WO2008040201A1 - A method for obtaining ltk and a subscribe management server - Google Patents

A method for obtaining ltk and a subscribe management server Download PDF

Info

Publication number
WO2008040201A1
WO2008040201A1 PCT/CN2007/070620 CN2007070620W WO2008040201A1 WO 2008040201 A1 WO2008040201 A1 WO 2008040201A1 CN 2007070620 W CN2007070620 W CN 2007070620W WO 2008040201 A1 WO2008040201 A1 WO 2008040201A1
Authority
WO
WIPO (PCT)
Prior art keywords
long
management server
term key
subscription management
key
Prior art date
Application number
PCT/CN2007/070620
Other languages
French (fr)
Chinese (zh)
Inventor
Qinwei Zhang
Ruinan Sun
Zhibin Li
Zhuo Sang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008040201A1 publication Critical patent/WO2008040201A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/189Arrangements for providing special services to substations for broadcast or conference, e.g. multicast in combination with wireless systems

Definitions

  • the present invention relates to a mobile broadcast service, and more particularly to a long-term key acquisition method and a subscription management server. Background of the invention
  • MBMS Multimedia Broadcast Multicast Service
  • BCMCS Broadcast Multicast Service
  • DVD-H Digital Television Broadcasting
  • OMA Open Mobile Alliance
  • the business protection in BCAST generally uses a 4-layer protection model.
  • FIG. 1 is a schematic diagram of the business protection model in BCAST. As shown in Figure 1, the business protection model in BCAST specifically includes the following four layers:
  • the first layer the authentication layer.
  • This layer is used for authentication between the device on the terminal side and the server on the network side. That is, the device on the terminal side and the server on the network side authenticate each other through a two-way channel or an offline mode. After the authentication is passed, the server on the network side and the device on the terminal side can obtain a shared key, and the server on the network side and the device on the terminal side respectively generate a corresponding user key according to the shared key, which is used to protect the authentication layer. information.
  • the user key mentioned above is a shared subscription management key (SMK, Subscriber Management Key) generated by smart card registration authentication; and for the digital right management (DRM) method
  • SK shared subscription management key
  • DRM digital right management
  • REK rights Encryption Key
  • the second layer Long-term key message (LTKM, Long Term Key Message) transport layer.
  • This layer is used by the server on the network side to transmit a Long Term Key (LTK), that is, a service/program key, to the device on the terminal side.
  • the service/program key includes a Service Encrypt Key (SEK) or a Program Encrypt Key (PEK).
  • the server-side service/program key message generating module on the network side encrypts the received service/program encryption key (ie, LTK) according to the REK or SMK of the authentication layer, and generates a long-term key message LTKM, and Sending it to the device on the terminal side; the device on the terminal side decrypts the received LTKM according to the REK or SMK of the authentication layer, and then obtains the service/program encryption key (ie, LTK) required to be transmitted by the server end. ) and use the service/program encryption key as the service/program decryption key.
  • LTK received service/program encryption key
  • the third layer Short-term key message (STKM, Short Term Key Message) transport layer.
  • This layer is used to transmit a Traffic Encryption Key (TEK) to the device on the terminal side.
  • TEK Traffic Encryption Key
  • the server-side transport key message generating module on the network side encrypts the received TEK according to the SEK or PEK of the LTKM transport layer, generates a short-term key message STKM, and sends the short-term key message STKM to the device on the terminal side;
  • the device on the terminal side decrypts the received STKM according to the SEK or PEK of the LTKM transport layer, and obtains the TEK required to be transmitted by the server, and uses the TEK as a transport decryption key.
  • the fourth layer transport encryption layer.
  • This layer is used to transfer data (for example, broadcasted content) to devices on the terminal side.
  • the server-side encryption module on the network side encrypts the data to be transmitted by using the transmission encryption key TEK of the STKM transport layer, and then encrypts the encrypted data.
  • the data is sent to the device on the terminal side; the device on the terminal side decrypts the received encrypted data according to the TEK of the STKM transport layer, and the data to be transmitted by the server end is obtained.
  • the Smartcard Profile uses the Universal Subscriber Identity Module (USIM) card or the Removable User Identity Module (RUIM) card to store SMK, SEK, and PEK, and uses the security of the smart card to ensure the service.
  • USIM Universal Subscriber Identity Module
  • RUIM Removable User Identity Module
  • the security of the key uses the service protection mode of the smart card profile to ensure the service.
  • the security mechanism of the MBMS and the security mechanism of the BCMCS are respectively followed.
  • the DRM Profile uses OMA's DRM technology, which controls the use of digital content primarily through rights restrictions and content protection schemes.
  • the DRM technology mainly includes a DRM terminal (DRM Agent), a digital content issuer (CI, Content Issuer), an authorized issuer (RI, Rights Issuer), a user entity, and a storage device.
  • DRM terminal DRM Agent
  • CI digital content issuer
  • RI authorized issuer
  • a user entity mainly includes a DRM terminal (DRM Agent), a digital content issuer (CI, Content Issuer), an authorized issuer (RI, Rights Issuer), a user entity, and a storage device.
  • the basic principle of DRM technology is: After the digital content publisher encrypts the digital content, the user downloads the encrypted digital content data packet to the terminal; RI is responsible for distributing the license corresponding to the digital content, and the license is obtained by the license key. Encryption, and the license key is encrypted by the RI using the device public key.
  • the above license includes the content
  • the device can only use the purchased digital content only if it has both the content data package (which contains the information necessary for decrypting the digital content) and the license. . Since in the DRM technology, REK, SEK and PEK are all stored in the DRM Agent, the security of the key is guaranteed by the DRM Agent. For example, in the four-layer protection model implemented based on the OMA-based DRM 2.0 standard, the copyright object (RO, Rights Object) containing the SEK and/or PEK is transmitted in the second layer. Therefore, the DRM Agent can decrypt the license key by using the private key of the device, thereby obtaining the content key in the license, decrypting the digital content, and controlling the specific use of the digital content by the user according to the permission information in the license.
  • the DRM Agent can decrypt the license key by using the private key of the device, thereby obtaining the content key in the license, decrypting the digital content, and controlling the specific use of the digital content by the user according to the permission information in the license.
  • the broadcast service provided in BCAST requires the user to order, and the user will get the corresponding long-term key, ie SEK or PEK.
  • SEK is provided to long-term subscribers
  • PEK is provided to users of Pay-per-view.
  • the DRM profile-based terminal sends a subscription request to the BCAST Subscription Manager (BSM, BCAST Subscription Management), that is, the subscription management server, and after BSM authentication, the BSM sends a Request Object Acquisition Protocol (ROAP) to the RI.
  • BSM BCAST Subscription Manager
  • ROAP Request Object Acquisition Protocol
  • the triggered message the RI obtains a Service Encrypt Authentication Key (SEAK) or a Program Encrypt Authentication Key (PEAK) from the BSM, generates a corresponding RO for the terminal, and returns
  • the ROAP triggers a response message to the BSM.
  • the BSM sends a ROAP trigger message (including the URL address of the RI) to the terminal, and notifies the terminal to acquire the RO that has been generated by the RI.
  • the terminal After receiving the notification, the terminal directly interacts with the RI through the DRM mechanism to obtain the corresponding RO.
  • the DRM RI requires that the DRM Agent on the terminal must obtain the RO after the RI is registered. If the terminal DRM Agent has not been registered with the RI, the corresponding 4-step (4 pass) registration process is started before the RO is acquired.
  • the BSM (which can be set as the first subscription management server) of the home service provider (SP, Service Provider) can send the request message and pass the attribution SP.
  • the BSM authenticates the service in the BSM of the roaming SP (which can be set as the second subscription management server).
  • the terminal may request a long-term key message from the BSM of the home SP through the BSM of the home SP.
  • the BSM of the roaming SP needs terminal or smart card information to successfully generate a long-term key message for the terminal. Therefore, the terminal reports the terminal or smart card information to the BSM of the home SP, and the BSM of the home SP sends the information to the roaming place.
  • the terminal When the DRM method is used for service protection, the terminal also needs to register in advance at the RI of the roaming SP.
  • the BSM of the roaming SP sends the generated long-term key message to the terminal through the BSM of the home SP.
  • the terminal After receiving the long-term key message, the terminal can parse the SEK or The PEK, which is used to decrypt the TEK for the encrypted service, receives the corresponding broadcast service provided by the roaming place SP.
  • some broadcast television networks are one-way networks, such as DVB-H networks.
  • the terminal cannot directly interact with the BSM of the roaming place, and it is also inconvenient to perform terminal or smart card registration authentication on the network of the roaming place, and the required broadcast service key cannot be obtained.
  • the terminal needs to obtain services from multiple subscription management servers, it needs to register with multiple subscription management servers separately to obtain service keys. The whole process is complicated and unsafe.
  • Embodiments of the present invention provide a long-term key acquisition method and a subscription management server, so that a user can obtain long-term keys of other subscription management servers through one subscription management server.
  • a long-term key acquisition method includes:
  • the first subscription management server acquires a long-term key of the service corresponding to the service identifier in the first request message
  • An embodiment of the present invention further provides a subscription management server, where the subscription management server includes: a service subscription/key management module and a key message generation module;
  • the service subscription/key management module is configured to receive a first request message, obtain a long-term key and/or long-term key association information of a service corresponding to the service identifier in the first request message;
  • the key and/or long-term key association information is sent to the key message generation module;
  • the key message generating module is configured to generate and send a corresponding long-term key message according to the received long-term key and/or long-term key association information.
  • An embodiment of the present invention further provides a subscription management service system, where the subscription management service system includes: a first subscription management server and a terminal;
  • the first subscription management server is configured to receive a first request message that is sent by the terminal and that carries a service identifier, and obtain a long-term key of a service that is corresponding to the service identifier in the first request message;
  • the key generates a long-term key message, and sends the long-term key message to the terminal;
  • the terminal is configured to send a first request message carrying a service identifier to the first subscription management server, and receive a long-term key message sent by the first subscription management server.
  • the terminal since the terminal obtains the long-term key of the roaming service by subscribing to the management server, without interacting with the BSM of the roaming place, Therefore, even in the case where the network of the roaming area is a one-way network, the terminal can obtain the required long-term key.
  • the long-term key generated by the second subscription management server is encrypted by the first subscription management server, and the generated long-term key is not required to be encrypted by the second subscription management server, so the user is not required to be in the first
  • the second subscription management server or the related server of the domain in which it is located is securely registered, so that the user can acquire multiple subscription management servers to generate a long-term key through a subscription management server, thereby reducing unnecessary security registration and enhancing the user experience.
  • the first subscription management server sends the second subscription management service to the second subscription management service.
  • the substitute user identifier is allowed in the message of the server, and the second subscription management server can use the substitute user identifier to perform service authentication on the user, which reduces the network transmission of the actual user identifier, thereby improving user information security.
  • the first subscription management server is used as the network application server NAF to obtain the subscription key KS_NAF from the boot server BSF, and the service key of the second subscription management server is encrypted, so that The second subscription management server can obtain the requested service key without the NAF function, which simplifies the function and complexity of the second subscription management server.
  • Figure 1 is a schematic diagram of the business protection model in BCAST.
  • FIG. 2 is a general flowchart of a method for acquiring a long-term key in an embodiment of the present invention.
  • FIG. 3 is a specific flowchart of a method for acquiring a long-term key in an embodiment of the present invention. Or a flowchart of the method of key update.
  • FIG. 5 is a flowchart of a method for implementing an indirect broadcast service subscription or key update by using the GBA method according to an embodiment of the present invention.
  • FIG. 6 is a flowchart of a method for acquiring a home-initiated roaming service key according to an embodiment of the present invention.
  • FIG. 7 is a flowchart of a method for acquiring a broadcast service key initiated by an operator to a service provider according to an embodiment of the present invention.
  • FIG. 8 is a structural diagram of a subscription management server in an embodiment of the present invention.
  • FIG. 9 is a structural diagram of a subscription management service system according to an embodiment of the present invention. Mode for carrying out the invention
  • the BSM of the subscription management server or the home SP of the terminal to the first subscription management server, and set the BSM of the roaming subscription management server or the roaming SP.
  • a second subscription management server in addition, when the service that the terminal needs to subscribe to does not need to distinguish the home location or the roaming place (for example, subscribes to the SP for the program provided by the SP through the network operator's platform), for the terminal, Network operators are generally more trustworthy and more secure than normal SPs. In addition to providing subscription management services, network operators can also contact other SPs that provide subscription management services. Therefore, network operations can also be performed.
  • the subscriber's subscription management server is set as the first subscription management server
  • the BSM of the SP is set as the second subscription management server.
  • FIG. 2 is a general flowchart of a method for acquiring a long-term key in an embodiment of the present invention. As shown in FIG. 2, the long-term key acquisition method in the embodiment of the present invention includes the following steps:
  • Step 201 The terminal sends a request message carrying the service identifier to the first subscription management server.
  • the request message may further carry information such as a second subscription management server identifier and a user ID (such as a mobile phone SIM card number).
  • Step 202 The first subscription management server acquires long-term key and/or long-term key association information of the service corresponding to the service identifier in the request message.
  • the long-term key association information is information related to the long-term key, such as the validity period of the long-term key.
  • Step 203 The first subscription management server generates a long-term key message according to the long-term key, and sends the long-term key message to the terminal.
  • the service identifier in the foregoing process may also be a purchase item identifier, that is, a service purchase item identifier that allows the user to order, or a purchase item identifier formed by combining a plurality of services.
  • FIG. 3 is a specific flowchart of a method for acquiring a long-term key in an embodiment of the present invention.
  • the first subscription management server may be a subscription management server of the home of the terminal, or may be a BSM of the home SP
  • the second subscription management server may be a subscription management server that serves the roaming location, or may be a BSM of the roaming SP.
  • the specific process of the long-term key acquisition method in the embodiment of the present invention includes the following steps:
  • Step 301 The terminal sends a first broadcast service subscription request message to the first subscription management server.
  • the first broadcast service subscription request message includes a second subscription management server identifier, a user identifier, a service identifier to be subscribed, or a subscription identifier.
  • the service identifier is globally unique or includes a second subscription management server identifier (for example, the service identifier is a subscription service server identifier concatenated with a service number)
  • the second subscription service subscription request message may not include the second subscription management server.
  • the first subscription management server may infer the second subscription management server identifier from the service identifier in the first broadcast service subscription request message.
  • the first broadcast service subscription request message may further include terminal information (Device ID) or smart card information, which is used when the first subscription management server generates a required long-term key message for the terminal in a subsequent step.
  • the terminal information may be an International Mobile Station Equipment Identity (IMEI), and the smart card information may be a mobile phone SIM card number or the like.
  • IMEI International Mobile Station Equipment Identity
  • the user who uses the terminal can obtain the subscribed service or subscription information and determine the service to be subscribed in multiple ways.
  • the terminal can obtain the service or subscription information of the second subscription management server through the broadcast service guide SG, and display it to the user.
  • the user is allowed to directly select the service to be subscribed through the terminal; in addition, the user can also obtain the service or subscription information through the portal (PORTAL), advertisement, and the like, and then input the service information to be subscribed through the terminal.
  • PORTAL portal
  • Step 302 The first subscription management server sends a second broadcast service subscription request to the second subscription management server.
  • the first subscription management server first authenticates the user in the terminal, and when the user is a legitimate user and has the right to subscribe to the service managed by the second subscription management server, the first subscription management server manages according to the second subscription.
  • the server identifier sends a second broadcast service subscription request including a user identity (or an alternate user identity), a service identity to be subscribed, or a subscriber identity to the second subscription management server.
  • the second subscription management server identifier may be directly obtained from the first broadcast service subscription request received by the first subscription management server; or, the second subscription management server identifier is inferred by using the service identifier in the first request message, The second subscription management server identifier may not be included in the first request message sent by the terminal to the first subscription management server.
  • the first subscription management server may convert the user identifier into an alternate user identifier.
  • the first subscription management server may generate an alternate user identifier, store the user identifier and the substitute user identifier, and associate the two by using a computing method or a logical method according to the user identifier.
  • the user ID is the mobile number 13812345678, and the first subscription management server uses an algorithm or other method to convert the user ID to the alternate user identification number CH0987.
  • the second subscription management server does not know the real mobile number of the CH0987 user, but only uses the CH0987 number as the identity of the user for maintenance.
  • the first subscription management server sends the substitute user identifier to the second subscription management server in the second broadcast service subscription request, in the subsequent step, all the information between the first subscription management server and the second subscription management server is related to the The user's communication will all use an alternate user ID.
  • Step 303 The second subscription management server returns a broadcast service subscription response message to the first subscription management server.
  • the second subscription management server stores the information of the user, and according to the user identifier or the substitute in the second subscription request message sent by the first subscription management server.
  • the user identity authenticates the user service, and returns a broadcast service subscription response message to the first subscription management server, where the response message includes the user subscription service authentication result.
  • the service authentication result may include, but is not limited to, whether the user is an illegal user, whether the user can request the service, and the like.
  • Step 304 The first subscription management server returns a broadcast service subscription response message to the terminal.
  • the broadcast service subscription response message includes a user subscription service authentication result, which is used to display the service authentication result to the user, and prompts the user whether to continue to obtain the requested service or the key of the subscription item.
  • Step 305 The terminal returns a confirmation to receive the subscription service message to the first subscription management server.
  • the acknowledgment receiving subscription service message includes the result of the user confirmation, and may also include the identifier of the service or subscription item that the user wants to obtain. If the user does not want to obtain the key, the entire process ends; if the user wants to obtain the key, and the first subscription request message in step 301 does not carry the terminal information or the smart card information, the acknowledgement needs to be received in the subscription service message. It includes the user's terminal information (for example, the terminal international mobile station device identification) or smart card information.
  • Step 306 The first subscription management server sends a request long-term key message to the second subscription management server, requesting the long-term key LTK of the service or subscription that the user wants to obtain.
  • the requesting long-term key message may include a service identifier or a subscriber identifier that the user confirms that the key needs to be obtained. If the user subscribes to the monthly subscription service, the long-term key is the service encryption authentication key SEAK (the service key SEK can be obtained by the SEAK); if the user only wants to use the Pay-per-view, the long-term key
  • SEAK service encryption authentication key
  • PEAK program authentication key
  • Step 307 The second subscription management server determines whether the requested service or the LTK of the order item has been stored. If the LTK is stored, the second subscription management server sends the LTK to the first subscription management server; if not stored The LTK or stored The LTK needs to be updated, and the second subscription management server generates a corresponding LTK and sends the generated LTK to the first subscription management server.
  • the LTK sent to the first subscription manager may also include LTK association information, which may include, but is not limited to, related services or purchase item identifiers, LTK validity periods or application rules, and the like.
  • Step 308 The first subscription management server encrypts the service or subscription item requested by the user by using the rights encryption key REK or the subscription management key SMK generated when the user securely registers with the first subscription management server according to the user terminal information or the smart card information.
  • LTK generates a long-term key message LTKM, and sends the generated LTKM to the terminal; or the first subscription management server uses the REK or SMK generated by the network side when the long-term key encryption of the service is required to encrypt the user request.
  • the LTK of the business or order item generates LTKM, and sends the generated LTKM to the terminal.
  • the LTKM carries the LTK of the service or subscription item encrypted by the first subscription management server.
  • steps 303-306 may be omitted, and the second subscription management server directly passes step 307. Returns the long-term key requested by the first subscription management server user.
  • steps 304 and 305 may be omitted, that is, the user confirmation process is omitted.
  • the first subscription management server After receiving the broadcast service subscription response message in step 303, the first subscription management server directly performs step 306, that is, according to the received broadcast service subscription response message to the second.
  • the subscription management server sends a request long-term key message requesting the required long-term key. If the user fails to subscribe to the requested service or updates the requested service key through the service authentication of the second subscription management server, the corresponding result needs to be returned to the user through steps 303 and 304, and the entire process is ended.
  • the first subscription management server may determine whether the terminal or the smart card has been securely registered before receiving the broadcast service subscription request of the user, or before encrypting the LTK to generate the LTKM. If the terminal is not already in the first subscription management server After the security server of the domain is registered, the first subscription management server cannot be successfully generated.
  • the first subscription management server may notify the terminal to initiate a corresponding security registration process, complete the process of the first layer authentication registration layer of the broadcast service security architecture, so that the first subscription management server or the security server of the domain in which it is located may be The terminal or smart card generation right P ⁇ encryption key REK or contract management key SMK. The terminal obtains the corresponding permission decryption key or the subscription management key for decryption to decrypt the received LTKM.
  • the first subscription management server may save the second subscription management server. Long-term key and/or long-term key association information for a business or subscription.
  • the first subscription management server does not necessarily request the long-term key of the service or subscription from the second subscription management server each time. After receiving the user request key message or the user confirms that the key message is to be obtained, it may first determine whether the corresponding key and the validity period of the key have been stored locally.
  • the first subscription management server may determine whether the stored corresponding key is valid according to the validity period.
  • the information of the terminal is stored in the first subscription management server, and the user in the terminal is authenticated according to the stored terminal information and the first broadcast service subscription request message sent by the terminal, so as to determine whether the user is a legitimate user.
  • steps 302 to 307 may be omitted, that is, the first subscription management server does not need Sending a second broadcast service subscription request message to the second subscription management server, and directly performing step 308, that is, the first subscription management server generates the LTKM message by using the stored corresponding key, and sends the generated LTKM message to the terminal; Or, when the corresponding key stored in the first subscription management server is valid, Steps 304-307 may be omitted.
  • step 308 is performed, that is, the first subscription management server generates the LTKM message by using the stored long-term key, and sends the generated LTKM message. To the terminal; or, when the corresponding key stored in the first subscription management server is valid, only steps 306-307 are omitted, and step 308 is directly executed.
  • the first subscription management server may add an identifier to the request message sent in step 302 or 306, the identifier indicating that the first subscription management server is The long-term key has been stored, but the key has expired.
  • the second subscription management server After receiving the request message, the second subscription management server sends the new LTK and/or LTK related information to the first subscription management server; the first subscription management server encrypts the new LTK and sends the information to the terminal LTKM, and at the same time, A subscription management server can store new LTK and LTK related information.
  • the first subscription management server may add one of the messages sent in step 302 or 306.
  • the second subscription management server may determine, according to the foregoing identifier or the history of the second subscription management server, whether the long-term key that was last sent to the first subscription management server expires; if the long-term key that was last sent to the first subscription management server does not When expired, the second subscription management server may add a message indicating that the key stored by the first subscription management server is valid in the message sent to the first subscription management server in step 307.
  • the message in step 307 may not include a long-term key or a key group, and may also include a long-term key and/or long-term key-related information.
  • the first subscription management server acquires the long-term key of the service from the long-term key stored in the first subscription management server according to the received message, and encrypts the long-term key; if the second subscription management The server determines that the key stored by the first subscription management server has expired, and in step 307, the second subscription The management server sends a new long-term key and/or new long-term key association information to the first subscription management server.
  • the first subscription management server obtains the long-term key carried in the message according to the received message, and encrypts the obtained long-term key.
  • the first subscription management server may further replace the long-term key of the service that has been stored by using the newly acquired long-term key of the service, and replace the already stored service with the long-term key association information of the service. Long-term key association information.
  • embodiments of the present invention also provide a method of key update (i.e., a key update procedure) for performing key update.
  • the key update process is basically the same as the above-mentioned service ordering process.
  • the first broadcast service subscription request message in step 301 may be replaced with a first key update request message, where the first key update request message includes a second subscription management server identifier, The user identifier, the service identifier or the subscription identifier associated with the key to be updated, and the terminal information or smart card information.
  • the terminal information may be a terminal international mobile station device identifier (IMEI), and the smart card information may be a mobile phone SIM card number or the like.
  • IMEI terminal international mobile station device identifier
  • step 307 will become: Send the updated long-term key to the first subscription management server; and step 308 will also become: The first subscription management server generates LTKM for the user based on the updated long-term key. And send the generated LTKM to the terminal.
  • steps 302 to 307 may be omitted, that is, the first subscription management server generates the LTKM for the user according to the updated long-term key.
  • the corresponding identifier may be included, where the identifier is specified in the first subscription management server.
  • the updated key has been stored, and the subsequent subsequent processes are consistent with the corresponding processes in the above-described business ordering process.
  • the user is allowed to order a service or a subscription through the terminal, obtain the corresponding key, or request multiple services or subscriptions at the same time, and obtain multiple keys at the same time; Said, the same is true. Therefore, the corresponding steps in the above two processes may be transmitted by a key and/or key related information, or may be a key group composed of multiple keys and/or each key in the key group. Related information.
  • the generation of the long-term key message LTKM requires information about certain long-term key LTKs, if the related LTK information changes or is updated, the first subscription management server also needs to generate long-term secrets using the LTK and the updated related LTK information.
  • Key message LTKM since the generation of the long-term key message LTKM requires information about certain long-term key LTKs, if the related LTK information changes or is updated, the first subscription management server also needs to generate long-term secrets using the LTK and the updated related LTK information. Key message LTKM.
  • the transmission channel such as the transport layer between the two servers should adopt some security mechanisms.
  • IP Security Protocol IP Security Protocol
  • IPSec IP Security Protocol
  • the above description is the long-term key acquisition method and the key update method in the embodiment of the present invention.
  • the following will be in the DRM 2.0 manner or the initial user authentication architecture (GBA)
  • the method of performing key protection in the manner of the present invention further describes the method for acquiring the long-term key and the method for updating the key in the embodiment of the present invention.
  • the first subscription management server includes one A service subscription/key management module is configured to receive and process a service subscription request of the terminal, and is responsible for generating a required key message for the terminal.
  • the authorized issuer RI of the DRM may be located in or outside the first subscription management server. If the second subscription management server and its domain do not have an RI or the terminal cannot directly interact with the RI corresponding to the second subscription management server or the RI in the second subscription management server, the LTKM may be generated by the first subscription management server to implement the indirect Business subscription or key update.
  • the subscription management server can encrypt the long-term key LTK in the DRM manner.
  • the method for implementing an indirect broadcast service subscription/key update by using the DRM 2.0 method includes the following steps:
  • Steps 401 to 407 which are consistent with steps 301 to 307 shown in FIG. 3, that is, the service subscription/key management module in the first subscription management server acquires a service or subscription from the service subscription/key management module of the second subscription management server.
  • the long-term key of the item LTK SEAK or PEAK ).
  • Step 408 The service subscription/key management module of the first subscription management server sends a message requesting the trigger message (ROAPTrigger) in the rights object acquisition protocol to the authorized issuer RI, where the message needs to carry the terminal information (such as the terminal device identifier). , can carry the long-term key LTK ( SEAK or PEAK ) of the business or subscription.
  • the RI determines whether the ROAP Trigger carries the long-term key LTK (SAEK or PEAK) of the service or the subscription. If not, the RI also needs to request the SEAK from the subscription/key management module in the first subscription management server. PEAK.
  • Step 409 the RI generates a permission encryption key REK for the terminal (the RI generates a REK according to the terminal information, and conforms to the DRM2.0 mechanism), encrypts the SEAK or the PEAK by using the permission encryption key, and generates a long-term key message that needs to be sent to the terminal.
  • LTKM the copyright object (RO) message.
  • the RI returns a successful response (OK) message corresponding to the above ROAP Trigger to the service subscription/key management module.
  • Step 410 The service subscription/key management module of the first subscription management server receives the RI
  • the ROAP Trigger successfully responds (OK) message, and sends a notification message to the terminal to trigger the acquisition of the RO, where the notification message includes an address required for acquiring the RO, and the address may be, but is not limited to, a URI; the message follows DRM 2.0. RO Tigger message definition.
  • Step 411 The terminal receives the message triggering the acquisition of the RO, and obtains the RO acquisition request according to the RO in the message, and the request is in accordance with the DRM 2.0 manner.
  • Step 412 The RI sends an RO response message to the terminal, that is, LTKM, and the message format conforms to the specification of DRM 2.0.
  • the above described process uses the 2 step (2 pass) RO acquisition process of DRM 2.0. If the 1 step (1 pass) RO acquisition process is used, there may be no steps 410 and 411, and the other interaction steps with RI follow. DRM 2.0's 1 pass RO acquisition process.
  • the requesting ROAP Trigger message sent by the service subscription/key management module of the first subscription management server received by the RI carries the terminal device identifier, and after receiving the request ROAP Trigger message, the RI It is also necessary to perform security authentication on the terminal device to determine whether the terminal device has been registered with the RI. If the terminal device has not been registered, the RI returns a response message that the terminal has not been registered to the service subscription/key management module of the first subscription management server, and the service subscription/key management module of the first subscription management server re-registers the terminal. The response message is sent to the terminal, which triggers the terminal to register at the RI. When the terminal is registered with the RI, the terminal can obtain the required RO from the RI. If the terminal is not registered with the RI, the process of long-term key acquisition ends. The terminal's registration process in the RI and the subsequent process of acquiring the RO follow the DRM 2.0 approach.
  • the key update procedure in this embodiment is identical to the key update procedure shown in FIG.
  • the terminal can also complete the terminal registration process by registering the RI at the time of authentication, so that the terminal can obtain the long-term key.
  • the key protection is performed by using the GBA method.
  • the Smartcard smart card is used for service protection, different mechanisms are used for USIM and RUIM cards.
  • the key protection can be performed by means of GBA.
  • the subscription management server can be used as a Network Application Function (NAF) in GBA.
  • NAF Network Application Function
  • the user equipment UE and the Bootstrapping Server Function (BSF) After the bootstrapping process, the user equipment UE and the Bootstrapping Server Function (BSF) generate the key KS.
  • the UE and the BSF can generate the subscription key KS_NAF corresponding to the NAF through the key derivation mechanism in the prior art.
  • the subscription management server can use KS_NAF to encrypt SEAK and generate LTKM to send to the terminal.
  • the first carrier's GBA system may be used.
  • the terminal first needs to obtain the KS in the BSF of the first carrier through the Bootstrapping process of the GBA, and then assist the subscription of the broadcast service of the second carrier through the GBA system of the first carrier.
  • the specific process is as follows:
  • FIG. 5 is a flowchart of a method for implementing an indirect broadcast service subscription/key update by using the GBA method according to an embodiment of the present invention. As shown in Figure 5, the method of implementing the indirect broadcast service subscription/key update using the GBA method includes the following steps:
  • Steps 501 to 507 which are the same as steps 301 to 307 shown in FIG. 3, that is, the service subscription/key management module in the subscription management server of the first carrier is subscribed to the service from the subscription management server of the second carrier. / The key management module obtains the long-term key LTK ( SEAK or PEAK ) of the service or subscription.
  • LTK long-term key LTK
  • Step 508 the service subscription/key management mode in the subscription management server of the first operator
  • the block sends a message requesting KS_NAF to the BSF, and the message also needs to include user smart card information (such as SIM card number).
  • user smart card information such as SIM card number
  • Step 509 The BSF returns the KS_NAF to the service subscription/key management module of the subscription management server of the first operator.
  • Step 510 The service subscription/key management module of the subscription service server of the first operator receives the KS_NAF, encrypts the SEAK or PEAK by using the KS_NAF, generates a long-term key message LTKM to be sent to the terminal, and sends the LTKM to the terminal.
  • the key update procedure in this embodiment is identical to the key update procedure shown in FIG. Third Embodiment: A method of obtaining a roaming service key initiated from a home.
  • the traditional broadcast television network is mostly a one-way television network, and some programs must be given the key to watch.
  • the BSM ie, the second subscription management server
  • the BSM interacts, or in some cases, the user wants to obtain the required broadcast roaming service key in advance before roaming.
  • the roaming service request can be completed through the BSM of the home SP (ie, the first subscription management server).
  • the first subscription management server is equivalent to the BSM of the home SP
  • the second subscription management server is equivalent to the roaming SP or the BSM of the roaming place. If the DRM 2.0 method is adopted, the terminal does not need to perform secure registration on the RI of the roaming SP to obtain the long-term key message LTKM.
  • FIG. 6 is a method for acquiring a home-originated roaming service key according to an embodiment of the present invention. Flow chart. As shown in FIG. 6, the method for home-originated roaming key acquisition includes the following steps:
  • Step 601 The user obtains a roaming service guide from a BCAST service distribution/adaptation (BSD/A, BCAST Service Distribution/Adaptation) of the roaming place.
  • BSD/A BCAST Service Distribution/Adaptation
  • Step 602 The user finds the service that is of interest to the user, and sends a request for accessing one or more roaming services to the BSM (ie, the first subscription management server) of the home SP through the terminal, where the request includes the user identifier, the service to be subscribed, or Purchase item ID and BSM ID of the roaming SP. If there are multiple SPs sharing one BSM in the roaming area, the message also needs to carry the identifier of the subscribed roaming service SP.
  • the BSM ie, the first subscription management server
  • Step 603 After authenticating the user, the BSM of the home SP sends a roaming service authentication request to the BSM of the roaming SP, where the request includes the user identifier, the service to be subscribed, or the purchase item identifier.
  • the message may also include terminal information or smart card information.
  • Step 604 The BSM of the roaming SP confirms whether the user can subscribe to the roaming service, and returns a roaming service authentication response message to the BSM of the home SP, where the authentication response result is included.
  • Step 605 The BSM of the home SP returns the roaming service authentication response message to the terminal.
  • Step 607 The BSM of the home SP requests the long-term key message LTKM from the BSM of the roaming SP, where the message includes the service or purchase item identifier that the user confirms to receive.
  • Step 608 The BSM of the roaming SP owns the service information, generates a long-term key LTK (SEK or PEK) of the service or the subscription, and returns the BSM to the home SP.
  • LTK long-term key
  • step 609 the BSM of the home SP encrypts the LTK, and the generated terminal needs the LTKM.
  • step 609 can be divided into two steps: step 609a and step 609b.
  • step 609a the BSM sends the LTKM to the terminal through the interactive channel.
  • step 609b the BSM sends the generated LTKM to the BSD/A, and the BSD/A sends the LTKM to the terminal by using the broadcast channel.
  • Step 610 The terminal receives the corresponding service, and may use the received SEK or PEK to decrypt the short-term key message, obtain the short-term key, and obtain the short-term key to obtain the encrypted service.
  • the terminal may simultaneously request the key of one or more services or subscriptions; if an error occurs in the process described above Then, an error information message can be sent to the terminal through the home BSM.
  • the terminal can implement the service managed by the BSM of the home network through the bidirectional network of the home and the BSM of the home, and obtain the service key managed by the BSM of the roaming place, and does not need to be in the roaming place.
  • RI or BSF for secure registration.
  • the subscription of the service in the BSM of the SP is implemented by the BSM of the operator.
  • Multiple SP service providers can provide broadcast services to users through the same network operator.
  • the user's personal information such as user identification (ie, user number), terminal information (such as the terminal's IMEI identification), and user card information, are private information for the user, and sometimes the user does not wish to expose his or her private information to the SP.
  • user identification ie, user number
  • terminal information such as the terminal's IMEI identification
  • user card information are private information for the user, and sometimes the user does not wish to expose his or her private information to the SP.
  • the user subscribes to the broadcast service of the SP it may be considered to subscribe to the broadcast service managed by the service subscriber of the SP directly through the service subscription management server of the operator.
  • FIG. 7 is a flowchart of a method for acquiring a broadcast service key initiated by an operator to a service provider according to an embodiment of the present invention.
  • the method for obtaining a broadcast service key initiated by an operator to a service provider includes the following steps: terminal or smart card authentication, which may include an operator's authentication of the user and a secure registration of the terminal to the DRM RI or Use the Smartcard method to perform the Bootstraping process of GBA.
  • step 702 the user finds the SP service that he or she is interested in, and selects the business or purchase item that he wants to order. That is, the terminal sends a message requesting a certain broadcast service of the SP to the BSM of the operator, where the service or the purchase item identifier to be subscribed, the SP identifier and the user identifier to which the service belongs, and the SP may also be included.
  • the BSM identifier may also include terminal information or smart card information.
  • Step 703 The operator BSM (ie, the first subscription management server) may convert the foregoing user identifier into an alternate user identifier that is provided to the SP, and the operator's BSM sends a service authentication request to the BSM of the SP, where the substitute user identifier is included.
  • the business or purchase item identifier of the subscription may be converted into an alternate user identifier that is provided to the SP, and the operator's BSM sends a service authentication request to the BSM of the SP, where the substitute user identifier is included.
  • the business or purchase item identifier of the subscription may convert the foregoing user identifier into an alternate user identifier that is provided to the SP, and the operator's BSM sends a service authentication request to the BSM of the SP, where the substitute user identifier is included.
  • the business or purchase item identifier of the subscription may be converted into an alternate user identifier that is provided to the SP, and the operator's BSM sends a service authentication request to the BSM of the
  • Step 704 The BSM of the SP authenticates the user by using the foregoing alternative user identifier, confirms whether the user can subscribe to the service, and returns a service authentication response, where the authentication result and the substitute user identifier are included.
  • Step 705 The operator BSM sends a broadcast service authentication response message to the user corresponding to the user identifier according to the substitute user identifier, where the authentication result is included.
  • Step 706 If the user is allowed to subscribe to and receive the requested service, the terminal may prompt the user whether to continue to obtain the key of the service. After the user confirms that the service key is received, the terminal returns a message confirming the acquisition of the key to the operator's BSM.
  • the message for confirming the acquisition key includes the service or purchase item identifier to obtain the key, and may also include the user identification, terminal information or smart card information. That is, in step 702 or 706, at least one message contains terminal information or smart card information.
  • Step 707 The operator's BSM requests the BSM of the SP for the long-term key LTK (SEK or PEK) of the service, where the requested service or the identifier of the purchased item is included.
  • LTK long-term key LTK
  • step 708 the BSM of the SP returns the LTK (SEK or PEK) of the service to the BSM of the operator.
  • Steps 710 ⁇ 711 the SP passes the BSD/A broadcast service of the operator, and the terminal can use the received SEK or PEK to decrypt the short-term key message, obtain the short-term key, and use the short-term key to decrypt the received broadcast service. Thereby obtaining the required broadcast service.
  • the terminal may request the key of one or more services or subscriptions at the same time. If an error occurs in the process described above, the BSM of the carrier may send an error information message to the terminal.
  • the method provided by the embodiment of the present invention can facilitate the mobile phone service of the operator and the SP; the SPI of the SP does not need to be set or has the function of GBA, thereby reducing the equipment cost;
  • the first BSM of the operator is used to facilitate the monitoring of the SP by the operator.
  • the second service management server is not The information of the user or the terminal needs to be obtained to implement the service ordering or key update, and the information privacy of the subscriber of the first service management server is ensured.
  • FIG. 8 is a structural diagram of a subscription management server in an embodiment of the present invention.
  • the subscription management server 800 in the embodiment of the present invention may include only the service subscription/key management module 801 and the key message generation module 802.
  • the service subscription/key management module 801 is configured to receive a first broadcast service subscription request message or a first key update request message sent by the terminal, if the service involved in the received request message is not a service subscription/density
  • the service management/key management module 801 first performs user service authentication according to the user identifier in the received request message; after the user passes the authentication, the service subscription/key management module 801 Sending a second broadcast service subscription request or a second key update request to other subscription management servers according to the request message sent by the terminal, receiving the long-term key and/or long-term sent by the other subscription management server
  • the key association information is transmitted to the key message generation module 802 and the long-term key and/or long-term key association information.
  • the service subscription/key management module 801 can receive a second broadcast service subscription request or a second key update request sent by another subscription management server, if the requested service is managed by the service subscription/key management module 801.
  • the service the service subscription/key management module 801 performs user service authentication according to the user identifier in the received request, and returns the user service authentication result to the other subscription management server; if the user passes the authentication and needs to obtain the corresponding
  • the long-term key the service subscription/key management module 801 generates the service long-term key and/or long-term key association information, or obtains the stored long-term key and/or long-term key association information from the storage module 803. , return to other subscription management servers.
  • the key message generating module 802 is configured to generate a corresponding long-term key message according to the long-term key and/or the long-term key association information sent by the service subscription/key management module 801, and generate the generated long-term key message. Send to the terminal.
  • the subscription management server 800 can also include a storage module 803.
  • the storage module 803 is configured to receive and store the long-term key and/or the long-term key association information sent by the service subscription/key management module 801, and according to the key request message of the service subscription/key management module 801.
  • the long-term key and/or long-term key association information is sent to the service subscription/key management module 801.
  • the service subscription/key management module 801 transmits the long-term key and/or long-term key association information obtained from the storage module 803 to the key message generation module 802.
  • the subscription management server 800 can also include a determination module 804.
  • the determining module 804 may be located in the service subscription/key management module 801 or may be located outside the service subscription/key management module 801.
  • the service subscription/key management module 801 forwards the information of the key request message and all the long-term keys stored by the storage module 803 to the determining module 804, and the determining module 804 is based on the key sent by the service subscription/key management module 801.
  • the request message and the information of the long-term key stored in 803 are used to determine whether the long-term key required by the service subscription/key management module 801 is stored in the storage module 803, if the long-term key is stored in the storage module. In 803, the determining module 804 also needs to determine whether the long-term key is valid.
  • the determining module 804 sends the result of the judgment to the service subscription/key management module 801, and the service subscription/key management module 801 performs the next operation according to the received judgment result, that is, when the long-term key is valid.
  • the service subscription/key management module 801 reads the long-term key from the storage module 803; when the long-term key is invalid or the long-term key is not stored in the storage module 803, If the service corresponding to the required long-term key is the service managed by the subscription management server, the service subscription/key management module 801 generates a new long-term key and/or long-term key association information, and the newly generated long-term key is generated.
  • the long-term key association information is stored in the storage module 803; if the service corresponding to the required long-term key is not the service managed by the subscription management server, the service subscription/key management module 801 is from the corresponding other subscription management server. Obtain the long-term key of the service.
  • the service subscription/key management module 801 can also provide the long-term key and/or long-term key association information of the service to the RI of the DRM, and request the RI to generate the long-term key message RO required by the terminal for the terminal. If an error occurs in the above process of processing a service subscription or key update, the service subscription/key management module 801 can send an error notification to the terminal or other subscription management server. In the case of generating a long-term key by the RI, if the terminal has not yet registered with the RI, the service subscription/key management module 801 can learn from the RI that the terminal has not registered yet, and can also send a notification message to the terminal, triggering the terminal to register with the RI. .
  • FIG. 9 is a structural diagram of a subscription management service system according to an embodiment of the present invention.
  • the subscription management service system 900 in the embodiment of the present invention may include only: a first subscription management service server and a terminal 902;
  • the first subscription management server 901 is configured to receive a first request message that carries the service identifier sent by the terminal 902, and obtain a long-term key of the service corresponding to the service identifier in the first request message.
  • the long-term key generation long-term key message, the long-term key message is sent to the terminal 902;
  • the terminal 902 is configured to send a first request message carrying a service identifier to the first subscription management server 901, and receive a long-term key message sent by the first subscription management server 901.
  • the subscription management service system 900 can also include a second subscription management server 903.
  • the first subscription management server 901 sends a second request message to the second subscription management server 903, and the second subscription management server 903 sends the corresponding long-term key to the first subscription according to the second request message.
  • the management server 901; the first subscription management server 901 transmits the received long-term key to the terminal 902.
  • Subscription management service system 900 can also include: Authorized issuer 904.
  • the first subscription management server 901 may send a request message carrying the long-term key to the authorized issuer 904; the authorized issuer 904 generates the long-term secret according to the long-term key in the received request message carrying the long-term key.
  • the key message is sent to the terminal 901.

Abstract

A method for obtaining long term key (LTK) includes: the first subscribe management server receives the first request message carrying the service identifier; the first subscribe management server obtains the service LTK corresponding with the service identifier in said request message; creates long term key message (LTKM) according to said LTK, and sends said LTKM. Also, the present invention provides a subscribe management server. The present invention thusly enables user to obtain LTK created by a plurality of subscribe management server through one subscribe management server, reduces the unnecessary safety registration, improves the user experience.

Description

一种长期密钥获取方法和一种订阅管理服务器  Long-term key acquisition method and a subscription management server
技术领域 Technical field
本发明涉及移动广播业务, 尤其涉及一种长期密钥获取方法和一种 订阅管理服务器。 发明背景  The present invention relates to a mobile broadcast service, and more particularly to a long-term key acquisition method and a subscription management server. Background of the invention
目前提供移动视频广播的主流技术有以下几种: 多媒体广播多播业 务(MBMS, Multimedia Broadcast Multicast Service ) , 广播多播业务 ( BCMCS, Broadcast Multicast Service )和手持数字电视广播( DVB-H, Digital Video Broadcast - Handset ) 。 而为了提供一个统一的业务平台 , 开放移动联盟 ( OMA, Open Mobile Alliance )提出了新的移动多媒体体 系架构广播 ( BCAST, Broadcast ) 。  Currently, there are several mainstream technologies for providing mobile video broadcasting: Multimedia Broadcast Multicast Service (MBMS), Broadcast Multicast Service (BCMCS), and Handheld Digital Television Broadcasting (DVB-H, Digital Video). Broadcast - Handset ). In order to provide a unified service platform, the Open Mobile Alliance (OMA) has proposed a new mobile multimedia architecture broadcast (BCAST, Broadcast).
而在广播业务中, 为了保证签约用户可以接收到节目并且阻止未签 约用户收看, 业务保护机制就显得至关重要。 因此, BCAST 中的业务 保护一般采用 4层保护模型。  In the broadcast service, in order to ensure that the subscribers can receive the program and prevent the unsigned users from watching, the service protection mechanism is crucial. Therefore, the business protection in BCAST generally uses a 4-layer protection model.
图 1为 BCAST中的业务保护模型的示意图。 如图 1所示, BCAST 中的业务保护模型具体包括以下 4层:  Figure 1 is a schematic diagram of the business protection model in BCAST. As shown in Figure 1, the business protection model in BCAST specifically includes the following four layers:
第一层: 认证层。 该层用于终端侧的设备与网络侧的服务器之间进 行认证 , 即终端侧的设备与网络侧的服务器通过双向通道或者离线方式 相互进行身份鉴权。 当认证通过后, 网络侧的服务器和终端侧的设备可 获得一个共享密钥, 网络侧的服务器和终端侧的设备根据上述共享密钥 各自生成相对应的用户密钥, 用于保护认证层的信息。 对于第三代合作 伙伴计划 ( 3GPP, Third Generation Partnership Project ) 网络和第三代合 作伙伴计划第二组( 3GPP2, Third Generation Partnership Project 2 ) 网络 的智能卡业务保护方式来说, 上述的用户密钥为通过智能卡注册鉴权生 成的共享的签约管理密钥 (SMK, Subscriber Management Key ) ; 而对 于数字版权管理 ( DRM, Digital Right Management )方式来说, 上述的 用户密钥为通过终端注册鉴权生成的权限加密密钥 (REK , Rights Encryption Key ) 。 The first layer: the authentication layer. This layer is used for authentication between the device on the terminal side and the server on the network side. That is, the device on the terminal side and the server on the network side authenticate each other through a two-way channel or an offline mode. After the authentication is passed, the server on the network side and the device on the terminal side can obtain a shared key, and the server on the network side and the device on the terminal side respectively generate a corresponding user key according to the shared key, which is used to protect the authentication layer. information. For the 3GPP, Third Generation Partnership Project (3GPP, Third Generation Partnership Project 2) network In the smart card service protection mode, the user key mentioned above is a shared subscription management key (SMK, Subscriber Management Key) generated by smart card registration authentication; and for the digital right management (DRM) method The user key mentioned above is a rights encryption key (REK, Rights Encryption Key) generated by terminal registration authentication.
第二层: 长期密钥消息( LTKM , Long Term Key Message )传送层。 该层用于网络侧的服务器向终端侧的设备传送长期密钥 (LTK, Long Term Key ) , 即业务 /节目密钥。 所述的业务 /节目密钥包括业务加密密 钥( SEK, Service Encrypt Key )或者节目力口密密钥( PEK, Program Encrypt Key ) 。 具体来说, 网络侧的服务器端的业务 /节目密钥消息生成模块根 据认证层的 REK或 SMK对所接收到的业务 /节目加密密钥 (即 LTK ) 进行加密, 产生长期密钥消息 LTKM, 并将其发送给终端侧的设备; 所 述的终端侧的设备根据认证层的 REK或 SMK对所接收到的 LTKM进 行解密, 即可得到服务器端所需传输的业务 /节目加密密钥 (即 LTK ) , 并将该业务 /节目加密密钥作为业务 /节目解密密钥。  The second layer: Long-term key message (LTKM, Long Term Key Message) transport layer. This layer is used by the server on the network side to transmit a Long Term Key (LTK), that is, a service/program key, to the device on the terminal side. The service/program key includes a Service Encrypt Key (SEK) or a Program Encrypt Key (PEK). Specifically, the server-side service/program key message generating module on the network side encrypts the received service/program encryption key (ie, LTK) according to the REK or SMK of the authentication layer, and generates a long-term key message LTKM, and Sending it to the device on the terminal side; the device on the terminal side decrypts the received LTKM according to the REK or SMK of the authentication layer, and then obtains the service/program encryption key (ie, LTK) required to be transmitted by the server end. ) and use the service/program encryption key as the service/program decryption key.
第三层: 短期密钥消息( STKM , Short Term Key Message )传送层。 该层用于向终端侧的设备传送传输加密密钥 (TEK, Traffic Encryption Key ) 。 具体来说, 网络侧的服务器端的传输密钥消息生成模块根据 LTKM传送层的 SEK或 PEK对所接收到的 TEK进行加密,产生短期密 钥消息 STKM, 并将其发送给终端侧的设备; 所述的终端侧的设备根据 LTKM传送层的 SEK或 PEK对所接收到的 STKM进行解密 , 即可得到 服务器端所需传输的 TEK, 并将该 TEK作为传输解密密钥。  The third layer: Short-term key message (STKM, Short Term Key Message) transport layer. This layer is used to transmit a Traffic Encryption Key (TEK) to the device on the terminal side. Specifically, the server-side transport key message generating module on the network side encrypts the received TEK according to the SEK or PEK of the LTKM transport layer, generates a short-term key message STKM, and sends the short-term key message STKM to the device on the terminal side; The device on the terminal side decrypts the received STKM according to the SEK or PEK of the LTKM transport layer, and obtains the TEK required to be transmitted by the server, and uses the TEK as a transport decryption key.
第四层: 传输加密层。 该层用于向终端侧的设备传送数据(例如, 广播的内容)。 具体来说, 网络侧的服务器端的加密模块用 STKM传送 层的传输加密密钥 TEK对将所需传输的数据进行加密,然后将加密后的 数据发送给终端侧的设备;所述终端侧的设备根据 STKM传送层的 TEK 对所接收到的加密数据进行解密, 即可得到服务器端所需传输的数据。 The fourth layer: transport encryption layer. This layer is used to transfer data (for example, broadcasted content) to devices on the terminal side. Specifically, the server-side encryption module on the network side encrypts the data to be transmitted by using the transmission encryption key TEK of the STKM transport layer, and then encrypts the encrypted data. The data is sent to the device on the terminal side; the device on the terminal side decrypts the received encrypted data according to the TEK of the STKM transport layer, and the data to be transmitted by the server end is obtained.
在 OMA的 BCAST业务保护中, 引入了两套解决方案, 即智能卡方 式( Smartcard Profile )和数字版权保护方式( DRM Profile ) 。  In OMA's BCAST service protection, two solutions were introduced, namely Smartcard Profile and Digital Rights Protection (DRM Profile).
其中, Smartcard Profile是使用通用用户识别模块( USIM , Universal Subscriber Identity Module ) 卡或者可移动的用户识别模块 (RUIM , Removable User Identity Module )卡保存 SMK、 SEK和 PEK, 并利用智 能卡的安全性保证业务密钥的安全。采用智能卡方式( Smartcard Profile ) 的业务保护方式时,分别遵循 MBMS的安全机制和 BCMCS的安全机制。  The Smartcard Profile uses the Universal Subscriber Identity Module (USIM) card or the Removable User Identity Module (RUIM) card to store SMK, SEK, and PEK, and uses the security of the smart card to ensure the service. The security of the key. When the service protection mode of the smart card profile is adopted, the security mechanism of the MBMS and the security mechanism of the BCMCS are respectively followed.
而 DRM Profile则使用了 OMA的 DRM技术,即主要通过权利限制 和内容保护方案来控制数字内容的使用。 具体来说, DRM技术中主要 包括 DRM 终端 (DRM Agent)、数字内容的发行者 (CI, Content Issuer ) 、 授权发行者(RI, Rights Issuer ) 、 用户及存储装置等功能实体。 DRM 技术的基本原理为: 数字内容的发行者将数字内容加密后, 用户将加密 的数字内容数据包下载到终端上; RI负责分发与数字内容相对应的许可 证, 许可证由许可证密钥加密, 而许可证密钥则由 RI使用设备公钥加 密。 上述的许可证中包括内容解密密钥及对内容可操作的权限, 因此, 设备只有同时拥有内容数据包(其中包含解密数字内容所必须的信息) 和许可证,才能正常使用所购买的数字内容。由于在 DRM技术中, REK、 SEK和 PEK都保存在 DRM Agent中 , 由 DRM Agent保证密钥的安全 性。 例如, 基于 OMA的 DRM 2.0标准而实现的四层保护模型中, 在第 二层中所传送的就是包含了 SEK和 /或 PEK的版权对象(RO, Rights Object ) 。 因此, DRM Agent可利用设备的私钥解密得到许可证密钥, 进而得到许可证中的内容密钥, 解密数字内容, 并根据许可证中的权限 信息控制用户对数字内容的具体使用。 BCAST中所提供的广播业务需要用户定购,用户定购后会得到相应 的长期密钥, 即 SEK或者 PEK。 其中, SEK提供给长期订阅用户, 而 PEK则提供给即时使用 (Pay - per - view ) 的用户。 基于 DRM Profile 的终端 ,向 BCAST签约管理器( BSM, BCAST Subscription Management), 即订阅管理服务器发送订阅请求并通过 BSM鉴权后, BSM向 RI发送 请求权限对象获取协议 ( ROAP, Rights Object Acquisition Protocol )触 发的消息, RI从 BSM获取业务加密鉴权密钥 (SEAK, Service Encrypt Authentication Key )或者节目力口密鉴权密钥 (PEAK, Program Encrypt Authentication Key), 为该终端生成相应的 RO, 并返回 ROAP触发响应 消息给 BSM。 BSM向终端发送 ROAP触发消息(包含 RI的 URL地址), 通知终端到 RI获取已经生成的 RO。 终端收到通知后, 通过 DRM的机 制直接和 RI交互, 获得相应的 RO。 DRM RI要求终端上的 DRM Agent 必须在 RI注册后才可以获得 RO, 如果终端 DRM Agent还没有在 RI注 册, 获取 RO前会先启动相应的 4步( 4 pass )注册流程。 The DRM Profile uses OMA's DRM technology, which controls the use of digital content primarily through rights restrictions and content protection schemes. Specifically, the DRM technology mainly includes a DRM terminal (DRM Agent), a digital content issuer (CI, Content Issuer), an authorized issuer (RI, Rights Issuer), a user entity, and a storage device. The basic principle of DRM technology is: After the digital content publisher encrypts the digital content, the user downloads the encrypted digital content data packet to the terminal; RI is responsible for distributing the license corresponding to the digital content, and the license is obtained by the license key. Encryption, and the license key is encrypted by the RI using the device public key. The above license includes the content decryption key and the authority to operate the content. Therefore, the device can only use the purchased digital content only if it has both the content data package (which contains the information necessary for decrypting the digital content) and the license. . Since in the DRM technology, REK, SEK and PEK are all stored in the DRM Agent, the security of the key is guaranteed by the DRM Agent. For example, in the four-layer protection model implemented based on the OMA-based DRM 2.0 standard, the copyright object (RO, Rights Object) containing the SEK and/or PEK is transmitted in the second layer. Therefore, the DRM Agent can decrypt the license key by using the private key of the device, thereby obtaining the content key in the license, decrypting the digital content, and controlling the specific use of the digital content by the user according to the permission information in the license. The broadcast service provided in BCAST requires the user to order, and the user will get the corresponding long-term key, ie SEK or PEK. Among them, SEK is provided to long-term subscribers, while PEK is provided to users of Pay-per-view. The DRM profile-based terminal sends a subscription request to the BCAST Subscription Manager (BSM, BCAST Subscription Management), that is, the subscription management server, and after BSM authentication, the BSM sends a Request Object Acquisition Protocol (ROAP) to the RI. The triggered message, the RI obtains a Service Encrypt Authentication Key (SEAK) or a Program Encrypt Authentication Key (PEAK) from the BSM, generates a corresponding RO for the terminal, and returns The ROAP triggers a response message to the BSM. The BSM sends a ROAP trigger message (including the URL address of the RI) to the terminal, and notifies the terminal to acquire the RO that has been generated by the RI. After receiving the notification, the terminal directly interacts with the RI through the DRM mechanism to obtain the corresponding RO. The DRM RI requires that the DRM Agent on the terminal must obtain the RO after the RI is registered. If the terminal DRM Agent has not been registered with the RI, the corresponding 4-step (4 pass) registration process is started before the RO is acquired.
在广播业务漫游中, 当用户想接收漫游地业务的时候, 可以通过归 属地业务提供商(SP, Service Provider )的 BSM (可设为第一订阅管理 服务器 )发送请求消息, 并通过归属地 SP的 BSM在漫游地 SP的 BSM (可设为第二订阅管理服务器) 中进行业务的鉴权。 当用户通过漫游业 务鉴权后,终端可以通过归属地 SP的 BSM向漫游地 SP的 BSM请求长 期密钥消息。漫游地 SP的 BSM要为终端成功生成长期密钥消息就需要 终端或者智能卡信息, 所以终端要将终端或者智能卡信息上报给归属地 SP的 BSM,由归属地 SP的 BSM将这些信息发送给漫游地 SP的 BSM。 当采用 DRM方式实现业务保护时, 终端还需要事先在漫游地 SP的 RI 进行注册。 漫游地 SP的 BSM把生成的长期密钥消息通过归属地 SP的 BSM发送给终端, 终端收到长期密钥消息后, 就可以解析得到 SEK或 者 PEK, 用来解密加密业务用的 TEK, 接收到漫游地 SP提供的相应的 广播业务。 In the broadcast service roaming, when the user wants to receive the roaming service, the BSM (which can be set as the first subscription management server) of the home service provider (SP, Service Provider) can send the request message and pass the attribution SP. The BSM authenticates the service in the BSM of the roaming SP (which can be set as the second subscription management server). After the user authenticates through the roaming service, the terminal may request a long-term key message from the BSM of the home SP through the BSM of the home SP. The BSM of the roaming SP needs terminal or smart card information to successfully generate a long-term key message for the terminal. Therefore, the terminal reports the terminal or smart card information to the BSM of the home SP, and the BSM of the home SP sends the information to the roaming place. SP's BSM. When the DRM method is used for service protection, the terminal also needs to register in advance at the RI of the roaming SP. The BSM of the roaming SP sends the generated long-term key message to the terminal through the BSM of the home SP. After receiving the long-term key message, the terminal can parse the SEK or The PEK, which is used to decrypt the TEK for the encrypted service, receives the corresponding broadcast service provided by the roaming place SP.
但是, 在现有技术中, 有些广播电视网络是单向网络, 如 DVB-H 网络等。 当漫游地的网络是单向网络时, 终端就无法直接和漫游地的 BSM进行交互, 也不便于在漫游地的网络进行终端或智能卡注册鉴权, 也就无法获得需要的广播业务密钥。 此外, 当终端需要从多个订阅管理 服务器中获取业务时, 需要分别向多个订阅管理服务器进行注册, 以获 得业务密钥, 整个过程比较复杂且不安全。 另外, 在现有技术中, 如果 是多个广播 SP通过同一个网络运营商向用户提供广播业务, 由 SP的 BSM产生长期密钥消息, 那么 SP需要获取用户的某些私人信息(例如 手机号码等)后才能生成长期密钥消息, 这种情况下无法保证用户信息 的安全性。 发明内容  However, in the prior art, some broadcast television networks are one-way networks, such as DVB-H networks. When the network of the roaming area is a one-way network, the terminal cannot directly interact with the BSM of the roaming place, and it is also inconvenient to perform terminal or smart card registration authentication on the network of the roaming place, and the required broadcast service key cannot be obtained. In addition, when the terminal needs to obtain services from multiple subscription management servers, it needs to register with multiple subscription management servers separately to obtain service keys. The whole process is complicated and unsafe. In addition, in the prior art, if a plurality of broadcast SPs provide a broadcast service to a user through the same network operator, and a long-term key message is generated by the BSM of the SP, the SP needs to acquire some private information of the user (for example, a mobile phone number). After the time), a long-term key message can be generated. In this case, the security of the user information cannot be guaranteed. Summary of the invention
本发明的实施例提供了一种长期密钥获取方法和一种订阅管理服 务器 , 从而使得用户可通过一个订阅管理服务器获取其他订阅管理服务 器的长期密钥。  Embodiments of the present invention provide a long-term key acquisition method and a subscription management server, so that a user can obtain long-term keys of other subscription management servers through one subscription management server.
为达到上述目的, 本发明实施例的技术方案是这样实现的: 一种长期密钥获取方法, 该方法包括:  To achieve the above objective, the technical solution of the embodiment of the present invention is implemented as follows: A long-term key acquisition method, the method includes:
第一订阅管理服务器接收携带业务标识的第一请求消息;  Receiving, by the first subscription management server, a first request message carrying a service identifier;
第一订阅管理服务器获取与所述第一请求消息中的业务标识所对 应的业务的长期密钥;  The first subscription management server acquires a long-term key of the service corresponding to the service identifier in the first request message;
才艮据所述长期密钥生成长期密钥消息 , 发送所述的长期密钥消息。 本发明的实施例还提供了一种订阅管理服务器 , 所述订阅管理服务 器包括: 业务订阅 /密钥管理模块和密钥消息生成模块; 所述业务订阅 /密钥管理模块, 用于接收第一请求消息, 获取所述第 一请求消息中的业务标识所对应的业务的长期密钥和 /或长期密钥关联 信息;将获取的长期密钥和 /或长期密钥关联信息发送给密钥消息生成模 块; And generating the long-term key message according to the long-term key generation long-term key message. An embodiment of the present invention further provides a subscription management server, where the subscription management server includes: a service subscription/key management module and a key message generation module; The service subscription/key management module is configured to receive a first request message, obtain a long-term key and/or long-term key association information of a service corresponding to the service identifier in the first request message; The key and/or long-term key association information is sent to the key message generation module;
所述密钥消息生成模块 ,用于根据接收到的长期密钥和 /或长期密钥 关联信息生成并发送相应的长期密钥消息。  The key message generating module is configured to generate and send a corresponding long-term key message according to the received long-term key and/or long-term key association information.
本发明的实施例还提供了一种订阅管理服务系统 , 所述订阅管理服 务系统包括: 第一订阅管理服务器和终端;  An embodiment of the present invention further provides a subscription management service system, where the subscription management service system includes: a first subscription management server and a terminal;
所述第一订阅管理服务器, 用于接收所述终端发送的携带业务标识 的第一请求消息; 获取与所述第一请求消息中的业务标识所对应的业务 的长期密钥; 根据所述长期密钥生成长期密钥消息, 发送所述的长期密 钥消息给终端;  The first subscription management server is configured to receive a first request message that is sent by the terminal and that carries a service identifier, and obtain a long-term key of a service that is corresponding to the service identifier in the first request message; The key generates a long-term key message, and sends the long-term key message to the terminal;
所述终端, 用于向第一订阅管理服务器发送携带业务标识的第一请 求消息; 接收第一订阅管理服务器所发送的长期密钥消息。  The terminal is configured to send a first request message carrying a service identifier to the first subscription management server, and receive a long-term key message sent by the first subscription management server.
在本发明实施例所提出的长期密钥获取方法和一种订阅管理服务 器中 , 由于终端是通过归属地订阅管理服务器来获得漫游地业务的长期 密钥, 而无需与漫游地的 BSM进行交互, 因此即使在漫游地的网络是单 向网络的情况下, 终端仍能获得所需的长期密钥。  In the long-term key acquisition method and the subscription management server proposed by the embodiment of the present invention, since the terminal obtains the long-term key of the roaming service by subscribing to the management server, without interacting with the BSM of the roaming place, Therefore, even in the case where the network of the roaming area is a one-way network, the terminal can obtain the required long-term key.
其次 , 本发明实施中是通过第一订阅管理服务器对第二订阅管理服 务器生成的长期密钥进行加密, 不需要由第二订阅管理服务器对所生成 的长期密钥加密, 因此不需要用户在第二订阅管理服务器或其所在域的 相关服务器进行安全注册, 从而使得用户只需通过一个订阅管理服务器 就可以获取多个订阅管理服务器生成长期密钥, 减少不必要的安全注 册, 增强用户体验。  Secondly, in the implementation of the present invention, the long-term key generated by the second subscription management server is encrypted by the first subscription management server, and the generated long-term key is not required to be encrypted by the second subscription management server, so the user is not required to be in the first The second subscription management server or the related server of the domain in which it is located is securely registered, so that the user can acquire multiple subscription management servers to generate a long-term key through a subscription management server, thereby reducing unnecessary security registration and enhancing the user experience.
此外 , 本发明实施例中第一订阅管理服务器发送给第二订阅管理服 务器的消息中允许采用替代用户标识, 第二订阅管理服务器可使用替代 用户标识对用户进行业务鉴权, 减少了实际用户标识的网络传送, 从而 提高了用户信息安全性。 In addition, in the embodiment of the present invention, the first subscription management server sends the second subscription management service to the second subscription management service. The substitute user identifier is allowed in the message of the server, and the second subscription management server can use the substitute user identifier to perform service authentication on the user, which reduces the network transmission of the actual user identifier, thereby improving user information security.
另外, 本发明实施例中在使用智能卡方式的业务保护情况下, 使用 第一订阅管理服务器作为网络应用服务器 NAF从引导服务器 BSF获取签 约密钥 KS_NAF, 加密第二订阅管理服务器的业务密钥, 使得第二订阅 管理服务器可以没有 NAF功能情况下, 终端仍能够获取所请求的业务密 钥, 简化了第二订阅管理服务器的功能和复杂度。 附图简要说明  In addition, in the embodiment of the present invention, in the case of the service protection using the smart card method, the first subscription management server is used as the network application server NAF to obtain the subscription key KS_NAF from the boot server BSF, and the service key of the second subscription management server is encrypted, so that The second subscription management server can obtain the requested service key without the NAF function, which simplifies the function and complexity of the second subscription management server. BRIEF DESCRIPTION OF THE DRAWINGS
图 1为 BCAST中的业务保护模型的示意图。  Figure 1 is a schematic diagram of the business protection model in BCAST.
图 2为本发明实施例中的长期密钥获取方法的总流程图。  FIG. 2 is a general flowchart of a method for acquiring a long-term key in an embodiment of the present invention.
图 3为本发明实施例中的长期密钥获取方法的具体流程图。 或密钥更新的方法的流程图。  FIG. 3 is a specific flowchart of a method for acquiring a long-term key in an embodiment of the present invention. Or a flowchart of the method of key update.
图 5为本发明实施例中的采用 GBA方式实现间接广播业务订阅或 密钥更新的方法的流程图。  FIG. 5 is a flowchart of a method for implementing an indirect broadcast service subscription or key update by using the GBA method according to an embodiment of the present invention.
图 6为本发明实施例中的由归属地发起的漫游业务密钥获取的方法 的流程图。  FIG. 6 is a flowchart of a method for acquiring a home-initiated roaming service key according to an embodiment of the present invention.
图 7为本发明实施例中的由运营商向服务提供商发起的广播业务密 钥获取的方法的流程图。  FIG. 7 is a flowchart of a method for acquiring a broadcast service key initiated by an operator to a service provider according to an embodiment of the present invention.
图 8为本发明实施例中的订阅管理服务器的结构图。  FIG. 8 is a structural diagram of a subscription management server in an embodiment of the present invention.
图 9为本发明实施例中的订阅管理服务系统的结构图。 实施本发明的方式 FIG. 9 is a structural diagram of a subscription management service system according to an embodiment of the present invention. Mode for carrying out the invention
下面结合附图和实施例, 对本发明的具体实施方式作进一步详细描 述。  Specific embodiments of the present invention will be further described in detail below with reference to the drawings and embodiments.
为了叙述的方便, 在以下的说明中, 我们可将终端归属地的订阅管 理服务器或归属地 SP的 BSM设为第一订阅管理服务器,将漫游地的订 阅管理服务器或漫游地 SP的 BSM设为第二订阅管理服务器; 此外, 当 终端所需订阅的业务无需区分归属地或漫游地时(例如, 通过网络运营 商的平台向某个 SP订阅该 SP提供的节目等), 对于终端来说, 网络运 营商一般比较可信且安全性也高于一般的 SP,而网络运营商除了可提供 订阅管理服务外, 还可与其他的提供订阅管理服务的 SP进行联系, 因 此, 也可将网络运营商的订阅管理服务器设为第一订阅管理服务器, 同 时将 SP的 BSM设为第二订阅管理服务器。  For the convenience of description, in the following description, we can set the BSM of the subscription management server or the home SP of the terminal to the first subscription management server, and set the BSM of the roaming subscription management server or the roaming SP. a second subscription management server; in addition, when the service that the terminal needs to subscribe to does not need to distinguish the home location or the roaming place (for example, subscribes to the SP for the program provided by the SP through the network operator's platform), for the terminal, Network operators are generally more trustworthy and more secure than normal SPs. In addition to providing subscription management services, network operators can also contact other SPs that provide subscription management services. Therefore, network operations can also be performed. The subscriber's subscription management server is set as the first subscription management server, and the BSM of the SP is set as the second subscription management server.
图 2为本发明实施例中的长期密钥获取方法的总流程图。 如图 2所 示, 本发明实施例中的长期密钥获取方法包括以下步骤:  FIG. 2 is a general flowchart of a method for acquiring a long-term key in an embodiment of the present invention. As shown in FIG. 2, the long-term key acquisition method in the embodiment of the present invention includes the following steps:
步骤 201 , 终端向第一订阅管理服务器发送携带业务标识的请求消 息。 所述的请求消息中还可携带第二订阅管理服务器标识和用户标识 ( User ID, 如手机 SIM卡号)等信息。  Step 201: The terminal sends a request message carrying the service identifier to the first subscription management server. The request message may further carry information such as a second subscription management server identifier and a user ID (such as a mobile phone SIM card number).
步骤 202, 第一订阅管理服务器获取与所述请求消息中的业务标识 所对应的业务的长期密钥和 /或长期密钥关联信息。所述长期密钥关联信 息即为与所述长期密钥相关的信息, 如长期密钥的有效期等。  Step 202: The first subscription management server acquires long-term key and/or long-term key association information of the service corresponding to the service identifier in the request message. The long-term key association information is information related to the long-term key, such as the validity period of the long-term key.
步骤 203, 第一订阅管理服务器根据所述长期密钥生成长期密钥消 息, 并将所述长期密钥消息发送给所述终端。  Step 203: The first subscription management server generates a long-term key message according to the long-term key, and sends the long-term key message to the terminal.
在广播业务中, 上述流程中的业务标识也可以是购买项标识, 即允 许用户定购的业务购买项标识, 或者多个业务组合而成的购买项标识 等。 图 3为本发明实施例中的长期密钥获取方法的具体流程图。 其中, 第一订阅管理服务器可以为终端归属地的订阅管理服务器, 也可以为归 属地 SP的 BSM, 第二订阅管理服务器可以为服务漫游地的订阅管理服 务器, 也可以为漫游地 SP的 BSM。 如图 3所示, 本发明实施例中的长 期密钥获取方法的具体流程包括以下步骤: In the broadcast service, the service identifier in the foregoing process may also be a purchase item identifier, that is, a service purchase item identifier that allows the user to order, or a purchase item identifier formed by combining a plurality of services. FIG. 3 is a specific flowchart of a method for acquiring a long-term key in an embodiment of the present invention. The first subscription management server may be a subscription management server of the home of the terminal, or may be a BSM of the home SP, and the second subscription management server may be a subscription management server that serves the roaming location, or may be a BSM of the roaming SP. As shown in FIG. 3, the specific process of the long-term key acquisition method in the embodiment of the present invention includes the following steps:
步骤 301、 终端向第一订阅管理服务器发送第一广播业务订阅请求 消息。  Step 301: The terminal sends a first broadcast service subscription request message to the first subscription management server.
在步骤 301中, 所述第一广播业务订阅请求消息中包括第二订阅管 理服务器标识、 用户标识、 要订阅的业务标识或者订阅项标识。 此外, 当业务标识是全球唯一的时候或者包含第二订阅管理服务器标识 (例 如: 业务标识为订阅管理服务器标识串连一个业务号码), 第一广播业 务订阅请求消息中可不包括第二订阅管理服务器标识 , 第一订阅管理服 务器可从第一广播业务订阅请求消息中的业务标识推知第二订阅管理 服务器标识。 另外, 所述第一广播业务订阅请求消息中还可以包括终端 信息(Device ID )或者智能卡信息, 以供后续步骤中第一订阅管理服务 器为终端生成需要的长期密钥消息时使用。 所述的终端信息可以是终端 国际移动台设备标识 ( IMEI , International Mobile Station Equipment Identity ), 所述的智能卡信息可以是手机 SIM卡号等。 使用该终端的用 户可以有多种方式获得订阅的业务或者订阅项信息和确定要订阅的业 务, 例如, 终端可以通过广播业务指南 SG获得第二订阅管理服务器的 业务或者订阅项信息, 展示给用户, 允许用户直接通过终端选择要订阅 的业务; 此外, 用户也可以通过门户 (PORTAL )、 广告等其他方式获取 业务或者订阅项信息, 然后通过终端输入要订阅的业务信息。  In step 301, the first broadcast service subscription request message includes a second subscription management server identifier, a user identifier, a service identifier to be subscribed, or a subscription identifier. In addition, when the service identifier is globally unique or includes a second subscription management server identifier (for example, the service identifier is a subscription service server identifier concatenated with a service number), the second subscription service subscription request message may not include the second subscription management server. And the first subscription management server may infer the second subscription management server identifier from the service identifier in the first broadcast service subscription request message. In addition, the first broadcast service subscription request message may further include terminal information (Device ID) or smart card information, which is used when the first subscription management server generates a required long-term key message for the terminal in a subsequent step. The terminal information may be an International Mobile Station Equipment Identity (IMEI), and the smart card information may be a mobile phone SIM card number or the like. The user who uses the terminal can obtain the subscribed service or subscription information and determine the service to be subscribed in multiple ways. For example, the terminal can obtain the service or subscription information of the second subscription management server through the broadcast service guide SG, and display it to the user. The user is allowed to directly select the service to be subscribed through the terminal; in addition, the user can also obtain the service or subscription information through the portal (PORTAL), advertisement, and the like, and then input the service information to be subscribed through the terminal.
步骤 302、 第一订阅管理服务器向第二订阅管理服务器发送第二广 播业务订阅请求。 具体来说 , 第一订阅管理服务器首先对该终端中的用户进行鉴权 , 当用户是合法用户, 并有权订阅第二订阅管理服务器管理的业务时, 第 一订阅管理服务器根据第二订阅管理服务器标识向第二订阅管理服务 器发送包括用户标识(或替代用户标识)、 要订阅的业务标识或订阅项 标识的第二广播业务订阅请求。 所述的第二订阅管理服务器标识可以从 第一订阅管理服务器所接收到的第一广播业务订阅请求中直接得到; 或 者, 通过第一请求消息中的业务标识推知第二订阅管理服务器标识, 此 时, 终端向第一订阅管理服务器所发送的第一请求消息中可不包括第二 订阅管理服务器标识。 Step 302: The first subscription management server sends a second broadcast service subscription request to the second subscription management server. Specifically, the first subscription management server first authenticates the user in the terminal, and when the user is a legitimate user and has the right to subscribe to the service managed by the second subscription management server, the first subscription management server manages according to the second subscription. The server identifier sends a second broadcast service subscription request including a user identity (or an alternate user identity), a service identity to be subscribed, or a subscriber identity to the second subscription management server. The second subscription management server identifier may be directly obtained from the first broadcast service subscription request received by the first subscription management server; or, the second subscription management server identifier is inferred by using the service identifier in the first request message, The second subscription management server identifier may not be included in the first request message sent by the terminal to the first subscription management server.
其中, 为了使得用户标识不被第二订阅管理服务器获析, 以保证用 户信息的私密性, 第一订阅管理服务器可以将用户标识转换为替代用户 标识。 第一订阅管理服务器可以根据该用户标识, 采用某种计算方法或 者逻辑方法为其生成替代用户标识, 存储用户标识和替代用户标识, 并 将两者相关联。 例如: 用户标识是手机号码 13812345678, 第一订阅管 理服务器采用某种算法或者其他方法将用户标识转换为替代用户标识 号码 CH0987。 第二订阅管理服务器并不知道 CH0987用户的真正手机 号码, 而只是使用 CH0987这个号码来作为该用户的标识进行维护。 如 果第一订阅管理服务器在第二广播业务订阅请求中向第二订阅管理服 务器发送的是替代用户标识, 则在后继步骤中, 第一订阅管理服务器和 第二订阅管理服务器之间的所有关于该用户的通讯将都使用替代用户 标识。  In order to ensure that the user identifier is not analyzed by the second subscription management server to ensure the privacy of the user information, the first subscription management server may convert the user identifier into an alternate user identifier. The first subscription management server may generate an alternate user identifier, store the user identifier and the substitute user identifier, and associate the two by using a computing method or a logical method according to the user identifier. For example: The user ID is the mobile number 13812345678, and the first subscription management server uses an algorithm or other method to convert the user ID to the alternate user identification number CH0987. The second subscription management server does not know the real mobile number of the CH0987 user, but only uses the CH0987 number as the identity of the user for maintenance. If the first subscription management server sends the substitute user identifier to the second subscription management server in the second broadcast service subscription request, in the subsequent step, all the information between the first subscription management server and the second subscription management server is related to the The user's communication will all use an alternate user ID.
步骤 303、 第二订阅管理服务器向第一订阅管理服务器返回广播业 务订阅响应消息。  Step 303: The second subscription management server returns a broadcast service subscription response message to the first subscription management server.
具体来说, 第二订阅管理服务器存储有用户的信息, 并根据收到第 一订阅管理服务器发出的第二订阅请求消息中的用户标识或者替代用 户标识进行用户业务鉴权, 并向第一订阅管理服务器返回广播业务订阅 响应消息, 该响应消息中包括用户订阅业务鉴权结果。 所述业务鉴权结 果可以包括但是不限于: 用户是否是非法用户、 用户是否可以请求该项 业务等。 Specifically, the second subscription management server stores the information of the user, and according to the user identifier or the substitute in the second subscription request message sent by the first subscription management server. The user identity authenticates the user service, and returns a broadcast service subscription response message to the first subscription management server, where the response message includes the user subscription service authentication result. The service authentication result may include, but is not limited to, whether the user is an illegal user, whether the user can request the service, and the like.
步骤 304、第一订阅管理服务器向终端返回广播业务订阅响应消息。 所述广播业务订阅响应消息包括用户订阅业务鉴权结果, 用于向用 户显示业务鉴权结果, 提示用户是否继续获取请求的业务或者订阅项的 密钥。  Step 304: The first subscription management server returns a broadcast service subscription response message to the terminal. The broadcast service subscription response message includes a user subscription service authentication result, which is used to display the service authentication result to the user, and prompts the user whether to continue to obtain the requested service or the key of the subscription item.
步骤 305、终端向第一订阅管理服务器返回确认接收订阅业务消息。 所述确认接收订阅业务消息中包含用户确认的结果, 也可以包括用 户想要获得的业务或者订阅项的标识。 如果用户不希望获取密钥, 则整 个流程结束; 如果用户希望获得密钥, 并且在步骤 301的第一订阅请求 消息中没有携带终端信息或者智能卡信息 , 则所述确认接收订阅业务消 息中还需要包括用户的终端信息(例如, 终端国际移动台设备标识)或 者智能卡信息。  Step 305: The terminal returns a confirmation to receive the subscription service message to the first subscription management server. The acknowledgment receiving subscription service message includes the result of the user confirmation, and may also include the identifier of the service or subscription item that the user wants to obtain. If the user does not want to obtain the key, the entire process ends; if the user wants to obtain the key, and the first subscription request message in step 301 does not carry the terminal information or the smart card information, the acknowledgement needs to be received in the subscription service message. It includes the user's terminal information (for example, the terminal international mobile station device identification) or smart card information.
步骤 306、 第一订阅管理服务器向第二订阅管理服务器发送请求长 期密钥消息, 请求用户想要获得的业务或者订阅项的长期密钥 LTK。  Step 306: The first subscription management server sends a request long-term key message to the second subscription management server, requesting the long-term key LTK of the service or subscription that the user wants to obtain.
所述请求长期密钥消息中可以包括用户确认需要获得密钥的业务标 识或者订阅项标识。 如果用户订阅包月业务, 则该长期密钥为业务加密 鉴权密钥 SEAK (由 SEAK可以得到业务密钥 SEK ); 如果用户只是想 要即时使用 ( Pay-per-view ), 则该长期密钥为节目加密鉴权密钥 PEAK (由 PEAK可以得到节目密钥 PEK )。  The requesting long-term key message may include a service identifier or a subscriber identifier that the user confirms that the key needs to be obtained. If the user subscribes to the monthly subscription service, the long-term key is the service encryption authentication key SEAK (the service key SEK can be obtained by the SEAK); if the user only wants to use the Pay-per-view, the long-term key The program authentication key PEAK is encrypted for the program (the program key PEK can be obtained by PEAK).
步骤 307、 第二订阅管理服务器判断是否已经存储有请求的业务或 者定购项的 LTK, 如果存储了所述 LTK, 则第二订阅管理服务器将所述 LTK发送给第一订阅管理服务器;如果没有存储所述 LTK或者所存储的 所述 LTK需要更新,则第二订阅管理服务器生成相应的 LTK,并将生成 的 LTK发送给第一订阅管理服务器。所述发送给第一订阅管理器的 LTK 中也可以包含 LTK关联信息, 所述 LTK关联信息可以包含但不限于相 关业务或者购买项标识、 LTK的有效期或应用规则等。 Step 307: The second subscription management server determines whether the requested service or the LTK of the order item has been stored. If the LTK is stored, the second subscription management server sends the LTK to the first subscription management server; if not stored The LTK or stored The LTK needs to be updated, and the second subscription management server generates a corresponding LTK and sends the generated LTK to the first subscription management server. The LTK sent to the first subscription manager may also include LTK association information, which may include, but is not limited to, related services or purchase item identifiers, LTK validity periods or application rules, and the like.
步骤 308、第一订阅管理服务器根据用户终端信息或者智能卡信息, 采用用户在第一订阅管理服务器安全注册时生成的权限加密密钥 REK 或签约管理密钥 SMK来加密用户所请求的业务或者定购项的 LTK, 生 成长期密钥消息 LTKM, 并将所生成的 LTKM发送给终端; 或者第一订 阅管理服务器采用网络侧在需要对业务的长期密钥加密时所生成的 REK或 SMK来加密用户请求的业务或者定购项的 LTK, 生成 LTKM, 并将所生成的 LTKM发送给终端。 其中, LTKM中携带第一订阅管理服 务器加密的所述业务或订购项的 LTK。  Step 308: The first subscription management server encrypts the service or subscription item requested by the user by using the rights encryption key REK or the subscription management key SMK generated when the user securely registers with the first subscription management server according to the user terminal information or the smart card information. LTK, generates a long-term key message LTKM, and sends the generated LTKM to the terminal; or the first subscription management server uses the REK or SMK generated by the network side when the long-term key encryption of the service is required to encrypt the user request. The LTK of the business or order item, generates LTKM, and sends the generated LTKM to the terminal. The LTKM carries the LTK of the service or subscription item encrypted by the first subscription management server.
在以上步骤中, 如果用户已通过第二订阅管理服务器的业务鉴权, 被允许订阅请求的业务 /或进行密钥更新, 则可以省略步骤 303 ~ 306, 第二订阅管理服务器直接通过步骤 307, 返回给第一订阅管理服务器用 户请求的长期密钥。 或者可省略步骤 304和 305, 即省略用户确认过程, 第一订阅管理服务器在步骤 303中收到广播业务订阅响应消息后, 直接 执行步骤 306, 即根据接收到的广播业务订阅响应消息向第二订阅管理 服务器发送请求长期密钥消息, 请求需要的长期密钥。 如果用户未通过 第二订阅管理服务器的业务鉴权, 不能订阅请求的业务或者更新请求的 业务密钥, 则需要通过步骤 303和 304向用户返回相应的结果, 结束整 个流程。  In the above steps, if the user has been allowed to subscribe to the requested service or perform key update through the service authentication of the second subscription management server, steps 303-306 may be omitted, and the second subscription management server directly passes step 307. Returns the long-term key requested by the first subscription management server user. Alternatively, steps 304 and 305 may be omitted, that is, the user confirmation process is omitted. After receiving the broadcast service subscription response message in step 303, the first subscription management server directly performs step 306, that is, according to the received broadcast service subscription response message to the second. The subscription management server sends a request long-term key message requesting the required long-term key. If the user fails to subscribe to the requested service or updates the requested service key through the service authentication of the second subscription management server, the corresponding result needs to be returned to the user through steps 303 and 304, and the entire process is ended.
在以上的步骤中, 第一订阅管理服务器可以在收到用户的广播业务 订阅请求时, 也可以在要加密 LTK生成 LTKM之前, 判断终端或者智 能卡是否已经进行安全注册。 如果终端还没有在第一订阅管理服务器所 在的域的安全服务器进行注册, 则第一订阅管理服务器无法成功生成In the above steps, the first subscription management server may determine whether the terminal or the smart card has been securely registered before receiving the broadcast service subscription request of the user, or before encrypting the LTK to generate the LTKM. If the terminal is not already in the first subscription management server After the security server of the domain is registered, the first subscription management server cannot be successfully generated.
LTKM。 LTKM.
当然,第一订阅管理服务器可以通知终端发起相应的安全注册流程 , 完成广播业务安全架构的第一层认证注册层的流程 , 使得第一订阅管理 服务器或其所在域的安全服务器可以在需要时为终端或智能卡生成权 P艮加密密钥 REK或者签约管理密钥 SMK。 终端获取相应的权限解密密 钥或者解密用的签约管理密钥, 才能解密收到的 LTKM。  Certainly, the first subscription management server may notify the terminal to initiate a corresponding security registration process, complete the process of the first layer authentication registration layer of the broadcast service security architecture, so that the first subscription management server or the security server of the domain in which it is located may be The terminal or smart card generation right P艮 encryption key REK or contract management key SMK. The terminal obtains the corresponding permission decryption key or the subscription management key for decryption to decrypt the received LTKM.
同时, 为了减少第二订阅管理服务器向第一订阅管理服务器反复传 送同样的密钥, 减少网络传输过程中密钥被截获的可能性, 第一订阅管 理服务器可以保存第二订阅管理服务器发来的业务或者订阅项的长期 密钥和 /或长期密钥关联信息。在这种情况下, 第一订阅管理服务器不一 定每次都向第二订阅管理服务器请求业务或者订阅项的长期密钥。 而可 以在收到用户请求密钥消息或者用户确认要获取密钥消息后, 先判断是 否本地已经存储相应的密钥和密钥的有效期等相关信息。  Meanwhile, in order to reduce the possibility that the second subscription management server repeatedly transmits the same key to the first subscription management server, and the possibility that the key is intercepted during the network transmission, the first subscription management server may save the second subscription management server. Long-term key and/or long-term key association information for a business or subscription. In this case, the first subscription management server does not necessarily request the long-term key of the service or subscription from the second subscription management server each time. After receiving the user request key message or the user confirms that the key message is to be obtained, it may first determine whether the corresponding key and the validity period of the key have been stored locally.
如果在第一订阅管理服务器中存储有相应的密钥和所述密钥的相关 信息, 如有效期信息等, 则第一订阅管理服务器可以根据该有效期判断 所存储的相应密钥是否有效。 由于第一订阅管理服务器中存储有终端的 信息, 可根据上述所存储的终端信息和终端所发送的第一广播业务订阅 请求消息对终端中的用户进行鉴权, 从而判断该用户是否为合法用户, 是否有权订阅所请求的第二订阅管理服务器管理的业务, 因此, 如果第 一订阅管理服务器中所存储的相应密钥有效, 则可以省略步骤 302 ~ 307 , 即第一订阅管理服务器不需要向第二订阅管理服务器发送第二广 播业务订阅请求消息, 而直接执行步骤 308, 即第一订阅管理服务器使 用上述所存储的相应密钥来生成 LTKM消息, 并将生成的 LTKM消息 发送给终端;或者, 当第一订阅管理服务器中所存储的相应密钥有效时, 可省略步骤 304 - 307, 在通过第二订阅管理服务器的用户业务鉴权后 , 执行步骤 308 , 即由第一订阅管理服务器使用所存储的长期密钥生成 LTKM消息, 并将生成的 LTKM消息发送给终端; 再或者, 当第一订阅 管理服务器中所存储的相应密钥有效时, 仅省略步骤 306 ~ 307, 而直接 执行步骤 308。 If the corresponding information of the key and the key, such as validity period information, is stored in the first subscription management server, the first subscription management server may determine whether the stored corresponding key is valid according to the validity period. The information of the terminal is stored in the first subscription management server, and the user in the terminal is authenticated according to the stored terminal information and the first broadcast service subscription request message sent by the terminal, so as to determine whether the user is a legitimate user. Whether the right to subscribe to the service managed by the requested second subscription management server, therefore, if the corresponding key stored in the first subscription management server is valid, steps 302 to 307 may be omitted, that is, the first subscription management server does not need Sending a second broadcast service subscription request message to the second subscription management server, and directly performing step 308, that is, the first subscription management server generates the LTKM message by using the stored corresponding key, and sends the generated LTKM message to the terminal; Or, when the corresponding key stored in the first subscription management server is valid, Steps 304-307 may be omitted. After the user service authentication by the second subscription management server, step 308 is performed, that is, the first subscription management server generates the LTKM message by using the stored long-term key, and sends the generated LTKM message. To the terminal; or, when the corresponding key stored in the first subscription management server is valid, only steps 306-307 are omitted, and step 308 is directly executed.
如果第一订阅管理服务器中所存储的相应密钥已经过期或失效, 则 第一订阅管理服务器可在步骤 302或 306中所发送的请求消息中加入一 个标识, 该标识表示第一订阅管理服务器中已经存储有该长期密钥, 但 密钥已经过期。 第二订阅管理服务器收到该请求消息后,将新的 LTK和 /或 LTK相关信息发送给第一订阅管理服务器; 第一订阅管理服务器将 新的 LTK进行加密后发送给终端 LTKM, 同时, 第一订阅管理服务器可 以存储新的 LTK和 LTK相关信息。  If the corresponding key stored in the first subscription management server has expired or expired, the first subscription management server may add an identifier to the request message sent in step 302 or 306, the identifier indicating that the first subscription management server is The long-term key has been stored, but the key has expired. After receiving the request message, the second subscription management server sends the new LTK and/or LTK related information to the first subscription management server; the first subscription management server encrypts the new LTK and sends the information to the terminal LTKM, and at the same time, A subscription management server can store new LTK and LTK related information.
如果第一订阅管理服务器中只存储有相应的密钥 , 但没有存储该密 钥的相关信息, 如有效期信息等, 则第一订阅管理服务器可在步骤 302 或 306中所发送的消息中加入一个标识, 该标识说明在第一订阅管理服 务器中已经存储有该长期密钥。 第二订阅管理服务器可以根据上述标识 或第二订阅管理服务器的历史记录判断上次发送给第一订阅管理服务 器的长期密钥是否过期; 如果上次发送给第一订阅管理服务器的长期密 钥没有过期, 则第二订阅管理服务器可在步骤 307的向第一订阅管理服 务器发送的消息中加入指示第一订阅管理服务器所存储的密钥有效的 消息。 此时, 步骤 307中的消息可以不包含长期密钥或密钥组, 也可以 包含长期密钥和 /或长期密钥关联信息。第一订阅管理服务器根据收到的 上述消息, 从存储在第一订阅管理服务器中的长期密钥中获取所述业务 的长期密钥, 并对所述长期密钥进行加密; 如果第二订阅管理服务器判 断第一订阅管理服务器所存储的密钥已过期, 则在步骤 307中, 第二订 阅管理服务器向第一订阅管理服务器发送包含新的长期密钥和 /或新的 长期密钥关联信息。 第一订阅管理服务器根据收到的上述消息, 获取消 息中所携带的长期密钥, 并对所获取的长期密钥进行加密。 同时, 第一 订阅管理服务器还可以采用新获取的所述业务的长期密钥来替换已经 存储的该业务的长期密钥, 采用所述业务的长期密钥关联信息来替换已 经存储的该业务的长期密钥关联信息。 If the first subscription management server stores only the corresponding key, but does not store related information of the key, such as validity period information, etc., the first subscription management server may add one of the messages sent in step 302 or 306. An identifier indicating that the long-term key has been stored in the first subscription management server. The second subscription management server may determine, according to the foregoing identifier or the history of the second subscription management server, whether the long-term key that was last sent to the first subscription management server expires; if the long-term key that was last sent to the first subscription management server does not When expired, the second subscription management server may add a message indicating that the key stored by the first subscription management server is valid in the message sent to the first subscription management server in step 307. At this time, the message in step 307 may not include a long-term key or a key group, and may also include a long-term key and/or long-term key-related information. The first subscription management server acquires the long-term key of the service from the long-term key stored in the first subscription management server according to the received message, and encrypts the long-term key; if the second subscription management The server determines that the key stored by the first subscription management server has expired, and in step 307, the second subscription The management server sends a new long-term key and/or new long-term key association information to the first subscription management server. The first subscription management server obtains the long-term key carried in the message according to the received message, and encrypts the obtained long-term key. At the same time, the first subscription management server may further replace the long-term key of the service that has been stored by using the newly acquired long-term key of the service, and replace the already stored service with the long-term key association information of the service. Long-term key association information.
以上所述的是本发明实施例中的长期密钥获取方法的具体流程, 即 业务定购流程。 当用户使用的业务密钥过期时, 如果该业务仍在订阅期 内, 则需要通过密钥更新流程来进行密钥更新。 因此, 本发明的实施例 还提供了一种密钥更新的方法(即密钥更新流程)来进行密钥更新。  The above describes the specific process of the long-term key acquisition method in the embodiment of the present invention, that is, the service ordering process. When the service key used by the user expires, if the service is still in the subscription period, the key update process is required to perform the key update. Accordingly, embodiments of the present invention also provide a method of key update (i.e., a key update procedure) for performing key update.
在本发明实施例中,密钥更新流程与上述的业务定购流程基本相同。 具体来说, 在密钥更新流程中, 可将步骤 301中的第一广播业务订阅请 求消息替换为第一密钥更新请求消息 , 该第一密钥更新请求消息包括第 二订阅管理服务器标识、 用户标识、 与要更新的密钥相关的业务标识或 者订阅项标识, 还包括终端信息或智能卡信息。 所述的终端信息,可以是 终端国际移动台设备标识 IMEI, 所述的智能卡信息可以是手机 SIM卡 号等。 同样的, 在密钥更新流程中, 需将步骤 302中的第二广播业务订 阅请求消息替换为第二密钥更新请求消息, 而步骤 303 ~ 306 则可以省 略。 在密钥更新流程中, 步骤 307将变为: 将更新的长期密钥发送给第 一订阅管理服务器; 而步骤 308也将变为: 第一订阅管理服务器根据更 新的长期密钥为用户生成 LTKM, 并将生成的 LTKM发送给终端。在上 述的业务密钥更新流程中 , 如果第一订阅管理服务器已经存储有更新的 密钥时, 则可省略步骤 302 ~ 307, 即第一订阅管理服务器根据更新的长 期密钥为用户生成 LTKM, 并将生成的 LTKM发送给终端; 或者, 也可 以在步骤 302中包含相应的标识, 该标识说明在第一订阅管理服务器中 已经存储有更新的密钥, 而随后的后续流程与上述的业务定购流程中相 应的流程一致。 In the embodiment of the present invention, the key update process is basically the same as the above-mentioned service ordering process. Specifically, in the key update process, the first broadcast service subscription request message in step 301 may be replaced with a first key update request message, where the first key update request message includes a second subscription management server identifier, The user identifier, the service identifier or the subscription identifier associated with the key to be updated, and the terminal information or smart card information. The terminal information may be a terminal international mobile station device identifier (IMEI), and the smart card information may be a mobile phone SIM card number or the like. Similarly, in the key update process, the second broadcast service subscription request message in step 302 needs to be replaced with the second key update request message, and steps 303-306 can be omitted. In the key update process, step 307 will become: Send the updated long-term key to the first subscription management server; and step 308 will also become: The first subscription management server generates LTKM for the user based on the updated long-term key. And send the generated LTKM to the terminal. In the foregoing service key update process, if the first subscription management server has stored the updated key, steps 302 to 307 may be omitted, that is, the first subscription management server generates the LTKM for the user according to the updated long-term key. And sending the generated LTKM to the terminal; or, in step 302, the corresponding identifier may be included, where the identifier is specified in the first subscription management server. The updated key has been stored, and the subsequent subsequent processes are consistent with the corresponding processes in the above-described business ordering process.
在以上所述的业务定购流程中, 允许用户通过终端定购一个业务或 订阅项, 获取相应密钥, 也可以同时请求多个业务或订阅项, 同时获取 多个密钥; 对于密钥更新流程来说, 亦是如此。 所以, 上述两个流程的 相应的步骤中所传送的可以是一个密钥和 /或密钥相关信息,也可以是多 个密钥组成的密钥组和 /或密钥组中每个密钥的相关信息。此外, 由于长 期密钥消息 LTKM的生成需要某些长期密钥 LTK的相关信息, 所以如 果相关的 LTK信息发生变化或者更新,第一订阅管理服务器也需要使用 LTK和更新的相关 LTK信息生成长期密钥消息 LTKM。  In the service ordering process described above, the user is allowed to order a service or a subscription through the terminal, obtain the corresponding key, or request multiple services or subscriptions at the same time, and obtain multiple keys at the same time; Said, the same is true. Therefore, the corresponding steps in the above two processes may be transmitted by a key and/or key related information, or may be a key group composed of multiple keys and/or each key in the key group. Related information. In addition, since the generation of the long-term key message LTKM requires information about certain long-term key LTKs, if the related LTK information changes or is updated, the first subscription management server also needs to generate long-term secrets using the LTK and the updated related LTK information. Key message LTKM.
由于在第一订阅管理服务器和第二订阅管理服务器之间所传送的 LTK对于业务的安全使用来说是至关重要的, 因此两个服务器之间的传 输层等传输通道应该采用一些安全机制, 如 IP安全协议 ( IPSec, IP Security Protocol )等。 由于以上方案中第二订阅管理服务器的长期密钥 暴露给了第一订阅管理服务器, 所以需要第一订阅管理服务器和第二订 阅管理服务器之间有足够的信任机制 , 或者两个服务器的运营商之间签 订信任协议。  Since the LTK transmitted between the first subscription management server and the second subscription management server is critical for the secure use of the service, the transmission channel such as the transport layer between the two servers should adopt some security mechanisms. Such as IP Security Protocol (IPSec, IP Security Protocol). Since the long-term key of the second subscription management server in the above solution is exposed to the first subscription management server, there is a sufficient trust mechanism between the first subscription management server and the second subscription management server, or an operator of the two servers. A trust agreement is signed between them.
以上所述为本发明实施例中的长期密钥获取方法以及密钥更新方 法,为了更加清楚的表述本发明实施例中的技术方案,以下将以 DRM 2.0 方式或初始用户鉴权架构 ( GBA , Generic Bootstrapping Authentication ) 方式进行密钥保护为例 , 对本发明实施例中的长期密钥获取方法以及密 钥更新的方法作进一步的说明。  The above description is the long-term key acquisition method and the key update method in the embodiment of the present invention. In order to more clearly describe the technical solution in the embodiment of the present invention, the following will be in the DRM 2.0 manner or the initial user authentication architecture (GBA, The method of performing key protection in the manner of the present invention further describes the method for acquiring the long-term key and the method for updating the key in the embodiment of the present invention.
第一实施例: 采用 DRM 2.0方式进行密钥保护。  First Embodiment: Key protection is implemented by using DRM 2.0.
/密钥更新的方法的流程图。 如图 4所示, 第一订阅管理服务器中包括一 个业务订阅 /密钥管理模块, 用于接收和处理终端的业务订阅请求, 负责 为终端生成需要的密钥消息。 当采用 DRM 2.0方式进行密钥保护时, DRM的授权发行者 RI可以位于第一订阅管理服务器内或者其外。 如果 第二订阅管理服务器及其所在域没有 RI或者终端无法和第二订阅管理 服务器对应的 RI或第二订阅管理服务器内的 RI直接交互, 则可以通过 第一订阅管理服务器来生成 LTKM, 实现间接业务订阅或密钥更新。 因 此, 当移动广播系统中的终端支持 DRM 2.0方式时, 订阅管理服务器可 采用 DRM方式对于长期密钥 LTK进行加密。如图 4所示,采用 DRM 2.0 方式实现间接广播业务订阅 /密钥更新的方法包括以下的步骤: Flowchart of the method of /key update. As shown in FIG. 4, the first subscription management server includes one A service subscription/key management module is configured to receive and process a service subscription request of the terminal, and is responsible for generating a required key message for the terminal. When the DRM 2.0 method is used for key protection, the authorized issuer RI of the DRM may be located in or outside the first subscription management server. If the second subscription management server and its domain do not have an RI or the terminal cannot directly interact with the RI corresponding to the second subscription management server or the RI in the second subscription management server, the LTKM may be generated by the first subscription management server to implement the indirect Business subscription or key update. Therefore, when the terminal in the mobile broadcast system supports the DRM 2.0 mode, the subscription management server can encrypt the long-term key LTK in the DRM manner. As shown in FIG. 4, the method for implementing an indirect broadcast service subscription/key update by using the DRM 2.0 method includes the following steps:
步骤 401 ~ 407, 与图 3所示的步骤 301 ~ 307—致, 即第一订阅管 理服务器中业务订阅 /密钥管理模块从第二订阅管理服务器的业务订阅 / 密钥管理模块获取业务或者订阅项的长期密钥 LTK( SEAK或者 PEAK )。  Steps 401 to 407, which are consistent with steps 301 to 307 shown in FIG. 3, that is, the service subscription/key management module in the first subscription management server acquires a service or subscription from the service subscription/key management module of the second subscription management server. The long-term key of the item LTK ( SEAK or PEAK ).
步骤 408, 第一订阅管理服务器的业务订阅 /密钥管理模块向授权发 行者 RI发送请求权限对象获取协议中的触发消息(ROAPTrigger )的消 息, 该消息中需要携带终端信息 (如终端设备标识), 可以携带业务或 者订阅项的长期密钥 LTK ( SEAK或者 PEAK )。 RI 判断所述 ROAP Trigger 中是否携带有业务或者订阅项的长期密钥 LTK ( SAEK 或者 PEAK ), 如果没有携带, 则 RI还需向第一订阅管理服务器中的订阅 /密 钥管理模块请求 SEAK或者 PEAK。  Step 408: The service subscription/key management module of the first subscription management server sends a message requesting the trigger message (ROAPTrigger) in the rights object acquisition protocol to the authorized issuer RI, where the message needs to carry the terminal information (such as the terminal device identifier). , can carry the long-term key LTK ( SEAK or PEAK ) of the business or subscription. The RI determines whether the ROAP Trigger carries the long-term key LTK (SAEK or PEAK) of the service or the subscription. If not, the RI also needs to request the SEAK from the subscription/key management module in the first subscription management server. PEAK.
步骤 409, RI为终端生成权限加密密钥 REK ( RI根据终端信息生成 REK, 符合 DRM2.0的机制), 使用权限加密密钥对 SEAK或者 PEAK 进行加密, 生成需要发送给终端的长期密钥消息 LTKM, 即版权对象 ( RO )消息。 RI向业务订阅 /密钥管理模块返回与上述 ROAP Trigger对 应的成功响应 (OK ) 消息。  Step 409, the RI generates a permission encryption key REK for the terminal (the RI generates a REK according to the terminal information, and conforms to the DRM2.0 mechanism), encrypts the SEAK or the PEAK by using the permission encryption key, and generates a long-term key message that needs to be sent to the terminal. LTKM, the copyright object (RO) message. The RI returns a successful response (OK) message corresponding to the above ROAP Trigger to the service subscription/key management module.
步骤 410, 第一订阅管理服务器的业务订阅 /密钥管理模块收到 RI 发来的 ROAP Trigger成功响应 (OK ) 消息, 向终端发送触发获取 RO 的通知消息 , 该通知消息中包含获取 RO需要的地址, 所述地址可以但 不限于 URI的形式; 该消息遵循 DRM 2.0的 RO Tigger消息定义。 Step 410: The service subscription/key management module of the first subscription management server receives the RI The ROAP Trigger successfully responds (OK) message, and sends a notification message to the terminal to trigger the acquisition of the RO, where the notification message includes an address required for acquiring the RO, and the address may be, but is not limited to, a URI; the message follows DRM 2.0. RO Tigger message definition.
步骤 411,终端收到触发获取 RO的消息,根据消息中的 RO获取地 址, 向 RI发送 RO获取请求 , 该请求遵循 DRM 2.0的方式。  Step 411: The terminal receives the message triggering the acquisition of the RO, and obtains the RO acquisition request according to the RO in the message, and the request is in accordance with the DRM 2.0 manner.
步骤 412, RI向终端发送 RO响应消息, 即 LTKM, 其消息格式遵 循 DRM 2.0的规范。  Step 412: The RI sends an RO response message to the terminal, that is, LTKM, and the message format conforms to the specification of DRM 2.0.
以上所述的流程中采用了 DRM 2.0的 2步( 2 pass ) 的 RO获取流 程, 如果采用 1步(1 pass ) 的 RO获取流程, 则可以没有步骤 410和 411, 其他和 RI的交互步骤遵循 DRM 2.0的 1 pass的 RO获取流程。  The above described process uses the 2 step (2 pass) RO acquisition process of DRM 2.0. If the 1 step (1 pass) RO acquisition process is used, there may be no steps 410 and 411, and the other interaction steps with RI follow. DRM 2.0's 1 pass RO acquisition process.
在上述的流程中, RI 所收到的由第一订阅管理服务器的业务订阅 / 密钥管理模块发送的请求 ROAP Trigger消息中携带有终端设备标识, RI在收到所述请求 ROAP Trigger消息后, 还需要对终端设备进行安全 鉴权, 判断终端设备是否已经在 RI 注册。 如果终端设备尚未注册, RI 则向第一订阅管理服务器的业务订阅 /密钥管理模块返回终端尚未注册 的响应消息 ,第一订阅管理服务器的业务订阅 /密钥管理模块再将所述终 端尚未注册的响应消息发送至终端, 触发终端在 RI进行注册。 当终端 在 RI的注册完成后, 终端才能从 RI获取需要的 RO。 如果终端不在 RI 进行注册, 则结束长期密钥获取的流程。 终端在 RI 的注册流程和后续 获取 RO的流程都遵循 DRM 2.0的方式。  In the above process, the requesting ROAP Trigger message sent by the service subscription/key management module of the first subscription management server received by the RI carries the terminal device identifier, and after receiving the request ROAP Trigger message, the RI It is also necessary to perform security authentication on the terminal device to determine whether the terminal device has been registered with the RI. If the terminal device has not been registered, the RI returns a response message that the terminal has not been registered to the service subscription/key management module of the first subscription management server, and the service subscription/key management module of the first subscription management server re-registers the terminal. The response message is sent to the terminal, which triggers the terminal to register at the RI. When the terminal is registered with the RI, the terminal can obtain the required RO from the RI. If the terminal is not registered with the RI, the process of long-term key acquisition ends. The terminal's registration process in the RI and the subsequent process of acquiring the RO follow the DRM 2.0 approach.
此外,本实施例中的密钥更新流程与图 3所示的密钥更新流程一致。 由此实施例可以看出, 终端如果事先没有在第一订阅管理服务器域 的授权发行者 RI注册, 也可以通过 RI在鉴权时启动终端注册流程完成 注册, 从而使终端可以获取长期密钥。  Further, the key update procedure in this embodiment is identical to the key update procedure shown in FIG. As can be seen from this embodiment, if the terminal is not registered with the authorized issuer RI of the first subscription management server domain, the terminal can also complete the terminal registration process by registering the RI at the time of authentication, so that the terminal can obtain the long-term key.
第二实施例: 采用 GBA方式进行密钥保护。 当采用 Smartcard智能卡方式进行业务保护时,对于 USIM和 RUIM 卡将使用不同的机制。对于 3GPP所定义的 USIM卡,可以使用 GBA的 方式进行密钥保护。 Second Embodiment: The key protection is performed by using the GBA method. When the Smartcard smart card is used for service protection, different mechanisms are used for USIM and RUIM cards. For the USIM card defined by 3GPP, the key protection can be performed by means of GBA.
当在移动广播中使用 GBA来实现业务保护的时候, 订阅管理服务 器可作为 GBA 中的网络应用功能模块 (NAF, Network Application Function )。 经过引导(Bootstrapping )过程, 用户设备 UE和引导服务 功能模块 ( BSF, Bootstrapping Server Function )都生成了密钥 KS。 其 中, 所述密钥 KS可由字符串 CK和 IK组成, 即 KS=CKIIIK。 才艮据上述 的密钥 KS, UE和 BSF可以通过现有技术中的密钥衍生机制生成与 NAF 相对应的签约密钥 KS_NAF。 订阅管理服务器可使用 KS_NAF来加密 SEAK, 生成 LTKM发送给终端。  When GBA is used for mobile protection in mobile broadcasting, the subscription management server can be used as a Network Application Function (NAF) in GBA. After the bootstrapping process, the user equipment UE and the Bootstrapping Server Function (BSF) generate the key KS. The key KS may be composed of the strings CK and IK, that is, KS=CKIIIK. According to the above-mentioned key KS, the UE and the BSF can generate the subscription key KS_NAF corresponding to the NAF through the key derivation mechanism in the prior art. The subscription management server can use KS_NAF to encrypt SEAK and generate LTKM to send to the terminal.
如果订阅管理服务器位于不同的运营商,而第二运营商不具有 GBA 系统或者第二运营商的订阅管理服务器不能和第一运营商的 BSF进行 交互 , 则可以由第一运营商的 GBA系统来实现注册和对 LTK的加密 , 生成 LTKM。 在这种情况下, 终端首先需要通过 GBA的 Bootstrapping 过程在第一运营商的 BSF获得 KS,然后再通过第一运营商的 GBA系统 来辅助完成第二运营商的广播业务订阅。 具体的流程如下:  If the subscription management server is located in a different carrier, and the second carrier does not have the GBA system or the subscription management server of the second operator cannot interact with the BSF of the first carrier, the first carrier's GBA system may be used. Implement registration and encryption of LTK to generate LTKM. In this case, the terminal first needs to obtain the KS in the BSF of the first carrier through the Bootstrapping process of the GBA, and then assist the subscription of the broadcast service of the second carrier through the GBA system of the first carrier. The specific process is as follows:
图 5为本发明实施例中的采用 GBA方式实现间接广播业务订阅 /密 钥更新的方法的流程图。 如图 5所示, 采用 GBA方式实现间接广播业 务订阅 /密钥更新的方法包括以下的步骤:  FIG. 5 is a flowchart of a method for implementing an indirect broadcast service subscription/key update by using the GBA method according to an embodiment of the present invention. As shown in Figure 5, the method of implementing the indirect broadcast service subscription/key update using the GBA method includes the following steps:
步骤 501 ~ 507步骤, 与图 3所示的步骤 301 ~ 307—致, 即第一运 营商的订阅管理服务器中的业务订阅 /密钥管理模块从第二运营商的订 阅管理服务器中的业务订阅 /密钥管理模块获取业务或者订阅项的长期 密钥 LTK ( SEAK或者 PEAK )。  Steps 501 to 507, which are the same as steps 301 to 307 shown in FIG. 3, that is, the service subscription/key management module in the subscription management server of the first carrier is subscribed to the service from the subscription management server of the second carrier. / The key management module obtains the long-term key LTK ( SEAK or PEAK ) of the service or subscription.
步骤 508, 第一运营商的订阅管理服务器中的业务订阅 /密钥管理模 块向 BSF发送请求 KS_NAF的消息, 消息中还需要包含用户智能卡信 息(如 SIM卡号)。 Step 508, the service subscription/key management mode in the subscription management server of the first operator The block sends a message requesting KS_NAF to the BSF, and the message also needs to include user smart card information (such as SIM card number).
步骤 509, BSF将 KS_NAF返回给第一运营商的订阅管理服务器的 业务订阅 /密钥管理模块。  Step 509: The BSF returns the KS_NAF to the service subscription/key management module of the subscription management server of the first operator.
步骤 510, 第一运营商的订阅管理服务器的业务订阅 /密钥管理模块 收到 KS_NAF, 使用 KS_NAF来加密 SEAK或者 PEAK, 生成要发送给 终端的长期密钥消息 LTKM , 将 LTKM发送给终端。  Step 510: The service subscription/key management module of the subscription service server of the first operator receives the KS_NAF, encrypts the SEAK or PEAK by using the KS_NAF, generates a long-term key message LTKM to be sent to the terminal, and sends the LTKM to the terminal.
由以上所述的流程可以看出, 当第二运营商的订阅管理服务器所在 的域没有 BSF的情况下, 或者第二订阅管理服务器的业务订阅 /密钥管 理模块不支持 GBA的功能时,可以采用这种方法实现基于 GBA方式的 广播业务密钥获取。  It can be seen from the above process that when the domain of the second operator's subscription management server does not have a BSF, or the service subscription/key management module of the second subscription management server does not support the function of the GBA, This method is used to implement the acquisition of the broadcast service key based on the GBA method.
此外,本实施例中的密钥更新流程与图 3所示的密钥更新流程一致。 第三实施例: 从归属地发起的漫游业务密钥获取的方法。  Further, the key update procedure in this embodiment is identical to the key update procedure shown in FIG. Third Embodiment: A method of obtaining a roaming service key initiated from a home.
传统的广播电视网络多是单向电视网络, 而某些节目必须获 目应 的密钥后才可以收看, 当用户漫游到单向网络的时候, 不方便通过终端 直接和漫游地的 BCAST签约管理器 BSM (即第二订阅管理服务器)进 行交互, 或者在某些情况下, 用户在漫游前就希望能事先获取所需的广 播漫游业务密钥。  The traditional broadcast television network is mostly a one-way television network, and some programs must be given the key to watch. When the user roams to the one-way network, it is inconvenient to sign and manage the BCAST directly through the terminal and the roaming place. The BSM (ie, the second subscription management server) interacts, or in some cases, the user wants to obtain the required broadcast roaming service key in advance before roaming.
当终端无法直接和漫游地 BSM (即第二订阅管理服务器)交互的时 候, 可以通过归属 SP的 BSM (即第一订阅管理服务器)来完成漫游业 务请求。在这种情况下,第一订阅管理服务器就相当于归属 SP的 BSM, 第二订阅管理服务器就相当于漫游 SP或漫游地的 BSM。如果采用 DRM 2.0的方式, 则终端不需要在漫游 SP的 RI进行安全注册就可以得到长 期密钥消息 LTKM。  When the terminal cannot directly interact with the roaming BSM (ie, the second subscription management server), the roaming service request can be completed through the BSM of the home SP (ie, the first subscription management server). In this case, the first subscription management server is equivalent to the BSM of the home SP, and the second subscription management server is equivalent to the roaming SP or the BSM of the roaming place. If the DRM 2.0 method is adopted, the terminal does not need to perform secure registration on the RI of the roaming SP to obtain the long-term key message LTKM.
图 6为本发明实施例中的由归属地发起的漫游业务密钥获取的方法 的流程图。 如图 6所示, 由归属地发起的漫游密钥获取的方法包括以下 的步骤: FIG. 6 is a method for acquiring a home-originated roaming service key according to an embodiment of the present invention; Flow chart. As shown in FIG. 6, the method for home-originated roaming key acquisition includes the following steps:
步骤 601,用户从漫游地的 BCAST业务分发 /适配( BSD/A, BCAST Service Distribution/Adaptation )获取到漫游地业务指南。  Step 601: The user obtains a roaming service guide from a BCAST service distribution/adaptation (BSD/A, BCAST Service Distribution/Adaptation) of the roaming place.
步骤 602,用户发现自己感兴趣的业务,通过终端向归属 SP的 BSM (即第一订阅管理服务器)发送接入一个或多个漫游业务的请求, 该请 求中包含用户标识、要订阅的业务或者购买项标识和漫游 SP的 BSM标 识。 如果漫游地有多个 SP共用一个 BSM, 则该消息还需要携带所订购 漫游业务 SP的标识。  Step 602: The user finds the service that is of interest to the user, and sends a request for accessing one or more roaming services to the BSM (ie, the first subscription management server) of the home SP through the terminal, where the request includes the user identifier, the service to be subscribed, or Purchase item ID and BSM ID of the roaming SP. If there are multiple SPs sharing one BSM in the roaming area, the message also needs to carry the identifier of the subscribed roaming service SP.
步骤 603 ,归属 SP的 BSM在对用户进行鉴权后 ,向漫游 SP的 BSM 发送漫游业务鉴权请求, 该请求中包含用户标识、 要订阅的业务或者购 买项标识。 该消息中也可以包含终端信息或者智能卡信息。  Step 603: After authenticating the user, the BSM of the home SP sends a roaming service authentication request to the BSM of the roaming SP, where the request includes the user identifier, the service to be subscribed, or the purchase item identifier. The message may also include terminal information or smart card information.
步骤 604, 漫游 SP的 BSM确认用户是否可以订阅该漫游业务, 返 回漫游业务鉴权响应消息给归属 SP的 BSM, 其中包含鉴权响应结果。  Step 604: The BSM of the roaming SP confirms whether the user can subscribe to the roaming service, and returns a roaming service authentication response message to the BSM of the home SP, where the authentication response result is included.
步骤 605 , 归属 SP的 BSM将漫游业务鉴权响应消息返回到终端; 步骤 606, 如果允许用户订阅所请求的业务或者购买项, 终端可以 提示用户确认获得需要的业务或者购买项的长期密钥; 当用户确认接收 后, 终端返回确认接收该漫游业务或者购买项密钥的消息给归属 SP的 BSM, 该消息中还可以包含终端信息或者智能卡信息。 也就是说, 在步 骤 603和 606中, 至少要有一条消息包含终端信息或者智能卡信息。  Step 605: The BSM of the home SP returns the roaming service authentication response message to the terminal. Step 606: If the user is allowed to subscribe to the requested service or the purchased item, the terminal may prompt the user to confirm the long-term key of the required service or the purchased item. After the user confirms the reception, the terminal returns a message confirming receipt of the roaming service or the purchase item key to the BSM of the home SP, and the message may further include terminal information or smart card information. That is, in steps 603 and 606, at least one message contains terminal information or smart card information.
步骤 607, 归属 SP的 BSM向漫游 SP的 BSM请求长期密钥消息 LTKM, 该消息中包含用户确认接收的业务或者购买项标识。  Step 607: The BSM of the home SP requests the long-term key message LTKM from the BSM of the roaming SP, where the message includes the service or purchase item identifier that the user confirms to receive.
步骤 608, 漫游 SP的 BSM拥有业务信息, 生成业务或者订阅项的 长期密钥 LTK ( SEK或者 PEK )并返回给归属 SP的 BSM。  Step 608: The BSM of the roaming SP owns the service information, generates a long-term key LTK (SEK or PEK) of the service or the subscription, and returns the BSM to the home SP.
步骤 609,归属 SP的 BSM将 LTK进行加密,生成终端需要 LTKM。 其中,可将步骤 609分为两个步骤:步骤 609a和步骤 609b。在步骤 609a 中, BSM通过交互通道将 LTKM发送给终端; 在步骤 609b中, BSM将 生成的 LTKM发送给 BSD/A, 由 BSD/A采用广播通道将 LTKM发送给 终端。 In step 609, the BSM of the home SP encrypts the LTK, and the generated terminal needs the LTKM. Therein, step 609 can be divided into two steps: step 609a and step 609b. In step 609a, the BSM sends the LTKM to the terminal through the interactive channel. In step 609b, the BSM sends the generated LTKM to the BSD/A, and the BSD/A sends the LTKM to the terminal by using the broadcast channel.
步骤 610, 终端接收相应的业务, 可以使用收到的 SEK或者 PEK 来解密短期密钥消息, 获取短期密钥, 短期密钥得到加密的业务。  Step 610: The terminal receives the corresponding service, and may use the received SEK or PEK to decrypt the short-term key message, obtain the short-term key, and obtain the short-term key to obtain the encrypted service.
在以上所述的流程中 , 如果终端事先在归属地完成终端或者智能卡 的安全注册鉴权, 则终端可以同时请求一个或者多个业务或订阅项的密 钥; 如果以上所述的流程中出现错误, 则可以通过归属的 BSM向终端 发送错误信息消息。  In the process described above, if the terminal completes the secure registration authentication of the terminal or the smart card in advance, the terminal may simultaneously request the key of one or more services or subscriptions; if an error occurs in the process described above Then, an error information message can be sent to the terminal through the home BSM.
由此, 如果漫游地是单向网络, 则终端可以实现通过归属地的双向 网络和归属地的 BSM订阅漫游地 BSM管理的业务并获取漫游地 BSM 管理的业务密钥 , 而且不需要在漫游地 RI或者 BSF进行安全注册。  Therefore, if the roaming ground is a one-way network, the terminal can implement the service managed by the BSM of the home network through the bidirectional network of the home and the BSM of the home, and obtain the service key managed by the BSM of the roaming place, and does not need to be in the roaming place. RI or BSF for secure registration.
第四实施例: 由运营商的 BSM来实现 SP的 BSM中业务的订阅。 多个 SP业务提供商可以通过同一个网络运营商向用户提供广播业 务。 用户的个人信息, 如用户标识 (即用户号码)、 终端信息 (如终端 的 IMEI标识)和用户卡信息等对于用户来说属于私人信息, 有时用户 不希望将自己的私人信息暴露给 SP。 在这种情况下, 在用户订阅 SP的 广播业务时,可以考虑直接通过运营商的业务订阅管理服务器来订阅 SP 的业务订阅服务器中管理的广播业务。 图 7为本发明实施例中的由运营 商向服务提供商发起的广播业务密钥获取的方法的流程图。如图 7所示, 由运营商向服务提供商发起的广播业务密钥获取的方法包括以下步骤: 终端或者智能卡鉴权, 可以包括运营商对于用户的鉴权以及终端向 DRM RI的安全注册或者采用 Smartcard方式进行 GBA的 Bootstraping 过程。 步骤 701 , 终端获取广播业务指南; Fourth Embodiment: The subscription of the service in the BSM of the SP is implemented by the BSM of the operator. Multiple SP service providers can provide broadcast services to users through the same network operator. The user's personal information, such as user identification (ie, user number), terminal information (such as the terminal's IMEI identification), and user card information, are private information for the user, and sometimes the user does not wish to expose his or her private information to the SP. In this case, when the user subscribes to the broadcast service of the SP, it may be considered to subscribe to the broadcast service managed by the service subscriber of the SP directly through the service subscription management server of the operator. FIG. 7 is a flowchart of a method for acquiring a broadcast service key initiated by an operator to a service provider according to an embodiment of the present invention. As shown in FIG. 7, the method for obtaining a broadcast service key initiated by an operator to a service provider includes the following steps: terminal or smart card authentication, which may include an operator's authentication of the user and a secure registration of the terminal to the DRM RI or Use the Smartcard method to perform the Bootstraping process of GBA. Step 701: The terminal acquires a broadcast service guide.
步骤 702, 用户发现自己感兴趣的 SP业务, 选择想要定购的业务或 者购买项。 即终端将请求接入该 SP的某个广播业务的消息发送给运营 商的 BSM, 其中包含想要订阅的业务或者购买项标识、 该业务所属的 SP标识和用户标识, 也可以包括该 SP的 BSM标识, 还可以包括终端 信息或者智能卡信息。  In step 702, the user finds the SP service that he or she is interested in, and selects the business or purchase item that he wants to order. That is, the terminal sends a message requesting a certain broadcast service of the SP to the BSM of the operator, where the service or the purchase item identifier to be subscribed, the SP identifier and the user identifier to which the service belongs, and the SP may also be included. The BSM identifier may also include terminal information or smart card information.
步骤 703 , 运营商 BSM (即第一订阅管理服务器)可以将上述用户 标识转换为提供给 SP的替代用户标识,运营商的 BSM向 SP的 BSM发 送业务鉴权请求, 其中包含替代用户标识, 要订阅的业务或者购买项标 识。  Step 703: The operator BSM (ie, the first subscription management server) may convert the foregoing user identifier into an alternate user identifier that is provided to the SP, and the operator's BSM sends a service authentication request to the BSM of the SP, where the substitute user identifier is included. The business or purchase item identifier of the subscription.
步骤 704, SP的 BSM采用上述替代用户标识对该用户进行鉴权, 确认该用户是否可以订阅该业务, 返回业务鉴权响应, 其中包括鉴权结 果和替代用户标识。  Step 704: The BSM of the SP authenticates the user by using the foregoing alternative user identifier, confirms whether the user can subscribe to the service, and returns a service authentication response, where the authentication result and the substitute user identifier are included.
步骤 705,运营商 BSM ^据替代用户标识向对应的用户标识的用户 发送广播业务鉴权响应消息, 其中包含鉴权结果。  Step 705: The operator BSM sends a broadcast service authentication response message to the user corresponding to the user identifier according to the substitute user identifier, where the authentication result is included.
步骤 706, 如果允许用户订阅和接收请求的业务, 终端可以提示用 户是否要继续获得该业务的密钥。 用户确认接收该业务密钥后, 终端返 回确认获取密钥的消息给运营商的 BSM。在确认获取密钥的消息中, 包 括要获得密钥的业务或者购买项标识, 还可以包含用户标识、 终端信息 或者智能卡信息。 也就是说, 在步骤 702或 706中, 至少有一条消息包 含终端信息或者智能卡信息。  Step 706: If the user is allowed to subscribe to and receive the requested service, the terminal may prompt the user whether to continue to obtain the key of the service. After the user confirms that the service key is received, the terminal returns a message confirming the acquisition of the key to the operator's BSM. The message for confirming the acquisition key includes the service or purchase item identifier to obtain the key, and may also include the user identification, terminal information or smart card information. That is, in step 702 or 706, at least one message contains terminal information or smart card information.
步骤 707,运营商的 BSM向 SP的 BSM请求该业务的长期密钥 LTK ( SEK或者 PEK ), 其中包含请求的业务或者购买项的标识。  Step 707: The operator's BSM requests the BSM of the SP for the long-term key LTK (SEK or PEK) of the service, where the requested service or the identifier of the purchased item is included.
步骤 708, SP的 BSM将该业务的 LTK ( SEK或者 PEK )返回给运 营商的 BSM。 步骤 709, 运营商 BSM将 LTK进行加密, 生成终端所需要的长期 密钥消息 LTKM , 将 LTKM发送给终端。 In step 708, the BSM of the SP returns the LTK (SEK or PEK) of the service to the BSM of the operator. Step 709: The operator BSM encrypts the LTK, generates a long-term key message LTKM required by the terminal, and sends the LTKM to the terminal.
步骤 710 ~ 711, SP通过运营商的 BSD/A广播业务, 终端可以使用 收到的 SEK或者 PEK来解密短期密钥消息, 获取短期密钥, 使用短期 密钥来解密所接收到的广播业务, 从而获得所需的广播业务。  Steps 710 ~ 711, the SP passes the BSD/A broadcast service of the operator, and the terminal can use the received SEK or PEK to decrypt the short-term key message, obtain the short-term key, and use the short-term key to decrypt the received broadcast service. Thereby obtaining the required broadcast service.
在以上所述的流程中 , 终端可以同时请求一个或者多个业务或订阅 项的密钥,如果以上所述的流程中出现错误, 则可以通过运营商的 BSM 向终端发送错误信息消息。  In the process described above, the terminal may request the key of one or more services or subscriptions at the same time. If an error occurs in the process described above, the BSM of the carrier may send an error information message to the terminal.
由此可见, 通过本发明实施例所提供的方法, 可以方便运营商和 SP 开展手机电视业务; SP的 BSM中无需设置 RI或者具有 GBA的功能, 从而可降低设备成本; 用户订阅 SP的业务需要通过运营商的第一 BSM 来进行, 也便于运营商对 SP的监控; 同时, 由于是通过第一订阅管理 服务器对第二订阅管理服务器生成的密钥进行加密 , 因此使得第二业务 管理服务器不需要获取用户或者终端的信息即可实现业务定购或者密 钥更新, 保证了第一业务管理服务器签约用户的信息私密性。  It can be seen that the method provided by the embodiment of the present invention can facilitate the mobile phone service of the operator and the SP; the SPI of the SP does not need to be set or has the function of GBA, thereby reducing the equipment cost; The first BSM of the operator is used to facilitate the monitoring of the SP by the operator. Meanwhile, since the key generated by the second subscription management server is encrypted by the first subscription management server, the second service management server is not The information of the user or the terminal needs to be obtained to implement the service ordering or key update, and the information privacy of the subscriber of the first service management server is ensured.
图 8为本发明实施例中的订阅管理服务器的结构图。 如图 8所示, 本发明实施例中的订阅管理服务器 800可以只包括:业务订阅 /密钥管理 模块 801和密钥消息生成模块 802。  FIG. 8 is a structural diagram of a subscription management server in an embodiment of the present invention. As shown in FIG. 8, the subscription management server 800 in the embodiment of the present invention may include only the service subscription/key management module 801 and the key message generation module 802.
所述业务订阅 /密钥管理模块 801 , 用于接收终端所发送的第一广播 业务订阅请求消息或第一密钥更新请求消息 , 如果所接收的请求消息中 所涉及的业务不是业务订阅 /密钥管理模块 801所管理的业务,则业务订 阅 /密钥管理模块 801 根据所接收的请求消息中的用户标识先进行用户 业务鉴权; 在用户通过鉴权后, 业务订阅 /密钥管理模块 801根据终端所 发送的请求消息, 向其他订阅管理服务器发送第二广播业务订阅请求或 第二密钥更新请求 ,接收其他订阅管理服务器发送的长期密钥和 /或长期 密钥关联信息,并将长期密钥和 /或长期密钥关联信息发送给密钥消息生 成模块 802。 所述业务订阅 /密钥管理模块 801可以接收来自其他订阅管 理服务器发送的第二广播业务订阅请求或第二密钥更新请求 , 如果所请 求的业务是业务订阅 /密钥管理模块 801 所管理的业务, 则业务订阅 /密 钥管理模块 801 ^^据所接收的请求中的用户标识进行用户业务鉴权, 将 用户业务鉴权结果返回给其他订阅管理服务器; 如果用户通过鉴权并需 要获取相应的长期密钥,业务订阅 /密钥管理模块 801生成该业务长期密 钥和 /或长期密钥关联信息,或者从存储模块 803获取已存储的该业务长 期密钥和 /或长期密钥关联信息 , 返回给其他订阅管理服务器。 The service subscription/key management module 801 is configured to receive a first broadcast service subscription request message or a first key update request message sent by the terminal, if the service involved in the received request message is not a service subscription/density The service management/key management module 801 first performs user service authentication according to the user identifier in the received request message; after the user passes the authentication, the service subscription/key management module 801 Sending a second broadcast service subscription request or a second key update request to other subscription management servers according to the request message sent by the terminal, receiving the long-term key and/or long-term sent by the other subscription management server The key association information is transmitted to the key message generation module 802 and the long-term key and/or long-term key association information. The service subscription/key management module 801 can receive a second broadcast service subscription request or a second key update request sent by another subscription management server, if the requested service is managed by the service subscription/key management module 801. The service, the service subscription/key management module 801 performs user service authentication according to the user identifier in the received request, and returns the user service authentication result to the other subscription management server; if the user passes the authentication and needs to obtain the corresponding The long-term key, the service subscription/key management module 801 generates the service long-term key and/or long-term key association information, or obtains the stored long-term key and/or long-term key association information from the storage module 803. , return to other subscription management servers.
所述密钥消息生成模块 802, 用于根据业务订阅 /密钥管理模块 801 所发送的长期密钥和 /或长期密钥关联信息生成相应的长期密钥消息,并 将生成的长期密钥消息发送给终端。  The key message generating module 802 is configured to generate a corresponding long-term key message according to the long-term key and/or the long-term key association information sent by the service subscription/key management module 801, and generate the generated long-term key message. Send to the terminal.
所述订阅管理服务器 800还可以包括存储模块 803。 所述存储模块 803用于接收并存储业务订阅 /密钥管理模块 801所发送来的长期密钥和 /或长期密钥关联信息, 并根据业务订阅 /密钥管理模块 801 的密钥请求 消息将长期密钥和 /或长期密钥关联信息发送给业务订阅 /密钥管理模块 801。 所述业务订阅 /密钥管理模块 801将从存储模块 803得到的长期密 钥和 /或长期密钥关联信息发送给密钥消息生成模块 802。  The subscription management server 800 can also include a storage module 803. The storage module 803 is configured to receive and store the long-term key and/or the long-term key association information sent by the service subscription/key management module 801, and according to the key request message of the service subscription/key management module 801. The long-term key and/or long-term key association information is sent to the service subscription/key management module 801. The service subscription/key management module 801 transmits the long-term key and/or long-term key association information obtained from the storage module 803 to the key message generation module 802.
所述订阅管理服务器 800还可以包括判断模块 804。 所述判断模块 804可以位于业务订阅 /密钥管理模块 801 之内, 也可以位于业务订阅 / 密钥管理模块 801之外。业务订阅 /密钥管理模块 801将密钥请求消息和 存储模块 803所存储的所有长期密钥的信息转发给判断模块 804, 判断 模块 804根据由业务订阅 /密钥管理模块 801所发送的密钥请求消息以及 803存储的长期密钥的信息, 判断业务订阅 /密钥管理模块 801所需要的 长期密钥是否存储于存储模块 803中, 如果该长期密钥存储于存储模块 803 中, 则判断模块 804还需判断该长期密钥是否有效。 判断模块 804 将判断的结果发送给业务订阅 /密钥管理模块 801 ,由业务订阅 /密钥管理 模块 801根据所接收到的判断结果进行下一步的操作, 即: 当所述的长 期密钥有效时,业务订阅 /密钥管理模块 801从存储模块 803中读取所述 的长期密钥; 当所述的长期密钥无效或所述的长期密钥并没有存储于存 储模块 803时, 如果所需的长期密钥所对应的业务是本订阅管理服务器 管理的业务, 则业务订阅 /密钥管理模块 801 生成新的长期密钥和 /或长 期密钥关联信息 ,并将新生成的长期密钥和 /或长期密钥关联信息存储于 存储模块 803; 如果所需的长期密钥所对应的业务不是本订阅管理服务 器管理的业务,则业务订阅 /密钥管理模块 801从相应的其他订阅管理服 务器获取所述业务的长期密钥。 The subscription management server 800 can also include a determination module 804. The determining module 804 may be located in the service subscription/key management module 801 or may be located outside the service subscription/key management module 801. The service subscription/key management module 801 forwards the information of the key request message and all the long-term keys stored by the storage module 803 to the determining module 804, and the determining module 804 is based on the key sent by the service subscription/key management module 801. The request message and the information of the long-term key stored in 803 are used to determine whether the long-term key required by the service subscription/key management module 801 is stored in the storage module 803, if the long-term key is stored in the storage module. In 803, the determining module 804 also needs to determine whether the long-term key is valid. The determining module 804 sends the result of the judgment to the service subscription/key management module 801, and the service subscription/key management module 801 performs the next operation according to the received judgment result, that is, when the long-term key is valid. The service subscription/key management module 801 reads the long-term key from the storage module 803; when the long-term key is invalid or the long-term key is not stored in the storage module 803, If the service corresponding to the required long-term key is the service managed by the subscription management server, the service subscription/key management module 801 generates a new long-term key and/or long-term key association information, and the newly generated long-term key is generated. And/or the long-term key association information is stored in the storage module 803; if the service corresponding to the required long-term key is not the service managed by the subscription management server, the service subscription/key management module 801 is from the corresponding other subscription management server. Obtain the long-term key of the service.
所述业务订阅 /密钥管理模块 801还可向 DRM的 RI提供业务的长 期密钥和 /或长期密钥关联信息, 并请求 RI为终端生成终端所需要的长 期密钥消息 RO。 如果在上述处理业务订阅或者密钥更新的流程中出现 错误,则业务订阅 /密钥管理模块 801可以向终端或其他订阅管理服务器 发送错误通知。 对于由 RI生成长期密钥的情况, 如果终端尚未在 RI注 册, 则业务订阅 /密钥管理模块 801从 RI处得知终端尚未注册后, 还可 以向终端发送通知消息, 触发终端到 RI进行注册。  The service subscription/key management module 801 can also provide the long-term key and/or long-term key association information of the service to the RI of the DRM, and request the RI to generate the long-term key message RO required by the terminal for the terminal. If an error occurs in the above process of processing a service subscription or key update, the service subscription/key management module 801 can send an error notification to the terminal or other subscription management server. In the case of generating a long-term key by the RI, if the terminal has not yet registered with the RI, the service subscription/key management module 801 can learn from the RI that the terminal has not registered yet, and can also send a notification message to the terminal, triggering the terminal to register with the RI. .
图 9为本发明实施例中的订阅管理服务系统的结构图。如图 9所示, 本发明实施例中的订阅管理服务系统 900可以只包括: 第一订阅管理服 901务器和终端 902;  FIG. 9 is a structural diagram of a subscription management service system according to an embodiment of the present invention. As shown in FIG. 9, the subscription management service system 900 in the embodiment of the present invention may include only: a first subscription management service server and a terminal 902;
所述第一订阅管理服务器 901 , 用于接收所述终端 902发送的携 带业务标识的第一请求消息; 获取与所述第一请求消息中的业务标识所 对应的业务的长期密钥; 根据所述长期密钥生成长期密钥消息, 发送所 述的长期密钥消息给终端 902; 所述终端 902, 用于向第一订阅管理服务器 901发送携带业务标识 的第一请求消息;接收第一订阅管理服务器 901所发送的长期密钥消息。 The first subscription management server 901 is configured to receive a first request message that carries the service identifier sent by the terminal 902, and obtain a long-term key of the service corresponding to the service identifier in the first request message. The long-term key generation long-term key message, the long-term key message is sent to the terminal 902; The terminal 902 is configured to send a first request message carrying a service identifier to the first subscription management server 901, and receive a long-term key message sent by the first subscription management server 901.
订阅管理服务系统 900还可以包括一个第二订阅管理服务器 903。 此时, 所述第一订阅管理服务器 901向第二订阅管理服务器 903发送第 二请求消息, 该第二订阅管理服务器 903根据所述的第二请求消息将相 应的长期密钥发送给第一订阅管理服务器 901;第一订阅管理服务器 901 将所接收到的所述长期密钥发送给终端 902。  The subscription management service system 900 can also include a second subscription management server 903. At this time, the first subscription management server 901 sends a second request message to the second subscription management server 903, and the second subscription management server 903 sends the corresponding long-term key to the first subscription according to the second request message. The management server 901; the first subscription management server 901 transmits the received long-term key to the terminal 902.
订阅管理服务系统 900还可以包括: 授权发行者 904。 此时, 所述 第一订阅管理服务器 901可向授权发行者 904发送携带长期密钥的请求 消息; 授权发行者 904根据所接收到的携带长期密钥的请求消息中的长 期密钥生成长期密钥消息, 并将所述长期密钥消息发送给终端 901。  Subscription management service system 900 can also include: Authorized issuer 904. At this time, the first subscription management server 901 may send a request message carrying the long-term key to the authorized issuer 904; the authorized issuer 904 generates the long-term secret according to the long-term key in the received request message carrying the long-term key. The key message is sent to the terminal 901.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡 在本发明的精神和原则之内所做的任何修改、 等同替换和改进等, 均应 包含在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the present invention. Within the scope of protection.

Claims

权利要求书 Claim
1、 一种长期密钥获取方法, 其特征在于, 该方法包括:  A long-term key acquisition method, the method comprising:
第一订阅管理服务器接收携带业务标识的第一请求消息; 第一订阅管理服务器获取与所述第一请求消息中的业务标识所对 应的业务的长期密钥;  Receiving, by the first subscription management server, a first request message carrying a service identifier; the first subscription management server acquiring a long-term key of the service corresponding to the service identifier in the first request message;
才艮据所述长期密钥生成长期密钥消息 , 发送所述的长期密钥消息。 And generating the long-term key message according to the long-term key generation long-term key message.
2、 根据权利要求 1所述的长期密钥获取方法, 其特征在于, 所述的 根据所述长期密钥生成长期密钥消息 , 发送所述的长期密钥消息包括: 第一订阅管理服务器根据所述长期密钥生成长期密钥消息 , 发送所 述的长期密钥消息; The long-term key acquisition method according to claim 1, wherein the generating a long-term key message according to the long-term key, and transmitting the long-term key message comprises: a first subscription management server according to The long-term key generates a long-term key message, and sends the long-term key message;
或者 , 第一订阅管理服务器向授权发行者发送携带长期密钥的请求 消息; 授权发行者根据所述请求消息中的长期密钥生成长期密钥消息 , 并将所述长期密钥消息发送给终端。  Or the first subscription management server sends a request message carrying the long-term key to the authorized issuer; the authorized issuer generates a long-term key message according to the long-term key in the request message, and sends the long-term key message to the terminal .
3、 根据权利要求 1所述的长期密钥获取方法, 其特征在于, 所述获 取与所述第一请求消息中的业务标识所对应的业务的长期密钥包括: 获取第二订阅管理服务器标识;  The long-term key acquisition method according to claim 1, wherein the obtaining the long-term key of the service corresponding to the service identifier in the first request message comprises: acquiring the second subscription management server identifier ;
根据所述第二订阅管理服务器标识向第二订阅管理服务器发送第 二请求消息, 所述第二请求消息携带所述业务标识;  And sending, by the second subscription management server identifier, a second request message to the second subscription management server, where the second request message carries the service identifier;
接收第二订阅管理服务器根据第二请求消息返回的与所述业务标 识相对应的长期密钥。  Receiving a long-term key corresponding to the service identifier returned by the second subscription management server according to the second request message.
4、 根据权利要求 3所述的长期密钥获取方法, 其特征在于, 所述获 取第二订阅管理服务器标识包括:  The method for obtaining a long-term key according to claim 3, wherein the obtaining the second subscription management server identifier comprises:
从第一请求消息中获取第二订阅管理服务器标识;  Obtaining a second subscription management server identifier from the first request message;
或者 , 通过第一请求消息中的业务标识推知第二订阅管理服务器标 识。 Or, the second subscription management server identifier is inferred by the service identifier in the first request message.
5、 根据权利要求 3所述的长期密钥获取方法, 其特征在于, 第一订 阅管理服务器存储有业务的长期密钥或者存储有业务的长期密钥和长 期密钥关联信息 , 所述的获取与所述第一请求消息中的业务标识所对应 的业务的长期密钥包括: The long-term key acquisition method according to claim 3, wherein the first subscription management server stores a long-term key of the service or a long-term key and long-term key association information in which the service is stored, and the obtaining is performed. The long-term key of the service corresponding to the service identifier in the first request message includes:
第一订阅管理服务器判断所述第一请求消息中的业务标识所对应 的业务的长期密钥是否存储于第一订阅管理服务器且所述长期密钥是 否仍有效,  The first subscription management server determines whether the long-term key of the service corresponding to the service identifier in the first request message is stored in the first subscription management server and the long-term key is still valid.
如果均是, 则第一订阅管理服务器从所存储的长期密钥中获取所述 业务标识所对应的业务的长期密钥;  If yes, the first subscription management server obtains the long-term key of the service corresponding to the service identifier from the stored long-term key;
否则 , 根据所述第二订阅管理服务器标识向第二订阅管理服务器发 送第二请求消息, 接收第二订阅管理服务器根据第二请求消息返回的与 所述业务标识相对应的长期密钥。  Otherwise, sending a second request message to the second subscription management server according to the second subscription management server identifier, and receiving a long-term key corresponding to the service identifier returned by the second subscription management server according to the second request message.
6、 根据权利要求 1所述的长期密钥获取方法, 其特征在于, 第一订 阅管理服务器存储有业务的长期密钥 , 第一请求消息携带第二订阅管理 服务器标识, 或者第一订阅管理服务器通过第一请求消息中的业务标识 推知第二订阅管理服务器标识 , 所述第一订阅管理服务器获取与所述第 一请求消息中的业务标识所对应的业务的长期密钥包括:  The long-term key acquisition method according to claim 1, wherein the first subscription management server stores a long-term key of the service, and the first request message carries the second subscription management server identifier, or the first subscription management server. Determining, by the service identifier in the first request message, the second subscription management server identifier, where the first subscription management server obtains the long-term key of the service corresponding to the service identifier in the first request message, including:
第一订阅管理服务器根据所述第二订阅管理服务器标识向第二订 阅管理服务器发送第二请求消息, 所述第二请求消息携带所述业务标识 和存储有所述业务标识所对应的业务的长期密钥的标识;  The first subscription management server sends a second request message to the second subscription management server according to the second subscription management server identifier, where the second request message carries the service identifier and the long-term service of the service corresponding to the service identifier. Identification of the key;
第一订阅管理服务器接收第二订阅管理服务器根据第二请求消息 对第一订阅管理服务器中存储的所述长期密钥是否有效的判断结果, 如判断结果为所述长期密钥有效, 则第一订阅管理服务器接收第二 订阅管理服务器发送的指示该第一订阅管理服务器所存储的所述长期 密钥有效的消息; 第一订阅管理服务器根据该消息获取所述长期密钥; 如判断结果为所述长期密钥无效, 则第一订阅管理服务器接收第二 订阅管理服务器根据第二请求消息所发送的与所述业务标识相对应的 长期密钥。 The first subscription management server receives a determination result of whether the second subscription management server is valid according to the second request message to the long-term key stored in the first subscription management server, and if the determination result is that the long-term key is valid, the first The subscription management server receives a message sent by the second subscription management server indicating that the long-term key stored by the first subscription management server is valid; the first subscription management server acquires the long-term key according to the message; If the result of the determination is that the long-term key is invalid, the first subscription management server receives the long-term key corresponding to the service identifier sent by the second subscription management server according to the second request message.
7、 根据权利要求 3、 4或 5所述的长期密钥获取方法, 其特征在于, 所述第一请求消息携带用户标识, 所述第二请求消息中携带用户标识或 根据所述用户标识转换的替代用户标识; 在所述接收第二订阅管理服务 器根据第二请求消息返回的与所述业务标识相对应的长期密钥之前 , 进 一步包括:  The long-term key acquisition method according to claim 3, 4 or 5, wherein the first request message carries a user identifier, and the second request message carries a user identifier or is converted according to the user identifier. And the receiving the second subscription management server, before receiving the long-term key corresponding to the service identifier returned by the second request message, further comprising:
第二订阅管理服务器根据所收到的第二请求消息中的用户标识或 替代用户标识进行鉴权, 当用户通过鉴权后, 执行将所述业务的长期密 钥发送给第一订阅管理服务器的步骤。  The second subscription management server performs authentication according to the user identifier or the substitute user identifier in the received second request message. After the user passes the authentication, the long-term key of the service is sent to the first subscription management server. step.
8、 根据权利要求 7所述的长期密钥获取方法, 其特征在于, 在用户 通过鉴权后, 并在第一订阅管理服务器接收到所述业务的长期密钥之 前, 该方法还包括:  The long-term key acquisition method according to claim 7, wherein after the user passes the authentication, and before the first subscription management server receives the long-term key of the service, the method further includes:
第一订阅管理服务器接收到第二订阅管理服务器返回的携带所述 鉴权结果的响应消息;  Receiving, by the first subscription management server, a response message that is returned by the second subscription management server and carrying the authentication result;
第一订阅管理服务器根据接收到的所述响应消息向第二订阅管理 服务器发送请求长期密钥消息。  The first subscription management server sends a request long-term key message to the second subscription management server according to the received response message.
9、 根据权利要求 8所述的长期密钥获取方法, 其特征在于, 在第一 订阅管理服务器接收到所述响应消息之后 , 第一订阅管理服务器向第二 订阅管理服务器发送请求长期密钥消息之前 , 该方法还包括:  The long-term key acquisition method according to claim 8, wherein after the first subscription management server receives the response message, the first subscription management server sends a request long-term key message to the second subscription management server. Previously, the method also included:
第一订阅管理服务器向终端发送携带所述鉴权结果的订阅响应消 第一订阅管理服务器接收终端返回的确认接收订阅业务消息。  The first subscription management server sends the subscription response carrying the authentication result to the terminal. The first subscription management server receives the acknowledgement receiving subscription service message returned by the terminal.
10、 根据权利要求 3、 4或 5所述的长期密钥获取方法, 其特征在于, 该方法还包括: 第一订阅管理服务器存储或更新由第二订阅管理服务器 发送的所述业务的长期密钥和长期密钥关联信息。 The long-term key acquisition method according to claim 3, 4 or 5, characterized in that The method further includes: the first subscription management server storing or updating the long-term key and the long-term key association information of the service transmitted by the second subscription management server.
11、 根据权利要求 3、 4或 5所述的长期密钥获取方法, 其特征在于, 所述接收第二订阅管理服务器根据第二请求消息返回的与所述业务标 识相对应的长期密钥包括:  The long-term key acquisition method according to claim 3, 4 or 5, wherein the receiving the second subscription management server returns a long-term key corresponding to the service identifier according to the second request message, including :
第二订阅管理服务器根据所收到的第二请求消息中的业务标识 , 判 断第二订阅管理服务器中是否有所述业务标识对应业务的长期密钥且 所述长期密钥是否需要更新;  The second subscription management server determines, according to the service identifier in the received second request message, whether there is a long-term key of the service corresponding to the service identifier in the second subscription management server, and whether the long-term key needs to be updated;
如果没有所述业务的长期密钥或所述长期密钥需要更新, 则第二订 阅管理服务器生成所述业务的长期密钥并将生成的长期密钥和 /或长期 密钥关联信息发送给第一订阅管理服务器;  If there is no long-term key of the service or the long-term key needs to be updated, the second subscription management server generates a long-term key of the service and sends the generated long-term key and/or long-term key association information to the first a subscription management server;
否则,第二订阅管理服务器将已有的所述业务的长期密钥和 /或长期 密钥关联信息发送给第一订阅管理服务器。  Otherwise, the second subscription management server sends the existing long-term key and/or long-term key association information of the service to the first subscription management server.
12、 根据权利要求 1所述的长期密钥获取方法, 其特征在于, 所述根据所述长期密钥生成长期密钥消息包括: 第一订阅管理服务 器根据网络侧在需要对业务的长期密钥加密时所生成的权限加密密钥 或者签约管理密钥以及所述长期密钥, 生成长期密钥消息;  The long-term key acquisition method according to claim 1, wherein the generating the long-term key message according to the long-term key comprises: the first subscription management server according to the network side needs a long-term key for the service Generating a long-term key message by using a rights encryption key or a contract management key generated during encryption and the long-term key;
或者, 在所述 据所述长期密钥生成长期密钥消息之前, 第一订阅 管理服务器为用户完成安全注册; 所述才 据所述长期密钥生成长期密钥 消息包括: 第一订阅管理服务器根据用户在安全注册时所生成的权限加 密密钥或签约管理密钥以及所述长期密钥, 生成长期密钥消息。  Or, before the generating the long-term key message according to the long-term key, the first subscription management server completes the security registration for the user; and the generating the long-term key message according to the long-term key includes: the first subscription management server A long-term key message is generated according to the rights encryption key or the contract management key generated by the user at the time of secure registration and the long-term key.
13、 根据权利要求 2所述的长期密钥获取方法, 其特征在于, 所述 携带长期密钥的请求消息携带有终端设备标识; 所述第一订阅管理服 务器向授权发行者发送携带长期密钥的请求消息之后还包括:  The method for acquiring a long-term key according to claim 2, wherein the request message carrying the long-term key carries a terminal device identifier; and the first subscription management server sends the long-term key to the authorized issuer. After the request message also includes:
授权发行者根据所述携带长期密钥的请求消息中的终端设备标识 判断终端是否已经在授权发行者进行安全注册, 如果终端已经安全注 册 , 则授权发行者根据所述请求消息中的长期密钥生成长期密钥消息 , 并将所述长期密钥消息发送给终端; 否则, 授权发行者向第一订阅管理 服务器返回响应消息, 要求终端进行安全注册, 并在终端注册完毕后, 授权发行者根据所述请求消息中的长期密钥生成长期密钥消息 , 并将所 述长期密钥消息发送给终端。 Authorized issuer according to the terminal device identifier in the request message carrying the long-term key Determining whether the terminal has been securely registered by the authorized issuer. If the terminal has been securely registered, the authorized issuer generates a long-term key message according to the long-term key in the request message, and sends the long-term key message to the terminal; Otherwise, the authorized issuer returns a response message to the first subscription management server, requesting the terminal to perform secure registration, and after the terminal is registered, authorizing the issuer to generate a long-term key message according to the long-term key in the request message, and The long-term key message is sent to the terminal.
14、 根据权利要求 2或 13所述的长期密钥获取方法, 其特征在于, 所述授权发行者根据所述请求消息中的长期密钥生成长期密钥消息 , 并 将所述长期密钥消息发送给终端包括:  The long-term key acquisition method according to claim 2 or 13, wherein the authorized issuer generates a long-term key message according to the long-term key in the request message, and the long-term key message is Sending to the terminal includes:
授权发行者对所述携带长期密钥的请求消息中的长期密钥进行加 密并生成长期密钥消息, 向第一订阅管理服务器发送成功响应消息; 第一订阅管理服务器向终端发送获取长期密钥消息的通知消息; 终端根据所述通知消息向授权发行者发送获取所述长期密钥消息 的请求消息;  Authorizing the issuer to encrypt the long-term key in the request message carrying the long-term key and generate a long-term key message, and send a success response message to the first subscription management server; the first subscription management server sends the acquisition long-term key to the terminal a notification message of the message; the terminal sends a request message for obtaining the long-term key message to the authorized issuer according to the notification message;
授权发行者将所述长期密钥消息发送给终端。  The authorized issuer sends the long-term key message to the terminal.
15、 根据权利要求 1所述的长期密钥获取方法, 其特征在于, 所述 根据所述长期密钥生成长期密钥消息 , 发送所述的长期密钥消息具体包 括:  The long-term key acquisition method according to claim 1, wherein the generating the long-term key message according to the long-term key, and the sending the long-term key message specifically includes:
第一订阅管理服务器向引导服务功能模块发送请求签约密钥的消 第一订阅管理服务器接收引导服务功能模块根据所述请求加密密 钥的消息返回的加密密钥;  The first subscription management server sends a request for the subscription key to the boot service function module, and the first subscription management server receives the encryption key returned by the boot service function module according to the message requesting the encryption key;
第一订阅管理服务器根据所述加密密钥和长期密钥生成长期密钥 消息, 并将所述长期密钥消息发送给终端。  The first subscription management server generates a long-term key message based on the encryption key and the long-term key, and transmits the long-term key message to the terminal.
16、一种订阅管理服务器,其特征在于, 所述订阅管理服务器包括: 业务订阅 /密钥管理模块和密钥消息生成模块; 16. A subscription management server, wherein the subscription management server comprises: a service subscription/key management module and a key message generation module;
所述业务订阅 /密钥管理模块, 用于接收第一请求消息, 获取所述第 一请求消息中的业务标识所对应的业务的长期密钥和 /或长期密钥关联 信息;将获取的长期密钥和 /或长期密钥关联信息发送给密钥消息生成模 块;  The service subscription/key management module is configured to receive a first request message, obtain a long-term key and/or long-term key association information of a service corresponding to the service identifier in the first request message; The key and/or long-term key association information is sent to the key message generation module;
所述密钥消息生成模块 ,用于根据接收到的长期密钥和 /或长期密钥 关联信息生成并发送相应的长期密钥消息。  The key message generating module is configured to generate and send a corresponding long-term key message according to the received long-term key and/or long-term key association information.
17. 根据权利要求 16所述的订阅管理服务器, 其特征在于, 所述订 阅管理服务器还包括: 存储模块;  The subscription management server according to claim 16, wherein the subscription management server further comprises: a storage module;
所述存储模块,用于存储业务订阅 /密钥管理模块所获取或生成的长 期密钥和 /或长期密钥关联信息;  The storage module is configured to store a long-term key and/or long-term key association information acquired or generated by a service subscription/key management module;
所述业务订阅 /密钥管理模块,根据接收到的第一请求消息从所述存 储模块读取所需的长期密钥和 /或长期密钥关联信息。  The service subscription/key management module reads the required long-term key and/or long-term key association information from the storage module according to the received first request message.
18. 根据权利要求 17所述的订阅管理服务器, 其特征在于, 所述订 阅管理服务器还包括: 判断模块;  The subscription management server according to claim 17, wherein the subscription management server further comprises: a determination module;
所述判断模块,用于判断业务订阅 /密钥管理模块所接收到的订阅请 求消息或密钥更新请求消息中所需的长期密钥是否存储于存储模块且 该长期密钥是否有效, 并将判断结果发送给业务订阅 /密钥管理模块; 所述业务订阅 /密钥管理模块, 根据所述判断模块发送的判断结果, 从所述存储模块读取所需的长期密钥 , 或者从第二订阅管理服务器获取 所需的长期密钥。  The determining module is configured to determine whether a long-term key required in the subscription request message or the key update request message received by the service subscription/key management module is stored in the storage module and the long-term key is valid, and The judgment result is sent to the service subscription/key management module; the service subscription/key management module reads the required long-term key from the storage module according to the judgment result sent by the judgment module, or from the second Subscribe to the management server to get the long-term key you need.
19. 一种订阅管理服务系统, 其特征在于, 所述订阅管理服务系统 包括: 第一订阅管理服务器和终端;  A subscription management service system, wherein the subscription management service system comprises: a first subscription management server and a terminal;
所述第一订阅管理服务器, 用于接收所述终端发送的携带业务标识 的第一请求消息; 获取与所述第一请求消息中的业务标识所对应的业务 的长期密钥; 根据所述长期密钥生成长期密钥消息, 发送所述的长期密 钥消息给终端; The first subscription management server is configured to receive a first request message that is sent by the terminal and that carries a service identifier, and obtain a service that is corresponding to the service identifier in the first request message. a long-term key; generating a long-term key message according to the long-term key, and sending the long-term key message to the terminal;
所述终端, 用于向第一订阅管理服务器发送携带业务标识的第一请 求消息; 接收第一订阅管理服务器所发送的长期密钥消息。  The terminal is configured to send a first request message carrying a service identifier to the first subscription management server, and receive a long-term key message sent by the first subscription management server.
20、 根据权利要求 19所述的订阅管理服务系统, 其特征在于, 该订 阅管理服务系统还包括: 第二订阅管理服务器;  The subscription management service system according to claim 19, wherein the subscription management service system further comprises: a second subscription management server;
所述第二订阅管理服务器 , 用于根据第一订阅管理服务器的第二请 求消息 , 将相应的长期密钥发送给第一订阅管理服务器;  The second subscription management server is configured to send the corresponding long-term key to the first subscription management server according to the second request message of the first subscription management server;
所述第一订阅管理服务器, 还用于向第二订阅管理服务器发送第二 请求消息, 并接收第二订阅管理服务器根据第二请求消息返回的与所述 业务标识相对应的长期密钥。  The first subscription management server is further configured to send a second request message to the second subscription management server, and receive a long-term key corresponding to the service identifier returned by the second subscription management server according to the second request message.
21. 根据权利要求 19或 20所述的订阅管理服务系统, 其特征在于, 该订阅管理服务系统还包括: 授权发行者;  The subscription management service system according to claim 19 or 20, wherein the subscription management service system further comprises: an authorized issuer;
所述第一订阅管理服务器, 还用于向授权发行者发送携带长期密钥 的请求消息;  The first subscription management server is further configured to send a request message carrying a long-term key to the authorized issuer;
所述授权发行者, 用于接收第一订阅管理服务器发送的所述携带长 期密钥的请求消息 , ^^据该请求消息中的长期密钥生成长期密钥消息 , 将所述长期密钥消息发送给终端。  The authorized issuer is configured to receive the request message carrying the long-term key sent by the first subscription management server, generate a long-term key message according to the long-term key in the request message, and send the long-term key message Send to the terminal.
PCT/CN2007/070620 2006-09-05 2007-09-04 A method for obtaining ltk and a subscribe management server WO2008040201A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610062461.7 2006-09-05
CN2006100624617A CN101141246B (en) 2006-09-05 2006-09-05 Service key obtaining method and subscription management server

Publications (1)

Publication Number Publication Date
WO2008040201A1 true WO2008040201A1 (en) 2008-04-10

Family

ID=39193016

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070620 WO2008040201A1 (en) 2006-09-05 2007-09-04 A method for obtaining ltk and a subscribe management server

Country Status (2)

Country Link
CN (1) CN101141246B (en)
WO (1) WO2008040201A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988418A (en) * 2020-08-28 2020-11-24 平安国际智慧城市科技股份有限公司 Data processing method, device, equipment and computer readable storage medium

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101562520B (en) * 2009-05-21 2011-07-06 普天信息技术研究院有限公司 Method and system for distributing service secret keys
CN102131194B (en) * 2010-01-12 2014-12-10 中国移动通信集团公司 Method, device and system for acquiring service key and service platform equipment
CN102300154B (en) * 2010-06-25 2015-07-22 中兴通讯股份有限公司 Method and device for updating key in multimedia broadcast system
CN102404629B (en) * 2010-09-17 2014-08-06 中国移动通信有限公司 Method and device for processing television program data
CN102170450A (en) * 2011-05-16 2011-08-31 北京和利时系统工程有限公司 Key processing method, apparatus and system of train operation control system
CN103795694A (en) * 2012-10-31 2014-05-14 中国电信股份有限公司 License control method and license control system
CN103200566B (en) * 2013-02-26 2018-07-10 努比亚技术有限公司 The implementation method and method of calibration of companion's pattern between main equipment and companion
CN104618799B (en) * 2014-02-10 2018-01-09 腾讯科技(北京)有限公司 Video broadcasting method and device
CN103781044B (en) * 2014-02-19 2018-02-02 北京银贝壳科技有限公司 A kind of charging method and charge system of the commodity bought with mobile phone charge in Mobile solution
US10282538B2 (en) * 2014-12-27 2019-05-07 Intel Corporation Technologies for providing hardware subscription models using pre-boot update mechanism
CN105491067B (en) * 2016-01-08 2017-10-24 腾讯科技(深圳)有限公司 Service security verification method and device based on key
CN107800535A (en) * 2016-09-05 2018-03-13 上海前隆金融信息服务有限公司 A kind of processing method and processing device of data safety
CN106657130B (en) * 2017-01-09 2020-05-19 上海浦东软件园汇智软件发展有限公司 MQTT-based access authentication method and equipment
CN110166983B (en) * 2018-02-11 2021-11-19 中国移动通信有限公司研究院 Event subscription method and network element equipment
CN108833607B (en) * 2018-06-12 2022-03-11 腾讯科技(深圳)有限公司 Physical address acquisition method, device and readable medium
US20200220869A1 (en) * 2019-01-08 2020-07-09 Fidelity Information Services, Llc Systems and methods for contactless authentication using voice recognition
CN110213049B (en) * 2019-06-03 2021-12-21 江苏恒宝智能系统技术有限公司 Secret key updating system for interaction of vehicle-mounted equipment
CN110719498A (en) * 2019-09-03 2020-01-21 华为技术有限公司 Video data processing method, device and system
CN113922974B (en) * 2020-06-22 2024-04-09 中移(苏州)软件技术有限公司 Information processing method and system, front end, server side and storage medium
CN112565281B (en) * 2020-12-09 2021-09-17 北京深思数盾科技股份有限公司 Information processing method, server and system of service key

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005060564A2 (en) * 2003-12-10 2005-07-07 Motorola Inc. Apparatus and method for broadcast services transmission and reception
WO2005076641A1 (en) * 2004-02-02 2005-08-18 Motorola, Inc., A Corporation Of The State Of Delaware Method and apparatus for providing a multimedia broadcast/multicast service in a visited network
WO2006014076A1 (en) * 2004-08-04 2006-02-09 Lg Electronics Inc. Broadcast/multicast service system and method providing inter-network roaming

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7308431B2 (en) * 2000-09-11 2007-12-11 Nokia Corporation System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005060564A2 (en) * 2003-12-10 2005-07-07 Motorola Inc. Apparatus and method for broadcast services transmission and reception
WO2005076641A1 (en) * 2004-02-02 2005-08-18 Motorola, Inc., A Corporation Of The State Of Delaware Method and apparatus for providing a multimedia broadcast/multicast service in a visited network
WO2006014076A1 (en) * 2004-08-04 2006-02-09 Lg Electronics Inc. Broadcast/multicast service system and method providing inter-network roaming

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988418A (en) * 2020-08-28 2020-11-24 平安国际智慧城市科技股份有限公司 Data processing method, device, equipment and computer readable storage medium
CN111988418B (en) * 2020-08-28 2023-11-14 平安国际智慧城市科技股份有限公司 Data processing method, device, equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN101141246A (en) 2008-03-12
CN101141246B (en) 2011-07-06

Similar Documents

Publication Publication Date Title
WO2008040201A1 (en) A method for obtaining ltk and a subscribe management server
JP4898919B2 (en) Method and system for continuously transmitting encrypted data of a broadcast service to a mobile terminal device
US7769177B2 (en) Method for managing digital rights in broadcast/multicast service
CN100548044C (en) Mobile TV playing control system and playing network and broadcasting method
CA2719975C (en) Method and apparatus for providing broadcast service using encryption key in a communication system
KR100981568B1 (en) Apparatus and method protecting contents supported broadcast service between service provider and several terminals
US20100153709A1 (en) Trust Establishment From Forward Link Only To Non-Forward Link Only Devices
US20080263648A1 (en) Secure conferencing over ip-based networks
WO2006007796A1 (en) A method for obtaining user's on-line information
US7239705B2 (en) Apparatus and method for broadcast services transmission and reception
JP2012105293A (en) Inter-entity coupling method, apparatus and system thereof for service protection
KR20060105934A (en) Apparatus and method jointing digital rights management contents between service provider supported broadcast service and terminal, and the system thereof
WO2012016434A1 (en) Management method for authentication parameters and terminal
KR100916228B1 (en) Method of managing a sek and a pek for a pay-per view based and service based broadcast subscriber and communication system thereof
WO2010127540A1 (en) Method and system of television program distribution

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07801029

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07801029

Country of ref document: EP

Kind code of ref document: A1