WO2023246585A1 - Authorization control method, apparatus and system, and electronic device and storage medium - Google Patents

Authorization control method, apparatus and system, and electronic device and storage medium Download PDF

Info

Publication number
WO2023246585A1
WO2023246585A1 PCT/CN2023/100174 CN2023100174W WO2023246585A1 WO 2023246585 A1 WO2023246585 A1 WO 2023246585A1 CN 2023100174 W CN2023100174 W CN 2023100174W WO 2023246585 A1 WO2023246585 A1 WO 2023246585A1
Authority
WO
WIPO (PCT)
Prior art keywords
authorization
authorization file
dvb
terminal
file
Prior art date
Application number
PCT/CN2023/100174
Other languages
French (fr)
Chinese (zh)
Inventor
陈志伟
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2023246585A1 publication Critical patent/WO2023246585A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/21Server components or server architectures
    • H04N21/218Source of audio or video content, e.g. local disk arrays
    • H04N21/2187Live feed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/4508Management of client data or end-user data
    • H04N21/4516Management of client data or end-user data involving client characteristics, e.g. Set-Top-Box type, software version or amount of memory available
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/458Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules ; time-related management operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/458Scheduling content for creating a personalised stream, e.g. by combining a locally stored advertisement with an incoming stream; Updating operations, e.g. for OS modules ; time-related management operations
    • H04N21/4586Content update operation triggered locally, e.g. by comparing the version of software modules in a DVB carousel to the version stored locally
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content

Definitions

  • DVB Digital Video Broadcasting
  • the front-end system mainly refers to the information source part of the digital TV network. It is the exchange center for TV program information. It is the core part of the entire digital cable TV system and is generally located in program production departments such as TV stations.
  • the terminal system mainly refers to the information sink of the digital TV network. Part, mainly provided for digital TV users, generally refers to user terminal equipment such as set-top boxes.
  • One-way DVB terminal is a media playback device that complies with DVB standards (DVB-S, DVB-C, DVB-T, DVB-SMATV, DVB-MS and DVB-MC). It uses a one-way content transmission function and the front end sends content , the terminal receives. Due to the one-way nature of content transmission, DVB terminals can only passively receive DVB broadcast data. After the DVB terminal is sold, the DVB terminal manufacturer cannot control the terminal and is very passive in the event of business disputes.
  • DVB standards DVD-S, DVB-C, DVB-T, DVB-SMATV, DVB-MS and DVB-MC.
  • Embodiments of the present disclosure provide an authorization control method, device, electronic device, and storage medium.
  • an authorization control method is provided, which is suitable for one-way digital video broadcasting DVB terminals, including: receiving an encrypted second authorization file; and verifying the second authorization file through a built-in key and decryptor.
  • the authorization file is decrypted, wherein the key and the decryptor are built in the read-only memory ROM of the one-way DVB terminal; and in response to the decryption passing, the one-way DVB terminal is decrypted according to the decrypted second authorization file.
  • the existing first authorization file of the DVB terminal is updated.
  • an authorization control method is also provided, which is suitable for the control end of a one-way digital video broadcasting DVB terminal, including: configuring a second authorization file; and calculating a calibration of the second authorization file.
  • the second authorization file and the verification data are encrypted to obtain an encrypted second authorization file.
  • a first authorization control device suitable for one-way digital video broadcasting DVB terminal.
  • the first authorization control device includes: a receiving module configured to receive an encrypted a second authorization file; a decryption module configured to decrypt the second authorization file through a built-in key and decryptor, wherein the key and decryptor are built into the read-only memory of the one-way DVB terminal in the ROM; and an update module configured to, in response to the decryption pass, update the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file.
  • a second authorization control device suitable for a control end of a one-way digital video broadcasting DVB terminal.
  • the second authorization control device includes: a configuration module configured to configure the first two authorization files; and an encryption module configured to calculate verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
  • an authorization control system including a one-way digital video broadcasting DVB terminal and a control end, where the one-way DVB terminal includes the first authorization control device as described above; The control end includes the second authorization control device as described above.
  • an electronic device includes a memory, a processor, and a computer program stored on the memory and executable on the processor.
  • the computer When the program is executed by the processor, the authorization control method as described in any of the above items is implemented.
  • a storage medium is also provided.
  • a computer program is stored on the storage medium.
  • the authorization control method as described in any one of the above items is implemented.
  • Embodiments of the present disclosure also provide a computer program product containing instructions that, when run on a computer, cause the computer to execute any of the authorization control methods described above.
  • Figure 1 is a hardware structural block diagram of a computer according to an embodiment of the present disclosure
  • Figure 2 is a schematic flow chart of an authorization control method suitable for one-way digital video broadcasting DVB terminals according to an embodiment of the present disclosure
  • Figure 3 is a schematic flow chart of the steps after updating the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file in an embodiment of the present disclosure
  • Figure 4 is a flow chart of an authorization control method suitable for the control end of a one-way digital video broadcast DVB terminal according to an embodiment of the present disclosure
  • Figure 5 is a schematic diagram of the authorization file production process in an implementation scenario of the embodiment of the present disclosure.
  • Figure 6 is a schematic diagram of the sending process of an updated authorization file in an implementation scenario of an embodiment of the present disclosure
  • Figure 8 is a structural block diagram of a first authorization control device suitable for one-way digital video broadcasting DVB terminal according to an embodiment of the present disclosure.
  • Transmission device 106 is used to receive or send data via a network. Examples of the networks described above may include wireless networks provided by the computer's communications provider.
  • the transmission device 106 includes a network adapter (Network Interface Controller, NIC for short), which can be connected to other network devices through a base station to communicate with the Internet.
  • the transmission device 106 may be a radio frequency (Radio Frequency, RF for short) module, which is used to communicate with the Internet wirelessly.
  • NIC Network Interface Controller
  • the authorization control method proposed in the embodiments of the present disclosure is applicable to one-way digital video broadcasting DVB terminals.
  • the one-way digital video broadcasting DVB terminals can be set-top boxes, receiving cards, digital televisions, mobile devices, etc. that transmit one-way content.
  • the terminal manufacturer can also convert the encrypted second authorization file into a code stream of the standard DVB protocol through a DVB code stream converter, and then broadcast the code stream of the DVB standard second authorization file on the front end.
  • the DVB terminal receives the code stream data of the encrypted second authorization file through a cable channel or a satellite channel. Generally, this method is used in scenarios after the DVB terminal is sold.
  • the encrypted second authorization file needs to be decrypted.
  • the decryption method is implemented through a key and decryptor built in the DVB terminal.
  • the key is represented as a piece of data, and the decryptor is represented as an algorithm.
  • the key and the encrypted second authorization file are input into the decryptor.
  • the decryptor verifies the correctness of the key and decrypts the encrypted authorization file to obtain the decryption. explicit authorization document.
  • the key and decryptor are built into the read-only memory ROM of the one-way DVB terminal. The key and decryptor can be directly written into the ROM of the DVB terminal during the production process of the DVB terminal.
  • Step S13 if the decryption is successful, the existing first authorization file of the one-way DVB terminal is updated according to the decrypted second authorization file.
  • Figure 3 is a schematic flow chart of the steps after updating the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file in the embodiment of the present disclosure.
  • the method also includes steps S14 to S16.
  • the authorization file has a validity period. If the specified validity period is exceeded, the authorization file is invalid.
  • the current time can be obtained by installing a clock chip, or by a DVB terminal through wireless or wired broadcasting.
  • the validity time of the second authorization file is the information contained in the authorization file. Decrypt the file to obtain the validity period specified in the authorization file.
  • the current time obtained exceeds the validity time of the authorization file, it means that the authorization file has expired; if the current time does not exceed the validity time of the authorization file, it means that the authorization file has not expired and is still valid.
  • the embodiment of the present disclosure verifies the second authorization file to ensure the integrity and correctness of the authorization file and prevent errors in the transmission process of the authorization file.
  • USB security key also called USB security KEY
  • USB security KEY is a USB interface hardware device with a built-in microcontroller or smart card chip. It has a certain storage space and can store the user's private key and digital certificate, using the USB Key's built-in public key algorithm. Authentication of user identity.
  • FIG. 5 is a schematic diagram of the authorization file production process in an implementation scenario of an embodiment of the present disclosure.
  • the PC tool creates an authorization file and embeds the authorization file into the DVB terminal ROM.
  • the PC tool detects whether the USB interface is connected to the USB security key. If not, it is not allowed to run.
  • Authorization file production process if the USB interface security key is connected and started, use PC tools to configure the authorization file information.
  • the configured authorization file includes terminal identification number, terminal batch information, expiration date, file verification and other information, and then calculate Verify the verification data of the authorization file, encrypt the authorization file through the key and encryptor, obtain the encrypted ciphertext authorization file, and embed the encrypted authorization file into the DVB terminal production ROM, where the encryption key is provided by the terminal Provider-held, encryption algorithms are private and built into PC tools.
  • Figure 7 is a schematic diagram of the control flow of an authorization file in an implementation scenario of an embodiment of the present disclosure.
  • the DVB terminal starts and tries to receive the authorization file. If a new authorization file is found, the data is received. After the authorization file is received, the authorization file is decrypted using the key and decryptor integrated in the terminal, and the decrypted authorization file is Perform verification. If the verification passes, update the existing authorization file in the terminal ROM. If the verification fails, determine whether the authorization file has expired. If the authorization expires, disable the core function of the DVB terminal to watch live content. If the authorization file has not expired, the DVB terminal will run with full functionality. If no new authorization file is found during the step of the DVB terminal trying to receive the authorization file, the step of determining whether the authorization file has expired will be performed. If it has expired, the DVB terminal live broadcast service will be disabled.
  • the method according to the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is Better implementation.
  • the technical solution of the present disclosure can be embodied in the form of a software product in essence or that contributes to related technologies.
  • the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk). ), includes several instructions to cause a terminal device (which can be a mobile phone, computer, server, or network device, etc.) to execute the methods described in various embodiments of the present disclosure.
  • This embodiment also provides a first authorization control device suitable for one-way digital video broadcasting DVB terminals, which is used to implement the above embodiments and optional implementations. What has been described will not be described again.
  • the term "module” may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG 8 is a structural block diagram of a first authorization control device suitable for one-way digital video broadcasting DVB terminals according to an embodiment of the present disclosure.
  • the first authorization control device includes: a receiving module 100 and a decryption module 200 , update module 300.
  • the receiving module 100 is configured to receive the encrypted second authorization file.
  • the decryption module 200 is configured to decrypt the second authorization file through a built-in key and decryptor.
  • the key and decryptor are built into the read-only memory ROM of the one-way DVB terminal.
  • the first authorization control device further includes: an acquisition module configured to obtain the current time and the validity time of the second authorization file; a determination module configured to determine whether the authorization has expired based on the current time and the validity time; and disable The module is configured to disable the live broadcast service of the DVB terminal if the authorization expires.
  • the update module includes: a verification unit configured to extract the verification data of the second authorization file if the decryption is passed, and verify the decrypted second authorization file; and an update subunit configured to if If the verification passes, the existing first authorization file of the one-way DVB terminal is updated according to the second authorization file.
  • FIG 9 is a structural block diagram of a second authorization control device suitable for the control end of a one-way digital video broadcast DVB terminal according to an embodiment of the present disclosure.
  • the second authorization control device includes: a configuration module 400 and an encryption module. Module 500.
  • the encryption module 500 is configured to calculate the verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
  • the second authorization control device further includes: a sending module configured to convert the encrypted second authorization file into DVB protocol code stream data through a DVB code stream converter; and by operating the front-end multiplexer to the DVB The terminal sends code stream data.
  • a sending module configured to convert the encrypted second authorization file into DVB protocol code stream data through a DVB code stream converter; and by operating the front-end multiplexer to the DVB The terminal sends code stream data.
  • the second authorization control device further includes: a security detection module configured to determine whether the control terminal has connected the USB security key; if the control terminal has connected the USB security key, configure the second authorization file.
  • a security detection module configured to determine whether the control terminal has connected the USB security key; if the control terminal has connected the USB security key, configure the second authorization file.
  • each of the above modules can be implemented through software or hardware.
  • it can be implemented in the following ways, but is not limited to this: the above modules are all located in the same processor; or the above modules can be implemented in any combination.
  • the forms are located in different processors.
  • the embodiments of the authorization control system of the present disclosure are basically the same as the above method embodiments, and will not be described again here.
  • Embodiments of the present disclosure also provide an electronic device.
  • the electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the computer program is executed by the processor, any of the above items are implemented.
  • the above-mentioned processor may be configured to execute any of the above methods through a computer program.
  • the above storage medium may include but is not limited to: U disk, read-only memory (Read-Only Memory, referred to as ROM), random access memory (Random Access Memory, referred to as RAM), Various media that can store computer programs, such as removable hard drives, magnetic disks, or optical disks.
  • ROM read-only memory
  • RAM random access memory
  • Various media that can store computer programs such as removable hard drives, magnetic disks, or optical disks.
  • the disclosed technical content can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of units is only a logical function. It can be divided, and there may be other ways to divide it in actual implementation.
  • multiple units or components can be combined or integrated into another system, or some features can be ignored or not implemented.
  • the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the units or modules may be in electrical or other forms.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

Disclosed are an authorization control method, apparatus and system, and an electronic device and a storage medium, which belong to the technical field of electrical communications. The method comprises: receiving an encrypted second authorization file; decrypting the second authorization file by means of a built-in secret key and a decryptor, wherein the secret key and the decryptor are built into a read-only memory (ROM) of a uni-directional DVB terminal; and in response to the decryption being passed, updating an existing first authorization file of the uni-directional DVB terminal according to the decrypted second authorization file.

Description

授权控制方法、装置、系统、电子设备及存储介质Authorization control methods, devices, systems, electronic equipment and storage media
相关申请的交叉引用Cross-references to related applications
本公开要求享有2022年06月20日提交的名称为“授权控制方法、装置、系统、电子设备及存储介质”的中国专利申请CN202210700456.3的优先权,其全部内容通过引用并入本公开中。This disclosure claims the priority of Chinese patent application CN202210700456.3 titled "Authorization Control Method, Device, System, Electronic Equipment and Storage Medium" submitted on June 20, 2022, the entire content of which is incorporated into this disclosure by reference. .
技术领域Technical field
本公开涉及电通信技术领域,尤其涉及一种授权控制方法、装置、系统、电子设备及存储介质。The present disclosure relates to the field of electronic communication technology, and in particular, to an authorization control method, device, system, electronic equipment and storage medium.
背景技术Background technique
DVB(Digital Video Broadcasting,数字视频广播)是一种面向市场的数字服务体系结构,按照信号传播的顺序可以分成前端系统、传输系统和终端系统。前端系统主要是指数字电视网络的信息源部分,是电视节目信息的交换中心,属于整个数字有线电视系统的核心部分,一般位于例如电视台等节目生产部门;终端系统主要是指数字电视网络的信宿部分,主要提供给数字电视的用户使用,一般指例如机顶盒等用户终端设备。DVB (Digital Video Broadcasting) is a market-oriented digital service architecture that can be divided into front-end systems, transmission systems and terminal systems according to the order of signal propagation. The front-end system mainly refers to the information source part of the digital TV network. It is the exchange center for TV program information. It is the core part of the entire digital cable TV system and is generally located in program production departments such as TV stations. The terminal system mainly refers to the information sink of the digital TV network. Part, mainly provided for digital TV users, generally refers to user terminal equipment such as set-top boxes.
单向DVB终端是符合DVB标准(DVB-S、DVB-C、DVB-T、DVB-SMATV、DVB-MS和DVB-MC)的媒体播放设备,采用的是内容单向传送功能,前端发送内容,终端进行接收。由于内容传送的单向性,DVB终端只能被动接收DVB广播的数据,在DVB终端出售以后,DVB终端生产厂家无法对终端实行控制,在出现商务纠纷的情况下,非常被动。One-way DVB terminal is a media playback device that complies with DVB standards (DVB-S, DVB-C, DVB-T, DVB-SMATV, DVB-MS and DVB-MC). It uses a one-way content transmission function and the front end sends content , the terminal receives. Due to the one-way nature of content transmission, DVB terminals can only passively receive DVB broadcast data. After the DVB terminal is sold, the DVB terminal manufacturer cannot control the terminal and is very passive in the event of business disputes.
发明内容Contents of the invention
本公开实施例提供了一种授权控制方法、装置、电子设备及存储介质。Embodiments of the present disclosure provide an authorization control method, device, electronic device, and storage medium.
根据本公开实施例的一个方面,提供了一种授权控制方法,适用于单向数字视频广播DVB终端,包括:接收加密的第二授权文件;通过内置的密钥和解密器对所述第二授权文件进行解密,其中,所述密钥和解密器内置在所述单向DVB终端的只读存储器ROM中;以及响应于解密通过,根据解密后的所述第二授权文件对所述单向DVB终端已有的第一授权文件进行更新。According to an aspect of an embodiment of the present disclosure, an authorization control method is provided, which is suitable for one-way digital video broadcasting DVB terminals, including: receiving an encrypted second authorization file; and verifying the second authorization file through a built-in key and decryptor. The authorization file is decrypted, wherein the key and the decryptor are built in the read-only memory ROM of the one-way DVB terminal; and in response to the decryption passing, the one-way DVB terminal is decrypted according to the decrypted second authorization file. The existing first authorization file of the DVB terminal is updated.
根据本公开实施例的另一方面,还提供了一种授权控制方法,适用于单向数字视频广播DVB终端的控制端,包括:配置第二授权文件;以及计算所述第二授权文件的校验数据,对所述第二授权文件和所述校验数据进行加密,得到加密后的第二授权文件。 According to another aspect of the embodiment of the present disclosure, an authorization control method is also provided, which is suitable for the control end of a one-way digital video broadcasting DVB terminal, including: configuring a second authorization file; and calculating a calibration of the second authorization file. The second authorization file and the verification data are encrypted to obtain an encrypted second authorization file.
根据本公开实施例的另一方面,还提供了一种适用于单向数字视频广播DVB终端的第一授权控制装置,所述第一授权控制装置,包括:接收模块,被配置为接收加密的第二授权文件;解密模块,被配置为通过内置的密钥和解密器对所述第二授权文件进行解密,其中,所述密钥和解密器内置在所述单向DVB终端的只读存储器ROM中;以及更新模块,被配置为响应于解密通过,根据解密后的所述第二授权文件对所述单向DVB终端已有的第一授权文件进行更新。According to another aspect of the embodiment of the present disclosure, a first authorization control device suitable for one-way digital video broadcasting DVB terminal is also provided. The first authorization control device includes: a receiving module configured to receive an encrypted a second authorization file; a decryption module configured to decrypt the second authorization file through a built-in key and decryptor, wherein the key and decryptor are built into the read-only memory of the one-way DVB terminal in the ROM; and an update module configured to, in response to the decryption pass, update the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file.
根据本公开实施例的另一方面,还提供了一种适用于单向数字视频广播DVB终端的控制端的第二授权控制装置,所述第二授权控制装置包括:配置模块,被配置为配置第二授权文件;以及加密模块,被配置为计算所述第二授权文件的校验数据,对所述第二授权文件和所述校验数据进行加密,得到加密后的第二授权文件。According to another aspect of the embodiment of the present disclosure, a second authorization control device suitable for a control end of a one-way digital video broadcasting DVB terminal is also provided. The second authorization control device includes: a configuration module configured to configure the first two authorization files; and an encryption module configured to calculate verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
根据本公开实施例的另一方面,还提供了一种授权控制系统,包括单向数字视频广播DVB终端和控制端,所述单向DVB终端包括如上所述的第一授权控制装置;所述控制端包括如上所述的第二授权控制装置。According to another aspect of the embodiment of the present disclosure, an authorization control system is also provided, including a one-way digital video broadcasting DVB terminal and a control end, where the one-way DVB terminal includes the first authorization control device as described above; The control end includes the second authorization control device as described above.
根据本公开实施例的另一方面,还提供了一种电子设备,所述电子设备包括存储器、处理器和存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如上任一项所述的授权控制方法。According to another aspect of the embodiment of the present disclosure, an electronic device is also provided. The electronic device includes a memory, a processor, and a computer program stored on the memory and executable on the processor. The computer When the program is executed by the processor, the authorization control method as described in any of the above items is implemented.
根据本公开实施例的另一方面,还提供了一种存储介质,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上任一项所述的授权控制方法。According to another aspect of the embodiment of the present disclosure, a storage medium is also provided. A computer program is stored on the storage medium. When the computer program is executed by a processor, the authorization control method as described in any one of the above items is implemented.
本公开实施例还提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行如上任一项所述的授权控制方法。Embodiments of the present disclosure also provide a computer program product containing instructions that, when run on a computer, cause the computer to execute any of the authorization control methods described above.
附图说明Description of the drawings
此处所说明的附图用来提供对本公开的进一步理解,构成本公开的一部分,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的不当限定。在附图中:The drawings described here are used to provide a further understanding of the present disclosure and constitute a part of the present disclosure. The illustrative embodiments of the present disclosure and their descriptions are used to explain the present disclosure and do not constitute an improper limitation of the present disclosure. In the attached picture:
图1是本公开实施例的一种计算机的硬件结构框图;Figure 1 is a hardware structural block diagram of a computer according to an embodiment of the present disclosure;
图2是根据本公开实施例的一种适用于单向数字视频广播DVB终端的授权控制方法的流程示意图;Figure 2 is a schematic flow chart of an authorization control method suitable for one-way digital video broadcasting DVB terminals according to an embodiment of the present disclosure;
图3为本公开实施例中根据解密后的所述第二授权文件对所述单向DVB终端已有的第一授权文件进行更新之后的步骤流程示意图;Figure 3 is a schematic flow chart of the steps after updating the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file in an embodiment of the present disclosure;
图4是根据本公开实施例的一种适用于单向数字视频广播DVB终端的控制端的授权控制方法的流程图;Figure 4 is a flow chart of an authorization control method suitable for the control end of a one-way digital video broadcast DVB terminal according to an embodiment of the present disclosure;
图5为本公开实施例一个实施场景中的授权文件制作流程示意图; Figure 5 is a schematic diagram of the authorization file production process in an implementation scenario of the embodiment of the present disclosure;
图6为本公开实施例一个实施场景中更新的授权文件的发送流程示意图;Figure 6 is a schematic diagram of the sending process of an updated authorization file in an implementation scenario of an embodiment of the present disclosure;
图7为本公开实施例一个实施场景中的授权文件的控制流程示意图;Figure 7 is a schematic diagram of the control flow of an authorization file in an implementation scenario of an embodiment of the present disclosure;
图8是根据本公开实施例的一种适用于单向数字视频广播DVB终端的第一授权控制装置的结构框图;以及Figure 8 is a structural block diagram of a first authorization control device suitable for one-way digital video broadcasting DVB terminal according to an embodiment of the present disclosure; and
图9是根据本公开实施例的一种适用于单向数字视频广播DVB终端的控制端的第二授权控制装置的结构框图。Figure 9 is a structural block diagram of a second authorization control device suitable for the control end of a one-way digital video broadcast DVB terminal according to an embodiment of the present disclosure.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本公开方案,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本公开一部分的实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本公开保护的范围。需要说明的是,在不冲突的情况下,本公开中的实施例及实施例中的特征可以相互组合。In order to enable those skilled in the art to better understand the present disclosure, the following will clearly and completely describe the technical solutions in the present disclosure embodiments in conjunction with the accompanying drawings. Obviously, the described embodiments are only These are part of the embodiments of this disclosure, not all of them. Based on the embodiments in this disclosure, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of this disclosure. It should be noted that, as long as there is no conflict, the embodiments and features in the embodiments of the present disclosure can be combined with each other.
需要说明的是,本公开的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本公开的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second", etc. in the description and claims of the present disclosure and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments of the disclosure described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, e.g., a process, method, product or apparatus that encompasses a series of steps or units need not be limited to those steps explicitly listed or units, but may include other steps or units not expressly listed or inherent to such processes, methods, products or devices.
本公开实施例所提供的方法实施例可以在手机、计算机、平板或者类似的运算装置中执行。以运行在计算机上为例,图1是本公开实施例的一种计算机的硬件结构框图。如图1所示,计算机可以包括一个或多个(图1中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)和用于存储数据的存储器104,可选地,上述计算机还可以包括用于通信功能的传输设备106以及输入输出设备108。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述计算机的结构造成限定。例如,计算机还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The method embodiments provided by the embodiments of the present disclosure can be executed on a mobile phone, computer, tablet, or similar computing device. Taking running on a computer as an example, FIG. 1 is a hardware structure block diagram of a computer according to an embodiment of the present disclosure. As shown in Figure 1, the computer may include one or more (only one is shown in Figure 1) processors 102 (the processor 102 may include but is not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA) and A memory 104 for storing data. Optionally, the above-mentioned computer may also include a transmission device 106 and an input and output device 108 for communication functions. Persons of ordinary skill in the art can understand that the structure shown in Figure 1 is only illustrative and does not limit the structure of the above-mentioned computer. For example, the computer may also include more or fewer components than shown in FIG. 1 , or have a different configuration than that shown in FIG. 1 .
存储器104可用于存储计算机程序,例如,应用软件的软件程序以及模块,如本公开实施例中的一种授权控制方法对应的计算机程序,处理器102通过运行存储在存储器104内的计算机程序,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、 或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至计算机。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store computer programs, for example, software programs and modules of application software, such as a computer program corresponding to an authorization control method in an embodiment of the present disclosure. The processor 102 runs the computer program stored in the memory 104, thereby Execute various functional applications and data processing, that is, implement the above methods. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 104 may further include memory located remotely from processor 102, and these remote memories may be connected to the computer through a network. Examples of the above-mentioned networks include but are not limited to the Internet, intranets, local area networks, mobile communication networks and combinations thereof.
传输设备106用于经由一个网络接收或者发送数据。上述的网络实例可包括计算机的通信供应商提供的无线网络。在一个实例中,传输设备106包括一个网络适配器(Network Interface Controller,简称为NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输设备106可以为射频(Radio Frequency,简称为RF)模块,其用于通过无线方式与互联网进行通讯。Transmission device 106 is used to receive or send data via a network. Examples of the networks described above may include wireless networks provided by the computer's communications provider. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, NIC for short), which can be connected to other network devices through a base station to communicate with the Internet. In one example, the transmission device 106 may be a radio frequency (Radio Frequency, RF for short) module, which is used to communicate with the Internet wirelessly.
本实施例中提供了一种授权控制方法,图2是根据本公开实施例的一种适用于单向数字视频广播DVB终端的授权控制方法的流程示意图,如图2所示,该流程包括如下步骤S11至S13。This embodiment provides an authorization control method. Figure 2 is a schematic flow chart of an authorization control method suitable for one-way digital video broadcasting DVB terminals according to an embodiment of the present disclosure. As shown in Figure 2, the process includes the following Steps S11 to S13.
步骤S11,接收加密的第二授权文件。Step S11: Receive the encrypted second authorization file.
本公开实施例中提出的授权控制方法适用于单向数字视频广播DVB终端,单向数字视频广播DVB终端可以是内容单向传输的机顶盒、接收卡、数字电视机、移动设备等。The authorization control method proposed in the embodiments of the present disclosure is applicable to one-way digital video broadcasting DVB terminals. The one-way digital video broadcasting DVB terminals can be set-top boxes, receiving cards, digital televisions, mobile devices, etc. that transmit one-way content.
DVB终端厂商通过特定的电脑端工具配置生成加密的第二授权文件,在一些实施方式中,终端厂商可以通过串口或者烧录工具将制作好的加密的第二授权文件发送到单向数字视频广播DVB终端,DVB终端通过串口或者烧录工具接收终端厂商制作的加密的第二授权文件。一般地,该接收加密的第二授权文件的方式用于DVB终端出厂前的生产流程中。DVB terminal manufacturers generate encrypted second authorization files through specific computer tool configurations. In some implementations, terminal manufacturers can send the encrypted second authorization files to one-way digital video broadcasters through serial ports or burning tools. DVB terminal: The DVB terminal receives the encrypted second authorization file produced by the terminal manufacturer through the serial port or burning tool. Generally, this method of receiving the encrypted second authorization file is used in the production process before the DVB terminal leaves the factory.
在另一些实施方式中,终端厂商还可以将加密的第二授权文件通过DVB码流转换器转换成标准DVB协议的码流,之后将DVB标准的第二授权文件的码流在前端进行播发,DVB终端通过有线信道或者卫星信道等方式接收加密的第二授权文件的码流数据。一般地,该方式运用在DVB终端售出后的场景中。In other implementations, the terminal manufacturer can also convert the encrypted second authorization file into a code stream of the standard DVB protocol through a DVB code stream converter, and then broadcast the code stream of the DVB standard second authorization file on the front end. The DVB terminal receives the code stream data of the encrypted second authorization file through a cable channel or a satellite channel. Generally, this method is used in scenarios after the DVB terminal is sold.
步骤S12,通过内置的密钥和解密器对第二授权文件进行解密。密钥和解密器内置在单向DVB终端的只读存储器ROM中。Step S12: Decrypt the second authorization file using the built-in key and decryptor. The key and decryptor are built into the read-only memory ROM of the one-way DVB terminal.
本公开实施例中在接收加密的第二授权文件后,需要对加密的第二授权文件进行解密,解密的方式是通过内置在DVB终端的密钥和解密器实现。密钥表征为一段数据,解密器表征为一种算法,密钥与加密的第二授权文件输入到解密器中,解密器验证密钥的正确性并对加密的授权文件进行解密,从而得到解密后的明文授权文件。密钥和解密器内置在单向DVB终端的只读存储器ROM中,可以是在DVB终端生产制作流程中直接将密钥和解密器写入DVB终端的ROM中。In this disclosed embodiment, after receiving the encrypted second authorization file, the encrypted second authorization file needs to be decrypted. The decryption method is implemented through a key and decryptor built in the DVB terminal. The key is represented as a piece of data, and the decryptor is represented as an algorithm. The key and the encrypted second authorization file are input into the decryptor. The decryptor verifies the correctness of the key and decrypts the encrypted authorization file to obtain the decryption. explicit authorization document. The key and decryptor are built into the read-only memory ROM of the one-way DVB terminal. The key and decryptor can be directly written into the ROM of the DVB terminal during the production process of the DVB terminal.
步骤S13,若解密通过,则根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新。 Step S13, if the decryption is successful, the existing first authorization file of the one-way DVB terminal is updated according to the decrypted second authorization file.
对加密的第一授权文件解密通过后,本公开实施例根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新,将已有的第一授权文件替换更新为第二授权文件。After the encrypted first authorization file is decrypted, the embodiment of the present disclosure updates the existing first authorization file of the one-way DVB terminal based on the decrypted second authorization file, and replaces and updates the existing first authorization file with the second authorization file. 2. Authorization documents.
本公开实施例通过接收加密的第二授权文件,根据内置在单向DVB终端的只读存储器ROM中的密钥和解密器对第二授权文件进行解密,之后根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新,实现了在DVB终端售出后,仍可以远程进行授权文件的更新,解决了相关技术终端厂家无法对单向DVB终端进行授权控制的技术问题。The embodiment of the present disclosure receives the encrypted second authorization file, decrypts the second authorization file according to the key and decryptor built in the read-only memory ROM of the one-way DVB terminal, and then decrypts the second authorization file according to the decrypted second authorization file. The existing first authorization file of the one-way DVB terminal is updated, which enables the authorization file to be updated remotely after the DVB terminal is sold, solving the technical problem that related technical terminal manufacturers cannot perform authorization control on the one-way DVB terminal. .
参照图3,图3为本公开实施例中根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新之后的步骤流程示意图,在本公开实施例中,步骤S13之后,方法还包括步骤S14至S16。Referring to Figure 3, Figure 3 is a schematic flow chart of the steps after updating the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file in the embodiment of the present disclosure. In the embodiment of the present disclosure, after step S13 , the method also includes steps S14 to S16.
S14,获取当前时间以及第二授权文件的有效时间。S14, obtain the current time and the validity time of the second authorization file.
本公开实施例中授权文件存在有效期,超过规定的有效期限,则授权文件无效。In the embodiment of the present disclosure, the authorization file has a validity period. If the specified validity period is exceeded, the authorization file is invalid.
在实施方式中,获取当前时间的方式可以是通过加装时钟芯片获取得到,也可以是DVB终端通过无线或有线广播获取得到,第二授权文件的有效时间为授权文件包含的信息,通过对授权文件进行解密可获取该授权文件规定的有效期。In an embodiment, the current time can be obtained by installing a clock chip, or by a DVB terminal through wireless or wired broadcasting. The validity time of the second authorization file is the information contained in the authorization file. Decrypt the file to obtain the validity period specified in the authorization file.
S15,根据当前时间以及有效时间判断授权是否到期。S15: Determine whether the authorization has expired based on the current time and validity time.
若获取到的当前时间超出授权文件的有效时间,说明授权文件到期;若当前时间未超出授权文件的有效时间,说明授权文件未到期,仍在有效期。If the current time obtained exceeds the validity time of the authorization file, it means that the authorization file has expired; if the current time does not exceed the validity time of the authorization file, it means that the authorization file has not expired and is still valid.
S16,若授权到期,则禁用DVB终端的直播业务。S16, if the authorization expires, the live broadcast service of the DVB terminal is disabled.
若授权文件到期,本公开实施例则禁用DVB终端的直播业务,使DVB终端无法对前端广播的数字视频进行播放。If the authorization file expires, the embodiment of the present disclosure disables the live broadcast service of the DVB terminal, so that the DVB terminal cannot play the digital video broadcasted by the front end.
本公开实施例中授权文件存在有效期,通过根据当前时间以及第二授权文件的有效时间判断授权文件是否到期,若到期则禁用DVB终端的直播业务,从而实现对DVB终端的禁用控制。In the embodiment of the present disclosure, the authorization file has a validity period. By judging whether the authorization file has expired based on the current time and the validity time of the second authorization file, and if it expires, the live broadcast service of the DVB terminal is disabled, thereby realizing the disabling control of the DVB terminal.
在本公开实施例一些实施方式中,若解密通过,则根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新包括:若解密通过,提取第二授权文件的校验数据,对解密后的授权文件进行校验;若校验通过,则根据第二授权文件对单向DVB终端已有的第一授权文件进行更新。In some implementations of this disclosure, if the decryption is passed, updating the existing first authorization file of the one-way DVB terminal based on the decrypted second authorization file includes: if the decryption is passed, extracting the calibration of the second authorization file. Verification data is used to verify the decrypted authorization file; if the verification passes, the existing first authorization file of the one-way DVB terminal is updated based on the second authorization file.
为了保证授权文件的正确性,本公开实施例中还对解密通过的第二授权文件进行校验,进行校验的方式可以是奇偶校验、CRC(Cyclic Redundancy Check,循环冗余校验)、LRC(Longitudinal Redundancy Check,纵向冗余校验)、格雷码校验、和校验、异或校验等。比如,DVB终端使用与制作授权文件时相同的预设算法对第二授权文件进行计算,得到一个校验值,将该校验值与提取的第二授权文件的校验数据进行比较,如果计算得到的检验 值与校验数据中的校验值相同,则说明第二授权文件是完整正确的,则根据第二授权文件对单向DVB终端已有的第一授权文件进行更新。In order to ensure the correctness of the authorization file, in the embodiment of the present disclosure, the second authorization file that passes the decryption is also verified. The verification method may be parity check, CRC (Cyclic Redundancy Check, cyclic redundancy check), LRC (Longitudinal Redundancy Check), Gray code check, sum check, XOR check, etc. For example, the DVB terminal uses the same preset algorithm used when making the authorization file to calculate the second authorization file to obtain a check value. The check value is compared with the extracted check data of the second authorization file. If calculated test obtained If the value is the same as the check value in the check data, it means that the second authorization file is complete and correct, and the existing first authorization file of the one-way DVB terminal is updated according to the second authorization file.
本公开实施例通过对第二授权文件进行校验,从而保证授权文件的完整性和正确性,防止授权文件在传输过程中的发生差错。The embodiment of the present disclosure verifies the second authorization file to ensure the integrity and correctness of the authorization file and prevent errors in the transmission process of the authorization file.
本实施例中还提供了一种授权控制方法,图4是根据本公开实施例的一种适用于单向数字视频广播DVB终端的控制端的授权控制方法的流程图,如图4所示,该流程包括如下步骤S21至S22。This embodiment also provides an authorization control method. Figure 4 is a flow chart of an authorization control method suitable for the control end of a one-way digital video broadcast DVB terminal according to an embodiment of the present disclosure. As shown in Figure 4, the The process includes the following steps S21 to S22.
S21,配置第二授权文件。S21, configure the second authorization file.
本公开实施例中提出的授权控制方法适用于单向数字视频广播DVB终端的控制端,控制端可实现对DVB终端的控制,可以是计算机、手机、服务器等类似具有运算处理功能的控制终端。The authorization control method proposed in the embodiment of the present disclosure is applicable to the control end of a one-way digital video broadcasting DVB terminal. The control end can control the DVB terminal, and can be a computer, a mobile phone, a server, or other similar control terminals with computing and processing functions.
本公开实施通过控制端来配置生成第二授权文件,比如,通过电脑并使用电脑上特定的PC工具(Tool)配置生成第二授权文件。配置第二授权文件包括配置第二授权文件的终端标识号、终端批次、到期日期、文件校验其中至少之一。The present disclosure implements configuration and generation of the second authorization file through the control terminal, for example, through a computer and using a specific PC tool (Tool) on the computer to configure and generate the second authorization file. Configuring the second authorization file includes configuring at least one of the terminal identification number, terminal batch, expiration date, and file verification of the second authorization file.
S22,计算第二授权文件的校验数据,对第二授权文件和校验数据进行加密,得到加密后的第二授权文件。S22: Calculate the verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain the encrypted second authorization file.
本公开实施例中计算第二授权文件的校验数据的方式可以是奇偶校验、CRC校验、LRC校验、格雷码校验、和校验、异或校验等;对第二授权文件和校验数据进行加密的方式可以是对称加密、非对称加密、单项加密等,本公开实施例不做具体限制。在实施方式中,可以使用加密工具对第二授权文件进行加密,加密工具内置密钥和加密器,可对授权文件进行加密。In the embodiment of the present disclosure, the method of calculating the check data of the second authorization file may be parity check, CRC check, LRC check, Gray code check, sum check, XOR check, etc.; for the second authorization file The method of encrypting the verification data may be symmetric encryption, asymmetric encryption, single encryption, etc., and is not specifically limited in this disclosed embodiment. In an embodiment, an encryption tool can be used to encrypt the second authorization file. The encryption tool has a built-in key and an encryptor and can encrypt the authorization file.
本公开实施例通过对配置的第二授权文件计算第二授权文件的校验数据,将第二授权文件和校验数据进行加密,从而得到加密后的第二授权文件。The embodiment of the present disclosure calculates the verification data of the second authorization file for the configured second authorization file, and encrypts the second authorization file and the verification data, thereby obtaining an encrypted second authorization file.
在本公开实施例一些实施方式中,在得到加密后的第二授权文件之后,该方法还包括:通过DVB码流转换器将加密后的第二授权文件转换成DVB协议的码流数据;通过操作前端复用器向DVB终端发送码流数据。In some implementations of the embodiments of the present disclosure, after obtaining the encrypted second authorization file, the method further includes: converting the encrypted second authorization file into code stream data of the DVB protocol through a DVB code stream converter; Operate the front-end multiplexer to send code stream data to the DVB terminal.
DVB码流转换器是一种按照DVB技术协议将授权文件转换成DVB码流的转换工具,可将加密后的第二授权文件转换成DVB协议的stream(码流)数据。DVB code stream converter is a conversion tool that converts authorized files into DVB code streams according to the DVB technology protocol. It can convert the encrypted second authorization file into stream data of the DVB protocol.
前端复用器是一个码流处理设备,是DVB前端系统中非常重要的部分,可将多路传输流合成一路传输流进行发送。The front-end multiplexer is a code stream processing device and a very important part of the DVB front-end system. It can combine multiple transport streams into one transport stream for transmission.
DVB终端在出厂前的生产制作流程中,将初始的授权文件内置到DVB终端的ROM中较为方便,比如可以大批量地直接将授权文件烧录到ROM中,但在DVB终端售出后,这 种方式则不太适用。因此,本公开实施例中,通过DVB码流转换器将加密后的第二授权文件转换成DVB协议的码流数据,第二授权文件stream码流数据可在DVB系统中进行传输,从而实现向DVB终端发送第二授权文件。During the production process of DVB terminals before leaving the factory, it is more convenient to build the initial authorization file into the ROM of the DVB terminal. For example, the authorization files can be burned directly into the ROM in large quantities. However, after the DVB terminal is sold, this This method is not suitable. Therefore, in the embodiment of the present disclosure, the encrypted second authorization file is converted into code stream data of the DVB protocol through a DVB code stream converter, and the second authorization file stream code stream data can be transmitted in the DVB system, thereby realizing The DVB terminal sends the second authorization file.
在一些实施方式中,配置第二授权文件之前,该方法包括:判断控制端是否已连接USB安全密钥;若控制端已连接USB安全密钥,则执行配置第二授权文件。In some implementations, before configuring the second authorization file, the method includes: determining whether the control terminal has connected the USB security key; if the control terminal has connected the USB security key, configuring the second authorization file.
USB安全密钥,也称USB安全KEY,是一种USB接口的硬件设备,内置单片机或智能卡芯片,有一定的存储空间,可以存储用户的私钥以及数字证书,利用USB Key内置的公钥算法实现对用户身份的认证。USB security key, also called USB security KEY, is a USB interface hardware device with a built-in microcontroller or smart card chip. It has a certain storage space and can store the user's private key and digital certificate, using the USB Key's built-in public key algorithm. Authentication of user identity.
为了保证数据安全,本公开实施例在控制端配置第二授权文件之前,还进行登录安全身份认证工作。通过判断控制端的USB接口是否已连接USB安全密钥来确认配置授权文件的环境的安全性。In order to ensure data security, the embodiment of the present disclosure also performs login security identity authentication before configuring the second authorization file on the control end. Confirm the security of the environment in which the authorization file is configured by determining whether the USB security key is connected to the USB interface of the control end.
以下,参照图5、图6、图7,为本公开实施例中的一个实施场景做完整的解释说明。Below, with reference to Figures 5, 6, and 7, an implementation scenario in the embodiment of the present disclosure will be fully explained.
如图5所示,图5为本公开实施例一个实施场景中的授权文件制作流程示意图。本公开实施场景中DVB终端在生产制作时由PC工具制作授权文件并将授权文件内嵌入DVB终端ROM中,PC工具启动后,检测USB接口是否已连接USB安全key,若没有,则不允许运行授权文件制作过程;若USB接口安全key已连接并启动,则使用PC工具配置授权文件信息,配置的授权文件包括终端标识号、终端批次信息、到期日期、文件校验等信息,之后计算授权文件的校验数据进行校验,通过密钥和加密器对授权文件进行加密,得到加密的密文授权文件,将加密的授权文件嵌入到DVB终端生产ROM中,其中,加密密钥由终端提供商持有,加密算法私有,内置在PC工具中。As shown in Figure 5, Figure 5 is a schematic diagram of the authorization file production process in an implementation scenario of an embodiment of the present disclosure. In the implementation scenario of this disclosure, when the DVB terminal is produced, the PC tool creates an authorization file and embeds the authorization file into the DVB terminal ROM. After the PC tool is started, it detects whether the USB interface is connected to the USB security key. If not, it is not allowed to run. Authorization file production process; if the USB interface security key is connected and started, use PC tools to configure the authorization file information. The configured authorization file includes terminal identification number, terminal batch information, expiration date, file verification and other information, and then calculate Verify the verification data of the authorization file, encrypt the authorization file through the key and encryptor, obtain the encrypted ciphertext authorization file, and embed the encrypted authorization file into the DVB terminal production ROM, where the encryption key is provided by the terminal Provider-held, encryption algorithms are private and built into PC tools.
如图6所示,图6为本公开实施例一个实施场景中更新的授权文件的发送流程示意图。经上述流程内嵌加密的授权文件的DVB终端售出后,若需要对终端现行的授权文件进行更新,终端供应商或者生产厂家参照图5同样的制作流程制作新的授权文件,之后通过DVB stream(码流)转换器将授权文件转换成标准DVB协议的stream码流,操作前端的复用器,将DVB标准的码流,在前端进行播发,发送至DVB终端。As shown in FIG. 6 , FIG. 6 is a schematic diagram of the sending process of an updated authorization file in an implementation scenario of an embodiment of the present disclosure. After the DVB terminal with the encrypted authorization file embedded in the above process is sold, if the current authorization file of the terminal needs to be updated, the terminal supplier or manufacturer can refer to the same production process in Figure 5 to create a new authorization file, and then use DVB stream The (code stream) converter converts the authorization file into a stream code stream of the standard DVB protocol, operates the front-end multiplexer, and broadcasts the DVB standard code stream on the front end and sends it to the DVB terminal.
如图7所示,图7为本公开实施例一个实施场景中的授权文件的控制流程示意图。DVB终端启动,尝试接收授权文件,若发现新的授权文件,则进行数据接收,授权文件接收之后,使用集成在终端中的密钥和解密器,对授权文件进行解密,对解密后的授权文件进行校验,若校验通过,则更新终端ROM中已有的授权文件,若校验不通过,则判断授权文件是否已经到期,如果授权到期,禁用DVB终端收看直播内容的核心功能,授权文件没有到期,则DVB终端全功能运行。若在DVB终端尝试接收授权文件步骤中,没有发现新的授权文件,则执行判断授权文件是否已到期步骤,若到期则禁用DVB终端直播业务。 As shown in Figure 7, Figure 7 is a schematic diagram of the control flow of an authorization file in an implementation scenario of an embodiment of the present disclosure. The DVB terminal starts and tries to receive the authorization file. If a new authorization file is found, the data is received. After the authorization file is received, the authorization file is decrypted using the key and decryptor integrated in the terminal, and the decrypted authorization file is Perform verification. If the verification passes, update the existing authorization file in the terminal ROM. If the verification fails, determine whether the authorization file has expired. If the authorization expires, disable the core function of the DVB terminal to watch live content. If the authorization file has not expired, the DVB terminal will run with full functionality. If no new authorization file is found during the step of the DVB terminal trying to receive the authorization file, the step of determining whether the authorization file has expired will be performed. If it has expired, the DVB terminal live broadcast service will be disabled.
本公开实施例通过PC工具制作新的授权文件,通过DVB stream转换器将新的授权文件转换成标准DVB协议的stream码流,在前端进行播发,发送至DVB终端,DVB终端根据新的授权文件进行更新,若授权文件授权到期,则禁用DVB终端核心的收看直播内容功能,通过本公开实施例,终端厂商在DVB终端售出后,可通过授权文件对DVB授权和禁用进行控制,解决了终端厂家无法对单向DVB终端进行授权控制的技术问题。This disclosed embodiment uses PC tools to create a new authorization file, converts the new authorization file into a standard DVB protocol stream through a DVB stream converter, broadcasts it on the front end, and sends it to the DVB terminal. The DVB terminal uses the new authorization file according to the new authorization file. Update, if the authorization file authorization expires, the core function of watching live content of the DVB terminal is disabled. Through the embodiment of the present disclosure, the terminal manufacturer can control DVB authorization and disabling through the authorization file after the DVB terminal is sold, solving the problem The technical problem is that terminal manufacturers cannot perform authorization control on one-way DVB terminals.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本公开的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本公开各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is Better implementation. Based on this understanding, the technical solution of the present disclosure can be embodied in the form of a software product in essence or that contributes to related technologies. The computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk). ), includes several instructions to cause a terminal device (which can be a mobile phone, computer, server, or network device, etc.) to execute the methods described in various embodiments of the present disclosure.
在本实施例中还提供了一种适用于单向数字视频广播DVB终端的第一授权控制装置,用于实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。This embodiment also provides a first authorization control device suitable for one-way digital video broadcasting DVB terminals, which is used to implement the above embodiments and optional implementations. What has been described will not be described again. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
图8是根据本公开实施例的一种适用于单向数字视频广播DVB终端的第一授权控制装置的结构框图,如图8所示,第一授权控制装置包括:接收模块100、解密模块200、更新模块300。Figure 8 is a structural block diagram of a first authorization control device suitable for one-way digital video broadcasting DVB terminals according to an embodiment of the present disclosure. As shown in Figure 8, the first authorization control device includes: a receiving module 100 and a decryption module 200 , update module 300.
接收模块100,被配置为接收加密的第二授权文件。The receiving module 100 is configured to receive the encrypted second authorization file.
解密模块200,被配置为通过内置的密钥和解密器对第二授权文件进行解密。密钥和解密器内置在单向DVB终端的只读存储器ROM中。The decryption module 200 is configured to decrypt the second authorization file through a built-in key and decryptor. The key and decryptor are built into the read-only memory ROM of the one-way DVB terminal.
更新模块300,被配置为若解密通过,则根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新。The update module 300 is configured to update the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file if the decryption is passed.
可选地,第一授权控制装置还包括:获取模块,被配置为获取当前时间以及第二授权文件的有效时间;判断模块,被配置为根据当前时间以及有效时间判断授权是否到期;以及禁用模块,被配置为若授权到期,则禁用DVB终端的直播业务。Optionally, the first authorization control device further includes: an acquisition module configured to obtain the current time and the validity time of the second authorization file; a determination module configured to determine whether the authorization has expired based on the current time and the validity time; and disable The module is configured to disable the live broadcast service of the DVB terminal if the authorization expires.
可选地,更新模块包括:校验单元,被配置为若解密通过,提取第二授权文件的校验数据,对解密后的第二授权文件进行校验;以及更新子单元,被配置为若校验通过,则根据第二授权文件对单向DVB终端已有的第一授权文件进行更新。Optionally, the update module includes: a verification unit configured to extract the verification data of the second authorization file if the decryption is passed, and verify the decrypted second authorization file; and an update subunit configured to if If the verification passes, the existing first authorization file of the one-way DVB terminal is updated according to the second authorization file.
图9是根据本公开实施例的一种适用于单向数字视频广播DVB终端的控制端的第二授权控制装置的结构框图,如图9所示,第二授权控制装置包括:配置模块400以及加密模块500。 Figure 9 is a structural block diagram of a second authorization control device suitable for the control end of a one-way digital video broadcast DVB terminal according to an embodiment of the present disclosure. As shown in Figure 9, the second authorization control device includes: a configuration module 400 and an encryption module. Module 500.
配置模块400,被配置为配置第二授权文件。The configuration module 400 is configured to configure the second authorization file.
加密模块500,被配置为计算第二授权文件的校验数据,对第二授权文件和校验数据进行加密,得到加密后的第二授权文件。The encryption module 500 is configured to calculate the verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
可选地,第二授权控制装置还包括:发送模块,被配置为通过DVB码流转换器将加密后的第二授权文件转换成DVB协议的码流数据;以及通过操作前端复用器向DVB终端发送码流数据。Optionally, the second authorization control device further includes: a sending module configured to convert the encrypted second authorization file into DVB protocol code stream data through a DVB code stream converter; and by operating the front-end multiplexer to the DVB The terminal sends code stream data.
可选地,第二授权控制装置还包括:安全检测模块,被配置为判断控制端是否已连接USB安全密钥;若控制端已连接USB安全密钥,则执行配置第二授权文件。Optionally, the second authorization control device further includes: a security detection module configured to determine whether the control terminal has connected the USB security key; if the control terminal has connected the USB security key, configure the second authorization file.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述各个模块以任意组合的形式分别位于不同的处理器中。It should be noted that each of the above modules can be implemented through software or hardware. For the latter, it can be implemented in the following ways, but is not limited to this: the above modules are all located in the same processor; or the above modules can be implemented in any combination. The forms are located in different processors.
本公开的实施例还提供了一种授权控制系统,包括单向数字视频广播DVB终端和控制端。单向DVB终端包括如上的第一授权控制装置;控制端包括如上的第二授权控制装置。Embodiments of the present disclosure also provide an authorization control system, including a one-way digital video broadcast DVB terminal and a control terminal. The one-way DVB terminal includes the above first authorization control device; the control terminal includes the above second authorization control device.
可选地,本公开授权控制系统的实施例与上述方法各实施例基本相同,在此不作赘述。Optionally, the embodiments of the authorization control system of the present disclosure are basically the same as the above method embodiments, and will not be described again here.
本公开的实施例还提供了一种电子设备,该电子设备包括存储器、处理器和存储在存储器上并可在处理器上运行的计算机程序,计算机程序被处理器执行时实现如上任一项所述的授权控制方法。Embodiments of the present disclosure also provide an electronic device. The electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the computer program is executed by the processor, any of the above items are implemented. The authorization control method described above.
可选地,上述电子设备还可以包括传输设备以及输入输出设备。该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。Optionally, the above-mentioned electronic device may also include a transmission device and an input and output device. The transmission device is connected to the above-mentioned processor, and the input and output device is connected to the above-mentioned processor.
可选地,在本实施例中,上述处理器可以被设置为通过计算机程序执行上述任一项方法。Optionally, in this embodiment, the above-mentioned processor may be configured to execute any of the above methods through a computer program.
本公开的实施例还提供了一种存储介质,存储介质上存储有计算机程序,计算机程序被处理器执行时实现如上任一项的授权控制方法。Embodiments of the present disclosure also provide a storage medium. A computer program is stored on the storage medium. When the computer program is executed by a processor, any one of the above authorization control methods is implemented.
可选地,本公开存储介质的实施例与上述方法各实施例基本相同,在此不作赘述。Optionally, the embodiments of the storage medium of the present disclosure are basically the same as the above-mentioned method embodiments, and will not be described again here.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储计算机程序的介质。Optionally, in this embodiment, the above storage medium may include but is not limited to: U disk, read-only memory (Read-Only Memory, referred to as ROM), random access memory (Random Access Memory, referred to as RAM), Various media that can store computer programs, such as removable hard drives, magnetic disks, or optical disks.
上述本公开实施例序号仅仅为了描述,不代表实施例的优劣。The above serial numbers of the embodiments of the present disclosure are only for description and do not represent the advantages and disadvantages of the embodiments.
在本公开的上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments of the present disclosure, each embodiment is described with its own emphasis. For parts that are not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.
在本公开所提供的几个实施例中,应该理解到,所揭露的技术内容,可通过其它的方式实现。以上所描述的装置实施例仅仅是示意性的,例如单元的划分,仅仅为一种逻辑功 能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,单元或模块的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this disclosure, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are only illustrative. For example, the division of units is only a logical function. It can be divided, and there may be other ways to divide it in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the units or modules may be in electrical or other forms.
作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。A unit described as a separate component may or may not be physically separate. A component shown as a unit may or may not be a physical unit, that is, it may be located in one place, or it may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本公开各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in various embodiments of the present disclosure may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above integrated units can be implemented in the form of hardware or software functional units.
集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本公开的技术方案本质上或者说对相关技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本公开各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Integrated units may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as independent products. Based on this understanding, the technical solution of the present disclosure is essentially or contributes to the relevant technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, It includes several instructions to cause a computer device (which can be a personal computer, a server or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of the present disclosure. The aforementioned storage media include: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk and other media that can store program code. .
本公开实施例通过接收加密的第二授权文件,根据内置在单向DVB终端的只读存储器ROM中的密钥和解密器对第二授权文件进行解密,之后根据解密后的第二授权文件对单向DVB终端已有的第一授权文件进行更新,实现了对DVB终端授权文件的更新,解决了相关技术中终端厂家在DVB终端售出后无法对单向DVB终端进行授权控制的技术问题。The embodiment of the present disclosure receives the encrypted second authorization file, decrypts the second authorization file according to the key and decryptor built in the read-only memory ROM of the one-way DVB terminal, and then decrypts the second authorization file according to the decrypted second authorization file. The existing first authorization file of the one-way DVB terminal is updated, which realizes the update of the DVB terminal authorization file and solves the technical problem in related technologies that the terminal manufacturer cannot perform authorization control on the one-way DVB terminal after the DVB terminal is sold.
以上所述仅是本公开的可选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本公开原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本公开的保护范围。 The above are only optional implementations of the present disclosure. It should be noted that those of ordinary skill in the art can also make several improvements and modifications without departing from the principles of the present disclosure. These improvements and modifications It should also be regarded as the protection scope of this disclosure.

Claims (11)

  1. 一种授权控制方法,适用于单向数字视频广播DVB终端,包括:An authorization control method suitable for one-way digital video broadcasting DVB terminals, including:
    接收加密的第二授权文件;Receive the encrypted second authorization file;
    通过内置的密钥和解密器对所述第二授权文件进行解密,其中,所述密钥和解密器内置在所述单向DVB终端的只读存储器ROM中;以及Decrypt the second authorization file through a built-in key and decryptor, wherein the key and decryptor are built in the read-only memory ROM of the one-way DVB terminal; and
    响应于解密通过,根据解密后的所述第二授权文件对所述单向DVB终端已有的第一授权文件进行更新。In response to the decryption passing, the existing first authorization file of the one-way DVB terminal is updated according to the decrypted second authorization file.
  2. 如权利要求1所述的授权控制方法,其中,在根据解密后的所述第二授权文件对所述单向DVB终端已有的第一授权文件进行更新之后,所述方法还包括:The authorization control method according to claim 1, wherein, after updating the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file, the method further includes:
    获取当前时间以及所述第二授权文件的有效时间;Obtain the current time and the validity time of the second authorization file;
    根据所述当前时间以及所述有效时间判断授权是否到期;以及Determine whether the authorization has expired based on the current time and the validity time; and
    响应于授权到期,禁用DVB终端的直播业务。In response to the authorization expiration, the live broadcast service of the DVB terminal is disabled.
  3. 如权利要求1所述的授权控制方法,其中,所述响应于解密通过,根据解密后的所述第二授权文件对所述单向DVB终端相关的第一授权文件进行更新包括:The authorization control method according to claim 1, wherein in response to the decryption passing, updating the first authorization file related to the one-way DVB terminal according to the decrypted second authorization file includes:
    响应于解密通过,提取所述第二授权文件的校验数据,对解密后的所述第二授权文件进行校验;以及In response to the decryption passing, extract the verification data of the second authorization file, and verify the decrypted second authorization file; and
    响应于校验通过,则根据所述第二授权文件对单向DVB终端已有的第一授权文件进行更新。In response to the verification passing, the existing first authorization file of the one-way DVB terminal is updated according to the second authorization file.
  4. 一种授权控制方法,适用于单向数字视频广播DVB终端的控制端,包括:An authorization control method suitable for the control end of a one-way digital video broadcast DVB terminal, including:
    配置第二授权文件;以及Configure the second authorization file; and
    计算所述第二授权文件的校验数据,对所述第二授权文件和所述校验数据进行加密,得到加密后的第二授权文件。Calculate the verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
  5. 如权利要求4所述的授权控制方法,其中,在得到加密后的第二授权文件之后,所述方法还包括:The authorization control method as claimed in claim 4, wherein after obtaining the encrypted second authorization file, the method further includes:
    通过DVB码流转换器将加密后的第二授权文件转换成DVB协议的码流数据;以及Convert the encrypted second authorization file into code stream data of the DVB protocol through a DVB code stream converter; and
    通过操作前端复用器向所述DVB终端发送所述码流数据。 The code stream data is sent to the DVB terminal by operating a front-end multiplexer.
  6. 如权利要求4所述的授权控制方法,其中,所述配置第二授权文件之前,所述方法包括:The authorization control method according to claim 4, wherein before configuring the second authorization file, the method includes:
    判断所述控制端是否已连接USB安全密钥;以及Determine whether the USB security key is connected to the console; and
    响应于所述控制端已连接USB安全密钥,执行所述配置第二授权文件。In response to the USB security key being connected to the control terminal, the second authorization file is configured.
  7. 一种授权控制装置,适用于单向数字视频广播DVB终端,包括:An authorization control device suitable for one-way digital video broadcasting DVB terminals, including:
    接收模块,被配置为接收加密的第二授权文件;a receiving module configured to receive the encrypted second authorization file;
    解密模块,被配置为通过内置的密钥和解密器对所述第二授权文件进行解密,其中,所述密钥和解密器内置在所述单向DVB终端的只读存储器ROM中;A decryption module configured to decrypt the second authorization file through a built-in key and decryptor, wherein the key and decryptor are built in the read-only memory ROM of the one-way DVB terminal;
    更新模块,被配置为响应于解密通过,根据解密后的所述第二授权文件对所述单向DVB终端已有的第一授权文件进行更新。The update module is configured to, in response to the decryption passing, update the existing first authorization file of the one-way DVB terminal according to the decrypted second authorization file.
  8. 一种授权控制装置,适用于单向数字视频广播DVB终端的控制端,包括:An authorization control device suitable for the control end of a one-way digital video broadcast DVB terminal, including:
    配置模块,被配置为配置第二授权文件;以及a configuration module configured to configure the second authorization file; and
    加密模块,被配置为计算所述第二授权文件的校验数据,对所述第二授权文件和所述校验数据进行加密,得到加密后的第二授权文件。The encryption module is configured to calculate the verification data of the second authorization file, encrypt the second authorization file and the verification data, and obtain an encrypted second authorization file.
  9. 一种授权控制系统,包括单向数字视频广播DVB终端和控制端,其中,An authorization control system includes a one-way digital video broadcast DVB terminal and a control terminal, wherein,
    所述单向DVB终端,包括如权利要求8所述的装置;以及The one-way DVB terminal includes the device as claimed in claim 8; and
    所述控制端,包括如权利要求9所述的装置。The control end includes the device as claimed in claim 9.
  10. 一种电子设备,包括存储器、处理器和存储在所述存储器上并可在所述处理器上运行的计算机程序,其中,所述计算机程序被所述处理器执行时实现如权利要求1至6中任一项所述的授权控制方法。An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the computer program implements claims 1 to 6 when executed by the processor The authorization control method described in any one of the above.
  11. 一种存储介质,其中,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如权利要求1至6中任一项所述的授权控制方法。 A storage medium, wherein a computer program is stored on the storage medium, and when the computer program is executed by a processor, the authorization control method according to any one of claims 1 to 6 is implemented.
PCT/CN2023/100174 2022-06-20 2023-06-14 Authorization control method, apparatus and system, and electronic device and storage medium WO2023246585A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210700456.3 2022-06-20
CN202210700456.3A CN117319691A (en) 2022-06-20 2022-06-20 Authorization control method, device, system, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2023246585A1 true WO2023246585A1 (en) 2023-12-28

Family

ID=89248561

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/100174 WO2023246585A1 (en) 2022-06-20 2023-06-14 Authorization control method, apparatus and system, and electronic device and storage medium

Country Status (2)

Country Link
CN (1) CN117319691A (en)
WO (1) WO2023246585A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160164841A1 (en) * 2013-07-23 2016-06-09 Azuki Systems, Inc. Media distribution system with manifest-based entitlement enforcement
CN108124480A (en) * 2016-12-27 2018-06-05 深圳配天智能技术研究院有限公司 A kind of software authorization method, system and equipment
CN110891187A (en) * 2019-11-30 2020-03-17 广西广播电视信息网络股份有限公司 Program authorization control method of household intelligent terminal
CN110968844A (en) * 2019-12-02 2020-04-07 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium
CN112380501A (en) * 2021-01-19 2021-02-19 北京信安世纪科技股份有限公司 Equipment operation method, device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160164841A1 (en) * 2013-07-23 2016-06-09 Azuki Systems, Inc. Media distribution system with manifest-based entitlement enforcement
CN108124480A (en) * 2016-12-27 2018-06-05 深圳配天智能技术研究院有限公司 A kind of software authorization method, system and equipment
CN110891187A (en) * 2019-11-30 2020-03-17 广西广播电视信息网络股份有限公司 Program authorization control method of household intelligent terminal
CN110968844A (en) * 2019-12-02 2020-04-07 卫盈联信息技术(深圳)有限公司 Software authorization method in off-line state, server and readable storage medium
CN112380501A (en) * 2021-01-19 2021-02-19 北京信安世纪科技股份有限公司 Equipment operation method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN117319691A (en) 2023-12-29

Similar Documents

Publication Publication Date Title
JP4755862B2 (en) Device pairing
US10055553B2 (en) PC secure video path
CN101719910B (en) Terminal equipment for realizing content protection and transmission method thereof
US20050050333A1 (en) System and method for secure broadcast
US20130276019A1 (en) Method and authentication server for verifying access identity of set-top box
EP2437461A1 (en) Key derivation for secure communications
CN102802036A (en) System and method for identifying digital television
US8978057B2 (en) Interoperability of set top box through smart card
CN103370944A (en) Client device and local station with digital rights management and methods for use therewith
US20210232708A1 (en) Method for protecting encrypted control word, hardware security module, main chip and terminal
TWI523534B (en) Method for transmitting and receiving a multimedia content
CN102340702A (en) IPTV (Internet protocol television) network playing system and rights management and descrambling method based on USB (Universal serial bus) Key
WO2012136152A1 (en) Secure transmission method and apparatus for transport stream
CN109600631B (en) Video file encryption and publishing method and device
KR101280740B1 (en) Method to secure access to audio/video content in a decoding unit
WO2023246585A1 (en) Authorization control method, apparatus and system, and electronic device and storage medium
US20110179444A1 (en) Apparatus and method for downloading conditional access images
CN105744321A (en) Broadcasting receiving apparatus and method for controlling thereof
KR20120072030A (en) The apparatus and method for remote authentication
KR20110028784A (en) A method for processing digital contents and system thereof
KR101131067B1 (en) System and method for assigning and verification unique device number of cas client in unidirectional broadcasting network
EP3158769A1 (en) Method and apparatus for providing secure internet protocol media services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23826234

Country of ref document: EP

Kind code of ref document: A1