CN1527600A - Safe access method and device for digital broadcast television network - Google Patents
Safe access method and device for digital broadcast television network Download PDFInfo
- Publication number
- CN1527600A CN1527600A CNA031192238A CN03119223A CN1527600A CN 1527600 A CN1527600 A CN 1527600A CN A031192238 A CNA031192238 A CN A031192238A CN 03119223 A CN03119223 A CN 03119223A CN 1527600 A CN1527600 A CN 1527600A
- Authority
- CN
- China
- Prior art keywords
- interactive
- service
- network
- authentication
- terminal part
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000002452 interceptive effect Effects 0.000 claims abstract description 221
- 238000012545 processing Methods 0.000 claims abstract description 43
- 238000012790 confirmation Methods 0.000 claims abstract description 10
- 238000013475 authorization Methods 0.000 claims description 28
- 230000008569 process Effects 0.000 claims description 13
- 238000004891 communication Methods 0.000 claims description 7
- 238000010295 mobile communication Methods 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000717 retained effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Landscapes
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention discloses safe access method and device for digital broadcast television network. The method includes: establishing interactive digital broadcast television system; performing interactive user access network confirmation of the terminal part with the user access protocol of the interactive network while turning on the terminal; performing the user access system confirmation of the terminal part based on the user information; and accessing the terminal passing through the confirmation into digital broadcast television system. The safe access device has front end part including recombiner, scrambler, control word generator and service management control unit; and terminal part including decombiner, descrambler and interactive service processing unit. The present invention also discloses corresponding front end device and back end device. The present invention overcomes the demerit of relying cipher key alone with poor safety and is simple in structure, easy to realize and easy in system control.
Description
Technical Field
The present invention relates to access technologies for broadcast television networks, and in particular, to a secure access method and apparatus for a digital broadcast television network.
Background
Most of the existing broadcast television networks neglect the security problem in the initial construction stage, even if the security problem is considered, the security mechanism is only established on the physical security mechanism, and the security mechanism is similar to the network environment as the interconnection degree of the broadcast television networks is expanded. For example: in some regions, the cable television network and the satellite television network are attacked illegally, and the normal watching of people is interfered or interrupted, so that the television network is greatly damaged, huge economic loss is caused, and extremely bad social influence is caused. Therefore, it is necessary to adopt logical measures, such as security protocol, cryptographic technology, security management, etc., to strengthen the access authentication and prevent the illegal user from invading.
In order to achieve the above-mentioned objectives and solve the current threats of broadcast network security, an effective method is to develop digital tv, because a Conditional Access (CA) system in the digital tv system platform plays a central role in security protection. The CA system is a conditional access mechanism of the digital broadcast television system, is a basic operation support facility for protecting the legal operation income of a digital television content provider and a broadcast television network operator, and can ensure that a paid television user can normally watch programs and the unpaid television user can not watch the programs by scrambling digital television programs and information at the front end of a television transmission network in real time and descrambling and restoring the digital television programs and the information at a user end and authorizing the paid user online, so the CA system is also a charging control system which is realized by using an encryption technology and takes the benefit of the television operator as a fundamental purpose. Since the CA system relates to the digital tv front end, the transmission network and the user end, that is, to the entire broadcast television network, it is also a security system of the digital tv that can resist malicious attacks for business or political purposes, and its main security objective is to prevent the digital tv user authorization apparatus from being largely forged or copied by pirates for business purposes, and to prevent illegal digital tv programs or information from being mixed into the digital broadcast television network.
The current CA system is designed for a unidirectional broadcast television network, and its implementation method refers to fig. 1, and fig. 1 is an implementation block diagram of the CA system in the existing unidirectional digital broadcast television system. As shown in fig. 1, a front-end portion 110 of a conventional digital broadcast television system includes: a compositor 111, a scrambler 112, an encryptor 113, an encryptor 114, a Service Information (SI) generator 115, a user authorization system 116, a Control Word (CW) generator 117, a program information management system 118, and a user management system 119; the terminal part (STB) comprises: descrambler 132, demultiplexer 131, decryptor 133, decryptor 134, security processor 135. The terminal portion 130 contains a smart card system 136.
In the above one-way digital broadcast television system, the CA system is mainly implemented by user access authentication and service authorization, and the security of its implementation is completely concentrated on the terminal, and the specific process thereof is given below.
In the front-end part, existing CA systems employ a triple key mechanism to encrypt the transmission program:
1. using scrambler 112, according to the control word generated by Control Word (CW) generator 117, the pseudo-random sequence generator is initially triggered to generate new pseudo-random sequence to scramble service information, the control word is a group of random numbers, and is randomly changed once every several seconds, and the control word is descrambled under the control of the same control word at the receiving end;
2. encrypting the Control Word (CW) generated by the Control Word (CW) generator 117 with the encryptor 114, putting in entitlement control information (ECM);
3. the subscriber management information provided by the subscriber management system 119 is encrypted by the encryptor 113 to form Entitlement Management Messages (EMM). The encrypted information and the program information (PSI) are combined by the combiner 111 to form service information, which is scrambled by the scrambler 112 and then transmitted to the terminal part 130 through the broadcasting network 120.
In the terminal section 130, the conventional CA system decrypts the EMM with the PDK (user individual key) by the decryptor 134, extracts the Service Key (SK), sends it to the security processor 135, and determines whether the terminal is authorized to receive the service. If authorized, the control word CW in the ECM is decrypted by the decryptor 133 using the service key SK and then provided to the descrambler 132 for use. The descrambler 132 descrambles the information using the control word, and the descrambled information is sent to the de-multiplexer 131; otherwise, the service information cannot be received.
As can be seen from the above-mentioned existing CA system user access authentication and service authorization scheme, the CA system is limited by the unidirectional network, so that the scheme is not only complicated, but also has some disadvantages in terms of security:
1. its security is concentrated on the terminal's ability, and once the algorithm is broken, anywhere in the system's domain of action is completely exposed to the threat of theft.
2. The existing CA system can not authenticate the specific service authorization, so that illegal service is difficult to prevent.
3. Because the encryption and decryption algorithm of the unidirectional CA system structure is completely bound with the equipment, a pirate has enough opportunity to research a complete decryption scheme, and auxiliary measures such as a backup algorithm and the like cannot make up the defect. The existing CA systems are therefore not highly secure.
The european dvb (digital Video broadcasting) organization has proposed a scheme of a related interactive digital broadcast television network, in which a front end portion is connected to a terminal portion not only through a broadcast network, but also through an interactive network, and by applying the scheme, interactive services such as broadcast services and on-demand services can be implemented, that is, interactive functions of the digital broadcast television network can be added. The interactive digital broadcast television network can increase the bidirectional interactive function of the broadcast television network, and can establish a powerful user and service management platform to realize the operable and manageable broadcast television system. Although no practical implementation scheme exists at present, the interactive digital broadcast television network has powerful functions, is a direction of development of the digital broadcast television network, and has a good development prospect.
Disclosure of Invention
In view of the above, the present invention provides a method and an apparatus for secure access to a digital broadcast television network, so as to improve the security of the digital broadcast television network.
In order to achieve the above object, the present invention provides a secure access method for a digital broadcast television system, which comprises the following steps:
1) setting service management control unit at front end of digital broadcast television system, setting interactive service processing unit at terminal part of digital broadcast television network system,
connecting the service management control unit to an interactive network, connecting the interactive service processing unit to the interactive network, and establishing an interactive digital broadcast television system;
2) when the terminal part is started, the user access protocol of the interactive network is used for authenticating the user access interactive network to the terminal part, and the interactive network sends the user information authenticated by the user access interactive network to the service management control unit of the front end part;
3) the service management control unit authenticates the user access system through the terminal part of the user access interactive network authentication according to the received user information, and accesses the terminal part of the user access system authentication into the digital broadcast television system.
The user access system authentication in step 3) can be implemented by comparing the received user information with the user information stored in the service management control unit.
The method may further comprise: after the authentication of the user access system is passed, before the service is started or switched, the terminal part sends the user information and the service management information of the terminal part to the service management control unit of the front end part through the interactive network, the service management control unit carries out the authorization authentication of the user service according to the user information and the service management information, the authentication result is returned to the terminal part through the interactive network, and the terminal part obtains the service information according to the authentication result.
The interactive network may be a wireless interactive network, including: a global system for mobile communications (GSM) network, or a General Packet Radio Service (GPRS) network, or a Wideband Code Division Multiple Access (WCDMA) wireless communication network, or a CDMA 2000 wireless communication network, or a Mobile Broadband Wireless Access (MBWA) network. The step 1) can further comprise: the service management control unit is set as a service management module and a service control module which are connected with each other, the service control module is connected with the original recombiner of the system, meanwhile, the service control module is connected with the interactive network through an authentication interactive interface, and the service management module is connected with the interactive network through a service interface.
When the interactive network is a WCDMA network, the step 2) may be: the method comprises the steps that firstly, a terminal part reads user information from an intelligent card system, then the terminal part is connected with an interactive network to register a user, a Core Network (CN) in the interactive network sends an authentication request message to the intelligent card system through an interactive service processing unit in the terminal part, the intelligent card system carries out authentication operation according to the message and sends an authentication result to the CN through the interactive service processing unit in the terminal part, the CN carries out access interactive network authentication on the user at the terminal part according to the authentication result, and the user information authenticated by the access interactive network is sent to a service control module at the front end part through an authentication interactive interface; and returning the user information which is not authenticated by accessing the interactive network to the interactive service processing unit of the terminal part.
And 2), the authentication can be carried out according to the wireless AAA authentication protocol of the interactive network by the AAA authentication server in the CN.
The step 2) may further include: when the terminal part is started, the interactive service processing unit sends the user Personal Identification Number (PIN) received by the intelligent card system to the interactive network, and the interactive network authenticates the number.
When the interactive network is a WCDMA network, the specific process of the user service authorization authentication may be: the terminal part sends the user information and the service request information to a service GPRS node (SGSN) of CN in an interactive network through an interactive service processing unit, the SGSN forwards the information to a gateway GPRS node (GGSN), the information is sent to a service management module at the front end part through a service interface after being routed through the GGSN, the service management module completes real-time service switching according to the service request information, meanwhile, the service control module judges whether the user has the authority to use the service according to the service request information and the user information, if so, the authorization confirmation information passes through the service management module, and the service interface returns to the terminal part through the interactive network; otherwise, the information of the non-execution service is returned to the terminal part.
The authorization information returned to the terminal part can be a service control word generated by the control word generator, and the terminal part descrambles the requested service through a descrambler according to the received service control word to obtain the corresponding service.
The user service authorization authentication process may further include: and the service control module starts to charge the user of the terminal part while returning the confirmation authorization information to the terminal part.
The invention also provides a safe access device of a digital broadcast television system, which is applied to an interactive digital broadcast television network and comprises a front end part and a terminal part, wherein the front end part comprises a recombiner, a scrambler and a control word generator;
the front end part further comprises a service management control unit, the service management control unit is used for carrying out user access system authentication on the user information which is received from the interactive network and passes the access interactive network authentication, and returning the authentication result to the terminal part through the interactive network; wherein,
the control word generator is connected between the scrambler and the interactive network, and the service management control unit is connected between the compositor and the interactive network;
the terminal part further comprises an interactive service processing unit, wherein the interactive service processing unit is used for sending the user information read from the intelligent card system to an interactive network for accessing interactive network authentication and receiving an access interactive network authentication result and a user access system authentication result from the interactive network; wherein,
the interactive service processing unit is connected between the descrambler and the interactive network, the interactive service processing unit is connected with the de-recombiner, and the interactive service processing unit is connected with an intelligent card system.
The service management control unit may further include: the service control module is used for receiving user information which is sent from the interactive network by the authentication interactive interface and passes the authentication of the access interactive network, carrying out the authentication of a user access system according to the user information and returning an authentication result to the terminal part through the authentication interactive interface and the interactive network; wherein,
the service management module is connected with the service control module, the service control module is connected with the combiner, the service control module is connected with the interactive network through the authentication interactive interface, and the service management module is connected with the interactive network through the service interface.
The invention also provides a safe access front-end device of the digital broadcast television system, which is applied to an interactive digital broadcast television network and comprises a recombiner, a scrambler and a control word generator, wherein the recombiner is connected with the scrambler, the scrambler is connected with the broadcast network,
the apparatus further comprises a traffic management control unit; the system is used for authenticating the user access system to the user information which is received from the interactive network and passes the authentication of the access interactive network, and sending the authentication result out through the interactive network; wherein,
the control word generator is connected between the scrambler and the interactive network, and the service management control unit is connected between the compositor and the interactive network.
The service management control unit may further include: the system comprises a service management module and a service control module; the service control module is used for receiving user information which is sent from the interactive network by the authentication interactive interface and passes the authentication of the access interactive network, carrying out the authentication of the user access system according to the user information and sending out the authentication result through the authentication interactive interface; wherein,
the service management module is connected with the service control module, the service control module is connected with the combiner, the service control module is connected with the interactive network through the authentication interactive interface, and the service management module is connected with the interactive network through the service interface.
The invention also provides a safe access terminal device of the digital broadcast television system, which is applied to an interactive digital broadcast television network and comprises a de-multiplexer and a descrambler, wherein the de-multiplexer is connected with the descrambler, the descrambler is connected with the broadcast network,
the device further comprises an interactive service processing unit, which is used for sending the user information read from the intelligent card system to an interactive network for accessing interactive network authentication and receiving an access interactive network authentication result and a user access system authentication result from the interactive network; wherein,
the interactive service processing unit is connected between the descrambler and the interactive network, the interactive service processing unit is connected with the de-recombiner, and the interactive service processing unit is connected with an intelligent card system.
The smart card system may be a SIM card system.
The technical scheme of the invention shows that the safe access method of the digital broadcast television network realizes the startup access authentication and the business authorization authentication of the interactive digital broadcast television through the interactive network, overcomes the defect that the original CA system completely depends on secret key encryption and has poor safety, and is simpler than the original system in structure, thereby being easier to realize. The key of the encryption mechanism of the invention lies in the authentication and authorization of the front end, and is in a controllable state for an operator, thereby solving the problem that the key of the terminal is the core of the encryption mechanism of the existing CA system, and is in an uncontrollable state for the operator.
Drawings
Fig. 1 is a schematic diagram illustrating a CA system implemented in a conventional unidirectional digital broadcast television system;
FIG. 2 is a schematic diagram of an interactive digital broadcast television system in accordance with a preferred embodiment of the inventive method;
fig. 3 is a schematic diagram illustrating a process of accessing an interactive digital broadcasting television system by a terminal part according to the embodiment shown in fig. 2;
fig. 4 is a schematic diagram of a service authorization authentication process of the terminal part in the embodiment shown in fig. 2.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the following embodiments and the accompanying drawings.
The invention provides a safe access method and a device of a digital broadcast television network, the main method is to establish an interactive digital broadcast television system, and to establish bidirectional point-to-point interaction through an interactive network to realize the safe access of a terminal part, and the safe access device is set according to the method. The invention leads the authentication and the authorization to be completely and uniformly managed by the control center at the front end, thereby leading the equipment to be completely separated from the safety system, leading the platform of the equipment to be completely opened and leading the thief to lose the use.
Referring to fig. 2, fig. 2 is a schematic diagram of an interactive digital broadcast television system according to a preferred embodiment of the inventive method. The invention modifies the existing unidirectional digital broadcast television system, forms the safe access device of the invention:
in the front-end section 210, that is, the front-end apparatus, a traffic management control unit 213 is provided, which retains a multiplexer 211, a scrambler 212, and a control word generator 214 in the original system; the compositor 211 is connected with the scrambler 212, the scrambler 212 is connected with the broadcast network 221, the control word generator 214 is connected between the scrambler 212 and the interactive network 222, and the service management control unit 213 is disposed between the compositor 211 and the interactive network 222.
In this embodiment, the service management control unit 213 is divided into a service management module 215 and a service control module 216 that are connected to each other, the service control module 216 is connected to the compositor 211, the service control module 216 is connected to the interactive network 222 through an authentication interactive interface, and the service management module 215 is connected to the interactive network 222 through a service interface.
In this embodiment, the two encryptors 113 and 114 in the original system are not used, and of course, if not all the terminal parts 230 in the interactive broadcast television system are connected to the interactive network 222, and there are several terminal parts 230 that are not connected to the interactive network 222, these two encryptors should be retained, and likewise, the terminal part 230 that is not connected to the interactive network 222 should also retain the corresponding two decryptors.
In the terminal part 230, that is, the terminal device, an interactive service processing unit 233 is provided, and a demultiplexer 231 and a descrambler 232 in the original system are retained; connecting the de-multiplexer 231 and the descrambler 232, connecting the descrambler 232 and the broadcast network 221, disposing the interactive service processing unit 233 between the descrambler 232 and the interactive network 222, simultaneously connecting the interactive service processing unit 233 and the de-multiplexer 231, and connecting the interactive service processing unit 233 and a smart card system 234, where the smart card system 234 may be a commonly used SIM card system.
The interactive network 222 connected in the present invention may be a wireless interactive network, and may adopt a mainstream cellular system: a global system for mobile communications (GSM) network, a General Packet Radio Service (GPRS) network, a Wideband Code Division Multiple Access (WCDMA) wireless communication network, or a CDMA 2000 wireless communication network, or a mobile broadband wireless access network (MBWA) of a non-mainstream system, but a cellular system is preferably selected from comprehensive considerations of mature technology, cost, generalizability, and the like. In this embodiment, a WCDMA wireless communication network is used as a wireless interactive network system.
Therefore, as shown in fig. 2, in the present embodiment, the service control module 216 is connected to the wireless AAA authentication server 224 in the wireless core network packet domain 223 in the interactive network 222 through an authentication interface; the service management module 215 is connected to the firewall 225 in the packet domain 223 of the wireless core network through a service interface, i.e. a Gi interface in this embodiment; the interactive service processing unit 233 is connected to the WCDMA radio access network 228 in the interactive network 222.
Referring to fig. 3, fig. 3 is a schematic diagram illustrating a process of accessing an interactive digital broadcast television system by a terminal part according to the embodiment shown in fig. 2;
as shown in fig. 3, the terminal part accessing the interactive digital broadcasting television system includes two basic processes:
firstly, user access interactive network authentication.
When the terminal part is started, the terminal part reads user information from the intelligent card system, then the terminal part establishes connection with the interactive network, sends the user information to SGSN in CN in the interactive network for user registration, and sends the user information to WAAA server, the WAAA server sends an authentication request message to the intelligent card system through an interactive service processing unit in the terminal part, the intelligent card system performs authentication operation according to the message, and sends an authentication result to the WAAA server in the CN through the interactive service processing unit in the terminal part, and the CN performs user access interactive network authentication on the terminal part according to the authentication result of the WAAA server in the CN.
The whole authentication process is authenticated according to the wireless AAA authentication protocol of the WCDMA network, and the process is similar to the starting authentication process when a WCDMA mobile phone accesses the WCDMA network, except that the user information is different.
The authenticated user information is sent to the service control module of the front end part through the authenticated interaction interface, and the user information which does not pass the authentication is returned to the interaction service processing unit of the terminal part.
In addition, when the terminal part is started, the interactive service processing unit can also send the user Personal Identification Number (PIN) received by the intelligent card system to the interactive network, and the interactive network authenticates the number. This procedure is also the same as the WCDMA network authenticating the WCDMA handset user Personal Identification Number (PIN).
Secondly, the method comprises the following steps: and authenticating the user access system.
The service control module compares the received user information with the user information stored by the service control module to authenticate the user access system.
That is, the service control module performs user access system authentication on the user information received from the WAAA server through the interactive authentication interface. The service control module judges whether the user can use the system service according to the bill information, balance information, service control, load control and the like of the user indicated by the user information, gives judgment information and returns the judgment information to the user terminal by using the interactive network through the interactive authentication interface again.
Therefore, through the interactive network, the terminal can perform the authentication as soon as being started, and illegal users are prevented.
In this embodiment, the legal terminal part after the identity authentication needs to perform service authorization authentication when acquiring the service, so as to prevent an illegal service. Namely, before service start and service switching, service authorization authentication is carried out on the service request of the user.
Fig. 4 is a schematic diagram of a service authorization authentication process of the terminal part in the embodiment shown in fig. 2.
As shown in fig. 4, firstly, the terminal part sends the user information and the service request information to a service GPRS node (SGSN) of CN in the interactive network through an interactive service processing unit, the SGSN forwards the information to a gateway GPRS node (GGSN), the GGSN provides a route to send the information to a service management module at the front end part through a service interface, the service management module forwards the information to a service control module, the service management module completes real-time service switching according to the service request information, and simultaneously, the service control module judges whether the user has the right to use the service according to the service request information and the user information, if so, the authorization information is confirmed, that is, the service control word generated by the control word generator is returned to the terminal part through the service management module and the interactive network; otherwise, the information of the non-execution service is returned to the terminal part. The terminal part sends back confirmation information to the service control module, and descrambles the requested service through a descrambler according to the received service control word to obtain the corresponding service. And the service control module starts to charge the user of the terminal part while returning the confirmation authorization information to the terminal part.
The user terminal sends out termination information once the user terminal wants to terminate the service, similar to the service authorization process, the user information and the service information requesting to terminate are transmitted to the service management module through the interactive network through the Gi interface, the service management module completes real-time service termination according to the service information requesting to terminate, meanwhile, the service control module stops charging for the user, and then service termination confirmation information is transmitted back to the user at the terminal part through the Gi interface and the interactive network through the service management module.
It can be seen from the above embodiments that the secure access method for the digital broadcast television network of the present invention overcomes the defect that the original CA system is completely encrypted by a secret key and has poor security, and meanwhile, the system has a simple structure and is easy to implement. The core of the encryption mechanism in the invention is the authentication and authorization of the front end, and the encryption mechanism is in a controllable state for an operator, thereby solving the problem that the core of the encryption mechanism of the existing CA system is the secret key of the terminal, and the encryption mechanism is in an uncontrollable state for the operator.
Claims (17)
1. A secure access method for a digital broadcast television system, the method comprising the steps of:
1) setting service management control unit at front end of digital broadcast television system, setting interactive service processing unit at terminal part of digital broadcast television network system,
connecting the service management control unit to an interactive network, connecting the interactive service processing unit to the interactive network, and establishing an interactive digital broadcast television system;
2) when the terminal part is started, the user access protocol of the interactive network is used for authenticating the user access interactive network to the terminal part, and the interactive network sends the user information authenticated by the user access interactive network to the service management control unit of the front end part;
3) the service management control unit authenticates the user access system through the terminal part of the user access interactive network authentication according to the received user information, and accesses the terminal part of the user access system authentication into the digital broadcast television system.
2. The security access method of claim 1, wherein the user access system authentication of step 3) is performed by the service management control unit comparing the received user information with the user information stored in the service management control unit.
3. The secure access method of claim 1, further comprising: after the authentication of the user access system is passed, before the service is started or switched, the terminal part sends the user information and the service management information of the terminal part to the service management control unit of the front end part through the interactive network, the service management control unit carries out the authorization authentication of the user service according to the user information and the service management information, the authentication result is returned to the terminal part through the interactive network, and the terminal part obtains the service information according to the authentication result.
4. The secure access method of claim 3, wherein the interactive network is a wireless interactive network, comprising: a global system for mobile communications (GSM) network, or a General Packet Radio Service (GPRS) network, or a Wideband Code Division Multiple Access (WCDMA) wireless communication network, or a CDMA 2000 wireless communication network, or a Mobile Broadband Wireless Access (MBWA) network.
5. The secure access method according to claim 1 or 4, wherein the step 1) further comprises: the service management control unit is set as a service management module and a service control module which are connected with each other, the service control module is connected with the original recombiner of the system, meanwhile, the service control module is connected with the interactive network through an authentication interactive interface, and the service management module is connected with the interactive network through a service interface.
6. The security access method of claim 5, wherein when the interworking network is a WCDMA network, the step 2) is: the method comprises the steps that firstly, a terminal part reads user information from an intelligent card system, then the terminal part is connected with an interactive network to register a user, a Core Network (CN) in the interactive network sends an authentication request message to the intelligent card system through an interactive service processing unit in the terminal part, the intelligent card system carries out authentication operation according to the message and sends an authentication result to the CN through the interactive service processing unit in the terminal part, the CN carries out access interactive network authentication on the user at the terminal part according to the authentication result, and the user information authenticated by the access interactive network is sent to a service control module at the front end part through an authentication interactive interface; and returning the user information which is not authenticated by accessing the interactive network to the interactive service processing unit of the terminal part.
7. The secure access method of claim 6, wherein the step 2) is performed by the AAA authentication server in the CN according to the wireless AAA authentication protocol of the interactive network itself.
8. The secure access method of claim 6, wherein the step 2) further comprises: when the terminal part is started, the interactive service processing unit sends the user Personal Identification Number (PIN) received by the intelligent card system to the interactive network, and the interactive network authenticates the number.
9. The security access method of claim 5, wherein when the interactive network is a WCDMA network, the specific procedure of the user service authorization authentication is as follows: the terminal part sends the user information and the service request information to a service GPRS node (SGSN) of CN in the interactive network through an interactive service processing unit, the SGSN forwards the information to a gateway GPRS node (GGSN), after the information is routed through the GGSN, a service interface sends the information to a service management module at the front end part, the service management module completes real-time service switching according to the service request information, meanwhile, the service control module judges whether the user has the authority to use the service according to the service request information and the user information, if so, the authorization confirmation information passes through the service management module, and the service interface returns to the terminal part through the interactive network; otherwise, the information of the non-execution service is returned to the terminal part.
10. The security access method of claim 9, wherein the authorization information returned to the terminal part is a service control word generated by a control word generator, and the terminal part descrambles the requested service through a descrambler according to the received service control word to obtain the corresponding service.
11. The secure access method of claim 9, wherein the user service authorization authentication process further comprises: and the service control module starts to charge the user of the terminal part while returning the confirmation authorization information to the terminal part.
12. A security access device of digital broadcast television system, apply to the network of interactive digital broadcast television, the apparatus includes front end and terminal part, its front end includes recombiner, scrambler, control word generator, the recombiner couples to scrambler, the scrambler couples to broadcast network, the terminal part includes de-recombiner, descrambler, the de-recombiner couples to descrambler, the descrambler couples to broadcast network; the method is characterized in that:
the front end part further comprises a service management control unit, the service management control unit is used for carrying out user access system authentication on the user information which is received from the interactive network and passes the access interactive network authentication, and returning the authentication result to the terminal part through the interactive network; wherein,
the control word generator is connected between the scrambler and the interactive network, and the service management control unit is connected between the compositor and the interactive network;
the terminal part further comprises an interactive service processing unit, wherein the interactive service processing unit is used for sending the user information read from the intelligent card system to an interactive network for accessing interactive network authentication and receiving an access interactive network authentication result and a user access system authentication result from the interactive network; wherein,
the interactive service processing unit is connected between the descrambler and the interactive network, the interactive service processing unit is connected with the de-recombiner, and the interactive service processing unit is connected with an intelligent card system.
13. The security access arrangement of claim 12, wherein the traffic management control unit further comprises: the service control module is used for receiving user information which is sent from the interactive network by the authentication interactive interface and passes the authentication of the access interactive network, carrying out the authentication of a user access system according to the user information and returning an authentication result to the terminal part through the authentication interactive interface and the interactive network; wherein,
the service management module is connected with the service control module, the service control module is connected with the combiner, the service control module is connected with the interactive network through the authentication interactive interface, and the service management module is connected with the interactive network through the service interface.
14. A safe access front-end device of a digital broadcast television system is applied to an interactive digital broadcast television network, and comprises a recombiner, a scrambler and a control word generator, wherein the recombiner is connected with the scrambler, the scrambler is connected with the broadcast network, and the device is characterized in that:
the apparatus further comprises a traffic management control unit; the system is used for authenticating the user access system to the user information which is received from the interactive network and passes the authentication of the access interactive network, and sending the authentication result out through the interactive network; wherein,
the control word generator is connected between the scrambler and the interactive network, and the service management control unit is connected between the compositor and the interactive network.
15. The security access front-end apparatus of claim 14, wherein the traffic management control unit further comprises: the system comprises a service management module and a service control module; the service control module is used for receiving user information which is sent from the interactive network by the authentication interactive interface and passes the authentication of the access interactive network, carrying out the authentication of the user access system according to the user information and sending out the authentication result through the authentication interactive interface; wherein,
the service management module is connected with the service control module, the service control module is connected with the combiner, the service control module is connected with the interactive network through the authentication interactive interface, and the service management module is connected with the interactive network through the service interface.
16. A safety access terminal device of digital broadcast television system is applied to interactive digital broadcast television network, the device includes a de-multiplexer and a descrambler, the de-multiplexer is connected with the descrambler, the descrambler is connected with the broadcast network, characterized in that:
the device further comprises an interactive service processing unit, which is used for sending the user information read from the intelligent card system to an interactive network for accessing interactive network authentication and receiving an access interactive network authentication result and a user access system authentication result from the interactive network; wherein,
the interactive service processing unit is connected between the descrambler and the interactive network, the interactive service processing unit is connected with the de-recombiner, and the interactive service processing unit is connected with an intelligent card system.
17. The secure access terminal apparatus of claim 16, wherein: the intelligent card system is an SIM card system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031192238A CN1315324C (en) | 2003-03-05 | 2003-03-05 | Safe access method and device for digital broadcast television network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031192238A CN1315324C (en) | 2003-03-05 | 2003-03-05 | Safe access method and device for digital broadcast television network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1527600A true CN1527600A (en) | 2004-09-08 |
| CN1315324C CN1315324C (en) | 2007-05-09 |
Family
ID=34285021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031192238A Expired - Fee Related CN1315324C (en) | 2003-03-05 | 2003-03-05 | Safe access method and device for digital broadcast television network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1315324C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100383695C (en) * | 2005-05-11 | 2008-04-23 | 联想(北京)有限公司 | Safety turn-on method in visual range |
| CN101848049A (en) * | 2010-03-18 | 2010-09-29 | 鸿富锦精密工业(深圳)有限公司 | Information service system based on digital broadcasting |
| CN101399960B (en) * | 2007-09-25 | 2010-12-01 | 中兴通讯股份有限公司 | Program stream key encryption method and system in broadcast type mobile television service |
| CN102075524A (en) * | 2010-12-28 | 2011-05-25 | 广东楚天龙智能卡有限公司 | Method for starting digital media interactive service through intelligent card |
| CN101513044B (en) * | 2006-09-04 | 2012-06-27 | 诺基亚西门子通信有限责任两合公司 | Personalizing any TV gateway |
| CN103024474A (en) * | 2012-11-30 | 2013-04-03 | 北京视博数字电视科技有限公司 | System and method for safely receiving and distributing of radio and television contents and internet gateway device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101146209B (en) * | 2007-09-26 | 2011-05-25 | 中兴通讯股份有限公司 | A method and system for program stream secret key encryption in mobile multi-media broadcasting service |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5574787A (en) * | 1994-07-25 | 1996-11-12 | Ryan; John O. | Apparatus and method for comprehensive copy protection for video platforms and unprotected source material |
| US5586121A (en) * | 1995-04-21 | 1996-12-17 | Hybrid Networks, Inc. | Asymmetric hybrid access system and method |
| GB2334125B (en) * | 1997-09-29 | 2000-08-16 | Nds Ltd | A remote control for controlling access to television transmissions via wireless communication |
| US20020188566A1 (en) * | 2001-06-11 | 2002-12-12 | Eastman Kodak Company | Access to electronic content over a network using a hybrid optical disc for authentication |
-
2003
- 2003-03-05 CN CNB031192238A patent/CN1315324C/en not_active Expired - Fee Related
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100383695C (en) * | 2005-05-11 | 2008-04-23 | 联想(北京)有限公司 | Safety turn-on method in visual range |
| CN101513044B (en) * | 2006-09-04 | 2012-06-27 | 诺基亚西门子通信有限责任两合公司 | Personalizing any TV gateway |
| CN101399960B (en) * | 2007-09-25 | 2010-12-01 | 中兴通讯股份有限公司 | Program stream key encryption method and system in broadcast type mobile television service |
| CN101848049A (en) * | 2010-03-18 | 2010-09-29 | 鸿富锦精密工业(深圳)有限公司 | Information service system based on digital broadcasting |
| CN102075524A (en) * | 2010-12-28 | 2011-05-25 | 广东楚天龙智能卡有限公司 | Method for starting digital media interactive service through intelligent card |
| CN102075524B (en) * | 2010-12-28 | 2013-04-17 | 广东楚天龙智能卡有限公司 | Method for starting digital media interactive service through intelligent card |
| CN103024474A (en) * | 2012-11-30 | 2013-04-03 | 北京视博数字电视科技有限公司 | System and method for safely receiving and distributing of radio and television contents and internet gateway device |
| CN103024474B (en) * | 2012-11-30 | 2018-05-04 | 北京视博数字电视科技有限公司 | Broadcast television content receives safely system, method and the gateway device with distribution |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1315324C (en) | 2007-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4633202B2 (en) | Method for providing secure communication between two devices and application of this method | |
| CN101076109A (en) | Two-way CA system of digital TV-set and method for ordering and cancelling programm based on it | |
| CN101141246B (en) | Service key obtaining method and subscription management server | |
| RU2547446C2 (en) | Method of access to services provided by subscriber module | |
| EP1961223B1 (en) | Method of controlling access to a scrambled content | |
| CN1643924A (en) | Smart card mating protocol | |
| JP2003518843A (en) | How to operate a conditional access system to the broadcasting sector | |
| EP1802119A1 (en) | Method for protecting broadband video and audio broadcast content | |
| KR101406350B1 (en) | Method for managing consumption of digital contents within a client domain and devices implementing this method | |
| KR100969668B1 (en) | Method for Downloading CAS in IPTV | |
| CN1956449A (en) | Encipher transmission method and equipment system for preventing cpying data resource | |
| CN1655495A (en) | System and method for security key transmission with strong pairing to destination client | |
| EP2239944A1 (en) | Digital tv conditional access system and related handling procedure | |
| CN100442839C (en) | Information transmitting method and apparatus for interactive digital broadcast television system | |
| CN1859414A (en) | Digital copyright protecting method and system | |
| CN100344160C (en) | Method for realizing acquisition of user on-line information | |
| CN101335579A (en) | Method implementing conditional reception and conditional receiving apparatus | |
| WO2006012788A1 (en) | Subscriber authorizating method and authorizating system | |
| CN1867066A (en) | Digital television program broadcasting system and method | |
| CN1315324C (en) | Safe access method and device for digital broadcast television network | |
| CN101057446A (en) | Method and apparatus for receiving broadcast content | |
| CN109873818A (en) | Method and system for preventing illegal access to server | |
| US20070203843A1 (en) | System and method for efficient encryption and decryption of drm rights objects | |
| CN1668101A (en) | A conditional reception system merging Internet and cable television network environments | |
| CN111010491A (en) | Image data transmission method, device and system based on hiding technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070509 Termination date: 20200305 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |