CN101076109B - Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it - Google Patents
Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it Download PDFInfo
- Publication number
- CN101076109B CN101076109B CN200710040557A CN200710040557A CN101076109B CN 101076109 B CN101076109 B CN 101076109B CN 200710040557 A CN200710040557 A CN 200710040557A CN 200710040557 A CN200710040557 A CN 200710040557A CN 101076109 B CN101076109 B CN 101076109B
- Authority
- CN
- China
- Prior art keywords
- top box
- information
- program
- emm
- way
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention is used for providing a security authentication between the content provider, network service supplier and users in digital TV system. The method comprises: based on the active authentication of client side, a bidirectional authentication is adopted in order to realize the one-time-pad in the authentication process; said authentication information is encrypted with public key in the smart card of set-top box, and the encrypted authentication information is decrypted with private key in the front end authentication server.
Description
Technical field
The present invention relates in a kind of digital TV field the CA authoring system and based on the order and the canceling method to TV programme of this authoring system, relate in particular in a kind of Digital Television the bidirectional conditional receiving system that initiatively authenticates based on client and based on the method that program is ordered and cancelled of this bidirectional conditional receiving system.
Background technology
In digital TV field, traditional CA authoring system (condition receiving system) guarantees the encryption pay TV programs that the user provides by the legal platform operator that televiews of unidirectional cable network.
General triple keys or the multilayer key of adopting of traditional CA system carries out scrambling control to the initial data code stream.Triple keys generally are: scrambling control word (CW), business cipher key (SK) and user's distributing key (PDK).Control word (CW) control scrambler carries out scrambling to video, audio frequency and data, and control word CW is transferred to the user after being encrypted to ECM (Entitlement Control Message) information by business cipher key SK.Business cipher key SK is transferred to the user after being encrypted to EMM (Entitlement Management Message) by user's distributing key PDK again.In order to strengthen fail safe, scrambling control word CW is basically 5 seconds to 30 seconds frequent variations, and business cipher key SK also regularly changes.
In the descrambling process of receiving terminal set-top box STB, set-top box is searched that packet that is complementary with oneself user's distributing key PDK in authorization key addressing distribute data bag, it is intercepted and captured.Set-top box is untied EMM with user's distributing key PDK then, obtains business cipher key SK, unties ECM by business cipher key SK again, obtains control word CW.By CW control descrambler descrambles, obtain original data code flow at last.
There is following major defect in this traditional CA system: (1) causes the huge waste of resource.In order to guarantee that the user can receive the service of order immediately, in unilateral network, must in network, repeat to send these EMM according to certain cycle and transmission frequency, cause the huge waste of the system processing power and the network bandwidth.(2) shortage is to effective control of subscriber equipment, and the CA system turn-offs set-top box and has certain problem.Specifically, when subscriber arrearage, the CA system sends shutoff information to set-top box, after set-top box is received this information, just no longer corresponding information is decoded.Here have a problem: when the CA system when set-top box sends shutoff information, if set-top box is in closed condition, promptly set-top box is not received shutoff information, can watch program when the user starts shooting next time in the same old way.More seriously, have the people deliberately the design set-top box ignore shutoff information, this grievous injury benefits of operators.Present solution is to send shutoff information to set-top box once more every a period of time, and this will cause resource waste, even and such set-top box that also still can not guarantee to turn-off all arrearages.
Summary of the invention
The objective of the invention is to address the above problem, two-way CA in a kind of Digital Television is provided system, solved the safety certification between content supplier, Virtual network operator and the user in the Digital Television, condition that facilitates for carrying out of interactive service and high fail safe make the user can grasp the initiative of rating.
Another object of the present invention is to system based on this two-way CA, a kind of order/canceling method of TV programme is provided, solved the safety certification between content supplier, Virtual network operator and the user in the Digital Television, condition that facilitates for carrying out of interactive service and high fail safe make the user can grasp the initiative of rating.
Technical scheme of the present invention is: the present invention proposes the two-way CA system in a kind of Digital Television, this two-way CA system comprises:
The bidirectional conditional receiving subsystem, one side receiver and card unpaired message, form after the EMM information by multiplexing scrambling equipment and be broadcast to set-top box to finish pairing with the form of transport stream, receive the authorized order of ordering program or the authorized order of separating of quitting the subscription of program on the other hand, send by IP network after the generation EMM information;
User management subsystem, connect this bidirectional conditional receiving subsystem, generation machine card unpaired message also is sent to this bidirectional conditional receiving subsystem, produces the authorized order of this program or produces separating authorized order and being sent to this bidirectional conditional receiving subsystem of this program according to quitting the subscription of programme information according to ordering programme information;
The EMM database connects this bidirectional conditional receiving subsystem, receive this bidirectional conditional receiving subsystem subsystem by IP network send about program mandate/the separate EMM information of mandate;
Cipher key store, it is right to produce public, private key;
Deciphering machine connects this cipher key store, carries out the decrypting process of enciphered message;
Certificate server connects on the one hand this cipher key store and deciphering machine, distributes the key of encryption and decryption, connects this EMM database on the other hand, extracts program mandate in this EMM database/the separate EMM information of mandate;
The return path server, one end connects the set-top box and the smart card of client by network, the other end connects this user management subsystem and this certificate server, the PKI of the encryption usefulness that certificate server is distributed is sent to smart card, smart card is finished returning this certificate server by this return path server after the encryption of identity information, identity information after this certificate server will be encrypted is sent to this deciphering machine, this deciphering machine utilizes the private key of encrypted public key correspondence to be decrypted, identity information after the deciphering is sent in this user management subsystem in addition verification by this certificate server, check results by this certificate server and this return path Server Transport to set-top box, the EMM information of the program mandate of after the proof of identity checking is qualified, this certificate server of correspondence being extracted/separate mandate by this return path Server Transport to set-top box.
Two-way CA system in the above-mentioned Digital Television, wherein, this bidirectional conditional receiving subsystem further comprises:
The Subscriber Management System webmaster, connect this user management subsystem, on the one hand the machine card unpaired message of the text formatting that this user management subsystem is sent carries out stylistic conversion, receives the authorized order of the order program that this user management subsystem sends on the other hand or quits the subscription of the authorized order of separating of program;
Encryption equipment is encrypted authorization message and the data of sending into this encryption equipment;
The subscriber authorisation server further comprises:
The EMM generation module, connect this Subscriber Management System webmaster, machine card unpaired message after the reception format conversion, receive original user data simultaneously, do authorisation process with authorization data and business cipher key, mutual by with this encryption equipment cryptographic operation forms and inserts multiplexing equipment after the EMM information and be broadcast to set-top box to finish pairing with the form of transport stream;
The ECM generation module connects this Subscriber Management System webmaster and this encryption equipment, watches that according to control word, business cipher key and program the form of condition generates ECM information, inserts multiplexing scrambling equipment and is broadcast to set-top box with the form of transport stream;
The IEMM generation module connects this Subscriber Management System webmaster and encryption equipment, receives the authorized order of the order program that this Subscriber Management System webmaster sends or quits the subscription of the authorized order of separating of program, produces EMM information, is sent to this EMM database by IP network.
Two-way CA system in the above-mentioned Digital Television, wherein, it is right that this cipher key store produces public-key cryptographic keys at random, and one-time pad.
Two-way CA system in the above-mentioned Digital Television, wherein, the key of this cipher key store to the key of generating algorithm and generation to and this deciphering machine in decipherment algorithm be stored in the destructive oxidation electric charge and easily lose in the memory circuit.
Two-way CA system in the above-mentioned Digital Television, wherein, this return path server obtain that set-top box returns to after the affirmation of authorizing/separating authorization message, delete mandate corresponding in this EMM database/separate authorization message automatically.
Two-way CA system in the above-mentioned Digital Television, wherein, this return path server do not obtain in Preset Time that set-top box should return to after the affirmation of authorizing/separating authorization message, notify this user management subsystem will authorize/separate authorization message to be sent to set-top box in the mode of One-to-All Broadcast; When this return path server obtain that set-top box returns to the affirmation of authorizing/separating authorization message after, the notice user management subsystem automatically restores to two-way mode.
Based on above-mentioned two-way CA system, the present invention has proposed a kind of program ordering/canceling method based on two-way CA system in addition, comprising:
Verification process:
Cipher key store produces pair of secret keys at random, and one of them is a PKI, and one is private key, and when set-top box sends when landing request to certificate server, certificate server sends a public key information to set-top box;
Smart card uses this PKI that transmission information is carried out encrypting and transmitting to certificate server;
After certificate server receives information after this encryption, utilize corresponding private key to decipher this information, and carry out the verification of identity information, and check results is back to set-top box, if check results is a validated user for this user, then enter following step, if check results is illegal user for this user, then flow process finishes;
Program mandate/separate licensing process:
The program ordering of receiving set up box/cancellation information forms CA and authorizes/separate authorized order, is sent to the bidirectional conditional receiving subsystem;
The bidirectional conditional receiving subsystem authorizes this/separates authorized order to be encrypted to EMM information, is saved to the EMM database, and returns confirmation;
The notification authentication server extracts from the EMM database encrypts good EMM information, is sent to set-top box;
Set-top box obtain behind the authorized order program can watch or obtain separate authorized order after program stop to play, and return the affirmation information that gets access to instruction.
Above-mentioned program ordering/canceling method based on two-way CA system, wherein, the key that cipher key store produces is to being one-time pad, and enciphering and deciphering algorithm and key easily lose in the memory circuit being stored in the destructive oxidation electric charge.
Above-mentioned program ordering/canceling method based on two-way CA system, wherein, this method also comprises:
After the affirmation information that gets access to instruction that obtains to return, delete mandate corresponding in the EMM database/separate authorization message automatically from set-top box.
Above-mentioned program ordering/canceling method based on two-way CA system, wherein, this method also comprises the handoff procedure of unidirectional mode and two-way mode:
If do not obtain in Preset Time that set-top box should return to authorizing/separate the affirmation of authorization message, then will authorize/separate authorization message to be sent to set-top box in the mode of One-to-All Broadcast;
If obtain that set-top box returns to authorizing/separate the affirmation of authorization message, then automatically restore to two-way mode.
The present invention contrasts prior art following beneficial effect: two-way authentication is carried out in the active authentication that the present invention is based on client, realizes that in verification process one-time pad is to improve safety.Authentication information adopts PKI to encrypt in smart card of set-top box, encrypts good authentication information and utilizes corresponding private key to be decrypted in the certificate server of front end, has further promoted the fail safe of system.Two-way CA of the present invention system realizes the compatibility of list/two-way mode, takes over seamlessly the complementation of realization Internet resources between unidirectional mode and two-way mode.
Description of drawings
Fig. 1 is the schematic diagram of a preferred embodiment of two-way CA of the present invention system.
Fig. 2 is the flow chart of a preferred embodiment of the program ordering/canceling method based on two-way CA system of the present invention.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
Fig. 1 shows the principle of a preferred embodiment of two-way CA of the present invention system.See also Fig. 1, the two-way CA system 1 that is positioned at front end comprises: BiCAS subsystem (being the bidirectional conditional receiving subsystem) 10, user management subsystem (SMS, Subscriber Management Server) 20 certificate server (LS,, LicenseServer) 30, cipher key store 50, deciphering machine (DS, Descryption Server) 70, EMM (Entitlement Management Message) database 60 and RPPS server (Return Path Pool Server, return path server) 40.BiCAS subsystem 10 further comprises again: Subscriber Management System webmaster (SMSGW, be SMS Gateway) 11, subscriber authorisation server (SAS, Subscriber Authorization Server) 12 encryption equipment (ES,, Encryption Server) 13 and IEMM generation module (IEMMG, Interactive EMM Generator) 14.In subscriber authorisation server 12, comprise EMM generation module (EMM Generator) 121 and ECM generation module (ECM Generator) 122 again.
Below introduce the operation principle of the two-way mode of two-way CA system 1.System need carry out the process of a machine card pairing to a new user.Subscriber Management System 20 has new user data of users information, corresponding set-top box numbering and smart card numbering, and wherein set-top box numbering and smart card numbering are bound the machine card unpaired message of textual form.Subscriber Management System 20 is sent to Subscriber Management System webmaster 11 with the machine card unpaired message and the user data information of textual form.In Subscriber Management System webmaster 11, machine card unpaired message is done format conversion, convert the subscriber authorisation server 12 receptible forms of back to.After subscriber authorisation server 12 receives the machine card unpaired message of correct format, its inner EMM generation module 121 receives original user data simultaneously, and do authorisation process with authorization data and business cipher key, mutual by with the cryptographic operation of encryption equipment 13 inserts in the scrambler 5 after forming EMM information.TS stream is multiplexing through multiplexer 4, at the stream of the TS after the processing of scrambler 5 becomes scrambling under the control of control word CW, the EMM information that comprises machine card unpaired message is inserted in the TS stream of scrambling, after the QAM6 modulation, be broadcast to the set-top box 2 and the smart card 3 of client, finish both machine card pairings in client with the form of RF.With smart card and set-top box binding, can prevent the use on a large scale of the illegal mobile and pirate set-top box of smart card.When program needed the pairing of machine card, the smart card that does not have to match can't the descrambling program.Set-top box also has two kinds of processing modes after receiving the matched order that front end sends: a kind of is the password that comprises by this matched order of manual input, could successful matching; Another kind of mode is to need not to input password, finishes the pairing process automatically.Between set-top box and smart card, transmit information, with the fail safe of elevator system with cipher mode.
Below to order a program with the user be that example comes illustrative system to the authentication and the processing of giving the set-top box authorized order.When the user ordered a program, system at first carried out verification to active user's identity.Set-top box 2 sends to land by IP network and asks to RPPS server 40, and RPPS server 40 is finished mutual between set-top box 2 and the certificate server 30, finish between set-top box 2 and the user management subsystem 20 alternately.The request of landing comprises the identity information of encryption, it is right that cipher key store 50 produces a pair of public, private key at random, PKI wherein is sent to set-top box 2 through certificate server 30 and RPPS server 40, utilizes PKI that the identity information of login user is encrypted in smart card 3.The request of landing that RPPS server 40 will comprise the subscriber identity information of encryption is forwarded in the certificate server 30.The subscriber identity information that certificate server 30 will be encrypted is delivered to deciphering machine 70, and deciphering machine 70 is decrypted operation according to private key corresponding with current PKI in the cipher key store 50 to enciphered message, and decryption information is returned to certificate server 30.Certificate server 30 is sent into the subscriber identity information after deciphering and is carried out proof of identity in the user management subsystem 20 by RPPS server 40, user management subsystem 20 is back to certificate server 30 with the result of proof of identity again.By network the proof of identity result is returned to set-top box 2 by RPPS server 40.Be validated user if check results is this user, then can further carry out Authorized operation, otherwise the user be illegal, can't carry out next step operation.In verification process, fail safe is the emphasis of considering.Cipher key store is that to produce public, private key at random right, and the public, private key that produces each time is to all being different.The key of its core algorithm and generation is to being stored in the special-purpose IC-card, and its storage mode is that the destructive oxidation electric charge easily loses storage, and the assurance cracker can't adopt and cut chip electron microscope diversity integrated circuit open.The cryptographic algorithm that adopts is double cryptographic algorithm, and nexine can adopt the RSA odd keys to algorithm, and the outer DES3 that adopts rubs close algorithm, makes be difficult to draw functional relation between a plaintext and the ciphertext by analytic method black the appearance.
The programme information that set-top box 2 is ordered needs sends to RPPS server 40 by IP network, and RPPS server 40 sends to user management subsystem 20 to ordering information.User management subsystem 20 forms the CA authorized order and sends to BiCAS subsystem 10 after receiving ordering information.Subscriber Management System webmaster 11 receives the CA authorized order, and it is delivered to IEMM generation module 14.IEMM generation module 14 receives the CA authorized order and passes through the encryption of encryption equipment 13, generates EMM information, is saved in the EMM database 60, and returns confirmation (ACK information) and give user management subsystem 20.User management subsystem 20 returns to RPPS server 40 to confirmation simultaneously.Simultaneously, ECM generation module 122 watches that according to the control word CW, the business cipher key SK that receive and program condition AC (be provided with can finish by AC PPC, IPPV, program level, watermark, condition limit are broadcast and the differentiation control in zone etc.) generates ECM information, inserts in the TS stream after the scramblings by scrambling machine 5 and is sent to set-top box 2 with broadcast mode.RPPS server 40 after receiving the affirmation information of returning with certificate server 30 communications, certificate server 30 extracts the EMM information that comprises authorization message and is sent to RPPS server 40 from the EMM database, send to set-top box 2 by RPPS server 40 again.Set-top box 2 is returned an affirmation information of receiving authorized order to RPPS server 40 after the instruction of obtaining the authorization, this moment, program can be watched.After RPPS server 40 receives this affirmation, can delete the authorization message in the EMM database 60 automatically, so just effectively reduce because the user increases the pressure that brings code stream bandwidth and response speed, also make database volume can not increase by straight line because number of users increases.
Whether set-top box is at first analyzed the ECM packet when program receiving, according to the authorization message of authority contrast oneself, judge and have the right to accept within limits to see.Having the right to accept within limits on the basis of seeing, the ECM packet is resolved, behind the controlled word CW video is carried out descrambling.
The principle that the user cancels a program roughly is that the same, unique difference is with ordering: the user cancels one of the information generation of program and separates authorized order, when set-top box finally receive separate authorized order after, program will be closed.
Foregoing description is that system is in the operation principle under the two-way mode all the time, and two-way CA system 1 also can be operated under the unidirectional mode.When RPPS server 40 in a Preset Time, (for example be made as 5 seconds) do not obtain that set-top box 2 should return to authorizing or when separating the affirmation of authorization message, just notifying user management subsystem 20 will authorize or separate authorization message and be sent to set-top box 2 in the mode of One-to-All Broadcast.
The operation principle of unidirectional mode and traditional CA system is identical, is generated authorization messages or is separated the EMM bag of authorization message by EMM generation module 121, is inserted in the TS stream after the scrambling by scrambler 5, is broadcast to set-top box 2 by RF at last.
Between the two-way mode of two-way CA system and unidirectional mode, can take over seamlessly, the current unidirectional mode that is in of system for example, after if RPPS server 40 receives mandate that set-top box 2 returns or the affirmation of separating authorization message, notice user management subsystem 20 automatically restores to two-way mode.
Based on two-way CA system, the invention allows for a kind of program ordering/canceling method, Fig. 2 shows the flow process of a preferred embodiment of this method, gives comparatively detailed description below in conjunction with Fig. 2 to each step in this flow process.
Step S10: cipher key store produces pair of secret keys at random, and one of them is a PKI, and one is private key, and when set-top box sends when landing request to certificate server, certificate server sends PKI to set-top box.This key is to being one-time pad, and each key that produces is to all being different.
Step S11: smart card uses public-key transmission information (mainly being identity information) is carried out encrypting and transmitting to certificate server.
Step S12: certificate server utilizes corresponding private key to decipher this information after receiving enciphered message, and carries out the verification of identity information, and check results is back to set-top box.
The key of above-mentioned steps is to all being stored in the IC chip with algorithm, and stores with the storage mode that the destructive oxidation electric charge easily loses.
Step S13: whether this user is legal in the check results, if the user is legal, then enters next step, otherwise flow process finishes.
Step S14: program ordering/cancellation information that receiving set up box sends, form CA and authorize/separate authorized order, be sent to the BiCAS subsystem.
Step S15:BiCAS subsystem authorizes CA/separates authorized order to be encrypted to EMM information, is saved in the EMM database, and returns confirmation.
Step S16: from the EMM database, extract the good EMM information of encryption according to confirmation notification authentication server, this EMM information is sent to set-top box.
Step S17: set-top box authorizes/separates authorized order to return confirmation getting access to, and program can be watched or stop to play simultaneously.
Step S18: certificate server is deleted mandate corresponding in the EMM database/separate authorized order automatically after obtaining the affirmation information that previous step returns.
Said method is all based on the program ordering under the two-way mode/cancel.Said method can also comprise a process of switching unidirectional mode and two-way mode.Can preestablish a time, do not obtain in the time of setting that set-top box should return to authorizing/separate the affirmation of authorized order, then will authorize/separate authorized order to be sent to set-top box in the mode of One-to-All Broadcast, this One-to-All Broadcast pattern is that traditional C A system just possesses.When the affirmation that obtains once more to return, automatically restore to above-mentioned two-way mode again.
The foregoing description provides to those of ordinary skills and realizes or use of the present invention; those of ordinary skills can be under the situation that does not break away from invention thought of the present invention; the foregoing description is made various modifications or variation; thereby protection scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.
Claims (10)
1. the two-way CA system in the Digital Television, this two-way CA system comprises:
The bidirectional conditional receiving subsystem, one side receiver and card unpaired message, form after the EMM information by multiplexing scrambling equipment and be broadcast to set-top box to finish pairing with the form of transport stream, receive the authorized order of ordering program or the authorized order of separating of quitting the subscription of program on the other hand, send by IP network after the generation EMM information;
User management subsystem, connect this bidirectional conditional receiving subsystem, generation machine card unpaired message also is sent to this bidirectional conditional receiving subsystem, produces the authorized order of this program or produces separating authorized order and being sent to this bidirectional conditional receiving subsystem of this program according to quitting the subscription of programme information according to ordering programme information;
The EMM database connects this bidirectional conditional receiving subsystem, receive this bidirectional conditional receiving subsystem subsystem by IP network send about program mandate/the separate EMM information of mandate;
Cipher key store, it is right to produce public, private key;
Deciphering machine connects this cipher key store, carries out the decrypting process of enciphered message;
Certificate server connects on the one hand this cipher key store and deciphering machine, distributes the key of encryption and decryption, connects this EMM database on the other hand, extracts program mandate in this EMM database/the separate EMM information of mandate;
The return path server, one end connects the set-top box and the smart card of client by network, the other end connects this user management subsystem and this certificate server, the PKI of the encryption usefulness that certificate server is distributed is sent to smart card, smart card is finished returning this certificate server by this return path server after the encryption of identity information, identity information after this certificate server will be encrypted is sent to this deciphering machine, this deciphering machine utilizes the private key of encrypted public key correspondence to be decrypted, identity information after the deciphering is sent in this user management subsystem in addition verification by this certificate server, check results by this certificate server and this return path Server Transport to set-top box, the EMM information of the program mandate of after the proof of identity checking is qualified, this certificate server of correspondence being extracted/separate mandate by this return path Server Transport to set-top box.
2. the two-way CA system in the Digital Television according to claim 1 is characterized in that this bidirectional conditional receiving subsystem further comprises:
The Subscriber Management System webmaster, connect this user management subsystem, on the one hand the machine card unpaired message of the text formatting that this user management subsystem is sent carries out stylistic conversion, receives the authorized order of the order program that this user management subsystem sends on the other hand or quits the subscription of the authorized order of separating of program;
Encryption equipment is encrypted authorization message and the data of sending into this encryption equipment;
The subscriber authorisation server further comprises:
The EMM generation module, connect this Subscriber Management System webmaster, machine card unpaired message after the reception format conversion, receive original user data simultaneously, do authorisation process with authorization data and business cipher key, mutual by with this encryption equipment cryptographic operation forms and inserts multiplexing equipment after the EMM information and be broadcast to set-top box to finish pairing with the form of transport stream;
The ECM generation module connects this Subscriber Management System webmaster and this encryption equipment, watches that according to control word, business cipher key and program the form of condition generates ECM information, inserts multiplexing scrambling equipment and is broadcast to set-top box with the form of transport stream;
The IEMM generation module connects this Subscriber Management System webmaster and encryption equipment, receives the authorized order of the order program that this Subscriber Management System webmaster sends or quits the subscription of the authorized order of separating of program, produces EMM information, is sent to this EMM database by IP network.
3. the two-way CA system in the Digital Television according to claim 1 is characterized in that it is right that this cipher key store produces public-key cryptographic keys at random, and one-time pad.
4. the two-way CA system in the Digital Television according to claim 1 is characterized in that, the key of this cipher key store to the key of generating algorithm and generation to and this deciphering machine in decipherment algorithm be stored in the destructive oxidation electric charge and easily lose in the memory circuit.
5. the two-way CA system in the Digital Television according to claim 1 is characterized in that, this return path server obtain that set-top box returns to after the affirmation of authorizing/separating authorization message, delete mandate corresponding in this EMM database/separate authorization message automatically.
6. the two-way CA system in the Digital Television according to claim 2, it is characterized in that, this return path server do not obtain in Preset Time that set-top box should return to after the affirmation of authorizing/separating authorization message, notify this user management subsystem will authorize/separate authorization message to be sent to set-top box in the mode of One-to-All Broadcast; When this return path server obtain that set-top box returns to the affirmation of authorizing/separating authorization message after, the notice user management subsystem automatically restores to two-way mode.
7. program ordering/canceling method based on two-way CA system comprises:
Verification process:
Cipher key store produces pair of secret keys at random, and one of them is a PKI, and one is private key, and when set-top box sends when landing request to certificate server, certificate server sends a public key information to set-top box;
Smart card uses this PKI that transmission information is carried out encrypting and transmitting to certificate server;
After certificate server receives information after this encryption, utilize corresponding private key to decipher this information, and carry out the verification of identity information, and check results is back to set-top box, if check results is a validated user for this user, then enter following step, if check results is illegal user for this user, then flow process finishes;
Program mandate/separate licensing process:
The program ordering of receiving set up box/cancellation information forms CA and authorizes/separate authorized order, is sent to the bidirectional conditional receiving subsystem;
The bidirectional conditional receiving subsystem authorizes this/separates authorized order to be encrypted to EMM information, is saved to the EMM database, and returns confirmation;
The notification authentication server extracts from the EMM database encrypts good EMM information, is sent to set-top box;
Set-top box obtain behind the authorized order program can watch or obtain separate authorized order after program stop to play, and return the affirmation information that gets access to instruction.
8. program ordering/the canceling method based on two-way CA system according to claim 7 is characterized in that, the key that cipher key store produces is to being one-time pad, and enciphering and deciphering algorithm and key easily lose in the memory circuit being stored in the destructive oxidation electric charge.
9. program ordering/the canceling method based on two-way CA system according to claim 7 is characterized in that this method also comprises:
After the affirmation information that gets access to instruction that obtains to return, delete mandate corresponding in the EMM database/separate authorization message automatically from set-top box.
10. program ordering/the canceling method based on two-way CA system according to claim 7 is characterized in that this method also comprises the handoff procedure of unidirectional mode and two-way mode:
If do not obtain in Preset Time that set-top box should return to authorizing/separate the affirmation of authorization message, then will authorize/separate authorization message to be sent to set-top box in the mode of One-to-All Broadcast;
If obtain that set-top box returns to authorizing/separate the affirmation of authorization message, then automatically restore to two-way mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710040557A CN101076109B (en) | 2007-05-11 | 2007-05-11 | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710040557A CN101076109B (en) | 2007-05-11 | 2007-05-11 | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101076109A CN101076109A (en) | 2007-11-21 |
| CN101076109B true CN101076109B (en) | 2010-05-19 |
Family
ID=38976901
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710040557A Active CN101076109B (en) | 2007-05-11 | 2007-05-11 | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101076109B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296364B (en) * | 2008-05-31 | 2010-11-10 | 青岛海信电器股份有限公司 | Signal receiving system, TV signal receiving device and method |
| CN101409592B (en) * | 2008-11-17 | 2010-10-27 | 普天信息技术研究院有限公司 | Method, system and apparatus for implementing multi-application business based on condition receiving card |
| CN101582729B (en) * | 2009-05-26 | 2011-02-23 | 北京创毅视讯科技有限公司 | Method and system for acquiring service key, conditional access module and subscriber terminal |
| CN101902610B (en) * | 2009-05-27 | 2012-04-04 | 航天信息股份有限公司 | Method for realizing safety communication between IPTV set-top box and intelligent card |
| CN101848049A (en) * | 2010-03-18 | 2010-09-29 | 鸿富锦精密工业(深圳)有限公司 | Information service system based on digital broadcasting |
| CN103067333B (en) | 2011-10-18 | 2016-03-30 | 华为终端有限公司 | The method of proof machine top box access identity and certificate server |
| CN102662496A (en) * | 2012-04-06 | 2012-09-12 | 深圳共银网络技术有限公司 | Multifunctional mouse and method for controlling same |
| CN102665102B (en) * | 2012-05-09 | 2014-11-05 | 山东泰信电子股份有限公司 | System and method for counting quantity of digital television users |
| CN103546767B (en) * | 2012-07-16 | 2017-01-25 | 航天信息股份有限公司 | Content protection method and system of multimedia service |
| CN102761778B (en) * | 2012-07-30 | 2016-05-04 | 山东泰信电子股份有限公司 | A kind of data encrypting and deciphering system and method based on bidirectional terminal |
| CN103036880A (en) * | 2012-12-12 | 2013-04-10 | 华为技术有限公司 | Network information transmission method, transmission equipment and transmission system |
| CN103634624A (en) * | 2013-11-15 | 2014-03-12 | 四川长虹电器股份有限公司 | Digital television live broadcasting method and system based on IP (Internet protocol) network |
| CN103763111A (en) * | 2014-01-11 | 2014-04-30 | 高峰 | Arrear self-locking system and method based on OTT device |
| CN105791954B (en) * | 2014-12-23 | 2019-02-01 | 深圳Tcl新技术有限公司 | Digital TV terminal condition receiving method, terminal and system |
| CN105847890A (en) * | 2016-03-30 | 2016-08-10 | 深圳市宽宏科技有限公司 | OTT digital copyright-based management system |
| CN107222764B (en) * | 2017-07-06 | 2020-06-19 | 成都睿胜科技有限公司 | Method for realizing bidirectional CA (certificate Authority) security authorization by using MQTT (maximum likelihood test) and SSL (secure sockets layer) |
| CN107579977A (en) * | 2017-09-04 | 2018-01-12 | 珠海迈科智能科技股份有限公司 | A kind of key theft preventing method and device |
| CN109039653A (en) * | 2018-08-16 | 2018-12-18 | 常熟市顺网网络技术服务有限公司 | A kind of network authentication method based on two-way encryption |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1254473A (en) * | 1997-03-21 | 2000-05-24 | 卡纳尔股份有限公司 | Broadcast and reception system, and conditional access system therefor |
| CN1620137A (en) * | 2003-11-21 | 2005-05-25 | 华为技术有限公司 | Authorization system and method |
| CN1753487A (en) * | 2004-09-22 | 2006-03-29 | 华为技术有限公司 | Control system of watching digital TV and its method |
-
2007
- 2007-05-11 CN CN200710040557A patent/CN101076109B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1254473A (en) * | 1997-03-21 | 2000-05-24 | 卡纳尔股份有限公司 | Broadcast and reception system, and conditional access system therefor |
| CN1620137A (en) * | 2003-11-21 | 2005-05-25 | 华为技术有限公司 | Authorization system and method |
| CN1753487A (en) * | 2004-09-22 | 2006-03-29 | 华为技术有限公司 | Control system of watching digital TV and its method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101076109A (en) | 2007-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101076109B (en) | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it | |
| RU2433548C2 (en) | Method of descrambling scrambled content data object | |
| KR100917720B1 (en) | Method for secure distribution of digital data representing a multimedia content | |
| CN101719910B (en) | Terminal equipment for realizing content protection and transmission method thereof | |
| KR100969668B1 (en) | Method for Downloading CAS in IPTV | |
| US7937587B2 (en) | Communication terminal apparatus and information communication method | |
| US8176331B2 (en) | Method to secure data exchange between a multimedia processing unit and a security module | |
| CN102724568A (en) | Authentication certificates | |
| CN103444195A (en) | Content encryption | |
| CN101207794B (en) | Method for enciphering and deciphering number copyright management of IPTV system | |
| CN101640785B (en) | Encrypting/decrypting system and encrypting/decrypting method for interactive network television | |
| CN102340702B (en) | IPTV (Internet protocol television) network playing system and rights management and descrambling method based on USB (Universal serial bus) Key | |
| CN102111642A (en) | Method for bidirectional AIO to receive encrypted digital television without using cards | |
| CN101202883B (en) | System for numeral copyright management of IPTV system | |
| CN101895393A (en) | IPTV (Internet Protocol Television) user security terminal | |
| CN100521771C (en) | A conditional reception system merging Internet and cable television network environments | |
| KR20050066792A (en) | Method of service subscription and encryption key distribution based on public-key encryption algorithm in digital catv system | |
| CN102917252A (en) | IPTV (internet protocol television) program stream content protection system and method | |
| KR20100069373A (en) | Conditional access system and method exchanging randon value | |
| CN100544429C (en) | A kind of mobile phone TV services content protecting method | |
| CN101521668A (en) | Method for authorizing multimedia broadcasting content | |
| CN101505400A (en) | Bi-directional set-top box authentication method, system and related equipment | |
| CN201830399U (en) | Front end and client of conditional access system | |
| CN103747300B (en) | A kind of condition receiving system for supporting mobile terminal | |
| CN101505402B (en) | Authentication method for uni-directional network digital television conditional receiving system terminal deciphering module |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: SHANGHAI YUNSHI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: TIANBAI WIDEBAND NETWORK SCIENCE AND TECHNOLOGY (SHANGHAI) CO., LTD. Effective date: 20130116 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 200233 XUHUI, SHANGHAI TO: 201800 JIADING, SHANGHAI |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20130116 Address after: 201800 Shanghai city Jiading District town of Jiading Bole Road No. 70 building 2008 room 10 Patentee after: Shanghai Cloud Vision Networks Technology Co., Ltd. Address before: 200233, No. 9, building 2016, Yishan Road, Shanghai Patentee before: Tianbai Broadband Network Technology (Shanghai) Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 201800 Shanghai city Jiading District town of Jiading Bole Road No. 70 building 2008 room 10 Patentee after: Shanghai Cloud Vision Networks Technology Co., Ltd. Address before: 201800 Shanghai city Jiading District town of Jiading Bole Road No. 70 building 2008 room 10 Patentee before: Shanghai Cloud Vision Networks Technology Co., Ltd. |