CN1607831A - Bidirectional real-time authentication digital television conditional receiving system - Google Patents
Bidirectional real-time authentication digital television conditional receiving system Download PDFInfo
- Publication number
- CN1607831A CN1607831A CN 200310110728 CN200310110728A CN1607831A CN 1607831 A CN1607831 A CN 1607831A CN 200310110728 CN200310110728 CN 200310110728 CN 200310110728 A CN200310110728 A CN 200310110728A CN 1607831 A CN1607831 A CN 1607831A
- Authority
- CN
- China
- Prior art keywords
- server
- module
- user
- top box
- access server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
This invention relates to a two-way real-time authentication digital TV condition receive system characterizing that a CA access server is connected with an IP module in a user end set-top box composed of an IP module, DVB module and a de-perturbing device in the digital TV front system by IP network, the IP module is connected with the PVB module in the user end set-top-box, DVB module is connected with the de-perturbing device of the set-top-box connected with the hybrid phasing in said front system by HFC network.
Description
Affiliated technical field: the invention belongs to the television condition receiving system field, specifically is a kind of two-way real-time authentication digital television conditional access system.
Background technology: in digital television system, CA (condition reception) is the important means that guarantees the paid rating of user.The condition receiving system that uses both at home and abroad all adopts the One-to-All Broadcast mode to realize at present, and the condition receiving course of user side relies on the Smartcard (smart card) in the set-top box to carry out fully.
Traditional condition receiving system as shown in Figure 1, the control word (CW:Control Word) that scrambler utilizes control word generator to produce is carried out scrambling to MPEG (Motion Picture Experts Group) transport stream, use SK (business cipher key) that CW and out of Memory are encrypted formation Entitlement Control Message (ECM:Entitlement Control Message) simultaneously, use PDK (individual distributing key) that SK and authorization message are encrypted formation Entitlement Management Message (EMM:Entitlement Management Message).EMM, ECM and mpeg transport stream form new TS (transport stream) through multiplexing back, it is sent to each set-top box of user side by the mode of One-to-All Broadcast, the user is decrypted according to opposite order by the Smartcard of set-top box, finally takes out CW and finishes descrambling to programme content.
Because the overall process of operator's monitoring condition reception in real time, so in case the algorithm of CA system or Smartcard are cracked, and operator will suffer tremendous loss so, and go to find disabled user in the network without any means.
The objective of the invention is at the problems referred to above, a kind of two-way real-time authentication digital television conditional access system is provided, it is safe and reliable, avoid the danger that cracked by the overall situation, and can monitor in real time online user's state, in time find the disabled user in the network, can realize interactive application truly such as TVOD (video request program), real-time audience rating statistical.
The objective of the invention is to realize by following technical proposals:
Summary of the invention:
Two-way real-time authentication digital television conditional access system of the present invention it is characterized in that with the CA in the digital TV front-end system (condition reception) access server by IP (interconnection protocol) network be connected by the IP module in IP module, DVB (digital television broadcasting) module and the user side set-top box that descrambler is formed, the IP module is connected with DVB module in the user side set-top box, the DVB module is connected with descrambler in the user side set-top box, and descrambler is connected with blender in the digital TV front-end system by HFC (hybred fiber-coax) network.
In the such scheme, adopt DES (data encryption standard), 3DES (3 heavy DES), RSA cryptographic algorithms, IDEA (IDEA) that data are encrypted between CA access server in the digital TV front-end system and the IP module in the user side set-top box, the IP safety of transmission guarantees by IPSec (IP security protocol) between them.
In the such scheme, the working procedure of CA access server is as follows:
After the CA access server started, foundation was connected with database, finishes the initial configuration of database being carried out read-write operation;
The CA access server enters wait state, prepares the miscellaneous service request that the response user uploads;
The CA access server receives the service request that the user side set-top box sends, and judges type of service, starts the corresponding service processing flow process;
The authentication if the request of user side set-top box powers on, the CA access server is according to the user authentication information searching user's information table in database that receives so; If the record in the user message table coincide with the user authentication information that receives, the CA access server then produces authentication by Frame, returns to the user side set-top box by IP tunnel, otherwise the information of authentification failure is returned to the user side set-top box; The user side set-top box is by after authenticating, and the CA access server sends the rating parameter of DTV (Digital Television) and NVOD (quasi-video request program) and corresponding CW (control word) to the user side set-top box; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response;
If TVOD (video request program) authentication is carried out in the request of user side set-top box, the CA access server is according to the user authentication information searching user's information table in database that receives so; If the record in the user message table coincide with the user authentication information that receives, the CA access server then produces authentication and returns to the user side set-top box by Frame, simultaneously the TVOD programme is returned to the user side set-top box; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response;
If the TVOD program request is carried out in the request of user side set-top box, the CA access server carries out authentication according to the user profile that receives so; If user identity is legal, the CA access server is served to Broadcast Control server application TVOD according to user's IP Information On Demand; If the Broadcast Control server is broadcast resource success for the TVOD traffic assignments, CA access server rating parameter that the Broadcast Control server is returned sends the user side set-top box of request program to so; After the CA access server was received the affirmation information that the user side set-top box returns, CA access server notice Broadcast Control server began the service of TVOD business; If the Broadcast Control server-assignment is broadcast the resource failure, the CA access server returns to the user side set-top box with failure information so, finishes this Business Processing; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response.
In the such scheme, the workflow of the IP module of user side set-top box is as follows:
The user side set-top box powers up carries out initialization, to this machine of DHCP (DHCP) server requests IP address;
Obtain IP address and CA access server IP address and port numbers, the IP module connects with the CA access server;
IP module and DVB module are carried out carrying out shake communication, receive the DVB authentication request that powers on, and send the DVB authentication request that powers on to the CA access server;
The IP module receives the authentication information that the CA server returns, and upgrades the local service information table;
The IP module is extracted DVB current business parameter and CW, and sends to the DVB module, waits for the affirmation information that the DVB module is returned;
After the IP module receives the affirmation information that the DVB module returns, send confirmation to the CA access server;
The IP module is carried out system time and is proofreaied and correct wait reception DVB service request;
After the IP module receives the service request of DVB module transmission, carry out type of service and judge; If only need the IP module to carry out local authentication, then directly authentication result is returned to the DVB module; Otherwise judge whether only need carry out the CA access authentication; If only need the CA access authentication, then send authentication request, and send the authentication result that the CA access server returns to DVB module (comprising service parameter and CW or authentication failure message) to the CA access server;
The IP module receives the affirmation information that the DVB module is returned, and enters the new play-on-demand program request of wait state response.
In the such scheme, the digital TV front-end system is made up of CA access server, database server, subscriber management server, Broadcast Control server, video server, other program source, encoder, multiplexer, scrambler, QAM (quadrature amplitude modulation) modulation and upconverter, blender; The user side set-top box is made up of IP module, DVB module and descrambler; Wherein, the CA access server is connected with database server, subscriber management server, Broadcast Control server, scrambler respectively, and is connected with IP module in the user side set-top box by IP network; Database server is connected with subscriber management server; The Broadcast Control server is connected with video server; Video server is connected with encoder; Other program source is connected with encoder; Encoder is connected with multiplexer; Multiplexer is connected with scrambler; Scrambler is connected with upconverter with the QAM modulation; The QAM modulation is connected with blender with upconverter; Blender is connected with DVB module in the user side set-top box by hfc plant; In the user side set-top box, the IP module is connected with the DVB module, and the DVB module is connected with descrambler.
In the such scheme, the CA access server, database server, subscriber management server, the Broadcast Control server, video server, encoder, multiplexer, scrambler, QAM modulation and upconverter, blender is the standard device of digital TV front-end system, wherein, the CA access server, database server, subscriber management server, the model of Broadcast Control server is Compaq Proliant DL360, the model of video server is Nstreams Raid-X, the model of encoder is Thomson DBE4120, the model of multiplexer is Thomson DBX4300, the model of scrambler is that the independent scrambler of speeding is interrogated in three continents, the model of QAM modulation and upconverter is Harris QAM8500, and the model of blender is Harris DCN-8500; The model of user side set-top box is the Changhong DVB-C2000 that has increased the IP module.
In the two-way real-time authentication digital television conditional access system of the present invention, the Oracle9i database is installed on the database server.The CA access server is responsible for user identity is authenticated CW with distribution of encrypted.The essential information of subscriber management server process user and work at present state.Broadcast Control server and video server are responsible for the generation of user's request program code stream.Scrambler carries out scrambling to the code stream after multiplexing, and the CW that scrambling is used sends the CA access server to.The user uses a teleswitch and imports various IP Information On Demands to set-top box.Need to increase the descrambling that the IP module is finished program in the set-top box, and vision signal is outputed to user's television set.The IP module is according to the flow processing user's of the present invention's description IP Information On Demand.
Run user management system software on the subscriber management server, the system manager can increase, revise, delete user's essential information.Subscriber Management System uses database engine, connect by Ethernet, ICP/IP protocol and database, and in database, create the user basic information table, the record of this table comprises fields such as Customs Assigned Number, address name, user cipher, user balance, user right, user's current state.Record when the CA access server is differentiated the user in the meeting inquiring user Basic Information Table.If the user is by authentication, the CA access server can notify Subscriber Management System to upgrade the record of active user in the user basic information table so, and the value of user's current state field can be modified to online.When the user shut down, the CA access server can notify Subscriber Management System that the value of user's current state field is revised became off-line.Suspend user's service if desired, Subscriber Management System will be revised as sign out of service to the value of user right field, and the CA access server just can not pass through the authentication that the user carries out so.Recover service if desired, only need be revised as the value of user right normally getting final product the user.Be connected by Ethernet between subscriber management server and the CA access server, use ICP/IP protocol to carry out communication.The CA access server can successfully wait authentification of user information to send subscriber management server to by, user shutdown, user's program request, and Subscriber Management System software can remove to upgrade record in the user basic information table according to previously described process.
The Broadcast Control server is the bridge between CA access server and the video server.The course of work of Broadcast Control server admin and control of video server.Carry out communication by Ethernet, ICP/IP protocol between Broadcast Control server and the CA access server, it can respond the application that the CA access server sends and broadcast resource, begins to broadcast, suspends and order such as broadcast, stop to broadcast.The Broadcast Control server is the state and the channel operating position of monitor video server at any time, when the CA access server is that user applies is when broadcasting resource, it can keep the program of broadcasting to needs to the video server of free time and idle channel, simultaneously to CA access server return results.The standard interface that the CA access server provides by video server is realized the control to video server, carries out communication by Ethernet, ICP/IP protocol between them.Video server sends the vision signal of user's program request to multiplexer and handles, and the interface between them is ASI (Asynchronous Serial Interface).
Encoder carries out encoding process to the Voice ﹠ Video signal of input according to the DVB standard, and output at last meets the program stream of DVB standard.Adopt ASI to connect between encoder and the multiplexer, transmission code rate is the highest can to reach 54Mbps.Encoder uses composite video input or serial digital signal interface to be connected with the vision signal between other program source, and audio signal uses uneven input to connect.
The effect of multiplexer is with the output of synthetic one road TS stream of the program stream of a plurality of inputs, it with scrambler between adopt the ASI interface to be connected.
Scrambler carries out scrambling according to the DVB standard to the TS stream of importing, and the CA access server links to each other with the control interface of scrambler by Ethernet, uses the work of ICP/IP protocol control scrambler.When needs carried out scrambling to program stream, scrambler at first produced CW and sends the CA access server to by Ethernet, and the CA access server returns to scrambler with confirmation after setting up corresponding relation between CW and the scrambling code stream.Scrambler uses through the CW after confirming code stream is carried out scrambling, and the CA access server carries out encryption sends appointment later on to by IP network set-top box to CW.
QAM modulation upconverter is carried out the QAM modulation to the TS stream of needs transmission, and the QAM signal after will modulating is then moved (i.e. on the television channel of appointment) output radiofrequency signal in the frequency range of formulating.Adopt the ASI interface to be connected between QAM modulation upconverter and the scrambler.
The effect of blender is multi-channel rf signal (promptly being modulated to the digital television signal on the different channel) is mixed, and one the tunnel outputs to hfc plant and transmits then.Use 75 ohm coaxial cable to connect between QAM modulation upconverter and the blender.
The DVB-C2000 that set-top box adopts Changhong company to produce, it possesses serial bus interface, control command that can response external.After the IP module joined among the DVB-C2000, it carried out communication by the DVB module of serial bus interface and set-top box, can realize the control to the DVB module routine.
The flow process that realization condition of the present invention receives is as follows:
1, the user opens the set-top box power supply, and the IP module active in the set-top box is set up IP with the CA access server in the front end system and is connected, and sends user's registration information to the CA server, and authentication is carried out in request.
2, after the CA access server in the front end system receives the log-on message of set-top box transmission, search user profile database and carry out the user identity discriminating.If user identity is legal, the CA access server will be searched the user service registration database so, obtain active user's service order record, and related service tabulation is returned to IP module in the set-top box, finish the verification process that powers up of set-top box.The CA access server also can write the Customs Assigned Number by authentication in the online subscriber's meter simultaneously, prevents that user identity from illegally being falsely used.If user's log-on message makes a mistake, the CA access server will be to the result of set-top box return authentication failure so, and the IP that ends between them connects.
3, set-top box by authentication after, the user just can select to wish the program watched.At first, user's IP Information On Demand sends the DVB module in the set-top box to, and the DVB module is looked into the scrambling control word of news user institute request program to the IP module then.The control word that includes program in step 2 in the service list that the IP module is obtained.After the DVB module obtains the control word of selected program from the IP module, the work that the DVB module can utilize CW to remove descrambler in the controller top box, final descrambling goes out required digital TV video frequency stream.Meanwhile, the IP module can send parameters such as user's audience information and rating duration to the CA access server, and front end system can generate the essential information of charging.
If 4 users select to watch TVOD or NVOD program that the DVB module in the set-top box will send user's rating request and log-on message to the CA access server by the IP module so.The CA access server determines at first whether this user possesses corresponding rating authority.If the user possesses corresponding authority, the CA access server can pass to the TVOD/NVOD professional system to the rating request so, finishes necessary resource bid, and obtains the rating parameter.The TVOD/NVOD professional system sends to broadcast control system with user's rating request and parameter simultaneously, and broadcast control system produces broadcasts order, and the notice broadcasting system plays the program of broadcasting user program request.The TVOD/NVOD response packet that the CA access server returns the Broadcast Control server converts form up to specification to and sends to the IP module, notifies the processing of chargeing of the charge system of front end system simultaneously.IP module in the set-top box and DVB module lock the program of user's program request and carry out descrambling according to the parameter that obtains.
The process that user of the present invention carries out the TVOD program request is as follows:
1, set-top box sends user profile and IP Information On Demand to the CA access server by IP network.
2, the user profile that returns up according to set-top box of CA access server, the user basic information table in the Query Database server, identifying user identity, simultaneously whether online to the subscriber management server inquiring user.If user identity is legal and the online record table in do not have relative recording, then enter step 3, otherwise to the information of set-top box return authentication failure.
3, the user by system authentication after, CA access server notice subscriber management server record or upgrade current user state is broadcast resource to the application of Broadcast Control server then.Can not use if broadcast resource accordingly, Broadcast Control server notification CA access server finishes current order request, and the result is returned to set-top box.If the idle resource of broadcasting is arranged, Broadcast Control server reservation of resource carries out record simultaneously in the Broadcast Control resource table so, enters step 4 after finishing.
4, the CW that will program be used is obtained in CA access server and scrambler communication.CW and rating parameter are sent to the set-top box of submitting order request to through after the encryption by the CA access server.
5, CA access server notice Broadcast Control server begins to broadcast the program of user's program request, notifies scrambler to use the CW of front to carry out scrambling to the program stream of appointment simultaneously.
When 6, the Broadcast Control server began to broadcast program, CA access server notice subscriber management server was revised the state of active user in the online record sheet, and increases data in user watched record sheet, generates basic charge information.
7, the CA access server is finished the processing to active user's program request, returns 1, begins to accept new user's order request.
Two-way real-time authentication digital television conditional access system of the present invention adopts the brand-new real-time Collective qualification mode of bi-directional point to multipoint to replace original One-to-All Broadcast mode, CW that encrypts and the program transmission stream of scrambling appropriateness are separated, CW uses special-purpose two-way control channel to transmit, and has avoided the danger that is cracked by the overall situation.
Two-way real-time authentication digital television conditional access system feature of the present invention and advantage are as follows:
1, the CA access server that the condition receiving course of set-top box is focused on front end system carries out, and the user side set-top box does not need Smartcard.
2, increased the authentication link of front end system to user identity.When user's condition that begins receives, at first need to carry out authentication, have only authentication to receive by just carrying out condition later on to the CA access server.Traditional C A system is to rely on the Smartcard in the user side set-top box to finish to the authentication of user identity, and there is the possibility that is cracked in Smartcard.
3, the CA access server of the front end system among the present invention can be monitored in real time to online user's state, can in time find the disabled user in the network, and takes the corresponding precautionary measures.Traditional C A system does not possess the ability of finding disabled user in the network.
4, adopt after the two-way real-time authentication, digital-TV operator can extend to user side to the Network Management ability, can realize interactive application truly such as TVOD (video request program), real-time audience rating statistical.
Description of drawings:
Fig. 1 is traditional condition receiving system schematic block diagram.
Fig. 2 is a condition receiving system schematic block diagram of the present invention.
Fig. 3 is the working procedure block diagram of CA access server of the present invention.
Fig. 4 is the working procedure block diagram of IP module of the present invention.
Fig. 5 is the structured flowchart of the embodiment of the invention.
Embodiment:
Be described in further detail the present invention below in conjunction with drawings and Examples, but the present invention is not limited only to described embodiment.
As shown in Figure 1, traditional condition receiving system is that the CW that scrambler utilizes control word generator to produce carries out scrambling to mpeg transport stream, uses SK that CW and out of Memory are encrypted formation ECM simultaneously, uses PDK that SK and authorization message are encrypted formation EMM.EMM, ECM and mpeg transport stream form new TS through multiplexing back, it is sent to each set-top box of user side by the mode of One-to-All Broadcast, the user is decrypted according to opposite order by the Smartcard of set-top box, finally takes out CW and finishes descrambling to programme content.
As shown in Figure 2, two-way real-time authentication digital television conditional access system of the present invention is that the CA access server in the digital TV front-end system is connected with IP module in the user side set-top box of being made up of IP module, DVB module and descrambler by IP network, the IP module is connected with DVB module in the user side set-top box, the DVB module is connected with descrambler in the user side set-top box, and descrambler is connected with blender in the digital TV front-end system by hfc plant.
CA access server response user's wherein various service requests are finished user's identity are differentiated that the CW that is responsible for encrypting is distributed to designated user, the online user's of monitoring management simultaneously state.The IP module be responsible for the CA access server between communication, to the deciphering of CW and with between the DVB module alternately.The DVB module is responsible for the input information of process user, the work of control descrambler.
Adopt DES that data are encrypted between IP module in the user side set-top box and the CA access server in the front end system, the IP safety of transmission guarantees by IPSec (IP security protocol) between them.According to principle of the present invention, the technical staff can also use other cryptographic algorithm that data are protected, for example 3DES, RSA, IDEA etc.
Therefore, two-way real-time authentication digital television conditional access system of the present invention adopts the brand-new real-time Collective qualification mode of bi-directional point to multipoint to replace original One-to-All Broadcast mode, CW that encrypts and the program transmission stream of scrambling appropriateness are separated, CW uses special-purpose two-way control channel to transmit, the user side set-top box does not need Smartcard, has avoided the danger that is cracked by the overall situation.
As shown in Figure 3, the working procedure of the CA access server among the present invention is as follows:
After the CA access server started, foundation was connected with database, finishes the initial configuration of database being carried out read-write operation;
The CA access server enters wait state, prepares the miscellaneous service request that the response user uploads;
The CA access server receives the service request that the user side set-top box sends, and judges type of service, starts the corresponding service processing flow process;
The authentication if the request of user side set-top box powers on, the CA access server is according to the user authentication information searching user's information table in database that receives so; If the record in the user message table coincide with the user authentication information that receives, the CA access server then produces authentication by Frame, returns to the user side set-top box by IP tunnel, otherwise the information of authentification failure is returned to the user side set-top box; The user side set-top box is by after authenticating, and the CA access server sends the rating parameter of DTV and NVOD and corresponding CW to the user side set-top box; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response;
If the TVOD authentication is carried out in the request of user side set-top box, the CA access server is according to the user authentication information searching user's information table in database that receives so; If the record in the user message table coincide with the user authentication information that receives, the CA access server then produces authentication and returns to the user side set-top box by Frame, simultaneously the TVOD programme is returned to the user side set-top box; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response;
If the TVOD program request is carried out in the request of user side set-top box, the CA access server carries out authentication according to the user profile that receives so; If user identity is legal, the CA access server is served to Broadcast Control server application TVOD according to user's IP Information On Demand; If the Broadcast Control server is broadcast resource success for the TVOD traffic assignments, CA access server rating parameter that the Broadcast Control server is returned sends the user side set-top box of request program to so; After the CA access server was received the affirmation information that the user side set-top box returns, CA access server notice Broadcast Control server began the service of TVOD business; If the Broadcast Control server-assignment is broadcast the resource failure, the CA access server returns to the user side set-top box with failure information so, finishes this Business Processing; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response.
As shown in Figure 4, the workflow of the IP module of the user side set-top box among the present invention is as follows:
The user side set-top box powers up carries out initialization, to this machine of Dynamic Host Configuration Protocol server request IP address;
Obtain IP address and CA access server IP address and port numbers, the IP module connects with the CA access server;
IP module and DVB module are carried out carrying out shake communication, receive the DVB authentication request that powers on, and send the DVB authentication request that powers on to the CA access server;
The IP module receives the authentication information that the CA server returns, and upgrades the local service information table;
The IP module is extracted DVB current business parameter and CW, and sends to the DVB module, waits for the affirmation information that the DVB module is returned;
After the IP module receives the affirmation information that the DVB module returns, send confirmation to the CA access server;
The IP module is carried out system time and is proofreaied and correct wait reception DVB service request;
After the IP module receives the service request of DVB module transmission, carry out type of service and judge; If only need the IP module to carry out local authentication, then directly authentication result is returned to the DVB module; Otherwise judge whether only need carry out the CA access authentication; If only need the CA access authentication, then send authentication request, and send the authentication result that the CA access server returns to DVB module (comprising service parameter and CW or authentication failure message) to the CA access server;
The IP module receives the affirmation information that the DVB module is returned, and enters the new play-on-demand program request of wait state response.
As shown in Figure 5, the two-way real-time authentication digital television conditional access system of the embodiment of the invention is made up of CA access server, database server, subscriber management server, Broadcast Control server, video server, other program source, encoder, multiplexer, scrambler, QAM modulation and upconverter, blender; The user side set-top box is made up of IP module, DVB module and descrambler; Wherein, the CA access server is connected with database server, subscriber management server, Broadcast Control server, scrambler respectively, and is connected with IP module in the user side set-top box by IP network; Database server is connected with subscriber management server; The Broadcast Control server is connected with video server; Video server is connected with encoder; Other program source is connected with encoder; Encoder is connected with multiplexer; Multiplexer is connected with scrambler; Scrambler is connected with upconverter with the QAM modulation; The QAM modulation is connected with blender with upconverter; Blender is connected with DVB module in the user side set-top box by hfc plant; In the user side set-top box, the IP module is connected with the DVB module, and the DVB module is connected with descrambler.
The CA access server, database server, subscriber management server, the Broadcast Control server, video server, encoder, multiplexer, scrambler, QAM modulation and upconverter, blender is the standard device of digital TV front-end system, wherein, the CA access server, database server, subscriber management server, the model of Broadcast Control server is Compaq ProliantDL360, the model of video server is Nstreams Raid-X, the model of encoder is Thomson DBE4120, the model of multiplexer is Thomson DBX4300, the model of scrambler is that the independent scrambler of speeding is interrogated in three continents, the model of QAM modulation and upconverter is HarrisQAM8500, and the model of blender is Harris DCN-8500; The model of user side set-top box is the Changhong DVB-C2000 that has increased the IP module.
In the two-way real-time authentication digital television conditional access system of present embodiment, the Oracle9i database is installed on the database server.The CA access server is responsible for user identity is authenticated CW with distribution of encrypted.The essential information of subscriber management server process user and work at present state.Broadcast Control server and video server are responsible for the generation of user's request program code stream.Scrambler carries out scrambling to the code stream after multiplexing, and the CW that scrambling is used sends the CA access server to.The user uses a teleswitch and imports various IP Information On Demands to set-top box.Need to increase the descrambling that the IP module is finished program in the set-top box, and vision signal is outputed to user's television set.The IP module is according to the flow processing user's of the present invention's description IP Information On Demand.
Run user management system software on the subscriber management server, the system manager can increase, revise, delete user's essential information.Subscriber Management System uses database engine, connect by Ethernet, ICP/IP protocol and database, and in database, create the user basic information table, the record of this table comprises fields such as Customs Assigned Number, address name, user cipher, user balance, user right, user's current state.Record when the CA access server is differentiated the user in the meeting inquiring user Basic Information Table.If the user is by authentication, the CA access server can notify Subscriber Management System to upgrade the record of active user in the user basic information table so, and the value of user's current state field can be modified to online.When the user shut down, the CA access server can notify Subscriber Management System that the value of user's current state field is revised became off-line.Suspend user's service if desired, Subscriber Management System will be revised as sign out of service to the value of user right field, and the CA access server just can not pass through the authentication that the user carries out so.Recover service if desired, only need be revised as the value of user right normally getting final product the user.Be connected by Ethernet between subscriber management server and the CA access server, use ICP/IP protocol to carry out communication.The CA access server can successfully wait authentification of user information to send subscriber management server to by, user shutdown, user's program request, and Subscriber Management System software can remove to upgrade record in the user basic information table according to previously described process.
The Broadcast Control server is the bridge between CA access server and the video server.The course of work of Broadcast Control server admin and control of video server.Carry out communication by Ethernet, ICP/IP protocol between Broadcast Control server and the CA access server, it can respond the application that the CA access server sends and broadcast resource, begins to broadcast, suspends and order such as broadcast, stop to broadcast.The Broadcast Control server is the state and the channel operating position of monitor video server at any time, when the CA access server is that user applies is when broadcasting resource, it can keep the program of broadcasting to needs to the video server of free time and idle channel, simultaneously to CA access server return results.The standard interface that the CA access server provides by video server is realized the control to video server, carries out communication by Ethernet, ICP/IP protocol between them.Video server sends the vision signal of user's program request to multiplexer and handles, and the interface between them is ASI (Asynchronous Serial Interface).
Encoder carries out encoding process to the Voice ﹠ Video signal of input according to the DVB standard, and output at last meets the program stream of DVB standard.Adopt ASI to connect between encoder and the multiplexer, transmission code rate is the highest can to reach 54Mbps.Encoder uses composite video input or serial digital signal interface to be connected with the vision signal between other program source, and audio signal uses uneven input to connect.
The effect of multiplexer is with the output of synthetic one road TS stream of the program stream of a plurality of inputs, it with scrambler between adopt the ASI interface to be connected.
Scrambler carries out scrambling according to the DVB standard to the TS stream of importing, and the CA access server links to each other with the control interface of scrambler by Ethernet, uses the work of ICP/IP protocol control scrambler.When needs carried out scrambling to program stream, scrambler at first produced CW and sends the CA access server to by Ethernet, and the CA access server returns to scrambler with confirmation after setting up corresponding relation between CW and the scrambling code stream.Scrambler uses through the CW after confirming code stream is carried out scrambling, and the CA access server carries out encryption sends appointment later on to by IP network set-top box to CW.
QAM modulation upconverter is carried out the QAM modulation to the TS stream of needs transmission, and the QAM signal after will modulating is then moved (i.e. on the television channel of appointment) output radiofrequency signal in the frequency range of formulating.Adopt the ASI interface to be connected between QAM modulation upconverter and the scrambler.
The effect of blender is multi-channel rf signal (promptly being modulated to the digital television signal on the different channel) is mixed, and one the tunnel outputs to hfc plant and transmits then.Use 75 ohm coaxial cable to connect between QAM modulation upconverter and the blender.
The DVB-C2000 that set-top box adopts Changhong company to produce, it possesses serial bus interface, control command that can response external.After the IP module joined among the DVB-C2000, it carried out communication by the DVB module of serial bus interface and set-top box, can realize the control to the DVB module routine.
The flow process that the present embodiment realization condition receives is as follows:
1, the user opens the set-top box power supply, and the IP module in the set-top box is initiatively set up IP with the CA access server of front end system and is connected, and sends user's registration information to the CA access server, and authentication is carried out in request.
2, after the CA access server receives the log-on message of set-top box transmission, search user profile database and carry out the user identity discriminating.If user identity is legal, the CA access server will be searched the user service registration database so, obtain active user's service order record, and related service tabulation is returned to IP module in the set-top box, finish the verification process that powers up of set-top box.The CA access server also can write the Customs Assigned Number by authentication in the online subscriber's meter simultaneously, prevents that user identity from illegally being falsely used.If user's log-on message makes a mistake, the CA access server will be to the result of set-top box return authentication failure so, and the IP that ends between them connects.
3, set-top box by authentication after, the user just can select to wish the program watched.At first, user's IP Information On Demand sends the DVB module in the set-top box to, and the DVB module is looked into the scrambling control word of news user institute request program to the IP module then.The control word that includes program in step 2 in the service list that the IP module is obtained.After the DVB module obtains the control word of selected program from the IP module, the work that the DVB module can utilize CW to remove descrambler in the controller top box, final descrambling goes out required digital TV video frequency stream.Meanwhile, the IP module can send parameters such as user's audience information and rating duration to the CA access server, and front end system can generate the essential information of charging.
If 4 users select to watch TVOD or NVOD program that the DVB module in the set-top box will send user's rating request and log-on message to the CA access server by the IP module so.The CA access server determines at first whether this user possesses corresponding rating authority.If the user possesses corresponding authority, the CA access server can pass to the TVOD/NVOD professional system to the rating request so, finishes necessary resource bid, and obtains the rating parameter.The TVOD/NVOD professional system sends to broadcast control system with user's rating request and parameter simultaneously, and broadcast control system produces broadcasts order, and the notice broadcasting system plays the program of broadcasting user program request.The TVOD/NVOD response packet that the CA access server returns the Broadcast Control server converts form up to specification to and sends to the IP module, notifies the processing of chargeing of the charge system of front end system simultaneously.IP module in the set-top box and DVB module lock the program of user's program request and carry out descrambling according to the parameter that obtains.
The process that the user of present embodiment carries out the TVOD program request is as follows:
1, top box sends user profile and IP Information On Demand to the CA access server by IP network.
2, the user profile that returns up according to set-top box of CA access server, the user basic information table in the Query Database server, identifying user identity, simultaneously whether online to the subscriber management server inquiring user.If user identity is legal and the online record table in do not have relative recording, then enter step 3, otherwise to the information of set-top box return authentication failure.
3, the user by system authentication after, CA access server notice subscriber management server record or upgrade current user state is broadcast resource to the application of Broadcast Control server then.Can not use if broadcast resource accordingly, Broadcast Control server notification CA access server finishes current order request, and the result is returned to set-top box.If the idle resource of broadcasting is arranged, Broadcast Control server reservation of resource carries out record simultaneously in the Broadcast Control resource table so, enters step 4 after finishing.
4, the CW that will program be used is obtained in CA access server and scrambler communication.CW and rating parameter are sent to the set-top box of submitting order request to through after the encryption by the CA access server.
5, CA access server notice Broadcast Control server begins to broadcast the program of user's program request, notifies scrambler to use the CW of front to carry out scrambling to the program stream of appointment simultaneously.
When 6, the Broadcast Control server began to broadcast program, CA access server notice subscriber management server was revised the state of active user in the online record sheet, and increases data in user watched record sheet, generates basic charge information.
7, the CA access server is finished the processing to active user's program request, returns 1, begins to accept new user's order request.
Claims (6)
1, a kind of two-way real-time authentication digital television conditional access system, it is characterized in that with the CA in the digital TV front-end system (condition reception) access server by IP (interconnection protocol) network be connected by the IP module in IP module, DVB (digital television broadcasting) module and the user side set-top box that descrambler is formed, the IP module is connected with DVB module in the user side set-top box, the DVB module is connected with descrambler in the user side set-top box, and descrambler is connected with blender in the digital TV front-end system by HFC (hybred fiber-coax) network.
2, two-way real-time authentication digital television conditional access system according to claim 1, it is characterized in that adopting between CA access server in the digital TV front-end system and the IP module in the user side set-top box DES (data encryption standard), 3DES (3 heavy DES), RSA cryptographic algorithms, IDEA (IDEA) that data are encrypted, the IP safety of transmission guarantees by IPSec (IP security protocol) between them.
3, two-way real-time authentication digital television conditional access system according to claim 1 and 2 is characterized in that the working procedure of CA access server is as follows:
After the CA access server started, foundation was connected with database, finishes the initial configuration of database being carried out read-write operation;
The CA access server enters wait state, prepares the miscellaneous service request that the response user uploads;
The CA access server receives the service request that the user side set-top box sends, and judges type of service, starts the corresponding service processing flow process;
The authentication if the request of user side set-top box powers on, the CA access server is according to the user authentication information searching user's information table in database that receives so; If the record in the user message table coincide with the user authentication information that receives, the CA access server then produces authentication by Frame, returns to the user side set-top box by IP tunnel, otherwise the information of authentification failure is returned to the user side set-top box; The user side set-top box is by after authenticating, and the CA access server sends the rating parameter of DTV (Digital Television) and NVOD (quasi-video request program) and corresponding CW (control word) to the user side set-top box; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response;
If TVOD (video request program) authentication is carried out in the request of user side set-top box, the CA access server is according to the user authentication information searching user's information table in database that receives so; If the record in the user message table coincide with the user authentication information that receives, the CA access server then produces authentication and returns to the user side set-top box by Frame, simultaneously the TVOD programme is returned to the user side set-top box; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response;
If the TVOD program request is carried out in the request of user side set-top box, the CA access server carries out authentication according to the user profile that receives so; If user identity is legal, the CA access server is served to Broadcast Control server application TVOD according to user's IP Information On Demand; If the Broadcast Control server is broadcast resource success for the TVOD traffic assignments, CA access server rating parameter that the Broadcast Control server is returned sends the user side set-top box of request program to so; After the CA access server was received the affirmation information that the user side set-top box returns, CA access server notice Broadcast Control server began the service of TVOD business; If the Broadcast Control server-assignment is broadcast the resource failure, the CA access server returns to the user side set-top box with failure information so, finishes this Business Processing; The CA access server enters wait state after finishing Business Processing, prepares the new service request of response.
4, two-way real-time authentication digital television conditional access system according to claim 1 and 2 is characterized in that the workflow of IP module of user side set-top box is as follows:
The user side set-top box powers up carries out initialization, to this machine of DHCP (DHCP) server requests IP address;
Obtain IP address and CA access server IP address and port numbers, the IP module connects with the CA access server;
IP module and DVB module are carried out carrying out shake communication, receive the DVB authentication request that powers on, and send the DVB authentication request that powers on to the CA access server;
The IP module receives the authentication information that the CA server returns, and upgrades the local service information table;
The IP module is extracted DVB current business parameter and CW, and sends to the DVB module, waits for the affirmation information that the DVB module is returned;
After the IP module receives the affirmation information that the DVB module returns, send confirmation to the CA access server;
The IP module is carried out system time and is proofreaied and correct wait reception DVB service request;
After the IP module receives the service request of DVB module transmission, carry out type of service and judge; If only need the IP module to carry out local authentication, then directly authentication result is returned to the DVB module; Otherwise judge whether only need carry out the CA access authentication; If only need the CA access authentication, then send authentication request, and send the authentication result that the CA access server returns to DVB module (comprising service parameter and CW or authentication failure message) to the CA access server;
The IP module receives the affirmation information that the DVB module is returned, and enters the new play-on-demand program request of wait state response.
5, two-way real-time authentication digital television conditional access system according to claim 1 and 2 is characterized in that the digital TV front-end system is made up of CA access server, database server, subscriber management server, Broadcast Control server, video server, other program source, encoder, multiplexer, scrambler, QAM (quadrature amplitude modulation) modulation and upconverter, blender; The user side set-top box is made up of IP module, DVB module and descrambler; Wherein, the CA access server is connected with database server, subscriber management server, Broadcast Control server, scrambler respectively, and is connected with IP module in the user side set-top box by IP network; Database server is connected with subscriber management server; The Broadcast Control server is connected with video server; Video server is connected with encoder; Other program source is connected with encoder; Encoder is connected with multiplexer; Multiplexer is connected with scrambler; Scrambler is connected with upconverter with the QAM modulation; The QAM modulation is connected with blender with upconverter; Blender is connected with DVB module in the user side set-top box by hfc plant; In the user side set-top box, the IP module is connected with the DVB module, and the DVB module is connected with descrambler.
6, two-way real-time authentication digital television conditional access system according to claim 5, it is characterized in that the CA access server, database server, subscriber management server, the Broadcast Control server, video server, encoder, multiplexer, scrambler, QAM modulation and upconverter, blender is the standard device of digital TV front-end system, wherein, the CA access server, database server, subscriber management server, the model of Broadcast Control server is CompaqProliant DL360, the model of video server is Nstreams Raid-X, the model of encoder is Thomson DBE4120, the model of multiplexer is Thomson DBX4300, the model of scrambler is that the independent scrambler of speeding is interrogated in three continents, the model of QAM modulation and upconverter is Harris QAM8500, and the model of blender is Harris DCN-8500; The model of user side set-top box is the Changhong DVB-C2000 that has increased the IP module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200310110728 CN1607831A (en) | 2003-10-13 | 2003-10-13 | Bidirectional real-time authentication digital television conditional receiving system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200310110728 CN1607831A (en) | 2003-10-13 | 2003-10-13 | Bidirectional real-time authentication digital television conditional receiving system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1607831A true CN1607831A (en) | 2005-04-20 |
Family
ID=34759209
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200310110728 Pending CN1607831A (en) | 2003-10-13 | 2003-10-13 | Bidirectional real-time authentication digital television conditional receiving system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1607831A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007093122A1 (en) * | 2006-02-14 | 2007-08-23 | Tencent Technology (Shenzhen) Company Limited | A demand server system, a collect demand data system and a demand server method |
| CN100366082C (en) * | 2003-12-24 | 2008-01-30 | 华为技术有限公司 | Method of on-line user authentication in digital TV network |
| CN100373946C (en) * | 2003-11-21 | 2008-03-05 | 华为技术有限公司 | Authorization system and method |
| CN100403797C (en) * | 2003-12-24 | 2008-07-16 | 华为技术有限公司 | Method and system for learning information about on-line/off-line/in-line of user |
| CN101489097A (en) * | 2009-01-19 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN101529380A (en) * | 2006-10-23 | 2009-09-09 | 纳格拉影像股份有限公司 | Method for loading and managing an application in a mobile equipment |
| CN100562098C (en) * | 2008-01-03 | 2009-11-18 | 济南市泰信电子有限责任公司 | Digital television conditional access system and handling process thereof |
| CN100591122C (en) * | 2007-12-07 | 2010-02-17 | 四川长虹电器股份有限公司 | Method and system for subscribing digital pay television channel |
| CN101662648A (en) * | 2008-08-29 | 2010-03-03 | 松下电器产业株式会社 | Method and system for collecting user audience rating information as well as user terminal |
| CN101146213B (en) * | 2006-09-11 | 2010-05-12 | 思华科技(上海)有限公司 | VoD network and ordering method |
| CN101056393B (en) * | 2007-04-20 | 2010-06-16 | 中兴通讯股份有限公司 | Data de-scrambling method and system |
| CN1921614B (en) * | 2006-09-27 | 2010-06-23 | 华为技术有限公司 | Method and system for media data scrambling |
| CN1933493B (en) * | 2006-10-10 | 2010-08-11 | 中山大学 | IP set-top box dynamic configuring IP method based on DHCP protocol |
| CN101835027A (en) * | 2010-04-16 | 2010-09-15 | 中山大学 | A two-way set-top box-based system and method for statistics of video ratings and content recommendation |
| CN101958904A (en) * | 2010-10-12 | 2011-01-26 | 高斯贝尔数码科技股份有限公司 | User identity (Id) security authentication system and method for interactive digital television system |
| CN101720017B (en) * | 2009-11-27 | 2012-11-07 | 成都九洲电子信息系统股份有限公司 | Method for online downloading by set-top box |
| CN103686072A (en) * | 2013-11-15 | 2014-03-26 | 北京视联动力国际信息技术有限公司 | Video internet video monitoring method and system, protocol conversion server, and video internet server |
-
2003
- 2003-10-13 CN CN 200310110728 patent/CN1607831A/en active Pending
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100373946C (en) * | 2003-11-21 | 2008-03-05 | 华为技术有限公司 | Authorization system and method |
| CN100366082C (en) * | 2003-12-24 | 2008-01-30 | 华为技术有限公司 | Method of on-line user authentication in digital TV network |
| CN100403797C (en) * | 2003-12-24 | 2008-07-16 | 华为技术有限公司 | Method and system for learning information about on-line/off-line/in-line of user |
| WO2007093122A1 (en) * | 2006-02-14 | 2007-08-23 | Tencent Technology (Shenzhen) Company Limited | A demand server system, a collect demand data system and a demand server method |
| CN101146213B (en) * | 2006-09-11 | 2010-05-12 | 思华科技(上海)有限公司 | VoD network and ordering method |
| CN1921614B (en) * | 2006-09-27 | 2010-06-23 | 华为技术有限公司 | Method and system for media data scrambling |
| CN1933493B (en) * | 2006-10-10 | 2010-08-11 | 中山大学 | IP set-top box dynamic configuring IP method based on DHCP protocol |
| CN101529380A (en) * | 2006-10-23 | 2009-09-09 | 纳格拉影像股份有限公司 | Method for loading and managing an application in a mobile equipment |
| CN101056393B (en) * | 2007-04-20 | 2010-06-16 | 中兴通讯股份有限公司 | Data de-scrambling method and system |
| CN100591122C (en) * | 2007-12-07 | 2010-02-17 | 四川长虹电器股份有限公司 | Method and system for subscribing digital pay television channel |
| CN100562098C (en) * | 2008-01-03 | 2009-11-18 | 济南市泰信电子有限责任公司 | Digital television conditional access system and handling process thereof |
| CN101662648A (en) * | 2008-08-29 | 2010-03-03 | 松下电器产业株式会社 | Method and system for collecting user audience rating information as well as user terminal |
| CN101662648B (en) * | 2008-08-29 | 2013-06-19 | 松下电器产业株式会社 | Method and system for collecting user audience rating information as well as user terminal |
| WO2010081376A1 (en) * | 2009-01-19 | 2010-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN101489097A (en) * | 2009-01-19 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN101489097B (en) * | 2009-01-19 | 2014-04-30 | 深圳市龙视传媒有限公司 | Digital television management system and method |
| CN101720017B (en) * | 2009-11-27 | 2012-11-07 | 成都九洲电子信息系统股份有限公司 | Method for online downloading by set-top box |
| CN101835027B (en) * | 2010-04-16 | 2012-04-18 | 中山大学 | Video audience rating statistics and content recommendation system and method based on bidirectional set top box |
| CN101835027A (en) * | 2010-04-16 | 2010-09-15 | 中山大学 | A two-way set-top box-based system and method for statistics of video ratings and content recommendation |
| CN101958904B (en) * | 2010-10-12 | 2012-07-11 | 高斯贝尔数码科技股份有限公司 | User identity (Id) security authentication system and method for interactive digital television system |
| CN101958904A (en) * | 2010-10-12 | 2011-01-26 | 高斯贝尔数码科技股份有限公司 | User identity (Id) security authentication system and method for interactive digital television system |
| CN103686072A (en) * | 2013-11-15 | 2014-03-26 | 北京视联动力国际信息技术有限公司 | Video internet video monitoring method and system, protocol conversion server, and video internet server |
| CN103686072B (en) * | 2013-11-15 | 2015-09-23 | 北京视联动力国际信息技术有限公司 | Depending on networked video method for supervising and system, association turns server and looks networked server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1607831A (en) | Bidirectional real-time authentication digital television conditional receiving system | |
| CN1168304C (en) | Global copy protection system for digital home networks | |
| CN1174578C (en) | Process for data certification by scrambling and certification system using such process | |
| CN101076109B (en) | Digital TV two-way CA system and program subscription/cancellation method based on the system | |
| CN100493181C (en) | System, protection method and server for realizing the virtual channel service | |
| CN1241350C (en) | Key allocation method and device in conditional receiving system | |
| US8619983B2 (en) | Digital TV conditional access system and method of using the same for transmitting and receiving digital data | |
| CN101061666A (en) | Method for managing digital rights in broadcast/multicast service | |
| CN1280742A (en) | Method and apparatus for encrypted data stream transmission | |
| CN1812416A (en) | Method for managing consumption of digital contents within a client domain and devices implementing this method | |
| CN100344160C (en) | Method for realizing acquisition of user on-line information | |
| CN1549595A (en) | Information transmitting method and apparatus for interactive digital broadcast television system | |
| CN1258920C (en) | Secure digital content delivery system and method over broadcast network | |
| CN101032167A (en) | Method for broadcasting digital data to a targeted set of reception terminals | |
| CN102340702A (en) | IPTV (Internet protocol television) network playing system and rights management and descrambling method based on USB (Universal serial bus) Key | |
| CN100521771C (en) | A conditional reception system merging Internet and cable television network environments | |
| CN1735192A (en) | User authorization method and its authorization system | |
| CN101047829A (en) | Mobile multimedia service implementing method and condition receiving system | |
| CN1909465A (en) | Charging method and device and system for digital multimedia broadcast system | |
| CN1483259A (en) | Encryption technology scheme for conditional access system | |
| CN1852432A (en) | Method for enciphering and deciphering living-broadcasting flow-medium data | |
| CN1867066A (en) | Digital television program broadcasting system and method | |
| CN1753487A (en) | Control system of watching digital TV and its method | |
| CN1547836A (en) | Local digital network, methods for installing new devices and data broadcast and reception methods in such a network | |
| CN101583012B (en) | Method for realizing two-stage condition receiving system and front end and final end of two-stage condition receiving system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |