播组播技术, 特别是涉及一种多媒体广播业务系 统、 方法及广播组播业务中心。  The present invention relates to multimedia broadcast multicast technologies, and in particular, to a multimedia broadcast service system, method, and broadcast multicast service center.
背景技术 Background technique
请参阅图 1 , 在移动网络中, 为支持多媒体广播组播业务(MBMS , Multimedia Broadcast Multicast Service ), 新增广播组播业务中心 ( BM-SC , Broadcast Multicast Service Center )。 并且, 网关 GPRS支持节点 ( GGSN, Gateway GPRS Support Node )、服务 GPRS支持节点( SGSN, Serving GPRS Support Node ), 3G无线接入网络( UTRAN, UMTS Terrestrial Radio Access Network )和 用户设备 ( UE, User Equipment )也分别增加相应的功能。  Referring to FIG. 1 , in the mobile network, to support Multimedia Broadcast Multicast Service (MBMS), a Broadcast Multicast Service Center (BM-SC) is added. And, a GPRS Support Node (GGSN, Gateway GPRS Support Node), a Serving GPRS Support Node (SGSN), a 3G Radio Access Network (UTRAN, UMTS Terrestrial Radio Access Network), and a User Equipment (UE, User Equipment) ) Also add the corresponding function.
其中, 所述 MBMS承载服务的边界是 Gmb和 Gi参考点, 分别提供控 制面和用户面的服务。通过处理控制面信令( Gmb )参考点, GGSN和 BM-SC 之间进行相关信令的交互: MBMS承载上下文的建立、 释放; 通知 GGSN 关于 MBMS会话的开始和停止,以及业务的网络服务质量(QoS, Quality of Service )参数等。  The boundary of the MBMS bearer service is a Gmb and Gi reference point, respectively providing a service of a control plane and a user plane. By processing the control plane signaling (Gmb) reference point, the GGSN and the BM-SC perform related signaling interactions: establishment and release of the MBMS bearer context; notifying the GGSN about the start and stop of the MBMS session, and the network service quality of the service (QoS, Quality of Service) parameters, etc.
所述 BM-SC是 MBMS系统的核心,实现对 MBMS业务的提供和控制, 在多播业务时实现对移动终端的接入控制和计费。 具体来说, BM-SC是内 容提供商( CP, Content Provider )的入口,用来授权和在移动网中发起 MBMS 承载业务, 并调度和传送 MBMS内容。 其功能包括: (1 )对第三方内容提 供商的鉴权、 授权和计费; (2 )提供 MBMS传输相关参数配置功能, 如: QoS、组播广播区域、发起和终止 MBMS传输资源等;( 3 )从 CP /SP( Service Provider, 服务提供商)接收并传送 MBMS内容, 调度 MBMS会话传送并 通知用户、 会话重传等; (4 )业务声明, 包括媒体描述、 会话描述如组播业 务标识、 地址、 传送时间等。 请一并参阅图 2, BM-SC 包括: 成员管理单元、 会话和传输单元、 代 理和转发单元、 业务宣告单元和安全单元。 The BM-SC is the core of the MBMS system, and implements the provision and control of the MBMS service, and implements access control and charging for the mobile terminal in the multicast service. Specifically, the BM-SC is an entry of a Content Provider (CP) for authorizing and initiating MBMS bearer services in the mobile network, and scheduling and transmitting MBMS content. Its functions include: (1) authentication, authorization, and accounting for third-party content providers; (2) providing MBMS transmission-related parameter configuration functions, such as: QoS, multicast broadcast area, initiation and termination of MBMS transmission resources, etc.; (3) receiving and transmitting MBMS content from a CP/SP (Service Provider), scheduling MBMS session transmission and notifying the user, retransmission of the session, etc.; (4) service statement, including media description, session description, such as multicast service Identification, address, delivery time, etc. Referring to FIG. 2 together, the BM-SC includes: a member management unit, a session and transmission unit, a proxy and forwarding unit, a service announcement unit, and a security unit.
其中,所述成员管理单元主要用于管理业务用户的订购关系,对用户使 用业务进行鉴权, 提供订购关系数据给其它单元使用。  The member management unit is mainly used for managing the subscription relationship of the service user, authenticating the service used by the user, and providing the subscription relationship data to other units for use.
所述会话和传输单元主要完成 MBMS 会话的调度, 能够调度 MBMS 会话的重传。 为了使 UE能够区分 MBMS会话的重传, 会话和传输单元为 每个 MBMS会话打上会话标识,临时移动组 ID( TMGI , Temporary Mobile Group Identity ) 由会话和传输单元分配。 MBMS会话的每个发送以及后续 的重发都是通过公共的 MBMS会话标识(2-30ctets )标识的, 通过内容传 递到应用层, 同时通过以简短格式(即最小的重要八元组)在 MBMS会话 开始请求消息中发送到无线网络控制器(RNC, Radio Network Controller 所述会话和传输单元向 GGSN提供传输相关的参数, 如 QoS、 MBMS 月良务区; 还可以申请或释放 MBMS承载资源并用于广播数据的传输; 还能 够应用有利的容错机制, 如采用专用的 MBMS编码或前向纠错机制保证传 输数据的完整性。 会话和传输单元需要对外部(如: 流媒体、 多媒体短消息 等)数据输入部件进行接入鉴权, 并能够获得输出的内容数据。  The session and transmission unit mainly performs scheduling of the MBMS session and is capable of scheduling retransmission of the MBMS session. In order to enable the UE to distinguish the retransmission of the MBMS session, the session and transmission unit puts a session identifier for each MBMS session, and the Temporary Mobile Group Identity (TMGI) is assigned by the session and transmission unit. Each transmission of the MBMS session and subsequent retransmissions are identified by a common MBMS session identifier (2-30ctets), passed through the content to the application layer, and simultaneously in MBMS in a short format (ie the smallest important octet) The session start request message is sent to the radio network controller (RNC, the Radio Network Controller, the session and the transmission unit provides transmission-related parameters, such as QoS, MBMS monthly service area, to the GGSN; and may also apply for or release the MBMS bearer resource and use Broadcast data transmission; can also apply favorable fault tolerance mechanisms, such as the use of dedicated MBMS encoding or forward error correction mechanism to ensure the integrity of the transmitted data. Session and transmission unit needs to be external (such as: streaming media, multimedia short messages, etc.) The data input unit performs access authentication and can obtain output content data.
所述代理和传输单元是数据由会话和传送单元发给 GGSN的中间设备, 可以分成代理单元( 比如: Gmb)和传输单元(管理多播负荷)。 也就是说, 代理和传输单元是 GGSN和其他 BM-SC单元(成员管理单元、会话和传输 单元)之间 Gmb参考点信令的代理。 当处理不同 MBMS业务的 BM-SC单 元由不同物理网元提供时, 代理和传输单元提供信令路由功能, 对 GGSN 来说是透明的。代理和传输单元能够为 CP/SP产生计费记录, CP/SP名通过 Gmb接口由会话开始信令提供给代理和传输单元。  The proxy and transport unit are intermediate devices that send data to the GGSN by the session and transport unit, and can be divided into proxy units (such as: Gmb) and transport units (manage multicast load). That is, the proxy and transport unit are the proxy for Gmb reference point signaling between the GGSN and other BM-SC units (member management units, sessions, and transport units). When the BM-SC unit handling different MBMS services is provided by different physical network elements, the proxy and transmission unit provide signaling routing functions, which are transparent to the GGSN. The proxy and transport unit can generate a charging record for the CP/SP, and the CP/SP name is provided to the proxy and transport unit by session start signaling via the Gmb interface.
所述业务宣告单元为多播和广播 MBMS用户业务提供业务发布功能, 能够通过媒体描述为 UE提供将要发布的 MBMS业务的媒体说明 (如: 音 视频格式和编码等), 能够通过会话描述为 UE提供将要发布的 MBMS业务 的会话说明 (如多播业务标识、 寻址, 播放时间等)。 业务宣告单元利用互 联网工程任务组 ( IETF , The Internet Engineering Task Force )指定的协议分 发媒体和会话描述。 The service announcement unit provides a service delivery function for the multicast and broadcast MBMS user service, and can provide the UE with the media description of the MBMS service to be advertised (eg, audio and video format and encoding, etc.) through the media description, and can be described as a UE by using the session. Provides session descriptions (such as multicast service identification, addressing, play time, etc.) for the MBMS service to be published. The business announcement unit utilizes the protocol specified by the Internet Engineering Task Force (IETF) Send media and session descriptions.
业务宣告的发送由 BM-SC触发, 但可以由其它外部部件完成发送。 例 如, 通过 MBMS的承载能力、 WAP PUSH ( WAP推送)、 统一资源定位符 ( URL, Uniform Resource Location ), SMS (点对点短消息)和 SMS小区 广播等宣告 MBMS用户业务。  The transmission of the service announcement is triggered by the BM-SC, but can be sent by other external components. For example, the MBMS user service is announced through MBMS bearer capability, WAP PUSH, Uniform Resource Location (URL), SMS (Peer-to-Peer Short Message), and SMS cell broadcast.
所述安全单元主要用于保证 MBMS广播数据的完整性和机密性。 安全 功能包括 MBMS密钥的分发以及终端用户的鉴权功能。  The security unit is mainly used to ensure the integrity and confidentiality of MBMS broadcast data. Security features include the distribution of MBMS keys and the authentication capabilities of end users.
现有技术中, MBMS 广播业务用户在激活 (Activation ) 和去激活 ( De-activation )业务时, 只需在 UE操作即可完成, 整个过程没有与网络 的交互, 也不在 SGSN、 GGSN以及 UE上创建通信的上下文(MBMS UE Contexts )。 因此, BM-SC只能根据会话开始以及会话结束、 发送的数据量、 CP/SP名称等信息输出话单, 并将话单提交运营计费系统对 CP/SP进行计 费。  In the prior art, when the MBMS broadcast service user activates (Activation) and de-activates the service, it only needs to be completed by the UE, and the whole process does not interact with the network, nor is it on the SGSN, the GGSN, and the UE. Create the context of the communication (MBMS UE Contexts ). Therefore, the BM-SC can only output CDRs based on the start of the session and the end of the session, the amount of data sent, the name of the CP/SP, etc., and submit the CDRs to the operating billing system to charge the CP/SP.
也就是说, 目前 MBMS协议中对于广播业务只给出了对 CP/SP计费的 建议, 未有对用户计费的方案及建议。 但是, 考虑到实际业务运营, 如果仅 对 CP/SP计费, 则 MBMS业务的内容范围将会被限制到宣传或广告类内容 等。 这是因为, 对于手机电视、 赛马直播、 股市分析等对用户有吸引力的内 容, 如果运营商不能通过 MBMS广播业务对用户计费, 将限制运营商对此 类内容的推广。 因此, MBMS 广播业务不能对用户进行鉴权计费不能满足 运营商业务推广及运营要求。  That is to say, in the MBMS protocol, only the proposal for charging the CP/SP is given for the broadcast service, and there are no schemes and suggestions for charging the user. However, considering actual business operations, if only CP/SP is charged, the content range of the MBMS service will be limited to promotional or advertising content. This is because, for mobile TV, horse racing, stock market analysis and other content that is attractive to users, if the operator cannot charge users through the MBMS broadcast service, it will restrict the promotion of such content by operators. Therefore, the MBMS broadcast service cannot perform authentication and accounting for users and cannot meet the service promotion and operation requirements of operators.
由此可见,由于在广播过程中不利用用户的相关信息来对用户的接入和 内容的发送进行有效的控制, 以及进行合理的计费,使得部分业务不能顺利 地进行, 从而造成系统资源的浪费。  It can be seen that since the user's access and content transmission are not effectively controlled during the broadcast process, and the reasonable charging is performed, some services cannot be smoothly performed, thereby causing system resources. waste.
发明内容 Summary of the invention
本发明实施例解决的技术问题是提供一种多媒体广播业务系统、方法及 广播组播业务中心,以解决目前技术中不能对用户的接入和内容的发送进行 有效的控制的问题。  The technical problem to be solved by the embodiments of the present invention is to provide a multimedia broadcast service system, method, and broadcast multicast service center, so as to solve the problem that the current technology cannot effectively control user access and content transmission.
为此,本发明实施例解决技术问题的技术方案是: 提供一种多媒体广播 方法, 包括步骤: Therefore, the technical solution for solving the technical problem in the embodiment of the present invention is: providing a multimedia broadcast Method, including the steps:
用户订购多媒体广播业务;  The user subscribes to the multimedia broadcast service;
广播组播业务中心获取用户订购信息;向当前订购广播业务的用户的终 端提供解密密钥;  The broadcast multicast service center obtains user subscription information; and provides a decryption key to the terminal of the user currently subscribed to the broadcast service;
所述广播组播业务中心加密广播数据流并广播;  The broadcast multicast service center encrypts and broadcasts the broadcast data stream;
用户终端利用前述解密密钥对接收到的广播数据流进行解密。  The user terminal decrypts the received broadcast data stream using the aforementioned decryption key.
相应的, 本发明实施例还提供一种多媒体广播业务系统, 包括: 运营计费系统, 用于接收用户的订购信息并发送至广播组播业务中心; 广播组播业务中心, 用于根据所述用户的订购信息, 向当前订购广播业 务的用户终端提供解密密钥, 并加密广播数据流后进行广播;  Correspondingly, the embodiment of the present invention further provides a multimedia broadcast service system, including: an operation charging system, configured to receive subscription information of a user and send the information to a broadcast multicast service center; and a broadcast multicast service center, configured to The user's subscription information, providing a decryption key to the user terminal currently subscribed to the broadcast service, and encrypting the broadcast data stream for broadcasting;
用户终端, 用于接收解密密钥和广播数据流, 并利用所接收到的解密密 钥对广播数据流进行解密。  The user terminal is configured to receive the decryption key and the broadcast data stream, and decrypt the broadcast data stream by using the received decryption key.
另外, 本发明实施例还提供一种广播组播业务中心, 包括:  In addition, the embodiment of the present invention further provides a broadcast multicast service center, including:
获取单元, 用于获取当前订购广播业务的用户定购信息;  An obtaining unit, configured to obtain user subscription information of a current subscription broadcast service;
密钥生成单元,用于根据所述用户定购信息及广播业务的密钥生成策略 生成密钥;  a key generation unit, configured to generate a key according to the user subscription information and a key generation policy of the broadcast service;
密钥分发单元,用于根据广播业务的密钥分发策略向已订购广播业务的 用户终端发送所述密钥;  a key distribution unit, configured to send the key to a user terminal that has subscribed to the broadcast service according to a key distribution policy of the broadcast service;
加密单元, 用于采用所述密钥加密广播数据流并广播。  And an encryption unit, configured to encrypt and broadcast the broadcast data stream by using the key.
相对于现有技术,本发明实施例的有益效果是: 由于本发明实施例所述 系统和方法充分利用用户订购多媒体广播业务的订购数据,向当前订购广播 业务的用户的终端提供密钥, 并且对广播的多媒体数据流进行加密,使得只 有已订购广播业务的用户可以对加密的广播数据流进行解密,而未订购的用 户则由于未获得密钥, 因此无法对加密的广播数据流进行解密,从而实现对 未订购用户的限制, 实现对用户的接入和内容的发送进行有效的控制, 因此 使得运营商可以推广多种内容, 充分利用系统资源。  Compared with the prior art, the beneficial effects of the embodiments of the present invention are: The system and the method according to the embodiment of the present invention make full use of the subscription data of the user to subscribe to the multimedia broadcast service, and provide the key to the terminal of the user who currently subscribes to the broadcast service, and The broadcasted multimedia data stream is encrypted such that only the user who has subscribed to the broadcast service can decrypt the encrypted broadcast data stream, and the unordered user cannot decrypt the encrypted broadcast data stream because the key is not obtained. Thereby, the restriction on the unsubscribed user is realized, and the access of the user and the transmission of the content are effectively controlled, so that the operator can promote various contents and make full use of system resources.
附图说明 DRAWINGS
图 1是现有技术中支持 MBMS业务的移动网络的示意图; 图 2是图 1中所述的 BM-SC的结构框图; 1 is a schematic diagram of a mobile network supporting MBMS services in the prior art; Figure 2 is a block diagram showing the structure of the BM-SC shown in Figure 1;
图 3是本发明实施例所述的 MBMS系统的结构框图;  3 is a structural block diagram of an MBMS system according to an embodiment of the present invention;
图 4是本发明实施例所述的多媒体广播方法的流程图;  4 is a flowchart of a multimedia broadcasting method according to an embodiment of the present invention;
图 5是本发明实施例所述的多媒体广播系统的结构框图;  FIG. 5 is a structural block diagram of a multimedia broadcast system according to an embodiment of the present invention; FIG.
图 6是本发明实施例所述广播组播业务中心的结构框图。  FIG. 6 is a structural block diagram of a broadcast multicast service center according to an embodiment of the present invention.
具体实施方式 detailed description
考虑到 MBMS协议包括为組播业务提供安全控制的相关协议 3GPP TS 33.246, 本发明实施例基于 MBMS协议中广播业务系统架构, 结合协议中 对组播业务的安全控制功能, 通过增强 BM-SC的用户管理(Membership ) 功能, 与运营计费系统配合来完成对 MBMS广播业务的控制和计费功能。  Considering that the MBMS protocol includes the related protocol 3GPP TS 33.246 for providing security control for the multicast service, the embodiment of the present invention is based on the broadcast service system architecture in the MBMS protocol, and combines the security control function of the multicast service in the protocol, by enhancing the BM-SC. The User Management function cooperates with the operation billing system to complete the control and billing functions for the MBMS broadcast service.
请参阅图 3 , 是本发明实施例所述的 MBMS 系统的结构框图。 所述 MBMS系统包括:广播组播业务中心(BM-SC ) 300、内容管理平台(CMS ) 310、 流媒体系统 320、 数据库 330、 运营计费系统 340、 话单采集系统 350、 统一网管系统 360、 短消息中心 /小区广播 370、 Push代理网关 380、 网关 GPRS支持节点( GGSN ) 390和 用户设备 ( UE ) 400。 所述广播组播业务 中心 (BM-SC ) 300与所述各个系统分别相连。 其中  Please refer to FIG. 3 , which is a structural block diagram of an MBMS system according to an embodiment of the present invention. The MBMS system includes: a broadcast multicast service center (BM-SC) 300, a content management platform (CMS) 310, a streaming media system 320, a database 330, an operation billing system 340, a bill collection system 350, and a unified network management system 360. Short message center/cell broadcast 370, Push proxy gateway 380, gateway GPRS support node (GGSN) 390 and user equipment (UE) 400. The Broadcast Multicast Service Center (BM-SC) 300 is connected to each of the systems. among them
所述内容管理平台 (CMS ) 310用于 MBMS广播的节目编排和内容管 理, 包括流媒体、 下载和彩信等内容的管理。 对流媒体内容, 内容管理平台 310会同时通知流媒体系统 320, 以便流媒体系统 320按时下发媒体流。  The Content Management Platform (CMS) 310 is used for programming and content management of MBMS broadcasts, including management of content such as streaming media, downloads, and multimedia messages. For streaming media content, the content management platform 310 simultaneously notifies the streaming media system 320 that the streaming media system 320 delivers the media stream on time.
所述数据库 330用于存储 BM-SC 300需要的系统数据、 用户订购关系 统数据, 以及广播业务相关的数据。  The database 330 is used to store system data required by the BM-SC 300, user subscription relationship data, and broadcast service related data.
所述运营计费系统 340完成用户管理、业务订购以及计费功能。用户在 订购 MBMS业务时, 运营计费系统 340通过 SMAP接口 (公司内部接口) 通知 BM-SC 300。 用户改号、 销户、 订购关系变更时也通过 SMAP协议通 知 BM-SC 300。  The operational billing system 340 performs user management, service ordering, and billing functions. When the user subscribes to the MBMS service, the operation billing system 340 notifies the BM-SC 300 through the SMAP interface (company internal interface). The BM-SC 300 is also notified via the SMAP protocol when the user changes the number, cancels the account, or changes the order relationship.
所述话单采集系统 350从 BM-SC 300收集业务服务使用记录( CDR, Call Detail Record )给运营计费系统 340进行计费或统计。  The bill collection system 350 collects a service service usage record (CDR, Call Detail Record) from the BM-SC 300 for billing or statistics to the operation billing system 340.
所述流媒体系统 320根据节目表播放单播流到 BM-SC 300, 或接受 BM-SC 300请求, 下发指定内容流。 The streaming media system 320 plays a unicast stream to the BM-SC 300 according to the program list, or accepts The BM-SC 300 requests and delivers the specified content stream.
所述统一网管系统 360对 BM-SC 300进行网管, 下发配置数据等。 所述短消息中心 /小区广播 370通过短消息或小区广播下发业务宣告。 所述 Push代理网关( PPG, Push Proxy Gateway ) 380通过 Wap Push下 发业务宣告。  The unified network management system 360 performs network management on the BM-SC 300, and sends configuration data and the like. The short message center/cell broadcast 370 delivers a service announcement through a short message or a cell broadcast. The Push Proxy Gateway (PPG) 380 issues a service announcement through Wap Push.
所述 BM-SC 300作为 MBMS业务管理和控制中心,接收分组业务子系 统( PSS , Packet Service Subsystem )实时传输协议( RTP , Real-time Transport Protocol ) 流, 将单播流转换成广播流, 下发到 GGSN 390; 与内容管理平 台 310、 运营计费系统 340连接, 完成业务用户、 业务内容、 用户业务订购 等管理功能; 同时还与 Push代理网关 380、 短消息中心 /小区广播 370等连 接完成业务宣告功能; 以及直接与 UE 400间通过 HTTP/MIKEY完成业务 密钥的下发。 为了方便对系统的操作维护, BM-SC还需要与统一网管系统 360建立接口, 接受统一网管系统 360的管理。  The BM-SC 300 functions as an MBMS service management and control center, and receives a Packet Service Subsystem (RPS, Real-time Transport Protocol) stream, and converts the unicast stream into a broadcast stream. The GGSN 390 is connected to the content management platform 310 and the operating billing system 340 to complete management functions such as service users, service content, and user service subscription; and simultaneously completes connection with the Push Proxy Gateway 380, the Short Message Center/Cell Broadcast 370, and the like. The service announcement function; and the delivery of the service key through the HTTP/MIKEY directly with the UE 400. In order to facilitate the operation and maintenance of the system, the BM-SC also needs to establish an interface with the unified network management system 360 and accept the management of the unified network management system 360.
此外, 业务宣告可以通过短消息、 WAP PUSH和 MBMS承载以外的方 式下发, 可能会增加 BM-SC 300与相应的外部部件的接口。 对于输入的内 容, BM-SC 300也可以通过与 MMS (彩信中心) 以 MM7接口连接, 获取 彩信内容。  In addition, the service announcement can be delivered in a manner other than short message, WAP PUSH, and MBMS bearer, which may increase the interface between the BM-SC 300 and the corresponding external components. For the input content, the BM-SC 300 can also obtain the MMS content by connecting to the MMS (MMS) with the MM7 interface.
请参阅表 1 , 示出 MBMS系统中 BM-SC与外围功能实体之间的接口。  See Table 1 for the interface between the BM-SC and the peripheral functional entities in the MBMS system.
BM-SC与外围功能实体之间的接口  Interface between BM-SC and peripheral functional entities
接口号 接口协议 通信方式 接口描述  Interface number Interface protocol Communication mode Interface description
(1) 内部协议 TCP(传输 与内容管理平台接口, 内容管理平台在管理内 控 制 协 容时, 需要将内容相关参数或节目表通知 议) /IP (互联 BM-SC  (1) Internal protocol TCP (transport and content management platform interface, content management platform needs to inform content-related parameters or program list when managing internal control protocol) /IP (interconnect BM-SC
网协议)  Network protocol)
(2) SQLAPI(内部协 TCP/IP 与数据库的接口, 采用 SQLAPI减 、系统对数 议) 据库的依赖, 可以同时支持 Oracle、 DB2、  (2) SQLAPI (internal TCP/IP interface with the database, using SQLAPI reduction, system logarithm) According to the library dependency, Oracle, DB2 can be supported at the same time.
Informix等数据库系统  Database system such as Informix
(3) SMAP (内部协议) TCP/IP 与运营计费系统接口, 用于业务订购、 取消订 购、 销户、 改号等功能, 以及业务鉴权功能。 (3) SMAP (internal protocol) TCP/IP interfaces with the operating billing system for functions such as service ordering, cancel ordering, account cancellation, number change, and service authentication.
(4) FTP (文件传输协 TCP/IP 与话单采集系统接口,话单采集系统将 BM-SC 议) 话单取到运营计费系统 (4) FTP (File Transfer Protocol TCP/IP and CDR collection system interface, CDR collection system will BM-SC discussion) CDRs are taken to the operation billing system
(5) RTP (实时传输协 TCP/IP 与流媒体系统接口, 接受流媒体系统下发的单 60 7 (5) RTP (Real-time transmission co-TCP/IP interface with streaming media system, accepting the order issued by the streaming media system 60 7
Figure imgf000009_0001
本发明实施例所述多媒体广播系统在工作时,运营计费系统 340接收用 户的订购信息并发送至 BM-SC 300, 根据所述订购信息实现对用户的计费; 所述 BM-SC 300向已订 ^广播业务的用户下发解密密钥, 加密广播数 据流并进行广播;
Figure imgf000009_0001
When the multimedia broadcast system in the embodiment of the present invention is in operation, the operating billing system 340 receives the subscription information of the user and sends the subscription information to the BM-SC 300, and implements charging for the user according to the subscription information; the BM-SC 300 The user who has subscribed to the broadcast service issues a decryption key, encrypts the broadcast data stream, and broadcasts it;
所述 UE 400接收解密密钥和广播数据流, 并利用解密密钥对广播数据 流进行解密。  The UE 400 receives the decryption key and the broadcast data stream and decrypts the broadcast data stream using the decryption key.
其中, 用户可以在营业厅通过运营计费系统 340订购 MBMS业务, 也 可以通过用户网站 Portal (由运营计费系统提供 Provisioning接口给 Portal 使用)订购 MBMS业务。运营计费系统 340会把订购数据同步到 BM-SC 300。  The user can subscribe to the MBMS service through the operation billing system 340 in the business hall, or subscribe to the MBMS service through the user website Portal (the Provisioning interface provided by the operation billing system to the Portal). The operational billing system 340 will synchronize the order data to the BM-SC 300.
取消订购过程与订购过程类似, BM-SC 300在取消订购成功时, 更新 UE 400上的服务密钥(MSK , MBMS Service Key ),取消用户的使用权限。  The canceling order process is similar to the ordering process. When the order cancellation is successful, the BM-SC 300 updates the service key (MSK, MBMS Service Key) on the UE 400 to cancel the user's usage rights.
用户销户 /改号, 运营计费系统 340通知 BM-SC 300完成销户和改号处 理。  User account / change number, operation billing system 340 informs BM-SC 300 to complete the account cancellation and renumbering.
BM-SC 300 处理的密钥包括 MBMS 用户密钥 (MUK, MBMS User The key processed by the BM-SC 300 includes the MBMS User Key (MUK, MBMS User)
Key ) 、 MBMS服务密钥 MSK和 MBMS传输密钥 ( MTK, MBMS Traffic Key )。 其中, 所述 MSK用于在传输 MTK时加密 MTK, 而所述 MTK用于 加密传输的媒体流。此外, 所述 MSK也为组密钥, 所有用户共用一组 MSK 密钥, MSK的数量根据广播业务的用户数确定,具体数量要求可以配置(建 议取值 128 ); 所述 MTK为组密钥, 所有用户共用一组 MTK密钥, 每个广 播业务流中指定使用的具体 MTK ID。 Key), MBMS service key MSK and MBMS Transport Key (MTK, MBMS Traffic Key). The MSK is used to encrypt the MTK when transmitting the MTK, and the MTK is used to encrypt the transmitted media stream. In addition, the MSK is also a group key, and all users share a group of MSK keys. The number of MSKs is determined according to the number of users of the broadcast service, and the specific number can be configured (recommended value 128); the MTK is a group key. , all users share a set of MTK keys, each wide The specific MTK ID specified in the broadcast service stream.
BM-SC 300每天定时根据 MSK的分发策略, 分发 MSK到订购 MBMS 广播业务的 UE 400, 并保存数据到系统的数据库 330中。  The BM-SC 300 periodically distributes the MSK to the UE 400 that subscribes to the MBMS broadcast service according to the MSK distribution policy, and saves the data to the system database 330.
在 UE 400申请或发起 MSK更新时, BM-SC 300可以根据数据库 330 中保存的用户订购关系数据正确下发 MSK到 UE。  When the UE 400 applies for or initiates the MSK update, the BM-SC 300 can correctly deliver the MSK to the UE according to the user subscription relationship data saved in the database 330.
BM-SC 300可以将下发的媒体流使用 MTK进行加密再下发。  The BM-SC 300 can encrypt and deliver the delivered media stream using the MTK.
对于预付费或后付费用户, 运营计费系统 340根据用户的 MBMS广播 业务的订购关系完成包月计费及扣费功能,运营计费系统 340在收取用户包 月费用失败时, 需要通知 BM-SC 300取消订购关系, 终止用户的使用权限。  For the prepaid or postpaid user, the operating billing system 340 completes the monthly billing and deduction function according to the subscription relationship of the MBMS broadcast service of the user, and the operating billing system 340 needs to notify the BM-SC 300 when the user monthly fee is failed. Cancel the subscription relationship and terminate the user's usage rights.
参照 3GPP TS 33.246协议, UE 400在请求 MSK前或收到 BM-SC 300 的 MSK更新消息时, 向引导服务器功能实体 (BSF, Bootstrapping Server Function) (图未示) 申请 MUK, 保存在 UE 630或终端接口 UICC (图中未 示) 中, 保存方式需要通知 BM-SC 300。  Referring to the 3GPP TS 33.246 protocol, the UE 400 applies for a MUK to the Bootstrapping Server Function (BSF) before saving the message to the UE 630 or before receiving the MSK update message of the BM-SC 300. In the terminal interface UICC (not shown), the save mode needs to notify the BM-SC 300.
UE 400可以按照 3GPP TS 33.246协议, 在 MSK过期或无 MSK时向 BM-SC 300发起请求申请 MSK, 并使用 MUK解密返回的 MSK加密数据, 请求时生成 MBMS请求密钥( MRK, MBMS Request Key )。对于 BM-SC 300 主动下发的 MSK更新请求也可以按照协议正确处理。  The UE 400 may initiate a request for the MSK to the BM-SC 300 when the MSK expires or no MSK according to the 3GPP TS 33.246 protocol, and decrypt the returned MSK data using the MUK decryption, and generate an MBMS request key (MRK, MBMS Request Key) when requested. . The MSK update request that is actively sent by the BM-SC 300 can also be handled correctly according to the protocol.
所述的 MRK用于在 UE 400向 BM-SC 300申请 MSK时, 进行鉴别, MRK可以导出 MUK作为参数。  The MRK is used for authentication when the UE 400 applies for the MSK to the BM-SC 300, and the MRK can derive the MUK as a parameter.
UE 400还可以按照 3GPP TS 33.246协议,在 MTK过期或无 MTK时等 待 BM-SC 300发起 MTK更新, 并使用 MSK解密 MTK加密数据, 获取 MTK。  The UE 400 may also wait for the BM-SC 300 to initiate an MTK update when the MTK expires or no MTK according to the 3GPP TS 33.246 protocol, and use the MSK to decrypt the MTK encrypted data to obtain the MTK.
UE 400可以使用 MTK正确处理 BM-SC 300下发的加密的 MBMS广播 业务数据。  The UE 400 can correctly process the encrypted MBMS broadcast service data delivered by the BM-SC 300 using the MTK.
还请参阅图 4, 是本发明实施例所述的多媒体广播方法的流程图。 所述 方法包括:  Please refer to FIG. 4, which is a flowchart of a multimedia broadcasting method according to an embodiment of the present invention. The method includes:
步骤 S410, 用户订购 MBMS广播业务; 步珮 S420, BM-SC获取用户订购信息; 向已订购广播业务的用户终端 下发解密密钥; Step S410, the user subscribes to the MBMS broadcast service; Step S420, the BM-SC acquires user subscription information; and sends a decryption key to the user terminal that has subscribed to the broadcast service;
其中, 所述密钥是 MBMS服务密钥 (MSK, MBMS Service Key )„ 步骤 S430, BM-SC加密广播数据流并广播;  The key is an MBMS service key (MSK, MBMS Service Key) „ Step S430, the BM-SC encrypts the broadcast data stream and broadcasts;
其中, 广播数据流的加密采用 MBMS传输密钥 (MTK, MBMS Traffic Among them, the encryption of the broadcast data stream uses the MBMS transport key (MTK, MBMS Traffic)
Key )实现。 此外, 广播的数据流中还包括用 MSK加密过的 MTK的多媒体 互联网密钥管理(MIKEY, Multimedia Internet KEYing) 数据包。 Key) implementation. In addition, the broadcast data stream also includes MTK's Multimedia Internet Key Management (MIKEY) packets encrypted with MSK.
步骤 S440, 用户终端利用前述解密密钥对接收到的广播数据流进行解 密。  Step S440, the user terminal decrypts the received broadcast data stream by using the foregoing decryption key.
所述的解密包括用户终端利用获得的 MSK, 对接收到的 MTK数据进 行解密, 获得 MTK, 并利用 MTK对广播数据流进行解密。  The decryption comprises the user terminal using the obtained MSK, decrypting the received MTK data, obtaining the MTK, and decrypting the broadcast data stream by using the MTK.
此外, 还包括运营计费系统根据用户订购信息向已订购的用户收取费 用。  In addition, the operating billing system charges the subscribers for subscription based on the subscriber subscription information.
为便于理解本发明 ,下面结合具体实施例对本发明的多媒体广播方法进 行详细说明。  In order to facilitate the understanding of the present invention, the multimedia broadcasting method of the present invention will be described in detail below with reference to specific embodiments.
首先, 用户向运营计费系统订购 MBMS广播业务。  First, the user subscribes to the MBMS broadcast service to the operating billing system.
用户可以在营业厅前台或通过运营商门户网站(Portal )订购 MBMS广 播业务。具体地说,用户可以在营业厅通过运营计费系统订购 MBMS业务, 也可以通过 Portal (由运营计费系统提供 Provisioning接口给 Portal使用) 订购 MBMS业务。  Users can order MBMS broadcast services at the front desk of the business hall or through the operator portal (Portal). Specifically, the user can subscribe to the MBMS service through the operating billing system in the business hall, or subscribe to the MBMS service through the Portal (provided by the operating billing system to provide the Provisioning interface to the Portal).
随后, 运营计费系统将订购数据发送到 BM-S (:。  The operating billing system then sends the order data to the BM-S (:.
运营计费系统根据用户的订购过程生成订购信息,将用户的订购信息同 步到 BM-SC, 通知订购业务或订购关系更新。  The operating billing system generates order information based on the user's ordering process, synchronizes the user's ordering information to the BM-SC, and notifies the ordering service or order relationship update.
随后, BM-SC根据用户订购关系数据, 下发 MBMS服务密钥到已订 购广播业务的用户的 UE。  Then, the BM-SC delivers the MBMS service key to the UE of the user who has subscribed to the broadcast service according to the user subscription relationship data.
所述的 MBMS 服务密钥用于在 MBMS 传输密钥下发过程中, 加密 MTK。 所述的 MTK用于在业务数据下发时加密业务数据。 The MBMS service key is used to encrypt the MTK during the MBMS transport key delivery process. The MTK is used to encrypt service data when the service data is delivered.
由于已订购广播业务的用户的 UE获得 MSK, 因此可以对 BM-SC加密 的广播数据流进行解密, 而未订购的用户则由于未获得 MSK, 因此无法对 BM-SC加密的广播数据流进行解密, 从而实现对未订购用户的限制。  Since the UE of the user who has subscribed to the broadcast service obtains the MSK, the BM-SC encrypted broadcast data stream can be decrypted, and the unordered user cannot decrypt the BM-SC encrypted broadcast data stream because the MSK is not obtained. , thereby achieving restrictions on unsubscribed users.
此外, 需要说明的是, 在下发 MSK到 UE时, 如果 UE上没有 MBMS 用户密钥(MUK, MBMS User Key ), 则由 UE按照 3GPP TS 33.246协议申 请 MUK, 并保存到终端接口 ( UICC )或 UE。  In addition, it should be noted that, when the MSK is sent to the UE, if there is no MBMS user key (MUK, MBMS User Key) on the UE, the UE applies for the MUK according to the 3GPP TS 33.246 protocol, and saves it to the terminal interface (UICC) or UE.
所述的 MUK用于对 BM-SC与 UE间点到点的 MSK数据进行加密。 此外, 为增强对用户接收广播业务的控制, 还可以由 BM-SC定期更新 MSK到 UE。并且,UE收到加密的广播业务宣告时如果发现无 MSK或 MSK 过期, 可以主动到 BM-SC申请或更新。  The MUK is used to encrypt point-to-point MSK data between the BM-SC and the UE. In addition, in order to enhance the control of the user receiving the broadcast service, the BM-SC may also periodically update the MSK to the UE. Moreover, if the UE finds that no MSK or MSK is expired when receiving the encrypted broadcast service announcement, the UE may apply to the BM-SC for application or update.
在实现对用户有效控制的基础上,运营计费系统可以根据用户的订购信 息收取用户的 MBMS广播业务费用。  On the basis of realizing effective control to the user, the operating billing system can charge the user's MBMS broadcast service fee according to the user's subscription information.
需要说明的是, 考虑到根据现有 MBMS的协议, 对于广播业务, 用户 在上线和下线时不会通知网络, 业务网元 BM-SC无法获取用户使用业务信 息。, 因此, 在 BM-SC无法获取用户详细的使用信息情况下, 由运营计费 系统提供针对用户的定期的计费功能, 例如包月计费的方式。  It should be noted that, in consideration of the existing MBMS protocol, for the broadcast service, the user does not notify the network when going online and offline, and the service network element BM-SC cannot obtain the service information used by the user. Therefore, in the case that the BM-SC cannot obtain the detailed usage information of the user, the operating billing system provides a periodic charging function for the user, such as a monthly billing method.
对于取消订购或包月费用收取失败的用户, BM-SC更新用户状态, 并 下发一个无效的 MSK到 UE, 终止用户的使用; 如果下发失败, 则一直重 试到原来的 MSK有效期过期。并且, BM-SC定期清理无效的用户订购数据 到历史库。  For users who have failed to cancel the subscription or the monthly fee, the BM-SC updates the user status and sends an invalid MSK to the UE to terminate the user's use. If the delivery fails, the original MSK validity period expires. Also, the BM-SC periodically cleans up invalid user subscription data to the historical library.
还请参阅图 5, 是本发明实施例所述的多媒体广播系统的结构框图。 包 括: 运营计费系统 340、 广播组播业务中心 300和用户终端 390。 所述运营 计费系统 340用于接收用户的订购信息并发送至广播组播业务中心 300; 所 述广播组播业务中心 300, 用于根据所述用户的订购信息, 向当前订购广播 业务的用户终端提供解密密钥, 并根据该解密密钥加密广播数据流进行广 播; 也就是说, 用于向当前订购广播业务的用户终端 390下发 MSK的解密 密钥, 用 MSK加密 MTK, 并用 MTK加密广播数据流后进行广播; 所述用 户终端 390, 用于接收解密密钥和广播数据流, 并利用所接收到的解密密钥 对广播数据流进行解密, 也就是说, 用于接收解密密钥和广播数据流, 并利 用 MSK的解密密钥解密 MTK信息, 以及利用 MTK的解密密钥对广播数 据流进行解密。 Please refer to FIG. 5, which is a structural block diagram of a multimedia broadcast system according to an embodiment of the present invention. The method includes: an operation billing system 340, a broadcast multicast service center 300, and a user terminal 39 0. The operating billing system 340 is configured to receive the subscription information of the user and send it to the broadcast multicast service center 300. The broadcast multicast service center 300 is configured to: subscribe the user of the broadcast service according to the subscription information of the user. The terminal provides a decryption key, and encrypts the broadcast data stream according to the decryption key for broadcasting; that is, the user sends the decryption key of the MSK to the user terminal 390 that currently subscribes to the broadcast service, encrypts the MTK with the MSK, and encrypts with the MTK. Broadcast after the data stream is broadcast; The terminal 390 is configured to receive the decryption key and the broadcast data stream, and decrypt the broadcast data stream by using the received decryption key, that is, to receive the decryption key and the broadcast data stream, and use the MSK The decryption key decrypts the MTK information and decrypts the broadcast data stream using the decryption key of the MTK.
所述运营计费系统 340包括用户订购信息处理单元 341和用户计费单元 The operational billing system 340 includes a subscriber order information processing unit 341 and a subscriber billing unit
342; 所述 BM-SC 300包括密钥生成单元 310、 密钥分发单元 320和加密单 元 330。 The BM-SC 300 includes a key generation unit 310, a key distribution unit 320, and an encryption unit 330.
其中, 所述用户订购信息处理单元 341用于接收来自用户的数据,在用 户订购 /取消广播业务时将信息同步到 BM-SC 300, 在用户销户 /改号时通知 BM-SC 300完成销户和改号处理, 并且在收取用户费用失败时通知 BM-SC 300取消订购关系, 终止用户的使用权限。  The user order information processing unit 341 is configured to receive data from the user, synchronize the information to the BM-SC 300 when the user subscribes/cancels the broadcast service, and notify the BM-SC 300 to complete the sale when the user cancels/renames the account. The user and the number change process, and notify the BM-SC 300 to cancel the subscription relationship when the user fee is failed, and terminate the user's use right.
所述用户计费单元 342, 与用户订购信息处理单元 341相连, 用于根据 用户的 MBMS广播业务的订购关系完成计费及扣费功能。  The user billing unit 342 is connected to the user order information processing unit 341, and is configured to complete the billing and deduction function according to the subscription relationship of the MBMS broadcast service of the user.
所述密钥生成单元 310用于根据广播业务的密钥生成策略生成密钥。 3GPP TS 33.246的密钥生成策略主要用于组播,与广播不同的是单个組 播业务用户数量可能没有广播业务用户数量大,可以给每个用户生成不同的 MSK; 在 MTK通过 MBMS承截下发时, 相应的 MIKEY请求包的数据量 也在可以接受的范围内。  The key generation unit 310 is configured to generate a key according to a key generation policy of the broadcast service. The key generation strategy of 3GPP TS 33.246 is mainly used for multicast. Different from broadcast, the number of users of a single multicast service may not have a large number of broadcast service users, and different MSKs may be generated for each user. The MTK is under MBMS. At the time of transmission, the amount of data of the corresponding MIKEY request packet is also within an acceptable range.
而对于广播业务来说, 用户数量仅受限于网络容量,如果每个用户有独 立的 MSK, 因为 MTK下发是以 MSK加密的, 所以在通过 MBMS承截下 发 MTK时, 数据量会随着用户数量的不同而变化, 当用户量很大时, 可能 会导致业务播放过程中的出现断续。 因此广播业务的密钥生成策略是 BM-SC 300根据用户号码对用户进行散列分组,一组用户使用同一个 MSK。 用户组的数量可以配置。  For the broadcast service, the number of users is limited only by the network capacity. If each user has an independent MSK, because the MTK is sent with MSK encryption, when the MTK is intercepted and sent by the MBMS, the amount of data will follow. The number of users varies, and when the amount of users is large, it may cause intermittent interruptions in the business playback process. Therefore, the key generation strategy of the broadcast service is that the BM-SC 300 hashes the users according to the user number, and one group of users uses the same MSK. The number of user groups can be configured.
所述密钥分发单元 320,与密钥生成单元 310和用户终端 390分别相连, 用于根据广播业务的密钥分发策略向已订购广播业务的用户的终端发送密 钥。 The key distribution unit 320 is connected to the key generation unit 310 and the user terminal 3 90 respectively, and is configured to send a key to the terminal of the user who has subscribed to the broadcast service according to the key distribution policy of the broadcast service.
所述广播业务的密钥分发策略包括: MUK作为与用户相关的密钥, 按协议要求进行更新。 The key distribution strategy of the broadcast service includes: MUK is updated as a key associated with the user as required by the agreement.
MSK可以每周 (更新周期可配置)更新一次, 按用户号码进行散列分 组, 同一组用户使用相同的 MSK。 将用户平均分布到更新周期内, 并在系 统中配置忙闲时段, 在闲时下发 MSK更新, 减少对网络的冲击。  The MSK can be updated once a week (configurable for the update period), hashed by user number, and the same group of users using the same MSK. The users are evenly distributed to the update period, and the busy hours are configured in the system, and the MSK update is sent in the idle time to reduce the impact on the network.
MTK每小时更新一次,在广播流中下发由 MSK加密的 MTK的 MIKEY 数据包。 MTK在媒体内容下发前及其有效期内重复分发, 下发周期可以几 秒甚至几分钟, 具体时间可配置。  The MTK is updated every hour, and the MIK packet of the MTK encrypted by the MSK is delivered in the broadcast stream. The MTK is repeatedly distributed before and during the delivery of the media content. The delivery period can be several seconds or even minutes, and the specific time can be configured.
所述加密单元 330, 用于采用所述密钥加密广播数据流并广播。 其中, 所述广播数据流的加密采用 MTK来实现。 此外, 所述广播的数据流中还包 括用 MSK加密过的 MTK的 MIKEY数据包, 但并不限于所公开的方式, 也可以是其它的加密方式。  The encryption unit 330 is configured to encrypt and broadcast the broadcast data stream by using the key. The encryption of the broadcast data stream is implemented by using MTK. In addition, the broadcast data stream further includes a MIKEY data packet of the MTK encrypted by the MSK, but is not limited to the disclosed manner, and may be other encryption methods.
对于用户取消订购或订购关系统失效, 由 BM-SC 主动发起到 UE 的 MSK更新请求, 把 UE上的 MSK更新为非法值, 取消用户的使用权限。  For the user to cancel the subscription or the system fails to be ordered, the BM-SC initiates an MSK update request to the UE, and updates the MSK on the UE to an illegal value, and cancels the user's usage right.
对于 MSK, 在用户订购了业务, 并没有在指定时间内接收到有效 Key, 终端可以在用户上线使用业务时, 主动发起 MSK 的申请或更新请求到 BM-SC, 获取或更新 MSK:。  For the MSK, when the user subscribes to the service and does not receive the valid key within the specified time, the terminal can initiate an MSK application or update request to the BM-SC to obtain or update the MSK when the user goes online to use the service.
再请参阅图 6, 为本发明实施例所述广播组播业务中心的结构框图, 包 括: 获取单元 61、 密钥生成单元 62和密钥分发单元 63。 其中, 所述获取单 元 61, 用于获取当前订购广播业务的用户定购信息; 其中获取的过程至少 包括下述一种: 在用户通过营业厅前台或通过运营商门户网站进行订购 /取 消广播业务时,运营计费系统将信息同步到广播组播业务中心; 在用户通过 营业厅前台或通过运营商门户网站进行销户 /改号时, 运营计费系统通知广 播组播业务中心完成销户 /改号处理; 在收取用户费用失败时, 运营计费系 统通知广播组播业务中心取消订购关系,终止用户的使用权限。所述密钥生 成单元 62, 用于根据所述用户定购信息及广播业务的密钥生成策略生成密 钥; 其中所述密钥生成策略主要用于组播, 与广播不同的是单个组播业务用 户数量可能没有广播业务用户数量大, 可以给每个用户生成不同的 MSK; 在 MTK通过 MBMS承截下发时,相应的 MIKEY请求包的数据量也在可以 接受的范围内。 所述密钥分发单元 63 , 用于根据广播业务的密钥分发策略 向已订购广播业务的用户终端发送所述密钥。也就是说,才 据与用户相关的 密钥, 按协议要求进行更新或分发。 比如可以每周(更新周期可配置)更新 一次, 按用户号码进行散列分组, 同一组用户使用相同的 MSK。 将用户平 均分布到更新周期内, 并在系统中配置忙闲时段, 在闲时下发 MSK更新, 减少对网络的冲击。 加密单元 64, 用于采用所述密钥加密广播数据流并广 播。 其中, 所述广播数据流的加密采用 MTK来实现。 此外, 所述广播的数 据流中还包括用 MSK加密过的 MTK的 MIKEY数据包, 但并不限于所公 开的方式, 也可以是其它的加密方式。 Referring to FIG. 6, a structural block diagram of a broadcast multicast service center according to an embodiment of the present invention includes: an obtaining unit 61, a key generating unit 62, and a key distributing unit 63. The obtaining unit 61 is configured to acquire user subscription information of the current subscription broadcast service. The process of obtaining at least includes the following: when the user subscribes/cancels the broadcast service through the front desk of the business hall or through the operator portal website. The operation billing system synchronizes the information to the broadcast multicast service center; when the user cancels the account/rename through the front desk of the business hall or through the operator portal, the operation billing system notifies the broadcast multicast service center to complete the account cancellation/change No. Processing; When the user fee is failed, the operating billing system notifies the broadcast multicast service center to cancel the subscription relationship and terminate the user's usage rights. The key generating unit 62 is configured to generate a key according to the user ordering information and a key generation policy of the broadcast service; wherein the key generation policy is mainly used for multicast, and the broadcast service is different from the broadcast. The number of users may not have a large number of broadcast service users, and each user may generate a different MSK. When the MTK is delivered by MBMS, the amount of data of the corresponding MIKEY request packet may also be Accepted within the scope. The key distribution unit 63 is configured to send the key to a user terminal that has subscribed to the broadcast service according to a key distribution policy of the broadcast service. That is to say, according to the key associated with the user, it is updated or distributed according to the requirements of the agreement. For example, it can be updated once a week (updateable period configurable), hashed by user number, and the same group of users use the same MSK. The users are evenly distributed to the update period, and the busy hours are configured in the system, and the MSK update is sent in the idle time to reduce the impact on the network. The encryption unit 64 is configured to encrypt and broadcast the broadcast data stream by using the key. The encryption of the broadcast data stream is implemented by using MTK. In addition, the broadcast data stream further includes a MIKEY data packet of the MTK encrypted by the MSK, but is not limited to the disclosed manner, and may be other encryption methods.
本实施中所述单元的具体功能和作用详见上述实现过程, 在此不再赘 述。  The specific functions and functions of the units in this embodiment are described in the above implementation process, and will not be described again.
综上所述, 本发明实施例可以针对 MBMS广播业务提供对用户进行鉴 权和计费的功能。 对于手机电视、 赛马直播、 股市分析等对用户有吸引力的 内容, 运营商可以通过 MBMS广播业务运营, 可以充分利用网絡资源, 增 加 MBMS广播业务的应用场景, 有利于 MBMS广播业务的使用与推广。  In summary, the embodiment of the present invention can provide a function for authenticating and charging a user for an MBMS broadcast service. For mobile TV, horse racing, stock market analysis and other user-friendly content, operators can operate through MBMS broadcast services, which can make full use of network resources and increase the application scenarios of MBMS broadcast services, which is conducive to the use and promotion of MBMS broadcast services. .
以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普 通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润 饰, 这些改进和润饰也应视为本发明的保护范围。  The above description is only a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. It should be considered as the scope of protection of the present invention.

Claims

权 利 要 求 Rights request
1. 一种多媒体广播方法, 其特征在于, 包括步驟:  A multimedia broadcasting method, comprising the steps of:
用户订购多媒体广播业务;  The user subscribes to the multimedia broadcast service;
广播组播业务中心获取用户订购信息,向当前订购广播业务的用户终端 提供解密密钥;  The broadcast multicast service center obtains user subscription information, and provides a decryption key to the user terminal that currently subscribes to the broadcast service;
所述广播组播业务中心加密广播数据流并广播;  The broadcast multicast service center encrypts and broadcasts the broadcast data stream;
用户终端利用所述解密密钥对接收到的广播数据流进行解密。  The user terminal decrypts the received broadcast data stream using the decryption key.
2. 根据权利要求 1所述的多媒体广播方法, 其特征在于, 所述方法还 包括: 运营计费系统 居所述用户订购信息对已订购广播业务的用户计费。  The multimedia broadcasting method according to claim 1, wherein the method further comprises: operating the charging system to charge the user of the subscribed broadcast service in the user subscription information.
3. 根据权利要求 2所述的多媒体广播方法, 其特征在于, 所述广播组 播业务中心获取用户订购信息包括:  The multimedia broadcast method according to claim 2, wherein the obtaining, by the broadcast multicast service center, the user subscription information comprises:
在用户订购 /取消广播业务时, 运营计费系统将信息同步到广播組播业 务中心;  When the user subscribes/cancels the broadcast service, the operation billing system synchronizes the information to the broadcast multicast service center;
在用户销户 /改号时, 运营计费系统通知广播组播业务中心完成销户 /改 号处理; 和 /或  When the user cancels/renames the account, the operating billing system notifies the broadcast multicast service center to complete the account cancellation/revision process; and/or
在收取用户费用失败时,运营计费系统通知广播组播业务中心取消订购 关系, 终止用户的使用权限。  When the user fee is failed, the operating billing system notifies the broadcast multicast service center to cancel the subscription relationship and terminate the user's usage rights.
4. 根据权利要求 1至 3任一项所述的多媒体广播方法, 其特征在于, 所述向当前订购广播业务的用户终端提供解密密钥包括:  The multimedia broadcast method according to any one of claims 1 to 3, wherein the providing a decryption key to a user terminal that currently subscribes to the broadcast service includes:
广播组播业务中心根据用户订购信息, 下发解密密钥的服务密钥 MSK 到已订购广播业务的用户终端; 或者  The broadcast multicast service center delivers the service key MSK of the decryption key to the user terminal that has subscribed to the broadcast service according to the user subscription information; or
用户终端在收到加密的广播业务宣告时, 如果发现无 MSK或 MSK过 期, 主动到广播组播业务中心申请或更新。  When receiving the encrypted broadcast service announcement, the user terminal initiates an application or update to the broadcast multicast service center if it finds that there is no MSK or MSK expired.
5. 根据权利要求 4所述的多媒体广播方法, 其特征在于, 所述广播組 播业务中心加密广播数据流是指采用传输密钥 MTK在业务数据下发时加密 业务数据, 在广播的数据流中还包括采用 MSK加密过的 MTK的多媒体互 联网密钥管理协议数据包。  The multimedia broadcast method according to claim 4, wherein the broadcast multicast service center encrypts the broadcast data stream to encrypt the service data when the service data is transmitted by using the transport key MTK, and the broadcast data stream It also includes multimedia Internet Key Management Protocol data packets using MTK encrypted by MSK.
6. 根据权利要求 5所述的多媒体广播方法, 其特征在于, 所述用户终 端利用前述解密密钥对接收到的广播数据流进行解密包括:用户终端利用获 得的 MSK, 对接收到的 MTK加密数据进行解密, 获得 MTK, 并利用 MTK 对广播数据流进行解密。 The multimedia broadcasting method according to claim 5, wherein the user ends Decrypting the received broadcast data stream by using the foregoing decryption key comprises: the user terminal decrypting the received MTK encrypted data by using the obtained MSK, obtaining the MTK, and decrypting the broadcast data stream by using the MTK.
7. 根据权利要求 4所述的多媒体广播方法, 其特征在于, 所述用户终 端在收到解密密钥 MSK时, 如果 MSK被用户密钥 MUK加密, 且用户终 端上没有用户密钥 MUK, 则由用户终端申请 MUK, 并保存到终端接口或 用户终端, 使用所述 MUK解密返回的 MSK加密数据, 获得 MSK。  The multimedia broadcast method according to claim 4, wherein, when the user terminal receives the decryption key MSK, if the MSK is encrypted by the user key MUK, and the user terminal does not have the user key MUK, The MUK is applied by the user terminal, and saved to the terminal interface or the user terminal, and the MSK is used to decrypt the returned MSK encrypted data to obtain the MSK.
8. 根据权利要求 7所述的多媒体广播方法, 其特征在于, 所述方法还 包括对于取消订购或费用收取失败的用户, 广播組播业务中心更新用户状 态, 并下发无效的 MSK到用户终端, 终止用户使用; 如果下发失败, 则一 直重试到原来的 MSK有效期过期。  The multimedia broadcast method according to claim 7, wherein the method further comprises: for a user who cancels the subscription or the fee collection failure, the broadcast multicast service center updates the user status, and delivers the invalid MSK to the user terminal. , terminate user use; if the delivery fails, it will retry until the original MSK validity period expires.
9. 根据权利要求 7所述的多媒体广播方法, 其特征在于, 所有用户共 用一组 MSK, 共用 MSK的用户数量由广播业务的用户数确定。  9. The multimedia broadcasting method according to claim 7, wherein all users share a group of MSKs, and the number of users sharing the MSK is determined by the number of users of the broadcasting service.
10. 根据权利要求 8所述的多媒体广播方法, 其特征在于, 所述方法还 包括广播组播业务中心根据用户号码对用户进行散列分组,一组用户使用同 一个 MS :。  The multimedia broadcasting method according to claim 8, wherein the method further comprises: the broadcast multicast service center hashes the users according to the user number, and the group of users uses the same MS:.
11. 一种多媒体广播业务系统, 其特征在于, 包括:  A multimedia broadcast service system, comprising:
运营计费系统, 用于接收用户的订购信息并发送至广播组播业务中心; 广播组播业务中心, 用于根据所述用户的订购信息, 向当前订购广播业 务的用户终端提供解密密钥, 并加密广播数据流后进行广播;  An operation billing system, configured to receive subscription information of the user and send the information to the broadcast multicast service center; the broadcast multicast service center is configured to provide a decryption key to the user terminal that currently subscribes to the broadcast service according to the subscription information of the user, And encrypting the broadcast data stream and broadcasting;
用户终端,用于接收解密密钥和广播数据流, 并利用所接收到的解密密 钥对广播数据流进行解密。  The user terminal is configured to receive the decryption key and the broadcast data stream, and decrypt the broadcast data stream by using the received decryption key.
12. 根据权利要求 11所述的多媒体广播业务系统, 其特征在于, 所述 运营计费系统包括:  The multimedia broadcast service system according to claim 11, wherein the operating billing system comprises:
用户订购信息处理单元, 用于接收来自用户的数据, 在用户订购 /取消 广播业务时将信息同步到广播组播业务中心; 在用户销户 /改号时通知广播 组播业务中心完成销户 /改号处理; 以及在收取用户费用失败时通知广播组 播业务中心取消订购关系, 终止用户的使用权限。  The user subscription information processing unit is configured to receive data from the user, synchronize the information to the broadcast multicast service center when the user subscribes/cancels the broadcast service, and notify the broadcast multicast service center to complete the account cancellation when the user cancels/renames the account/ Change the number processing; and notify the broadcast multicast service center to cancel the subscription relationship when the user fee fails, and terminate the user's usage rights.
13. 根据权利要求 12所述的多媒体广播业务系统, 其特征在于, 所述 运营计费系统还包括: 13. The multimedia broadcast service system according to claim 12, wherein: The operating billing system also includes:
用户计费单元, 与用户订购信息处理单元相连, 用于根据用户的广播业 务的订购关系完成计费及入账功能。  The user billing unit is connected to the user order information processing unit, and is configured to complete the billing and accounting function according to the subscription relationship of the user's broadcast service.
14. 根据权利要求 12所述的多媒体广播业务系统, 其特征在于, 所述 广播组播业务中心包括:  The multimedia broadcast service system according to claim 12, wherein the broadcast multicast service center comprises:
密钥生成单元, 用于根据广播业务的密钥生成策略生成密钥; 密钥分发单元, 与密钥生成单元和用户终端分别相连,用于根据广播业 务的密钥分发策略向已订购广播业务的用户终端发送所述密钥;  a key generation unit, configured to generate a key according to a key generation policy of the broadcast service; a key distribution unit, which is respectively connected to the key generation unit and the user terminal, and configured to subscribe to the subscribed broadcast service according to a key distribution policy of the broadcast service User terminal sends the key;
加密单元, 用于采用所述密钥加密广播数据流并广播。  And an encryption unit, configured to encrypt and broadcast the broadcast data stream by using the key.
15. 一种广播组播业务中心, 其特征在于, 包括:  15. A broadcast multicast service center, comprising:
获取单元, 用于获取当前订购广播业务的用户定购信息;  An obtaining unit, configured to obtain user subscription information of a current subscription broadcast service;
密钥生成单元,用于根据所述用户定购信息及广播业务的密钥生成策略 生成密钥;  a key generation unit, configured to generate a key according to the user subscription information and a key generation policy of the broadcast service;
密钥分发单元,用于根据广播业务的密钥分发策略向已订购广播业务的 用户终端发送所述密钥;  a key distribution unit, configured to send the key to a user terminal that has subscribed to the broadcast service according to a key distribution policy of the broadcast service;
加密单元, 用于采用所述密钥加密广播数据流并广播。  And an encryption unit, configured to encrypt and broadcast the broadcast data stream by using the key.
PCT/CN2007/000760 2006-03-30 2007-03-09 System, method and bm-sc for mbms service WO2007112650A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610066373.4 2006-03-30
CN2006100663734A CN101047956B (en) 2006-03-30 2006-03-30 Multimedia broadcast service system and method

Publications (1)

Publication Number Publication Date
WO2007112650A1 true WO2007112650A1 (en) 2007-10-11

Family

ID=38563092

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/000760 WO2007112650A1 (en) 2006-03-30 2007-03-09 System, method and bm-sc for mbms service

Country Status (2)

Country Link
CN (1) CN101047956B (en)
WO (1) WO2007112650A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618898A (en) * 2015-01-29 2015-05-13 东方通信股份有限公司 Method and system for encrypting/ decrypting IP (Internet Protocol) short messages based on SMS (Short Messaging Service) over IMS (IP Multimedia Subsystem)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267590B (en) * 2007-03-14 2013-07-31 中国移动通信集团公司 Service unsubscription method and system, mobile terminal, card and service server
CA2703676A1 (en) * 2007-10-25 2009-04-30 Nokia Corporation System and method for re-synchronization of a pss session to an mbms session
CN101483808B (en) * 2008-01-07 2011-01-05 中兴通讯股份有限公司 Method for ensuring safety of multimedia broadcast service
CN101499866B (en) * 2008-02-01 2011-12-07 中兴通讯股份有限公司 Service cipher key transmitting method in multimedia broadcast service
CN101345677B (en) * 2008-08-21 2011-06-01 西安西电捷通无线网络通信股份有限公司 Method for improving security of broadcast or multicast system
CN101729269B (en) * 2008-10-16 2012-05-23 中兴通讯股份有限公司 Method and system for implementing multimedia broadcast/multicast service, and bearer selection method
CN102404691A (en) * 2008-10-16 2012-04-04 中兴通讯股份有限公司 Wireless bearer selection method
CN102202074B (en) * 2010-03-24 2013-06-05 华为终端有限公司 Service processing method and system and relevant equipment
CN102300154B (en) * 2010-06-25 2015-07-22 中兴通讯股份有限公司 Method and device for updating key in multimedia broadcast system
US8379525B2 (en) * 2010-09-28 2013-02-19 Microsoft Corporation Techniques to support large numbers of subscribers to a real-time event
CN103546826B (en) * 2012-07-16 2017-07-21 上海贝尔股份有限公司 The transmission method and device of video traffic
CN104683977B (en) * 2015-03-24 2018-05-22 深圳中兴网信科技有限公司 The management method and managing device of business datum
CN106162566B (en) * 2015-04-15 2019-08-27 中国电信股份有限公司 The methods, devices and systems of eMBMS business declaration short message are sent to user terminal
CN114979962A (en) * 2021-02-20 2022-08-30 华为技术有限公司 Method and device for updating key

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1471773A (en) * 2000-10-26 2004-01-28 ���ĺ� Enforcement of rights and conditions for multimedia content
WO2004030294A1 (en) * 2002-09-30 2004-04-08 Samsung Electronics Co., Ltd. Ciphering key management and distribution in mbms
US20050026607A1 (en) * 2003-08-02 2005-02-03 Samsung Electronic Co., Ltd. Ciphering method in a mobile communication system supporting a multimedia broadcast/multicast service
WO2005015782A1 (en) * 2003-08-06 2005-02-17 Samsung Electronics Co., Ltd. Method for setting time limit in joining mbms service
WO2005034565A1 (en) * 2003-10-06 2005-04-14 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement in a telecommunication system
US20050198126A1 (en) * 2004-02-06 2005-09-08 Verbestel Willy M. System and method of providing content in a multicast system
CN1728843A (en) * 2004-07-26 2006-02-01 北京三星通信技术研究有限公司 Prevent that password update from causing the method that air interface is congested

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1471773A (en) * 2000-10-26 2004-01-28 ���ĺ� Enforcement of rights and conditions for multimedia content
WO2004030294A1 (en) * 2002-09-30 2004-04-08 Samsung Electronics Co., Ltd. Ciphering key management and distribution in mbms
US20050026607A1 (en) * 2003-08-02 2005-02-03 Samsung Electronic Co., Ltd. Ciphering method in a mobile communication system supporting a multimedia broadcast/multicast service
WO2005015782A1 (en) * 2003-08-06 2005-02-17 Samsung Electronics Co., Ltd. Method for setting time limit in joining mbms service
WO2005034565A1 (en) * 2003-10-06 2005-04-14 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement in a telecommunication system
US20050198126A1 (en) * 2004-02-06 2005-09-08 Verbestel Willy M. System and method of providing content in a multicast system
CN1728843A (en) * 2004-07-26 2006-02-01 北京三星通信技术研究有限公司 Prevent that password update from causing the method that air interface is congested

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"3GPP TS 33.246 V6.0.0", September 2004 (2004-09-01) *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618898A (en) * 2015-01-29 2015-05-13 东方通信股份有限公司 Method and system for encrypting/ decrypting IP (Internet Protocol) short messages based on SMS (Short Messaging Service) over IMS (IP Multimedia Subsystem)
CN104618898B (en) * 2015-01-29 2018-06-05 东方通信股份有限公司 A kind of method of the IP short message encryption and decryption of based on SMS overIMS and IP short message encrypting and deciphering systems

Also Published As

Publication number Publication date
CN101047956A (en) 2007-10-03
CN101047956B (en) 2010-10-27

Similar Documents

Publication Publication Date Title
WO2007112650A1 (en) System, method and bm-sc for mbms service
US20210051474A1 (en) Network architecture having multicast and broadcast multimedia subsystem capabilities
EP1341341B1 (en) Charging mechanism for multicasting
US7969979B2 (en) Distribution of multicast data to users
KR100966720B1 (en) Method and apparatus for controlling a delivery of a broadcast-multicast flow in a packet data communication system
EP2165555B1 (en) Method and apparatuses for providing multimedia broadcasting multicasting services
KR100691431B1 (en) System and method for controlling contents delivery for multimedia broadcast and multicast service through the wireless and mobile communication network
EP2317414A1 (en) Method and apparatus for secure data transmission in a mobile communication system
RU2357370C1 (en) Device and method of transmitting stream in mobile broadcasting system
US20090252324A1 (en) Method and apparatus for providing broadcast service using encryption key in a communication system
US20070036167A1 (en) Method, device, and system, for terminating a user session in a multicast service
JP2004533735A (en) ECM and EMM delivery for multimedia multicast content
WO2008040201A1 (en) A method for obtaining ltk and a subscribe management server
KR20040094777A (en) Method and system for access and accounting of point-to-multipoint services
US8060598B1 (en) Computer network multicasting traffic monitoring and compensation
EP1692791A2 (en) Apparatus and method for broadcast services transmission and reception
WO2008040244A1 (en) Multicast/broadcast system and method for transferring multicast/broadcast service
EP2073485B1 (en) Providing a download service in communications system
Revision Broadcast and Multicast Service in cdma2000 Wireless IP Network
TW200524334A (en) Method and apparatus for time-based charging for broadcast-multicast services (BCMCs) in a wireless communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720358

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720358

Country of ref document: EP

Kind code of ref document: A1