WO2009039692A1 - A method and system for encrypting a program stream key in the mobile multimedia broadcast service - Google Patents

A method and system for encrypting a program stream key in the mobile multimedia broadcast service Download PDF

Info

Publication number
WO2009039692A1
WO2009039692A1 PCT/CN2007/003574 CN2007003574W WO2009039692A1 WO 2009039692 A1 WO2009039692 A1 WO 2009039692A1 CN 2007003574 W CN2007003574 W CN 2007003574W WO 2009039692 A1 WO2009039692 A1 WO 2009039692A1
Authority
WO
WIPO (PCT)
Prior art keywords
program stream
key
service
platform
stream key
Prior art date
Application number
PCT/CN2007/003574
Other languages
French (fr)
Chinese (zh)
Inventor
Fengjun Li
Ye Wang
Ning Hu
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2009039692A1 publication Critical patent/WO2009039692A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/23Arrangements for conditional access to broadcast information or to broadcast-related services using cryptography, e.g. encryption, authentication, key distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/61Network physical structure; Signal processing
    • H04N21/6106Network physical structure; Signal processing specially adapted to the downstream path of the transmission network
    • H04N21/6131Network physical structure; Signal processing specially adapted to the downstream path of the transmission network involving transmission via a mobile phone network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8355Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of mobile multimedia broadcast services, and in particular, to a method and system for encrypting program stream keys in a mobile multimedia broadcast service.
  • mobile multimedia broadcasting services such as mobile TV services
  • mobile multimedia broadcasting service refers to transmitting digital audio and video content to a mobile terminal having an operating system and a video function in a broadcast form, and realizing management and accounting for services and users by using a two-way channel of the mobile network.
  • Key management is an important part of the mobile multimedia broadcast service.
  • the mobile terminal can parse the program stream key by using the obtained service key, and then the mobile terminal decrypts the encrypted program stream by using the program stream key, so that the multimedia video content can be viewed, and thus, the program stream key can be seen.
  • Encryption technology is indispensable for key management.
  • the prior art patent application No. CN200610078904 Chinese patent application "Mobile TV broadcast control system and broadcast network and broadcast method”, discloses a method for encrypting program stream key of service platform, namely: mobile TV service After receiving the program stream key sent by the multimedia broadcast platform, the platform encrypts the program stream key with the service key, and then the mobile TV service platform returns the encrypted program stream key to the multimedia broadcast platform.
  • the inadequacy of the Chinese patent application CN200610078904 is that some mobile operators may operate multiple mobile networks at the same time, such as the 3GPP system network and the 3GPP2 system network, and in different mobile networks, the program stream key is encrypted with the service key. The way is different. Therefore, in order to solve this problem, mobile operators need to build multiple sets of mobile TV service platforms for different mobile networks, which increases the cost of operators to a certain extent, and is not conducive to unified management and maintenance of mobile TV services.
  • an object of the present invention is to provide a method and system for encrypting a program stream key in a mobile multimedia broadcast service, which simultaneously supports program stream key encryption of a plurality of mobile networks, thereby reducing system construction cost. And is conducive to the management and maintenance of the system.
  • the present invention provides a method for encrypting a program stream key in a mobile multimedia broadcast service, which is used in a system including a service platform and a multimedia broadcast platform, and the method includes:
  • the multimedia broadcast platform sends the program stream key to the service platform through the inter-platform connection;
  • the service platform determines which mobile network user the service object is, and encrypts the program stream key according to different service objects by using different program stream key encryption methods;
  • the service platform sends the encrypted program stream key to the multimedia broadcast platform through the inter-platform connection.
  • the mobile network comprises a 3GPP system network and/or a 3GPP2 system network.
  • the 3GPP system network includes: a GSM network, a GPRS network,
  • WCDMA network WCDMA network
  • TD-SCDMA network TD-SCDMA network
  • the 3GPP2 system network comprises: a CDMA2000 network.
  • the step A includes: the multimedia broadcast platform transmitting a program stream key encryption request message to the service platform, where the request message includes a program stream key and a program stream identifier.
  • the step B includes: the service platform obtaining a service key according to the program stream identifier.
  • the step B includes: when the service platform determines that the service object is a 3GPP system network user, the service stream key is encrypted by using the service key, and the service object is determined to be a 3GPP2 network user.
  • the program stream key is encrypted using a short-term key.
  • the step B includes: the short-term key is generated by a service key and a random number generated spontaneously by a service platform.
  • the step C includes: the service platform generating a program stream key response message is sent to the multimedia broadcast platform, and the response message includes an encrypted program stream key and a program stream key identifier.
  • the service platform is a mobile TV service platform.
  • the present invention also provides a system for encrypting a program stream key in a mobile multimedia broadcast service, comprising a service platform and a multimedia broadcast platform, wherein the system performs program stream key encryption: the multimedia broadcast platform sends a program stream key to the a service platform; the service platform determines and encrypts the program stream key by using a different program stream key encryption method according to a specific mobile network of the monthly service object; the service platform sends the encrypted program stream key to the service platform The multimedia broadcast platform.
  • the service platform includes a '. timer module, a program stream key management module, and a program stream encryption module;
  • the multimedia broadcast platform includes: a program stream key processing module and a program stream information management module.
  • the timer module is configured to send a process start message to the program stream key management module, where the message includes program stream identification information; and a program stream key management module: configured to generate a program by receiving the timer module program stream identification information a stream key, and sending a program stream key encryption request message to the program stream key processing module, where the request message includes a program stream key and program stream identification information; and a program stream key processing module: used to stream the program stream information management module Requesting program stream information, the request message includes program stream identification information, and determining, according to the service object identification information, if the service object is a 3GPP system network user, encrypting the program stream key in a 3GPP system network encryption manner; The object is a 3GPP2 system network user, then the 3GPP2 system network plus Embodiment of the keys are encrypted program stream, and sends the encrypted program stream to the program stream key key management module;
  • the program stream information management module is configured to receive the program stream identification information sent by the program stream key processing module, and return the service key and the service key identification information corresponding to the program stream to the program stream key processing module according to the program stream identification information.
  • the service object identifier information where the service object identifier information is used to indicate whether the service object is a 3GPP system network user or a 3GPP2 system network user.
  • FIG. 1 is a system architecture diagram of throttle key encryption in a mobile multimedia broadcast service according to a first embodiment of the present invention.
  • FIG. 2 is a system architecture diagram of program stream key encryption in a mobile multimedia broadcast service according to a preferred embodiment of the first embodiment of the present invention.
  • Fig. 3 is a flow chart showing the method of encrypting a program stream key in the mobile multimedia broadcast service according to the first embodiment of the present invention.
  • FIG. 4 is a system architecture diagram of program stream key encryption in a mobile multimedia broadcast service according to a second embodiment of the present invention.
  • FIG. 5 is a flow chart showing the method of buffer key encryption in the mobile multimedia broadcast service according to the second embodiment of the present invention. detailed description
  • the mobile multimedia broadcast system 100 mainly includes a service platform 10 and a multimedia broadcast platform 20.
  • the service platform 10 is connected to the N types of mobile networks 40, and provides the key encryption management functions of the multimedia broadcast service to the N types of mobile network users 48 through the N types of mobile networks 40.
  • the mobile network user 48 corresponds to the mobile network 40 and is a service object of the service platform 10 and the multimedia broadcast platform.
  • the encrypted program stream is dense.
  • the mobile network user is referred to as the service object of the encrypted program stream key.
  • the mobile network 40 includes a 3GPP system network 41 and/or a 3GPP2 system network 42, which includes but is not limited to GSM, GPRS, WCDMA, TD-SCDMA networks, and the 3GPP2 system network 42 includes, but is not limited to, a CDMA2000 network.
  • the multimedia broadcasting platform 20 is mainly used for providing broadcast television program content and related management information.
  • the multimedia broadcast platform 20 is configured to transmit a program stream key encryption request message to the service platform 10, where the request message includes at least a program stream key, and obtains a program stream key encryption response message from the service platform 10, The response message includes at least the encrypted program stream key.
  • the service platform 10 is used to provide multimedia broadcast services for users of various mobile networks operated by it, such as key management functions of mobile TV services.
  • the service platform 10 is mainly used to receive the program stream key transmitted by the multimedia broadcast platform 20, and according to different service objects, that is, the mobile network user 48 adopts different mobile networks 40, and uses different encryption methods to stream program streams.
  • the key is encrypted and the encrypted program stream key is fed back to the multimedia broadcast platform 20.
  • the service platform 10 when determining that the service object is a 3GPP system network 41 user, encrypts the program stream key by using the program stream key encryption method of the 3GPP system network 41, that is, using the program.
  • the flow corresponds to the service key encrypted program stream key stored in the service platform 10; if the service object is the 3GPP2 system network 42 user, the program stream key encryption method of the 3GPP2 system network 42 is used to stream the program stream.
  • the key is encrypted, that is, the service stream key is generated by using the service key stored in the service platform 10 and a random number corresponding to the program stream to generate a short-term key (SK, Short-term Key); and then to the multimedia broadcast platform.
  • the response message includes at least the encrypted program stream key, thereby implementing the single service platform 10 to simultaneously support the program stream key encryption of the 3GPP system network 41 and the 3GPP2 system network 42.
  • FIG. 3 is a flowchart of a method for encrypting a program stream key in a mobile multimedia broadcast service according to a first embodiment of the present invention. The method is implemented by the system 100 shown in FIG. 1, and the steps include the following steps:
  • Step S301 the multimedia broadcast platform 20 sends the program stream key to the service platform 10;
  • step S301 includes: The multimedia broadcast platform 20 transmits a program stream key encrypted request message to the service platform 10 (such as a mobile TV service platform), and the request message includes at least a program stream key.
  • Step S302 The service platform 10 determines, according to which mobile network user the service object is 48, and encrypts the program stream key according to different service objects using different program stream key encryption methods;
  • step S302 includes: after receiving the request message of the multimedia broadcast platform 20, the service platform determines which mobile network user the service object is:
  • the program stream key is encrypted by the program stream key encryption method of the 3GPP system network 41, that is, the service confidentiality stored in the service platform 10 corresponding to the program stream is used.
  • Key encryption program stream key encryption program stream key
  • the program stream key is encrypted by the program stream key encryption method of the 3GPP2 system network 42, that is, the service stored in the service platform 10 corresponding to the program stream is used.
  • a key (short-term key) encrypted throttle key generated by a key and a random number;
  • Step S303 The service platform 10 sends the encrypted program stream key to the multimedia broadcast platform 20.
  • the step S303 includes: the service platform 10 returns a response message of the program stream key encryption to the multimedia broadcast platform 20, where the response message includes at least the encrypted program stream key and the program stream key identifier.
  • the program stream key identifies a program stream key for use by the mobile network user 48 to identify the encryption.
  • FIG. 4 is a system architecture diagram of a program stream key encryption in a mobile multimedia broadcast service according to a second embodiment of the present invention.
  • the mobile multimedia broadcast system 100 mainly includes a service platform 10 and a multimedia broadcast platform 20, and the service platform 10 and N kinds of mobile networks 40 are connected, and provide multimedia broadcast services to mobile network users 48 (based on mobile networks, classified as 3GPP system mobile network users and 3GPP2 system mobile network users) through N mobile networks 40 (refer to FIG. 1).
  • the key encryption management function, in the second embodiment, the mobile network user 48 is also a service object that accepts the program stream key encryption of the service platform 10 based on one of the N types of mobile networks.
  • the mobile network 40 includes a 3GPP system network 41 and/or a 3GPP2 system network 42, including but not limited to GSM, GPRS, WCDMA, TD-SCDMA networks, including but not limited to CDMA2000 networks.
  • the service platform 10 is mainly used for providing multimedia broadcasting services for users of various mobile networks, such as a key management function of the mobile TV service, including a program stream key processing module 104 and a program stream information management module 105.
  • the multimedia broadcast platform 20 is mainly used for providing broadcast television program content and related management information, and includes a timer module 101, a program stream key management module 102, and a program stream encryption module 103.
  • the timer module 101 is mainly used as a trigger starting point for the program stream key transmission management process, and can trigger the process through various conditions, for example, when a certain time arrives;
  • the program stream key management module 102 configured to generate a program stream key by itself, and send a request message to the program stream key processing module 104 to request encryption of the program stream key, and accept the program stream from the service platform 10.
  • the program stream encryption module 103 encrypts the program stream content by using the program stream key according to a certain encryption algorithm, and sends the ECM format information, the encrypted program stream, and other parameters required for broadcast transmission to the mobile network user 48;
  • the program stream key processing module 104 generates a short-term key suitable for the service object to be a 3GPP2 system network according to the service key corresponding to the program stream and a random number, so as to perform program stream key encryption for the 3GPP2 system network user;
  • the service key corresponding to the program stream is used to encrypt the program stream key for the 3GPP system network user;
  • the program stream related information may be obtained from the program stream information management module 102 according to the program stream identifier, for example, the service corresponding to the program stream. Key, service key identifier, and service object identification information;
  • the program stream information management module 105 is mainly used to provide program stream related information for other modules, such as: a service key corresponding to the program stream, a service key identifier, and a service object identifier information, such as whether the service object is a 3GPP system network user or a 3GPP2 system. Network users, etc.
  • the mobile network user 48 acts as an encryption through a terminal, such as a mobile terminal.
  • the decoding playback terminal of the post-program stream decrypts the received program stream according to the 3GPP and/or 3GPP2 specifications, and performs decoding and decoding.
  • the specific decoding and playback is easy for those skilled in the art to think about, and it is no longer a rumor.
  • Figure 5 is a flow chart showing a method for encrypting a program stream key in a mobile multimedia broadcast service according to a second embodiment of the present invention.
  • Step 201 The timer module 101 determines the timing time to send a process start message to the program stream key management module 102, where the message includes program stream identification information, and the program stream key management module 102 feeds back the process to the timer module 101. Start a message response;
  • Step 202 The program stream key management module 102 generates a program stream key by itself, and sends a program stream key encryption request message to the program stream key processing module 104.
  • the request message includes a program stream key and program stream identification information.
  • Step 203 The program stream key processing module 104 requests the program stream information management module 105 to request program stream information, where the request message includes program stream identification information;
  • Step 204 The program stream information management module 105 returns the service key, the service key identification information, and the service object identification information corresponding to the program stream to the program stream key processing module 104 according to the program stream identification information, where the service object identification information is used.
  • the service object is a 3GPP system network user or a 3GPP2 system network user;
  • Step 205 The program stream key processing module 104 determines, according to the service object identifier information, if the service object is a 3GPP system network user, encrypts the program stream key in a 3GPP system network encryption manner; if the service object is a 3GPP2 system network The user encrypts the program stream key in a 3GPP2 system network encryption manner.
  • the program stream key processing module 104 encrypts the program stream key by using the MI EY specification with the service key as a parameter; when the service object is a 3GPP2 system network user The program stream key processing module 104 uses the service key and a self-generated random number to generate a short-term key using the F3 algorithm specified by 3GPP2, and encrypts the node 11 stream key using a short-term key, and the encryption algorithm
  • the AES algorithm can be used.
  • Step 206 The program stream key processing module 104 determines that if the service object is a 3GPP system network user, the encrypted program stream key and the decryption information are used as an acknowledgment in the ECM format. The information is sent to the program stream key management module 102. If the service object is a 3GPP2 system network user, the encrypted program stream key, the service key identifier, and the random number are sent to the program stream key management by using the ECM format as a response message. Module 102.
  • Step 207 The program stream key management module 102 forwards the response message to the program stream encryption module.
  • Step 208 The stream encryption module 103 encrypts the program stream information by using the program stream key, and sends the ECM format information, the encrypted program stream, and the broadcast related parameters to the mobile network user 48 in a broadcast manner, and the mobile network user passes the terminal. , such as a mobile terminal, for decryption playback.
  • the system and method of the present invention determine that the service objects are different through the service platform, and the program stream key encryption of different mobile networks can be implemented by using different program stream key encryption methods, thereby facilitating simultaneous operation of different mobile networks.
  • Operators only need to build a set of service platforms and multimedia broadcast platforms to provide mobile multimedia broadcast services (such as mobile TV services) to users of different mobile networks, reducing the construction cost and facilitating system maintenance.

Abstract

A method and system for encrypting a program stream key in the mobile multimedia broadcast service. The method includes: a multimedia broadcast platform sends a program stream key to a service platform via the connection between the platforms, the service platform judges and encrypts the program stream key using different program stream key encryption manner according to the particular mobile network of a service object, the service platform sends the encrypted program stream key to the multimedia broadcast platform via the connection between the platforms again. The system uses the method. By using the different program stream key encryption manner after the service platform judges the different service object, the method and system make the operators of the different mobile network only need to construct a set of a mobile phone TV service platform and the multimedia broadcast platform to provide the mobile phone TV service to the user of the different mobile network. The construction cost is reduced and the system maintenance is favorable.

Description

一种移动多媒体广播业务中节目流密钥加密的方法及系統  Method and system for encrypting program stream key in mobile multimedia broadcast service
技术领域 Technical field
本发明涉及一种移动多媒体广播业务领域,尤其涉及一种移动多媒体广 播业务中融合的节目流密钥加密的方法和系统。  The present invention relates to the field of mobile multimedia broadcast services, and in particular, to a method and system for encrypting program stream keys in a mobile multimedia broadcast service.
背景技术 Background technique
目前, 移动多媒体广播业务, 比如手机电视业务, 因为不受带宽的限制 而越来越受到众多运营商的重视, 已被认为是未来业务发展的重点。 所谓移 动多媒体广播业务是指以广播形式向具有操作系统和视频功能的移动终端 传送数字音视频内容,利用移动网絡双向信道实现对业务及用户的管理和计 费。 其中, 密钥管理是移动多媒体广播业务中的重要组成部分, 移动终端的 用户准备收看电视节目时,会接收到来自的加密的节目流密钥及由节目流密 钥加密的节目流,这时移动终端可用已获得的业务密钥对节目流密钥进行解 析,再由移动终端使用节目流密钥对加密的节目流再进行解密, 即可收看多 媒体视频内容,由此可见,节目流密钥的加密技术是密钥管理所不可或缺的。  At present, mobile multimedia broadcasting services, such as mobile TV services, are increasingly valued by many operators because they are not limited by bandwidth, and have been considered as the focus of future business development. The so-called mobile multimedia broadcasting service refers to transmitting digital audio and video content to a mobile terminal having an operating system and a video function in a broadcast form, and realizing management and accounting for services and users by using a two-way channel of the mobile network. Key management is an important part of the mobile multimedia broadcast service. When the user of the mobile terminal prepares to watch the TV program, it will receive the encrypted program stream key and the program stream encrypted by the program stream key. The mobile terminal can parse the program stream key by using the obtained service key, and then the mobile terminal decrypts the encrypted program stream by using the program stream key, so that the multimedia video content can be viewed, and thus, the program stream key can be seen. Encryption technology is indispensable for key management.
现有技术清参专利申请号为 CN200610078904的中国专利申请 "移动电 视播出控制系统和播放网络及播出方法",其揭示了一种业务平台加密节目 流密钥的方法, 即: 移动电视业务平台接收到由多媒体广播平台发送来的节 目流密钥后, 用业务密钥加密节目流密钥, 然后移动电视业务平台再把加密 后的节目流密钥返回给多媒体广播平台。 中国专利申请 CN200610078904存 在的不足之处为:有一些移动运营商可能同时运营多种移动网络,例如 3GPP 体系网络和 3GPP2体系网络, 而在不同的移动网络中, 用业务密钥加密节 目流密钥的方式是不同的。 因此, 移动运营商为解决此不足, 需要针对不同 移动网络建设多套移动电视业务平台, 这在一定程度上增加了运营商成本, 且不利于对移动电视业务进行统一管理和维护。  The prior art patent application No. CN200610078904, Chinese patent application "Mobile TV broadcast control system and broadcast network and broadcast method", discloses a method for encrypting program stream key of service platform, namely: mobile TV service After receiving the program stream key sent by the multimedia broadcast platform, the platform encrypts the program stream key with the service key, and then the mobile TV service platform returns the encrypted program stream key to the multimedia broadcast platform. The inadequacy of the Chinese patent application CN200610078904 is that some mobile operators may operate multiple mobile networks at the same time, such as the 3GPP system network and the 3GPP2 system network, and in different mobile networks, the program stream key is encrypted with the service key. The way is different. Therefore, in order to solve this problem, mobile operators need to build multiple sets of mobile TV service platforms for different mobile networks, which increases the cost of operators to a certain extent, and is not conducive to unified management and maintenance of mobile TV services.
综上可知, 现有移动多媒体广播业务中节目流密钥加密的技术, 在实际 使用上显然存在不便与缺陷, 所以有必要加以改进。 发明内容 In summary, the technology of program stream key encryption in the existing mobile multimedia broadcast service obviously has inconvenience and defects in practical use, so it is necessary to improve. Summary of the invention
针对上述的缺陷,本发明的目的在于提供一种移动多媒体广播业务中节 目流密钥加密的方法及系统, 其同时支持多种移动网络的节目流密钥加密, 从而可降低系统的建设成本, 并有利于系统的管理维护。  In view of the above drawbacks, an object of the present invention is to provide a method and system for encrypting a program stream key in a mobile multimedia broadcast service, which simultaneously supports program stream key encryption of a plurality of mobile networks, thereby reducing system construction cost. And is conducive to the management and maintenance of the system.
为了实现上述目的,本发明提供一种移动多媒体广播业务中节目流密钥 加密的方法, 用于包含业务平台和多媒体广播平台的系统, 所述方法包括:  In order to achieve the above object, the present invention provides a method for encrypting a program stream key in a mobile multimedia broadcast service, which is used in a system including a service platform and a multimedia broadcast platform, and the method includes:
A、 多媒体广播平台通过平台间连接发送节目流密钥给业务平台;A. The multimedia broadcast platform sends the program stream key to the service platform through the inter-platform connection;
B、 所述业务平台判断服务对象为何种移动网络用户, 并根据不同的服 务对象采用不同的节目流密钥加密方式对所述节目流密钥进行加密; B. The service platform determines which mobile network user the service object is, and encrypts the program stream key according to different service objects by using different program stream key encryption methods;
c、 所述业务平台将加密后的节目流密钥再通过平台间连接发送给所述 多媒体广播平台。  c. The service platform sends the encrypted program stream key to the multimedia broadcast platform through the inter-platform connection.
根据本发明的方法, 所述移动网络包括 3GPP体系网络和 /或 3GPP2体 系网络。  According to the method of the present invention, the mobile network comprises a 3GPP system network and/or a 3GPP2 system network.
根据本发明的方法,所述 3GPP体系网络包括: GSM网络、 GPRS网络、 According to the method of the present invention, the 3GPP system network includes: a GSM network, a GPRS network,
WCDMA网络、 TD-SCDMA网络。 WCDMA network, TD-SCDMA network.
根据本发明的方法, 所述 3GPP2体系网络包括: CDMA2000网络。 根据本发明的方法, 所述步骤 A 中包括: 所述多媒体广播平台向业务 平台发送节目流密钥加密请求消息,请求消息中包含节目流密钥及节目流标 识。  According to the method of the present invention, the 3GPP2 system network comprises: a CDMA2000 network. According to the method of the present invention, the step A includes: the multimedia broadcast platform transmitting a program stream key encryption request message to the service platform, where the request message includes a program stream key and a program stream identifier.
根据本发明的方法,所述步骤 B中包括:所述业务平台根据节目流标识 获得业务密钥。 根据本发明的方法,所述步骤 B中包括: 所述业务平台判断服务对象为 3GPP体系网絡用户情况下, 采用业务密钥对节目流密钥进行加密, 在判断 服务对象是 3GPP2网络用户的情况下, 采用短期密钥对节目流密钥进行加 密。  According to the method of the present invention, the step B includes: the service platform obtaining a service key according to the program stream identifier. According to the method of the present invention, the step B includes: when the service platform determines that the service object is a 3GPP system network user, the service stream key is encrypted by using the service key, and the service object is determined to be a 3GPP2 network user. Next, the program stream key is encrypted using a short-term key.
根据本发明的方法,所迷步骤 B中包括: 所述短期密钥通过业务密钥及 一业务平台自发产生的随机数生成。 才艮据本发明的方法,所述步骤 C中包括:业务平台生成节目流密钥响应 消息发送给多媒体广播平台,所述响应消息包括加密的节目流密钥及节目流 密钥标识。 According to the method of the present invention, the step B includes: the short-term key is generated by a service key and a random number generated spontaneously by a service platform. According to the method of the present invention, the step C includes: the service platform generating a program stream key response message is sent to the multimedia broadcast platform, and the response message includes an encrypted program stream key and a program stream key identifier.
才艮据本发明的方法, 所述业务平台为手机电视业务平台。  According to the method of the present invention, the service platform is a mobile TV service platform.
本发明还提供一种移动多媒体广播业务中节目流密钥加密的系统,包括 业务平台和多媒体广播平台, 该系统这样进行节目流密钥加密: 所述多媒体 广播平台发送节目流密钥给所述业务平台;所述业务平台判断并根据月良务对 象的具体移动网络采用不同节目流密钥加密方式对所述节目流密钥进行加 密; 所述业务平台将加密后的节目流密钥发送给所述多媒体广播平台。 才艮据本发明的系统, 所述业务平台包括'. 定时器模块、 节目流密钥管理 模块及节目流加密模块; 所述多媒体广播平台包括: 节目流密钥处理模块及 节目流信息管理模块, 其中: 定时器模块: 用以向节目流密钥管理模块发送流程启动消息, 消息中包 含有节目流标识信息; 节目流密钥管理模块:用以在接受定时器模块节目流标识信息生成节目 流密钥, 并向节目流密钥处理模块发送节目流密钥加密请求消息,请求消息 中包含节目流密钥及节目流标识信息; 节目流密钥处理模块: 用以向节目流信息管理模块请求节目流信息, 请 求消息中包含节目流标识信息,及根据服务对象标识信息判断, 如果服务对 象是 3GPP 体系网络用户,则以 3GPP体系网络加密方式对所述节目流密钥 进行加密; 如果服务对象是 3GPP2体系网络用户, 则以 3GPP2体系网络加 密方式对所述节目流密钥进行加密,及将所述加密的节目流密钥发送给所述 节目流密钥管理模块;  The present invention also provides a system for encrypting a program stream key in a mobile multimedia broadcast service, comprising a service platform and a multimedia broadcast platform, wherein the system performs program stream key encryption: the multimedia broadcast platform sends a program stream key to the a service platform; the service platform determines and encrypts the program stream key by using a different program stream key encryption method according to a specific mobile network of the monthly service object; the service platform sends the encrypted program stream key to the service platform The multimedia broadcast platform. According to the system of the present invention, the service platform includes a '. timer module, a program stream key management module, and a program stream encryption module; the multimedia broadcast platform includes: a program stream key processing module and a program stream information management module. The timer module is configured to send a process start message to the program stream key management module, where the message includes program stream identification information; and a program stream key management module: configured to generate a program by receiving the timer module program stream identification information a stream key, and sending a program stream key encryption request message to the program stream key processing module, where the request message includes a program stream key and program stream identification information; and a program stream key processing module: used to stream the program stream information management module Requesting program stream information, the request message includes program stream identification information, and determining, according to the service object identification information, if the service object is a 3GPP system network user, encrypting the program stream key in a 3GPP system network encryption manner; The object is a 3GPP2 system network user, then the 3GPP2 system network plus Embodiment of the keys are encrypted program stream, and sends the encrypted program stream to the program stream key key management module;
节目流信息管理模块:用以接受节目流密钥处理模块发送的节目流标识 信息,并根据节目流标识信息向节目流密钥处理模块返回与节目流对应的业 务密钥及业务密钥标识信息及服务对象标识信息,所述服务对象标识信息用 以标示服务对象是 3GPP体系网络用户, 抑或是 3GPP2体系网络用户。 与现有技术相比,本发明所述的系统和方法通过业务平台判断服务对象 不同,采用不同节目流密钥加密方式即可实现不同移动网络的节目流密钥加 密,便于同时运营不同移动网络的运营商只需建设一套手机电视业务平台与 多媒体广播平台就能为不同移动网络的用户提供手机电视业务,降低了建设 成本, 并且利于系统的维护。 附图说明 The program stream information management module is configured to receive the program stream identification information sent by the program stream key processing module, and return the service key and the service key identification information corresponding to the program stream to the program stream key processing module according to the program stream identification information. And the service object identifier information, where the service object identifier information is used to indicate whether the service object is a 3GPP system network user or a 3GPP2 system network user. Compared with the prior art, the system and method of the present invention determine that the service objects are different through the service platform, and the program stream key encryption of different mobile networks can be implemented by using different program stream key encryption methods, thereby facilitating simultaneous operation of different mobile networks. The operator only needs to build a mobile TV service platform and multimedia broadcast platform to provide mobile TV services for users of different mobile networks, which reduces construction costs and facilitates system maintenance. DRAWINGS
图 1 是本发明第一实施例移动多媒体广播业务中节 流密钥加密的系 统架构图。  1 is a system architecture diagram of throttle key encryption in a mobile multimedia broadcast service according to a first embodiment of the present invention.
图 2是本发明第一实施例一优选实施例中移动多媒体广播业务中节目 流密钥加密的系统架构图。  2 is a system architecture diagram of program stream key encryption in a mobile multimedia broadcast service according to a preferred embodiment of the first embodiment of the present invention.
图 3 是本发明第一实施例移动多媒体广播业务中节目流密钥加密的方 法流程图。  Fig. 3 is a flow chart showing the method of encrypting a program stream key in the mobile multimedia broadcast service according to the first embodiment of the present invention.
图 4是本发明第二实施例移动多媒体广播业务中节目流密钥加密的系 统架构图;  4 is a system architecture diagram of program stream key encryption in a mobile multimedia broadcast service according to a second embodiment of the present invention;
图 5 是本发明第二实施例移动多媒体广播业务中节 流密钥加密的方 法流程图。 具体实施方式  Figure 5 is a flow chart showing the method of buffer key encryption in the mobile multimedia broadcast service according to the second embodiment of the present invention. detailed description
为了使本发明的目的、技术方案及优点更加清楚明白, 以下结合附图及 实施例, 对本发明进行进一步详细说明。 应当理解, 此处所描述的具体实施 例仅仅用以解释本发明, 并不用于限定本发明。  The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
请参图 1和图 2, 示出了本发明第一实施例一种移动多媒体广播业务中 节目流密钥加密的系统架构图,移动多媒体广播系统 100主要包括业务平台 10和多媒体广播平台 20, 所述业务平台 10与 N种移动网络 40相连, 并通 过 N种移动网络 40向 N种移动网络用户 48提供多媒体广播业务的密钥加 密管理功能。 在本实施例中, 所述移动网络用户 48与移动网络对应 40, 且 为业务平台 10及多媒体广播平台的服务对象, 换言之, 加密后的节目流密 钥被用于何种移动网络用户,那么此移动网络用户即称为该加密后节目流密 钥的服务对象。 Referring to FIG. 1 and FIG. 2, a system architecture diagram of a program stream key encryption in a mobile multimedia broadcast service according to a first embodiment of the present invention is shown. The mobile multimedia broadcast system 100 mainly includes a service platform 10 and a multimedia broadcast platform 20. The service platform 10 is connected to the N types of mobile networks 40, and provides the key encryption management functions of the multimedia broadcast service to the N types of mobile network users 48 through the N types of mobile networks 40. In this embodiment, the mobile network user 48 corresponds to the mobile network 40 and is a service object of the service platform 10 and the multimedia broadcast platform. In other words, the encrypted program stream is dense. The mobile network user is referred to as the service object of the encrypted program stream key.
移动网络 40包括 3GPP体系网络 41和 /或 3GPP2体系网络 42,所述 3GPP 体系网络包括但不限于 GSM、 GPRS, WCDMA, TD-SCDMA 网络, 所述 3GPP2体系网络 42包括但不限于 CDMA2000网络。  The mobile network 40 includes a 3GPP system network 41 and/or a 3GPP2 system network 42, which includes but is not limited to GSM, GPRS, WCDMA, TD-SCDMA networks, and the 3GPP2 system network 42 includes, but is not limited to, a CDMA2000 network.
多媒体广播平台 20, 主要用于提供广播电视节目内容及相关管理信息。 本发明中,多媒体广播平台 20用于向业务平台 10传送节目流密钥加密的请 求消息, 此请求消息中至少包括节目流密钥, 并自业务平台 10得到节目流 密钥加密的响应消息, 此响应消息中至少包括加密后的节目流密钥。  The multimedia broadcasting platform 20 is mainly used for providing broadcast television program content and related management information. In the present invention, the multimedia broadcast platform 20 is configured to transmit a program stream key encryption request message to the service platform 10, where the request message includes at least a program stream key, and obtains a program stream key encryption response message from the service platform 10, The response message includes at least the encrypted program stream key.
业务平台 10, —般由移动运营商提供, 用于为其运营的多种移动网络 的用户提供多媒体广播业务,比如手机电视业务的密钥管理功能。本发明中, 业务平台 10主要用于接收多媒体广播平台 20传送的节目流密钥,并根据服 务对象的不同, 即移动网络用户 48采用移动网络 40的不同, 采用不同的加 密方式对节目流密钥进行加密,并反馈加密后的节目流密钥至多媒体广播平 台 20。  The service platform 10, generally provided by the mobile operator, is used to provide multimedia broadcast services for users of various mobile networks operated by it, such as key management functions of mobile TV services. In the present invention, the service platform 10 is mainly used to receive the program stream key transmitted by the multimedia broadcast platform 20, and according to different service objects, that is, the mobile network user 48 adopts different mobile networks 40, and uses different encryption methods to stream program streams. The key is encrypted and the encrypted program stream key is fed back to the multimedia broadcast platform 20.
在一优选实施例中, 业务平台 10, 在判断服务对象为 3GPP体系网络 41用户情况下, 则用 3GPP体系网络 41的节目流密钥加密方式对节目流密 钥进行加密, 即: 用与节目流对应的保存在业务平台 10本地的业务密钥加 密节目流密钥; 若是判断服务对象为 3GPP2体系网络 42用户的情况下, 则 用 3GPP2体系网络 42的节目流密钥加密方式对节目流密钥进行加密, 即: 用与节目流对应的保存在业务平台 10本地的业务密钥及一随机数计算生成 短期密钥 (SK, Short-term Key )加密节目流密钥; 再向多媒体广播平台 20 返回节目流密钥加密的响应消息,此响应消息中至少包括加密后的节目流密 钥,从而实现单一业务平台 10同时支持 3GPP体系网络 41和 3GPP2体系网 络 42的节目流密钥加密。  In a preferred embodiment, the service platform 10, when determining that the service object is a 3GPP system network 41 user, encrypts the program stream key by using the program stream key encryption method of the 3GPP system network 41, that is, using the program. The flow corresponds to the service key encrypted program stream key stored in the service platform 10; if the service object is the 3GPP2 system network 42 user, the program stream key encryption method of the 3GPP2 system network 42 is used to stream the program stream. The key is encrypted, that is, the service stream key is generated by using the service key stored in the service platform 10 and a random number corresponding to the program stream to generate a short-term key (SK, Short-term Key); and then to the multimedia broadcast platform. 20 Returning the response message of the program stream key encryption, the response message includes at least the encrypted program stream key, thereby implementing the single service platform 10 to simultaneously support the program stream key encryption of the 3GPP system network 41 and the 3GPP2 system network 42.
图 3 示出了本发明第一实施例提供的一种移动多媒体广播业务中节目 流密钥加密的方法流程, 该方法通过图 1所示的系统 100实现, 具体包括步 骤如下:  FIG. 3 is a flowchart of a method for encrypting a program stream key in a mobile multimedia broadcast service according to a first embodiment of the present invention. The method is implemented by the system 100 shown in FIG. 1, and the steps include the following steps:
步骤 S301、 多媒体广播平台 20发送节目流密钥给业务平台 10; 在一优选实施中, 步骤 S301包括: 多媒体广播平台 20向业务平台 10 (比如一手机电视业务平台)传送节目流密钥加密的请求消息, 此请求消息 中至少包括节目流密钥。 Step S301, the multimedia broadcast platform 20 sends the program stream key to the service platform 10; In a preferred implementation, step S301 includes: The multimedia broadcast platform 20 transmits a program stream key encrypted request message to the service platform 10 (such as a mobile TV service platform), and the request message includes at least a program stream key.
步骤 S302、 所述业务平台 10判断服务对象为何种移动网络用户 48情 况下,并才艮据不同的服务对象采用不同的节目流密钥加密方式对所述节目流 密钥进行加密;  Step S302: The service platform 10 determines, according to which mobile network user the service object is 48, and encrypts the program stream key according to different service objects using different program stream key encryption methods;
在一优选实施中, 步骤 S302包括: 所述业务平台接受多媒体广播平台 20的请求消息后, 判断服务对象为何种移动网络用户:  In a preferred implementation, step S302 includes: after receiving the request message of the multimedia broadcast platform 20, the service platform determines which mobile network user the service object is:
当服务对象为 3GPP体系网络 41用户情况下, 则用 3GPP体系网絡 41 的节目流密钥加密方式对节目流密钥进行加密, 即: 用与节目流对应的保存 在业务平台 10本地的业务密钥加密节目流密钥加密节目流密钥;  When the service object is a user of the 3GPP system network 41, the program stream key is encrypted by the program stream key encryption method of the 3GPP system network 41, that is, the service confidentiality stored in the service platform 10 corresponding to the program stream is used. Key encryption program stream key encryption program stream key;
当服务对象为 3GPP2体系网絡 42用户的情况下,则用 3GPP2体系网络 42 的节目流密钥加密方式对节目流密钥进行加密, 即: 用与节目流对应的 保存在业务平台 10 本地的业务密钥及一随机数所生成的 SK ( Short-term Key, 短期密钥)加密节 流密钥;  When the service object is a 3GPP2 system network 42 user, the program stream key is encrypted by the program stream key encryption method of the 3GPP2 system network 42, that is, the service stored in the service platform 10 corresponding to the program stream is used. a key (short-term key) encrypted throttle key generated by a key and a random number;
步骤 S303、所述业务平台 10将加密后的节目流密钥发送给所述多媒体 广播平台 20。  Step S303: The service platform 10 sends the encrypted program stream key to the multimedia broadcast platform 20.
在一优选实施中, 步骤 S303包括: 所述业务平台 10向多媒体广播平台 20返回节目流密钥加密的响应消息, 此响应消息中至少包括加密后的节目 流密钥及节目流密钥标识, 所述节目流密钥标识用以供移动网络用户 48进 行辨别加密的节目流密钥。  In a preferred implementation, the step S303 includes: the service platform 10 returns a response message of the program stream key encryption to the multimedia broadcast platform 20, where the response message includes at least the encrypted program stream key and the program stream key identifier. The program stream key identifies a program stream key for use by the mobile network user 48 to identify the encryption.
图 4 示出了本发明第二实施例一种移动多媒体广播业务中节目流密钥 加密的系统架构图, 移动多媒体广播系统 100主要包括业务平台 10、 多媒 体广播平台 20, 所述业务平台 10与 N种移动网络 40相连, 并通过 N种移 动网络 40 (参图 1 ) 向移动网络用户 48 (图中基于移动网络, 分类为 3GPP 体系移动网络用户及 3GPP2体系移动网络用户)提供多媒体广播业务的密 钥加密管理功能, 在本第二实施例中, 所述移动网络用户 48亦为基于 N种 移动网络之一接受业务平台 10节目流密钥加密的服务对象。 移动网络 40包括 3GPP体系网络 41和 /或 3GPP2体系网络 42,所述 3GPP 体系网络包括但不限于 GSM、 GPRS, WCDMA, TD-SCDMA 网络, 所述 3GPP2体系网络 42包括但不限于 CDMA2000网络。 FIG. 4 is a system architecture diagram of a program stream key encryption in a mobile multimedia broadcast service according to a second embodiment of the present invention. The mobile multimedia broadcast system 100 mainly includes a service platform 10 and a multimedia broadcast platform 20, and the service platform 10 and N kinds of mobile networks 40 are connected, and provide multimedia broadcast services to mobile network users 48 (based on mobile networks, classified as 3GPP system mobile network users and 3GPP2 system mobile network users) through N mobile networks 40 (refer to FIG. 1). The key encryption management function, in the second embodiment, the mobile network user 48 is also a service object that accepts the program stream key encryption of the service platform 10 based on one of the N types of mobile networks. The mobile network 40 includes a 3GPP system network 41 and/or a 3GPP2 system network 42, including but not limited to GSM, GPRS, WCDMA, TD-SCDMA networks, including but not limited to CDMA2000 networks.
业务平台 10, 主要用于为其运营的多种移动网络的用户提供多媒体广 播业务, 比如手机电视业务的密钥管理功能, 其包括节目流密钥处理模块 104及节目流信息管理模块 105。  The service platform 10 is mainly used for providing multimedia broadcasting services for users of various mobile networks, such as a key management function of the mobile TV service, including a program stream key processing module 104 and a program stream information management module 105.
多媒体广播平台 20, 主要用于提供广播电视节目内容及相关管理信息, 其包括定时器模块 101、 节目流密钥管理模块 102及节目流加密模块 103。  The multimedia broadcast platform 20 is mainly used for providing broadcast television program content and related management information, and includes a timer module 101, a program stream key management module 102, and a program stream encryption module 103.
定时器模块 101: 主要用于作为节目流密钥传输管理流程的触发起点, 可通过多种条件触发流程, 比如当一定时间到达时;  The timer module 101 is mainly used as a trigger starting point for the program stream key transmission management process, and can trigger the process through various conditions, for example, when a certain time arrives;
节目流密钥管理模块 102: 用于自行生成节目流密钥, 并向节目流密钥 处理模块 104发送请求消息, 以请求对该节目流密钥进行加密, 并自业务平 台 10接受该节目流密钥加密请求消息的 ECM格式的响应信息, 其中响应 消息中包括加密的节目流密钥、 节目流密钥标识及其他解密信息, 其中请求 消息包括节目流密钥及节目流标识。  The program stream key management module 102: configured to generate a program stream key by itself, and send a request message to the program stream key processing module 104 to request encryption of the program stream key, and accept the program stream from the service platform 10. The response information of the ECM format of the key encryption request message, wherein the response message includes an encrypted program stream key, a program stream key identifier, and other decryption information, wherein the request message includes a program stream key and a program stream identifier.
节目流加密模块 103: 根据一定的加密算法用节目流密钥对节目流内容 加密, 并将 ECM格式信息、 加密后的节目流以及其他广播传送需要的参数 发送给移动网络用户 48;  The program stream encryption module 103: encrypts the program stream content by using the program stream key according to a certain encryption algorithm, and sends the ECM format information, the encrypted program stream, and other parameters required for broadcast transmission to the mobile network user 48;
节目流密钥处理模块 104: 根据节目流对应的业务密钥和一个随机数产 生适用于服务对象为 3GPP2体系网络的短期密钥, 以便为 3GPP2体系网络 用户进行节目流密钥加密; 并能采用节目流对应的业务密钥对服务对象为 3GPP体系网络用户进行节目流密钥加密; 还可依据节目流标识自节目流信 息管理模块 102中取得节目流相关信息, 比如与节目流对应的业务密钥、业 务密钥标识及服务对象标识信息;  The program stream key processing module 104: generates a short-term key suitable for the service object to be a 3GPP2 system network according to the service key corresponding to the program stream and a random number, so as to perform program stream key encryption for the 3GPP2 system network user; The service key corresponding to the program stream is used to encrypt the program stream key for the 3GPP system network user; the program stream related information may be obtained from the program stream information management module 102 according to the program stream identifier, for example, the service corresponding to the program stream. Key, service key identifier, and service object identification information;
节目流信息管理模块 105: 主要用于为其他模块提供节目流相关信息, 如: 节目流对应的业务密钥、 业务密钥标识、 服务对象标识信息, 比如服务 对象是 3GPP体系网络用户还是 3GPP2体系网络用户等;  The program stream information management module 105 is mainly used to provide program stream related information for other modules, such as: a service key corresponding to the program stream, a service key identifier, and a service object identifier information, such as whether the service object is a 3GPP system network user or a 3GPP2 system. Network users, etc.
在本实施例中, 移动网络用户 48通过终端, 比如手机终端, 作为加密 后节目流的解码播放终端, 按照 3GPP和 /或 3GPP2规范对接收的节目流进 行解密, 解码播放, 具体解码播放为本发明领域普通技术人员易于思及, 在 此不再赘言。 In this embodiment, the mobile network user 48 acts as an encryption through a terminal, such as a mobile terminal. The decoding playback terminal of the post-program stream decrypts the received program stream according to the 3GPP and/or 3GPP2 specifications, and performs decoding and decoding. The specific decoding and playback is easy for those skilled in the art to think about, and it is no longer a rumor.
图 5 是第二实施例本发明一种移动多媒体广播业务中节目流密钥加密 的方法流程图。  Figure 5 is a flow chart showing a method for encrypting a program stream key in a mobile multimedia broadcast service according to a second embodiment of the present invention.
步骤 201:定时器模块 101判断定时时间到,向节目流密钥管理模块 102 发送流程启动消息, 消息中包含有节目流标识信息, 节目流密钥管理模块 102向定时器模块 101反馈收到流程启动消息响应;  Step 201: The timer module 101 determines the timing time to send a process start message to the program stream key management module 102, where the message includes program stream identification information, and the program stream key management module 102 feeds back the process to the timer module 101. Start a message response;
步驟 202: 节目流密钥管理模块 102自行生成节目流密钥, 向节目流密 钥处理模块 104发送节目流密钥加密请求消息,请求消息中包含节目流密钥 及节目流标识信息;  Step 202: The program stream key management module 102 generates a program stream key by itself, and sends a program stream key encryption request message to the program stream key processing module 104. The request message includes a program stream key and program stream identification information.
步驟 203: 节目流密钥处理模块 104向节目流信息管理模块 105请求节 目流信息, 请求消息中包含节目流标识信息;  Step 203: The program stream key processing module 104 requests the program stream information management module 105 to request program stream information, where the request message includes program stream identification information;
步骤 204: 节目流信息管理模块 105根据节目流标识信息向节目流密钥 处理模块 104返回与节目流对应的业务密钥及业务密钥标识信息及服务对 象标识信息, 所述服务对象标识信息用以标示服务对象是 3GPP体系网络用 户, 抑或是 3GPP2体系网络用户;  Step 204: The program stream information management module 105 returns the service key, the service key identification information, and the service object identification information corresponding to the program stream to the program stream key processing module 104 according to the program stream identification information, where the service object identification information is used. To indicate whether the service object is a 3GPP system network user or a 3GPP2 system network user;
步骤 205: 节目流密钥处理模块 104根据服务对象标识信息判断, 如果 服务对象是 3GPP体系网络用户,则以 3GPP体系网络加密方式对所述节目 流密钥进行加密; 如果服务对象是 3GPP2体系网络用户, 则以 3GPP2体系 网络加密方式对所述节目流密钥进行加密。  Step 205: The program stream key processing module 104 determines, according to the service object identifier information, if the service object is a 3GPP system network user, encrypts the program stream key in a 3GPP system network encryption manner; if the service object is a 3GPP2 system network The user encrypts the program stream key in a 3GPP2 system network encryption manner.
在一优选实施例中, 当服务对象为 3GPP体系网络用户时, 节目流密钥 处理模块 104以业务密钥为参数采用 MI EY规范对节目流密钥进行加密; 当服务对象是 3GPP2体系网络用户, 节目流密钥处理模块 104则使用业务 密钥和一个其自发生成的随机数, 采用 3GPP2规定的 F3算法, 生成短期密 钥, 并使用短期密钥对节 11流密钥进行加密, 加密算法可采用 AES算法。  In a preferred embodiment, when the service object is a 3GPP system network user, the program stream key processing module 104 encrypts the program stream key by using the MI EY specification with the service key as a parameter; when the service object is a 3GPP2 system network user The program stream key processing module 104 uses the service key and a self-generated random number to generate a short-term key using the F3 algorithm specified by 3GPP2, and encrypts the node 11 stream key using a short-term key, and the encryption algorithm The AES algorithm can be used.
步驟 206: 节目流密钥处理模块 104判断, 如果服务对象是 3GPP体系 网络用户, 则将加密后的节目流密钥及解密信息采用 ECM格式作为响应消 息发送给节目流密钥管理模块 102, 如果服务对象是 3GPP2体系网络用户, 则将加密后的节目流密钥, 业务密钥标识、 随机数采用 ECM格式作为响应 消息发送给节目流密钥管理模块 102。 Step 206: The program stream key processing module 104 determines that if the service object is a 3GPP system network user, the encrypted program stream key and the decryption information are used as an acknowledgment in the ECM format. The information is sent to the program stream key management module 102. If the service object is a 3GPP2 system network user, the encrypted program stream key, the service key identifier, and the random number are sent to the program stream key management by using the ECM format as a response message. Module 102.
步骤 207: 节目流密钥管理模块 102 转发响应消息给节目流加密模块 Step 207: The program stream key management module 102 forwards the response message to the program stream encryption module.
103; 103;
步骤 208: 节^)流加密模块 103采用节目流密钥加密节目流信息, 并将 ECM格式信息、 加密后的节目流及广播相关参数采用广播方式发送到移动 网络用户 48, 移动网络用户通过终端, 比如手机终端, 进行解密播放。  Step 208: The stream encryption module 103 encrypts the program stream information by using the program stream key, and sends the ECM format information, the encrypted program stream, and the broadcast related parameters to the mobile network user 48 in a broadcast manner, and the mobile network user passes the terminal. , such as a mobile terminal, for decryption playback.
与现有技术相比,本发明所述的系统和方法通过业务平台判断服务对象 不同,采用不同节目流密钥加密方式即可实现不同移动网络的节目流密钥加 密,便于同时运营不同移动网络的运营商只需建设一套业务平台与多媒体广 播平台就能为不同移动网络的用户提供移动多媒体广播业务(比如手机电视 业务) , 降^ [氐了建设成本, 并且利于系统的维护。  Compared with the prior art, the system and method of the present invention determine that the service objects are different through the service platform, and the program stream key encryption of different mobile networks can be implemented by using different program stream key encryption methods, thereby facilitating simultaneous operation of different mobile networks. Operators only need to build a set of service platforms and multimedia broadcast platforms to provide mobile multimedia broadcast services (such as mobile TV services) to users of different mobile networks, reducing the construction cost and facilitating system maintenance.
当然, 本发明还可有其他多种实施例, 在不背离本发明精神及其实质的 但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。  It is a matter of course that the invention may be embodied in various other forms and modifications without departing from the spirit and scope of the invention.

Claims

权 利 要 求 书 Claim
1、 一种移动多媒体广播业务中节目流密钥加密的方法, 其特征在于, 包括以下步錄:  A method for encrypting a program stream key in a mobile multimedia broadcast service, characterized in that it comprises the following steps:
A、 多媒体广播平台发送节目流密钥给业务平台;  A. The multimedia broadcast platform sends the program stream key to the service platform;
B、 所述业务平台判断并根据 JI艮务对象的具体移动网络采用不同节目流 密钥加密方式对所述节目流密钥进行加密;  B. The service platform determines and encrypts the program stream key by using a different program stream key encryption manner according to a specific mobile network of the JI service object;
C、 所迷业务平台将加密后的节目流密钥发送给所述多媒体广播平台。 C. The service platform sends the encrypted program stream key to the multimedia broadcast platform.
2、根据权利要求 1所述的方法,其特征在于,所述移动网络包括: 3GPP 体系网络和 /或 3GFP2体系网络。 2. The method of claim 1 wherein the mobile network comprises: a 3GPP system network and/or a 3GFP2 system network.
3、 根据权利要求 2所述的方法, 其特征在于, 所述 3GPP体系网络至 少包括其中一个: GSM网络、 GPRS网 、 WCDMA网络、 TD-SCDMA网 络。  3. The method according to claim 2, wherein the 3GPP system network comprises at least one of: a GSM network, a GPRS network, a WCDMA network, and a TD-SCDMA network.
4、 根据权利要求 2所述的方法, 其特征在于, 所述 体系网络至 少包括: CDMA2000网络。  4. The method of claim 2, wherein the system network comprises at least: a CDMA2000 network.
5、 根据权利要求 2所述的方法, 其特征在于, 所述步骤 A中包括: 所 述多媒体广播平台向业务平台发送节目流密钥加密请求消息,该请求消息中 包含节目流密钥及节目流标识。  The method according to claim 2, wherein the step A includes: the multimedia broadcast platform sends a program stream key encryption request message to the service platform, where the request message includes the program stream key and the program Stream ID.
6、 根据权利要求 5所述的方法, 其特征在于, 所述步骤 B中包括: 所 述业务平台才艮据节 ϋ流标识获得业务密钥。  The method according to claim 5, wherein the step B comprises: the service platform obtaining the service key according to the throttle identifier.
7、 根据权利要求 5所述的方法, 其特征在于, 所述步骤 Β中包括: 所 述业务平台才艮据节目流标识自本地获得与及节目流对应的业务密钥及该节 目流标识对应的服务对象标识信息,所述月良务对象标识信息用以标示不同服 务对象。  The method according to claim 5, wherein the step Β comprises: the service platform obtaining, according to the program stream identifier, a service key corresponding to the program stream and corresponding to the program stream identifier according to the program stream identifier The service object identification information is used to indicate different service objects.
8、根据权利要求 6或 7所迷的方法, 其特征在于, 所述步驟 Β中包括: 所述业务平台判断服务对象为 3GPP体系网络用户时, 采用业务密钥对节目 流密钥进行加密, 在判断服务对象是 3GPP2体系网络用户时, 采用短期密 钥对节目流密钥进行加密。 The method according to claim 6 or 7, wherein the step Β comprises: when the service platform determines that the service object is a 3GPP system network user, encrypting the program stream key by using a service key, When the service object is judged to be a 3GPP2 system network user, short-term density is adopted. The key encrypts the program stream key.
9、 ¾L据权利要求 8所迷的方法, 其特征在于, 所述步驟 B中包括: 所 述短期密钥通过与节目流对应的业务密钥及一业务平台自发产生的随机数 生成。 9. The method of claim 8, wherein the step B comprises: the short-term key being generated by a service key corresponding to the program stream and a random number generated spontaneously by a service platform.
10、根据权利要求 1所述的方法, 其特征在于, 所述步骤 C中包括: 业 务平台生成节目流密钥响应消息发送给多媒体广播平台,所述响应消息包括 加密的节目流密钥及节目流密钥标识。 The method according to claim 1, wherein the step C includes: the service platform generates a program stream key response message and sends the message to the multimedia broadcast platform, where the response message includes the encrypted program stream key and the program. Stream key identifier.
11、 根据权利要求 1所述的方法, 其特征在于, 所述业务平台为手机电 视业务平台。 The method according to claim 1, wherein the service platform is a mobile phone TV service platform.
12、 一种移动多媒体广播业务中节目流密钥加密的系统, 包括业务平台 和多媒体广播平台, 其特征在于, 该系统这样进行节目流密钥加密: 所述多 媒体广播平台发送节目流密钥给所述业务平台;所述业务平台判断并根据服 务对象的具体移动网络采用不同节目流密钥加密方式对所述节目流密钥进 行加密; 所述业务平台将加密后的节目流密钥发送给所述多媒体广播平台。 12. A system for encrypting a program stream key in a mobile multimedia broadcast service, comprising a service platform and a multimedia broadcast platform, wherein the system performs program stream key encryption in such a manner that: the multimedia broadcast platform sends a program stream key to The service platform determines that the program stream key is encrypted according to a specific program flow key encryption method according to a specific mobile network of the service object; the service platform sends the encrypted program stream key to the service platform The multimedia broadcast platform.
13、 才艮据权利要求 12所述的系统, 其特征在于, 所述业务平台包括: 定时器模块、 节目流密钥管理模块及节目流加密模块; 所述多媒体广播平台 包括: 节目流密钥处理模块及节目流信息管理模块, 其中: 定时器模块: 用以向节目流密钥管理模块发送流程启动消息, 消息中包 "含有节目流标识信息; 节目流密钥管理模块:用以在接受定时器模块节目流标识信息生成节目 流密钥, 并向节目流密钥处理模块发送节目流密钥加密请求消息,请求消息 中包含节目流密钥及节目流标识信息; 节目流密钥处理模块: 用以向节目流信息管理模块请求节目流信息,请 求消息中包含节目流标识信息,及根据服务对象标识信息判断, 如果服务对 象是 3GPP体系网络用户,则以 3GPP体系网络加密方式对所述节目流密钥 进行加密; 如果服务对象是 3GPP2体系网络用户, 则以 3GPP2体系网络加 密方式对所述节目流密钥进行加密,及将所述加密的节目流密钥发送给所述 节目流密钥管理模块; 节目流信息管理模块:用以接受节目流密钥处理模块发送的节目流标识 信息,并根据节目流标识信息向节目流密钥处理模块返回与节目流对应的业 务密钥及业务密钥标识信息及服务对象标识信息,所述服务对象标识信息用 以标示服务对象是 3GPP体系网络用户, 抑或是 3GPP2体系网络用户。 The system of claim 12, wherein the service platform comprises: a timer module, a program stream key management module, and a program stream encryption module; the multimedia broadcast platform includes: a program stream key a processing module and a program stream information management module, wherein: a timer module: configured to send a process start message to the program stream key management module, wherein the message package includes "program stream identification information; and the program stream key management module: for accepting The timer module program stream identification information generates a program stream key, and sends a program stream key encryption request message to the program stream key processing module, where the request message includes the program stream key and the program stream identification information; the program stream key processing module And the program stream information management module is configured to request program stream information, where the request message includes program stream identification information, and is determined according to the service object identifier information. If the service object is a 3GPP system network user, the 3GPP system network encryption method is used. The program stream key is encrypted; if the service object is a 3GPP2 system network user, then 3GPP2 network architecture of the encryption key is encrypted program stream, and sends the encrypted key to said program stream a program stream key management module; a program stream information management module: configured to receive program stream identification information sent by the program stream key processing module, and return a business secret corresponding to the program stream to the program stream key processing module according to the program stream identification information Key and service key identification information and service object identification information, and the service object identification information is used to indicate whether the service object is a 3GPP system network user or a 3GPP2 system network user.
14、 一种移动多媒体广播业务中节目流密钥加密的方法, 其特征在于, 所述方法应用于服务对象为 3GPP体系网络用户和 /或 3GPP2体系网络用户, 所述方法包括如下步骤: A method for encrypting a program stream key in a mobile multimedia broadcast service, wherein the method is applied to a 3GPP system network user and/or a 3GPP2 system network user, the method comprising the following steps:
A、 多媒体广播平台发送节目流密钥及节目流标识给业务平台; B、所述业务平台根据节目流标识获得业务密钥,如果服务对象是 3GPP 体系网络用户, 所述业务平台用业务密钥对所述节目流密钥进行加密, 如果 服务对象是 3GPP2体系网络用户, 则需要采用短期密钥对节目流密钥进行 加密。 A. The multimedia broadcast platform sends the program stream key and the program stream identifier to the service platform; B. The service platform obtains the service key according to the program stream identifier, and if the service object is a 3GPP system network user, the service platform uses the service key The program stream key is encrypted. If the service object is a 3GPP2 system network user, the program stream key needs to be encrypted by using a short-term key.
C、 所述业务平台将加密后的节目流密钥发送给所述多媒体广播平台。 C. The service platform sends the encrypted program stream key to the multimedia broadcast platform.
15、 根据权利要求 14所述的方法, 其特征在于: 所述步驟 C包括: 业 务平台生成节目流密钥标识及节目流密钥消息, 发送给所述多媒体广播平 The method according to claim 14, wherein: the step C comprises: generating, by the service platform, a program stream key identifier and a program stream key message, and sending the message to the multimedia broadcast level
16、 才艮据权利要求 15所述的方法, 其特征在于: 所述节目流密钥消息 至少包括所述加密后的节目流密钥。 16. The method of claim 15 wherein: said program stream key message includes at least said encrypted program stream key.
17、 根据权利要求 14所述的方法, 其特征在于: 所述步骤 B包括: 所 述业务平台根据节目流标识自其内部获得服务对象标识,所述服务对象标识 表示所述加密的节目流密钥被应用于何种网絡用户, 即表示服务对象是 3GPP体系网络用户, 还是 3GPP2体系网络用户。 The method according to claim 14, wherein: the step B comprises: the service platform obtaining a service object identifier from the inside thereof according to the program stream identifier, where the service object identifier indicates the encrypted program streamline Which network user is used for the key, that is, whether the service object is a 3GPP system network user or a 3GPP2 system network user.
18、 根据权利要求 14-17任一项所述的方法, 其特征在于: 所述步骤 B 中包括:所述短期密钥通过与节目流对应的业务密钥及一业务平台自发产生 的随机数生成。 The method according to any one of claims 14-17, wherein the step B includes: the short-term key passes a service key corresponding to the program stream and a random number generated spontaneously by a service platform. generate.
PCT/CN2007/003574 2007-09-26 2007-12-13 A method and system for encrypting a program stream key in the mobile multimedia broadcast service WO2009039692A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710162360.1 2007-09-26
CN 200710162360 CN101146209B (en) 2007-09-26 2007-09-26 A method and system for program stream secret key encryption in mobile multi-media broadcasting service

Publications (1)

Publication Number Publication Date
WO2009039692A1 true WO2009039692A1 (en) 2009-04-02

Family

ID=39208461

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/003574 WO2009039692A1 (en) 2007-09-26 2007-12-13 A method and system for encrypting a program stream key in the mobile multimedia broadcast service

Country Status (2)

Country Link
CN (1) CN101146209B (en)
WO (1) WO2009039692A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015521710A (en) * 2012-06-28 2015-07-30 アルストム レノバブレス エスパーニャ, エセ.エレ. Floating offshore wind turbine with damping structure
KR20190096179A (en) 2018-02-08 2019-08-19 경북부유식해상풍력발전 주식회사 A buoyant system of floating electricity generation structures
CN114258018A (en) * 2021-11-12 2022-03-29 中国南方电网有限责任公司 Key management method, key management device, computer equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101132414A (en) * 2007-09-28 2008-02-27 中兴通讯股份有限公司 Encryption method and system for key transmission in mobile multimedia broadcasting service
CN101577595B (en) * 2008-05-09 2011-07-13 中兴通讯股份有限公司 Method and system for encrypting program stream keys in multi-media broadcast service
CN101860406B (en) * 2010-04-09 2014-05-21 北京创毅视讯科技有限公司 Central processor and mobile multimedia broadcasting device, system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0843479A1 (en) * 1996-11-14 1998-05-20 THOMSON multimedia Process for data certification by scrambling and certification system using such a process
CN1257652C (en) * 2002-05-01 2006-05-24 日本电气株式会社 Business data multiplex broadcasting system and method and secret key generating system
CN1315324C (en) * 2003-03-05 2007-05-09 华为技术有限公司 Safe access method and device for digital broadcast television network
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100548044C (en) * 2006-04-27 2009-10-07 中国移动通信集团公司 Mobile TV playing control system and playing network and broadcasting method
CN1845599B (en) * 2006-05-17 2010-09-01 中国移动通信集团公司 Method for obtaining and updating service key in mobile television service
CN100544429C (en) * 2006-12-19 2009-09-23 中国电信集团公司 A kind of mobile phone TV services content protecting method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0843479A1 (en) * 1996-11-14 1998-05-20 THOMSON multimedia Process for data certification by scrambling and certification system using such a process
CN1257652C (en) * 2002-05-01 2006-05-24 日本电气株式会社 Business data multiplex broadcasting system and method and secret key generating system
CN1315324C (en) * 2003-03-05 2007-05-09 华为技术有限公司 Safe access method and device for digital broadcast television network
CN101009553A (en) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 Secret key safety method and system for realizing multi-network integration mobile multi-media broadcasting system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015521710A (en) * 2012-06-28 2015-07-30 アルストム レノバブレス エスパーニャ, エセ.エレ. Floating offshore wind turbine with damping structure
KR20190096179A (en) 2018-02-08 2019-08-19 경북부유식해상풍력발전 주식회사 A buoyant system of floating electricity generation structures
CN114258018A (en) * 2021-11-12 2022-03-29 中国南方电网有限责任公司 Key management method, key management device, computer equipment and storage medium
CN114258018B (en) * 2021-11-12 2024-04-09 中国南方电网有限责任公司 Key management method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN101146209B (en) 2011-05-25
CN101146209A (en) 2008-03-19

Similar Documents

Publication Publication Date Title
JP4813006B2 (en) Secure packet-based data broadcasting architecture
JP4705958B2 (en) Digital Rights Management Method for Broadcast / Multicast Service
US8452008B2 (en) Content distributing method, apparatus and system
US7657036B2 (en) Determining a session encryption key during a broadcast/multicast service session using secure real-time transport protocol
EP2111008B1 (en) A method, system and device for realizing the media content conversion
US20100153709A1 (en) Trust Establishment From Forward Link Only To Non-Forward Link Only Devices
RU2357370C1 (en) Device and method of transmitting stream in mobile broadcasting system
US20080063195A1 (en) Method and system for encrypting or decrypting wmv streaming media
EP2378705B1 (en) Data file decryption method, decryption device and data broadcasting system
US8681981B2 (en) Method and apparatus for transmitting voice communications related to a multimedia session
WO2009039692A1 (en) A method and system for encrypting a program stream key in the mobile multimedia broadcast service
US8306223B2 (en) Method and a system for transmitting encrypted control message based on mobile multimedia broadcast
WO2009021455A1 (en) Processing method, device and system for stream media contents
JP2001127757A (en) Data reception method and data receiver
GB2554809A (en) Mobile communications system
WO2007043649A1 (en) Relay unit, communication terminal and communication method
US20060222181A1 (en) Method for transporting real-time audio and video data
CN101127596B (en) A method and system for program stream secret key encryption in broadcast mobile TV service
WO2006024234A1 (en) Method ano apparatus for protecting broadband video and audio broadcast content
CN101399960B (en) Program stream key encryption method and system in broadcast type mobile television service
KR20050107256A (en) System and method for managing encryption key/integrity key of broadcast service in wideband wireless communication system
JP5866636B2 (en) Stream acquisition device, playback processing device, program processing system, stream processing method, and stream processing program
CN1751455A (en) System and method for controlling broadcast multimedia using plural wireless network connections
KR100895027B1 (en) Software plug-in framework to modify decryption methods in terminals
KR20090076723A (en) Authentication system and method of internet protocol television

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07845919

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07845919

Country of ref document: EP

Kind code of ref document: A1