WO2008086714A1 - A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system - Google Patents

A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system Download PDF

Info

Publication number
WO2008086714A1
WO2008086714A1 PCT/CN2007/003922 CN2007003922W WO2008086714A1 WO 2008086714 A1 WO2008086714 A1 WO 2008086714A1 CN 2007003922 W CN2007003922 W CN 2007003922W WO 2008086714 A1 WO2008086714 A1 WO 2008086714A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
service
program stream
user
network
Prior art date
Application number
PCT/CN2007/003922
Other languages
French (fr)
Chinese (zh)
Inventor
Zunyou Ke
Qinghua Yao
Zhichun Mu
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2008086714A1 publication Critical patent/WO2008086714A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to mobile network communications and mobile multimedia broadcast technologies. More particularly, it relates to a method and system for providing key security for a user terminal in the case of a mobile multimedia broadcast system network and a plurality of mobile communication system networks. Background technique
  • the MMB network realizes services such as mobile multimedia broadcasting or mobile TV (DMB, DAB, DVB and other frequency-addressed broadcasting network systems, which are uniformly displayed by MMB), and faces some congenital defects. Due to the unidirectionality of its transmission, that is, only the downlink channel, it brings inconvenience to interactive services, system billing flexibility and system security, so that some mature mobile network technologies cannot be applied to the field.
  • DMB mobile multimedia broadcasting or mobile TV
  • DAB mobile multimedia broadcasting or mobile TV
  • DVB frequency-addressed broadcasting network systems
  • the MMB system In order to achieve interaction, billing and security, the MMB system has to rotate the interactive, billing and security content in an unpredictable situation.
  • the amount of data is very large, especially the billing information.
  • the broadcast system network Compared with the immersive mobile communication system network, the broadcast system network has to bear the great cost to achieve the same function. Even if it is realized, the scope of business and flexibility of use are greatly reduced. These have already gained mature carrier-grade applications in the mobile communication system network.
  • the wireless network of the broadcast network is highly efficient and the data capacity is much larger than that of the mobile network. Provides better bearer for large-scale multimedia transmission.
  • MMB mobile networks
  • broadcast/multicast service refers to: One-to-many unidirectional bearer service, and data is sent by one source entity to multiple receiving entities. These businesses bring point-to-multipoint ideas to mobile communication systems, which can be used in mobile networks.
  • a point-to-multipoint service in which a data source sends data to multiple users is provided to achieve network resource sharing and improve network resource utilization.
  • Each program stream in the business guide is divided into several sections of program content according to the time period, referred to as the program. Every program needs to be secured.
  • the security of multimedia broadcast/multicast services in 3GPP mobile communication systems is implemented through a three-layer key system: Layer 1: User key, a key shared between a single multimedia broadcast/multicast service user terminal and a data source MU ; Layer 2: Service Key, the key MSK shared by all multimedia broadcast/multicast service user terminals and data sources; Layer 3: Program Stream Key, all multimedia broadcast/multicast service user terminals shared with data sources Multicast transmission data encryption key MTKdin
  • MUK is used to securely send MSKs to service users.
  • MSK is used to secure MTK to service users, and MTK is a true multicast transmission data encryption key.
  • MSK and MTK need to be updated frequently to prevent legitimate users from leaking MSK or MTK to illegal users, so as to reduce the impact of illegal users' access to multicast communication content on service security.
  • Protecting only the user terminals that have signed the service can legally enjoy the service. For users who do not have a contracted user, or who are retired after signing a contract, they are considered as illegal users.
  • the broadcast/multicast server After the broadcast/multicast server updates the service key, it sends a new key valid message to the user terminal, indicating that the new service key is valid; after receiving the message, the user terminal may send a request to the broadcast/multicast server. Key message, requesting a new service key; after receiving the request key message, the broadcast/multicast server sends a corresponding new service key to the user terminal that initiated the request; the user terminal successfully receives the new service After the key, the business key is saved and used later.
  • the 3GPP2 mobile communication system there is also a layered key corresponding to 3GPP.
  • the first layer user key TK
  • the second layer business key BAK
  • the third layer program stream key SK.
  • the program stream is sent from the broadcast network (for example, radio and television broadcasting network), that is, the program service stream is transmitted by the broadcast channel of the radio and television network; the program content is encrypted by the radio and television mobile TV system; and is completed by the mobile operator's mobile communication system network.
  • the broadcast network for example, radio and television broadcasting network
  • the program content is encrypted by the radio and television mobile TV system
  • the mobile operator's mobile communication system network is used as an interactive channel to transmit service keys and implement business ordering, business interaction, and the like.
  • 3GPP2 uses different encryption methods than 3GPP. And generally both A key management system with an unrelated broadcast/multicast service platform that exists in an independent network system. How does the broadcast system network integrate key management of service platforms of different mobile communication system networks?
  • the broadcast system network integrates the service platforms of different mobile communication system networks, and a key security method needs to be provided for the mobile user terminals to achieve the third level. Key update and key security. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a method for realizing key security of a multi-network convergence mobile multimedia broadcasting system, so that the mobile multimedia broadcasting system can integrate multiple or multiple mobile communication system network service platforms with different key management functions. Provide key security for mobile user terminals.
  • the present invention provides a method for realizing key security of a multi-network convergence mobile multimedia broadcasting system, which is applied to a system in which a broadcast system network and a plurality of mobile communication system networks are integrated, and the broadcast system network has a scrambler.
  • the mobile communication system network has a service platform, and the method includes the following steps:
  • the scrambler of the broadcast system network generates, stores, and updates the program stream key according to the set rule
  • the service platform of each mobile communication system network generates, stores, and updates the service key according to the set rule
  • the service key corresponds to Unique service key identifier
  • each mobile communication system network separately distributes the service key and its identifier to the user terminal that subscribes to the corresponding service
  • the scrambler of the broadcast system network sends the program stream key to the service platform of each mobile communication system network, and each service platform encrypts the program stream key with the corresponding service key as a parameter, and returns the encrypted control information.
  • the scrambler includes an encrypted program stream key, a service key identifier, and an identification parameter of the mobile communication system network, and the scrambler stores the received encryption control information;
  • the scrambler of the broadcast system network encrypts the encoded corresponding program stream by using the program stream key, and outputs the program stream and the encrypted program stream key information together, multiplexes and broadcasts, and the encrypted program stream is densely streamed.
  • the key information includes each program stream identifier and its encryption control in each mobile communication system network; (d) after the user terminal selects the program, receives the corresponding program stream and its encryption control information, finds the corresponding service key identifier according to the identifier of the network of the mobile communication system, and determines the local service key to be used, with the service key For the parameters, the encrypted program stream key is decrypted, and the program stream data is decrypted using the obtained program stream key.
  • the method for implementing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following features.
  • the user terminal generates a user key and reports the service platform during the authentication, and the service platform presses
  • the same rule generates a user key for the user who subscribes to the service, and verifies whether the user key of the user terminal is consistent with the user key, and if so, encrypts the service key with the user key as a parameter, and then encrypts the service.
  • the key and its identifier are sent to the user terminal for storage; in step (d), after determining the service key to be used, the user terminal first finds the stored encrypted service key, and takes the local user key as a parameter.
  • the service key is decrypted, and the encrypted program stream key is decrypted with the service key.
  • Step (b) is further divided into the following steps: (bl)
  • the scrambler of the broadcast system network passes the configured management rules according to the configuration rules.
  • Step (d) is further divided into the following steps: (dl) a client that initiates a mobile multimedia broadcast system on the terminal, the client The terminal program starts to work; (d2) if the client needs to obtain the electronic service guide, the client interacts with the service platform to obtain the electronic service guide data and displays it, and if not, directly displays; (d3) the user displays according to the client Electronic business guide, choose to watch a valid TV program, if the program needs to be ordered, then interact with the business platform to complete the industry (d4) the terminal according to the current service selected by the user, demultiplexing and receiving the corresponding encrypted program stream according to the service identifier, and receiving the encrypted program stream key information; (d5) the terminal from the encrypted program stream key information Obtaining encryption control information of multiple networks, and selecting encryption control information using the network of the mobile communication system according to the identification parameter of the network of the mobile communication system stored by the terminal;
  • the terminal determines whether the terminal has stored a corresponding valid service key according to the service key identifier in the encryption control information, and if not, initiates a service key request to the mobile communication system network service platform, and acquires the terminal. After the user key is encrypted, the service key of the program stream, if yes, performs the next step;
  • the terminal decrypts the encrypted service key by using the local user key, and decrypts the encrypted program stream key in the encryption control information by using the obtained service key and the corresponding decryption algorithm, and then uses the obtained program stream.
  • the key decrypts the program stream data.
  • the foregoing method for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following feature: the terminal acquires Ks from the service platform during the initialization process, generates a user key, and obtains a mobile communication to which the user key belongs.
  • the terminal authentication request carries the user key index and the key generated by itself, and the mobile communication system network service platform finds or generates Ks based on the authentication multi-group obtained by the HLR, and then The user key is generated according to the Ks, and the service platform verifies the user key of the same user reported by the local and the terminal, and if the same, the user key is used as a parameter, and the service of the service subscribed to by the user is performed by using a predetermined encryption algorithm.
  • the key is encrypted, otherwise, the error code is returned to the terminal.
  • the method for implementing the key security of the multi-network convergence mobile multimedia broadcast system may further have the following features: the parameters in the program stream key encryption request message further include one or a combination of the following: Start sequence number, indicating the program stream key data used for the transfer is used to encrypt the program stream's encryption cycle start sequence number; the absolute time at which the encryption cycle starts; the number of cycles of the encryption duration length, indicating that the program stream key is about to be used for encryption The number of consecutive encryption cycles of the program stream; and the mobile communication system network code for identifying different mobile communication system networks; and/or the parameters in the program stream key encryption response message further include an encryption cycle start sequence number.
  • the identification parameter of the mobile communication system network is a mobile communication system network service platform coding, and represents a specific mobile communication system network service platform. , including mobile communication system network coding, multimedia service platform coding and service key system coding; mobile communication system network coding It is the identifier of the mobile communication system network, which uniquely distinguishes the mobile communication system network; the multimedia service platform code uniquely identifies the mobile communication system network service platform; the service key system code is used to distinguish the service key's service key encryption and decryption program stream key Algorithm.
  • the method for implementing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following features.
  • the information distributed by the service platform to the terminal in the step (a) includes The program stream key valid sequence number interval; the program stream key obtained by the terminal decryption in step (d) is a time period sequence number, and the terminal first verifies whether the sequence number is within the effective sequence number range of the program stream key, and if so, Then the key is valid; and then the valid program stream key is used to decrypt the program data stream.
  • step (a) the service key has uniqueness of the local network key identifier, and has respective validity periods, and an expiration date. Management is used to guide key updates and validation.
  • a system for realizing key security of a multi-network convergence mobile multimedia broadcasting system comprising a mobile communication system network, a user terminal, and a broadcast system network, wherein
  • a mobile communication system network for implementing a mobile multimedia broadcast service platform function, and a mobile network bearer function, interacting with a user terminal, generating, storing, or updating a user key to complete generation, storage, update, and distribution of a service key; and broadcasting
  • the system network interacts to complete the encryption of the program stream key by the service key;
  • the user terminal is configured to acquire a user key, receive a program stream of the broadcast system network, and encrypt control information, and decrypt the corresponding program stream, and interact with the network of the corresponding type and location of the mobile communication system to complete the authentication of the user key.
  • a broadcast system network for generating, storing, and updating a program stream key, transmitting the program stream key to each mobile communication system network, and storing the received encryption control information; and encrypting the encoded correspondence using the program stream key
  • the program stream is multiplexed with the program stream and the encrypted program stream key information and broadcasted.
  • the user terminal further includes the following modules: an initialization module, used in the initial The user key and the home mobile communication system network service platform code are obtained during the process; the user key is used to encrypt the service key and the decrypted service key, and the user key of each user is different; the user authentication module, Used to interact with the mobile communication system network to complete the authentication process of the terminal, and carry the user key index and the self-generated key on the terminal authentication request for network side verification of the mobile communication system; the service key management unit is configured to receive The mobile communication system network service platform stores the current service key, the service key identifier and the program stream key effective sequence number interval distributed by the user who has subscribed the service, and stores or updates; the program stream receiving module is configured to be used according to the current program.
  • an initialization module used in the initial The user key and the home mobile communication system network service platform code are obtained during the process; the user key is used to encrypt the service key and the decrypted service key, and the user key of each user is different
  • the user authentication module Used to
  • the program stream identifier receives the corresponding program stream, including receiving the encrypted program stream key information; and the program stream decryption module selects and uses the program stream encryption control information corresponding to the network from the program stream according to the mobile network service platform code to obtain the corresponding service key.
  • Identification according to the identification, choose to use the encryption stored on the terminal
  • the service key is decrypted by using the local user key as a parameter to obtain the service key, and then the encrypted service stream key is decrypted by the service key, and the key validity is verified according to the effective serial number interval of the program stream key, and then used.
  • the resulting valid program stream key decrypts the program data stream.
  • the system for realizing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following characteristics: the service key management unit, if the service is not used, does not store a valid service key locally, and initiates an active request from the corresponding
  • the mobile communication system network obtains the service key of the service; the different mobile communication system network service platform and its terminal self-contained system, the terminal only receives the service key distributed by the contracted mobile communication system network service platform, and has been the corresponding user Key encryption.
  • the service platform of the mobile communication system network further includes the following modules: a service center, a key management module, where: a service center, providing The service interface of the user terminal, and the business logic control of the service platform, scheduling and using functional modules in the service platform or other service platforms, including distributing service keys; and a key management module for generating, storing, or updating user keys, The service key is generated according to the valid user key, and the encryption of the program stream key by the service key is completed.
  • the system for implementing the key security of the multi-network convergence mobile multimedia broadcast system may further have the following features: the key management module further includes: a user key management unit, a service key management unit, a service key distribution unit, and a program a stream key encryption unit, where: a user key management unit, configured to generate a user key, and store or update; when the terminal is initialized from the service platform The Ks is generated, and the user key is generated.
  • the service platform receives the authentication request including the user key index and the terminal generated key, the service platform finds or generates the Ks according to the index, and then the user of the same user reported by the service platform to the terminal.
  • the key is verified, if the same, the message is notified to the service key management unit, otherwise, the error code is returned to the terminal; the service key management unit is used after the service configuration, if received by the user key management unit. If the user key confirms the information, the user key may be used as a parameter, the service key is encrypted by using a predetermined encryption algorithm, the corresponding service key is generated and stored, and the corresponding relationship with the service key identifier is established, and the service is dense.
  • the key is associated with the program stream identifier by the service identifier, the service key has the uniqueness of the local network key identifier, and has a respective validity period;
  • the service key distribution unit is configured to distribute the service key through the service center, and the service platform is based on the user Subscription relationship, sending the service key encrypted by the user's user key to the user who has subscribed to the service;
  • the active push mode is dominant, or when the terminal receives the request for obtaining the service key, the corresponding service key is found, and is encrypted by the user key and sent to the terminal;
  • the program stream key encryption unit refers to the service platform receiving the broadcast system network.
  • the program stream key sent by the scrambler is encrypted by the corresponding service key, and the encrypted program stream key, the program stream key identifier and other encryption parameters are encapsulated into a program stream key message according to the specified data format, and returned to the program stream key message. Scrambler.
  • the broadcast system network includes: a program source coding module, configured to compress and encode each originally accessed audio and video content, and output the same to a scrambler for generating, storing, and updating a program stream key, transmitting the program stream key to each mobile communication system network, and storing the received encryption control information;
  • the key control word encrypts the encoded program stream, and outputs the program stream and the encryption control information to the multiplexing system;
  • the multiplexing system is configured to use the plurality of encrypted program streams and the plurality of mobile communication system networks
  • the encryption control information is multiplexed and output through the broadcast system network.
  • the scrambler further includes a program key management module and an encryption machine, wherein the program key management module is used for the program The control key of the stream key, the encrypted control word, the encryption period, and the encryption duration are managed, and the control word is continuously generated, stored, and updated; the program stream key is sent to the service platform through an interface with a plurality of mobile communication system network service platforms.
  • the program stream encrypts the control information and stores, including the encrypted program stream key, the service key identifier, and the identification parameter of the mobile communication system network; • obtaining the start and end time information of the corresponding program through an interface with the content broadcast control system , the alignment starts a new encryption cycle, and the program stream key is used as the encrypted encryption cycle range as a basis for synchronizing the program stream key with the service platform; the encryption machine encrypts the encoded code using the encrypted program stream key
  • the program stream multiplexes the encrypted control information of the plurality of networks into the output data stream and outputs the same to the multiplexing system.
  • the mobile multimedia broadcast system network can integrate multiple or multiple mobile communication system network service platforms with different key management functions, and a program stream of the mobile multimedia broadcast system can simultaneously serve the mobile communication system network service platform, which greatly saves Frequency resources and reduced complexity of the fusion system.
  • FIG. 1 is a schematic diagram of a network of a broadcast system and a plurality of mobile communication system networks in an embodiment.
  • 2 is a schematic diagram of a network convergence of a broadcast system network and a mobile communication system in an embodiment.
  • FIG. 3 is a schematic diagram of a service flow of a mobile user terminal in an embodiment.
  • FIG. 4 is a sequence diagram of a program stream key encryption process in the embodiment.
  • FIG. 1 is a structural diagram of a network convergence of a mobile multimedia broadcast system network and various mobile communication systems, including multiple or multiple mobile communication system networks (MNs) 101, 104, a plurality of user terminals (UEs) 102, 103, and mobile multimedia.
  • the Broadcasting System Network (BN) 105 takes the radio and television mobile multimedia broadcasting system as an example.
  • the mobile communication system networks MN 101 and 104 are used to implement mobile multimedia broadcast service platform functions, as well as mobile network bearer functions.
  • the user terminals UE 102, 103 include the functions of the mobile phone device and the card, and do not distinguish whether the machine card is integrated or separated.
  • the program stream for receiving the broadcast system network 105 is encrypted, and interacts with the mobile communication system networks 101, 104 of respective types and locations, and further includes the following main modules:
  • An initialization module configured to obtain a ks generated user key from the service platform during the initialization process, and obtain a home mobile communication system network service platform code (MNSP_Code); the user key is used to encrypt the service key and decrypt the business secret Key, each user's user key is different.
  • MNSP_Code home mobile communication system network service platform code
  • a user authentication module configured to interact with the mobile communication system network to complete the authentication process of the terminal, and carry the user key index (user name) and the generated key (password) on the terminal authentication request for the network side of the mobile communication system verification.
  • a service key management unit configured to receive a current service key, a service key identifier, and a program stream key valid sequence number interval distributed by the mobile communication system network service platform for the user who has subscribed the service, and store or update;
  • the local service does not store a valid service key, and then initiates an active request to obtain the service key of the service from the corresponding mobile communication system network.
  • Different mobile communication system network service platforms and their terminals are self-contained, and the terminal only receives information such as service keys distributed by the contracted mobile communication system network service platform, and has been encrypted by the corresponding user key.
  • a program stream receiving module configured to receive, according to a Stream_ID of the current program, a corresponding program stream, including information that can receive the encrypted program stream key.
  • the program stream decryption module selects and uses the program stream encryption control information corresponding to the network from the program stream according to the MNSP_Code, obtains a corresponding service key identifier SK_ID, and selects the encrypted service key stored on the terminal according to the identifier. Decrypting the parameter with the local user key to obtain the service key, and then decrypting the encrypted program stream key (CW) with the service key, verifying the validity of the key, and obtaining a valid program stream key for decryption. Program data stream.
  • the program stream key ID value is a time period sequence number, and if the sequence number is within the program stream key valid sequence number interval range, the key is valid.
  • the terminal further includes a client providing a mobile multimedia broadcast service application; a service discovery module, configured to acquire and display information of an electronic program guide (ESG); a service ordering and unsubscribing module; a program selection module, configured for the user to select The program to be watched, and the Stream_ID of the current program is obtained according to the program information; and a plurality of function modules for demultiplexing, decoding the program stream, multimedia presentation, authentication, and billing.
  • ESG electronic program guide
  • a service ordering and unsubscribing module configured for the user to select The program to be watched, and the Stream_ID of the current program is obtained according to the program information
  • a plurality of function modules for demultiplexing, decoding the program stream, multimedia presentation, authentication, and billing.
  • the Broadcast System Network (BN) 105 is mainly used for program stream encoding, encryption, multiplexing, and broadcasting, and the BN and MN have a content information synchronization interface and a program stream encryption interface.
  • FIG. 2 is a schematic diagram of a network of a broadcast system and a network of one of the mobile communication systems, illustrating a more detailed description of the service platform function modules of the mobile communication system network and the functional modules of the broadcast system network.
  • a user terminal 201 an application client having a mobile multimedia broadcast system
  • the mobile network 202 that is, the PDSN network element of the CDMA lx or CDMA2000 type network, or the GSM/GPRS or WCDMA type network GGSN network element, provides an important functional system of the packet domain core network that interfaces with the service platform;
  • the WAP gateway system 203 is a proxy for the HTTP interaction between the mobile user terminal and the service platform in the service network. Not a mandatory device, especially for CDMAlx or CDMA2000 type networks;
  • the service platform of the mobile communication system network further includes the following modules: a service center 204, a key management module 205, an ESG service module 206, and a service management module 207, wherein:
  • the service center 204 provides a service interface with the user terminal, and implements business logic control of the service platform, and schedules and uses functional modules in the service platform or other service platforms to implement, for example, order/unsubscribe services, distribute service keys, and service billing. Other functions;
  • the key management module 205 is configured to support a management function of the user key, the service key, and the program stream key, and further includes: a user key management unit, a service key management unit, a service key distribution unit, and a program stream key.
  • the encryption unit where: the user key management unit is configured to find or generate Ks based on the authentication tuple obtained from the HLR, and then generate a user key according to the Ks, and store or update.
  • Business platform When receiving the authentication request of the terminal including the user key index and the terminal generation key, the user key of the same user reported by the terminal is verified, and if the same, the message is notified to the service key management unit, otherwise, an error is returned. The code is given to the terminal.
  • a service key management unit configured to: after receiving the user key confirmation information sent by the user key management unit, configure the user key as a parameter, and encrypt the service key by using a predetermined encryption algorithm to generate And storing the corresponding encrypted service key, and establishing a one-to-one correspondence with the service key identifier, the service key is associated with the program stream identifier by the service identifier, and the service key has the uniqueness of the local network key identifier, and Have their own validity period.
  • the module also manages validity periods to guide key updates and validity verification. For monthly-type businesses, the business key is updated periodically every month.
  • the service key distribution unit is configured to distribute the service key through the service center, and the service platform should be able to send the service key and the service key encrypted by the user key of the user to the user who has subscribed the service according to the subscription relationship of the user.
  • the network active push mode is mainly used, and when the terminal obtains the service key request, the corresponding service key is found, and the user key is encrypted and the service key identifier and the program stream key valid serial number interval are obtained. Send it to the terminal together.
  • the program stream key encryption unit means that the service platform can receive the program stream key sent by the broadcast system network scrambler, and after encrypting with the corresponding service key, encrypt the encrypted program stream key, the program stream key identifier and other encryption.
  • the parameters are encapsulated into program stream key messages in the specified data format and returned to the scrambler.
  • Each mobile communication system network MN's service platform has an irrelevant broadcast/multicast service platform key management system according to its own needs, and even uses different encryption methods.
  • the ESG service module 206 has an interface with a broadcast system network, receives service information sent by the radio and television mobile TV system, provides a channel and content information function submitted by the administrator, and generates a service guide; according to the user request, through the mobile communication system network Send the generated service guide to the user terminal;
  • the service management module 207 processes the subscription or unsubscribe request of the user, stores and maintains the user subscription relationship, and manages the information management function of the service provided by the network of the broadcast system, provides the function of administrator approval, configures the service, and configures the service. After completion, notify the business key management unit Corresponding to the business key;
  • the broadcast system network includes -.
  • the multiplexing system 208 is configured to multiplex the plurality of encrypted program streams and the encryption control information of the plurality of mobile communication system networks, and output the network through the broadcast system;
  • the scrambler further includes:
  • the program key management module 210 is configured to manage the control word (CW) of the program stream key, the encrypted CW, the encryption period CP, the encryption duration, and the like, and continuously generate, store, and update the CW.
  • ECM program stream encryption control information
  • the encrypting machine 209 uses CW to encrypt the encoded program stream, multiplexes the encrypted control information of the plurality of networks into the output data stream, and synchronously outputs the same to the multiplexing system;
  • a program source coding module 211 configured to compress and encode each originally accessed audio and video content, and output the device to the device;
  • the content broadcast control management module 212 is configured to program the program stream to generate program units that do not overlap in each time period; and further have an interface with the scrambler and the mobile communication system network service platform, and the mobile communication system network service platform synchronizes the program content. Information that does not contain the program stream data itself;
  • FIG. 3 is a schematic diagram of the user terminal service usage process, including the following steps:
  • Step 301 The user starts the client of the mobile multimedia broadcast system on the terminal, and the client program starts to work.
  • the judgment includes: Whether to re-acquire the ESG every time you turn it on, whether there is an ESG locally, and whether the local ESG is out of date or not up to date.
  • Step 303 interacting with the service platform by means of HTTP, etc., to obtain ESG data; when encountering an interrupt, you can transfer 312, ask whether to exit the process, and if it exits, end; otherwise, continue the process, after the process is completed, execute step 304;
  • the situation includes a failure occurring more than a specified number of times during reception, a user interrupt operation, and the like.
  • Step 304 According to the ESG displayed by the client, the user views current and future services, and selects to watch a valid television program;
  • Step 305 it is determined whether the user needs to order first, if yes, go to step 306, otherwise, go to step 307;
  • Step 306 The user performs service subscription, and the terminal interacts with the network service platform of the mobile communication system to complete the service subscription process.
  • Step 307 The terminal identifies the service by using the service identifier Service_ID according to the current service selected by the user, demultiplexing and receiving the corresponding encrypted program stream, and receiving the encrypted program stream key information of the program stream, the Service_ID and the The program stream identifier Stream_ID corresponds to;
  • Step 308 the terminal according to the service key identifier SK_ID in the ECM information, determine whether the corresponding valid service key has been stored on the terminal, if yes, go to step 310, otherwise, go to step 309;
  • Step 309 The terminal actively initiates a service key request to the network service platform of the mobile communication system, and carries the service key identifier in the request, and after receiving the service, the service platform finds the corresponding service key according to the service key identifier. Encrypted with the user key of the terminal and returned to the terminal;
  • Step 310 The terminal decrypts a single encrypted program stream by using the ECM.
  • the process is as follows: The terminal obtains multiple network ECMs from the program stream, and selects to use the ECM according to the MNSP_Code information stored in the terminal. According to the service key identifier in the ECM, the encrypted service key stored by the terminal is selected, and after the terminal decrypts the user key using the user key, the obtained service key and the corresponding decryption algorithm are used to decrypt the encrypted program in the ECM. The stream key is judged to be valid, and if valid, the obtained program stream key is used to decrypt the program stream data.
  • Step 311 Decode and play back the decrypted program stream data, and perform step 313.
  • an interrupt When an interrupt is encountered, it may turn to 312 to ask whether to exit the process, and if it exits, end; otherwise, continue the process, and then execute after the process is completed.
  • Step 313 exit the client. Usually due to user operation exit.
  • FIG. 4 is a schematic diagram of a program stream key encryption process, including the following steps:
  • Step 401 The program key management module 210 of the broadcast system network continuously generates, stores, and updates the CW according to the management rule, and manages the encryption use period thereof.
  • Step 402 the program key management module 210 sends a program stream key encryption request message to the service platform key management module 205 of the plurality of mobile communication system networks according to the configured rules, and the request message carries the message.
  • the parameters include a session identifier Session_ID, a program stream identifier Stream ID, a control word identifier CW_ID, and control word data CW_Data;
  • Step 403 The key management module 205 of each mobile communication system network receives the encryption request of the program key management module 210, finds a corresponding service key according to the input parameter Stream_ID matching, and uses the service key as a parameter to encrypt the control word data. And generate a certain format of ECM, the format of the ECM is detailed below;
  • Step 404 the key management module 205 of each mobile communication system network sends a program stream key encryption response message to the program key management module 210, using the same Session_ID and Stream_ID as the request, and carrying the generated ECM;
  • Step 405 the program key management module 210 stores the encryption returned by each mobile communication system network. After the ECM;
  • Step 406 the program key management module 210 sends the ECM of the plurality of networks to the encryptor 209 before using the ECM;
  • Step 407 After receiving the ECM, the encryptor 209 returns a response to the program key management module.
  • the service platform should be able to send the service key, the service key identifier, and the program stream key valid sequence number range encrypted by the user's user key to the user who has subscribed to the service according to the user's subscription relationship.
  • the network active push mode is mainly used, and when the terminal obtains the service key request, the corresponding service key is found, and the user key is used as the parameter encryption, and the service key identifier and the program stream key are valid.
  • the serial number interval is sent to the terminal together.
  • the program stream key of the program is used to encrypt the encoded program stream, and the encrypted program stream and the encrypted program stream key information are synchronously output to the multiplexing system. Broadcast after multiplexing.
  • the encrypted program stream key information contains an identification of each program stream and its ECM in each mobile communication system network.
  • the program stream key encryption request message data parameters in the above process include:
  • Session ID Session_ID used to connect the session key management module 210 and the key management 205 session, and uniquely identify the identifier of a session message
  • the program stream identifier Stream_ID is an identifier used by the program key management module 210 and the service platform to uniquely identify a program stream.
  • the encryption period start sequence number CP_Index indicates the CW data transmitted at the time, and the CP used to encrypt the program stream. Start sequence number; the absolute time CP-Timestamp at the beginning of the encryption cycle, corresponding to the CP-Index, which is optional;
  • the number of periods of the encryption duration length CP— Duration used to indicate the number of persistent CPs (duration) that the CW is about to be used to encrypt the program stream;
  • Control word identifies CW_ID;
  • Control word (program stream key) data CW_Data used to indicate the original C data before the CW is encrypted by the service key;
  • Mobile communication system network coding BN-Code used to identify different mobile multimedia broadcasting systems, reserved for expansion, this parameter is optional.
  • Session_ID Session_ID
  • Stream_ID Stream_ID
  • CW-ID CW-Data
  • the data parameters in the program stream key encryption response message in the above process include:
  • the session identifier Session_ID the session connecting the program key management module 210 and the key management 205, uniquely identifies the identifier of a session message, the parameter matches the session identification parameter of the request message;
  • the program stream identifier Stream_ID is the program key
  • the management module 210 and the service platform are used to uniquely identify an identifier of a program stream, and the parameter matches the program stream identification parameter of the request message;
  • the encryption cycle start sequence number CP_Index indicating the CW data transmitted this time, will be used to encrypt the CP start sequence number of the program stream;
  • composition information of the ECM the encrypted control word CW-Edata, that is, the encrypted program stream key; the service key identifier SKJD; the mobile communication system network service platform code MNSP_Code.
  • the mobile communication system network service platform code MNSP-Code in ECM represents a certain service network of a specific network, including MN coded MNC, multimedia service platform coded MSP and service key system code.
  • the MNC is the identifier of the mobile communication system network, which uniquely distinguishes the mobile communication system network; the MSP code uniquely identifies a mobile communication system network service platform; the service key system service platform code is used to distinguish the service platform's service key encryption and decryption program The algorithm of the stream key can be ignored using the default algorithm.
  • Encryption cycle start sequence number CP_Index is optional.
  • MNSP Code Mobile Communication System Network Service Platform Coding
  • parameters included in the structure are: number of program streams 701, for each program stream, including the following information: program stream identification 702, number of mobile communication system network service platforms 703, and ECM for each mobile communication system network.
  • the syntax structure of parameters 701-706 represents a method for encrypting a program stream key by using a plurality of different mobile network operator service keys in a mobile program stream in an encrypted program stream to implement key security.
  • each mobile operator controls and manages its own service key. While ensuring security and confidentiality, it also facilitates the application of the business.
  • the present invention provides a method for implementing key security of a multi-network convergence mobile multimedia broadcast system, so that the mobile multimedia broadcast system network can integrate multiple or multiple mobile communication system network service platforms with different key management functions. , a program stream of the mobile multimedia broadcasting system can At the same time serving these mobile communication system network service platforms, it greatly saves spectrum resources and reduces the complexity of the converged system. Therefore, it has industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system are disclosed. The method comprises (a) broadcasting system generating, storing and updating the program stream cipher key; each mobile communication system network generating, storing and updating the operation key; and each mobile communication system network separately sending the operation cipher and the mark to user terminal; (b) broadcasting system network sending the program stream to each mobile communication system network; each mobile communication system network encrypting the program stream cipher key and returning the encrypted and controlled information; (c) the broadcasting system network using the corresponding program stream which is encrypted and coded by the program stream cipher key and broadcasting and sending the multiplexed program stream and encrypted program stream cipher key information; (d) user terminal receiving the corresponding program stream and the encrypted and controlled information; searching the corresponding operation cipher key mark; using the operation cipher key as the parameter; deciphering the encrypted program stream cipher key; and deciphering the program stream data by the obtained program stream cipher key.

Description

实现多网融合移动多媒体广播系统密钥安全的方法和系统  Method and system for realizing key security of multi-network convergence mobile multimedia broadcasting system
技术领域 Technical field
本发明涉及移动网络通信和移动多媒体广播技术。尤其涉及移动多媒体 广播系统网络和多种移动通信系统网络融合情况下,为用户终端提供密钥安 全的方法和系统。 背景技术  The present invention relates to mobile network communications and mobile multimedia broadcast technologies. More particularly, it relates to a method and system for providing key security for a user terminal in the case of a mobile multimedia broadcast system network and a plurality of mobile communication system networks. Background technique
随着人们对移动通信的需求不断增长,大量多媒体业务随着时代发展而 涌现出来。 其中, 一些应用要求多个用户能同时接收相同媒体数据, 如视频 点播、 电视广播等, 典型的如手机电视业务。  As the demand for mobile communication continues to grow, a large number of multimedia services have emerged with the development of the times. Among them, some applications require multiple users to receive the same media data at the same time, such as video on demand, TV broadcast, etc., such as mobile TV services.
单纯的移动多媒体广播系统 MMB 网络实现移动多媒体广播或手机电 视等业务(DMB、 DAB, DVB等频率寻址广播网络系统, 统一用 MMB示 出) , 面临着一些先天性的缺陷。 由于其传输的单向性, 即只有下行通道, 给交互式业务、 系统计费灵活性和系统安全都带来了不便,使得一些成熟的 移动网络的技术无法应用到该领域。  Simple mobile multimedia broadcasting system The MMB network realizes services such as mobile multimedia broadcasting or mobile TV (DMB, DAB, DVB and other frequency-addressed broadcasting network systems, which are uniformly displayed by MMB), and faces some congenital defects. Due to the unidirectionality of its transmission, that is, only the downlink channel, it brings inconvenience to interactive services, system billing flexibility and system security, so that some mature mobile network technologies cannot be applied to the field.
单纯 MMB系统为了实现交互、计费和安全, 不得不在不可预知的情况 下, 轮播交互、 计费和安全的内容, 对于大规模商用系统, 这些数据量非常 大, 特别是计费信息, 极大影响了系统开销, 带来很大系统性负担。 相比较 于默向的移动通信系统网络, 广播系统网络要实现同样的功能,要承担很大 代价。 即便实现了, 业务范畴、 使用灵活性也大打折扣。 而这些在移动通信 系统网络早已获得了成熟的电信级应用。  In order to achieve interaction, billing and security, the MMB system has to rotate the interactive, billing and security content in an unpredictable situation. For large-scale commercial systems, the amount of data is very large, especially the billing information. Great impact on system overhead, resulting in a large systemic burden. Compared with the immersive mobile communication system network, the broadcast system network has to bear the great cost to achieve the same function. Even if it is realized, the scope of business and flexibility of use are greatly reduced. These have already gained mature carrier-grade applications in the mobile communication system network.
但是, 广播网络的无线带宽利用效率高, 数据容量较移动网络大得多。 为大规模多媒体传输提供了较好承载。 为此, 提出了 MMB 与移动网络 ( GSM、 CDMA或 3G等)融合的需求。  However, the wireless network of the broadcast network is highly efficient and the data capacity is much larger than that of the mobile network. Provides better bearer for large-scale multimedia transmission. To this end, the need for MMB to integrate with mobile networks (GSM, CDMA or 3G, etc.) has been proposed.
3GPP和 3GPP2都提出了相应的多媒体广播 /组播业务,所谓广播 /组播 类业务是指: 一点到多点的单向承载业务, 数据由一个源实体发送至多个接 收实体。这些业务将点到多点的思想引入移动通信系统, 它可以在移动网络 中提供一个数据源向多个用户发送数据的点到多点业务,以达到网络资源共 享和提高网絡资源利用率的目的。 Both 3GPP and 3GPP2 propose corresponding multimedia broadcast/multicast services. The so-called broadcast/multicast service refers to: One-to-many unidirectional bearer service, and data is sent by one source entity to multiple receiving entities. These businesses bring point-to-multipoint ideas to mobile communication systems, which can be used in mobile networks. A point-to-multipoint service in which a data source sends data to multiple users is provided to achieve network resource sharing and improve network resource utilization.
业务指南中每个节目流被按照时间段, 分成了若干段节目内容, 简称节 目。 需要对每个节目进行安全保护。 目前, 3GPP移动通信系统中多媒体广 播 /组播业务的安全通过三层密钥体系来实现: 第一层: 用户密钥, 单个多 媒体广播 /组播业务用户终端与数据源之间共享的密钥 MU ; 第二层: 业务 密钥, 所有多媒体广播 /组播业务用户终端和数据源共享的密钥 MSK; 第三 层: 节目流密钥, 所有多媒体广播 /组播业务用户终端与数据源共享的组播 传输数据加密密钥 MTK „  Each program stream in the business guide is divided into several sections of program content according to the time period, referred to as the program. Every program needs to be secured. At present, the security of multimedia broadcast/multicast services in 3GPP mobile communication systems is implemented through a three-layer key system: Layer 1: User key, a key shared between a single multimedia broadcast/multicast service user terminal and a data source MU ; Layer 2: Service Key, the key MSK shared by all multimedia broadcast/multicast service user terminals and data sources; Layer 3: Program Stream Key, all multimedia broadcast/multicast service user terminals shared with data sources Multicast transmission data encryption key MTK „
MUK被用来将 MSK安全地发送给业务用户 , MSK被用来将 MTK安 全的发送给业务用户, 而 MTK是真正的组播传输数据加密密钥。 为了保证 多媒体广播 /组播业务的安全, MSK和 MTK需要经常性地进行更新, 避免 合法用户泄露 MSK或 MTK给非法用户, 以减小非法用户获得组播通信内 容对业务安全造成的影响。保护只有签约该业务的用户终端, 才可以合法享 用业务。 对于没有签约用户, 或者签约后退定的用户, 都要视为非法用户。  MUK is used to securely send MSKs to service users. MSK is used to secure MTK to service users, and MTK is a true multicast transmission data encryption key. In order to ensure the security of the multimedia broadcast/multicast service, MSK and MTK need to be updated frequently to prevent legitimate users from leaking MSK or MTK to illegal users, so as to reduce the impact of illegal users' access to multicast communication content on service security. Protecting only the user terminals that have signed the service can legally enjoy the service. For users who do not have a contracted user, or who are retired after signing a contract, they are considered as illegal users.
当广播 /组播服务器更新业务密钥后, 向用户终端发送新密钥有效消息, 该消息表示新的业务密钥已经有效; 用户终端收到该消息后, 可以向广播 / 组播服务器发送请求密钥消息, 请求一个新的业务密钥; 广播 /组播服务器 收到请求密钥消息后, 将相应的新业务密钥发送给发起请求的用户终端; 所 述用户终端成功收到新的业务密钥后, 将该业务密钥进行保存并在以后使 用。  After the broadcast/multicast server updates the service key, it sends a new key valid message to the user terminal, indicating that the new service key is valid; after receiving the message, the user terminal may send a request to the broadcast/multicast server. Key message, requesting a new service key; after receiving the request key message, the broadcast/multicast server sends a corresponding new service key to the user terminal that initiated the request; the user terminal successfully receives the new service After the key, the business key is saved and used later.
3GPP2移动通信系统中, 也与 3GPP对应有分层的密钥。 具体的讲, 第 一层: 用户密钥 TK; 第二层: 业务密钥 BAK; 第三层: 节目流密钥 SK。  In the 3GPP2 mobile communication system, there is also a layered key corresponding to 3GPP. Specifically, the first layer: user key TK; the second layer: business key BAK; the third layer: program stream key SK.
融合网络中, 节目流从广播网絡下发(例如广电广播网络), 即由广电 网络的广播信道传输节目业务流; 由广电手机电视系统实现节目内容加密; 由移动运营商的移动通信系统网络完成用户鉴权和业务计费;由移动运营商 的移动通信系统网络作为交互信道传送业务密钥和实现业务定购、业务交互 等。  In the converged network, the program stream is sent from the broadcast network (for example, radio and television broadcasting network), that is, the program service stream is transmitted by the broadcast channel of the radio and television network; the program content is encrypted by the radio and television mobile TV system; and is completed by the mobile operator's mobile communication system network. User authentication and service charging; the mobile operator's mobile communication system network is used as an interactive channel to transmit service keys and implement business ordering, business interaction, and the like.
但是, 相对于 3GPP, 3GPP2使用了不同的加密方法。 而且, 一般两者 存在于独立的网絡系统, 具有不相干的广播 /组播业务平台的密钥管理系统。 广播系统网络如何融合不同移动通信系统网络的业务平台的密钥管理? However, 3GPP2 uses different encryption methods than 3GPP. And generally both A key management system with an unrelated broadcast/multicast service platform that exists in an independent network system. How does the broadcast system network integrate key management of service platforms of different mobile communication system networks?
因此, 在移动多媒体广播系统网络和多种移动通信系统网络融合情况 下, 广播系统网络融合了不同移动通信系统网络的业务平台, 需要为移动用 户终端提供一种密钥安全的方法, 实现三级密钥更新及密钥安全。 发明内容  Therefore, in the case of a mobile multimedia broadcast system network and a plurality of mobile communication system networks, the broadcast system network integrates the service platforms of different mobile communication system networks, and a key security method needs to be provided for the mobile user terminals to achieve the third level. Key update and key security. Summary of the invention
本发明要解决的技术问题是提供一种实现多网融合移动多媒体广播系 统密钥安全的方法,使得移动多媒体广播系统可以融合多 或多个具有不同 密钥管理功能的移动通信系统网络业务平台, 为移动用户终端提供密钥安 全。  The technical problem to be solved by the present invention is to provide a method for realizing key security of a multi-network convergence mobile multimedia broadcasting system, so that the mobile multimedia broadcasting system can integrate multiple or multiple mobile communication system network service platforms with different key management functions. Provide key security for mobile user terminals.
为了解决上述问题,本发明提出了一种实现多网融合移动多媒体广播系 统密钥安全的方法,应用于广播系统网络和多个移动通信系统网络融合的系 统, 所述广播系统网络有一加扰器, 所述移动通信系统网络有一业务平台, 该方法包括以下步骤:  In order to solve the above problems, the present invention provides a method for realizing key security of a multi-network convergence mobile multimedia broadcasting system, which is applied to a system in which a broadcast system network and a plurality of mobile communication system networks are integrated, and the broadcast system network has a scrambler. The mobile communication system network has a service platform, and the method includes the following steps:
( a )广播系统网络的加扰器按设定规则生成、 存储和更新节目流密钥, 各移动通信系统网络的业务平台按设定规则生成、存储和更新业务密钥, 业 务密钥对应于唯一的业务密钥标识,各移动通信系统网络分别将业务密钥及 其标识分发到订购了相应业务的用户终端;  (a) The scrambler of the broadcast system network generates, stores, and updates the program stream key according to the set rule, and the service platform of each mobile communication system network generates, stores, and updates the service key according to the set rule, and the service key corresponds to Unique service key identifier, each mobile communication system network separately distributes the service key and its identifier to the user terminal that subscribes to the corresponding service;
( b ) 广播系统网絡的加扰器将节目流密钥发送到各个移动通信系统网 络的业务平台,各业务平台以对应的业务密钥为参数对节目流密钥加密, 并 将加密控制信息返回所述加扰器, 其中包括加密后的节目流密钥、 业务密钥 标识和移动通信系统网络的标识参数,加扰器对收到的加密控制信息加以存 储;  (b) The scrambler of the broadcast system network sends the program stream key to the service platform of each mobile communication system network, and each service platform encrypts the program stream key with the corresponding service key as a parameter, and returns the encrypted control information. The scrambler includes an encrypted program stream key, a service key identifier, and an identification parameter of the mobile communication system network, and the scrambler stores the received encryption control information;
( c )广播系统网络的加扰器使用节目流密钥加密编码后的对应节目流, 并将节目流和加密节目流密钥信息一并输出, 复用后广播发送, 所述加密节 目流密钥信息包含每一节目流标识及其在每个移动通信系统网絡的加密控 制 ^吕息; ( d )用户终端选择节目后, 接收相应的节目流及其加密控制信息, 根 据所属移动通信系统网络的标识找到对应的业务密钥标识,确定应使用的本 地业务密钥, 以该业务密钥为参数, 解密加密后的节目流密钥, 再用得到的 节目流密钥解密节目流数据。 (c) the scrambler of the broadcast system network encrypts the encoded corresponding program stream by using the program stream key, and outputs the program stream and the encrypted program stream key information together, multiplexes and broadcasts, and the encrypted program stream is densely streamed. The key information includes each program stream identifier and its encryption control in each mobile communication system network; (d) after the user terminal selects the program, receives the corresponding program stream and its encryption control information, finds the corresponding service key identifier according to the identifier of the network of the mobile communication system, and determines the local service key to be used, with the service key For the parameters, the encrypted program stream key is decrypted, and the program stream data is decrypted using the obtained program stream key.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点, 步骤(a ) 中, 所述用户终端生成用户密钥并在认证时上 报业务平台, 所述业务平台按相同规则为订购业务的用户生成用户密钥, 并 验证与该用户终端上 ^=艮的用户密钥是否一致, 如是,再以该用户密钥为参数 加密业务密钥, 然后将加密后的业务密钥及其标识发送到该用户终端存储; 步骤(d ) 中, 用户终端在确定了应使用的业务密钥后, 先找到存储的 加密后的业务密钥, 以本地的用户密钥为参数解密得到业务密钥,再以该业 务密钥解密加密后的节目流密钥。  Further, the method for implementing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following features. In the step (a), the user terminal generates a user key and reports the service platform during the authentication, and the service platform presses The same rule generates a user key for the user who subscribes to the service, and verifies whether the user key of the user terminal is consistent with the user key, and if so, encrypts the service key with the user key as a parameter, and then encrypts the service. The key and its identifier are sent to the user terminal for storage; in step (d), after determining the service key to be used, the user terminal first finds the stored encrypted service key, and takes the local user key as a parameter. The service key is decrypted, and the encrypted program stream key is decrypted with the service key.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点, 步骤(b )进一步分为以下步骤: ( bl )广播系统网络的 加扰器根据配置的管理规则,通过与多个移动通信系统网絡的业务平台的接 口, 向其发送节目流密钥加密请求, 携带会话标识、 节目流标识、节目流密 钥标识和节目流密钥数据; (b2 )各移动通信系统网络的业务平台收到加密 请求后,根据节目流标识匹配找到对应的业务密钥,使用该业务密钥作为参 数, 加密控制字数据, 并生成该节目流的加密控制信息; (½ )各移动通信 系统网络业务平台向加扰器发送节目流密钥加密响应消息,使用与请求一样 的会话标识和节目流标识, 并带上生成的加密控制信息, 包括加密后的节目 流密钥、 业务密钥标识和移动通信系统网络的标识参数; ( b4 )业务平台存 储各移动通信系统网络返回的节目流的加密控制信息。  Further, the foregoing method for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following features: Step (b) is further divided into the following steps: (bl) The scrambler of the broadcast system network passes the configured management rules according to the configuration rules. An interface with a service platform of a plurality of mobile communication system networks, to which a program stream key encryption request is transmitted, carrying a session identifier, a program stream identifier, a program stream key identifier, and a program stream key data; (b2) each mobile communication system After receiving the encryption request, the service platform of the network finds the corresponding service key according to the program stream identifier matching, uses the service key as a parameter, encrypts the control word data, and generates the encryption control information of the program stream; (1⁄2) each mobile The communication system network service platform sends the program stream key encryption response message to the scrambler, uses the same session identifier and program stream identifier as the request, and carries the generated encryption control information, including the encrypted program stream key and the service secret. Key identification and identification parameters of the mobile communication system network; (b4) service platform storage Encrypted control information for the program stream returned by the mobile communication system network.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点, 步驟(d )进一步分为以下步骤: (dl )用户启动终端上 的移动多媒体广播系统的客户端, 客户端程序开始工作; (d2 )客户端如判 断需要获取电子业务指南,则和所述业务平台交互获取电子业务指南数据并 展示, 如不需要,则直接展示; (d3 )用户根据客户端展示的电子业务指南, 选择观看有效的电视节目, 如该节目需订购, 则和所述业务平台交互完成业 务订购过程; ( d4 )终端根据用户选择使用的当前业务, 根据业务标识解复 用接收对应加密的节目流, 同时可接收加密节目流密钥信息; ( d5 )终端从 加密节目流密钥信息中获得多个网络的加密控制信息,根据终端存储的移动 通信系统网络的标识参数, 选择使用该移动通信系统网络的加密控制信息;Further, the foregoing method for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following features: Step (d) is further divided into the following steps: (dl) a client that initiates a mobile multimedia broadcast system on the terminal, the client The terminal program starts to work; (d2) if the client needs to obtain the electronic service guide, the client interacts with the service platform to obtain the electronic service guide data and displays it, and if not, directly displays; (d3) the user displays according to the client Electronic business guide, choose to watch a valid TV program, if the program needs to be ordered, then interact with the business platform to complete the industry (d4) the terminal according to the current service selected by the user, demultiplexing and receiving the corresponding encrypted program stream according to the service identifier, and receiving the encrypted program stream key information; (d5) the terminal from the encrypted program stream key information Obtaining encryption control information of multiple networks, and selecting encryption control information using the network of the mobile communication system according to the identification parameter of the network of the mobile communication system stored by the terminal;
( d6 )终端才艮据加密控制信息中的业务密钥标识, 判断终端是否已存储对应 有效的业务密钥,如否,则向移动通信系统网络业务平台发起业务密钥请求, 获取用该终端的用户密钥加密后的该节目流的业务密钥,如是,执行下一步;(d6) the terminal determines whether the terminal has stored a corresponding valid service key according to the service key identifier in the encryption control information, and if not, initiates a service key request to the mobile communication system network service platform, and acquires the terminal. After the user key is encrypted, the service key of the program stream, if yes, performs the next step;
( d7 )终端使用本地的用户密钥对加密后的业务密钥解密, 利用得到的业务 密钥和相应的解密算法来解密加密控制信息中加密后的节目流密钥,再用得 到的节目流密钥解密节目流数据。 (d7) The terminal decrypts the encrypted service key by using the local user key, and decrypts the encrypted program stream key in the encryption control information by using the obtained service key and the corresponding decryption algorithm, and then uses the obtained program stream. The key decrypts the program stream data.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点, 所述终端在初始化过程中从业务平台获取 Ks, 生成用户 密钥, 并获得用户密钥归属的移动通信系统网络的标识参数, 用户认证时, 终端认证请求带上用户密钥索引和自己生成的密钥,移动通信系统网络业务 平台从 HLR获取的鉴权多元组的基础上查找到或生成 Ks, 再根据该 Ks生 成用户密钥, 业务平台对本地和终端上报的同一用户的用户密钥进行验证, 如相同, 将使用该用户密钥作为参数, 用规定的加密算法对该用户所订购业 务的业务密钥加密, 否则, 返回错误码给终端。  Further, the foregoing method for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following feature: the terminal acquires Ks from the service platform during the initialization process, generates a user key, and obtains a mobile communication to which the user key belongs. Identification parameters of the system network, when the user authenticates, the terminal authentication request carries the user key index and the key generated by itself, and the mobile communication system network service platform finds or generates Ks based on the authentication multi-group obtained by the HLR, and then The user key is generated according to the Ks, and the service platform verifies the user key of the same user reported by the local and the terminal, and if the same, the user key is used as a parameter, and the service of the service subscribed to by the user is performed by using a predetermined encryption algorithm. The key is encrypted, otherwise, the error code is returned to the terminal.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点,所述节目流密钥加密请求消息中的参数还包括以下几种中 的一种或其组合: 加密周期开始序号, 表示该次传递的节目流密钥数据用于 加密节目流的加密周期开始序号; 加密周期开始的绝对时间; 加密持续时间 长度的周期数量,表示该节目流密钥即将被用于加密节目流的持续加密周期 数量; 以及移动通信系统网絡编码, 用于标识不同的移动通信系统网络; 和 /或所述节目流密钥加密响应消息中的参数还包括加密周期开始序号。  Further, the method for implementing the key security of the multi-network convergence mobile multimedia broadcast system may further have the following features: the parameters in the program stream key encryption request message further include one or a combination of the following: Start sequence number, indicating the program stream key data used for the transfer is used to encrypt the program stream's encryption cycle start sequence number; the absolute time at which the encryption cycle starts; the number of cycles of the encryption duration length, indicating that the program stream key is about to be used for encryption The number of consecutive encryption cycles of the program stream; and the mobile communication system network code for identifying different mobile communication system networks; and/or the parameters in the program stream key encryption response message further include an encryption cycle start sequence number.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点,所述移动通信系统网络的标识参数为移动通信系统网络业 务平台编码, 表征了特定移动通信系统网络业务平台 , 包括移动通信系统网 络编码、 多媒体业务平台编码和业务密钥体系编码; 移动通信系统网络编码 是移动通信系统网络的标识,唯一区分了移动通信系统网络; 多媒体业务平 台编码唯一标识了移动通信系统网络业务平台;业务密钥体系编码用来区分 业务平台的业务密钥加解密节目流密钥的算法。 Further, the foregoing method for implementing key security of a multi-network convergence mobile multimedia broadcasting system may further have the following features: the identification parameter of the mobile communication system network is a mobile communication system network service platform coding, and represents a specific mobile communication system network service platform. , including mobile communication system network coding, multimedia service platform coding and service key system coding; mobile communication system network coding It is the identifier of the mobile communication system network, which uniquely distinguishes the mobile communication system network; the multimedia service platform code uniquely identifies the mobile communication system network service platform; the service key system code is used to distinguish the service key's service key encryption and decryption program stream key Algorithm.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点, 步驟(a ) 中所述业务平台分发到终端的信息除业务密钥 和业务密钥标识外, 还包括节目流密钥有效序列号区间; 步驟(d ) 中终端 解密得到的节目流密钥为一个时间周期序号,终端先验证该序号是否在所述 节目流密钥有效序列号区间范围内, 如是, 则密钥有效; 再用得到有效的节 目流密钥再用来解密节目数据流。  Further, the method for implementing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following features. In addition to the service key and the service key identifier, the information distributed by the service platform to the terminal in the step (a) includes The program stream key valid sequence number interval; the program stream key obtained by the terminal decryption in step (d) is a time period sequence number, and the terminal first verifies whether the sequence number is within the effective sequence number range of the program stream key, and if so, Then the key is valid; and then the valid program stream key is used to decrypt the program data stream.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的方法, 还可 以具有以下特点, 步骤(a ) 中, 所述业务密钥具有本网密钥标识唯一性, 并有各自的有效期, 有效期管理用于指导密钥更新以及有效性验证。 一种实现多网融合移动多媒体广播系统密钥安全的系统, 包括移动通信 系统网络、 用户终端和广播系统网络, 其中,  Further, the foregoing method for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following features. In step (a), the service key has uniqueness of the local network key identifier, and has respective validity periods, and an expiration date. Management is used to guide key updates and validation. A system for realizing key security of a multi-network convergence mobile multimedia broadcasting system, comprising a mobile communication system network, a user terminal, and a broadcast system network, wherein
移动通信系统网络, 用于实现移动多媒体广播业务平台功能, 以及移动 网络承载功能, 与用户终端交互, 生成、 存储或更新用户密钥, 完成业务密 钥的生成、 存储、 更新和分发; 与广播系统网络交互, 完成业务密钥对节目 流密钥的加密;  a mobile communication system network for implementing a mobile multimedia broadcast service platform function, and a mobile network bearer function, interacting with a user terminal, generating, storing, or updating a user key to complete generation, storage, update, and distribution of a service key; and broadcasting The system network interacts to complete the encryption of the program stream key by the service key;
用户终端, 用于获取用户密钥,接收广播系统网络的节目流和加密控制 信息, 并解密相应的节目流, 以及和各自对应类型、 位置的移动通信系统网 络交互, 完成用户密钥的认证, 存储或更新业务密钥;  The user terminal is configured to acquire a user key, receive a program stream of the broadcast system network, and encrypt control information, and decrypt the corresponding program stream, and interact with the network of the corresponding type and location of the mobile communication system to complete the authentication of the user key. Store or update the business key;
广播系统网絡, 用于生成、 存储和更新节目流密钥, 将节目流密钥发送 到各个移动通信系统网絡, 并将接收到的加密控制信息加以存储; 使用节目 流密钥加密编码后的对应节目流,并将节目流和加密节目流密钥信息复用后 广播发送。  a broadcast system network for generating, storing, and updating a program stream key, transmitting the program stream key to each mobile communication system network, and storing the received encryption control information; and encrypting the encoded correspondence using the program stream key The program stream is multiplexed with the program stream and the encrypted program stream key information and broadcasted.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的系统, 还可 以具有以下特点, 用户终端进一步包括以下模块: 初始化模块, 用于在初始 化过程中获得用户密钥以及归属的移动通信系统网络业务平台编码;用户密 钥用于加密业务密钥和解密得到的业务密钥, 每个用户的用户密钥各不相 同; 用户认证模块, 用于和移动通信系统网络交互完成终端的认证过程, 并 在终端认证请求带上用户密钥索引和自己生成的密钥,以供移动通信系统网 络侧验证; 业务密钥管理单元, 用于接收移动通信系统网络业务平台为已订 购业务的用户分发的当前业务密钥、业务密钥标识及其节目流密钥有效序列 号区间, 加以存储或更新; 节目流接收模块, 用于根据当前节目的节目流标 识接收相应节目流, 包括接收加密节目流密钥信息; 节目流解密模块, 根据 移动网絡业务平台编码从节目流中选择使用本网络对应的节目流加密控制 信息,获得相应的业务密钥标识,根据该标识选择使用终端上存储的加密后 业务密钥, 用本地的用户密钥为参数加以解密得到业务密钥 ,再用该业务密 钥解密加密后节目流密钥, 根据节目流密钥有效序列号区间验证密钥有效 性, 再用得到的有效节目流密钥解密节目数据流。 Further, the foregoing system for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following features: The user terminal further includes the following modules: an initialization module, used in the initial The user key and the home mobile communication system network service platform code are obtained during the process; the user key is used to encrypt the service key and the decrypted service key, and the user key of each user is different; the user authentication module, Used to interact with the mobile communication system network to complete the authentication process of the terminal, and carry the user key index and the self-generated key on the terminal authentication request for network side verification of the mobile communication system; the service key management unit is configured to receive The mobile communication system network service platform stores the current service key, the service key identifier and the program stream key effective sequence number interval distributed by the user who has subscribed the service, and stores or updates; the program stream receiving module is configured to be used according to the current program. The program stream identifier receives the corresponding program stream, including receiving the encrypted program stream key information; and the program stream decryption module selects and uses the program stream encryption control information corresponding to the network from the program stream according to the mobile network service platform code to obtain the corresponding service key. Identification, according to the identification, choose to use the encryption stored on the terminal The service key is decrypted by using the local user key as a parameter to obtain the service key, and then the encrypted service stream key is decrypted by the service key, and the key validity is verified according to the effective serial number interval of the program stream key, and then used. The resulting valid program stream key decrypts the program data stream.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的系统 , 还可 以具有以下特点, 业务密钥管理单元, 如开始使用业务时, 本地没有存储有 效的业务密钥,则发起主动请求从相应移动通信系统网络获取该业务的业务 密钥; 不同移动通信系统网络业务平台及其终端自成体系 , 终端只接收到所 签约的移动通信系统网络业务平台分发的业务密钥 ,并且已由相应用户密钥 加密。  Further, the system for realizing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following characteristics: the service key management unit, if the service is not used, does not store a valid service key locally, and initiates an active request from the corresponding The mobile communication system network obtains the service key of the service; the different mobile communication system network service platform and its terminal self-contained system, the terminal only receives the service key distributed by the contracted mobile communication system network service platform, and has been the corresponding user Key encryption.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的系统, 还可 以具有以下特点, 移动通信系统网络的业务平台进一步包括以下模块: 业务 中心、 密钥管理模块, 其中: 业务中心, 提供与用户终端的业务接口, 以及 实现业务平台的业务逻辑控制,调度和使用业务平台内或其他业务平台功能 模块, 包括分发业务密钥; 密钥管理模块,用于生成、存储或更新用户密钥, 并才艮据有效的用户密钥生成业务密钥, 完成业务密钥对节目流密钥的加密。  Further, the foregoing system for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following features: The service platform of the mobile communication system network further includes the following modules: a service center, a key management module, where: a service center, providing The service interface of the user terminal, and the business logic control of the service platform, scheduling and using functional modules in the service platform or other service platforms, including distributing service keys; and a key management module for generating, storing, or updating user keys, The service key is generated according to the valid user key, and the encryption of the program stream key by the service key is completed.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的系统, 还可 以具有以下特点, 密钥管理模块, 进一步包括: 用户密钥管理单元、 业务密 钥管理单元、 业务密钥分发单元、 节目流密钥加密单元, 其中: 用户密钥管 理单元, 用于生成用户密钥, 并进行存储或更新; 终端初始化时从业务平台 获取 Ks, 生成用户密钥, 当业务平台收到终端的包含用户密钥索引和终端 生成密钥的认证请求时, 根据索引查找到或生成 Ks, 再由业务平台对终端 上报的同一用户的用户密钥进行验证, 如相同, 则将该消息通知业务密钥管 理单元, 否则,返回错误码给终端; 业务密钥管理单元, 用于在业务配置后, 如收到用户密钥管理单元发送的用户密钥确认信息,则可以该用户密钥为参 数, 用规定的加密算法对业务密钥加密, 生成、 存储相应的业务密钥, 并建 立与业务密钥标识的——对应关系, 业务密钥通过业务标识, 与节目流标识 相关联, 业务密钥具有本网密钥标识唯一性, 并有各自的有效期; 业务密钥 分发单元,用于通过业务中心分发业务密钥,业务平台根据用户的订购关系, 向已订购业务的用户发送用该用户的用户密钥加密后的业务密钥;以网络主 动推送方式为主, 或者在收到终端获取业务密钥的请求时, 找到相应的业务 密钥, 由用户密钥加密后发送给终端; 节目流密钥加密单元, 指业务平台接 收广播系统网络加扰器发送的节目流密钥, 用相应业务密钥加密后, 将已加 密的节目流密钥、节目流密钥标识及其他加密参数按指定数据格式封装成节 目流密钥消息, 返回给加扰器。 Further, the system for implementing the key security of the multi-network convergence mobile multimedia broadcast system may further have the following features: the key management module further includes: a user key management unit, a service key management unit, a service key distribution unit, and a program a stream key encryption unit, where: a user key management unit, configured to generate a user key, and store or update; when the terminal is initialized from the service platform The Ks is generated, and the user key is generated. When the service platform receives the authentication request including the user key index and the terminal generated key, the service platform finds or generates the Ks according to the index, and then the user of the same user reported by the service platform to the terminal. The key is verified, if the same, the message is notified to the service key management unit, otherwise, the error code is returned to the terminal; the service key management unit is used after the service configuration, if received by the user key management unit. If the user key confirms the information, the user key may be used as a parameter, the service key is encrypted by using a predetermined encryption algorithm, the corresponding service key is generated and stored, and the corresponding relationship with the service key identifier is established, and the service is dense. The key is associated with the program stream identifier by the service identifier, the service key has the uniqueness of the local network key identifier, and has a respective validity period; the service key distribution unit is configured to distribute the service key through the service center, and the service platform is based on the user Subscription relationship, sending the service key encrypted by the user's user key to the user who has subscribed to the service; The active push mode is dominant, or when the terminal receives the request for obtaining the service key, the corresponding service key is found, and is encrypted by the user key and sent to the terminal; the program stream key encryption unit refers to the service platform receiving the broadcast system network. The program stream key sent by the scrambler is encrypted by the corresponding service key, and the encrypted program stream key, the program stream key identifier and other encryption parameters are encapsulated into a program stream key message according to the specified data format, and returned to the program stream key message. Scrambler.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的系统, 还可 以具有以下特点, 广播系统网络包括: 节目源编码模块, 用于对各个原始接 入的音视频内容进行压缩编码, 输出给加扰器; 加扰器, 用于生成、 存储和 更新节目流密钥, 将节目流密钥发送到各个移动通信系统网络, 并将接收到 的加密控制信息加以存储; 由加密后节目流密钥控制字加密编码后的节目 流, 并将所述节目流和加密控制信息输出到复用系统; 复用系统, 用于将多 个加密后的节目流及其在多个移动通信系统网络的加密控制信息复用 ,通过 广播系统网络输出。  Further, the system for implementing the key security of the multi-network convergence mobile multimedia broadcast system may also have the following features. The broadcast system network includes: a program source coding module, configured to compress and encode each originally accessed audio and video content, and output the same to a scrambler for generating, storing, and updating a program stream key, transmitting the program stream key to each mobile communication system network, and storing the received encryption control information; The key control word encrypts the encoded program stream, and outputs the program stream and the encryption control information to the multiplexing system; the multiplexing system is configured to use the plurality of encrypted program streams and the plurality of mobile communication system networks The encryption control information is multiplexed and output through the broadcast system network.
进一步, 上述实现多网融合移动多媒体广播系统密钥安全的系统, 还可 以具有以下特点, 加扰器, 进一步包括节目密钥管理模块和加密机, 其中, 节目密钥管理模块,用于对节目流密钥的控制字、加密后控制字、加密周期、 加密时长进行管理, 不断生成、 存储和更新控制字; 通过与多个移动通信系 统网络业务平台的接口向该业务平台发送节目流密钥加密请求,携带会话标 识、 节目流标识、节目流密钥标识和节目流密钥数据; 并从该业务平台获得 节目流加密控制信息并储存, 包括加密后的节目流密钥、业务密钥标识和移 动通信系统网络的标识参数; ·通过与内容播控系统的接口获得对应节目的起 始、 结束的时间信息, 对齐开始新的加密周期, 以及节目流密钥用作加密的 加密周期范围, 作为与业务平台的节目流密钥同步的依据; 加密机, 使用加 密后的节目流密钥来加密编码后的节目流,复用多个网络的加密控制信息到 输出数据流中, 并输出到复用系统。 Further, the foregoing system for implementing key security of a multi-network convergence mobile multimedia broadcast system may further have the following features, the scrambler further includes a program key management module and an encryption machine, wherein the program key management module is used for the program The control key of the stream key, the encrypted control word, the encryption period, and the encryption duration are managed, and the control word is continuously generated, stored, and updated; the program stream key is sent to the service platform through an interface with a plurality of mobile communication system network service platforms. An encryption request carrying a session identifier, a program stream identifier, a program stream key identifier, and program stream key data; and obtained from the service platform The program stream encrypts the control information and stores, including the encrypted program stream key, the service key identifier, and the identification parameter of the mobile communication system network; • obtaining the start and end time information of the corresponding program through an interface with the content broadcast control system , the alignment starts a new encryption cycle, and the program stream key is used as the encrypted encryption cycle range as a basis for synchronizing the program stream key with the service platform; the encryption machine encrypts the encoded code using the encrypted program stream key The program stream multiplexes the encrypted control information of the plurality of networks into the output data stream and outputs the same to the multiplexing system.
与现有技术相比,在移动多媒体广播系统网络与多种或多个移动通信系 统网络业务平台融合的情况下,设计和提出了密钥安全的方法。使得移动多 媒体广播系统网络可以融合多种或多个具有不同密钥管理功能的移动通信 系统网络业务平台,移动多媒体广播系统的一个节目流可以同时服务于这些 移动通信系统网絡业务平台,极大节约了频语资源和降低了融合系统的复杂 性。 Compared with the prior art, in the case where the mobile multimedia broadcast system network is integrated with multiple or multiple mobile communication system network service platforms, a key security method is designed and proposed. The mobile multimedia broadcast system network can integrate multiple or multiple mobile communication system network service platforms with different key management functions, and a program stream of the mobile multimedia broadcast system can simultaneously serve the mobile communication system network service platform, which greatly saves Frequency resources and reduced complexity of the fusion system.
附图概述 BRIEF abstract
图 1是实施例中广播系统网络和多种移动通信系统网络融合的示意图。 图 2是实施例中广播系统网络和某个移动通信系统网络融合的示意图。 图 3是实施例中移动用户终端业务使用流程的示意图。  1 is a schematic diagram of a network of a broadcast system and a plurality of mobile communication system networks in an embodiment. 2 is a schematic diagram of a network convergence of a broadcast system network and a mobile communication system in an embodiment. FIG. 3 is a schematic diagram of a service flow of a mobile user terminal in an embodiment.
图 4是实施例中节目流密钥加密过程的序列图。  4 is a sequence diagram of a program stream key encryption process in the embodiment.
本发明的较佳实施方式 Preferred embodiment of the invention
下面结合附图, 对本发明的具体实施进行说明。  The specific implementation of the present invention will now be described with reference to the accompanying drawings.
图 1 是移动多媒体广播系统网絡和多种移动通信系统网络融合的结构 图, 包括多种或多个移动通信系统网络(MN ) 101、 104,多个用户终端(UE ) 102、 103和移动多媒体广播系统网络(BN ) 105, 以广电移动多媒体广播系 统网洛为例。 移动通信系统网络 MN 101和 104, 用于实现移动多媒体广播业务平台 功能, 以及移动网络承载功能。 与用户终端交互, 完成业务发现、 订购 /退 订、 业务指南服务和管理、 业务信息配置、 审核管理、 鉴权、 密钥生成和分 发、 计费和统计等; 与广播系统网络 105交互, 完成业务密钥对节目流密钥 的加密、 节目内容信息同步等; 1 is a structural diagram of a network convergence of a mobile multimedia broadcast system network and various mobile communication systems, including multiple or multiple mobile communication system networks (MNs) 101, 104, a plurality of user terminals (UEs) 102, 103, and mobile multimedia. The Broadcasting System Network (BN) 105 takes the radio and television mobile multimedia broadcasting system as an example. The mobile communication system networks MN 101 and 104 are used to implement mobile multimedia broadcast service platform functions, as well as mobile network bearer functions. Interact with user terminals to complete business discovery, ordering/returning Subscription, service guide service and management, service information configuration, audit management, authentication, key generation and distribution, billing and statistics, etc.; interact with the broadcast system network 105 to complete encryption of the program key for the service key, program Synchronization of content information, etc.
用户终端 UE 102、 103 , 包括了手机设备和卡的功能, 在这里不区分机 卡合一、 还是分离。 用于接收广播系统网络 105加密的节目流, 以及和各自 对应类型、 位置的移动通信系统网络 101、 104交互, 进一步包括以下主要 模块:  The user terminals UE 102, 103 include the functions of the mobile phone device and the card, and do not distinguish whether the machine card is integrated or separated. The program stream for receiving the broadcast system network 105 is encrypted, and interacts with the mobile communication system networks 101, 104 of respective types and locations, and further includes the following main modules:
初始化模块, 用于在初始化过程中从业务平台获得 ks生成用户密钥, 以及获得归属的移动通信系统网络业务平台编码(MNSP— Code ) ; 用户密 钥用于加密业务密钥和解密得到业务密钥, 每个用户的用户密钥各不相同。  An initialization module, configured to obtain a ks generated user key from the service platform during the initialization process, and obtain a home mobile communication system network service platform code (MNSP_Code); the user key is used to encrypt the service key and decrypt the business secret Key, each user's user key is different.
用户认证模块, 用于和移动通信系统网络交互完成终端的认证过程, 并 在终端认证请求带上用户密钥索引 (用户名)和自己生成的密钥 (密码) , 以供移动通信系统网络侧验证。  a user authentication module, configured to interact with the mobile communication system network to complete the authentication process of the terminal, and carry the user key index (user name) and the generated key (password) on the terminal authentication request for the network side of the mobile communication system verification.
业务密钥管理单元,用于接收移动通信系统网络业务平台为已订购业务 的用户分发的当前业务密钥、 业务密钥标识及其节目流密钥有效序列号区 间, 加以存储或更新; 如开始使用业务时, 本地没有存储有效的业务密钥, 则发起主动请求从相应移动通信系统网络获取该业务的业务密钥。不同移动 通信系统网络业务平台及其终端自成体系,终端只接收到所签约的移动通信 系统网络业务平台分发的业务密钥等信息, 并且已由相应用户密钥加密。  a service key management unit, configured to receive a current service key, a service key identifier, and a program stream key valid sequence number interval distributed by the mobile communication system network service platform for the user who has subscribed the service, and store or update; When the service is used, the local service does not store a valid service key, and then initiates an active request to obtain the service key of the service from the corresponding mobile communication system network. Different mobile communication system network service platforms and their terminals are self-contained, and the terminal only receives information such as service keys distributed by the contracted mobile communication system network service platform, and has been encrypted by the corresponding user key.
节目流接收模块, 用于根据当前节目的 Stream— ID接收相应节目流, 包 括可接收加密节目流密钥信息。  And a program stream receiving module, configured to receive, according to a Stream_ID of the current program, a corresponding program stream, including information that can receive the encrypted program stream key.
节目流解密模块, 根据 MNSP— Code从节目流中选择使用本网络对应的 节目流加密控制信息,获得相应的业务密钥标识 SK—ID,根据该标识选择使 用终端上存储的加密后业务密钥,用本地的用户密钥为参数加以解密得到业 务密钥, 再用该业务密钥解密加密后节目流密钥(CW ) , 验证密钥有效性, 得到有效的节目流密钥再用来解密节目数据流。 所述节目流密钥 ID值, 是 一个时间周期序号, 如果该序号在节目流密钥有效序列号区间范围内, 则密 钥有效。 此外, 终端还包括提供移动多媒体广播业务应用的客户端; 业务发现模 块, 用于获取和显示电子节目指南 (ESG ) 的信息; 业务订购和退订模块; 节目选择模块, 用于供用户选定所观看的节目, 并根据节目单信息中获得当 前节目的 Stream— ID; 以及用于解复用、 解码播放节目流、 多媒体展示、 鉴 权及计费等多个功能模块。 The program stream decryption module selects and uses the program stream encryption control information corresponding to the network from the program stream according to the MNSP_Code, obtains a corresponding service key identifier SK_ID, and selects the encrypted service key stored on the terminal according to the identifier. Decrypting the parameter with the local user key to obtain the service key, and then decrypting the encrypted program stream key (CW) with the service key, verifying the validity of the key, and obtaining a valid program stream key for decryption. Program data stream. The program stream key ID value is a time period sequence number, and if the sequence number is within the program stream key valid sequence number interval range, the key is valid. In addition, the terminal further includes a client providing a mobile multimedia broadcast service application; a service discovery module, configured to acquire and display information of an electronic program guide (ESG); a service ordering and unsubscribing module; a program selection module, configured for the user to select The program to be watched, and the Stream_ID of the current program is obtained according to the program information; and a plurality of function modules for demultiplexing, decoding the program stream, multimedia presentation, authentication, and billing.
广播系统网络(BN ) 105, 主要用于节目流编码、 加密、 复用和广播, BN和 MN具有内容信息同步接口和节目流加密接口。  The Broadcast System Network (BN) 105 is mainly used for program stream encoding, encryption, multiplexing, and broadcasting, and the BN and MN have a content information synchronization interface and a program stream encryption interface.
图 2是广播系统网絡和其中某个移动通信系统网络融合的示意 -图,更细 化说明了移动通信系统网络的业务平台功能模块,以及广播系统网络的功能 模块。 2 is a schematic diagram of a network of a broadcast system and a network of one of the mobile communication systems, illustrating a more detailed description of the service platform function modules of the mobile communication system network and the functional modules of the broadcast system network.
用户终端 201 , 具有移动多媒体广播系统的应用客户端;  a user terminal 201, an application client having a mobile multimedia broadcast system;
移动网络 202, 即 CDMAlx或 CDMA2000类型网络的 PDSN网元, 或 GSM/GPRS或 WCDMA类型网络 GGSN网元, 提供与业务平台接口的分组 域核心网重要功能系统;  The mobile network 202, that is, the PDSN network element of the CDMA lx or CDMA2000 type network, or the GSM/GPRS or WCDMA type network GGSN network element, provides an important functional system of the packet domain core network that interfaces with the service platform;
WAP 网关系统 203, 在该业务网络中是移动用户终端与业务平台进行 HTTP交互的代理。 不是必选设备, 特别对于 CDMAlx或 CDMA2000类型 的网络;  The WAP gateway system 203 is a proxy for the HTTP interaction between the mobile user terminal and the service platform in the service network. Not a mandatory device, especially for CDMAlx or CDMA2000 type networks;
移动通信系统网络的业务平台进一步包括以下模块: 业务中心 204、 密 钥管理模块 205 、 ESG服务模块 206和业务管理模块 207, 其中:  The service platform of the mobile communication system network further includes the following modules: a service center 204, a key management module 205, an ESG service module 206, and a service management module 207, wherein:
业务中心 204, 提供与用户终端的业务接口, 以及实现业务平台的业务 逻辑控制,调度和使用业务平台内或其他业务平台功能模块, 实现诸如订购 /退订业务、 分发业务密钥、 业务计费等功能;  The service center 204 provides a service interface with the user terminal, and implements business logic control of the service platform, and schedules and uses functional modules in the service platform or other service platforms to implement, for example, order/unsubscribe services, distribute service keys, and service billing. Other functions;
密钥管理模块 205, 用于支持用户密钥、 业务密钥和节目流密钥的管理 功能, 进一步包括: 用户密钥管理单元、 业务密钥管理单元、 业务密钥分发 单元、 节目流密钥加密单元, 其中: 用户密钥管理单元, 用于根据从 HLR获取的鉴权多元组的基础上查找 到或生成 Ks, 再根据该 Ks生成用户密钥, 并进行存储或更新。 当业务平台 收到终端的包含用户密钥索引和终端生成密钥的认证请求时,对终端上报的 同一用户的用户密钥进行验证,如相同,则将该消息通知业务密钥管理单元, 否则, 返回错误码给终端。 The key management module 205 is configured to support a management function of the user key, the service key, and the program stream key, and further includes: a user key management unit, a service key management unit, a service key distribution unit, and a program stream key. The encryption unit, where: the user key management unit is configured to find or generate Ks based on the authentication tuple obtained from the HLR, and then generate a user key according to the Ks, and store or update. Business platform When receiving the authentication request of the terminal including the user key index and the terminal generation key, the user key of the same user reported by the terminal is verified, and if the same, the message is notified to the service key management unit, otherwise, an error is returned. The code is given to the terminal.
业务密钥管理单元, 用于在业务配置后, 如收到用户密钥管理单元发送 的用户密钥确认信息, 则可以该用户密钥为参数, 用规定的加密算法对业务 密钥加密, 生成、存储相应的加密后业务密钥, 并建立与业务密钥标识的一 一对应关系, 业务密钥通过业务标识, 与节目流标识相关联, 业务密钥具有 本网密钥标识唯一性, 并有各自的有效期。 该模块还进行有效期管理, 用于 指导密钥更新以及有效性验证等。对于包月类型业务,要每月定期更新业务 密钥。  a service key management unit, configured to: after receiving the user key confirmation information sent by the user key management unit, configure the user key as a parameter, and encrypt the service key by using a predetermined encryption algorithm to generate And storing the corresponding encrypted service key, and establishing a one-to-one correspondence with the service key identifier, the service key is associated with the program stream identifier by the service identifier, and the service key has the uniqueness of the local network key identifier, and Have their own validity period. The module also manages validity periods to guide key updates and validity verification. For monthly-type businesses, the business key is updated periodically every month.
业务密钥分发单元, 用于通过业务中心分发业务密钥, 业务平台应能够 根据用户的订购关系,向已订购业务的用户发送用该用户的用户密钥加密后 的业务密钥、业务密钥标识及其节目流密钥有效序列号区间。 以网络主动推 送方式为主,也可在收到终端获取业务密钥的请求时,找到相应的业务密钥, 由用户密钥加密后和业务密钥标识及其节目流密钥有效序列号区间一起发 送给终端。  The service key distribution unit is configured to distribute the service key through the service center, and the service platform should be able to send the service key and the service key encrypted by the user key of the user to the user who has subscribed the service according to the subscription relationship of the user. The identifier and its program stream key valid sequence number interval. The network active push mode is mainly used, and when the terminal obtains the service key request, the corresponding service key is found, and the user key is encrypted and the service key identifier and the program stream key valid serial number interval are obtained. Send it to the terminal together.
节目流密钥加密单元,指业务平台能够接收广播系统网络加扰器发送的 节目流密钥, 用相应业务密钥加密后, 将已加密的节目流密钥、 节目流密钥 标识及其他加密参数按指定数据格式封装成节目流密钥消息, 返回给加扰 器。  The program stream key encryption unit means that the service platform can receive the program stream key sent by the broadcast system network scrambler, and after encrypting with the corresponding service key, encrypt the encrypted program stream key, the program stream key identifier and other encryption. The parameters are encapsulated into program stream key messages in the specified data format and returned to the scrambler.
各移动通信系统网络 MN的业务平台根据自身需要,具有不相干的广播 /组播业务平台密钥管理系统, 甚至会使用不同的加密方法。  Each mobile communication system network MN's service platform has an irrelevant broadcast/multicast service platform key management system according to its own needs, and even uses different encryption methods.
ESG服务模块 206, 具有与广播系统网络的接口, 接收广电侧手机电视 系统发送的业务信息,提供管理员提交的频道及内容信息功能, 生成业务指 南; 才艮据用户请求, 通过移动通信系统网络将已生成的业务指南发送给用户 终端;  The ESG service module 206 has an interface with a broadcast system network, receives service information sent by the radio and television mobile TV system, provides a channel and content information function submitted by the administrator, and generates a service guide; according to the user request, through the mobile communication system network Send the generated service guide to the user terminal;
业务管理模块 207, 处理用户的订购或退订请求, 存储并维护用户订购 关系; 以及负责管理该广播系统网絡所提供业务的信息管理功能,提供管理 员审批、 配置业务的功能, 并在业务配置完成后, 通知业务密钥管理单元生 成对应的业务密钥; The service management module 207 processes the subscription or unsubscribe request of the user, stores and maintains the user subscription relationship, and manages the information management function of the service provided by the network of the broadcast system, provides the function of administrator approval, configures the service, and configures the service. After completion, notify the business key management unit Corresponding to the business key;
其他网元 213 , 例如 BOSS等系统, 对于 GSM/GPRS或 WCDMA类型 网络, 还有 BSF, HLR/HSS等系统。  Other network elements 213, such as BOSS and other systems, for GSM/GPRS or WCDMA type networks, as well as BSF, HLR/HSS and other systems.
广播系统网络包括-. The broadcast system network includes -.
复用系统 208 , 用于将多个加密后的节目流及其在多个移动通信系统网 络的加密控制信息复用, 通过广播系统网络输出;  The multiplexing system 208 is configured to multiplex the plurality of encrypted program streams and the encryption control information of the plurality of mobile communication system networks, and output the network through the broadcast system;
加扰器, 进一步包括:  The scrambler further includes:
节目密钥管理模块 210, 用于对节目流密钥的控制字 (CW ) 、 加密后 CW、 加密周期 CP、 加密时长等进行管理, 不断生成、 存储和更新 CW。 通 过与多个移动通信系统网络业务平台的接口向该业务平台发送 CW等信息, 并从该业务平台获得加密后 CW (即加扰 CW ) 等节目流加密控制信息 ( ECM ) , 提供给加密机 209; 以及, 通过与内容播控系统的接口获得对应 节目的起始、 结束的时间等信息, 对齐开始新的 CP, 以及 CW用作加密的 CP范围, 以作为与业务平台的节目流密钥同步的依据。  The program key management module 210 is configured to manage the control word (CW) of the program stream key, the encrypted CW, the encryption period CP, the encryption duration, and the like, and continuously generate, store, and update the CW. Sending CW and other information to the service platform through an interface with a plurality of mobile communication system network service platforms, and obtaining program stream encryption control information (ECM) such as encrypted CW (ie, scrambled CW) from the service platform, and providing the encryption machine to the encryption machine 209; and, through the interface with the content broadcast control system, obtain information such as the start and end time of the corresponding program, align the start of the new CP, and use the CW as the encrypted CP range as the program stream key with the service platform. The basis for synchronization.
加密机 209, 使用 CW来加密编码后的节目流, 复用多个网络的加密控 制信息到输出数据流中, 并同步输出到复用系统;  The encrypting machine 209, uses CW to encrypt the encoded program stream, multiplexes the encrypted control information of the plurality of networks into the output data stream, and synchronously outputs the same to the multiplexing system;
节目源编码模块 211 ,用于对各个原始接入的音视频内容进行压缩编码, 输出给加 4尤器;  a program source coding module 211, configured to compress and encode each originally accessed audio and video content, and output the device to the device;
内容播控管理模块 212, 用于对节目流编排, 生成各个时间段不重叠的 节目单元; 还具有和加扰器以及移动通信系统网絡业务平台接口, 和移动通 信系统网络业务平台同步节目内容的信息, 该信息不含节目流数据本身;  The content broadcast control management module 212 is configured to program the program stream to generate program units that do not overlap in each time period; and further have an interface with the scrambler and the mobile communication system network service platform, and the mobile communication system network service platform synchronizes the program content. Information that does not contain the program stream data itself;
图 3是用户终端业务使用流程示意图, 包括以下步骤: Figure 3 is a schematic diagram of the user terminal service usage process, including the following steps:
步驟 301, 用户启动终端上的移动多媒体广播系统的客户端, 客户端程 序开始工作; 步骤 302, 综合判断是否需要取 ESG, 如果是, 执行步骤 303, 否则, 执行步骤 304; Step 301: The user starts the client of the mobile multimedia broadcast system on the terminal, and the client program starts to work. Step 302: comprehensively determine whether the ESG needs to be taken, and if yes, perform step 303, otherwise, Perform step 304;
判断内容包括: 是否每次开机都必须重新获取 ESG, 本地是否有 ESG, 以及本地 ESG是否过期或不是最新。  The judgment includes: Whether to re-acquire the ESG every time you turn it on, whether there is an ESG locally, and whether the local ESG is out of date or not up to date.
步骤 303, 通过 HTTP等方式和业务平台交互, 获取 ESG数据; 当遇到中断时, 可以转 312, 询问是否退出处理, 如果退出, 结束; 否 则, 继续处理过程, 处理完成后执行步骤 304; 中断情况包括接收时发生故 障超过指定次数, 用户中断操作等。  Step 303, interacting with the service platform by means of HTTP, etc., to obtain ESG data; when encountering an interrupt, you can transfer 312, ask whether to exit the process, and if it exits, end; otherwise, continue the process, after the process is completed, execute step 304; The situation includes a failure occurring more than a specified number of times during reception, a user interrupt operation, and the like.
步骤 304, 根据客户端展示的 ESG, 用户查看当前和未来的业务, 选择 观看有效的电视节目;  Step 304: According to the ESG displayed by the client, the user views current and future services, and selects to watch a valid television program;
用户可以操作选择使用业务。 对于当前进行中的节目, 可以立即订购、 观看; 对于将来业务, 可以先订购, 到时收看。  Users can choose to use the business. For the current ongoing program, you can order and watch immediately; for future business, you can order it first and watch it later.
步驟 305, 判断用户是否需要先订购, 如果是, 执行步驟 306, 否则, 执行步骤 307;  Step 305, it is determined whether the user needs to order first, if yes, go to step 306, otherwise, go to step 307;
步骤 306, 用户进行业务订购, 终端通过和移动通信系统网络业务平台 交互, 完成业务订购过程;  Step 306: The user performs service subscription, and the terminal interacts with the network service platform of the mobile communication system to complete the service subscription process.
当遇到中断时, 可以转 312, 询问是否退出处理, 如果退出, 结束; 否 则, 继续处理过程, 处理完成后则执行步骤 307;  When encountering an interrupt, you can go to 312, ask whether to exit the process, if you exit, end; otherwise, continue the process, after the process is completed, go to step 307;
步骤 307, 终端根据用户选择使用的当前业务, 以业务标识 Service— ID 标识业务, 解复用接收对应加密的节目流, 同时可接收节目流的加密节目流 密钥信息, 所述 Service— ID与节目流标识 Stream_ID对应;  Step 307: The terminal identifies the service by using the service identifier Service_ID according to the current service selected by the user, demultiplexing and receiving the corresponding encrypted program stream, and receiving the encrypted program stream key information of the program stream, the Service_ID and the The program stream identifier Stream_ID corresponds to;
步骤 308, 终端根据 ECM信息中的业务密钥标识 SK_ID, 判断终端上 是否已存储对应有效的业务密钥, 如果有, 执行步骤 310, 否则, 执行步骤 309;  Step 308, the terminal according to the service key identifier SK_ID in the ECM information, determine whether the corresponding valid service key has been stored on the terminal, if yes, go to step 310, otherwise, go to step 309;
步骤 309, 终端主动向移动通信系统网络业务平台发起业务密钥请求, 在该请求中携带业务密钥标识, 业务平台收到后, 才艮据其中的业务密钥标识 找到相应的业务密钥, 用该终端的用户密钥加密后返回给该终端;  Step 309: The terminal actively initiates a service key request to the network service platform of the mobile communication system, and carries the service key identifier in the request, and after receiving the service, the service platform finds the corresponding service key according to the service key identifier. Encrypted with the user key of the terminal and returned to the terminal;
当遇到中断时, 该步可以转 312, 询问是否退出处理, 如果退出, 结束; 否则, 继续处理过程, 处理完成后则执行步驟 310; 步骤 310, 终端使用 ECM解密单个加密节目流; When an interrupt is encountered, the step can be turned 312, asking whether to exit the process, if the exit, the end; otherwise, continue the process, after the process is completed, execute step 310; Step 310: The terminal decrypts a single encrypted program stream by using the ECM.
其过程为: 终端从节目流获得多个网络 ECM , 根据终端存储的 MNSP— Code信息, 选择使用 ECM。 根据 ECM中业务密钥标识, 选择终端 存储的加密后业务密钥, 终端使用其上的用户密钥对其解密后, 利用得到的 业务密钥和相应的解密算法来解密 ECM中加密后的节目流密钥, 判断其有 效性, 如有效, 再用得到的有效节目流密钥解密节目流数据。  The process is as follows: The terminal obtains multiple network ECMs from the program stream, and selects to use the ECM according to the MNSP_Code information stored in the terminal. According to the service key identifier in the ECM, the encrypted service key stored by the terminal is selected, and after the terminal decrypts the user key using the user key, the obtained service key and the corresponding decryption algorithm are used to decrypt the encrypted program in the ECM. The stream key is judged to be valid, and if valid, the obtained program stream key is used to decrypt the program stream data.
当遇到中断时, 可以转 312, 询问是否退出处理, 如果退出, 结束; 否 则, 继续处理过程, 处理完成后则执行步骤 311。  When an interrupt is encountered, you can go to 312 and ask if you want to exit the process. If you exit, the process ends. Otherwise, continue the process. After the process is complete, go to step 311.
步驟 311 , 对解密后的节目流数据解码和播放显示, 执行步骤 313; 当遇到中断时, 可以转 312, 询问是否退出处理, 如果退出, 结束; 否 则, 继续处理过程, 处理完成后则执行步骤 313;  Step 311: Decode and play back the decrypted program stream data, and perform step 313. When an interrupt is encountered, it may turn to 312 to ask whether to exit the process, and if it exits, end; otherwise, continue the process, and then execute after the process is completed. Step 313;
步骤 313, 退出客户端。 一般是由于用户操作退出。  Step 313, exit the client. Usually due to user operation exit.
图 4是节目流密钥加密过程的示意图, 包括以下步驟: 4 is a schematic diagram of a program stream key encryption process, including the following steps:
步驟 401 , 广播系统网络的节目密钥管理模块 210根据管理规则, 不断 生成、 存储和更新 CW, 并管理其加密使用期;  Step 401: The program key management module 210 of the broadcast system network continuously generates, stores, and updates the CW according to the management rule, and manages the encryption use period thereof.
步骤 402, 节目密钥管理模块 210根据配置的规则, 通过与多个移动通 信系统网絡的业务平台密钥管理模块 205之间的接口,向其发送节目流密钥 加密请求消息, 请求消息携带的参数包括会话标识 Session_ID、 节目流标识 Stream ID、 控制字标识 CW— ID和控制字数据 CW— Data;  Step 402, the program key management module 210 sends a program stream key encryption request message to the service platform key management module 205 of the plurality of mobile communication system networks according to the configured rules, and the request message carries the message. The parameters include a session identifier Session_ID, a program stream identifier Stream ID, a control word identifier CW_ID, and control word data CW_Data;
步骤 403 , 各移动通信系统网络的密钥管理模块 205接收节目密钥管理 模块 210加密请求, 根据输入参数 Stream— ID匹配找到对应的业务密钥, 使 用该业务密钥作为参数,加密控制字数据,并生成一定格式的 ECM,该 ECM 的格式详见下文;  Step 403: The key management module 205 of each mobile communication system network receives the encryption request of the program key management module 210, finds a corresponding service key according to the input parameter Stream_ID matching, and uses the service key as a parameter to encrypt the control word data. And generate a certain format of ECM, the format of the ECM is detailed below;
步骤 404, 各移动通信系统网络的密钥管理模块 205向节目密钥管理模 块 210发送节目流密钥加密响应消息, 使用与请求一样的 Session— ID 和 Stream— ID, 并带上生成的 ECM;  Step 404, the key management module 205 of each mobile communication system network sends a program stream key encryption response message to the program key management module 210, using the same Session_ID and Stream_ID as the request, and carrying the generated ECM;
步骤 405, 节目密钥管理模块 210存储各移动通信系统网络返回的加密 后的 ECM; Step 405, the program key management module 210 stores the encryption returned by each mobile communication system network. After the ECM;
步骤 406, 节目密钥管理模块 210在即将使用 ECM前, 将多个网络的 ECM发送给加密机 209;  Step 406, the program key management module 210 sends the ECM of the plurality of networks to the encryptor 209 before using the ECM;
步骤 407, 加密机 209接收到 ECM后, 向节目密钥管理模块返回响应。  Step 407: After receiving the ECM, the encryptor 209 returns a response to the program key management module.
此外, 业务平台应能够根据用户的订购关系, 向已订购业务的用户发送 用该用户的用户密钥加密后的业务密钥、业务密钥标识及其节目流密钥有效 序列号区间。 以网络主动推送方式为主,也可在收到终端获取业务密钥的请 求时, 找到相应的业务密钥, 以用户密钥为参数加密后, 和业务密钥标识及 其节目流密钥有效序列号区间一起发送给终端。 In addition, the service platform should be able to send the service key, the service key identifier, and the program stream key valid sequence number range encrypted by the user's user key to the user who has subscribed to the service according to the user's subscription relationship. The network active push mode is mainly used, and when the terminal obtains the service key request, the corresponding service key is found, and the user key is used as the parameter encryption, and the service key identifier and the program stream key are valid. The serial number interval is sent to the terminal together.
在广播系统网络, 在完成广播节目流数据的编码后,使用该节目的节目 流密钥来加密编码后的节目流,将加密后的节目流和加密节目流密钥信息同 步输出到复用系统复用后广播发送。该加密节目流密钥信息包含每一节目流 的标识及其在每个移动通信系统网络的 ECM。  In the broadcast system network, after the encoding of the broadcast program stream data is completed, the program stream key of the program is used to encrypt the encoded program stream, and the encrypted program stream and the encrypted program stream key information are synchronously output to the multiplexing system. Broadcast after multiplexing. The encrypted program stream key information contains an identification of each program stream and its ECM in each mobile communication system network.
上述流程中的节目流密钥加密请求消息数据参数包括: The program stream key encryption request message data parameters in the above process include:
会话标识 Session— ID, 用于连接节目密钥管理模块 210和密钥管理 205 的会话, 唯一标识某次会话消息的标识;  Session ID Session_ID, used to connect the session key management module 210 and the key management 205 session, and uniquely identify the identifier of a session message;
节目流标识 Stream—ID ,是节目密钥管理模块 210和业务平台用来唯一 标识一个节目流的标识; 加密周期开始序号 CP— Index, 表示该次传递的 CW数据, 用于加密节 目流的 CP开始序号; 加密周期开始的绝对时间 CP—Timestamp, 与 CP— Index对应, 该参数是 可选的;  The program stream identifier Stream_ID is an identifier used by the program key management module 210 and the service platform to uniquely identify a program stream. The encryption period start sequence number CP_Index indicates the CW data transmitted at the time, and the CP used to encrypt the program stream. Start sequence number; the absolute time CP-Timestamp at the beginning of the encryption cycle, corresponding to the CP-Index, which is optional;
加密持续时间长度的周期数量 CP— Duration, 用于表示该 CW即将被用 于加密节目流的持续 CP数量 (时长) ;  The number of periods of the encryption duration length CP— Duration, used to indicate the number of persistent CPs (duration) that the CW is about to be used to encrypt the program stream;
控制字 (节目流密钥)标识 CW— ID; 控制字 (节目流密钥)数据 CW— Data, 用于表示 CW被业务密钥加密 之前的原始 C 数据; Control word (program stream key) identifies CW_ID; Control word (program stream key) data CW_Data, used to indicate the original C data before the CW is encrypted by the service key;
移动通信系统网络编码 BN— Code, 用于标识不同移动多媒体广播系统, 保留供扩展用, 该参数是可选的。  Mobile communication system network coding BN-Code, used to identify different mobile multimedia broadcasting systems, reserved for expansion, this parameter is optional.
以上参数作为请求消息参数, 不局限其顺序, 且可能有其他补充参数。 其中 Session— ID、 Stream— ID、 CW— ID、 CW— Data是不可或缺的重要参数。  The above parameters are used as request message parameters, and their order is not limited, and there may be other supplementary parameters. Among them, Session_ID, Stream_ID, CW-ID, and CW-Data are important parameters that are indispensable.
上述流程中的节目流密钥加密响应消息中的数据参数包括: The data parameters in the program stream key encryption response message in the above process include:
会话标识 Session— ID, 连接节目密钥管理模块 210和密钥管理 205的会 话,唯一标识某次会话消息的标识,该参数与请求消息的会话标识参数匹配; 节目流标识 Stream_ID , 是节目密钥管理模块 210和业务平台用来唯一 标识一个节目流的标识, 该参数与请求消息的节目流标识参数匹配;  The session identifier Session_ID, the session connecting the program key management module 210 and the key management 205, uniquely identifies the identifier of a session message, the parameter matches the session identification parameter of the request message; the program stream identifier Stream_ID is the program key The management module 210 and the service platform are used to uniquely identify an identifier of a program stream, and the parameter matches the program stream identification parameter of the request message;
加密周期开始序号 CP_Index, 表示该次传递的 CW数据, 将被用于加 密节目流的 CP开始序号; 以及  The encryption cycle start sequence number CP_Index, indicating the CW data transmitted this time, will be used to encrypt the CP start sequence number of the program stream;
ECM的组成信息: 加密后的控制字 CW—Edata, 即加密节目流密钥; 业 务密钥标识 SKJD; 移动通信系统网络业务平台编码 MNSP_Code。  The composition information of the ECM: the encrypted control word CW-Edata, that is, the encrypted program stream key; the service key identifier SKJD; the mobile communication system network service platform code MNSP_Code.
ECM中移动通信系统网络业务平台编码 MNSP— Code,表征了某特定网 络某业务平台, 包括 MN编码 MNC、多媒体业务平台编码 MSP和业务密钥 体系编码。 MNC是移动通信系统网络的标识, 唯一区分了移动通信系统网 络; MSP 编码唯一标识了某移动通信系统网络业务平台; 业务密钥体系的 业务平台编码用来区分业务平台的业务密钥加解密节目流密钥的算法,可以 忽略使用默认算法。  The mobile communication system network service platform code MNSP-Code in ECM represents a certain service network of a specific network, including MN coded MNC, multimedia service platform coded MSP and service key system code. The MNC is the identifier of the mobile communication system network, which uniquely distinguishes the mobile communication system network; the MSP code uniquely identifies a mobile communication system network service platform; the service key system service platform code is used to distinguish the service platform's service key encryption and decryption program The algorithm of the stream key can be ignored using the default algorithm.
以上参数不局限其顺序, 且可能有其他补充参数。 加密周期开始序号 CP— Index是可选的。  The above parameters are not limited to their order, and there may be other supplementary parameters. Encryption cycle start sequence number CP_Index is optional.
下表是和节目流数据同时广播的加密节目流密钥信息的语法结构: 参数编号 语法 参数说明 The following table is the syntax structure of the encrypted program stream key information broadcast simultaneously with the program stream data: Parameter number syntax parameter description
701 Stream— Count 节目流数量 701 Stream— Count number of program streams
for(i=0; i<N; i++)  For(i=0; i<N; i++)
{ {
702 Stream— ID 节目流标识  702 Stream—ID program stream identifier
703 MNSP— Count 移动通信系统网络业务平台数量 for(i=0; i<M; i++)  703 MNSP— Count Number of mobile service system network service platforms for(i=0; i<M; i++)
{ {
704 CW_EData 加密后的控制字 (节目流密钥) 704 CW_EData Encrypted Control Word (Program Stream Key)
705 SK—ID 业务密钥标识 705 SK—ID Service Key Identifier
706 MNSP— Code 移动通信系统网络业务平台编码  706 MNSP— Code Mobile Communication System Network Service Platform Coding
} }
}  }
可以看出, 该结构中包括的参数有: 节目流数量 701 , 对每个节目流, 包括以下信息: 节目流标识 702、 移动通信系统网络业务平台数量 703以及 每个移动通信系统网絡的 ECM。 参数 701-706的语法结构表示了加密节目 流中, 移动多媒体广播系统节目流套用多家不同移动网络运营商业务密钥 , 来加密节目流密钥, 实现密钥安全的方法。 以使广电控制节目流密钥, 各移 动运营商控制管理自己的业务密钥。确保安全保密同时, 又方便了业务的开 展应用。 It can be seen that the parameters included in the structure are: number of program streams 701, for each program stream, including the following information: program stream identification 702, number of mobile communication system network service platforms 703, and ECM for each mobile communication system network. The syntax structure of parameters 701-706 represents a method for encrypting a program stream key by using a plurality of different mobile network operator service keys in a mobile program stream in an encrypted program stream to implement key security. In order for the broadcaster to control the program stream key, each mobile operator controls and manages its own service key. While ensuring security and confidentiality, it also facilitates the application of the business.
工业实用性 本发明提供了一种实现多网融合移动多媒体广播系统密钥安全的方法 系统,使得移动多媒体广播系统网络可以融合多种或多个具有不同密钥管理 功能的移动通信系统网絡业务平台,移动多媒体广播系统的一个节目流可以 同时服务于这些移动通信系统网络业务平台,极大节约了频谱资源和降低了 融合系统的复杂性。 因此, 其具有工业实用性。 Industrial Applicability The present invention provides a method for implementing key security of a multi-network convergence mobile multimedia broadcast system, so that the mobile multimedia broadcast system network can integrate multiple or multiple mobile communication system network service platforms with different key management functions. , a program stream of the mobile multimedia broadcasting system can At the same time serving these mobile communication system network service platforms, it greatly saves spectrum resources and reduces the complexity of the converged system. Therefore, it has industrial applicability.

Claims

权 利 要 求 书 Claim
1、 一种实现多网融合移动多媒体广播系统密钥安全的方法, 应用于广 播系统网络和多个移动通信系统网络融合的系统,所述广播系统网络有一加 扰器, 所述移动通信系统网络有一业务平台, 该方法包括以下步骤: A method for realizing key security of a multi-network convergence mobile multimedia broadcasting system, which is applied to a system in which a broadcast system network and a plurality of mobile communication system networks are fused, the broadcast system network has a scrambler, and the mobile communication system network There is a business platform, and the method includes the following steps:
( a )广播系统网络的加扰器按设定规则生成、存储和更新节目流密钥, 各移动通信系统网络的业务平台按设定规则生成、存储和更新业务密钥, 业 务密钥对应于唯一的业务密钥标识,各移动通信系统网络分别将业务密钥及 其标识分发到订购了相应业务的用户终端;  (a) The scrambler of the broadcast system network generates, stores and updates the program stream key according to the set rule, and the service platform of each mobile communication system network generates, stores and updates the service key according to the set rule, and the service key corresponds to Unique service key identifier, each mobile communication system network separately distributes the service key and its identifier to the user terminal that subscribes to the corresponding service;
( b ) 广播系统网络的加扰器将节目流密钥发送到各个移动通信系统网 络的业务平台,各业务平台以对应的业务密钥为参数对节目流密钥加密, 并 将加密控制信息返回所述加扰器, 其中包括加密后的节目流密钥、业务密钥 标识和移动通信系统网絡的标识参数,加扰器对收到的加密控制信息加以存 储;  (b) The scrambler of the broadcast system network sends the program stream key to the service platform of each mobile communication system network, and each service platform encrypts the program stream key with the corresponding service key as a parameter, and returns the encrypted control information. The scrambler includes an encrypted program stream key, a service key identifier, and an identification parameter of the mobile communication system network, and the scrambler stores the received encryption control information;
( c )广播系统网络的加扰 #使用节目流密钥加密编码后的对应节目流, 并将节目流和加密节 I)流密钥信息一并输出, 复用后广播发送, 所述加密节 目流密钥信息包含每一节目流标识及其在每个移动通信系统网络的加密控 制信息;  (c) scrambling of the broadcast system network # encrypts the encoded corresponding program stream using the program stream key, and outputs the program stream and the encryption section I) stream key information together, and multiplexes and broadcasts the encrypted program. The stream key information includes each program stream identifier and its encryption control information in each mobile communication system network;
U ) 用户终端选择节目后, 接收相应的节目流及其加密控制信息, 根 据所属移动通信系统网络的标识找到对应的业务密钥标识,确定应使用的本 地业务密钥, 以该业务密钥为参数, 解密加密后的节目流密钥, 再用得到的 节目流密钥解密节目流数据。  U) after the user terminal selects the program, receives the corresponding program stream and its encryption control information, finds the corresponding service key identifier according to the identifier of the network of the mobile communication system, and determines the local service key to be used, and the service key is The parameter decrypts the encrypted program stream key, and then decrypts the program stream data using the obtained program stream key.
2、 如权利要求 1所述的实现多网融合移动多媒体广播系统密钥安全的 方法, 其特征在于:  2. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 1, wherein:
步骤(a ) 中, 所述用户终端生成用户密钥并在认证时上报业务平台, 所述业务平台按相同规则为订购业务的用户生成用户密钥,并验证与该用户 终端上报的用户密钥是否一致,如是,再以该用户密钥为参数加密业务密钥, 然后将加密后的业务密钥及其标识发送到该用户终端存储; 步骤(d ) 中, 用户终端在确定了应使用的业务密钥后, 先找到存储的 加密后的业务密钥, 以本地的用户密钥为参数解密得到业务密钥, 再以该业 务密钥解密加密后的节目流密钥。 In the step (a), the user terminal generates a user key and reports the service platform when the authentication is performed. The service platform generates a user key for the user who subscribes to the service according to the same rule, and verifies the user key reported by the user terminal. Whether it is consistent, if yes, encrypt the service key with the user key as a parameter, and then send the encrypted service key and its identifier to the user terminal for storage; in step (d), the user terminal determines that it should be used. After the business key, find the storage first. The encrypted service key is decrypted by using the local user key as a parameter to obtain a service key, and the encrypted program stream key is decrypted by the service key.
3、 如权利要求 1所述的实现多网融合移动多媒体广播系统密钥安全的 方法, 其特征在于:  3. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 1, wherein:
步骤(b )进一步分为以下步骤:  Step (b) is further divided into the following steps:
( bl )广播系统网络的加扰器根据配置的管理规则, 通过与多个移动通 信系统网络的业务平台的接口, 向其发送节目流密钥加密请求,携带会话标 识、 节目流标识、 节目流密钥标识和节目流密钥数据;  (bl) the scrambler of the broadcast system network sends a program stream key encryption request to the service platform of the plurality of mobile communication system networks according to the configured management rule, carrying the session identifier, the program stream identifier, and the program stream Key identification and program stream key data;
( b2 )各移动通信系统网络的业务平台收到加密请求后,根据节目流标 识匹配找到对应的业务密钥, 使用该业务密钥作为参数, 加密控制字数据, 并生成该节目流的加密控制信息;  (b2) after receiving the encryption request, the service platform of each mobile communication system network finds the corresponding service key according to the program stream identifier matching, uses the service key as a parameter, encrypts the control word data, and generates an encryption control of the program stream. Information
( b3 )各移动通信系统网络业务平台向加扰器发送节目流密钥加密响应 消息, 使用与请求一样的会话标识和节目流标识, 并带上生成的加密控制信 息, 包括加密后的节目流密钥、 业务密钥标识和移动通信系统网络的标识参 数;  (b3) each mobile communication system network service platform sends a program stream key encryption response message to the scrambler, using the same session identifier and program stream identifier as the request, and carrying the generated encryption control information, including the encrypted program stream. Key, service key identification, and identification parameters of the mobile communication system network;
( b4 ) 业务平台存储各移动通信系统网络返回的节目流的加密控制信  (b4) The service platform stores an encrypted control letter of the program stream returned by each mobile communication system network
4、 如权利要求 1所述的实现多网融合移动多媒体广播系统密钥安全的 方法, 其特征在于: 步骤(d )进一步分为以下步骤: 4. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 1, wherein: step (d) is further divided into the following steps:
( dl )用户启动终端上的移动多媒体广播系统的客户端,客户端程序开 始工作;  ( dl ) the user activates the client of the mobile multimedia broadcast system on the terminal, and the client program starts working;
( d2 )客户端如判断需要获取电子业务指南, 则和所述业务平台交互获 取电子业务指南数据并展示, 如不需要, 则直接展示;  (d2) if the client needs to obtain an electronic service guide, the client interacts with the service platform to obtain and display the electronic service guide data, and if not, directly display;
( d3 )用户根据客户端展示的电子业务指南,选择观看有效的电视节目, 如该节目需订购, 则和所述业务平台交互完成业务订购过程;  (d3) the user selects to watch an effective television program according to the electronic service guide displayed by the client, and if the program needs to be ordered, interacts with the service platform to complete the service ordering process;
( d4 )终端根据用户选择使用的当前业务,根据业务标识解复用接收对 应加密的节目流, 同时可接收加密节目流密钥信息; ( d5 )终端从加密节目流密钥信息中获得多个网络的加密控制信息, 根 据终端存储的移动通信系统网络的标识参数,选择使用该移动通信系统网络 的加密控制信息; (d4) the terminal according to the current service selected by the user, demultiplexing and receiving the corresponding encrypted program stream according to the service identifier, and receiving the encrypted program stream key information; (d5) the terminal obtains the encryption control information of the plurality of networks from the encrypted program stream key information, and selects the encryption control information of the network of the mobile communication system according to the identification parameter of the mobile communication system network stored by the terminal;
( d6 )终端根据加密控制信息中的业务密钥标识, 判断终端是否已存储 对应有效的业务密钥, 如否, 则向移动通信系统网络业务平台发起业务密钥 请求, 获取用该终端的用户密钥加密后的该节目流的业务密钥, 如是, 执行 下一步;  (d6) The terminal determines, according to the service key identifier in the encryption control information, whether the terminal has stored a corresponding valid service key, and if not, initiates a service key request to the mobile communication system network service platform, and acquires a user who uses the terminal. The service key of the program stream after the key is encrypted, and if yes, performing the next step;
( d7 )终端使用本地的用户密钥对加密后的业务密钥解密, 利用得到的 业务密钥和相应的解密算法来解密加密控制信息中加密后的节目流密钥,再 用得到的节目流密钥解密节目流数据。  (d7) The terminal decrypts the encrypted service key by using the local user key, and decrypts the encrypted program stream key in the encryption control information by using the obtained service key and the corresponding decryption algorithm, and then uses the obtained program stream. The key decrypts the program stream data.
5、 如权利要求 2所述的实现多网融合移动多媒体广播系统密钥安全的 方法, 其特征在于:  5. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 2, wherein:
所述终端在初始化过程中从业务平台获取 Ks, 生成用户密钥, 并获得 用户密钥归属的移动通信系统网絡的标识参数, 用户认证时, 终端认证请求 带上用户密钥索引和自己生成的密钥, 移动通信系统网络业务平台从 HLR 获取的鉴权多元组的基础上查找到或生成 Ks, 再根据该 Ks生成用户密钥, 业务平台对本地和终端上报的同一用户的用户密钥进行验证,如相同, 将使 用该用户密钥作为参数,用规定的加密算法对该用户所订购业务的业务密钥 加密, 否则, 返回错误码给终端。  The terminal acquires the Ks from the service platform during the initialization process, generates a user key, and obtains an identification parameter of the mobile communication system network to which the user key belongs. When the user authenticates, the terminal authentication request carries the user key index and the self-generated The key, the mobile communication system network service platform finds or generates Ks based on the authentication multi-group obtained by the HLR, and then generates a user key according to the Ks, and the service platform performs the user key of the same user reported by the local and the terminal. Verification, if the same, the user key is used as a parameter, and the service key of the service subscribed by the user is encrypted by a prescribed encryption algorithm. Otherwise, an error code is returned to the terminal.
6、 如权利要求 3所述的实现多网融合移动多媒体广播系统密钥安全的 方法, 其特征在于:  6. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 3, wherein:
所述节目流密钥加密请求消息中的参数还包括以下几种中的一种或其 组合: 加密周期开始序号,表示该次传递的节目流密钥数据用于加密节目流 的加密周期开始序号; 加密周期开始的绝对时间; 加密持续时间长度的周期 数量,表示该节目流密钥即将被用于加密节目流的持续加密周期数量; 以及 移动通信系统网络编码, 用于标识不同的移动通信系统网络; 和 /或  The parameter in the program stream key encryption request message further includes one or a combination of the following: an encryption period start sequence number, indicating that the program stream key data transmitted at the time is used to encrypt the program stream. The absolute time at which the encryption cycle begins; the number of cycles of the encryption duration length, indicating the number of consecutive encryption cycles that the program stream key is about to be used to encrypt the program stream; and the mobile communication system network code used to identify different mobile communication systems Network; and/or
所述节目流密钥加密响应消息中的参数还包括加密周期开始序号。 The parameter in the program stream key encryption response message further includes an encryption period start sequence number.
7、 如权利要求 1所述实现多网融合移动多媒体广播系统密钥安全的方 法, 其特征在于: 7. The method for realizing key security of a multi-network convergence mobile multimedia broadcasting system according to claim 1. Law, which is characterized by:
所述移动通信系统网络的标识参数为移动通信系统网络业务平台编码, 表征了特定移动通信系统网络业务平台, 包括移动通信系统网络编码、 多媒 体业务平台编码和业务密钥体系编码;移动通信系统网络编码是移动通信系 统网络的标识,唯一区分了移动通信系统网络; 多媒体业务平台编码唯一标 识了移动通信系统网络业务平台;业务密钥体系编码用来区分业务平台的业 务密钥加解密节目流密钥的算法。  The identification parameter of the mobile communication system network is a mobile communication system network service platform code, which represents a specific mobile communication system network service platform, including a mobile communication system network coding, a multimedia service platform coding, and a service key system coding; a mobile communication system network The code is the identifier of the mobile communication system network, which uniquely distinguishes the mobile communication system network; the multimedia service platform code uniquely identifies the mobile communication system network service platform; the service key system code is used to distinguish the service key from the service platform to encrypt and decrypt the program stream The algorithm of the key.
8、 如权利要求 1所述实现多网融合移动多媒体广播系统密钥安全的方 法, 其特征在于:  8. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 1, wherein:
步骤(a ) 中所述业务平台分发到终端的信息除业务密钥和业务密钥标 识外, 还包括节目流密钥有效序列号区间;  The information distributed by the service platform to the terminal in step (a) includes, in addition to the service key and the service key identifier, an effective sequence number interval of the program stream key;
步骤(d ) 中终端解密得到的节目流密钥为一个时间周期序号, 终端先 验证该序号是否在所述节目流密钥有效序列号区间范围内, 如是, 则密钥有 效; 再用得到有效的节目流密钥再用来解密节目数据流。  The program stream key obtained by the terminal decryption in step (d) is a time period sequence number, and the terminal first verifies whether the sequence number is within the range of the program stream key valid sequence number range, and if so, the key is valid; The program stream key is then used to decrypt the program data stream.
9、 如权利要求 1所述实现多网融合移动多媒体广播系统密钥安全的方 法, 其特征在于:  9. The method for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 1, wherein:
步驟(a ) 中, 所述业务密钥具有本网密钥标识唯一性, 并有各自的有 效期, 有效期管理用于指导密钥更新以及有效性验证。  In the step (a), the service key has the uniqueness of the local network key identifier, and has respective valid periods, and the validity period management is used to guide the key update and the validity verification.
10、 一种实现多网融合移动多媒体广播系统密钥安全的系统,包括移动 通信系统网络、 用户终端和广播系统网络, 其中, 10. A system for realizing key security of a multi-network convergence mobile multimedia broadcast system, comprising a mobile communication system network, a user terminal, and a broadcast system network, wherein
移动通信系统网络, 用于实现移动多媒体广播业务平台功能, 以及移动 网络承载功能, 与用户终端交互, 生成、 存储或更新用户密钥, 完成业务密 钥的生成、 存储、 更新和分发; 与广播系统网络交互, 完成业务密钥对节目 流密钥的加密;  a mobile communication system network for implementing a mobile multimedia broadcast service platform function, and a mobile network bearer function, interacting with a user terminal, generating, storing, or updating a user key to complete generation, storage, update, and distribution of a service key; and broadcasting The system network interacts to complete the encryption of the program stream key by the service key;
用户终端, 用于获取用户密钥,接收广播系统网络的节目流和加密控制 信息, 并解密相应的节目流, 以及和各自对应类型、位置的移动通信系统网 络交互, 完成用户密钥的认证, 存储或更新业务密钥;  The user terminal is configured to acquire a user key, receive a program stream of the broadcast system network, and encrypt control information, and decrypt the corresponding program stream, and interact with the network of the mobile communication system of the corresponding type and location to complete the authentication of the user key. Store or update the business key;
广播系统网络, 用于生成、 存储和更新节目流密钥, 将节目流密钥发送 到各个移动通信系统网络, 并将接收到的加密控制信息加以存储; 使用节目 流密钥加密编码后的对应节目流,并将节目流和加密节目流密钥信息复用后 广播发送。 Broadcast system network, used to generate, store and update program stream keys, send program stream keys Go to each mobile communication system network, and store the received encryption control information; encrypt the encoded corresponding program stream by using the program stream key, and multiplex the program stream and the encrypted program stream key information, and then broadcast and transmit.
11、 如权利要求 10所述实现多网融合移动多媒体广播系统密钥安全的 系统, 其特征在于:  11. The system for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 10, wherein:
用户终端进一步包括以下模块:  The user terminal further includes the following modules:
初始化模块,用于在初始化过程中获得用户密钥以及归属的移动通信系 统网络业务平台编码; 用户密钥用于加密业务密钥和解密得到的业务密钥, 每个用户的用户密钥各不相同;  An initialization module, configured to obtain a user key and a home mobile communication system network service platform code during the initialization process; the user key is used to encrypt the service key and the decrypted service key, and each user's user key is not the same;
用户认证模块, 用于和移动通信系统网络交互完成终端妁认证过程, 并 在终端认证请求带上用户密钥索引和自己生成的密钥,以供移动通信系统网 络侧验证;  a user authentication module, configured to perform a terminal authentication process with the mobile communication system network, and carry a user key index and a self-generated key on the terminal authentication request for verification by the network side of the mobile communication system;
业务密钥管理单元,用于接收移动通信系统网络业务平台为已订购业务 的用户分发的当前业务密钥、 业务密钥标识及其节目流密钥有效序列号区 间, 加以存储或更新;  a service key management unit, configured to receive, by the mobile communication system network service platform, a current service key, a service key identifier, and a program stream key effective sequence number distributed by the user of the subscribed service, for storage or update;
节目流接收模块, 用于根据当前节目的节目流标识接收相应节目流, 包 括接收加密节目流密钥信息;  a program stream receiving module, configured to receive, according to a program stream identifier of the current program, a corresponding program stream, including receiving encrypted program stream key information;
节目流解密模块,根据移动网絡业务平台编码从节目流中选择使用本网 络对应的节目流加密控制信息, 获得相应的业务密钥标识,根据该标识选择 使用终端上存储的加密后业务密钥,用本地的用户密钥为参数加以解密得到 业务密钥,再用该业务密钥解密加密后节目流密钥,根据节目流密钥有效序 列号区间验证密钥有效性, 再用得到的有效节目流密钥解密节目数据流。  The program stream decryption module selects and uses the program stream encryption control information corresponding to the network from the program stream according to the mobile network service platform code, obtains a corresponding service key identifier, and selects an encrypted service key stored on the terminal according to the identifier, The local user key is used to decrypt the parameter to obtain the service key, and then the encrypted service stream key is decrypted by the service key, and the validity of the key is verified according to the effective serial number interval of the program stream key, and the obtained effective program is used again. The stream key decrypts the program data stream.
12、 如权利要求 11所述实现多网融合移动多媒体广播系统密钥安全的 系统, 其特征在于:  12. The system for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 11, wherein:
业务密钥管理单元,如开始使用业务时,本地没有存储有效的业务密钥, 则发起主动请求从相应移动通信系统网絡获取该业务的业务密钥;不同移动 通信系统网络业务平台及其终端自成体系,终端只接收到所签约的移动通信 系统网络业务平台分发的业务密钥, 并且已由相应用户密钥加密。 The service key management unit, if the service is started to be used, does not store a valid service key locally, and initiates an active request to obtain a service key of the service from the corresponding mobile communication system network; the network service platform of different mobile communication systems and the terminal thereof In the system, the terminal only receives the service key distributed by the contracted mobile communication system network service platform, and has been encrypted by the corresponding user key.
13、 如权利要求 10所述实现多网融合移动多媒体广播系统密钥安全的 系统, 其特征在于: 13. The system for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 10, wherein:
移动通信系统网络的业务平台进一步包括以下模块: 业务中心、 密钥管 理模块, 其中:  The service platform of the mobile communication system network further includes the following modules: a service center, a key management module, where:
业务中心, 提供与用户终端的业务接口, 以及实现业务平台的业务逻辑 控制,调度和使用业务平台内或其他业务平台功能模块,包括分发业务密钥; 密钥管理模块, 用于生成、 存储或更新用户密钥, 并才艮据有效的用户密 钥生成业务密钥, 完成业务密钥对节目流密钥的加密。  a service center, providing a service interface with the user terminal, and implementing business logic control of the service platform, scheduling and using functional modules within the service platform or other service platforms, including distributing service keys; and a key management module for generating, storing, or The user key is updated, and the service key is generated according to the valid user key, and the encryption of the program stream key by the service key is completed.
14、 如权利要求 13所述实现多网融合移动多媒体广播系统密钥安全的 系统, 其特征在于:  14. The system for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 13, wherein:
密钥管理模块, 进一步包括: 用户密钥管理单元、 业务密钥管理单元、 业务密钥分发单元、 节目流密钥加密单元, 其中:  The key management module further includes: a user key management unit, a service key management unit, a service key distribution unit, and a program stream key encryption unit, where:
用户密钥管理单元, 用于生成用户密钥, 并进行存储或更新; 终端初始 化时从业务平台获取 Ks, 生成用户密钥, 当业务平台收到终端的包含用户 密钥索引和终端生成密钥的认证请求时, 根据索引查找到或生成 Ks, 再由 业务平台对终端上报的同一用户的用户密钥进行验证, 如相同, 则将该消息 通知业务密钥管理单元, 否则, 返回错误码给终端;  a user key management unit, configured to generate a user key, and store or update; when the terminal initializes, the Ks is obtained from the service platform, and the user key is generated, and the service platform receives the user key index and the terminal generated key of the terminal. When the authentication request is performed, the Ks is found or generated according to the index, and then the service platform verifies the user key of the same user reported by the terminal. If the same, the message is notified to the service key management unit. Otherwise, the error code is returned. Terminal
业务密钥管理单元, 用于在业务配置后, 如收到用户密钥管理单元发送 的用户密钥确认信息, 则可以该用户密钥为参数, 用规定的加密算法对业务 密钥加密, 生成、 存储相应的业务密钥, 并建立与业务密钥标识的——对应 关系, 业务密钥通过业务标识, 与节目流标识相关联, 业务密钥具有本网密 钥标识唯一性, 并有各自的有效期;  a service key management unit, configured to: after receiving the user key confirmation information sent by the user key management unit, configure the user key as a parameter, and encrypt the service key by using a predetermined encryption algorithm to generate And storing a corresponding service key, and establishing a corresponding relationship with the service key identifier, the service key is associated with the program stream identifier by using the service identifier, and the service key has uniqueness of the local network key identifier, and has respective Validity period
业务密钥分发单元, 用于通过业务中心分发业务密钥, 业务平台根据用 户的订购关系,向已订购业务的用户发送用该用户的用户密钥加密后的业务 密钥; 以网络主动推送方式为主, 或者在收到终端获取业务密钥的请求时, 找到相应的业务密钥, 由用户密钥加密后发送给终端;  The service key distribution unit is configured to distribute the service key through the service center, and the service platform sends the service key encrypted by the user key of the user to the user who has subscribed the service according to the subscription relationship of the user; Mainly, or when receiving the request for obtaining the service key from the terminal, the corresponding service key is found, encrypted by the user key, and then sent to the terminal;
节目流密钥加密单元,指业务平台接收广播系统网络加扰器发送的节目 流密钥, 用相应业务密钥加密后, 将已加密的节目流密钥、 节目流密钥标识 及其他加密参数按指定数据格式封装成节目流密钥消息, 返回给加扰器。The program stream key encryption unit refers to the service platform receiving the program stream key sent by the broadcast system network scrambler, and encrypting the encrypted program stream key and the program stream key after encrypting with the corresponding service key. And other encryption parameters are encapsulated into a program stream key message according to the specified data format, and returned to the scrambler.
15、 如权利要求 10所述实现多网融合移动多媒体广播系统密钥安全的 系统, 其特征在于: 15. The system for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 10, wherein:
广播系统网络包括:  The broadcast system network includes:
节目源编码模块, 用于对各个原始接入的音视频内容进行压缩编码, 输 出给加扰器;  a program source encoding module, configured to compress and encode each originally accessed audio and video content, and output the same to the scrambler;
加扰器, 用于生成、 存储和更新节目流密钥, 将节目流密钥发送到各个 移动通信系统网络, 并将接收到的加密控制信息加以存储; 由加密后节目流 密钥控制字加密编码后的节目流,并将所述节目流和加密控制信息输出到复 用系统;  a scrambler for generating, storing, and updating a program stream key, transmitting the program stream key to each mobile communication system network, and storing the received encryption control information; and encrypting the encrypted program stream key control word An encoded program stream, and outputting the program stream and the encryption control information to a multiplexing system;
复用系统,用于将多个加密后的节目流及其在多个移动通信系统网络的 加密控制信息复用, 通过广播系统网络输出。  The multiplexing system is configured to multiplex a plurality of encrypted program streams and their encryption control information in a plurality of mobile communication system networks, and output them through a broadcast system network.
16、 如权利要求 15所述实现多网融合移动多媒体广播系统密钥安全的 系统, 其特征在于:  16. The system for implementing key security of a multi-network convergence mobile multimedia broadcast system according to claim 15, wherein:
加扰器, 进一步包括节目密钥管理模块和加密机,  The scrambler further includes a program key management module and an encryption machine,
节目密钥管理模块, 用于对节目流密钥的控制字、 加密后控制字、 加密 周期、 加密时长进行管理, 不断生成、 存储和更新控制字; 通过与多个移动 通信系统网络业务平台的接口向该业务平台发送节目流密钥加密请求,携带 会话标识、 节目流标识、 节目流密钥标识和节目流密钥数据; 并从该业务 平台获得节目流加密控制信息并储存, 包括加密后的节目流密钥、业务密钥 标识和移动通信系统网络的标识参数;通过与内容播控系统的接口获得对应 节目的起始、 结束的时间信息, 对齐开始新的加密周期, 以及节目流密钥用 作加密的加密周期范围, 作为与业务平台的节目流密钥同步的依据;  a program key management module, configured to manage a control word of the program stream key, an encrypted control word, an encryption period, and an encryption duration, continuously generate, store, and update a control word; and communicate with a plurality of mobile communication system network service platforms The interface sends a program stream key encryption request to the service platform, and carries a session identifier, a program stream identifier, a program stream key identifier, and program stream key data; and obtains program stream encryption control information from the service platform and stores the information, including the encrypted Program stream key, service key identifier and identification parameter of the mobile communication system network; obtaining the start and end time information of the corresponding program through the interface with the content broadcast control system, aligning to start a new encryption period, and program streaming The key is used as the encryption encryption period range, as the basis for synchronizing with the program stream key of the service platform;
加密机,使用加密后的节目流密钥来加密编码后的节目流, 复用多个网 络的加密控制信息到输出数据流中, 并输出到复用系统。  The encryption machine encrypts the encoded program stream using the encrypted program stream key, multiplexes the encrypted control information of the plurality of networks into the output data stream, and outputs the encoded data stream to the multiplexing system.
PCT/CN2007/003922 2006-12-30 2007-12-29 A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system WO2008086714A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA200610172266XA CN101009553A (en) 2006-12-30 2006-12-30 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system
CN200610172266.X 2006-12-30

Publications (1)

Publication Number Publication Date
WO2008086714A1 true WO2008086714A1 (en) 2008-07-24

Family

ID=38697728

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/003922 WO2008086714A1 (en) 2006-12-30 2007-12-29 A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system

Country Status (2)

Country Link
CN (1) CN101009553A (en)
WO (1) WO2008086714A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387500A (en) * 2011-10-25 2012-03-21 中兴通讯股份有限公司 Service key management method and system
CN110942382A (en) * 2019-10-15 2020-03-31 平安科技(深圳)有限公司 Electronic contract generating method and device, computer equipment and storage medium
CN111597394A (en) * 2020-04-24 2020-08-28 云南电网有限责任公司电力科学研究院 Multi-dimensional, multi-layer and multi-granularity multi-network fusion modeling method
CN114679689A (en) * 2020-12-09 2022-06-28 中国联合网络通信集团有限公司 Method and device for forwarding multimedia message
CN117714216A (en) * 2024-02-06 2024-03-15 杭州城市大脑有限公司 Data unauthorized access control method based on encryption of multidimensional unique identification

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system
CN101267533B (en) * 2007-03-14 2010-05-19 中国移动通信集团公司 Method, system and mobile terminal for playing program stream at different platform terminals
CN101127596B (en) * 2007-09-20 2012-04-11 中兴通讯股份有限公司 A method and system for program stream secret key encryption in broadcast mobile TV service
CN101399960B (en) * 2007-09-25 2010-12-01 中兴通讯股份有限公司 Program stream key encryption method and system in broadcast type mobile television service
CN101146209B (en) * 2007-09-26 2011-05-25 中兴通讯股份有限公司 A method and system for program stream secret key encryption in mobile multi-media broadcasting service
CN101132414A (en) * 2007-09-28 2008-02-27 中兴通讯股份有限公司 Encryption method and system for key transmission in mobile multimedia broadcasting service
CN101415104B (en) * 2007-10-15 2011-04-06 中兴通讯股份有限公司 Method and system for implementing program current cipher key of mobile multimedia broadcast service
CN101184274B (en) * 2007-12-12 2011-05-25 中兴通讯股份有限公司 Method of implementing mobile terminal condition reception
JP2011507414A (en) * 2007-12-21 2011-03-03 コクーン データ ホールディングス リミテッド System and method for protecting data safety
CN101499866B (en) * 2008-02-01 2011-12-07 中兴通讯股份有限公司 Service cipher key transmitting method in multimedia broadcast service
CN101499901B (en) * 2008-02-01 2011-08-17 中国移动通信集团公司 Method, terminal and television broadcast server for sending request from triggering terminal to mobile server
CN101521570B (en) * 2008-02-27 2012-09-19 华为技术有限公司 Method, system and device for realizing IPTV multicast service media safety
CN101577595B (en) * 2008-05-09 2011-07-13 中兴通讯股份有限公司 Method and system for encrypting program stream keys in multi-media broadcast service
CN101626568B (en) * 2008-07-11 2011-11-16 中国移动通信集团公司 Method and device for acquiring service key
CN101651509B (en) * 2008-08-15 2012-08-15 威盛电子(中国)有限公司 Terminal and method for securely playing multimedia broadcast content
CN101656583B (en) * 2008-08-21 2012-07-04 中兴通讯股份有限公司 Key management system and key management method
CN101714904B (en) * 2008-10-08 2012-05-09 中兴通讯股份有限公司 Key management system and method
CN101729269B (en) * 2008-10-16 2012-05-23 中兴通讯股份有限公司 Method and system for implementing multimedia broadcast/multicast service, and bearer selection method
CN101478544B (en) * 2009-01-15 2012-01-11 中兴通讯股份有限公司 Implementation method and apparatus for multimedia broadcast multiple ciphering and deciphering
CN101521794B (en) * 2009-03-31 2011-04-20 中兴通讯股份有限公司 Mobile TV terminal and local program encrypting method thereof
CN101527836B (en) 2009-04-07 2011-10-26 中兴通讯股份有限公司 Terminal for transmitting continuous service multiplexing configuration information, and system and method thereof
CN101924907B (en) * 2009-06-12 2013-08-28 北京视博数字电视科技有限公司 Method for realizing condition receiving, terminal equipment and front end thereof
CN101931780A (en) * 2009-06-22 2010-12-29 中兴通讯股份有限公司 Method and terminal for sharing mobile multimedia broadcasting program
CN102056161B (en) * 2009-10-28 2015-04-22 上海摩波彼克半导体有限公司 Method for realizing layered key management in wireless mobile communication network
CN102158757A (en) * 2010-02-11 2011-08-17 中兴通讯股份有限公司 Terminal and method for playing television service thereof
CN101860406B (en) * 2010-04-09 2014-05-21 北京创毅视讯科技有限公司 Central processor and mobile multimedia broadcasting device, system and method
CN102300154B (en) * 2010-06-25 2015-07-22 中兴通讯股份有限公司 Method and device for updating key in multimedia broadcast system
CN102404629B (en) * 2010-09-17 2014-08-06 中国移动通信有限公司 Method and device for processing television program data
CN102355598B (en) * 2011-10-08 2014-02-19 北京视博数字电视科技有限公司 Operating system drive layer-based scrambling method and device
CN104205863B (en) * 2012-03-27 2017-10-27 三菱电机株式会社 Digital broacast receiver and digital broadcast receiving method
CN103686251B (en) * 2012-09-05 2017-02-22 中国移动通信集团公司 System, method and device for playing program stream in multimedia broadcasting service
CN103763586B (en) * 2014-01-16 2017-05-10 北京酷云互动科技有限公司 Television program interaction method and device and server
CN104410828B (en) * 2014-11-26 2019-04-12 北京视博数字电视科技有限公司 Family's monitoring method and equipment
CN104661051A (en) * 2015-03-09 2015-05-27 深圳市九洲电器有限公司 Streaming media pushing method and system
CN105515768B (en) 2016-01-08 2017-07-21 腾讯科技(深圳)有限公司 A kind of methods, devices and systems of more new key
CN105828186B (en) * 2016-03-23 2018-09-28 福建新大陆通信科技股份有限公司 A kind of set-top box recording secondary encrypted method of program
CN107707514B (en) * 2017-02-08 2018-08-21 贵州白山云科技有限公司 One kind is for encrypted method and system and device between CDN node
CN110890968B (en) * 2019-10-24 2022-08-23 成都卫士通信息产业股份有限公司 Instant messaging method, device, equipment and computer readable storage medium
CN111432242B (en) * 2020-03-31 2022-05-27 广州市百果园信息技术有限公司 Encrypted video call method, device, equipment and storage medium
CN111901101B (en) * 2020-06-24 2022-03-25 烽火通信科技股份有限公司 Key updating method and system
CN115276963A (en) * 2022-06-13 2022-11-01 云南电网有限责任公司 Power grid security management method, system and medium based on intelligent key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1764274A (en) * 2004-10-23 2006-04-26 四川长虹电器股份有限公司 Digital videocast system capable of mobile reception
CN1852418A (en) * 2006-04-27 2006-10-25 中国移动通信集团公司 Mobile television television broadcasting control system and broadcasting network and method
CN1867066A (en) * 2005-05-20 2006-11-22 中国移动通信集团公司 Digital television program broadcasting system and method
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1764274A (en) * 2004-10-23 2006-04-26 四川长虹电器股份有限公司 Digital videocast system capable of mobile reception
CN1867066A (en) * 2005-05-20 2006-11-22 中国移动通信集团公司 Digital television program broadcasting system and method
CN1852418A (en) * 2006-04-27 2006-10-25 中国移动通信集团公司 Mobile television television broadcasting control system and broadcasting network and method
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102387500A (en) * 2011-10-25 2012-03-21 中兴通讯股份有限公司 Service key management method and system
CN102387500B (en) * 2011-10-25 2015-10-28 中兴通讯股份有限公司 A kind of business cipher key management method and system
CN110942382A (en) * 2019-10-15 2020-03-31 平安科技(深圳)有限公司 Electronic contract generating method and device, computer equipment and storage medium
CN110942382B (en) * 2019-10-15 2024-05-28 平安科技(深圳)有限公司 Electronic contract generation method and device, computer equipment and storage medium
CN111597394A (en) * 2020-04-24 2020-08-28 云南电网有限责任公司电力科学研究院 Multi-dimensional, multi-layer and multi-granularity multi-network fusion modeling method
CN111597394B (en) * 2020-04-24 2023-08-08 云南电网有限责任公司电力科学研究院 Multi-dimensional, multi-layer and multi-granularity multi-network fusion modeling method
CN114679689A (en) * 2020-12-09 2022-06-28 中国联合网络通信集团有限公司 Method and device for forwarding multimedia message
CN114679689B (en) * 2020-12-09 2023-10-31 中国联合网络通信集团有限公司 Method and device for forwarding multimedia message
CN117714216A (en) * 2024-02-06 2024-03-15 杭州城市大脑有限公司 Data unauthorized access control method based on encryption of multidimensional unique identification
CN117714216B (en) * 2024-02-06 2024-04-30 杭州城市大脑有限公司 Data unauthorized access control method based on encryption of multidimensional unique identification

Also Published As

Publication number Publication date
CN101009553A (en) 2007-08-01

Similar Documents

Publication Publication Date Title
WO2008086714A1 (en) A method and system for realizing safety of cipher key in multi-network fusion mobile multi-media broadcasting system
CA2496677C (en) Method and apparatus for secure data transmission in a mobile communication system
US8121296B2 (en) Method and apparatus for security in a data processing system
CN101166259B (en) Mobile phone TV service protection method, system, mobile phone TV server and terminal
CN101513011B (en) Method and system for the continuous transmission of encrypted data of a broadcast service to a mobile terminal
AU2002342014B2 (en) Method and apparatus for security in a data processing system
US20100153709A1 (en) Trust Establishment From Forward Link Only To Non-Forward Link Only Devices
AU2009252117A1 (en) Method and apparatus for providing broadcast service using encryption key in a communication system
CN101998384B (en) Method for encrypting transmission medium stream, encryption server and mobile terminal
US7239705B2 (en) Apparatus and method for broadcast services transmission and reception
CN101582730B (en) Method, system, corresponding device and communication terminal for providing MBMS service
KR101123598B1 (en) Method and apparatus for security in a data processing system
CN100544429C (en) A kind of mobile phone TV services content protecting method
WO2008080284A1 (en) Method and system for accessing mobile multimedia-broadcasting channel in a fusion network
CN101499866B (en) Service cipher key transmitting method in multimedia broadcast service
CN101087188A (en) MBS authentication secret key management method and system in wireless network
CN101184274B (en) Method of implementing mobile terminal condition reception
JP2008236146A (en) Contents distribution method, relay node, data communication program, and recording medium storing the program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07855922

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07855922

Country of ref document: EP

Kind code of ref document: A1