WO2009094851A1 - Système d'accès conditionnel à la télévision numérique et procédé de gestion associé - Google Patents
Système d'accès conditionnel à la télévision numérique et procédé de gestion associé Download PDFInfo
- Publication number
- WO2009094851A1 WO2009094851A1 PCT/CN2008/002145 CN2008002145W WO2009094851A1 WO 2009094851 A1 WO2009094851 A1 WO 2009094851A1 CN 2008002145 W CN2008002145 W CN 2008002145W WO 2009094851 A1 WO2009094851 A1 WO 2009094851A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- receiving
- information
- conditional
- module
- receiving end
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000013475 authorization Methods 0.000 claims description 54
- 238000012545 processing Methods 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 17
- 239000007787 solid Substances 0.000 claims 1
- 238000005516 engineering process Methods 0.000 description 7
- 230000006854 communication Effects 0.000 description 5
- 238000005336 cracking Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 108700007520 CVB protocol Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 239000003973 paint Substances 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4182—External card to be used in combination with the client device, e.g. for conditional access for identification purposes, e.g. storing user identification data, preferences, personal settings or data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/44236—Monitoring of piracy processes or activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/442—Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
- H04N21/4424—Monitoring of the internal components or processes of the client device, e.g. CPU or memory load, processing speed, timer, counter or percentage of the hard disk space used
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
Definitions
- the present invention relates to the field of digital television (including cable, satellite, terrestrial, and IPTV, etc.) and mobile multimedia, and more particularly to a digital television conditional access system and a processing flow thereof for use in encrypting and protecting digital audio and video data.
- digital television including cable, satellite, terrestrial, and IPTV, etc.
- mobile multimedia and more particularly to a digital television conditional access system and a processing flow thereof for use in encrypting and protecting digital audio and video data.
- CA Conditional Access
- conditional access system In the digital television system, the operator uses the conditional access system to encrypt the broadcasted television program and then transmit it on the broadcast network. Only the user authorized by the operator can view the encrypted television program at the receiving end (user). Operators can use conditional access systems to provide various value-added services such as pay-TV programs, video on demand, information services, and the Internet. Conditional access systems provide operators with value-added services and increase the source of income to provide the necessary technical guarantees to become digital TV systems. A basic and most important component of it.
- the digital TV conditional access system is mainly based on the European DVB standard more than 10 years ago. Its main principle is: There is a pair of cyclically changed keys in the digital TV signal encrypted by the front end, called the control word, referred to as CW.
- the conditional access system is responsible for encrypting and securely transmitting the CW to the decryptor of the digital television receiver, while granting the decryption of certain receivers.
- These privileged decryptors decrypt the CW and transmit it to the descrambler, which uses CW to decode the audio and video streams for playback by the playback module.
- the current conditional receiving system uses a smart card at the receiving end, and the decryption algorithm is in the smart card.
- the decryption process sends the encrypted data to the smart card, and the smart card transmits the decrypted CW to the receiving end, and then passes through the receiving end.
- the CA module is transferred to the descrambler.
- the CA module is embedded as a separate part into the set-top box software framework.
- the disadvantage of this traditional technology is that CW can be intercepted in multiple places, posing a hidden danger in security.
- Figure 1 shows the leak point of CW.
- the first point of leakage is the point of communication between the smart card and the receiving end.
- the second leak point is between the CA module and the descrambler.
- the third point of compromise is the communication process between the CA module and the memory RAM.
- the two most important secret parts of CA one is the CA algorithm and the other is the CA module.
- the CA module is easy to crack as described above, so that CW can be easily obtained and then shared on the network, easily bypassing the crack of the highly difficult CA algorithm and breaking most smart card CA systems.
- the life cycle of the CA module is much longer than the life cycle of the algorithm. Often the CA algorithm has been cracked several times, and the CA module has not changed. Therefore, in the case where the current network is relatively developed, cracking the CA module is more meaningful to pirates. This is determined by the structure of the traditional CA system.
- the existing smart card CA system, the communication between the smart card and the set top box, and the session communication such as the command format are basically fixed in the set top box and the smart card, and even if there is a change, there are few changes. For the CA system with a large card issuing amount, This change is even more difficult. In this way, even if the CA vendor knows the leak point of CW, there is no way to remedy it. This is why CW sharing has become mainstream, not only brings piracy risks to operators adopting such CAs, but also affects their own survival.
- the existing smart card CA system is supported by a large number of set-top boxes embedded in the corresponding CA module.
- CA vendors In addition, it is difficult for CA vendors to provide differentiated CA systems for each operator.
- a CA provider provides the same CA algorithm for all operators. When the CA used by one of the operators is cracked, All operators will: ⁇ to influence.
- the decryption control device at least needs to include a smart card interface circuit, a smart card reading device and a dedicated smart card.
- This decryption control method greatly increases the cost of the digital television receiving device, increases waste of resources, and is disadvantageous for The popularity and promotion of digital TV.
- the object of the present invention is to solve the defects in the safety, cost and versatility of the existing conditional access system, and to provide a high-security, low-cost, and highly versatile digital television conditional receiving system and a processing flow thereof.
- a digital television conditional receiving system comprising an authentication module, a conditional receiving front end module, and a receiving end module, wherein: the authentication module and the receiving end module communicate bidirectionally, and the receiving end module is authenticated to generate a unique receiving end ID number and authentication information. And registering related information of the receiving end module to the authentication database; the conditional receiving front end module and the authentication database bidirectionally communicate, and calling the information of the receiving end in the authentication database to complete the encryption processing of the authorization management information belonging to the receiving end, and
- the conditional receiving front-end module further includes a corresponding authorization control information generator, and the module is also connected to the external downloading end; the receiving end module utilizes the ID number and the authentication information generated during the authentication process. Complete the reception of the security condition of the scrambled program.
- the authentication module includes a receiving end main chip, a security chip, and a storage chip, which cooperate with a database, and each chip has a unique identifier, and the storage chip, the security chip and the main chip have a write-only one and cannot be erased.
- the data area is provided with a ROM containing such a data area in the main chip; the hardware of the receiving end has a unique ID number and authentication information and cannot be copied.
- the conditional receiving front end includes a scrambler, an authorization control information ECM generator, an authorization management information generator, a user management system SMS, the scrambler receives audio, video, and data information, and processes the output; the scrambler receives the authorization control information ECM The generator, the authorization information of the management information generator, and outputted together with the received audio, video, and data information; the user management system SMS controls the authorization management information EMM generator, and communicates with the database in two directions; the database and the authorization management information E Paint generator two-way communication.
- the receiving end module includes a demultiplexing module, a CPU, a descrambler, a playing module, a descrambling control module, and a storage module; wherein the demultiplexing module receives the encrypted transport stream, and obtains two pieces of data information, all of which are already scrambled.
- the audio and video data stream is sent to the descrambler through the data channel to prepare for descrambling; the other is the authorization control information ECM and the authorization management information EMM, and the CPU sends the processed authorization control information ECM and the authorization management information EMM to the descrambling control module.
- the descrambling control module outputs descrambling
- the control word is sent to the descrambler, and the descrambler uses the control word to solve the audio and video data stream, and outputs it to the playing module to complete the playing of the audio and video data stream.
- the digital television conditional receiving system can conveniently implement the update of the conditional receiving system algorithm used by the receiving end module and the conditional receiving front end module, and the security of the conditional receiving system can be improved by periodically updating the conditional receiving system algorithm.
- a processing flow of a digital television conditional access system the steps of which are
- a Certification process It is used to perform system authentication on the receiving end when the receiving end is produced, complete the matching between the hardware of the receiving end part and register the effective information; mainly includes the following steps:
- the main chip and the security chip are processed by certain algorithms. Pairing, and recording each other's related information and common information; the main chip and the memory chip are paired by a certain algorithm, and each other's related information and common information are recorded; the security chip and the memory chip pass a certain The algorithm pairs and records each other's related information and common information; the receiving end transmits the information to the authentication server, the authentication server verifies the data according to a certain rule, and the verification passes the data to the receiving end authentication database.
- the identification number is used as the basis for conditional receiving and addressing
- the anti-counterfeiting code is used as a basis for verifying the authenticity of the machine
- Conditional receiving front-end process After receiving the operator command, the user management system SMS queries the receiving end's identification number in the receiving end authentication database, and after confirming the existence, transmits the command information to the conditional receiving front-end module, and the conditional receiving front-end module authenticates according to the receiving end.
- the information in the receiving end of the database to generate certain data through a certain algorithm, as a part of the key to generate EMM data by encryption;
- EMMG encrypts the EMM and enters the digital TV network through the scrambler, etc., and the ECM is also sent through the same front end. ;
- Conditional receiving terminal flow The digital signal is demultiplexed by the receiving end to generate two channels of data, one channel of the scrambled audio and video data is directly transmitted to the descrambler; the other channel is the authorization control information and the authorization management information, wherein The authorization control information filters out valid information in the memory and decrypts the authorization and other information.
- Conditional receiving system algorithm update process used to update the currently used conditional receiving system algorithm when the currently used conditional receiving system algorithm is cracked or needs to improve the conditional receiving system security, mainly comprising the following steps:
- Conditional receiving front end module The new conditional access system algorithm is sent to the digital television network through a multiplexer, a scrambler, a modulator, etc., and the receiving end module receives a new conditional access system algorithm from the digital television network; the conditional receiving front end module uses a new one.
- the conditional access system algorithm updates the old conditional access system algorithm being used.
- the specific step of the step c is: the receiving end first completes the verification of the matching information between the main chip and the security chip, the main chip and the memory chip, the security chip and the storage chip, and if the verification fails, the work is refused; the verification succeeds, Then, the valid EMM is filtered according to the identification number of the receiving end; then the receiving end calculates the decryption key of the EMM according to the matched information, etc.; decrypts the EMM data, performs corresponding processing, and obtains the authorization and key for decrypting the ECM, and then decrypts the license.
- the ECM obtains the CW and transmits it to the descrambler.
- the descrambler descrambles the audio and video data according to the CW, and transmits the descrambled audio and video data to the playback module to start playing.
- the receiving end module does not use the new conditional access system algorithm to update the conditional receiving system algorithm being used, but a new conditional receiving system algorithm.
- the receiving end Preserved at the receiving end, the receiving end has two conditional receiving system algorithms at the same time; the receiving end receives the version information of the conditional receiving system algorithm used by the front end module according to the condition, and selects the conditional receiving system matched by the two conditional receiving system algorithms at the receiving end
- the algorithm performs conditional reception of the scrambled digital audio and video data.
- the legality verification of the receiving end module is performed to ensure that the illegal receiving module cannot use the new strip receiving algorithm.
- the problem to be solved by the present invention is to solve the inherent security risks of the traditional CA under the premise of complying with the DVB protocol, and has strong versatility. Without using a smart card, the security of the CA system is improved, and the CA module and the application program are merged to form a module. The CA algorithm and the CA module are not used as separate modules, and no information related to the CW is obtained outside the receiving end. Thereby ensuring that CW will not be Obtained, guaranteed security. At the same time, the invention saves the smart card interface circuit, the smart card reader and the special smart card on the receiving end hardware, saves the cumbersome operation of the smart card in the software, simplifies the CA program, thereby greatly reducing the cost of the receiving end.
- the invention does not use the smart card at the receiving end, first saves the smart card interface circuit, the smart card reader and the special smart card on the hardware, saves the cumbersome operation of the smart card in the software, simplifies the CA program, thereby greatly reducing the receiving
- the present invention fully considers the security of the system from the front end to the terminal, and fundamentally solves the vulnerability of the CW leak point 1; since the function of the CA part and the program of the entire receiving end are unified as a whole, the present is not found.
- the invention also makes the CW leak point 3
- the difficulty from the difficulty of cracking the CA module to the difficulty of cracking the entire receiving program, makes such work almost no commercial value in a certain period of time. Since the current chip almost supports the download execution of the code, the conditional receiving system encryption algorithm can be updated by conditionally receiving the dynamic code sent by the front end update. When the update time is maintained for a short period of time, so that the time is shorter than the time when the algorithm is cracked, the cracking of the encryption algorithm loses its meaning, which further increases the security of the conditional access system.
- the receiving part of the receiving end can be downloaded and executed, in different regions, for different digital television operators, the receiving end of the same hardware and software condition can download and execute different condition receiving parts, thereby increasing the receiving end and the conditional receiving.
- the invention has the beneficial effects of solving the defects of low safety, high cost and poor versatility of the existing conditional receiving system, and provides a digital television condition with high safety, low cost, good versatility, simplified structure and convenient use.
- FIG. 1 is a schematic diagram of a security vulnerability of a conditional access system using a smart card
- FIG. 3 is a flow chart of the authentication part of the present invention.
- Figure 5 is a flow chart of the receiving end of the present invention.
- Figure 6 is a detailed flow chart of the conditional access processing section of the present invention.
- the 2 is a general flow chart of the conditional access system according to the present invention.
- the system requires the cooperation of the authentication module 3, the conditional receiving front end module 2, and the receiving end module 4 to jointly perform the condition receiving function.
- the authentication module 3 and the receiving end module 4 communicate bidirectionally, authenticate the receiving end module 4, generate a unique receiving end ID number and authentication information (A1-A2), and register the relevant information of the receiving end module 4 to the authentication.
- the database 1 (A3); the conditional receiving front end module 2 communicates with the authentication database 1 in two directions, and retrieves the information of the receiving end in the authentication database 1 to complete the encryption processing ( ⁇ -A2') of the authorization management information belonging to the receiving end, and The corresponding receiving mode is sent to the receiving end module 4 ( ⁇ 3'), and the conditional receiving front end module 2 further includes a corresponding authorization control information ECM generator; the receiving end module 4 uses the ID number and the authentication information generated during the authentication process. And the receiving end software completes the security condition receiving of the scrambled program data, and the receiving end module can also implement the update of the conditional receiving system algorithm ( ⁇ ') by using the conditional receiving front end module.
- Figure 3 is a flow chart of the authentication portion of the present invention.
- the main chip 5 and the memory chip 7 are paired by a certain algorithm, and the related information and common information of the other party (B1, B7) are recorded with each other; the main chip 5 and the security chip 6 are paired by a certain algorithm. And record each other's related information and common information (B2, B8); the security chip 6 and the memory chip 7 are paired by a certain algorithm, and each other's related information and common information are recorded (Bl, B2)
- the receiving end transmits the information to the authentication server ( ⁇ 3), the authentication server verifies the data according to a certain rule, and the verification passes the data.
- the identification number and security code are encrypted and stored in the memory chip 7 and the security chip 6 (B7, B8), where the identification number is used as the basis for conditional access addressing, and the security code serves as the basis for verifying the authenticity of the machine.
- FIG 4 is a flow chart of the conditional access front end portion 2 of the present invention.
- the user management system 11 queries the receiving end identification number (C21) of the receiving end authentication database 1 and, after confirming the existence, transmits the command information to the conditional receiving front end module 2 (C22), and the conditional receiving front end module 2
- a certain algorithm generates a certain data as a part of the key for generating the EMM data by encryption (C23);
- the authorization management information generator 10 encrypts and generates the EMM and together with the audio and video data (C1)
- the ECM generated by the authorization control information ECM generator 9 is also sent through the same front end (C3) by entering the digital television network (C4) through the scrambler 8 or the like.
- FIG. 5 is a flow chart of the entirety of the receiving end of the present invention.
- the digital signal (DO) is demultiplexed by the receiving end to generate a two-way number data, and the audio and video data scrambled by the scrambler 8 is directly transmitted to the descrambling control module 16 (D1) ; the other data is transmitted.
- the authorization control information ECM and the authorization management information E ⁇ 1 they are sent to the CPU 14, and the CPU 14 is connected to the memory chip 7 and the security chip 6, and filters out valid authorization control information and decrypts the authorization information (D2-D5). ).
- the decrypted licensed ECM Upon obtaining the authorization and key for decrypting the ECM, the decrypted licensed ECM obtains the CW and transmits it to the descrambler 12 (D6), and the descrambler 12 descrambles the audio and video data according to the CW, and transmits the descrambled audio and video data to The playback module 15 starts playing (D7-D8).
- FIG. 6 is a detailed flow chart of the conditional access processing section of the present invention. This part is mainly responsible for filtering out valid authorization control information in the storage module 17 and decrypting the authorization and other information.
- the steps are as follows:
- the CPU 14 performs bidirectional communication with the storage module 17, the security chip 6, and the storage chip 7, respectively, and first completes matching information between the main chip 5 and the security chip 6, the main chip 5 and the memory chip 7, and the security chip 6 and the main chip 5.
- Verification E1-E2
- E3 is filtered according to the identification number of the receiving end; then the receiving end calculates the decryption of the EMM according to the matched information and the like.
- Key (E4); Decrypt the EMM data and perform corresponding processing according to the decrypted result (E5).
- Authentication process It is used for system authentication of the receiving end when the receiving end is produced, completes the matching between the hardware of the receiving end part and the registration of valid information; mainly includes the following steps: a certain algorithm is adopted between the main chip and the security chip. Pairing, and recording each other's related information and common information; the main chip and the memory chip are paired by a certain algorithm, and each other's related information and common information are recorded; the security chip and the memory chip pass through a certain The algorithm pairs and records each other's related information and common information; the receiving end transmits the information to the authentication server, the authentication server verifies the data according to a certain rule, and the verification passes the data to the receiving end authentication database. And assigning a unique identification number ID and security code to the receiving end, the identification number is used as a basis for conditional access addressing, and the security code is used as a basis for verifying the authenticity of the machine;
- Conditional receiving front-end process After receiving the operator command, the user management system SMS queries the receiving end's identification number in the receiving end authentication database, and after confirming the existence, transmits the command information to the conditional receiving front-end module, and the conditional receiving front-end module authenticates according to the receiving end.
- the information in the receiving end of the database to generate certain data through a certain algorithm, as a part of the key to generate EMM data by encryption;
- EMMG encrypts the EMM and enters the digital TV network through the scrambler, etc., and the ECM is also sent through the same front end. ;
- Conditional receiving terminal flow The digital signal is demultiplexed by the receiving end to generate two channels of data, one channel of the scrambled audio and video data is directly transmitted to the descrambler; the other channel is the authorization control information and the authorization management information, wherein The authorization control information filters out valid information in the memory and decrypts the authorization and other information.
- Conditional receiving system algorithm update process used to update the currently used conditional receiving system algorithm when the currently used conditional receiving system algorithm is cracked or needs to improve the conditional receiving system security, mainly comprising the following steps:
- Conditional receiving front end module The new conditional access system algorithm is sent to the digital television network through a multiplexer, a scrambler, a modulator, etc., and the receiving end module receives a new conditional access system algorithm from the digital television network; the conditional receiving front end module uses a new one.
- the conditional access system algorithm updates the old conditional access system algorithm being used.
- the specific step of the process c is that the receiving end first completes the verification of the matching information between the main chip and the security chip, the main chip and the storage chip, the security chip and the storage chip, and if the verification fails, the work is refused; the verification succeeds.
- the identification number of the terminal filters out the valid EMM; then the receiving end calculates the decryption key of the EMM according to the matched information, etc.; decrypts the EMM data, performs corresponding processing, and obtains the authorization and key for decrypting the ECM, and then decrypts the licensed ECM to obtain
- the CW is transmitted to the descrambler, and the descrambler descrambles the audio and video data according to the CW, and transmits the descrambled audio and video data to the play module to start playing.
- the receiving end module After receiving the new conditional access system algorithm from the digital television network, the receiving end module does not use the new conditional receiving system algorithm to update the conditional receiving system algorithm being used, but a new conditional receiving system algorithm.
- the receiving end Preserved at the receiving end, the receiving end has two conditional receiving system algorithms at the same time; the receiving end receives the version information of the conditional receiving system algorithm used by the front end module according to the condition, and selects the conditional receiving system matched by the two conditional receiving system algorithms at the receiving end The algorithm performs conditional reception of the scrambled digital audio and video data.
- the receiving end module is legally verified to ensure that the illegal receiving end module cannot use the new conditional receiving algorithm.
- conditional access system algorithm described in the present invention may be all algorithms that meet the requirements of the conditional access system algorithm in the DVB Organizational Conditional Access System Specification.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Graphics (AREA)
- Computing Systems (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Storage Device Security (AREA)
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2010128440/08A RU2477923C2 (ru) | 2008-01-03 | 2008-12-31 | Система условного доступа для цифрового телевидения и способ использования |
JP2010541003A JP5417574B2 (ja) | 2008-01-03 | 2008-12-31 | デジタルテレビ限定受信システム及び処理手順 |
BRPI0821865-0A BRPI0821865B1 (pt) | 2008-01-03 | 2008-12-31 | sistema de acesso condicionado a tv digital e procedimento de manuseio relacionado |
EP08871850A EP2239944A4 (en) | 2008-01-03 | 2008-12-31 | DIGITAL TELEVISION CONDITIONAL ACCESS SYSTEM AND METHOD FOR MANAGING THE SAME |
KR1020107014541A KR101449478B1 (ko) | 2008-01-03 | 2008-12-31 | 디지털 텔레비전 제한수신시스템 및 그 수신방법 |
US12/827,050 US8619983B2 (en) | 2008-01-03 | 2010-06-30 | Digital TV conditional access system and method of using the same for transmitting and receiving digital data |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810013701.3 | 2008-01-03 | ||
CNB2008100137013A CN100562098C (zh) | 2008-01-03 | 2008-01-03 | 数字电视条件接收系统及其处理流程 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/827,050 Continuation US8619983B2 (en) | 2008-01-03 | 2010-06-30 | Digital TV conditional access system and method of using the same for transmitting and receiving digital data |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009094851A1 true WO2009094851A1 (fr) | 2009-08-06 |
Family
ID=39632153
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2008/002145 WO2009094851A1 (fr) | 2008-01-03 | 2008-12-31 | Système d'accès conditionnel à la télévision numérique et procédé de gestion associé |
Country Status (8)
Country | Link |
---|---|
US (1) | US8619983B2 (zh) |
EP (1) | EP2239944A4 (zh) |
JP (1) | JP5417574B2 (zh) |
KR (1) | KR101449478B1 (zh) |
CN (1) | CN100562098C (zh) |
BR (1) | BRPI0821865B1 (zh) |
RU (1) | RU2477923C2 (zh) |
WO (1) | WO2009094851A1 (zh) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100562098C (zh) | 2008-01-03 | 2009-11-18 | 济南市泰信电子有限责任公司 | 数字电视条件接收系统及其处理流程 |
CN101741561B (zh) * | 2008-11-17 | 2012-06-06 | 联想(北京)有限公司 | 双向硬件认证方法及系统 |
CN101505402B (zh) * | 2009-03-06 | 2012-04-18 | 四川长虹电器股份有限公司 | 单向网络数字电视条件接收系统终端解密模块的认证方法 |
EP2257062A1 (en) * | 2009-05-25 | 2010-12-01 | Nagravision S.A. | Method for providing access control to media services |
CN102164320B (zh) | 2011-04-11 | 2016-06-22 | 北京数字太和科技有限责任公司 | 一种改进的基于条件接收技术的终端 |
CN102665102B (zh) * | 2012-05-09 | 2014-11-05 | 山东泰信电子股份有限公司 | 一种统计数字电视用户数的系统及方法 |
CN103957429B (zh) * | 2012-05-09 | 2017-02-01 | 山东泰信电子有限公司 | 一种统计数字电视用户数的系统的统计方法 |
EP2953370A1 (en) * | 2014-06-05 | 2015-12-09 | Ziggo B.V. | Minimizing input lag in a remote GUI TV application |
CN105337941B (zh) * | 2014-08-04 | 2019-01-15 | 阿里巴巴集团控股有限公司 | 一种设备标识提供方法及装置 |
CN105574041B (zh) | 2014-10-16 | 2020-07-21 | 阿里巴巴集团控股有限公司 | 一种数据重组方法和装置 |
CN105630345B (zh) | 2014-11-06 | 2019-02-19 | 阿里巴巴集团控股有限公司 | 一种控制显示方向的方法和设备 |
CN104866315B (zh) * | 2015-05-29 | 2018-11-09 | 上海亿耀电子有限公司 | 基于TwinCAT平台多键组合通讯控制按键与灯的装置 |
US11310271B2 (en) | 2019-02-20 | 2022-04-19 | Arris Enterprises Llc | Using secure web sockets to extend reach of conditional access systems |
CN114286141B (zh) * | 2022-03-01 | 2022-06-28 | 深圳佳力拓科技有限公司 | 一种实现无卡条件接收的方法及机顶盒 |
KR102615556B1 (ko) * | 2022-11-08 | 2023-12-21 | 펜타시큐리티 주식회사 | 키 관리 서버를 이용한 데이터의 실시간 암복호화 보안 시스템 및 방법 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1549595A (zh) * | 2003-05-09 | 2004-11-24 | 华为技术有限公司 | 一种交互数字广播电视系统的信息传输方法及装置 |
CN101222608A (zh) * | 2008-01-03 | 2008-07-16 | 济南市泰信电子有限责任公司 | 数字电视条件接收系统及其处理流程 |
CN201142735Y (zh) * | 2008-01-03 | 2008-10-29 | 济南市泰信电子有限责任公司 | 数字电视条件接收系统 |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5504816A (en) * | 1994-02-02 | 1996-04-02 | Gi Corporation | Method and apparatus for controlling access to digital signals |
ES2206594T3 (es) * | 1995-10-31 | 2004-05-16 | Koninklijke Philips Electronics N.V. | Acceso condicional desplazado en el tiempo. |
ZA973605B (en) * | 1997-03-21 | 1998-09-10 | Canal Plus Sa | Broadcast and reception system and conditional access system therefor |
EP0968607B1 (en) * | 1997-03-21 | 2003-02-12 | Canal+ Technologies | Smartcard for use with a receiver of encrypted broadcast signals, and receiver |
ID23380A (id) * | 1997-03-21 | 2000-04-20 | Canal & Siciete Anonyme | Metode dan aparatus untuk mencegah akses yang curang dalam sistem akses bersyarat |
JP2000022680A (ja) * | 1998-07-07 | 2000-01-21 | Open Loop:Kk | ディジタルコンテンツ流通方法及びコンテンツを再生可能に記録した記録媒体 |
EP1182874A1 (en) * | 2000-08-24 | 2002-02-27 | Canal+ Technologies Société Anonyme | Digital content protection system |
CN1355654A (zh) * | 2000-11-28 | 2002-06-26 | 北京华诺信息技术有限公司 | 有线电视网的加密系统 |
US7305555B2 (en) * | 2002-03-27 | 2007-12-04 | General Instrument Corporation | Smart card mating protocol |
US20040139312A1 (en) * | 2003-01-14 | 2004-07-15 | General Instrument Corporation | Categorization of host security levels based on functionality implemented inside secure hardware |
JP3889004B2 (ja) * | 2003-01-27 | 2007-03-07 | 松下電器産業株式会社 | デジタルコンテンツ配信システム |
US20050066355A1 (en) | 2003-09-19 | 2005-03-24 | International Business Machines Corporation | System and method for satellite broadcasting and receiving encrypted television data signals |
CN1607831A (zh) * | 2003-10-13 | 2005-04-20 | 成都润网科技有限公司 | 双向实时认证数字电视条件接收系统 |
JP2007323553A (ja) * | 2006-06-05 | 2007-12-13 | Hitachi Ltd | ネットワーク上の暗号化通信を行うアダプタ装置及びicカード |
FR2902585B1 (fr) * | 2006-06-14 | 2008-09-26 | Viaccess Sa | Procedes de diffusion et de reception d'un programme multimedia embrouille, tete de reseau, terminal, recepteur et processeur de securite pour ces procedes |
KR101276842B1 (ko) * | 2007-02-09 | 2013-06-18 | 엘지전자 주식회사 | 방송 신호 송수신 장치 및 방법 |
CN101018320A (zh) * | 2007-02-13 | 2007-08-15 | 中国移动通信集团广东有限公司 | 一种数字电视条件接收系统及其加密方法 |
KR101351022B1 (ko) * | 2007-03-05 | 2014-01-13 | 엘지전자 주식회사 | 방송 신호 송수신 방법 및 방송 신호 수신 장치 |
CN101087402A (zh) * | 2007-03-12 | 2007-12-12 | 深圳清华大学研究院 | 基于ip流的数字电视加密授权系统和方法 |
BRPI0721588B1 (pt) * | 2007-04-20 | 2020-12-01 | Nippon Hoso Kyokai | aparelho de gerenciamento de chave de embaralhamento, aparelho de transmissão de informações de gerenciamento de chave de embaralhamento, método de gerenciamento de produção de chave de embaralhamento e meio de armazenamento |
US8824685B2 (en) * | 2007-10-15 | 2014-09-02 | Sony Corporation | Method for detection of a hacked decoder |
-
2008
- 2008-01-03 CN CNB2008100137013A patent/CN100562098C/zh active Active
- 2008-12-31 EP EP08871850A patent/EP2239944A4/en not_active Ceased
- 2008-12-31 KR KR1020107014541A patent/KR101449478B1/ko active IP Right Grant
- 2008-12-31 BR BRPI0821865-0A patent/BRPI0821865B1/pt active IP Right Grant
- 2008-12-31 JP JP2010541003A patent/JP5417574B2/ja active Active
- 2008-12-31 WO PCT/CN2008/002145 patent/WO2009094851A1/zh active Application Filing
- 2008-12-31 RU RU2010128440/08A patent/RU2477923C2/ru active
-
2010
- 2010-06-30 US US12/827,050 patent/US8619983B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1549595A (zh) * | 2003-05-09 | 2004-11-24 | 华为技术有限公司 | 一种交互数字广播电视系统的信息传输方法及装置 |
CN101222608A (zh) * | 2008-01-03 | 2008-07-16 | 济南市泰信电子有限责任公司 | 数字电视条件接收系统及其处理流程 |
CN201142735Y (zh) * | 2008-01-03 | 2008-10-29 | 济南市泰信电子有限责任公司 | 数字电视条件接收系统 |
Also Published As
Publication number | Publication date |
---|---|
JP5417574B2 (ja) | 2014-02-19 |
KR20100100929A (ko) | 2010-09-15 |
EP2239944A1 (en) | 2010-10-13 |
BRPI0821865A2 (pt) | 2015-06-16 |
RU2477923C2 (ru) | 2013-03-20 |
US8619983B2 (en) | 2013-12-31 |
RU2010128440A (ru) | 2012-02-10 |
CN100562098C (zh) | 2009-11-18 |
US20100266123A1 (en) | 2010-10-21 |
EP2239944A4 (en) | 2011-06-01 |
BRPI0821865B1 (pt) | 2020-10-27 |
KR101449478B1 (ko) | 2014-10-15 |
JP2011510532A (ja) | 2011-03-31 |
CN101222608A (zh) | 2008-07-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009094851A1 (fr) | Système d'accès conditionnel à la télévision numérique et procédé de gestion associé | |
US9479825B2 (en) | Terminal based on conditional access technology | |
CA2622505C (en) | Method for verifying a target device connected to a master device | |
CN101902611B (zh) | 一种iptv数字版权保护的实现方法 | |
KR101406350B1 (ko) | 클라이언트 도메인 내에서의 디지털 콘텐츠의 이용을관리하기 위한 방법 및 이 방법을 실행하는 디바이스 | |
CA2977970C (en) | Pc secure video path | |
US20150326563A1 (en) | Provisioning drm credentials on a client device using an update server | |
ZA200304024B (en) | Method of secure transmission of digital data from a source to a receiver. | |
CN103748890B (zh) | 接收机软件保护 | |
JP2004362547A (ja) | スマートカードを用いた装置認証によりホームドメインを構成する方法、及びホームドメインを構成するためのスマートカード | |
CN103237010B (zh) | 以加密方式提供数字内容的服务器端 | |
WO2017092687A1 (zh) | 一种支持数字版权管理(drm)的媒体网关/终端实现方法及其设备 | |
CN103237011B (zh) | 数字内容加密传送方法以及服务器端 | |
CN101018317A (zh) | 一种虚拟智能卡安全认证方法及系统 | |
CN111988640A (zh) | 一种基于原始视频数据变换加密的内容版权保护的方法 | |
KR100978162B1 (ko) | 도메스틱 디지털 네트워크 키의 유효성 인증 방법 | |
KR100194790B1 (ko) | 조건부 제한수신 시스템 및 그를 이용한 조건부 제한수신서비스처리방법 | |
WO2006042467A1 (en) | A processing method in accessing catv signal | |
US10521564B2 (en) | Operating a device for forwarding protected content to a client unit | |
CN201142735Y (zh) | 数字电视条件接收系统 | |
JP5400564B2 (ja) | 受信装置及びコンテンツの再暗号化方法 | |
KR20120072030A (ko) | 원격인증을 수행하는 시스템 및 방법 | |
US20100235626A1 (en) | Apparatus and method for mutual authentication in downloadable conditional access system | |
KR20030003080A (ko) | 조건부-액세스 모듈 장치, 수신 단말 장치, 및 방법 | |
KR102286784B1 (ko) | Uhd 방송 콘텐츠 보안 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08871850 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 20107014541 Country of ref document: KR Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2008871850 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010541003 Country of ref document: JP Ref document number: 2008871850 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 4129/CHENP/2010 Country of ref document: IN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010128440 Country of ref document: RU |
|
ENP | Entry into the national phase |
Ref document number: PI0821865 Country of ref document: BR Kind code of ref document: A2 Effective date: 20100630 |