CN101047829A - Mobile multimedia service implementing method and condition receiving system - Google Patents
Mobile multimedia service implementing method and condition receiving system Download PDFInfo
- Publication number
- CN101047829A CN101047829A CN 200610066550 CN200610066550A CN101047829A CN 101047829 A CN101047829 A CN 101047829A CN 200610066550 CN200610066550 CN 200610066550 CN 200610066550 A CN200610066550 A CN 200610066550A CN 101047829 A CN101047829 A CN 101047829A
- Authority
- CN
- China
- Prior art keywords
- key
- tbek
- receiving end
- encryption
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明提供一种移动多媒体业务实现方法和条件接收系统,本发明通过在现有四层加密结构的基础上,在授权加密层中增加时变密钥TBEK,利用时变密钥TBEK对节目流的加密密钥进行加密,并将时变密钥TBEK的传输过程与移动通信系统相结合,为条件接收系统提供了一种新的移动多媒体业务实现方式,使条件接收系统能够根据时变密钥TBEK的时变周期实现移动多媒体业务的实时计费功能,本发明时变密钥TBEK的时变周期可根据计费的精确程度进行灵活设置;本发明不改变现有的移动多媒体业务实现方法,仅为接收端在偶尔、即兴等情况下收看移动多媒体节目,提供了一种可实现方式;从而实现了提高移动多媒体业务的实现灵活性的目的。
The present invention provides a mobile multimedia service implementation method and a conditional access system. The present invention adds a time-varying key TBEK to the authorized encryption layer on the basis of the existing four-layer encryption structure, and utilizes the time-varying key TBEK to encrypt program streams. The encryption key is encrypted, and the transmission process of the time-varying key TBEK is combined with the mobile communication system, which provides a new way for the conditional access system to realize mobile multimedia services, so that the conditional access system can be based on the time-varying key The time-varying period of TBEK realizes the real-time billing function of mobile multimedia services, and the time-varying period of the time-varying key TBEK of the present invention can be flexibly set according to the accuracy of billing; the present invention does not change the existing mobile multimedia service implementation method, It only provides an achievable way for the receiving end to watch mobile multimedia programs in occasional, impromptu and other situations; thereby achieving the purpose of improving the flexibility of implementing mobile multimedia services.
Description
技术领域technical field
本发明涉及网络通讯技术领域,具体涉及一种基于条件接收的移动多媒体业务实现方法和条件接收系统。The invention relates to the technical field of network communication, in particular to a conditional access-based mobile multimedia service implementation method and a conditional access system.
背景技术Background technique
蜂窝移动通信的发展,大大提高了人们生活空间的移动性,由此催生了越来越大的移动电话使用人群。随着数字多媒体技术的发展,人们已经越来越不能满足于移动终端只能打打电话,发发短信,简单上上网等这样一种状况,对于视音频多媒体信息的需求越来越强烈。人们希望在任何地点,任何时间都可以通过手持终端收看或收听新闻、各类信息、歌曲、视频节目等。3G是一种选择,但是,3G网络并没有完全解决带宽问题,3G所能承载的用户有限,而且收费昂贵。The development of cellular mobile communication has greatly improved the mobility of people's living space, thus giving birth to an increasing number of mobile phone users. With the development of digital multimedia technology, people can no longer be satisfied with the situation that mobile terminals can only make calls, send text messages, and simply surf the Internet. The demand for audio-visual multimedia information is becoming stronger and stronger. People hope that they can watch or listen to news, various information, songs, video programs, etc. through handheld terminals at any place and any time. 3G is an option, but the 3G network does not completely solve the bandwidth problem, the number of users that 3G can carry is limited, and the charges are expensive.
多媒体信息具有很强的非对称性,而且很多信息是大众共同想获取的信息,具有很强的共性。由于广播能够使用最少的资源让大众获取这些共同的信息,于是,充分考虑了终端移动特性的移动数字多媒体广播应运而生。欧洲ETSI的DVB-H,美国的MediaFLO,韩国的S-DMB,都属于这样的多媒体广播系统。Multimedia information has a strong asymmetry, and a lot of information is the information that the public wants to obtain, and has a strong commonality. Because broadcasting can use the least resources to allow the public to obtain these common information, mobile digital multimedia broadcasting, which fully considers the mobile characteristics of terminals, emerges as the times require. DVB-H of European ETSI, MediaFLO of the United States, and S-DMB of South Korea all belong to such multimedia broadcasting systems.
在广播系统中,为了防止非法用户接收节目,通常的做法是对节目进行加密,在广播系统中也称为加扰。经过加密后的节目传送到用户侧,合法的用户能够利用授权的信息对节目进行正确解密,而未经授权的用户由于没有授权信息,而不能够对节目进行正确解密,因此,在显示终端上看到的只是一些杂乱无序的花点或者马赛克。这就是条件接收CA(Conditional Access)。实现条件接收的相关系统称为CAS(Conditional Access System,条件接收系统)。In broadcasting systems, in order to prevent illegal users from receiving programs, it is common practice to encrypt programs, which is also called scrambling in broadcasting systems. The encrypted program is transmitted to the user side, the legitimate user can use the authorized information to correctly decrypt the program, and the unauthorized user cannot correctly decrypt the program because there is no authorization information, therefore, on the display terminal All I saw were some disorganized dots or mosaics. This is Conditional Access CA (Conditional Access). The related system that realizes conditional access is called CAS (Conditional Access System, conditional access system).
一个典型的条件接收系统主要由前端和接收端系统两部分组成。前端主要包括:节目管理系统、用户管理系统、数据库系统、CA核心系统、加密设备或模块、以及加扰设备。而接收端主要由两个分离的接收处理设备组成,即由机顶盒和智能卡组成。A typical conditional access system is mainly composed of two parts: the front end and the receiving end system. The front end mainly includes: program management system, user management system, database system, CA core system, encryption device or module, and scrambling device. The receiving end is mainly composed of two separate receiving and processing devices, that is, a set-top box and a smart card.
条件接收系统涉及两个加密系统,一个是节目加密系统,另一个是分层密钥加密系统。The conditional access system involves two encryption systems, one is program encryption system and the other is layered key encryption system.
节目加密系统对播出的节目内容进行加密,也可以称为加扰。节目加密系统对节目流进行加密的过程如附图1所示。The program encryption system encrypts the content of broadcast programs, which can also be called scrambling. The program encryption system encrypts the program stream as shown in Figure 1.
图1中,节目加密系统利用密钥通过加扰模块对节目流进行加密,对节目流进行加密的密钥习惯上称为CW(Control Word,控制字),控制字的作用是扰乱节目信号,从而使得未授权的用户不能收看加密节目。In Figure 1, the program encryption system uses the key to encrypt the program stream through the scrambling module. The key used to encrypt the program stream is traditionally called CW (Control Word, Control Word). The function of the control word is to disrupt the program signal. Therefore, unauthorized users cannot watch encrypted programs.
由于CW是随着TS流一起传送的,因此,一旦CW被窃密者破解,加密系统就崩溃了。为了防止窃密者的破解,CW往往是随机变化的。CW的变化周期一般很短,通常为几秒钟变化一次,甚至可能1秒钟变化好几次,并且需要用密钥对CW进行加密,这个密钥就是分层密钥加密系统中的SK。Since the CW is transmitted along with the TS stream, once the CW is cracked by a stealer, the encryption system will collapse. In order to prevent cracking by stealers, CW is often changed randomly. The change cycle of CW is generally very short, usually every few seconds, or even several times per second, and the CW needs to be encrypted with a key, which is the SK in the hierarchical key encryption system.
SK一般是由服务提供商来产生,用来控制其提供的服务。SK的使用和用户付费条件有关,一般情况下,用户可以一个月付一次费,SK也按月变化,在有些特定系统中也被称为月密钥。SK的时限是由服务时限来确定的,在网络运营商提供的特殊服务中,如PPV(Pay-per-View,单次付费收视)等,SK的时限可能只是几个小时。SK is generally generated by service providers to control the services they provide. The use of SK is related to the user's payment conditions. Generally, users can pay once a month, and SK also changes on a monthly basis. It is also called a monthly key in some specific systems. The time limit of SK is determined by the service time limit. In special services provided by network operators, such as PPV (Pay-per-View, single pay-per-view), the time limit of SK may only be a few hours.
CW虽然已由SK加密,但是,这个密钥还是可以让任何人读取,一旦SK被破解,就意味着特定服务的定购者和非定购者将享有同等权利,网络运营商难以控制到特定的用户,网络的安全性还是存在问题,因此,必须对SK再进行加密保护。这个加密过程需要按照各个用户的特征来进行。Although the CW has been encrypted by the SK, this key can still be read by anyone. Once the SK is cracked, it means that the subscribers and non-subscribers of a specific service will enjoy the same rights, and it is difficult for network operators to control specific services. There are still problems with the security of the user and the network, therefore, the SK must be encrypted and protected again. This encryption process needs to be carried out according to the characteristics of each user.
每个用户终端都有一个能够标识自己的、唯一的地址码,在实际应用中,往往使用和这个地址码相关联的一个数列对SK进行加密。这个数列即为一个密钥,由于这个数列是由个人特征确定的,因此,这个数列往往被称为PDK(个人分配密钥)。Each user terminal has a unique address code that can identify itself. In practical applications, an array associated with this address code is often used to encrypt the SK. This sequence is a key, and since this sequence is determined by personal characteristics, this sequence is often referred to as PDK (Personal Distribution Key).
PDK一般由CA系统设备自动产生并严格控制。在终端设备处,该数列一般由网络运营商通过CA系统提供的专用设备烧入解扰器的PROM中,不能再读出。为了能提供不同级别、不同类型的各种服务,一套CA系统往往为一个用户分配好几个PDK,以满足丰富的业务需求。PDK is generally automatically generated and strictly controlled by CA system equipment. At the terminal device, the sequence is generally burnt into the PROM of the descrambler by the special device provided by the network operator through the CA system, and cannot be read out again. In order to provide various services of different levels and types, a CA system often allocates several PDKs to a user to meet various business requirements.
上述对CW、SK的加密过程由分层密钥加密系统来实现,分层密钥加密系统的主要目的是:进行层次加密,以确保控制字CW的安全性。分层密钥加密的实现过程如附图2、附图3和附图4所示。The above-mentioned encryption process of CW and SK is realized by a layered key encryption system. The main purpose of the layered key encryption system is to perform layered encryption to ensure the security of the control word CW. The implementation process of hierarchical key encryption is shown in Figure 2, Figure 3 and Figure 4.
在图2、图3、图4中、CA系统利用SK(Service Key,业务密钥)通过某种加密算法对CW进行加密,加密后的CW信息和节目价格等节目信息通过ECMG(Entitle Control Message Generator,授权控制信息生成器)生成了ECM(EntitleControl Message,授权控制信息)消息。为了传递SK,利用PDK(PersonalDistributed Key,个人密钥)通过某种加密算法对SK进行加密,加密后的SK信息和地址、用户授权信息等通过EMMG(授权管理信息生成器)生成EMM(Entitle Manage Message,授权管理信息)信息。上述生成的ECM和EMM信息随着经过加密的TS(节目)流一起传送。In Figure 2, Figure 3, and Figure 4, the CA system uses SK (Service Key, business key) to encrypt the CW through a certain encryption algorithm, and the encrypted CW information and program information such as program prices pass the ECMG (Entitle Control Message Generator, authorization control information generator) generates an ECM (EntitleControl Message, authorization control information) message. In order to transmit SK, use PDK (Personal Distributed Key, personal key) to encrypt SK through a certain encryption algorithm, and the encrypted SK information and address, user authorization information, etc. generate EMM (Entitle Manage Message, authorization management information) information. The ECM and EMM information generated above is transmitted along with the encrypted TS (program) stream.
用户接收端在接收节目流时,首先接收ECM和EMM,并利用终端设备上智能卡中的PDK密钥对EMM进行解密,获得业务密钥SK;然后,利用SK对ECM进行解密,获得CW,再利用CW初始化加扰模块,这样,用户接收端就可以和发射端同步,从而对节目进行正确解密。When receiving the program stream, the user receiving end first receives ECM and EMM, and uses the PDK key in the smart card on the terminal device to decrypt the EMM to obtain the service key SK; then, uses the SK to decrypt the ECM to obtain the CW, and then Use CW to initialize the scrambling module, so that the user's receiving end can synchronize with the transmitting end, so as to correctly decrypt the program.
在欧美等地实际运营的多套CA系统中,运营商对终端用户的加密授权方式有很多种,如:人工授权、磁卡授权、IC卡授权、智能卡授权即利用IC构成有分析判断能力的卡进行授权、中心集中寻址授权即不需要插卡而是由控制中心直接寻址授权、智能卡和中心授权共用的授权方式等。其中,智能卡授权方式是市场的主流,也被我国广电总局确定为我国入网设备的标准配件。In the multiple sets of CA systems actually operated in Europe, America and other places, there are many ways for operators to encrypt and authorize end users, such as: manual authorization, magnetic card authorization, IC card authorization, and smart card authorization, which use IC to form a card with analysis and judgment capabilities. Authorization, centralized addressing authorization in the center means no need to insert a card but direct addressing authorization by the control center, an authorization method shared by the smart card and the central authorization, etc. Among them, the smart card authorization method is the mainstream in the market, and has also been determined by my country's State Administration of Radio, Film and Television as a standard accessory for my country's network access equipment.
上述CA系统对节目流的加密方法和用户终端对节目流的解密方法已经成为技术标准。The above-mentioned encryption method of the program stream by the CA system and the decryption method of the program stream by the user terminal have become technical standards.
手机电视在业务层面的加密基本上采用了上述加密过程,业务层面通常采用四层加密结构,典型的加密系统如DVB-H的业务保护模型、OMA BCAST的业务保护模型等均采用四层加密结构。The encryption of mobile TV at the service level basically adopts the above-mentioned encryption process. The service level usually adopts a four-layer encryption structure. Typical encryption systems such as the service protection model of DVB-H and the service protection model of OMA BCAST all adopt a four-layer encryption structure. .
下面结合附图5对从标准CA系统中抽象出来的业务层面的四层加密结构进行说明。The four-layer encryption structure of the service level abstracted from the standard CA system will be described below with reference to FIG. 5 .
在图5中,第一层是注册加密层,主要完成注册功能,并产生REK(RegisterEncryption Key,注册密钥)。注册密钥用于对授权信息进行加密。In Figure 5, the first layer is the registration encryption layer, which mainly completes the registration function and generates REK (RegisterEncryption Key, registration key). The registration key is used to encrypt authorization information.
第二层是授权加密层,主要是完成对SEK/PEK(Service Encryption Key/Program Encryption Key,业务密钥/节目密钥)的加密和下发、以及对用户的授权功能。可以使用注册密钥REK对业务密钥SEK/PEK进行加密。加密后的信息可以通过广播网络下发,也可以通过移动通信网络下发。如果采用的是DRM(数字版权管理)方案,密钥和相关信息以RO(版权对象)的方式下发。The second layer is the authorization encryption layer, which mainly completes the encryption and delivery of SEK/PEK (Service Encryption Key/Program Encryption Key, business key/program key), as well as the authorization function for users. The service key SEK/PEK can be encrypted with the registration key REK. The encrypted information can be sent through the broadcast network, and can also be sent through the mobile communication network. If the DRM (Digital Rights Management) scheme is adopted, the key and related information are issued in the form of RO (Right Object).
第三层是业务流密钥传输层,业务流密钥传输层主要完成对TEK(TrafficEncryption Key,业务流密钥)的加密和下发功能。可以使用SEK/PEK对TEK进行加密,加密后的信息通过广播网络下发。The third layer is the traffic key transmission layer, which mainly completes the encryption and distribution of TEK (Traffic Encryption Key, business traffic key). SEK/PEK can be used to encrypt TEK, and the encrypted information is sent through the broadcast network.
第四层是业务加密层,主要完成对业务的加密和下发功能。业务数据采用TEK进行加密,加密后的信息通过广播网络下发。The fourth layer is the business encryption layer, which mainly completes the business encryption and delivery functions. Business data is encrypted with TEK, and the encrypted information is delivered through the broadcast network.
在用户侧,用户根据已经获取的REK解密业务密钥信息,获得SEK/PEK,再利用SEK/PEK解密业务流密钥信息,获得TEK,最后,用户利用TEK就可以正确解密业务数据了。On the user side, the user decrypts the service key information according to the obtained REK to obtain SEK/PEK, and then uses SEK/PEK to decrypt the service flow key information to obtain TEK. Finally, the user can correctly decrypt the service data by using TEK.
现有的手机电视加密系统中,运营商一般通过控制业务密钥的授予,来对用户进行收费。用户终端和网络侧建立起注册密钥后,用户终端发动订阅流程,网络侧进行相应处理,授予用户业务密钥的同时,扣除用户的费用。In the existing mobile phone TV encryption system, operators generally charge users by controlling the granting of service keys. After the user terminal and the network side establish the registration key, the user terminal initiates the subscription process, and the network side performs corresponding processing, granting the user a service key and deducting the user's fee.
如果通过缩短业务密钥的有效时间来实现实时计费,那么,所有用户,包括包月和包频道的用户也需要频繁申请密钥,势必会对移动通信网络的资源产生重大冲击。If the real-time billing is realized by shortening the valid time of the service key, then all users, including monthly subscription and channel subscription users, also need to frequently apply for keys, which will inevitably have a major impact on the resources of the mobile communication network.
从上述描述中可以看出,现有的数字多媒体广播的CA系统能够提供比较理想的保密性能,能够通过控制SK和PDK来达到差异化收费的目的,但是,这种差异化收费的手段是有限的,运营商一般只能提供包月计费、按频道计费、按节目计费等计费手段,不能提供实时计费。It can be seen from the above description that the existing digital multimedia broadcasting CA system can provide ideal security performance, and can achieve the purpose of differentiated charging by controlling SK and PDK. However, the means of such differentiated charging are limited. Generally, operators can only provide billing methods such as monthly subscription billing, billing by channel, and billing by program, and cannot provide real-time billing.
发明内容Contents of the invention
本发明的目的在于,提供一种基于条件接收的移动多媒体业务实现方法和条件接收系统,在现有四层加密结构的基础上,通过在授权加密层中增加时变密钥TBEK,为条件接收系统提供了一种新的移动多媒体业务实现方式,使条件接收系统能够实现移动多媒体业务的实时计费功能,从而使条件接收系统的移动多媒体业务实现方式更加灵活。The purpose of the present invention is to provide a mobile multimedia service implementation method and conditional access system based on conditional access. On the basis of the existing four-layer encryption structure, by adding a time-varying key TBEK in the authorization encryption layer, the conditional access The system provides a new way of realizing mobile multimedia service, which enables the conditional access system to realize the real-time billing function of mobile multimedia service, thus making the way of realizing mobile multimedia service of the conditional access system more flexible.
为达到上述目的,本发明提供的一种基于条件接收的移动多媒体业务实现方法,包括:注册加密层、授权加密层、业务流密钥传输层和业务加密层,所述方法包括:In order to achieve the above object, a method for implementing a mobile multimedia service based on conditional access provided by the present invention includes: a registration encryption layer, an authorization encryption layer, a service stream key transmission layer and a service encryption layer, and the method includes:
a、发送端在授权加密层增加时变密钥TBEK,发送端通过TBEK对节目流的加密密钥进行加密,并将加密后的信息随节目流发送;a. The sending end adds a time-varying key TBEK in the authorization encryption layer, and the sending end encrypts the encryption key of the program stream through TBEK, and sends the encrypted information along with the program stream;
b、发送端通过移动通信系统将获取TBEK的信息发送至接收端;b. The sending end sends the information of obtaining TBEK to the receiving end through the mobile communication system;
c、接收端根据其接收的信息获取TBEK,根据TBEK解密、获得节目流的加密密钥,并根据所述获得的节目流的加密密钥收看移动多媒体广播节目;c. The receiving end obtains the TBEK according to the received information, decrypts the TBEK, obtains the encryption key of the program stream, and watches the mobile multimedia broadcasting program according to the obtained encryption key of the program stream;
d、发送端根据密钥TBEK的时变周期控制计费系统对接收端的计费处理。所述步骤a包括:d. The sending end controls the charging processing of the charging system on the receiving end according to the time-varying period of the key TBEK. Described step a comprises:
a1、发送端在接收到接收端发送来的授权加密层时变密钥请求后,根据限制收看条件确定允许接收端收看移动多媒体广播节目时,根据时变密钥TBEK对节目流的加密密钥进行加密,并将加密后的信息随节目流发送。a1. After receiving the authorized encryption layer time-varying key request sent by the receiving end, the sending end determines that the receiving end is allowed to watch mobile multimedia broadcasting programs according to the viewing restriction conditions, and encrypts the program stream according to the time-varying key TBEK Encrypt and send the encrypted information along with the program stream.
所述步骤a1中的限制收看条件包括:接收端的账户余额、和/或接收权限。The viewing restriction conditions in the step a1 include: the account balance of the receiving end, and/or the receiving authority.
所述步骤a1中发送端通过TBEK对节目流的加密密钥进行加密的步骤包括:In the step a1, the sending end encrypts the encryption key of the program stream by TBEK, including:
发送端根据密钥TBEK通过ECM生成器对节目流的加密密钥进行加密。The sending end encrypts the encryption key of the program stream through the ECM generator according to the key TBEK.
所述步骤a1包括:Said step a1 comprises:
a11、当接收端开启、且需要接收移动多媒体广播节目时,接收端将鉴权信息传输至发送端;a11. When the receiving end is turned on and needs to receive the mobile multimedia broadcasting program, the receiving end transmits the authentication information to the sending end;
a12、发送端在对接收端鉴权成功后,根据限制收看条件确定允许接收端收看移动多媒体广播节目时,根据密钥TBEK对节目流的加密密钥进行加密,并将加密后的信息随节目流发送。a12. After the sending end successfully authenticates the receiving end, when determining that the receiving end is allowed to watch the mobile multimedia broadcasting program according to the viewing restriction condition, it encrypts the encryption key of the program stream according to the key TBEK, and sends the encrypted information along with the program stream sent.
所述步骤a11包括:Said step a11 comprises:
当接收端开启、且需要接收移动多媒体广播节目、并确定其自身存储的密钥TBEK无效时,将鉴权信息传输至发送端。When the receiving end is turned on and needs to receive mobile multimedia broadcasting programs, and determines that the key TBEK stored by itself is invalid, the authentication information is transmitted to the sending end.
所述步骤a11包括:Said step a11 comprises:
接收端将携带有鉴权信息的密钥请求发送至发送端。The receiving end sends the key request carrying the authentication information to the sending end.
所述步骤a1包括:Said step a1 comprises:
接收端在收看移动多媒体广播节目过程中,根据其获得的密钥TBEK的有效期,定时将密钥请求通过移动通信系统发送至发送端;During the process of watching the mobile multimedia broadcasting program, the receiving end regularly sends the key request to the sending end through the mobile communication system according to the validity period of the obtained key TBEK;
所述发送端根据限制收看条件确定允许接收端收看移动多媒体广播节目时,根据密钥TBEK对节目流的加密密钥进行加密,并将加密后的信息随节目流发送。When the sending end determines that the receiving end is allowed to watch the mobile multimedia broadcasting program according to the viewing restriction condition, it encrypts the encryption key of the program stream according to the key TBEK, and sends the encrypted information along with the program stream.
所述步骤a还包括:Said step a also includes:
发送端通过移动通信系统向鉴权失败的接收端发送密钥拒绝信息;或者The sending end sends key rejection information to the receiving end whose authentication fails through the mobile communication system; or
发送端根据限制收看条件通过移动通信系统向密钥禁止接收密钥的接收端发送密钥拒绝信息;或者The sending end sends key rejection information to the receiving end that is prohibited from receiving the key through the mobile communication system according to the viewing restriction condition; or
发送端在其发送的密钥TBEK失效、且没有再次接收到接收端的密钥请求时,通过移动通信系统向接收端发送密钥拒绝信息。When the key TBEK sent by the sending end becomes invalid and no key request from the receiving end is received again, the sending end sends a key rejection message to the receiving end through the mobile communication system.
所述步骤c包括:Said step c comprises:
接收端判断预定时间间隔内是否接收到发送端发送来的获取密钥TBEK的信息;The receiving end judges whether the information for obtaining the key TBEK sent by the sending end is received within a predetermined time interval;
如果接收到发送端发送来的获取密钥TBEK的信息,接收端根据其接收的获取密钥TBEK的信息获得密钥TBEK,并根据密钥TBEK解密、获得节目流的加密密钥,然后,根据所述节目流的加密密钥收看移动多媒体广播节目;If the receiving end receives the information about obtaining the key TBEK sent by the sending end, the receiving end obtains the key TBEK according to the received information about obtaining the key TBEK, and decrypts it according to the key TBEK to obtain the encryption key of the program stream, and then, according to The encryption key of the program stream for watching mobile multimedia broadcasting programs;
如果没有接收到发送端发送来的获取密钥TBEK的信息或密钥拒绝信息时,通过移动通信系统再次向发送端发送密钥请求。If the information about obtaining the key TBEK or the key rejection information sent by the sending end is not received, the key request is sent to the sending end again through the mobile communication system.
所述步骤b中的获取密钥TBEK的信息包括:The information of obtaining the key TBEK in the step b includes:
根据接收端的SIM卡信息或注册加密层密钥信息通过EMM生成器对密钥TBEK进行加密后的信息。The information obtained by encrypting the key TBEK through the EMM generator according to the SIM card information of the receiving end or the registered encryption layer key information.
所述步骤b包括:Described step b comprises:
发送端通过移动通信系统的信令方式或短信方式将获取密钥TBEK的信息发送至接收端。The sending end sends the information of obtaining the key TBEK to the receiving end through the signaling method of the mobile communication system or the short message method.
本发明还提供一种基于移动多媒体广播的条件接收系统,包括:注册加密层、授权加密层、业务流密钥传输层和业务加密层,发送端中设置有加密模块、密钥发送模块和计费控制模块,接收端中设置有接收模块;The present invention also provides a conditional access system based on mobile multimedia broadcasting, including: a registration encryption layer, an authorization encryption layer, a service stream key transmission layer and a service encryption layer, and an encryption module, a key sending module and a computer A fee control module, the receiving end is provided with a receiving module;
加密模块:用于根据在授权加密层增加的变密钥TBEK,对节目流的加密密钥进行加密,将加密后的信息随节目流发送,并输出密钥TBEK;Encryption module: used to encrypt the encryption key of the program stream according to the variable key TBEK added in the authorized encryption layer, send the encrypted information with the program stream, and output the key TBEK;
密钥发送模块:用于在接收到密钥TBEK后,通过移动通信系统将获取密钥TBEK的信息发送至接收模块;Key sending module: used to send the information of obtaining the key TBEK to the receiving module through the mobile communication system after receiving the key TBEK;
接收模块:用于根据其接收的信息获取密钥TBEK,根据密钥TBEK解密、获得节目流的加密密钥,并根据节目流的加密密钥收看移动多媒体广播节目;Receiving module: used to obtain the key TBEK according to the received information, decrypt according to the key TBEK, obtain the encryption key of the program stream, and watch the mobile multimedia broadcasting program according to the encryption key of the program stream;
计费控制模块:用于根据密钥发送模块发送的密钥TBEK的时变周期控制计费系统对接收端的计费处理。Billing control module: used to control the billing process of the billing system on the receiving end according to the time-varying period of the key TBEK sent by the key sending module.
所述接收模块包括:The receiving module includes:
密钥请求子模块:通过移动通信系统向发送端发送密钥请求;Key request submodule: send a key request to the sender through the mobile communication system;
接收子模块:根据其接收的信息获取密钥TBEK,根据密钥TBEK解密、获得节目流的加密密钥,并根据节目流的加密密钥收看移动多媒体广播节目。Receiving sub-module: Obtain key TBEK according to the received information, decrypt according to key TBEK, obtain encryption key of program stream, and watch mobile multimedia broadcasting programs according to encryption key of program stream.
所述加密模块包括:The encryption module includes:
存储子模块:用于存储限制收看条件;Storage sub-module: used for storing restricted viewing conditions;
加密子模块:用于在接收到接收端发送来的密钥请求后,根据存储子模块中存储的限制收看条件在确定允许接收端收看移动多媒体广播节目时,根据接收的密钥TBEK对节目流的加密密钥进行加密处理,并将加密后的信息随节目流发送,在确定禁止接收端收看移动多媒体广播节目时,通知密钥发送模块向接收端发送密钥拒绝信息。Encryption sub-module: used for receiving the key request sent by the receiving end, according to the restricted viewing conditions stored in the storage sub-module, when it is determined that the receiving end is allowed to watch the mobile multimedia broadcasting program, according to the received key TBEK to program stream The encrypted encryption key is encrypted, and the encrypted information is sent with the program stream. When it is determined that the receiving end is prohibited from watching the mobile multimedia broadcasting program, the key sending module is notified to send the key rejection information to the receiving end.
所述接收模块还包括:The receiving module also includes:
判断子模块:判断接收端在预定时间间隔内是否接收到发送端发送来的获取密钥TBEK的信息,在确定接收端接收到发送端发送来的获取密钥TBEK的信息时,将获取密钥TBEK的信息传输至接收子模块,在确定没有接收到发送端发送来的获取密钥TBEK的信息或密钥拒绝信息时,通知密钥请求子模块进行密钥请求处理过程。Judgment sub-module: judge whether the receiving end has received the information of obtaining the key TBEK sent by the sending end within a predetermined time interval, and will obtain the key when it is determined that the receiving end has received the information of obtaining the key TBEK sent by the sending end The TBEK information is transmitted to the receiving sub-module, and when it is determined that the information of obtaining the key TBEK or the key rejection information sent by the sending end is not received, the key request sub-module is notified to perform the key request processing process.
所述系统还包括:The system also includes:
鉴权模块:根据发送端发送来的鉴权信息对接收端进行鉴权,并在鉴权成功时,通知加密模块开始进行加密处理过程。Authentication module: authenticate the receiving end according to the authentication information sent by the sending end, and notify the encryption module to start the encryption process when the authentication is successful.
通过上述技术方案的描述可知,本发明通过在现有四层加密结构的基础上,在授权加密层中增加时变密钥TBEK,利用时变密钥TBEK对节目流的加密密钥进行加密,并将时变密钥TBEK的传输过程与移动通信系统相结合,为条件接收系统提供了一种新的移动多媒体业务实现方式,使条件接收系统能够根据时变密钥TBEK的时变周期实现移动多媒体业务的实时计费功能,本发明时变密钥TBEK的时变周期可根据计费的精确程度进行灵活设置;本发明不改变现有的移动多媒体业务实现方法,仅为接收端在偶尔、即兴等情况下收看移动多媒体节目,提供了一种可实现方式;本发明兼容已有的CA系统,而且,本发明的技术方案不影响移动多媒体业务原有的包月、包频道等计费方式,这样,当接收端不是能够同时接收移动通信网络信号和移动视频广播网络信号的双模终端时,仍然可以通过传统的收费方式对接收端接收节目进行收费;而对于双模终端,则不但可以通过传统的收费方式对接收端接收节目进行收费,还可以采用本发明的技术方案对接收端接收节目进行实时收费,大大增强了收费方式的灵活性;从而通过本发明的技术方案实现了提高移动多媒体业务的实现灵活性的目的。It can be seen from the description of the above technical solution that the present invention adds a time-varying key TBEK to the authorization encryption layer on the basis of the existing four-layer encryption structure, and uses the time-varying key TBEK to encrypt the encryption key of the program stream, Combining the transmission process of the time-varying key TBEK with the mobile communication system, a new way to realize mobile multimedia services is provided for the conditional access system, so that the conditional access system can realize mobile communication according to the time-varying period of the time-varying key TBEK For the real-time billing function of multimedia services, the time-varying period of the time-varying key TBEK of the present invention can be flexibly set according to the accuracy of billing; Watching mobile multimedia programs under impromptu and other situations provides a realizable way; the present invention is compatible with existing CA systems, and the technical solution of the present invention does not affect the original billing methods such as monthly subscription and channel subscription of mobile multimedia services. In this way, when the receiving end is not a dual-mode terminal capable of simultaneously receiving mobile communication network signals and mobile video broadcasting network signals, the traditional charging method can still be used to charge for programs received by the receiving end; The traditional charging method charges the program received by the receiving end, and the technical solution of the present invention can also be used to charge the program received by the receiving end in real time, which greatly enhances the flexibility of the charging method; thereby realizing the improvement of mobile multimedia through the technical solution of the present invention. The purpose of business flexibility.
附图说明Description of drawings
图1是节目加密系统对节目流进行加密的示意图;Fig. 1 is the schematic diagram that the program encryption system encrypts the program stream;
图2是现有技术的分层密钥加密的实现过程示意图一;Fig. 2 is a schematic diagram 1 of the implementation process of hierarchical key encryption in the prior art;
图3是现有技术的分层密钥加密的实现过程示意图二;FIG. 3 is a second schematic diagram of the implementation process of layered key encryption in the prior art;
图4是现有技术的分层密钥加密的实现过程示意图三;Fig. 4 is a schematic diagram three of the implementation process of layered key encryption in the prior art;
图5是现有技术的业务层面的四层加密结构示意图;FIG. 5 is a schematic diagram of a four-layer encryption structure at the business level in the prior art;
图6是本发明实施例的业务层面的四层加密结构示意图;FIG. 6 is a schematic diagram of a four-layer encryption structure at the service level according to an embodiment of the present invention;
图7是本发明实施例的移动多媒体业务实现方法示意图一;FIG. 7 is a first schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention;
图8是本发明实施例的移动多媒体业务实现方法示意图二;FIG. 8 is a second schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention;
图9是本发明实施例的移动多媒体业务实现方法示意图三;FIG. 9 is a third schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention;
图10是本发明实施例的移动多媒体业务实现方法示意图四;FIG. 10 is a fourth schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention;
图11是本发明实施例的移动多媒体业务实现方法示意图五;FIG. 11 is a fifth schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention;
图12是本发明实施例的移动多媒体业务实现方法示意图六;FIG. 12 is a sixth schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention;
图13是本发明实施例的移动多媒体业务实现方法示意图七。FIG. 13 is a seventh schematic diagram of a method for implementing a mobile multimedia service according to an embodiment of the present invention.
具体实施方式Detailed ways
本发明对目前现有的、基于移动多媒体广播的条件接收系统涉及到的加密系统进行了改进,其主要改进点如附图6所示,图6中,本发明在目前的四层加密结构的授权加密层增加时变密钥TBEK,发送端通过TBEK对节目流的加密密钥进行加密,并将加密后的信息随节目流发送,发送端将时变密钥TBEK的发送与移动通信系统相结合,也就是说,本发明将发送端即网络侧对节目流的加密密钥进行加密的时变密钥TBEK的获得信息的发送过程与移动通信系统相结合,使接收端能够通过移动通信系统接收到时变密钥TBEK的获得信息,接收端通过时变密钥TBEK的获取信息获取时变密钥TBEK,使接收端能够通过NSK对节目流的加密密钥进行解密,从而收看移动多媒体广播节目。本发明中的时变密钥TBEK可以根据实际需要灵活的进行周期性变化,从而使网络侧可以通过时变密钥TBEK实现对移动多媒体业务的实时计费功能,而且,网络侧能够通过调整时变密钥TBEK的变化周期来调整实时计费的准确程度。The present invention improves the encryption system involved in the current existing conditional access system based on mobile multimedia broadcasting, and its main improvement points are shown in Figure 6. Authorize the encryption layer to increase the time-varying key TBEK. The sending end encrypts the encryption key of the program stream through TBEK, and sends the encrypted information along with the program stream. The sending end communicates the transmission of the time-varying key TBEK with the mobile communication system. In combination, that is to say, the present invention combines the sending end, that is, the transmission process of the time-varying key TBEK that the network side encrypts the encryption key of the program stream, with the mobile communication system, so that the receiving end can pass through the mobile communication system. After receiving the acquisition information of the time-varying key TBEK, the receiving end obtains the time-varying key TBEK through the acquiring information of the time-varying key TBEK, so that the receiving end can decrypt the encryption key of the program stream through NSK, so as to watch mobile multimedia broadcasting programme. The time-varying key TBEK in the present invention can flexibly change periodically according to actual needs, so that the network side can realize the real-time charging function for mobile multimedia services through the time-varying key TBEK, and the network side can adjust the time-varying key TBEK Change the change period of the key TBEK to adjust the accuracy of real-time billing.
本发明中的移动通信网络为双向的移动通信网络,如GSM,GPRS,EDGE,CDMA,WCDMA,CDMA2000,TD-SCDMA、WIMAX等,即只要是双向的移动通信网络均可。The mobile communication network in the present invention is a two-way mobile communication network, such as GSM, GPRS, EDGE, CDMA, WCDMA, CDMA2000, TD-SCDMA, WIMAX, etc., as long as it is a two-way mobile communication network.
本发明提供的技术方案的主要流程如附图7所示。The main flow of the technical solution provided by the present invention is shown in Figure 7.
图7中,首先,发送端根据时变密钥TBEK对节目流的加密密钥进行加密,节目流的加密密钥即业务加密层中对业务进行的密钥如密钥TEK、CW等,利用时变密钥TBEK对节目流的加密密钥进行加密后的信息随节目流一起发送。发送端可以根据时变密钥TBEK通过ECM生成器对节目流的加密密钥TEK、或CW等业务加密层密钥进行加密。设定发送端根据时变密钥TBEK通过ECM生成器为密钥TEK、或CW等生成的加密信息为NECM(New Entitle Control Message,新的授权控制信息)。这里的实现过程可以不改变现有的密钥系统的加密处理过程,即随节目流一起发送的信息还包括:利用现有的密钥系统产生的ECM、EMM等。In Fig. 7, first, the sending end encrypts the encryption key of the program stream according to the time-varying key TBEK. The time-varying key TBEK encrypts the encryption key of the program stream and sends it along with the program stream. The sending end can encrypt the encryption key TEK of the program stream or the service encryption layer key such as CW through the ECM generator according to the time-varying key TBEK. Set the encrypted information generated by the sender for the key TEK or CW through the ECM generator according to the time-varying key TBEK as NECM (New Entitle Control Message, new authorization control information). The implementation here may not change the encryption process of the existing key system, that is, the information sent together with the program stream also includes: ECM, EMM, etc. generated by using the existing key system.
然后,发送端通过移动通信系统将获取时变密钥TBEK的信息发送至接收端,这里获取时变密钥TBEK的信息可以直接为时变密钥TBEK的信息、也可以为对时变密钥TBEK加密后的信息。这里可以利用PDK、接收端的SIM卡信息等对时变密钥TBEK进行加密,如发送端根据PDK或接收端的SIM卡信息等通过EMM生成器对时变密钥TBEK进行加密。设定发送端根据PDK或接收端的SIM卡信息等通过EMM生成器为时变密钥TBEK生成的加密信息为NEMM。这里的NEMM需要通过移动通信系统发送至接收端。发送端可以采用信令方式或短信方式等将NEMM发送至接收端。当发送端采用信令方式时,位于用户侧的接收端和位于网络侧的发送端之间需要建立链接。Then, the sending end sends the information of obtaining the time-varying key TBEK to the receiving end through the mobile communication system. Here, the information of obtaining the time-varying key TBEK can be directly the information of the time-varying key TBEK, or it can be the time-varying key Information encrypted by TBEK. Here, the time-varying key TBEK can be encrypted by using the PDK and the SIM card information of the receiving end. For example, the sending end encrypts the time-varying key TBEK through the EMM generator according to the PDK or the SIM card information of the receiving end. Set the encrypted information generated by the sending end for the time-varying key TBEK through the EMM generator according to the PDK or the SIM card information of the receiving end as NEMM. The NEMM here needs to be sent to the receiving end through the mobile communication system. The sending end can send the NEMM to the receiving end by means of signaling or SMS. When the sending end adopts the signaling mode, a link needs to be established between the receiving end on the user side and the sending end on the network side.
在发送端发送NEMM后,接收端可以根据NEMM获得时变密钥TBEK,然后,接收端根据时变密钥TBEK对其接收的随节目流一起发送来的NECM进行解密,获得节目流的加密密钥CW等业务加密层的加密密钥,从而接收端能够根据CW等收看移动多媒体广播节目。After the sending end sends the NEMM, the receiving end can obtain the time-varying key TBEK according to the NEMM, and then, according to the time-varying key TBEK, the receiving end decrypts the NECM received along with the program stream to obtain the encrypted key of the program stream The encryption key of the service encryption layer such as the key CW, so that the receiving end can watch mobile multimedia broadcasting programs according to the CW.
在上述实现过程中,发送端向接收端发送的信息如附图8所示。图8中,发送端向接收端发送的信息包括:NECM、ECM、EMM、NEMM(New EntitleManage Message,新的授权管理信息)和加扰后的节目流。NECM、ECM、EMM是随节目流一起复用后发送至接收端的,而NEMM是通过移动通信网络发送至接收端的。In the above implementation process, the information sent from the sending end to the receiving end is shown in FIG. 8 . In Figure 8, the information sent by the sender to the receiver includes: NECM, ECM, EMM, NEMM (New EntitleManage Message, new authorization management information) and the scrambled program stream. NECM, ECM, and EMM are multiplexed together with the program stream and then sent to the receiving end, while NEMM is sent to the receiving end through the mobile communication network.
上述发送端向接收端发送的信息的生成示意图如附图9所示。A schematic diagram of generating the information sent from the sending end to the receiving end is shown in FIG. 9 .
在图9中,发送端利用时变密钥TBEK对CW等业务加密层的加密密钥进行加密,加密后的信息为NECM;发送端利用SK对CW进行加密,加密后的信息为ECM;发送端利用PDK对SK进行加密,加密后的信息为EMM;发送端利用PDK或接收端的SIM卡信息对密钥TBEK进行加密,加密后的信息为NEMM。In Figure 9, the sending end uses the time-varying key TBEK to encrypt the encryption key of the service encryption layer such as CW, and the encrypted information is NECM; the sending end uses SK to encrypt the CW, and the encrypted information is ECM; The end uses PDK to encrypt SK, and the encrypted information is EMM; the sending end uses PDK or the SIM card information of the receiving end to encrypt the key TBEK, and the encrypted information is NEMM.
本发明中的发送端可以在接收到接收端的密钥请求时,执行上述实施例中描述的操作流程。为了保证接收端接收移动多媒体广播节目流的合法性,本发明可以对接收端进行鉴权处理,仅针对鉴权成功的接收端执行上述实施例中描述的操作流程。本发明还可以根据预定的限制收看条件对接收端接收移动多媒体广播节目流的合法性进行进一步的鉴定,即针对鉴权成功、且符合限制收看条件的接收端执行上述实施例中描述的操作流程。这里的限制收看条件可以根据运营商的实际需要来设置,如限制收看条件可以为:接收端的帐户余额、运营商设置的无权接收的接收端信息等。The sending end in the present invention may execute the operation process described in the above embodiments when receiving the key request from the receiving end. In order to ensure the legitimacy of receiving mobile multimedia broadcast program streams at the receiving end, the present invention can perform authentication processing on the receiving end, and only execute the operation process described in the above-mentioned embodiments for the receiving end that has successfully authenticated. The present invention can further verify the legitimacy of receiving mobile multimedia broadcasting program streams at the receiving end according to the predetermined restricted viewing conditions, that is, execute the operation process described in the above-mentioned embodiment for the receiving end that is successfully authenticated and meets the restricted viewing conditions . The viewing restriction conditions here can be set according to the actual needs of the operator. For example, the viewing restriction conditions can be: the account balance of the receiving end, information of the receiving end that is not authorized to receive set by the operator, and the like.
下面结合附图10对本发明的结合了移动通信网络的移动多媒体业务的实现过程进行描述。The implementation process of the mobile multimedia service combined with the mobile communication network of the present invention will be described below with reference to FIG. 10 .
图10中,首先,接收端将鉴权信息通过移动通信网络传输至鉴权中心,接收端可以通过密钥请求将鉴权信息传输至鉴权中心,由鉴权中心对接收端进行鉴权处理。在鉴权成功后,业务中心即提供移动多媒体业务的业务中心根据限制收看条件确定接收端禁止接收节目流时,可以向接收端发送密钥拒绝信息,本次移动多媒体业务的实现过程结束。当业务中心根据限制收看条件确定接收端允许接收节目流时,业务中心利用CW等业务加密层密钥对节目流进行加密,并使用SK对CW等业务加密层密钥进行加密,加密后的CW等业务加密层密钥和其它信息结合,形成ECM;同时,业务中心利用授权加密层的时变密钥TBEK对CW进行加密,加密后的CW和其它信息结合,形成NECM(New Entitle ControlMessage,新的授权控制信息)。业务中心利用授权加密层密钥PDK对SK进行加密,加密后的SK和其它信息结合,形成EMM;同时,业务中心利用PDK或者SIM卡信息对时变密钥TBEK进行加密,加密后的SK和其它信息结合,形成NEMM(New Entitle Manage Message,新的授权管理信息)。这里,SIM卡信息包括但不限于IMSI。In Figure 10, first, the receiving end transmits the authentication information to the authentication center through the mobile communication network, and the receiving end can transmit the authentication information to the authentication center through a key request, and the authentication center performs authentication processing on the receiving end . After the authentication is successful, the service center, that is, the service center that provides mobile multimedia services, determines that the receiving end is prohibited from receiving program streams according to the viewing restriction conditions, and can send key rejection information to the receiving end, and the implementation process of this mobile multimedia service is over. When the service center determines that the receiving end is allowed to receive the program stream according to the restricted viewing conditions, the service center encrypts the program stream with a service encryption layer key such as CW, and encrypts the service encryption layer key such as CW with SK, and the encrypted CW The business encryption layer key is combined with other information to form an ECM; at the same time, the business center uses the time-varying key TBEK of the authorized encryption layer to encrypt the CW, and the encrypted CW is combined with other information to form a NECM (New Entitle ControlMessage, New authorization control information). The business center uses the authorized encryption layer key PDK to encrypt the SK, and the encrypted SK is combined with other information to form an EMM; at the same time, the business center uses the PDK or SIM card information to encrypt the time-varying key TBEK, and the encrypted SK and Other information is combined to form NEMM (New Entitle Manage Message, new authorization management information). Here, SIM card information includes but not limited to IMSI.
然后,ECM、NECM、EMM和经过加密的节目流复用后一起通过传输网络等传输至接收端。业务中心将NEMM通过移动通信网络传输至接收端。Then, ECM, NECM, EMM and the encrypted program stream are multiplexed and then transmitted to the receiving end through the transmission network. The service center transmits the NEMM to the receiving end through the mobile communication network.
接收端根据其通过移动通信网络接收的NEMM获得时变密钥TBEK,并利用时变密钥TBEK对NECM进行解密处理,获得应用加密层密钥CW等,接收端根据其获得的CW对其接收的节目流进行解密,以收看移动多媒体广播节目。The receiving end obtains the time-varying key TBEK according to the NEMM it receives through the mobile communication network, and uses the time-varying key TBEK to decrypt the NECM to obtain the application encryption layer key CW, etc., and the receiving end receives it according to the obtained CW Decrypt the program stream to watch mobile multimedia broadcasting programs.
由于时变密钥TBEK是有时变周期即生命周期的,因此,接收端需要根据时变密钥TBEK的生命周期通过移动通信网络向发送端发送密钥请求来获得新的时变密钥TBEK,以保证接收端能够持续的收看移动多媒体广播节目。当接收端再次通过移动通信网络向发送端发送密钥请求时,可以不在密钥请求中携带鉴权信息。此时,业务中心可以直接根据限制收看条件来确定接收端是否可以收看移动多媒体广播节目。Since the time-varying key TBEK has a time-varying period, that is, a life cycle, the receiving end needs to send a key request to the sending end through the mobile communication network according to the life cycle of the time-varying key TBEK to obtain a new time-varying key TBEK, In order to ensure that the receiving end can continuously watch the mobile multimedia broadcasting program. When the receiving end sends the key request to the sending end again through the mobile communication network, the authentication information may not be carried in the key request. At this time, the service center can directly determine whether the receiving end can watch the mobile multimedia broadcasting program according to the viewing restriction condition.
从以上步骤的描述中可以看出,本发明在原有的加密系统中增加了时变密钥TBEK,且时变密钥TBEK是按照时间变化的,时变密钥TBEK的变化周期可以根据运营商的运营策略来确定,如时变密钥TBEK的变化周期可以从几十秒到几十分钟。对于没有业务流密钥传输层的密钥如SK解密能力的用户来说,如果需要接收节目,就必须获得时变密钥TBEK,并利用时变密钥TBEK解出业务加密层密钥如CW等,然后,利用CW等业务加密层密钥对节目进行解密,从而达到正确接收节目的目的。As can be seen from the description of the above steps, the present invention adds a time-varying key TBEK to the original encryption system, and the time-varying key TBEK changes according to time, and the change cycle of the time-varying key TBEK can be determined according to the operator's It is determined by the operating strategy, such as the change period of the time-varying key TBEK can range from tens of seconds to tens of minutes. For users who do not have the ability to decrypt the key of the service stream key transport layer such as SK, if they need to receive programs, they must obtain the time-varying key TBEK, and use the time-varying key TBEK to decrypt the service encryption layer key such as CW etc., and then use the service encryption layer key such as CW to decrypt the program, so as to achieve the purpose of correctly receiving the program.
由于时变密钥TBEK的有效期比较短,因此,运营商通过控制对接收端进行时变密钥TBEK的实时授予,就可以控制接收端接收节目,从而实现对移动多媒体业务的实时计费。本发明中密钥的授予方式是双向的、且NEMM是在移动通信网络中进行传送。Since the validity period of the time-varying key TBEK is relatively short, the operator can control the receiving end to receive programs by controlling the real-time grant of the time-varying key TBEK to the receiving end, thereby realizing real-time charging for mobile multimedia services. The granting mode of the key in the present invention is bidirectional, and the NEMM is transmitted in the mobile communication network.
由于移动多媒体广播和3G网络的多媒体服务相比,其实现成本要低很多,因此,按照分钟计费是完全可以接受的,一般情况下,时变密钥TBEK的变化周期可以为几分钟。Since the implementation cost of mobile multimedia broadcasting is much lower than that of 3G network multimedia services, it is completely acceptable to charge by the minute. Generally, the change period of the time-varying key TBEK can be several minutes.
本发明不直接利用CW等业务加密层密钥进行实时计费的原因是:CW变化的周期太快,会占据大量的移动通信网络资源。如果为了实现实时计费而刻意减缓业务加密层密钥的变化频率,又会大大降低保密性。The reason why the present invention does not directly use CW and other service encryption layer keys for real-time charging is that the cycle of CW change is too fast, which will occupy a large amount of mobile communication network resources. If the change frequency of the service encryption layer key is deliberately slowed down in order to realize real-time billing, the confidentiality will be greatly reduced.
本发明在增加时变密钥TBEK后,并不影响计费系统对用户原来进行的收费方式。而只是为移动多媒体业务增加了一种更加灵活的计费方式:实时计费。After adding the time-varying key TBEK in the present invention, it does not affect the original charging method of the charging system for the user. It just adds a more flexible billing method for mobile multimedia services: real-time billing.
本发明中的移动通信网络包括PHS,GSM,GPRS,EDGE,WCDMA,CDMA2000,TD-SCMDA,但不限于这些网络。凡是能够提供双向交互的通信网络都可以。The mobile communication network in the present invention includes PHS, GSM, GPRS, EDGE, WCDMA, CDMA2000, TD-SCMDA, but not limited to these networks. Any communication network capable of providing two-way interaction will do.
需要特别说明的是,本发明的技术方案和现有的同密技术是完全不同的,同密技术的实质是多CA系统,而本发明的技术方案的实质是多密钥系统,也就是说,本发明中的业务流密钥传输层中的密钥如SK和时变密钥TBEK可以由同一个CA系统产生的,这是和同密技术的不同之处。当然,在本发明的技术方案中,业务流密钥传输层中的密钥和时变密钥TBEK由不同的CA系统产生也是允许的。本发明与同密技术的另外一个不同点在于,本发明产生的NEMM不是和节目流复用后一起传送的,而是通过移动通信网络进行传送。It should be noted that the technical solution of the present invention is completely different from the existing simulcryption technology. The essence of simulcryption technology is a multi-CA system, while the essence of the technical solution of the present invention is a multi-key system, that is to say , the key in the service stream key transmission layer in the present invention, such as SK and time-varying key TBEK, can be generated by the same CA system, which is different from the simulcryption technology. Of course, in the technical solution of the present invention, it is also allowed that the key in the service stream key transport layer and the time-varying key TBEK are generated by different CA systems. Another difference between the present invention and the simulcryption technology is that the NEMM generated by the present invention is not transmitted together with the program stream after multiplexing, but transmitted through the mobile communication network.
下面结合附图11、以及网络侧对接收端接收移动多媒体节目的计费过程,对本发明提供的移动多媒体业务的完整的实现过程进行详细说明。The complete implementation process of the mobile multimedia service provided by the present invention will be described in detail below with reference to FIG.
在图11中,接收端即用户终端开启移动多媒体广播接收电路,用户终端需要接收移动多媒体广播节目,接收端判断其需要接收的电视节目是否需要解密处理,如果不需要对节目进行解密,接收端直接接收发送端发送的节目流;如果接收端需要接收的节目需要进行节目处理,则接收端判断其密钥存储区里的时变密钥TBEK是否有效,如果密钥存储区中的时变密钥TBEK无效,则接收端利用移动通信网络,发送密钥请求信令Key Request,要求获取密钥。密钥请求中可以附加接收端的接收状况如初始接收等。根据网络的要求,密钥请求中还可能附带对接收端进行鉴权的鉴权信息。同时,接收端启动接收密钥定时器T1,等待接收发送端发送来的密钥。In Fig. 11, the receiving end, that is, the user terminal, starts the mobile multimedia broadcasting receiving circuit. The user terminal needs to receive the mobile multimedia broadcasting program, and the receiving end judges whether the TV program it needs to receive needs to be decrypted. Directly receive the program stream sent by the sending end; if the program to be received by the receiving end needs to be processed, the receiving end judges whether the time-varying key TBEK in its key storage area is valid, and if the time-varying key TBEK in the key storage area If the key TBEK is invalid, the receiving end uses the mobile communication network to send the key request signaling Key Request to request to obtain the key. The reception status of the receiving end, such as initial reception, can be added to the key request. According to the requirements of the network, the key request may also include authentication information for authenticating the receiving end. At the same time, the receiving end starts the receiving key timer T1, waiting to receive the key sent by the sending end.
发送端即网络侧接收到Key Request后,根据Key Request中的鉴权信息对接收端进行鉴权处理;如果鉴权成功,确定接收端为合法用户;此时,发送端根据限制收看条件确定允许接收端接收节目流时,如确定接收端的余额充足时,向接收端回复Key ACK,并将时变密钥TBEK加密后的信息发送给接收端,同时,发送端通知计费系统开始计费。如果对接收端的鉴权失败,或者虽然鉴权成功但是发送端根据限制收看条件确定禁止接收端接收节目流时,如接收端的帐户余额不足、或由于其它原因无权接收节目流时,发送端向接收端发送Key REJ,Key REJ中可以携带拒绝原因。After receiving the Key Request, the sending end, that is, the network side, performs authentication processing on the receiving end according to the authentication information in the Key Request; if the authentication is successful, it is determined that the receiving end is a legal user; When the receiving end receives the program stream, if it is determined that the balance of the receiving end is sufficient, it will reply Key ACK to the receiving end, and send the information encrypted by the time-varying key TBEK to the receiving end, and at the same time, the sending end will notify the billing system to start billing. If the authentication of the receiving end fails, or although the authentication is successful, but the sending end determines that the receiving end is prohibited from receiving the program stream according to the viewing restriction conditions, such as the account balance of the receiving end is insufficient, or when the receiving end has no right to receive the program stream due to other reasons, the sending end sends The receiving end sends Key REJ, and Key REJ can carry the rejection reason.
如果接收端在定时器T1超时时,没有收到时变密钥TBEK加密后的信息,也没有接收到Key REJ信息,则接收端重新向网络侧发送Key Request,要求发送端传送密钥,此时,Key Request中可以附带鉴权信息,同时可以附带接收状况如初始接收等。接收端在发送Key Request的同时重新启动定时器T1。If the receiving end does not receive the information encrypted by the time-varying key TBEK or the Key REJ information when the timer T1 expires, the receiving end will send a Key Request to the network side again, requesting the sending end to transmit the key. , the Key Request can be accompanied by authentication information and reception status such as initial reception. The receiving end restarts the timer T1 while sending the Key Request.
如果接收端在定时器T1超时前,接收到网络侧发送来的时变密钥TBEK加密后的信息,但是,接收端确定其获得的时变密钥TBEK不正确时,接收端重新向网络侧发送Key Request,要求发送端传送密钥,此时,Key Request中可以附带原因值,如接收密钥错误等原因值,但是,可以不必再附带鉴权信息。接收端在发送Key Request的同时重新启动T1。If the receiving end receives the information encrypted by the time-varying key TBEK sent from the network side before the timer T1 expires, however, when the receiving end determines that the time-varying key TBEK it has obtained is incorrect, the receiving end sends a new message to the network side Sending a Key Request requires the sender to transmit the key. At this time, the Key Request can be accompanied by a reason value, such as receiving a key error and other reason values. However, it is not necessary to attach the authentication information. The receiving end restarts T1 while sending the Key Request.
网络侧对其接收到Key Request进行判断,如果Key Request中携带有密钥传输错误信息,则网络侧可以不必再进行鉴权处理,而是重新向接收端回复Key ACK;如果Key Request中携带有定时器超时的信息,则接收端根据KeyRequest中的鉴权信息对接收端进行鉴权处理、向接收端回复Key ACK或KeyREJ等上述描述的处理过程,直到接收端接收到正确的密钥或者接收到密钥拒绝信息。The network side judges the received Key Request. If the Key Request carries key transmission error information, the network side does not need to perform authentication processing, but replies Key ACK to the receiving end again; if the Key Request carries If the timer expires, the receiving end will perform authentication processing on the receiving end according to the authentication information in the KeyRequest, reply to the receiving end with Key ACK or KeyREJ and other processing procedures described above, until the receiving end receives the correct key or receives to the key rejection message.
在上述描述过程中,如果接收端接收到Key REJ,则接收端停止发送密钥请求,并关闭动多媒体广播接收电路。In the above described process, if the receiving end receives the Key REJ, the receiving end stops sending the key request and closes the dynamic multimedia broadcast receiving circuit.
上述描述过程中,时变密钥TBEK的有效时间即时变密钥TBEK的生命周期可以为n分钟,对于所有实时计费的接收端,n的取值相同,即发送端为不同接收端发送的时变密钥TBEK的有效时间是相同的;发送端发送给用户的KeyACK中可以携带时变密钥TBEK的生命周期TTL。In the above description process, the valid time of the time-varying key TBEK and the life cycle of the time-varying key TBEK can be n minutes. For all receiving ends of real-time billing, the value of n is the same, that is, the sending end is sent by different receiving ends. The valid time of the time-varying key TBEK is the same; the KeyACK sent by the sender to the user can carry the life cycle TTL of the time-varying key TBEK.
在接收端通过鉴权等上述处理过程,处于接收移动多媒体节目流的过程中时,接收端为持续接收移动多媒体节目流需要根据时变密钥TBEK的生命周期定期向发送端请求新的时变密钥TBEK。When the receiving end is in the process of receiving the mobile multimedia program stream through the above-mentioned processing procedures such as authentication, the receiving end needs to periodically request a new time-varying key TBEK from the sending end in order to continuously receive the mobile multimedia program stream Key TBEK.
新的时变密钥TBEK的获取过程如附图12所示。The acquisition process of the new time-varying key TBEK is shown in Fig. 12 .
图12中,在步骤1、网络侧在时变密钥TBEK即将失效的时候,检查用户的余额,并判断接收端是否可以继续接收移动多媒体节目流,如果接收端的余额不足,则网络侧向接收端发送余额不足信息,停止向接收端发送新密钥,并向计费系统发送停止对接收端计费的信息;否则,网络侧在时变密钥TBEK失效的时候,针对该实时计费接收端启动定时器T2,等待接收端的新密钥请求信令Next Key Request。如果在定时器T2超时时,网络侧没有接收到接收端发送来的Next Key Request,则网络侧向计费系统发送停止对接收端计费的信息,并停止向该接收端发送密钥。In Figure 12, in step 1, when the time-varying key TBEK is about to expire, the network side checks the balance of the user and judges whether the receiving end can continue to receive the mobile multimedia program stream. If the balance of the receiving end is insufficient, the network side receives the end sends the message of insufficient balance, stops sending new keys to the receiving end, and sends information to the billing system to stop billing the receiving end; otherwise, when the time-varying key TBEK fails, the network side will receive The end starts the timer T2, waiting for the new key request signaling Next Key Request from the receiving end. If the network side does not receive the Next Key Request sent by the receiving end when the timer T2 expires, the network side sends information to the billing system to stop charging the receiving end, and stops sending keys to the receiving end.
在步骤2、对于接收端来说,接收端根据TTL判断密钥失效的时间,在密钥失效前的某个随机时间,如果接收端希望继续接收节目流,则接收端向发送端发送一个新密钥请求信令Next Key Request,并启动接收密钥定时器T1,等待接收发送端发送来的新密钥。In step 2, for the receiving end, the receiving end judges the time when the key expires according to the TTL. At a random time before the key expires, if the receiving end wishes to continue receiving the program stream, the receiving end sends a new key to the sending end. The key request signaling Next Key Request, and start the receiving key timer T1, waiting to receive the new key sent by the sending end.
在步骤3、网络侧接收到新密钥请求信令Next Key Request后,终止定时器T2的计时,如果网络侧根据限制收看条件确定允许接收端继续接收节目流,则网络侧向接收端回复Next Key ACK,并向接收端发送一个新的时变密钥TBEK加密后的信息;如果网络侧根据限制收看条件确定禁止接收端继续接收节目流,则拒绝向接收端发送新的密钥,网络侧向接收端回复Next Key REJ,并在Next Key REJ中携带拒绝原因。In step 3, after the network side receives the new key request signaling Next Key Request, the timing of the timer T2 is terminated, and if the network side determines that the receiving end is allowed to continue receiving the program stream according to the restricted viewing conditions, the network side replies Next to the receiving end Key ACK, and send a new time-varying key TBEK encrypted information to the receiving end; if the network side determines that the receiving end is prohibited from continuing to receive the program stream according to the viewing restriction conditions, it refuses to send the new key to the receiving end, and the network side Reply Next Key REJ to the receiving end, and carry the rejection reason in Next Key REJ.
如果接收端的定时器T1超时时,接收端一直没有接收到发送端发送来的时变密钥TBEK或密钥拒绝信息,则接收端向网络侧重新发送Next KeyRequest,并在Next Key Request上附加接收状况信息,同时,接收端重新启动定时器T1;如果接收端接收到的时变密钥TBEK错误,则接收端向网络侧重新发送Next Key Request,并在Next Key Request上附加密钥传输错误信息。此时,网络侧进行上述步骤3的描述过程,直到接收端接收到正确的时变密钥TBEK或接收到密钥拒绝信息。If the timer T1 of the receiving end expires, and the receiving end has not received the time-varying key TBEK or key rejection information sent by the sending end, the receiving end resends the Next KeyRequest to the network side, and attaches the receiving key to the Next Key Request. At the same time, the receiving end restarts the timer T1; if the time-varying key TBEK received by the receiving end is wrong, the receiving end resends the Next Key Request to the network side, and attaches the key transmission error information to the Next Key Request . At this point, the network side performs the process described in step 3 above until the receiving end receives the correct time-varying key TBEK or receives the key rejection information.
当接收端接收到新的密钥或密钥拒绝信息时,终止接收密钥定时器T1的计时。When the receiving end receives a new key or key rejection information, it terminates the timing of the receiving key timer T1.
在上述描述中,网络侧拒绝接收端新密钥请求的原因值可能是:定时器T2超时、因为接收端的帐户余额不足而停止计费、接收到接收端重新发送来的初始化请求Key Request等。In the above description, the reasons why the network side rejects the receiver’s new key request may be: timer T2 expires, billing is stopped because the receiver’s account balance is insufficient, and the initialization request Key Request resent by the receiver is received.
接收端停止接收节目时,接收端和发送端的处理流程如附图13所示。When the receiving end stops receiving programs, the processing flow of the receiving end and the sending end is shown in FIG. 13 .
图13中,在步骤1、接收端停止接收移动多媒体节目,关闭数字电视接收电路时,接收端向网络侧发送停止计费请求Stop Billing Request。In Fig. 13, in step 1, when the receiving end stops receiving mobile multimedia programs and closes the digital TV receiving circuit, the receiving end sends a Stop Billing Request to the network side.
到步骤2、网络侧接收到接收端的停止计费请求后,通知计费系统停止计费,并向接收端发送停止计费确认Stop Billing ACK。In step 2, after receiving the stop billing request from the receiving end, the network side notifies the billing system to stop billing, and sends a Stop Billing ACK to the receiving end.
当然,接收端也可以在关闭数字电视接收电路时,不向发送端发送发任何信息,这样,发送端在时变密钥TBEK失效后,不会再接收到接收端发送来的密钥请求,从而使网络侧会因定时器T2超时而终止计费。Of course, the receiving end can also not send any information to the sending end when the digital TV receiving circuit is turned off. In this way, the sending end will not receive the key request sent by the receiving end after the time-varying key TBEK becomes invalid. Therefore, the network side will terminate the charging due to the timeout of the timer T2.
如果接收端在接收节目过程中,由于更换电池或其它原因造成接收端重启,则接收端重新接收移动多媒体节目时,对于实时计费的接收终端,首先需要判断密钥存储区里的密钥是否仍然有效,如果有效,则可以利用密钥存储区中存储的密钥继续接收移动多媒体节目;如果密钥存储区里的密钥失效,则接收端可以通过上述实施例中描述的初始化请求的流程来申请获取时变密钥TBEK加密后的信息。If the receiving end is restarted due to battery replacement or other reasons during receiving the program, when the receiving end receives the mobile multimedia program again, for the receiving terminal with real-time billing, it is first necessary to determine whether the key in the key storage area is Still valid, if valid, then can utilize the key stored in the key storage area to continue to receive mobile multimedia programs; To apply for the time-varying key TBEK encrypted information.
在本发明的技术方案中,网络侧对接收端接收节目的实时计费的精确程度由时变密钥TBEK的生命周期来决定,时变密钥TBEK的生命周期越长,对移动多媒体节目进行实时计费的精确程度则越差。In the technical solution of the present invention, the accuracy of the real-time billing of the programs received by the receiving end at the network side is determined by the life cycle of the time-varying key TBEK. The accuracy of real-time billing is even worse.
从上述描述可以看出,本发明在不改变原有标准CA系统方案的基础上,添加了另外一套密钥,通过将添加的密钥的传送与移动通信网络相结合,使本发明能够对接收端接收移动多媒体节目实现实时计费功能。本发明兼容已有的CA系统,而且,并不影响移动多媒体业务原有的计费方式。这样,当接收端不是能够同时接收移动通信网络信号和移动视频广播网络信号的双模终端时,仍然可以通过传统的收费方式对接收端接收节目进行收费;而对于双模终端,则不但可以通过传统的收费方式对接收端接收节目进行收费,还可以采用本发明的技术方案对接收端接收节目进行实时收费,大大增强了收费方式的灵活性。As can be seen from the above description, on the basis of not changing the original standard CA system scheme, the present invention adds another set of keys, and by combining the transmission of the added keys with the mobile communication network, the present invention can The receiving end receives the mobile multimedia program to realize the real-time billing function. The invention is compatible with the existing CA system, and does not affect the original billing mode of the mobile multimedia service. In this way, when the receiving end is not a dual-mode terminal capable of simultaneously receiving mobile communication network signals and mobile video broadcasting network signals, the traditional charging method can still be used to charge for programs received by the receiving end; The traditional charging method charges for programs received at the receiving end, and the technical solution of the present invention can also be used to charge for receiving programs at the receiving end in real time, which greatly enhances the flexibility of the charging method.
本发明一种基于移动多媒体业务广播的条件接收系统,本发明的系统仍然设置有注册加密层、授权加密层、业务流密钥传输层和业务加密层。本发明的网络侧即发送端中设置有加密模块、密钥发送模块、计费控制模块和鉴权模块,接收端中设置有接收模块。The present invention is a conditional access system based on mobile multimedia service broadcasting. The system of the present invention is still provided with a registration encryption layer, an authorization encryption layer, a service stream key transmission layer and a service encryption layer. The network side of the present invention, that is, the sending end is provided with an encryption module, a key sending module, a billing control module and an authentication module, and the receiving end is provided with a receiving module.
鉴权模块主要用于:根据发送端发送来的鉴权信息对接收端进行鉴权,并在鉴权成功时,通知加密模块开始进行加密处理过程。The authentication module is mainly used to: authenticate the receiving end according to the authentication information sent by the sending end, and notify the encryption module to start the encryption process when the authentication is successful.
加密模块主要用于:根据在授权加密层增加的时变密钥TBEK,对节目流的加密密钥进行加密,将加密后的信息随节目流发送,并输出密钥TBEK。加密模块可以在接收到接收端传输来的密钥请求Key Request、或Next KeyRequest时,利用时变密钥TBEK对节目流的加密密钥进行加密。The encryption module is mainly used to encrypt the encryption key of the program stream according to the time-varying key TBEK added in the authorization encryption layer, send the encrypted information along with the program stream, and output the key TBEK. The encryption module can use the time-varying key TBEK to encrypt the encryption key of the program stream when receiving the key request Key Request or Next KeyRequest transmitted from the receiving end.
密钥发送模块主要用于:在接收到时变密钥TBEK后,通过移动通信系统将获取时变密钥TBEK的信息发送至接收模块。密钥发送模块可以将时变密钥TBEK直接发送至接收模块,也可以将时变密钥TBEK加密后的信息发送至接收模块。The key sending module is mainly used for: after receiving the time-varying key TBEK, send the information of obtaining the time-varying key TBEK to the receiving module through the mobile communication system. The key sending module can directly send the time-varying key TBEK to the receiving module, and can also send the encrypted information of the time-varying key TBEK to the receiving module.
接收模块主要用于:根据其接收的信息获取时变密钥TBEK,并根据时变密钥TBEK解密、获得节目流的加密密钥,然后,根据解密获得的节目流的加密密钥对节目流进行解密,以使接收端能够根据时变密钥TBEK收看移动多媒体广播节目。The receiving module is mainly used to obtain the time-varying key TBEK according to the information it receives, and decrypt it according to the time-varying key TBEK to obtain the encryption key of the program stream, and then encrypt the program stream according to the encryption key of the program stream obtained by decryption. Decryption is performed so that the receiving end can watch mobile multimedia broadcasting programs according to the time-varying key TBEK.
计费控制模块主要用于:根据密钥发送模块发送的时变密钥TBEK的时变周期控制计费系统对接收端的计费处理。这里的计费处理为实时计费处理,实时计费处理的精确度和时变密钥TBEK的时变周期有关,如向计费系统发送开始计费、停止计费的信息。计费控制模块在接收到接收端发送来的Stop BillingRequest时,控制计费系统停止对接收端进行计费处理。具体如上述方法中的描述。The billing control module is mainly used to: control the billing process of the billing system on the receiving end according to the time-varying period of the time-varying key TBEK sent by the key sending module. The billing processing here is real-time billing processing, and the accuracy of real-time billing processing is related to the time-varying period of the time-varying key TBEK, such as sending billing start and stop billing information to the billing system. When the billing control module receives the Stop BillingRequest sent by the receiving end, it controls the billing system to stop billing processing on the receiving end. Specifically as described in the above method.
本发明中的接收模块由密钥请求子模块、判断子模块和接收子模块组成。The receiving module in the present invention is composed of a key request submodule, a judging submodule and a receiving submodule.
判断子模块主要用于:在确定接收端的密钥存储区里的时变密钥TBEK有效时,将时变密钥TBEK发送给接收子模块,使接收子模块能够利用密钥存储区中存储的密钥接收移动多媒体节目;判断子模块可以启动接收密钥定时器T1,等待接收发送端发送来的密钥。判断子模块也可以在定时器T1超时时,接收端一直没有接收到发送端发送来的时变密钥TBEK或密钥拒绝信息,则通知密钥请求子模块向发送端的密钥发送模块重新发送Next Key Request,并在Next Key Request上附加接收状况信息,同时,判断子模块重新启动定时器T1;如果接收模块接收到的时变密钥TBEK错误,则判断子模块通知密钥请求子模块向发送端的密钥发送模块重新发送Next Key Request,并在Next Key Request上附加密钥传输错误信息。当接收端停止接收移动多媒体节目、关闭数字电视接收电路时,判断子模块向密钥请求子模块向发送端的计费控制模块发送停止计费请求Stop Billing Request。具体如上述方法中的描述。The judging sub-module is mainly used for: when it is determined that the time-varying key TBEK in the key storage area of the receiving end is valid, the time-varying key TBEK is sent to the receiving sub-module, so that the receiving sub-module can use the time-varying key TBEK stored in the key storage area The key receives the mobile multimedia program; the judging sub-module can start the receiving key timer T1, and wait for receiving the key sent by the sending end. The judging sub-module can also notify the key request sub-module to resend the key to the key sending module of the sending end when the receiving end has not received the time-varying key TBEK or key rejection information sent by the sending end when the timer T1 expires. Next Key Request, and attach receiving status information on the Next Key Request, at the same time, the judging submodule restarts the timer T1; if the time-varying key TBEK received by the receiving module is wrong, the judging submodule notifies the key request submodule to The key sending module at the sending end resends the Next Key Request, and attaches the key transmission error information to the Next Key Request. When the receiving end stops receiving mobile multimedia programs and closes the digital TV receiving circuit, the judging submodule sends a Stop Billing Request to the key requesting submodule to the billing control module at the sending end. Specifically as described in the above method.
密钥请求子模块主要用于:在接收到判断子模块的通知时,通过移动通信系统向发送端发送密钥请求,这里,密钥请求子模块发送的密钥请求为KeyRequest、或者为Next Key Request。密钥请求中可以附带对接收端进行鉴权的鉴权信息。密钥请求子模块还需要根据判断子模块传输来的信息,向发送端的计费控制模块发送停止计费请求Stop Billing Request。具体如上述方法中的描述。The key request sub-module is mainly used for: when receiving the notification from the judging sub-module, send a key request to the sender through the mobile communication system. Here, the key request sent by the key request sub-module is KeyRequest or Next Key Request. Authentication information for authenticating the receiving end may be attached to the key request. The key request sub-module also needs to send a Stop Billing Request to the billing control module at the sending end according to the information transmitted by the judging sub-module. Specifically as described in the above method.
接收子模块主要用于:根据密钥请求子模块或密钥发送模块发送来的信息获取时变密钥TBEK,并根据时变密钥TBEK解密、获得节目流的加密密钥,然后,根据节目流的加密密钥收看移动多媒体广播节目。具体如上述方法中的描述。The receiving sub-module is mainly used to obtain the time-varying key TBEK according to the information sent by the key request sub-module or the key sending module, and decrypt according to the time-varying key TBEK to obtain the encryption key of the program stream, and then, according to the program Stream the encryption key for watching mobile multimedia broadcasting programs. Specifically as described in the above method.
加密模块由存储子模块、加密子模块组成。The encryption module is composed of a storage submodule and an encryption submodule.
存储子模块主要用于:存储限制收看条件,如存储允许接收端接收节目流的最低金额、接收权项信息等。The storage sub-module is mainly used for: storing restricted viewing conditions, such as storing the minimum amount that allows the receiving end to receive the program stream, receiving right item information, etc.
加密子模块主要用于:在接收到接收端发送来的密钥请求后,根据存储子模块中存储的限制收看条件在确定允许接收端收看移动多媒体广播节目时,根据接收的密钥TBEK对节目流的加密密钥进行加密处理,并将加密后的信息随节目流发送,在确定禁止接收端收看移动多媒体广播节目时,通知密钥发送模块向接收端发送密钥拒绝信息。加密子模块在时变密钥TBEK即将失效的时候,检查用户的余额,并判断接收端是否可以继续接收移动多媒体节目流,如果接收端的余额不足,则向接收端发送余额不足信息,停止向接收端发送新密钥,并向计费控制模块发送停止对接收端计费的信息;否则,加密子模块在时变密钥TBEK失效的时候,针对该实时计费接收端启动定时器T2,等待接收端的新密钥请求信令Next Key Request。如果在定时器T2超时时,加密子模块没有接收到接收端发送来的Next Key Request,则向计费控制模块发送停止对接收端计费的信息,并停止向该接收端发送密钥。具体如上述方法中的描述。The encryption sub-module is mainly used for: after receiving the key request sent by the receiving end, according to the restricted viewing conditions stored in the storage sub-module, when it is determined that the receiving end is allowed to watch the mobile multimedia broadcasting program, according to the received key TBEK to program The encryption key of the stream is encrypted, and the encrypted information is sent with the program stream. When it is determined that the receiving end is prohibited from watching the mobile multimedia broadcasting program, the key sending module is notified to send the key rejection information to the receiving end. When the time-varying key TBEK is about to expire, the encryption sub-module checks the balance of the user and judges whether the receiving end can continue to receive the mobile multimedia program stream. end sends a new key, and sends information to the billing control module to stop billing the receiving end; otherwise, when the time-varying key TBEK becomes invalid, the encryption submodule starts timer T2 for the real-time billing receiving end, and waits for The new key request signal at the receiving end is Next Key Request. If the encryption submodule does not receive the Next Key Request sent by the receiving end when the timer T2 expires, it will send information to the billing control module to stop charging the receiving end, and stop sending the key to the receiving end. Specifically as described in the above method.
虽然通过实施例描绘了本发明,本领域普通技术人员知道,本发明有许多变形和变化而不脱离本发明的精神,本发明的申请文件的权利要求包括这些变形和变化。Although the present invention has been described by way of example, those of ordinary skill in the art know that there are many variations and changes in the present invention without departing from the spirit of the invention, and the claims of the application document of the present invention include these variations and changes.
Claims (17)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100665509A CN100551034C (en) | 2006-03-30 | 2006-03-30 | Method for realizing mobile multimedia service and conditional access system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100665509A CN100551034C (en) | 2006-03-30 | 2006-03-30 | Method for realizing mobile multimedia service and conditional access system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101047829A true CN101047829A (en) | 2007-10-03 |
| CN100551034C CN100551034C (en) | 2009-10-14 |
Family
ID=38771988
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100665509A Expired - Fee Related CN100551034C (en) | 2006-03-30 | 2006-03-30 | Method for realizing mobile multimedia service and conditional access system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100551034C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009106007A1 (en) * | 2008-02-27 | 2009-09-03 | 华为技术有限公司 | Method, system and equipment for realizing media security of iptv multicast service |
| CN101953111A (en) * | 2007-12-21 | 2011-01-19 | 科库数据控股有限公司 | Systems and methods for securing data |
| CN102056161A (en) * | 2009-10-28 | 2011-05-11 | 上海摩波彼克半导体有限公司 | Method for realizing layered key management in wireless mobile communication network |
| CN101605241B (en) * | 2009-07-10 | 2012-02-08 | 中兴通讯股份有限公司 | Method and mobile terminal for managing mobile multimedia radio program recording permission |
| CN103634624A (en) * | 2013-11-15 | 2014-03-12 | 四川长虹电器股份有限公司 | Digital television live broadcasting method and system based on IP (Internet protocol) network |
| CN103686251B (en) * | 2012-09-05 | 2017-02-22 | 中国移动通信集团公司 | System, method and device for playing program stream in multimedia broadcasting service |
-
2006
- 2006-03-30 CN CNB2006100665509A patent/CN100551034C/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101953111A (en) * | 2007-12-21 | 2011-01-19 | 科库数据控股有限公司 | Systems and methods for securing data |
| US8806207B2 (en) | 2007-12-21 | 2014-08-12 | Cocoon Data Holdings Limited | System and method for securing data |
| WO2009106007A1 (en) * | 2008-02-27 | 2009-09-03 | 华为技术有限公司 | Method, system and equipment for realizing media security of iptv multicast service |
| CN101521570B (en) * | 2008-02-27 | 2012-09-19 | 华为技术有限公司 | Method, system and device for realizing IPTV multicast service media safety |
| CN101605241B (en) * | 2009-07-10 | 2012-02-08 | 中兴通讯股份有限公司 | Method and mobile terminal for managing mobile multimedia radio program recording permission |
| CN102056161A (en) * | 2009-10-28 | 2011-05-11 | 上海摩波彼克半导体有限公司 | Method for realizing layered key management in wireless mobile communication network |
| CN102056161B (en) * | 2009-10-28 | 2015-04-22 | 上海摩波彼克半导体有限公司 | Method for realizing layered key management in wireless mobile communication network |
| CN103686251B (en) * | 2012-09-05 | 2017-02-22 | 中国移动通信集团公司 | System, method and device for playing program stream in multimedia broadcasting service |
| CN103634624A (en) * | 2013-11-15 | 2014-03-12 | 四川长虹电器股份有限公司 | Digital television live broadcasting method and system based on IP (Internet protocol) network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100551034C (en) | 2009-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1190921C (en) | Broadcast service access control | |
| CN1946166A (en) | Digital broadcasting conditional access terminal and method | |
| CN1276603C (en) | Broadcasting and receiving messages | |
| CN1478350A (en) | Method for securely transmitting digital data from source to receiver | |
| CN1146235C (en) | Conditional access method for broadcast digital television | |
| CN101061666A (en) | Method for managing digital rights in broadcast/multicast services | |
| CN1633778A (en) | Method and apparatus for security within a data processing system | |
| CN1346570A (en) | Method and apparatus for encrypted transmission | |
| HK1049560A1 (en) | Process for managing a symmetric key in a communication network and devices for the implementation of this process | |
| CN100344160C (en) | Method for realizing acquisition of user on-line information | |
| CN1950776A (en) | Certificate validity checking | |
| CN1558676A (en) | Multimedia information demanding system and demanding method | |
| CN1465159A (en) | Secure packet-based data broadcasting architecture | |
| CN101052044A (en) | IPTV stream media business realizing method IMS, network equipment and terminal equipment | |
| WO2010068779A2 (en) | Trust establishment from forward link only to non-forward link only devices | |
| WO2008046323A1 (en) | Mobile telephone television service protect method, system and apparatus | |
| CN1386340A (en) | Information providing system and devices constituting the system | |
| CN1930879A (en) | Smartcard dynamic management | |
| CN101076109A (en) | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it | |
| CN1549595A (en) | An information transmission method and device for an interactive digital broadcast television system | |
| CN1922582A (en) | Apparatus and method for broadcast services transmission and reception | |
| CN1735192A (en) | User authorization method and its authorization system | |
| CN101032167A (en) | Method for broadcasting digital data to a targeted set of reception terminals | |
| CN1845599A (en) | Method for obtaining and updating service key in mobile TV service | |
| CN1140121C (en) | Process for controlling access to domestic network and device implementing the process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091014 Termination date: 20130330 |