CN103546767B - Content protection method and system of multimedia service - Google Patents

Content protection method and system of multimedia service Download PDF

Info

Publication number
CN103546767B
CN103546767B CN201210246709.0A CN201210246709A CN103546767B CN 103546767 B CN103546767 B CN 103546767B CN 201210246709 A CN201210246709 A CN 201210246709A CN 103546767 B CN103546767 B CN 103546767B
Authority
CN
China
Prior art keywords
key
terminal
terminal use
server
cek
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210246709.0A
Other languages
Chinese (zh)
Other versions
CN103546767A (en
Inventor
罗世新
郭宝安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201210246709.0A priority Critical patent/CN103546767B/en
Publication of CN103546767A publication Critical patent/CN103546767A/en
Application granted granted Critical
Publication of CN103546767B publication Critical patent/CN103546767B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention provides a content protection method and system of multimedia service. Aiming to protection requirements of video and audio streams when the program content of the multimedia service is transmitted in the network, four-layered key systems of an identity key TIK, a private key or domain key PK/DK, a service key SK and control words CW are arranged on the real-time program streams, three-layered key systems of an identity key TIK, and a private key or domain key PK/DK and a private key or domain key PK/DK are arranged on non-real-time program streams. Application security problems can be solved through authorization and management control of real-time stream four-layered keys and non-real-time three-layered keys of the multimedia service; the method adopts a cryptographic algorithm with national intellectual property rights, an identification mechanism is introduced, and the method is flexible and reliable and easy to prompt and implement.

Description

The content protecting method of multimedia service and system
Technical field
The present invention relates to multimedia technology field, more particularly, to a kind of content protecting of multimedia service Method and system.
Background technology
Mobile TV, refers to portable handheld terminals such as mobile phones as equipment, propagates the one of audio-visual content Item technology or application.At present, the implementation of mobile phone TV services mainly has two kinds: the first is Communication mode, using mobile communication technology, passes through wireless communication networks to the many matchmakers of the point-to-point offer of mobile phone Body services;Second is broadcast mode, using digital broadcast television technology, by ground or satellite Broadcast television coverage to mobile phone, pda, mp3, mp4, digital camera, notebook computer with And the point-to-area offer broadcast TV program of the Miniature Receive Terminal on car and boat.
At present, the multimedia service such as mobile phone TV services is subject to many mobile operator, broadcasting and TV company Concern, carry out one after another the test of various bearing technologies, mobile TV commercial business is already present in All over the world.The bearing technology variation of mobile phone TV services, and regional features are substantially, very difficult shape Become unified mobile TV standard.The operator of different geographical or country variant is in deployment mobile phone electricity Tend to during depending on business using the handss being developed based on this area, this national digital television standard Machine television standard.
The media content of mobile TV be digitized into process after Digital Media it is easy to storage, no Damage and replicate and propagate, particularly request program and the media file downloaded for terminal use, Ke Yifang Just download, store, batch duplicating, thus grow pirate in a large number and nonstandard using row For huge impact be will result in mobile TV industry.Therefore, exploitation a kind of to mobile TV etc. The method that multimedia service contents carry out effective protection is very necessary.
Content of the invention
The embodiment provides a kind of content protecting method of multimedia service and system, with Realize the multimedia service contents such as mobile TV are effectively protected.
A kind of content protective system of multimedia service, comprising:
Server unit, for completing encryption, the key management of the programme content to multimedia service Manage with terminal user authorization, and realize the certification with terminal interaction information;
Terminal unit, for completing the solution of the programme content, key at different levels or authority of multimedia service Close, realize the interactive authentication of terminal and server, in the corresponding business of authority of execution terminal use Hold.
A kind of content protecting method of multimedia service, comprising:
Server completes encryption, key management and the terminal use of the programme content to multimedia service Empowerment management, and realize the certification with terminal interaction information;
Terminal completes the deciphering of the programme content, key at different levels or authority of multimedia service, realizes eventually End and the interactive authentication of server, execute the corresponding business tine of authority of terminal use.
Can be seen that the embodiment of the present invention by the technical scheme that embodiments of the invention described above provide to lead to Cross and four layers of key code system are adopted to live broadcast service, three layers of key body are adopted to program request or downloading service System, and because all cryptographic algorithms itself are all safe, password uses key information in flow process All safe with cipher-text information, the information of cryptoguard in need be all valid protected, from And it is effectively guaranteed the safety of the programme content of the multimedia services such as mobile TV.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, embodiment will be described below In required use accompanying drawing be briefly described it should be apparent that, drawings in the following description are only It is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying wound On the premise of the property made is laborious, other accompanying drawings can also be obtained according to these accompanying drawings.
The concrete knot of the content protective system of the multimedia service that Fig. 1 provides for the embodiment of the present invention one Composition;
The key body of the content protective system of the multimedia service that Fig. 2 provides for the embodiment of the present invention one Tying composition;
Live in the content protective system of the multimedia service that Fig. 3 provides for the embodiment of the present invention one The distribution flow figure of service protection key;
Program request in the content protective system of the multimedia service that Fig. 4 provides for the embodiment of the present invention one Or the distribution flow figure of downloading service protection key;
Fig. 5 is the processing stream of the content protecting method of multimedia service that the embodiment of the present invention two proposes Cheng Tu.
Specific embodiment
For ease of the understanding to the embodiment of the present invention, below in conjunction with accompanying drawing with several specific embodiments As a example be further explained explanation, and each embodiment does not constitute the limit to the embodiment of the present invention Fixed.
Embodiment one
The symbol description that the present invention uses is as follows:
‖: link.As c=a ‖ b, represent using b as c low segment data, using a as c High segment data, the bit length of c is the bit length sum of a and b.
E: symmetric cryptographic algorithm sm1(shangmi1).
Pe: asymmetric cryptographic algorithm sm2(shangmi2).
Ek: carried out using sm1 algorithm and key k plus or deciphering computing.
Pek: the encryption being carried out using sm2 algorithm and key k or deciphering or signature or solution signature Computing.
H: using sm3(shangmi3) the hash computing that carries out of algorithm.
R, r: be random number
P: represent and cw(control word, control word key) control parameter that associates.
Present invention could apply to the multimedia service such as mobile phone TV services, below with mobile TV industry As a example business, the embodiment of the present invention to be described.
A kind of concrete structure such as Fig. 1 of the content protective system of multimedia service that this embodiment provides It is shown, comprising:
Server unit 11, for completing adding of the programme content to multimedia services such as mobile TVs Close, key management and terminal user authorization management, and realize the certification with terminal interaction information;
Terminal unit 12, for completing programme content, key at different levels or the authority of multimedia service Deciphering, realizes the interactive authentication of terminal and server, the corresponding business of authority of execution terminal use Content, thus realize to the protection of programme content and the control of consuming behavior.
Described server unit 11 includes: server key management module 111, server mandate pipe Reason module 112 and content scrambling module 113.
Described server key management module 111, for realizing the product of the used key of the system The functions such as life, storage, renewal, granting.Including:
Symmetric key manages: pk(personal key, personal key) or dk(domain Key, domain key), sk(service key, business cipher key), cek(content Encryption key, contents encryption key), the key such as cw produce, encryption storage, safety point Send out, safely change.
Unsymmetrical key manages: is realized by card sending system, including server in system and terminal The generation of all ecc public private key pairs and relevant parameter etc., distribution, renewal or issue, and set up With renewal ecc black entry record, the audit of information of terminal user record etc..
The main body key code system that the system adopts is as shown in Fig. 2 by four layers of key of live broadcast service Mandate with program request or three layers of key of downloading service and management control solution application safety problem.Described Server key management module 111 is additionally operable to:
1) live broadcast service is adopted with four layers of key code system:
And eventually 1st layer: the identity key slk(service identity key of server unit) The identity key tik(terminai identity key of end subscriber).Ecc key is to respectively sikpriOr sikpubAnd tikpriOr tikpub, for protecting pk or dk online distribution and realization Authentication and mechanism the between during application such as end-user registration.This key is to produce offline and write Card.
2nd layer: pk or dk, it is respectively used to the mandate pipe realizing terminal use or terminal use's group Reason and protection sk online distribution.
3rd layer: sk, for realizing the control mandate of classification business, separate traffic or service groups Provide in real time with protection cw.
4th layer: cw, the transmission for realizing media content is protected, with program stream information timing Online distribution.
2) program request or downloading service are adopted with three layers of key code system:
1st layer: the identity key of server unit and terminal use, ecc key is to respectively sikpriOr sikpubAnd tikpriOr tikpub, this layer of key and the live the 1st layer of ecc key Share, for realize under interactive application the bidirectional identity authentication between terminal use and server end and Protection pk or dk online distribution.
2nd layer: pk or dk, this layer of key is with the live the 2nd layer of pk or dk key altogether With being used for realizing terminal use or terminal use's group empowerment management and protection cek online distribution.
3rd layer: cek, realize the encryption of on-demand media stream and media content download.
Described server key management module 111, is additionally operable in system initialization or terminal security During module initialization, with offline mode by the ecc key of described terminal use to being distributed to terminal;
In end-user registration, pass through under the ecc public key encryption protection of described terminal use Pk or dk of described terminal use is distributed to terminal by line or offline mode;
In terminal application business, will be described under pk the or dk encipherment protection of described terminal use The sk of terminal use is distributed to described terminal;
In the programme content of system broadcasts encryption, will under the sk encipherment protection of described terminal use The cw of described terminal use is distributed together to described terminal with scrambled programme content;
In terminal application non-real-time service mandate, protect in pk the or dk encryption of described terminal use Under shield, the cek of described terminal use is distributed to described terminal.
Described server entitlement management module 112, is used for realizing terminal user authentication and terminal use Managing authority information, the license of the authority granting terminal user's respective program according to terminal use and making Use authority.Including:
Rights management: provide live, program request or the rights management of downloading service, including terminal use Authority information produces and safeguards.
Authorization messages produce: authorization messages comprise key and authority information, it with key management, interior Hold management and terminal user management association produces authorization messages.The system has two class authority message: Rmm(entitlement management message, right management message) and ecm(mandate control Message processed, entitle control message).
Authorization messages (containing key) are encrypted, including rmm encryption equipment and ecm encryption equipment.
Terminal user authentication: as terminal use's access authentication, online registration certification, in line service Shen Please authenticate, comprise to sign or checking, public key add or deciphering module.
The distribution of authorization messages right and payment.
Described content scrambling module 113, realizes respectively to programme televised live and program request or program downloading Scrambling and security control, and encapsulate code stream according to specified format.Including:
Real-time scrambling device: realize to live programming content in the presence of cryptographic algorithm and key cw The scrambling of stream.
Pre- scrambler: realize to request program and lower published article under cryptographic algorithm, key cek effect The pre- scrambling of part content stream, the content after pre- scrambling is stored in program server.
Described terminal unit 12 includes: terminal key management 121, authorization terminal management module 122 With content descrambling module 123.
Described terminal key management module 121, for completing the various keys such as ecc of terminal use The storage of key, symmetric key and relevant parameter and management;
Described authorization terminal management module 122, is used for completing authorization messages deciphering, authority information dimension The processing procedures such as shield, authority execution, authentication and upload information encryption.Specifically include:
Authorization messages deciphering module 1221, for completing terminal according to rmm and ecm receiving Each layer key of user and the deciphering of authority information, the rating condition extracting terminal use is for example close Key, effect duration, broadcasting control parameter etc..
Authority information maintenance module 1222, for according to the authorization messages receiving, preserving, updating, The authority information of maintenance terminal user.
Authority performing module 1223, receives according to the authority information control key receiving, key uses The transmission of key and control machine card between, reaches the purpose controlling program decryption and playing.
Authentication module 1224, realizes signature or the checking computing of interaction data.
Upload information encrypting module 1225, complete terminal to server submission interactive information produce and Encryption etc..
Described content descrambling module 123, under the control of described key management module 121, Live, program request and the descrambling of downloads of media programme content are completed using method corresponding with server. The descrambling to live programming content stream is realized in the presence of cryptographic algorithm and key cw.In password Algorithm, the lower descrambling realized to request program and download file content stream of key cek effect.
Fig. 3 is the distribution flow figure of the live broadcast service protection key in said system, and Fig. 4 is above-mentioned Program request in system or the distribution flow figure of downloading service protection key.Reference Fig. 3 and Fig. 4, In the present invention, key is distributed and the principle of protection is, the not only confidentiality of key to be ensured, also will Ensure the integrity of key and the reliability in source, all keys of distribution all must assure that only to be recognized Demonstrate,prove legal authorization terminal user can obtain.
In the present invention, all keys are all using the distribution of successively protected mode, are added using upper strata key The ways of distribution of close lower floor key, except personal key (pk) and domain key (dk) are to pass through The protection of ecc algorithm is outer, and the other keys under it are all to be encrypted by symmetric cryptographic algorithm sm1 to protect Shield.Meanwhile, encryption distribution after each key is bundled together with use condition, terminal use is only (c can be used according to specified rulexRepresent) use key.Specific as follows:
rmmP or d=petikpub(pk or dk ‖ cP or d)‖pesikpri(h (pk or dk ‖ cP or d))
rmms=ePk or dk(sk‖cs)‖h(sk‖cs)
rmmc=ePk or dk(cek‖cc)‖h(cek‖cc)
ecm=esk(cw‖p)‖h(cw‖p)
The distribution of each key is that substep completes.Wherein, ecc key is at system initialization or end Complete to distribute with offline mode during the security module initialization of end;Personal key pk or domain key dk When being end-user registration, by online or offline under the ecc public key encryption protection of terminal use Mode be distributed to terminal use;Business cipher key sk adopts pk or dk encipherment protection, is at end It is distributed to terminal during end subscriber application business;Cw adopts sk to encrypt, in system broadcasts encryption Distribute in real time with stream during programme content;Cek adopts pk or dk encipherment protection, in terminal use During application non-real-time service mandate, online distribution is to designated terminal.
In addition to transmission control word cw is to be distributed together with scrambled programme content, other keys All it is independently of programme content distribution.
When there is multiple similar key in system simultaneously, key mark in cipher key distribution message, to be specified Know the key identifier that also will comprise in symbol kid, and programme content for encrypting this content kid.
In the present invention, terminal use hold end-user's mind card to operator apply for the registration of when, by It is safe and reliable in the initialization of system, operator and terminal use are stuck in before being registered Through credibly obtaining the public key of other side, both sides are all signed to the information of interaction in registration process Name, therefore attacker are by replacing or cannot to distort these information so that both sides are receiving It still is able in the case of spurious information succeed in registration.Once end-user registration success, just possess Distribution rmmP or dThe i.e. condition of personal key pk and domain key dk.
With reference to Fig. 3 and Fig. 4, in the present invention, server key management module produces personal key Pk and domain key dk, and save it in storage medium.Server unit calculates rmmP or d=petikpub(pk or dk ‖ cP or d)‖pesikpri(h (pk or dk ‖ cP or d)), by rmmp Or dIt is sent to terminal with Entitlement Management Message rmm through multiplexing.Demultiplexed, terminal key manages Module calculates (pk or dk ‖ cP or d) '=petikpri(petikpub(pk or dk ‖ cP or d)), and Checking rmmP or dEffectiveness (calculate pesikpub(pesikpri(h (pk or dk ‖ cP or d))), And with h ((pk the or dk ‖ c calculatingP or d) ') value compares, equal, think deciphering (pk or Dk) '==pk or dk), terminal key management module only accepts legal pk or dk and cP or d, and it is stored in the safety zone of terminal key management module.
With reference to Fig. 3, in the present invention, server key management module produces business cipher key sk, and Save it in storage medium.Server unit calculates rmms=ePk or dk(sk‖cs)‖ h(sk‖cs), by rmmsIt is sent to terminal with Entitlement Management Message through multiplexing.It is demultiplexed, Terminal key management module calculates (sk ‖ cs) '=ePk or dk(ePk or dk(sk‖cs)), and verify sk‖csIntegrity (calculate h ((sk ‖ cs) '), and h (the sk ‖ c with receptions) value compares, Equal, think the sk '==sk of deciphering), terminal key management only accepts legal sk and cs, And it is stored in the safety zone of terminal key management module.
With reference to Fig. 3, in the present invention, server key management module produces control word cw and counts Calculate ecm=esk(cw ‖ p) ‖ h (cw ‖ p), ecm is risen with the programme content one of scrambling Deliver to terminal.Terminal key management module calculates (cw ‖ p) '=esk(esk(cw ‖ p)), and test The integrity of card cw ‖ p (calculates h ((cw ‖ p) '), and h (cw ‖ p) the value ratio with reception Relatively, equal, think the cw '==cw of deciphering), terminal key management module only accepts legal control Word cw processed, and by cw and p export descrambling module be used for content descrambling.
With reference to Fig. 4, in the present invention, server key management module produces contents encryption key Cek simultaneously calculates rmmc=ePk or dk(cek‖cc)‖h(cek‖cc), by rmmcWith awarding Power management information is sent collectively to terminal.Demultiplexed, terminal key management module calculates (cek ‖ cc) '=epK or dk(ePk or dk(cek‖cc)), and verify the integrity (calculating of cw ‖ p h(cek‖cc) '), and compare with h (the cw ‖ p) value receiving, equal, think deciphering Cek '==cek), terminal key management module only accepts legal contents encryption key cek, and By cek and ccExport descrambling module to descramble for content.
With reference to Fig. 3 and Fig. 4, in the present invention, server Scrambling Operation is to use symmetric cryptographic algorithm With control word cw or contents encryption key cek, video-voice frequency flow is scrambled, after forming scrambling Video-voice frequency flow;Terminal descrambling operation be with symmetric cryptographic algorithm and control word cw that decrypts or Contents encryption key cek descrambles to the video-voice frequency flow after scrambling, forms the plaintext that can watch Video-voice frequency flow.Attacker is only in the premise obtaining control word cw or contents encryption key cek Under, using symmetric cryptographic algorithm, the audio/video flow after scrambling could be descrambled.
In the present invention, the symmetric encipherment algorithm of employing, rivest, shamir, adelman and hash password are calculated Method is domestic algorithm, and the safety detection of national authorities tissue has been passed through in its safety, is Safe and reliable.
In the present invention, when distributing pk or dk, the message that server calculates pk or dk is tested Card code h(pk or dk) and utilize privacy key sikpriSigned, therefore used through terminal Family smart card authentication crosses signature and h(pk or dk) effectively pk or dk ciphertext be all credible , pk or dk decrypting is believable.
In the present invention, when distributing sk, server calculates the Message Authentication Code h of sk (sk), because pk or dk and sk is secrecy, and pk or dk is believable, attacks Person cannot pretend to be server unit to calculate h(sk), therefore block checking h through terminal use (sk) effectively sk ciphertext is all believable, and the sk decrypting is believable.
In the present invention, when distributing cw, server calculates the Message Authentication Code h of cw (cw), because pk or dk, sk and cw are secrecy, and sk is believable, attacks Person cannot pretend to be server unit to calculate h(cw), therefore block checking h through terminal use (cw) effectively cw ciphertext is all believable, and the cw decrypting is believable.
In the present invention, when distributing cek, server calculates the Message Authentication Code h of cek (cek), because pk or dk and cek is secrecy, and pk or dk is believable, attacks The person of hitting cannot pretend to be server unit to calculate h(cek), therefore block checking h through terminal use (cek) effectively cek ciphertext is all believable, and the cek decrypting is believable.
Embodiment two
The handling process of the content protecting method of multimedia service proposed by the present invention as described in Figure 5, Comprise the following steps:
The password flow process of step 51, system initialization and end-user registration and agreement.
) system initialization
Determine the cryptographic algorithm that system uses: e, pe and h.
Server unit produces ecc key pair, determines the mark sid(service end mark of itself Symbol, service identifier) and elliptic curve parameter and its basic point p, and produce server unit Key based on ecc is to (sikpub, sikpri).
Tsm(terminal security module, such as smart card, terminal safety module) initialization
Produce for each tsm and distribute unique tid(terminal identifier, terminal Identifier);
Sid, tid and sik is write in tsmpub
The key based on ecc for the terminal use is to for (tikpub, tikpri), and by tikpubCharge to System database;
Operator distributes tsm to terminal use, comprises sm2, sm1, sm3 etc. and calculate in tsm Method, and tikpri、tikpub、sikpub, sid and tid.
Mobile terminal initializes
Server is that the mobile terminals such as the mobile phone of terminal use load machine cartoon letters and media Reinforced turf is used Block cipher sm1;
Server unit randomly generates tsk(terminal security key, terminal safety key), And be written in the descrambling module of mobile terminal.
) end-user registration
The password flow process of end-user registration and agreement are as follows:
Terminal use holds tsm and mobile terminal, and to operator, offline or online application is registered, and illustrates It is personal registration or packet registration.
Server unit produces tm(terminal user management information, terminal for tsm Management) and random number r, use sikpriTm is signed, and tm and its signature are write Enter tsm.That is:
tm‖r‖pesikpri(tm‖r)
Tsm is with sikpubThe effectiveness that checking operator signs to tm, it is invalid such as to sign, and registers Unsuccessfully to terminate, effective then tsm that such as signs returns tid ‖ tm and use to server unit tikpriSignature to tid ‖ tm it may be assumed that
tid‖tm‖r‖petikpri(tid‖tm‖r)
Server unit extracts tik according to tid from data basepubTsm is to tid ‖ tm for checking The effectiveness of signature, it is invalid such as to sign, and registers unsuccessfully to terminate, and such as signs effectively then by tid ‖ Tm and tsm is recorded into data base to the signature of tid ‖ tm.
Server unit connects key, terminal to tsm and terminal distribution tlk(machine cartoon letters Link key).I.e.
petikpub(tlk‖r)‖pesikpri(petikpub(tlk‖r))
With
etsk(tlk‖r)‖h(tlk‖r)
Step 52, distribution rmmP or dPassword flow process and agreement.
Terminal use pk or dk authorization messages are in rmmP or dIn distribute, concrete password flow process As follows with agreement:
Operator is directed to designated terminal user or terminal use's group produces the power associating with pk or dk Limit information cP or d, this cP or dIncluding pk or dk key effect duration, the available industry of server Service type, key use rule etc..
Produce rmmP or d(entitlement management message, right management message)
rmmP or d=petikpub(pk or dk ‖ cP or d)‖pesikpri(h (pk or dk ‖ cP or d))
As pk or dk ‖ cP or dWhen data is more than 256bit, it is possible to use digital envelope produces rmmP or d:
rmmP or d=ek(pk or dk ‖ cP or d) ‖ petikpub(k)‖pesikpri(h(k‖ cP or d))
By rmmP or dIt is sent to the mobile terminal of terminal use.
Mobile terminal receives rmmP or d, deciphering pk or dk.Terminal receives rmmP or d Afterwards, using private key tikpriDeciphering rmmP or d, obtain pk or dk and cP or dIn plain text, and sharp Public key sik with ecc signature verification module server unitpubChecking rmmP or dEffective Property, if effectively, retain pk or dk and cP or d, invalid, abandon ciphertext data.
Step 53, distribution rmms(entitlement management message, right management ) and the password flow process of ecm and agreement message.
After terminal use has applied for live broadcast stream media mandate, authorization messages distribution password flow process and Agreement is as follows:
I) issue and the business cipher key sk receiving programme televised live
Server by utilizing sk generation module randomly generates sk, and produces authority information cs, this cs Including the authority information of programme televised live, as program effect duration, playing condition, use rule etc..
Server unit pk(or dk) to sk and csIt is encrypted, obtain the right of sk Message rmms:
rmms=ePk or dk(sk‖cs)‖h(sk‖cs)
By rmmsThe mobile terminal specified is sent to specified authorization.
Mobile terminal deciphers rmm with pk or dksObtain sk ‖ cs, calculate h(sk ‖ cs), and the h(sk ‖ c with receptions) value compares, equal, accepts sk, otherwise refusal connects By sk.
If a terminal use has applied for n kind business and has had the rating right of this n item business, Can:
rmms=ePk or dk(sk0‖sk1‖…skn-1‖cs)‖h(sk0‖sk1‖…skn- 1‖cs)
Ii) issue and receive the ecm receiving programme televised live
Server by utilizing cw generation module randomly generates cw, and produces the control using this cw Parameter p.
Cw is encrypted and calculates with sk with hash, obtains ecm:
ecm=esk(cw‖p)‖h(cw‖p)
Ecm is sent to mobile terminal with program stream.
The mobile terminal sk of terminal use decrypts cw, calculates h(cw ‖ p) and with Hash value in ecm compares, equal, accepts cw, and otherwise refusal accepts cw.
In broadcast items content, terminal defers to p and cs, under authority management module control, use Cw and sm1 deciphers to broadcast program stream cipher.
Step 54, terminal use apply for program request or downloading service mandate rmmc password flow process and Agreement.
Password flow process when terminal use's application demand (telecommunication) service and downloading service mandate and agreement are as follows:
I) mobile terminal of terminal use sends req by interactive channelt(interactive service mandate please Ask, request)
reqt=ePk or dk(tid‖cid‖w‖r)‖petikpri(h(tid‖cid‖w‖r))
Cid: program identification information, such as channel, programm name, program id or kid etc.
W: the relevant information such as consumption demand of application business.
Server receives reqtWith checking signature
Server receives reqt, first deciphered with pk or dk of this terminal use, then used with terminal The identity key public key tik at familypubThe effectiveness of checking signature, that is, calculate petikpub(h (tid ‖ cid ‖ w ‖ r)).As invalid in signed, refusal authorizes and feeds back authentication failure message; As signed effectively, then check the authority of terminal use by authoring system, if meet mandate requiring, Continue, otherwise feed back authorization failure information.
) server send program request or download ress(file authorizing message, response)
ress=rmmc=ePk or dk(cek‖cc‖r)‖h(cek‖cc‖r)
Cc: the application program authority information authorized, such as effect duration, playing condition, use rule Deng.The playing condition of terminal use is wherein defined using rule.
) mobile terminal passes through broadcast or interactive channel receives program request or downloads file
Mobile terminal pk or dk of terminal use decrypts cek ‖ cc ‖ r, calculates h, And and ressIn h value compare, compare r value, all equal, accept cek, otherwise refusal connect By cek.Then, terminal, according to authority information cc, is carried out to program request or download file with cek Deciphering.
If a terminal use has applied for n kind interactive service and has had the rating right of this n item business When, can disposably distribute the cek of multiple programs, then above-mentioned cek could alternatively be:
cek=cek1‖cek2…‖cekn
If same program has n terminal use's application, need to be distributed to same cek Several terminal uses are (it is assumed that the rating authority of this n terminal use is the same.):
rmmc=epk1(cek‖cc‖r)‖epk2(cek‖cc‖r)‖
…epkn(cek‖cc‖r))‖h(cek‖cc‖r)
Step 55, terminal use initiate password flow process and the agreement of authorization requests.
Another kind of situation is that terminal use fails to be properly received in cipher key broadcasting, but terminal use Application pk, dk or sk can actively be specified to system, they are specified in kid and cid.
I) mobile terminal of terminal use sends key application
The mobile terminal of terminal use is sent out to the authentication management system of server unit by backward channel Send key and entitlement requests:
Reqt=pesikpub(tid ‖ cid ‖ w ‖ r) ‖ petikpri(h(tid ‖ Cid ‖ w ‖ r))
Or
Reqt=ek(tid ‖ cid ‖ w ‖ r) ‖ pesikpub(k)
‖ petikpri(h(tid ‖ cid ‖ w ‖ r))
Wherein k and r is random number.
) server carries out signature verification and scope check to terminal use.
) it is the terminal use's distribution rights meeting authority
According to cid identification terminal user application, do following distribution:
Pk or dk distributes:
Ress=rmmp or d=petikpub (pk or dk ‖ cp or g ‖ r) ‖ Pesikpri (h (pk or dk ‖ cp or d ‖ r))
Or
Ress=rmmp or d=ekpk or dk ‖ cp or d ‖ r) ‖ petikpub1 (k) ‖ Pesikpri (h (k ‖ cp or g ‖ r))
Sk distribution protocol:
Ress=epk or dk (sk ‖ cs ‖ r) ‖ h (sk ‖ cs ‖ r)
After system correct identification terminal user, distribute apllied key to terminal use.
Step 56, server initiate password flow process and the agreement of right distribution.
Under direct-seeding, terminal use has not been able in system broadcasts key correctly accept (as eventually End subscriber is not keyed up), or not being properly received under point broadcast mode, server can pass through point-to-point side Formula actively distributes pk, dk, sk or cek key of designated terminal user, and they are referred to by kid Fixed.Agreement is as follows:
) mobile terminal from server unit to terminal use send right distribution prompt command coms Authentication management system is to designated terminal user transmission pk or dk distribution command:
Coms=petikpub(sid ‖ r ‖ kidpk or dk) ‖ pesikpri(h (sid ‖ r ‖ kidpk or dk))
Authentication management system is to designated terminal user transmission sk or cek distribution command:
Coms=epk or dk(sid ‖ r ‖ kidsk or cek) ‖ pesikpri(h (sid ‖ r ‖ kidsk or cek)) kidpk or dk:pk or dk key identification.
The key identification of kidsk or cek:sk or cek.
Ii) terminal use end carries out recognizing to system identity and and sends response rest
The mobile terminal of terminal use receives coms.Deciphering the identity of checking system.As signature Effective or invalid, accept or abandon, feed back certification success or failure information.
Pk or dk distribution command confirms:
Rest=pesikpub(tid ‖ r ‖ f) ‖ petikpri(h(tid ‖ r ‖ f))
Sk or cek distribution command confirms:
Rest=epk or dk(tid ‖ r ‖ f) ‖ petikpri(h(tid ‖ r ‖ f))
F: certification success or failure etc. indicates.
R: the random number that reception system is sent.
) mobile terminal distribution rights from server to terminal use
The cipher protocol of the mobile terminal distribution rights to terminal use for the server is with aforementioned " right is divided Send out " partly essentially identical it may be assumed that
Rmmp or d=petikpub (pk or dk ‖ cp or g ‖ r) ‖ pesikpri (h (pk or Dk ‖ cp or d ‖ r))
Or
Rmmp or d=ek(pk or dk ‖ cp or g ‖ r) ‖ petikpub (k) ‖ Pesikpri (h (k ‖ cp or d ‖ r))
Rmms=epk or dk (sk ‖ cs ‖ r) ‖ h (sk ‖ cs ‖ r)
Rmmc=epk or dk (cek ‖ cc ‖ r) ‖ h (cek ‖ cc ‖ r)
In sum, the embodiment of the present invention by live broadcast service adopt four layers of key code system, to point Broadcast or downloading service adopts three layers of key code system, and because all cryptographic algorithms itself are all safety , password is all safe using key information in flow process and cipher-text information, and institute is in need to use password The information of protection is all valid protected.In the multimedia service flow process such as whole mobile phone TV (from system It is initialised to the transmission of scrambled program and watch) in, attacker both cannot obtain secret information to steal See program, also cannot cheat end-user's mind with the cipher key related information forged or programme information Card, thus being effectively guaranteed the safety of the programme content of the multimedia services such as mobile TV, safeguards Media content or Television show producers, provider, operator, service provider and its legal terminal are used The interests at family, improve the enthusiasm of media content producer, make mass higher, more rich Program it is ensured that the multimedia service such as mobile TV continue, develop in a healthy way.
In embodiments of the present invention, system adopts key cw, sk, pk or dk can be by According to needing to be updated according to certain cycle and strategy, to improve the safety of system.Terminal is used The tik at family updates and is about 2 years interval time.Terminal use personal key pk or domain key dk Effective with the presence of terminal use or domain terminal use's rating authority, in right continuing phase, it is more New interval time is 1-2.The renewal of programme televised live business cipher key sk can be one day or one Month, determined the effect duration of sk by operator.Control word cw renewal interval time interval by taking Business device unit is made by oneself, may generally be the 30-90 second.And cek is with the file effect duration one of claim Cause, typically do not need to update, exist with the effect duration of encrypted file and exist.
One of ordinary skill in the art will appreciate that realizing all or part in above-described embodiment method Flow process, can be by computer program to complete come the hardware to instruct correlation, described program can It is stored in a computer read/write memory medium, this program is upon execution, it may include such as above-mentioned each The flow process of the embodiment of method.Wherein, described storage medium can for magnetic disc, CD, read-only deposit Storage memory body (read-only memory, rom) or random access memory (random Access memory, ram) etc..
The above, the only present invention preferably specific embodiment, but protection scope of the present invention Be not limited thereto, any those familiar with the art the invention discloses technology model In enclosing, the change or replacement that can readily occur in, all should be included within the scope of the present invention. Therefore, protection scope of the present invention should be defined by scope of the claims.

Claims (11)

1. a kind of content protective system of multimedia service is it is characterised in that include:
Server unit, for completing encryption, the key management of the programme content to multimedia service Manage with terminal user authorization, and realize the certification with terminal interaction information;
Terminal unit, for completing the solution of the programme content, key at different levels or authority of multimedia service Close, realize the interactive authentication of terminal and server, in the corresponding business of authority of execution terminal use Hold;Described server unit includes:
Server key management module, for realize the generation of the used key of the system, storage, Update and provide, described key includes symmetric key and unsymmetrical key, described symmetric key bag Include: personal key pk or domain key dk, business cipher key sk, control word key cw and content Encryption key cek, described unsymmetrical key includes: the error checking of server and terminal and correction Ecc public private key pair and relevant parameter;
Server entitlement management module, the authority for realizing terminal user authentication and terminal use is believed Breath management, the license of the authority granting terminal user's respective program according to terminal use and the right to use Limit, produces and sends the authorization messages of terminal use, and described terminal user authentication includes: terminal is used Family access authentication, online registration certification, in line service application authentication, the authority of described terminal use Including: provide live, program request authority or the power of terminal use's downloading service to terminal use Limit;
Content scrambling module, for realizing the scrambling to programme televised live, program request or program downloading and peace Full control, and encapsulate program stream according to specified format;
Described server key management module, is additionally operable to adopt following four layers close live broadcast service Key management system:
1st layer: identity key sik of server and identity key tik of terminal use, it is used for Protect pk or dk online distribution and realize the authentication between terminal use and server end;
2nd layer: pk or dk, wherein pk are used for realizing empowerment management and the protection of terminal use The sk online distribution of terminal use, dk is used for realizing the empowerment management of terminal use's group and protection is whole The sk online distribution of end subscriber group;
3rd layer: sk, for realize classification business, separate traffic or service groups control mandate and Protection cw provides in real time;
4th layer: cw, the transmission for realizing media content is protected, with program stream information timing Online distribution;
To program request or downloading service using three layers of following key code system:
1st layer: identity key sik of server and identity key tik of terminal use, it is used for Protect pk or dk online distribution and realize the authentication between terminal use and server end;
2nd layer: pk or dk, wherein pk are used for realizing empowerment management and the protection of terminal use The contents encryption key cek online distribution of terminal use, dk is used for realizing awarding of terminal use's group Power management and the cek online distribution of protection terminal use's group;
3rd layer: cek, for realizing the encryption of on-demand media stream and media content download.
2. the content protective system of multimedia service according to claim 1, its feature exists In:
Described server key management module, is additionally operable in system initialization or terminal security module During initialization, with offline mode by the ecc key of described terminal use to being distributed to terminal;
In end-user registration, pass through under the ecc public key encryption protection of described terminal use Pk or dk of described terminal use is distributed to terminal by line or offline mode;
In terminal application business, will be described under pk the or dk encipherment protection of described terminal use The sk of terminal use is distributed to described terminal;
In the programme content of system broadcasts encryption, will under the sk encipherment protection of described terminal use The cw of described terminal use is distributed together to described terminal with scrambled programme content;
In terminal application non-real-time service mandate, protect in pk the or dk encryption of described terminal use Under shield, the cek of described terminal use is distributed to described terminal.
3. the content protective system of multimedia service according to claim 1, its feature exists In described content scrambling module includes:
Real-time scrambling device, for realizing programme televised live is added in the presence of cryptographic algorithm and cw Disturb;
Pre- scrambler, for realizing to request program and downloading section under cryptographic algorithm, cek effect Purpose scrambles in advance, and the programme content after pre- scrambling is stored in program server.
4. the content protective system of the multimedia service according to any one of claims 1 to 3, It is characterized in that, described terminal unit includes:
Terminal key management module, for completing the various keys of terminal use and depositing of relevant parameter Storage and management, described key includes: ecc key, symmetric key;
Authorization terminal management module, is used for completing authorization messages deciphering, authority information maintenance, authority Execution, authentication and upload information encryption;
Content descrambling module, in described terminal key management module, authorization terminal management module Control under, complete live, point using processing corresponding method with the scrambling of the programme content of server Broadcast or downloads of media programme content scramble process.
5. the content protective system of multimedia service according to claim 4, its feature exists In described authorization terminal management module includes:
Authorization messages deciphering module, for according to the entitlement management messages receiving and authorization control message Complete each layer key of terminal use and the deciphering of authority information, extract the rating bar of terminal use Part information, this rating conditional information includes key, effect duration, plays control parameter;
Authority information maintenance module, for according to the authorization messages receiving, preserving, updating, tie up The authority information of shield terminal use;
Authority performing module, for being received according to the authority information control key receiving, key makes With the transmission of key and control machine card between, reach the purpose controlling program decryption and playing;
Authentication module, for realizing the signature of interaction data or checking between terminal server Computing;
Upload information encrypting module, for complete terminal to server submission interactive information produce and Encryption.
6. a kind of content protecting method of multimedia service is it is characterised in that include:
Server completes encryption, key management and the terminal use of the programme content to multimedia service Empowerment management, and realize the certification with terminal interaction information;
Terminal completes the deciphering of the programme content, key at different levels or authority of multimedia service, realizes eventually End and the interactive authentication of server, execute the corresponding business tine of authority of terminal use;Described Method also includes:
Described server is to live broadcast service using four layers of following key management system:
1st layer: identity key sik of server and identity key tik of terminal use, it is used for Protect pk or dk online distribution and realize the authentication between terminal use and server end;
2nd layer: pk or dk, wherein pk are used for realizing empowerment management and the protection of terminal use The sk online distribution of terminal use, dk is used for realizing the empowerment management of terminal use's group and protection is whole The sk online distribution of end subscriber group;
3rd layer: sk, for realize classification business, separate traffic or service groups control mandate and Protection cw provides in real time;
4th layer: cw, the transmission for realizing media content is protected, with program stream information timing Online distribution;
Described server is to program request or downloading service using three layers of following key code system:
1st layer: identity key sik of server and identity key tik of terminal use, it is used for Protect pk or dk online distribution and realize the authentication between terminal use and server end;
2nd layer: pk or dk, wherein pk are used for realizing empowerment management and the protection of terminal use The contents encryption key cek online distribution of terminal use, dk is used for realizing awarding of terminal use's group Power management and the cek online distribution of protection terminal use's group;
3rd layer: cek, for realizing the encryption of on-demand media stream and media content download.
7. the content protecting method of multimedia service according to claim 6, its feature exists In described method also includes:
Described server, will with offline mode in system initialization or terminal security module initialization The ecc key of described terminal use is to being distributed to terminal;
Described server, in end-user registration, is protected in the ecc public key encryption of described terminal use By way of online or offline, pk or dk of described terminal use is distributed to terminal under shield;
Described server, in terminal application business, is protected in pk the or dk encryption of described terminal use Under shield, the sk of described terminal use is distributed to described terminal;
Described server, in the programme content that system broadcasts are encrypted, adds in the sk of described terminal use Under privacy protection, the cw of described terminal use is distributed together to described end with scrambled programme content End;
Described server in terminal application non-real-time service mandate, described terminal use pk or Under dk encipherment protection, the cek of described terminal use is distributed to described terminal.
8. the content protecting method of multimedia service according to claim 7, its feature exists In described method also includes:
Described server produces pk or dk of described terminal use and the power associating with pk or dk Limit information cP or d, by pk or dk of described terminal use and cP or dPreserved;
Described server produces entitlement management message rmmP or d
rmmP or d=petikpub(pk or dk ‖ cP or d)‖pesikpri(h (pk or dk ‖ cP or d)), by described rmmP or dIt is sent to the terminal of terminal use, described pe is asymmetric after encryption Cryptographic algorithm sm2, described h are the hash computing being carried out using sm3 algorithm, described | | for chain Connect;
Described terminal receives described rmmP or dAfterwards, the private key tik of using terminal userpriDeciphering Described rmmP or d, obtain described pk or dk and cP or dIn plain text, and using described server Public key sikpubVerify described rmmP or dEffectiveness, if checking confirm described rmmP or d Effectively, then preserve pk or dk and the c that described deciphering obtainsP or d;Otherwise, abandon described deciphering Pk or dk obtaining and cP or d.
9. the content protecting method of multimedia service according to claim 7, its feature exists In described method also includes:
Described server randomly generates the sk of described terminal use and the authority information associating with sk cs, with pk or dk of described terminal use to sk and csIt is encrypted, obtain the power of sk Sharp message rmms:
rmms=ePk or dk(sk‖cs)‖h(sk‖cs)
Described e represents symmetric cryptographic algorithm sm1;
Described server is by rmmsDescribed terminal is sent to specified authorization;
Described terminal receives described rmmsAfterwards, deciphered with pk or dk of described terminal use rmmsObtain sk ‖ cs, calculate h (sk ‖ cs), by the h calculating (sk ‖ cs) with Rmm after decipheringsIn h (the sk ‖ c that comprisess) value compares, if described comparative result is phase Deng sk and c that then the described terminal described deciphering of acceptance obtainss;Otherwise, refusal accepts described solution Close sk and c obtainings.
10. the content protecting method of multimedia service according to claim 7, its feature exists In described method also includes:
Described server randomly generates the cw of described terminal use, and produces the control using this cw Parameter p processed, is encrypted to the cw of described terminal use and is calculated with the sk of described terminal use Hash, acquisition authorization control message ecm:
Ecm=esk(cw‖p)‖h(cw‖p)
Described ecm is sent to terminal with program stream by described server;
After described terminal receives described ecm, decipher described ecm with the sk of oneself, obtain Cw and p comprising in ecm after deciphering, calculates h (cw ‖ p), by the h calculating (cw ‖ p) is compared with h (the cw ‖ p) value comprising in the ecm after deciphering, if described Comparative result is equal, then described terminal accepts cw and p that described deciphering obtains;Otherwise, refuse Accept absolutely cw and p that described deciphering obtains.
The content protecting method of 11. multimedia services according to claim 7, its feature exists In described method also includes:
Described terminal is passed through interactive channel and is sent interactive service authorization requests req to servert
reqt=ePk or dk(tid‖cid‖w‖r)‖petikpri(h(tid‖cid‖w‖r))
Described cid is program identification information, and described w is the consumption demand information of application business,
Described server receives described reqtAfterwards, deciphered with pk or dk of described terminal use Described reqt, with the identity key public key tik of described terminal usepubVerify described reqtLabel The effectiveness of name;
Described server is verifying described reqtSignature effective after, send program request or download file Authorization messages ress
ress=rmmc=ePk or dk(cek‖cc‖r)‖h(cek‖cc‖r)
Described cc is the application program authority information authorized;
Described terminal receives described ressAfterwards, described with pk the or dk deciphering of oneself ress, obtain the res after decipheringsIn the cek ‖ cc ‖ r that comprises, calculate h (cek ‖ Cc ‖ r), by the res after the h calculating (cek ‖ cc ‖ r) and decipheringsIn the h that comprises (cek ‖ cc ‖ r) value compares, if described comparative result is equal, described terminal accepts institute State the cek that deciphering obtains, according to authority information cc, with cek, program request or download file are carried out Deciphering;Otherwise, refusal accepts the cek that described deciphering obtains.
CN201210246709.0A 2012-07-16 2012-07-16 Content protection method and system of multimedia service Active CN103546767B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210246709.0A CN103546767B (en) 2012-07-16 2012-07-16 Content protection method and system of multimedia service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210246709.0A CN103546767B (en) 2012-07-16 2012-07-16 Content protection method and system of multimedia service

Publications (2)

Publication Number Publication Date
CN103546767A CN103546767A (en) 2014-01-29
CN103546767B true CN103546767B (en) 2017-01-25

Family

ID=49969758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210246709.0A Active CN103546767B (en) 2012-07-16 2012-07-16 Content protection method and system of multimedia service

Country Status (1)

Country Link
CN (1) CN103546767B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104735653A (en) * 2015-04-13 2015-06-24 东信和平科技股份有限公司 Wireless communication system and method based on Guomi SM1 algorithm
CN110650196B (en) * 2019-09-25 2022-05-24 北京达佳互联信息技术有限公司 Business processing system, method, electronic device and storage medium
CN112511299B (en) * 2020-12-14 2023-09-15 深圳数字电视国家工程实验室股份有限公司 Interface data transmission method and device, electronic equipment and storage medium
CN113746943B (en) * 2021-11-08 2022-03-22 云丁网络技术(北京)有限公司 Method and device for transmitting data, server and Internet of things system

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549595A (en) * 2003-05-09 2004-11-24 华为技术有限公司 Information transmitting method and apparatus for interactive digital broadcast television system
CN1822165A (en) * 2005-01-24 2006-08-23 汤姆森许可贸易公司 Secure pre-recorded digital medium
CN101076109A (en) * 2007-05-11 2007-11-21 天栢宽带网络科技(上海)有限公司 Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it
CN101409592A (en) * 2008-11-17 2009-04-15 普天信息技术研究院有限公司 Method, system and apparatus for implementing multi-application business based on condition receiving card
CN101505400A (en) * 2009-03-10 2009-08-12 深圳华为通信技术有限公司 Bi-directional set-top box authentication method, system and related equipment
CN101626488A (en) * 2008-07-08 2010-01-13 索尼株式会社 Content distribution system, content reception terminal, content distribution method and processing method performed when viewing streaming contents
CN101790735A (en) * 2007-06-26 2010-07-28 数码基石有限公司 Systems and methods for conditional access and digital rights management
CN101902611A (en) * 2009-06-01 2010-12-01 航天信息股份有限公司 Method for realizing IPTV digital rights management
JP4801515B2 (en) * 2005-11-18 2011-10-26 日本放送協会 Scramble key management device, scramble key management information transmission device, scramble key output management method, scramble key management program, license information management device, license management information transmission device, license information output management method, and license information management program
CN102238422A (en) * 2010-05-07 2011-11-09 航天信息股份有限公司 Digital television broadcasting conditional access system

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1549595A (en) * 2003-05-09 2004-11-24 华为技术有限公司 Information transmitting method and apparatus for interactive digital broadcast television system
CN1822165A (en) * 2005-01-24 2006-08-23 汤姆森许可贸易公司 Secure pre-recorded digital medium
JP4801515B2 (en) * 2005-11-18 2011-10-26 日本放送協会 Scramble key management device, scramble key management information transmission device, scramble key output management method, scramble key management program, license information management device, license management information transmission device, license information output management method, and license information management program
CN101076109A (en) * 2007-05-11 2007-11-21 天栢宽带网络科技(上海)有限公司 Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it
CN101790735A (en) * 2007-06-26 2010-07-28 数码基石有限公司 Systems and methods for conditional access and digital rights management
CN101626488A (en) * 2008-07-08 2010-01-13 索尼株式会社 Content distribution system, content reception terminal, content distribution method and processing method performed when viewing streaming contents
CN101409592A (en) * 2008-11-17 2009-04-15 普天信息技术研究院有限公司 Method, system and apparatus for implementing multi-application business based on condition receiving card
CN101505400A (en) * 2009-03-10 2009-08-12 深圳华为通信技术有限公司 Bi-directional set-top box authentication method, system and related equipment
CN101902611A (en) * 2009-06-01 2010-12-01 航天信息股份有限公司 Method for realizing IPTV digital rights management
CN102238422A (en) * 2010-05-07 2011-11-09 航天信息股份有限公司 Digital television broadcasting conditional access system

Also Published As

Publication number Publication date
CN103546767A (en) 2014-01-29

Similar Documents

Publication Publication Date Title
CN101166259B (en) Mobile phone TV service protection method, system, mobile phone TV server and terminal
US7336784B2 (en) Multimedia decoder method and system with authentication and enhanced digital rights management (DRM) where each received signal is unique and where the missing signal is cached inside the storage memory of each receiver
CN101902611B (en) Method for realizing IPTV digital rights management
CN101076109B (en) Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it
CN102761790B (en) Digital-watermark-based digital copyright management method and device for IPTV terminals
CN101019370A (en) Method of providing conditional access
CN103873895A (en) DVB/IPTV dual-mode interactive business protection system
CN102724568A (en) Authentication certificates
CN101277181A (en) Dynamic multilayer encryption method for managing flow medium digital authority
CN102802036A (en) System and method for identifying digital television
CN102595198B (en) A kind of key management system based on safety chip, terminal equipment and method
CN100442839C (en) Information transmitting method and apparatus for interactive digital broadcast television system
CN104254004A (en) Digital rights management method and system suitable for high-bit-rate audio and video content
CN102075802A (en) Method for realizing secure communication between set-top box and intelligent card
CN103546767B (en) Content protection method and system of multimedia service
CN102111681A (en) Key system for digital television broadcast condition receiving system
CN102917252B (en) IPTV (internet protocol television) program stream content protection system and method
CN102647393B (en) Digital signage content piracy prevention method
CN100544238C (en) A kind of charging method of digital multimedia broadcasting system and Apparatus and system
CN101247508B (en) Method for terminal implementing service authorization in conditioned receiving system
CN101521668A (en) Method for authorizing multimedia broadcasting content
KR101004886B1 (en) Method for group key distribution, and conditional access system using the method
CN101505400A (en) Bi-directional set-top box authentication method, system and related equipment
CN202475692U (en) Security chip-based secret key management system and terminal device
CN101902610B (en) Method for realizing safety communication between IPTV set-top box and intelligent card

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant