WO2011160350A1 - Procédé et appareil de mise à jour de clés dans un système de diffusion multimédia - Google Patents

Procédé et appareil de mise à jour de clés dans un système de diffusion multimédia Download PDF

Info

Publication number
WO2011160350A1
WO2011160350A1 PCT/CN2010/077362 CN2010077362W WO2011160350A1 WO 2011160350 A1 WO2011160350 A1 WO 2011160350A1 CN 2010077362 W CN2010077362 W CN 2010077362W WO 2011160350 A1 WO2011160350 A1 WO 2011160350A1
Authority
WO
WIPO (PCT)
Prior art keywords
package
key
service
identifier
message
Prior art date
Application number
PCT/CN2010/077362
Other languages
English (en)
Chinese (zh)
Inventor
朱姗姗
王晔
孙雷
张浩军
陈林锋
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011160350A1 publication Critical patent/WO2011160350A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • H04L65/611Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for multicast or broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to a key update technique, and in particular, to a method and apparatus for key update in a multimedia broadcast system. Background technique
  • the multimedia broadcast service management system namely the Mobile Broadcast Business Management System (MBBMS)
  • MBBMS Mobile Broadcast Business Management System
  • MBBMS not only enables the use of broadcast-based video streams on mobile phones to become as popular as TV, but also becomes operational and manageable.
  • Key management is one of the main management functions of the MBBMS system.
  • the third generation Partnership Projects (3GPP) method is adopted, that is, key push is performed one by one for each updated channel.
  • 3GPP Third Generation Partnership Projects
  • the MBBMS itself is a triple play service, and the process of key acquisition has been very long. If the key is pushed for each channel according to the existing method, the interaction between the systems will be quite frequent. The key is updated periodically every month. As the number of users and the number of channels increase, it will inevitably result in the network channel being blocked due to congestion in the key push process, and eventually the user cannot watch the mobile TV.
  • the above problems are mainly caused by the subscription mode of mobile TV services.
  • Users subscribe to the service according to the package.
  • the package can contain one channel or multiple channels. From the perspective of operating models, multi-channel packages will be the mainstream now and in the future, both domestically and internationally.
  • the key update of each month requires multiple push processes, and the terminal needs to initiate multiple key request processes, resulting in waste of resources. Summary of the invention
  • An object of the present invention is to provide a key update method and apparatus in a multimedia broadcast system, which can effectively reduce the number of key pushes.
  • a method for updating a key in a multimedia broadcast system includes the following steps: A.
  • a terminal generates a corresponding service key request message according to an identifier of a subscription package, and sends the message to the NAF via a WAP gateway.
  • the NAF encapsulates the service key of all services in the package in a key package according to the package identifier in the message, and sends the service key to the terminal via the WAP gateway.
  • Carrying the service key message of the key package; and C the terminal parsing the received service key message, obtaining the service key and writing itself.
  • the method before the step A, further includes: after the terminal subscribes to the package, the NAF allocates a package identifier to the terminal, and sends the package identifier to the terminal.
  • the method further includes: the NAF updating its own service key, and sending a service key update notification message with the package identifier to the terminal via the short message gateway and the short message center.
  • the NAF after updating the service key of the NAF, the NAF checks and caches the package subscription information of the user terminal, and the package subscription information of the user terminal includes the package identifier.
  • the NAF stores a package identifier of each package, a correspondence between a service identifier and a package identifier of all services included in each package, and a service key corresponding to the service included in each package, and the NAF is dense according to the service.
  • the key request message encapsulates the service key of all services in the package in a key package.
  • the NAF encapsulates the service key of all the services in the package in the key package according to the service key request message, specifically: the NAF according to the received service key request message.
  • the package identifier the service identifier of all the services included in the corresponding package and the service key corresponding to each service identifier are queried, and all the service keys queried are encapsulated in one
  • the package identifier is an identifier corresponding to a single package
  • the service identifier is an identifier corresponding to a service
  • a service corresponds to a service key.
  • a key update apparatus in a multimedia broadcast system including: a receiving module, configured to receive a service key request message that is sent by a terminal and includes a package identifier of the terminal subscription package; a module, configured to encapsulate, according to the package identifier in the service key request message received by the receiving module, a service key of all services in the package in a key package; and, a sending module, configured to send the The encapsulating module has a packaged key package for the terminal to update the service key.
  • the device further includes: a key update module, configured to update the service key of the NAF, and send a service key update notification message with the package identifier to the terminal via the short message gateway and the short message center.
  • a key update module configured to update the service key of the NAF, and send a service key update notification message with the package identifier to the terminal via the short message gateway and the short message center.
  • the terminal is configured to: after receiving the service key update notification message with the package identifier, generate a corresponding service key request message according to the package identifier, and send the message to the receiving module via the WAP gateway. Send the message.
  • the present invention pushes the updated key according to the package, and the pressure of pushing the key increases only as the number of packages and the number of users increases, and there is no direct relationship with the number of services. Because the number of packages is much smaller than the number of services, the number of service key pushes can be greatly reduced, bandwidth resources can be saved, system pressure can be reduced, and system efficiency can be effectively improved.
  • FIG. 1 is a flowchart of a method for updating a key in a multimedia broadcast system according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram showing a logical structure of a key update device in a multimedia broadcast system according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a multimedia broadcast system networking according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a service key update process according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of pushing a key according to a package identifier according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flowchart of a method for updating a key in a multimedia broadcast system according to an embodiment of the present invention, as shown in FIG. 1:
  • Step S101 The terminal generates a corresponding service key request message according to the identifier of the subscription package, and sends the message to a network application function (NAF, Network Application Function) via a Wireless Application Protocol (WAP) gateway.
  • NAF Network Application Function
  • WAP Wireless Application Protocol
  • the NAF first updates its own service key and notifies the terminal to perform service key update. After that, the terminal sends a service key request message to the NAF.
  • the NAF periodically updates the key, queries the database for information about the package and the service, and when the service key is pushed, checks the subscription status of the user terminal and caches the package subscription information of the user terminal.
  • the package subscription information of the terminal includes a package identifier, and the NAF sends a service key update notification message (Notify) for notifying the terminal to update the service key according to the package subscription information of the user terminal, where the service key update notification message is carried.
  • a package identifier There is a package identifier, and the SMS gateway and the short message center receive the Notify message and forward it to the terminal, and return a response message to the NAF.
  • the terminal After receiving the Notify message, the terminal generates a corresponding service key request message according to the package identifier and sends the message to the NAF via the WAP gateway.
  • the terminal may initiate the update of the key by itself.
  • the NAF allocates a corresponding package identifier to the terminal and sends the corresponding package identifier to the terminal.
  • the terminal can generate a corresponding service key request message according to the package identifier allocated by the NAF, and send the message to the NAF.
  • Step S102 after receiving the service key request message, the NAF encapsulates the service key of all services in the package in a key package according to the package identifier in the message, and sends the service key through the WAP network.
  • the off terminal sends a service key message carrying the key package.
  • the NAF After receiving the key request message, the NAF queries the service identifiers of all the services included in the package according to the package identifier, and then queries the corresponding service key according to each service identifier, and encapsulates the service keys in one.
  • a service key message carrying the encapsulated key package is then sent to the terminal via the WAP gateway.
  • the NAF stores in advance the package identification of each package, the correspondence between the service identification of all the services included in each package, and the package identification, and the service key corresponding to the service included in each package.
  • the package identifier is an identifier corresponding to only one package
  • the service identifier is an identifier corresponding to only one service
  • one service corresponds to one service key.
  • Step S103 The terminal parses the received service key message, obtains the service key, and writes it into itself.
  • FIG. 2 is a diagram showing the logical structure of a key update apparatus in a multimedia broadcast system according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes:
  • the receiving module is configured to receive a service key request message that is sent by the terminal and includes a package identifier of the terminal subscription package.
  • the encapsulating module is configured to encapsulate the service key of all services in the package in a key package according to the package identifier in the service key request message received by the receiving module.
  • a sending module configured to send the encapsulated key package of the encapsulating module, for the terminal to update the service key.
  • FIG. 3 is a schematic diagram of a network structure of a multimedia broadcast system according to an embodiment of the present invention.
  • the system includes a service processing module NAF, a short message gateway, a short message center, a WAP gateway, and a terminal, where the short message center is set in the office.
  • the NAF accesses the mobile communication network through the short message gateway and the WAP gateway, and the terminal is wirelessly connected with the mobile communication network.
  • the NAF includes a service control unit and a service key management unit, where the service control unit is mainly used to check the user set.
  • the service key management unit includes the above-mentioned receiving module, encapsulating module and sending module, and is mainly used for updating and managing the service key.
  • the terminal includes a card, and the card here mainly refers to a SIM card, which is used for saving, acquiring, and updating the service key of the terminal user.
  • FIG. 4 shows a process of updating a service key according to an embodiment of the present invention.
  • the service key update process of the NAF may specifically include the following steps:
  • Step 1 The NAF updates the service key at a specified time each month, and initiates a business key update process at a specified time.
  • Step 2 The NAF checks the subscription status of the user terminal, and the package subscription relationship of the user terminal, and caches the package subscription information of the user terminal.
  • the NAF checks whether the package subscribed by the user terminal is legal, and/or whether the subscription relationship of the ordered package is legal, and/or whether the subscription period of the ordered package expires, and the package ordered by the user terminal, and the subscription thereof
  • the relationship is saved, and information such as the package identifier and the order period of the package ordered by the user terminal is saved.
  • Step 3 The NAF sends a service key update notification message to the short message gateway according to the subscription status of the user terminal and the information of the package ordered by the user terminal.
  • Step 4 The SMS gateway returns a response message to the NAF.
  • Step 5 The short message gateway forwards the service key update notification message to the short message center.
  • Step 6 The SMS center returns a response message to the SMS gateway.
  • Step 7 The short message center forwards the service key update notification message to the terminal.
  • Step 8 After receiving the service key update notification message, the terminal initiates a service key request message to the WAP gateway of the access location according to the meal identifier in the message.
  • Step 9 The WAP gateway forwards the service key request message to the NAF.
  • Step 10 The NAF queries the service identifier of all the services in the corresponding package according to the package identifier carried in the service key request message, and then the service corresponding to the queried service identifier is dense.
  • the key is encapsulated into a service key message packet.
  • Step 11 The NAF sends the service key message packet to the WAP gateway accessed by the user.
  • Step 12 The WAP gateway sends the service key message packet to the terminal, and the terminal parses the service key message packet, and writes the service key into the card.
  • FIG. 5 shows a flow of pushing a key according to a package identifier according to an embodiment of the present invention.
  • the process of pushing a key according to the package identifier may specifically include the following steps:
  • Step S501 The NAF periodically updates the service key periodically, and the NAF saves the package identifier, the service key of all services included in each package, and the service identifier of all services included in each package in the database;
  • Step S502 The NAF performs the service key push every month. At this time, the NAF checks the subscription status of the user terminal, and caches the package subscription information of the user terminal.
  • Step S503 The NAF sends a service key update notification message to the terminal according to the subscription information of the user terminal.
  • Step S504 After receiving the service key update notification message sent by the NAF, the terminal uses the package identifier to initiate a service key request message to the NAF.
  • Step S505 The NAF queries, according to the package identifier carried in the service key request message, the service identifier of all services included in the corresponding package.
  • Step S506 After querying the service key corresponding to the service identifier, the NAF encapsulates the queried service key in a key package.
  • Step S507 The NAF sends a service key message to the terminal, where the message carries the encapsulated key package.
  • Step S508 the terminal receives the service key message sent by the NAF, and parses the service key into its own card after parsing, and the current process ends.
  • the present invention changes the original mode of pushing a key by channel, and instead pushes a new key according to the package identifier, and solves the problem of updating each month.
  • Pushing a new key based on the package the push pressure will only increase with the number of packages and the number of users, and is not directly related to the number of services. Since the number of packages is much smaller than the number of services, the present invention can greatly reduce the number of service key pushes, save bandwidth resources, reduce system pressure, and effectively improve system efficiency.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé et un appareil de mise à jour de clés dans un système de diffusion multimédia, le procédé comprenant les étapes suivantes : un terminal génère, en fonction d'un identifiant d'un forfait d'abonnement, un message de demande de clés de service correspondant et transmet le message à une fonction d'applications réseau (NAF) au moyen d'une passerelle à protocole d'applications sans fil (WAP); dès réception du message de demande de clés de service, le NAF encapsule dans un paquet de clés, en fonction de l'identifiant du forfait d'abonnement dans le message, les clés de service de l'ensemble des services du forfait d'abonnement, et transmet au terminal un message de clés de service contenant le paquet de clés au moyen de la passerelle WAP; le terminal procède à l'analyse syntaxique du message de clés de service reçu, extrait les clés de service et les enregistre. L'invention permet la diffusion de clés mises à jour en fonction des forfaits d'abonnement. La charge de traitement liée à la diffusion des clés dépend donc uniquement du nombre de forfaits et du nombre d'abonnés indépendamment du nombre de services, ce qui permet de réduire sensiblement le nombre de diffusions des clés de service et de réaliser des économies de ressources en bande passante.
PCT/CN2010/077362 2010-06-25 2010-09-27 Procédé et appareil de mise à jour de clés dans un système de diffusion multimédia WO2011160350A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010209700.3 2010-06-25
CN201010209700.3A CN102300154B (zh) 2010-06-25 2010-06-25 一种多媒体广播系统中密钥更新的方法及装置

Publications (1)

Publication Number Publication Date
WO2011160350A1 true WO2011160350A1 (fr) 2011-12-29

Family

ID=45360256

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/077362 WO2011160350A1 (fr) 2010-06-25 2010-09-27 Procédé et appareil de mise à jour de clés dans un système de diffusion multimédia

Country Status (2)

Country Link
CN (1) CN102300154B (fr)
WO (1) WO2011160350A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102595216B (zh) * 2012-01-19 2015-06-10 中兴通讯股份有限公司 一种实现密钥获取的方法和系统
CN112508576A (zh) * 2021-02-04 2021-03-16 腾讯科技(深圳)有限公司 基于区块链的密钥管理方法、系统及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6084969A (en) * 1997-12-31 2000-07-04 V-One Corporation Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network
CN101009553A (zh) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 实现多网融合移动多媒体广播系统密钥安全的方法和系统
CN101047956A (zh) * 2006-03-30 2007-10-03 华为技术有限公司 一种多媒体广播业务系统及方法
CN101141246A (zh) * 2006-09-05 2008-03-12 华为技术有限公司 一种业务密钥获取方法和一种订阅管理服务器

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6084969A (en) * 1997-12-31 2000-07-04 V-One Corporation Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network
CN101047956A (zh) * 2006-03-30 2007-10-03 华为技术有限公司 一种多媒体广播业务系统及方法
CN101141246A (zh) * 2006-09-05 2008-03-12 华为技术有限公司 一种业务密钥获取方法和一种订阅管理服务器
CN101009553A (zh) * 2006-12-30 2007-08-01 中兴通讯股份有限公司 实现多网融合移动多媒体广播系统密钥安全的方法和系统

Also Published As

Publication number Publication date
CN102300154A (zh) 2011-12-28
CN102300154B (zh) 2015-07-22

Similar Documents

Publication Publication Date Title
US12035205B2 (en) Multicast and broadcast services in 5G networks for IoT applications
US11297660B2 (en) Session management with relaying and charging for indirect connection for internet of things applications in 3GPP network
US9565634B2 (en) Data transmission method, apparatus, and system, network side device, and terminal device
TWI514818B (zh) A method of distributing group messages for machine class communication
CN102761864B (zh) 一种数据传输的方法、系统及设备
US9125003B2 (en) Machine to machine service management device, network device, and method processing service system
WO2011094951A1 (fr) Procédé et équipement de transmission de contenu basés sur un service de diffusion/multidiffusion de contenu multimédia dans des communications entre machines
WO2021204131A1 (fr) Procédé et dispositif de communication pour service de diffusion/multidiffusion
US10440681B2 (en) Resource scheduling method, base station, scheduler, program source server, and system
JP7294523B2 (ja) インタラクティブサービスのためのpc5上での装置間通信における課金
US20150327112A1 (en) Method and system for signaling reduction on radio access networks using targeted intelligence for communication devices
CN104320347B (zh) 一种主动更新lldp的方法及设备
US20110051648A1 (en) Radio communication system, data distribution method, base station, base station control device, and program
WO2016173077A1 (fr) Procédé, appareil et terminal pour une découverte de dispositif dans une communication directe entre terminaux
US20140324952A1 (en) Method and apparatus for network communication
TW201740759A (zh) 資源配置方法、設備及系統
WO2010066168A1 (fr) Système et procédé de mise à jour de relation d'abonnement de terminal de télévision par téléphone mobile
EP2472929A1 (fr) Procédé et système d authentification par relation d ordre et système à accès conditionnel de diffusion multimédia vers les mobiles
WO2011160350A1 (fr) Procédé et appareil de mise à jour de clés dans un système de diffusion multimédia
CN104320399A (zh) 一种服务端自动配置信息的方法
WO2014190839A1 (fr) Procédé pour la transmission d'un message de strate de non accès, station de base, et dispositif de réseau central
WO2014166257A1 (fr) Procédé de traitement de message de déclenchement, appareil et système de communication
CN102625245B (zh) Mbms业务广播方法和系统
CN113420001B (zh) 数据共享方法及边缘计算设备
WO2023155475A1 (fr) Procédé et appareil de mesure de réseau

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10853489

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10853489

Country of ref document: EP

Kind code of ref document: A1