WO2007085186A1 - Procédé de gestion de clé de flux multimédia, système et serveur d'application - Google Patents

Procédé de gestion de clé de flux multimédia, système et serveur d'application Download PDF

Info

Publication number
WO2007085186A1
WO2007085186A1 PCT/CN2007/000241 CN2007000241W WO2007085186A1 WO 2007085186 A1 WO2007085186 A1 WO 2007085186A1 CN 2007000241 W CN2007000241 W CN 2007000241W WO 2007085186 A1 WO2007085186 A1 WO 2007085186A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
media stream
terminal
encryption key
application server
Prior art date
Application number
PCT/CN2007/000241
Other languages
English (en)
Chinese (zh)
Inventor
Jun Yan
Jincheng Li
Xiangyang Wu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007085186A1 publication Critical patent/WO2007085186A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • H04L65/611Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for multicast or broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]

Definitions

  • the present invention relates to a communication medium, and more particularly to a media stream key management method and system, and an application server.
  • the streaming media service is a new service that has developed rapidly in recent years. It uses streaming technology to transmit multimedia files, including video and audio files, on a packet-switched network. These multimedia files can be played immediately without having to download them completely.
  • the key technology for streaming media service implementation is streaming technology.
  • the IP Multimedia Subsystem uses the IP packet domain as the bearer channel for its control signaling and media transmission. It uses the Session Initiation Protocol (SIP) as the call control signaling to implement service management. Separation of session control and bearer access.
  • SIP Session Initiation Protocol
  • Streaming media services based on IMS can make full use of the existing features of the IMS network and reuse functions in the IMS network architecture, such as authentication and billing, so that streaming media services can be efficiently and quickly developed.
  • the security of media streams is an important aspect to consider in streaming media business. How to effectively ensure the security of media stream transmission, so that the media stream is not illegally copied during the transmission process, which involves the legitimate interests of the content provider; at the same time, the security protection of the media stream also protects the user's personal privacy from being illegal. Stealing.
  • the media stream is protected by directly negotiating a key for media stream protection between the streaming server and the terminal, and the streaming server and the terminal share the key and encrypt the media content with the key. details as follows: 1.
  • the streaming media server and the terminal are based on a symmetric key architecture, and share the key K with each other;
  • the streaming media server and the terminal negotiate a media stream encryption key Kt;
  • the streaming media server uses the key encryption key Kt to encrypt the media stream and transmit it to the terminal.
  • the terminal uses Kt to decrypt the received media stream and play the program.
  • the basic idea of the above solution is to directly negotiate the key between the streaming server and the terminal based on the symmetric key K shared in advance.
  • this key management method requires the streaming server and the terminal to share certain information in advance, such as a symmetric key, based on which they can initiate negotiation of the media stream encryption key.
  • a symmetric key based on which they can initiate negotiation of the media stream encryption key.
  • the same streaming server may serve many users at the same time.
  • the streaming server needs to save the initial symmetric key for each user.
  • This key management method imposes a relatively large burden on the streaming server.
  • the streaming media server needs to be the same.
  • a content is encrypted multiple times. This is not necessary for certain applications where security is relatively low, such as television broadcasting. Broadcast programs generally only need to be encrypted once on the streaming server, while providing multiple users with monthly services, and multiple users use the same key. For such applications, if different users are separately encrypted, the computing overhead and storage requirements of the streaming server are greatly increased, and the efficiency of the streaming server is reduced.
  • the embodiment of the invention provides a media stream key management method and system, and an application server, which can reduce the key management overhead of the streaming media server and improve the efficiency of the streaming media server.
  • a media stream key management method includes: an application server obtains a media stream encryption key; and sends the media stream encryption key to a terminal and a streaming media server; and the terminal and the streaming media server The media stream encryption key encrypts/decrypts the streamed media content.
  • a media stream key management method includes: a terminal and an application server negotiate a media stream encryption key;
  • the application server sends the media stream encryption key to the streaming media server
  • a media stream key management method provided by another embodiment of the present invention includes:
  • the application server acquires a media stream encryption key from a streaming media server
  • the application server sends the media stream encryption key to the terminal
  • the terminal and the streaming server encrypt/decrypt the transmitted streaming media content with the media stream encryption key.
  • a media stream key management method includes: an application server sends a key encryption key to a streaming media server; a streaming media server obtains a media stream encryption key, and uses the key encryption key pair
  • the media stream encryption key is encrypted and sent to the terminal; the terminal decrypts using the previously obtained key encryption key to obtain a media stream encryption key; and the terminal and the streaming media server encrypt/decrypt the transmission using the media stream encryption key.
  • a media stream key management method includes: an application server sends a key encryption key to a streaming media server; and the streaming media server uses the key encryption key to negotiate with the terminal to determine a media stream encryption key.
  • the terminal and the streaming server encrypt/decrypt the transmitted streaming media content with the media stream encryption key.
  • a media stream key management system includes: an application server, a terminal, and a streaming media server; the terminal is configured to send a service request to the application server; and the application server generates a service request according to the received service request.
  • the media stream encryption key transmits the media stream encryption key to the terminal and the streaming media server; the streaming media server and the terminal encrypt/decrypt the transmitted streaming media content with the media stream encryption key.
  • a media stream key management system includes: an application server, a terminal, and a streaming media server; the terminal is configured to send a service request to the application server; and the application server receives the terminal Generating a key encryption key and transmitting it to the streaming server; the streaming server is configured to generate a media stream encryption key, and encrypt and send the media stream encryption key by using the key encryption key To the terminal; the terminal decrypts using the key encryption key to obtain a media stream encryption key, and encrypts/decrypts the transmitted streaming media content with the media stream encryption key with the streaming media server.
  • a media stream key management system includes: an application server, a terminal, and a streaming media server; the terminal is configured to send a service request to the application server; and the application server receives the terminal Generate a key encryption key after the business request and send it to the streaming media a server; the streaming media server uses the key encryption key to negotiate with the terminal to determine a media stream encryption key; and the streaming media server and the terminal encrypt/decrypt the transmitted streaming media content by using the media stream encryption key .
  • An application server includes: a receiving unit, a key obtaining unit, and a transmitting unit; the receiving unit is configured to receive a service request from the terminal, and notify the key obtaining unit; the key obtaining unit is After receiving the notification, the key is acquired according to the preset key acquisition manner and sent to the transmission unit; the transmission unit transmits the acquired key to the terminal and/or the streaming media server.
  • the embodiment of the present invention performs the key acquisition and delivery control through the application server and the streaming media server, that is, the unified management of the key through the application server on the service level, not only on the streaming media server. Therefore, the key management function is simplified and clear; in addition, the streaming media server does not need to store key information between the terminal and the terminal, and the keys are obtained through interaction with the application server, thereby reducing the key of the streaming media server. Manage overhead and increase the efficiency of streaming media servers.
  • FIG. 1 is a schematic diagram of a key management system for an IMS-based media stream according to the present invention
  • FIG. 2 is a schematic flowchart of a method for managing a key of an IMS-based media stream according to a first embodiment of the present invention
  • FIG. 3 is a schematic diagram of a process of a key management method for an IMS-based media stream according to a second embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a method for managing a key of an IMS-based media stream according to a third embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an embodiment of an application server of the present invention.
  • the IMS network realizes the separation of service management, session control and service bearer, and the execution level of the entire service is very clear.
  • the streaming media service in the IMS can control the acquisition and distribution of keys through the application server, thereby uniformly managing the keys.
  • the key management function can be simplified and simplified.
  • the streaming media server does not need to save the key information between the terminal and the terminal, and the keys are obtained through interaction with the application server, thereby Reduced key management overhead for streaming media servers.
  • the application server When the application server is responsible for distributing the keys of the encrypted media stream for the terminal and the streaming server, the application server can distribute the same media stream encryption key for different terminals requesting the same service, for example, when multiple users simultaneously watch the same TV channel. The application server can issue the same media stream encryption key for these users, so only one content encryption process is performed on the streaming media server.
  • the streaming media server When the streaming media server is responsible for distributing the media stream encryption key for different terminals, the streaming media server can distribute the same media stream encryption key for the terminal requesting the same content, thereby ensuring that the streaming media server only needs to encrypt the content once.
  • an embodiment of a key management system for an IMS-based media stream includes: a terminal 101, a proxy CSCF 105, a service CSCF 104, an application server 102, and a streaming server 103, wherein the proxy CSCF 105 is used.
  • the streaming service request sent by the terminal 101 to the application server 102 is forwarded to the serving CSCF 104, and the key forwarded by the serving CSCF 104 is received and forwarded to the terminal 101; the service CSCF 104 is used to trigger the request to the application
  • the server 102 performs a streaming media service request, and receives a key sent by the application server 102, and forwards the key to the proxy CSCF 105 or the streaming media server 103.
  • the application server 102 is configured to receive the streaming media service request sent by the terminal 101, and generate a secret.
  • the key is sent to the terminal 101 and the streaming server 103; the streaming server 103 is configured to transmit the encrypted media content encrypted/decrypted with the terminal 101.
  • the application server 102 and the terminal 101 can be connected via a Ut interface.
  • TEK Traffic Encryption Key
  • KEK Key Encryption Key
  • KEK has a long life cycle. For example, for users who pay for it, KEK can remain unchanged during the streaming service. For subscribers, KEK can remain unchanged for the entire subscription period, thus ensuring KEK. Protection frequently The efficiency of the TEK sent.
  • the application server can directly deliver the TEK to the terminal and the streaming media server.
  • the media stream encryption key is directly used to encrypt the streaming media content between the streaming media server and the terminal; the application server can also adopt a layered key management mode.
  • the KEK can be delivered to the terminal and the streaming server, and the TEK can be distributed through the protection of the KEK.
  • KMC Key Management Center
  • the application server After receiving the service request sent by the terminal, the application server obtains the key (KEK and/or TEK) through a certain key extraction method;
  • the key management method of the present invention may have the following embodiments according to different types of keys issued by the application server and different entities to be delivered:
  • the first embodiment is: After receiving the service request sent by the terminal, the application server obtains a key in one of several ways of obtaining the key, and sends the key as a TEK to the terminal and the streaming server. The terminal and the streaming server use the TEK to encrypt/decrypt the streaming media content transmitted between the two.
  • the second embodiment is: After receiving the service request sent by the terminal, the application server obtains a key in one of several ways of obtaining the key, and sends the key as a KEK to the terminal and the streaming media server.
  • the streaming server obtains a key in one of several ways of obtaining a key, and uses the key as a TEK to transmit the TEK to the terminal through the protection of the KEK.
  • the terminal and the streaming server encrypt/decrypt the TEK with the TEK.
  • the application server delivers the KEK to the terminal and the streaming server
  • the terminal and the streaming server negotiate the TEK with the KEK.
  • the advantage of using delivery instead of negotiation is that you can control the streaming server to be used by different users who use the same service. The same TEK, which reduces the load on the streaming server encryption.
  • the process of delivering the TEK to the terminal by the MRFP through the protection of the KEK can be performed by using a multicast key stream.
  • the streaming server can generate the TEK itself or obtain the TEK from the application server.
  • Third Embodiment After receiving the service request sent by the terminal, the application server obtains two keys in one of several ways of obtaining a key, one as KEK and one as TEK:.
  • the application server delivers the KEK to the terminal and sends the TEK to the terminal through the KEK protection.
  • the application server sends the TEK to the streaming server.
  • the terminal and the streaming server use the TEK to encrypt/decrypt the streaming media content transmitted between the two.
  • the KEK is sent to the streaming server, and the TEK is sent to the streaming server through the protection of the KEK.
  • the application server sends the TEK to the terminal.
  • the TEK encrypts/decrypts the streaming media content transmitted between the terminal and the streaming server.
  • the fourth embodiment is as follows: After the application server receives the service request sent by the terminal, the application server and the terminal can also obtain the key shared by the two through the GB A (General Bootstrapping Architecture) or other methods as the TEK. The key is sent to the streaming server as a TEK. The terminal and the streaming server use the TEK to encrypt/decrypt the streaming content transferred between the two.
  • GB A General Bootstrapping Architecture
  • the fifth embodiment is: After the application server receives the service request sent by the terminal, the application server obtains the TEK generated by the streaming server. The key is sent to the terminal as a TEK. The terminal and the streaming server use the TEK to encrypt/decrypt the streaming media content transmitted between the two.
  • the application server and the terminal can also obtain the key shared by both by the GBA (General Bootstrapping Architecture) or other methods as KEK.
  • GBA General Bootstrapping Architecture
  • the network side entity may save the KEK during the validity period of the service, so that when the terminal requests the service again, the same KEK is used to deliver the TEK, thereby reducing the application server to obtain the KEK. frequency.
  • the network side entity that holds the KEK may be an application server or a separate key management center, depending on how the KEK is generated.
  • KEK can be packaged in the copyright object and sent to Terminal.
  • the reason for choosing to do this is that KEK can have a relatively long life cycle, and the key protected by the copyright object can also be valid for the period specified by the copyright object.
  • the terminal generally supports the acquisition of copyright objects.
  • the copyright object can be sent to the terminal when the user orders the business.
  • the KEK is stored in the copyright distribution center or the key management center, depending on the implementation of copyright management.
  • the application server requests the key from the copyright issuing center or the key management center; the application server can also send the KEK to the terminal in the real-time manner when the user requests the service, and the application server can
  • the KEK is passed to a copyright distribution center, and the copyright distribution center issues the KEK in the form of a copyright object.
  • a method for key management of an IMS-based media stream includes the following steps:
  • the terminal sends a streaming service request to the application server, and the request may be performed through the Ut interface, or may be triggered by the proxy CSCF and the serving CSCF to the application server to perform a streaming service request. Before the request, the terminal has passed the authentication and key agreement process. Establishing a security alliance between the terminal and the proxy CSCF;
  • the application server determines whether the service request is a streaming media service request, and the determination may be based on specific content requested by the user, or based on some special identifier in the request; if the service request is a flow If the media service request is performed, step a3 is performed; if not, the process is processed according to other service definitions;
  • the application server obtains the media stream encryption key TEK in one of several ways of obtaining a key, and the figure illustrates the manner in which the key is obtained through the KMC;
  • the application server delivers the media stream encryption key TEK to the terminal and the streaming server.
  • the TEK delivers the TEK to the terminal through the serving CSCF and the proxy CSCF;
  • the terminal and streaming server use the media stream encryption key TEK to encrypt/decrypt the streaming media content transmitted between the two.
  • the terminal and the media server can subscribe to the application server.
  • the application server may select to distribute the same media stream encryption key for the terminal requesting the same service, so that the streaming media server only needs to encrypt the content once. and, 00241 one 9 one
  • the streaming media server and the terminal do not need to share the key information in advance, which reduces the key management burden of the streaming media server.
  • a method for key management of an IMS-based media stream includes the following steps:
  • the terminal sends a streaming service request to the application server, and the request may be performed through the Ut interface, or may be triggered by the proxy CSCF and the serving CSCF to the application server to perform a streaming service request. Before the request, the terminal has passed the authentication and key agreement process. Establishing a security alliance between the terminal and the proxy CSCF;
  • the application server determines whether the request is a streaming media service request, and the determination may be based on specific content requested by the user, or based on some special identifier in the request; if the request is a streaming media service If the request is yes, step b3 is performed, and if not, the process is processed according to other services;
  • the application server obtains the media stream encryption key KEK in one of several ways of obtaining a key, and the figure illustrates the manner of obtaining the key through the KMC;
  • the application server issues a key encryption key KEK to the terminal, and the KEK issuing method shown in the figure is to directly deliver the KEK to the terminal by the application server, and the KEK can also be sent to the terminal in the manner of a copyright object;
  • the terminal After receiving the KEK, the terminal sends an acknowledgement message to the application server.
  • the purpose of this step is to ensure that the terminal has received the KEK before receiving the TEK, so that the TEK can be successfully decrypted.
  • the application server sends a key encryption key KEK to the streaming media server;
  • the streaming server obtains a key in one of several ways to obtain a key, and uses the key as a TEK to be sent to the terminal through the protection of the KEK.
  • the figure shows that the streaming server directly delivers the TEK to the terminal.
  • the streaming media server can also deliver the TEK to the application server, and the application server sends the TEK to the terminal.
  • the terminal sends a subscription (SUBSCRIBE) message, subscribes to the change of the TEK; because the TEK changes frequently, the streaming server needs to notify the terminal in time after updating the TEK.
  • the terminal sends a SUBSCRIBE message to the streaming server to subscribe to the change of the TEK. If the TEK is delivered to the terminal through the application server, the application server sends a SUBSCRIBE message to the streaming server to subscribe to the change of the TEK.
  • the terminal and the streaming server encrypt/decrypt the streaming media content transmitted between the two by using the media stream encryption key TEK;
  • the streaming server After the blO. TEK is updated, the streaming server notifies the terminal by a NOTIFY message. If the TEK is sent to the terminal through the application server, after the TEK is updated, the streaming server notifies the application server of the changed TEK through the NOTIFY message, and the application server sends the TEK to the terminal.
  • the established connection channel may be used, for example, if there is an RTSP (Real-Time Streaming Protocol) channel, or between the terminal and the streaming server.
  • RTSP Real-Time Streaming Protocol
  • a separate delivery channel is set up, which can carry related address parameters in the SDP (Session Description Protocol) signaling for establishing a media stream.
  • the streaming media server may select to distribute the same media stream encryption key for the terminal requesting the same content, so that the streaming media server only needs to encrypt the content once, and the terminals may be different applications.
  • the services provided by the server may be different applications.
  • the dynamic distribution of the EK by the streaming server eliminates the need to share key information between the streaming server and the terminal, thereby reducing the key management burden of the streaming server.
  • a method for key management of an IMS-based media stream includes the following steps:
  • the terminal sends a streaming service request to the application server, and the request may be performed through the Ut interface, or may be triggered by the proxy CSCF and the serving CSCF to the application server to perform a streaming service request. Before the request, the terminal has passed the authentication and key agreement process. Establishing a security alliance between the terminal and the proxy CSCF;
  • the application server determines whether the request is a streaming media service request, and the determination may be based on specific content requested by the user, or based on some special identifier in the request; if the request is a streaming media service If the request is yes, step c3 is performed; if not, the process is processed according to other services;
  • the application server obtains the media stream encryption key KEK and the media stream encryption key TEK in one of several ways of obtaining the key, and the figure illustrates the manner of obtaining the key through the KMC;
  • the application server sends the key encryption key KEK to the terminal.
  • the KEK delivery mode shown in the figure is that the application server directly delivers the KEK to the terminal, and the KEK can also be issued in the form of a copyright object.
  • the application server protects the KEK by the key encryption key, and delivers the media stream encryption key TEK to the terminal and the streaming server;
  • the terminal sends a subscription (SUBSCRIBE) message to the application server, and subscribes to the change of the TEK; since the change of the TEK is frequent, the application server needs to notify the terminal in time after updating the TEK; c7.
  • the media stream encryption key TEK for the terminal and the streaming media server Encrypting/decrypting streaming media content transmitted between the two;
  • the application server After the TEK is updated, the application server notifies the terminal by means of a notification message;
  • the application server simultaneously transmits the updated TEK to the streaming server.
  • the application server may choose to distribute the same media stream encryption key for the terminal requesting the same service, so that the streaming media server only needs to encrypt the content once. Moreover, through the dynamic key distribution of the application server, the streaming media server and the terminal do not need to share the key information in advance, thereby reducing the key management burden of the streaming media server.
  • the application server 102 delivers the media stream encryption key:
  • the terminal 101 is configured to send a service request to the application server 102.
  • the application server 102 generates a media stream encryption key according to the received service request and sends the media stream encryption key to the terminal 101 and the streaming server 103;
  • streaming media server and the terminal encrypt/decrypt the transmitted streaming media content by using the media stream encryption key
  • the proxy call control function entity 105 is configured to receive a service request sent by the terminal 101 to the application server 102, forward it to the service call control function entity 104, and receive the key forwarded by the service call control function entity 104, and forward it to the terminal. 101;
  • the service call control function entity 104 is configured to trigger a service request to the application server 102 to perform a streaming service request, and receive a key issued by the application server 102, and forward it to the proxy call control function entity 105 or the streaming server 103.
  • the streaming media server 103 sends a media stream encryption key:
  • the terminal 101 is configured to send a service request to the application server 102.
  • the application server 102 generates a key encryption key after receiving the service request of the terminal 101 and sends it to the streaming server 102;
  • the streaming media server 103 is configured to generate a media stream encryption key, and encrypt the media stream encryption key by using the key encryption key and send it to the terminal 101;
  • the terminal 101 decrypts using the key encryption key to obtain a media stream encryption key, and encrypts/decrypts the transmitted streaming media content with the media stream encryption key with the streaming media server 103;
  • the proxy call control function entity 105 is configured to receive a service request sent by the terminal 101 to the application server 102, forward it to the service call control function entity 104, and receive the key forwarded by the service call control function entity 104, and forward it to the terminal. 101 ;
  • the service call control function entity 104 is configured to trigger a service request to the application server 102 to perform a streaming service request, and receive a key issued by the application server 102, and forward it to the proxy call control function entity 105 or the streaming server 103.
  • the streaming server 103 negotiates the media stream encryption key with the terminal 102:
  • the terminal 101 is configured to send a service request to the application server 102.
  • the application server 102 generates a key encryption key after receiving the service request of the terminal 101 and sends it to the streaming server 103;
  • the streaming media server 103 negotiates with the terminal 101 to determine a media stream encryption key by using the key encryption key;
  • the streaming server 103 and the terminal 101 encrypt/decrypt the transmitted streaming media content with the media stream encryption key.
  • the proxy call control function entity 105 is configured to receive a service request sent by the terminal 101 to the application server 102, forward it to the service call control function entity 104, and receive the key forwarded by the service call control function entity 104, and forward it to the terminal. 101;
  • the service call control function entity 104 is configured to trigger a service request to the application server 102 to perform a streaming service request, and receive a key issued by the application server 102, and forward it to the proxy call control function entity 105 or the streaming server 103.
  • an application server embodiment of the present invention includes:
  • the receiving unit 501 is configured to receive a service request from the terminal, and notify the key obtaining unit 502;
  • the key obtaining unit 502 acquires the key according to the preset key acquisition manner after receiving the notification, and sends the key to the transmission unit 503;
  • the transmission unit 503 transmits the acquired key to the terminal and/or the streaming server.
  • the method for obtaining the key by the key obtaining unit 502 includes at least: generating a key by itself, generating a key by negotiating with the terminal, obtaining a key from other network entities, and the like.
  • the key includes a key encryption key and/or a media stream encryption key.
  • the application server further includes: a key storage unit 504;
  • the key acquisition unit 502 acquires a key encryption key, it is stored in the key storage unit 504 during the lifetime of the key encryption key.
  • the embodiment of the present invention performs key management by combining the application server and the streaming media server, thereby effectively reducing the burden of key management of the streaming media server.
  • the application server and the streaming media server can choose to distribute the same media stream encryption key for different users according to different service types and different security requirements, so that when different users consume the same content, only the streaming media server The content is encrypted once to reduce the processing power of the streaming server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

La présente invention concerne un procédé de gestion de clé de flux multimédia basé sur un sous-système multimédia IP, un système de gestion de clé de flux multimédia et un serveur d'application, le serveur d'application et le serveur de diffusion en continu de multimédias faisant l'acquisition d'une clé et transmettant une commande conjointe, le serveur d'application peut transmettre une clé de chiffrement (TEK) de flux multimédia vers un terminal et au serveur de diffusion en continu de multimédias directement, la clé de chiffrement de flux multimédia peut être utilisée pour la diffusion en continu de multimédias entre le serveur de diffusion de multimédias de chiffrement et le terminal directement< le serveur d'application peut également adopter un mode de gestion de clé en couches, qui peut transmettre la clé et une clé de chiffrement (KEK) au terminal et à un serveur de diffusion en continu de multimédias, et ensuite distribuer la clé de chiffrement (TEK) via la clé de chiffrement (KEK). La présente invention peut réduire les frais permanents de gestion de clé de serveur de diffusion en continu de multimédias, améliorer l'efficacité de serveur de diffusion en continu de multimédias.
PCT/CN2007/000241 2006-01-24 2007-01-23 Procédé de gestion de clé de flux multimédia, système et serveur d'application WO2007085186A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610033380.4 2006-01-24
CN200610033380.4A CN101009551B (zh) 2006-01-24 2006-01-24 基于ip多媒体子***的媒体流的密钥管理***和方法

Publications (1)

Publication Number Publication Date
WO2007085186A1 true WO2007085186A1 (fr) 2007-08-02

Family

ID=38308856

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/000241 WO2007085186A1 (fr) 2006-01-24 2007-01-23 Procédé de gestion de clé de flux multimédia, système et serveur d'application

Country Status (2)

Country Link
CN (2) CN101009551B (fr)
WO (1) WO2007085186A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009132551A1 (fr) * 2008-04-29 2009-11-05 华为技术有限公司 Procédé d’obtention de clé de flux multimédia, équipement de session et entité à fonction de gestion de clé
WO2009143891A1 (fr) 2008-05-29 2009-12-03 Telefonaktiebolaget Lm Ericsson (Publ) Sécurité iptv dans un réseau de communication
WO2010027309A1 (fr) * 2008-09-05 2010-03-11 Telefonaktiebolaget L M Ericsson (Publ) Serveur d'application, procédé de commande associé, programme et support de stockage lisible par un ordinateur
EP2232748A1 (fr) * 2008-01-10 2010-09-29 General Instrument Corporation Protection de contenu de télévision sur protocole internet (ip) et contenu vidéo distribué sur un réseau basé sur un sous-système multimédia ip (ims)
WO2010114475A3 (fr) * 2009-04-01 2010-12-23 Telefonaktiebolaget L M Ericsson (Publ) Gestion de clé de sécurité dans des services de diffusion et de multidiffusion multimédia (mbms) basés sur ims

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101483808B (zh) * 2008-01-07 2011-01-05 中兴通讯股份有限公司 保障多媒体广播业务安全的方法
CN101521570B (zh) * 2008-02-27 2012-09-19 华为技术有限公司 一种实现iptv组播业务媒体安全的方法、***及设备
CN101729535B (zh) * 2009-06-30 2013-03-20 中兴通讯股份有限公司 一种媒体点播业务的实现方法
CN102055747B (zh) 2009-11-06 2014-09-10 中兴通讯股份有限公司 获取密钥管理服务器信息的方法、监听方法及***、设备
ES2583727T3 (es) 2010-02-11 2016-09-21 Huawei Technologies Co., Ltd. Método, equipo y sistema de operación para una clave de transmisión de flujos de medios
CN103188222B (zh) * 2011-12-28 2016-03-30 北大方正集团有限公司 一种数据信息分发的方法、***及装置
CN103987037A (zh) * 2014-05-28 2014-08-13 大唐移动通信设备有限公司 一种保密通信实现方法及装置
CN106921827A (zh) * 2015-12-25 2017-07-04 北京计算机技术及应用研究所 安全网络高清摄像机
CN111132147A (zh) * 2019-12-11 2020-05-08 上海欣方智能***有限公司 一种加密通话在移动终端上的实现方法
CN115811625A (zh) * 2021-09-14 2023-03-17 果核数位股份有限公司 定制信息安全等级之流媒体服务方法及***

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1492335A (zh) * 2002-10-25 2004-04-28 �Ҵ���˾ 用于媒体内容数据文件网络发布的安全***及方法
US20050108519A1 (en) * 2000-03-02 2005-05-19 Tivo Inc. Secure multimedia transfer system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050108519A1 (en) * 2000-03-02 2005-05-19 Tivo Inc. Secure multimedia transfer system
CN1492335A (zh) * 2002-10-25 2004-04-28 �Ҵ���˾ 用于媒体内容数据文件网络发布的安全***及方法

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2232748A1 (fr) * 2008-01-10 2010-09-29 General Instrument Corporation Protection de contenu de télévision sur protocole internet (ip) et contenu vidéo distribué sur un réseau basé sur un sous-système multimédia ip (ims)
EP2232748A4 (fr) * 2008-01-10 2013-10-02 Motorola Mobility Llc Protection de contenu de télévision sur protocole internet (ip) et contenu vidéo distribué sur un réseau basé sur un sous-système multimédia ip (ims)
WO2009132551A1 (fr) * 2008-04-29 2009-11-05 华为技术有限公司 Procédé d’obtention de clé de flux multimédia, équipement de session et entité à fonction de gestion de clé
WO2009143891A1 (fr) 2008-05-29 2009-12-03 Telefonaktiebolaget Lm Ericsson (Publ) Sécurité iptv dans un réseau de communication
US8433907B2 (en) 2008-09-05 2013-04-30 Telefonaktiebolaget L M Ericsson (Publ) Application server, control method thereof, program, and computer-readable storage medium
WO2010027309A1 (fr) * 2008-09-05 2010-03-11 Telefonaktiebolaget L M Ericsson (Publ) Serveur d'application, procédé de commande associé, programme et support de stockage lisible par un ordinateur
JP2012502547A (ja) * 2008-09-05 2012-01-26 テレフオンアクチーボラゲット エル エム エリクソン(パブル) アプリケーションサーバ及びその制御方法、プログラム、並びにコンピュータ可読記憶媒体
CN102379114A (zh) * 2009-04-01 2012-03-14 瑞典爱立信有限公司 基于ims的多媒体广播和多播服务(mbms)中的安全密钥管理
WO2010114475A3 (fr) * 2009-04-01 2010-12-23 Telefonaktiebolaget L M Ericsson (Publ) Gestion de clé de sécurité dans des services de diffusion et de multidiffusion multimédia (mbms) basés sur ims
RU2527730C2 (ru) * 2009-04-01 2014-09-10 Телефонактиеболагет Л М Эрикссон (Пабл) Управление ключами безопасности в основанных на ims услугах широковещания и многоадресного вещания мультимедиа (mbms)
CN104980434A (zh) * 2009-04-01 2015-10-14 瑞典爱立信有限公司 基于ims的多媒体广播和多播服务(mbms)中的安全密钥管理
US9344412B2 (en) 2009-04-01 2016-05-17 Telefonaktiebolaget L M Ericsson (Publ) Security key management in IMS-based multimedia broadcast and multicast services (MBMS)
EP3107258A1 (fr) * 2009-04-01 2016-12-21 Telefonaktiebolaget LM Ericsson (publ) Gestion de clé de sécurité dans des services de diffusion et de multidiffusion multimédia (mbms) basés sur ims
CN104980434B (zh) * 2009-04-01 2018-10-30 瑞典爱立信有限公司 基于ims的多媒体广播和多播服务中的安全密钥管理方法

Also Published As

Publication number Publication date
CN101009551B (zh) 2010-12-08
CN101313510A (zh) 2008-11-26
CN101009551A (zh) 2007-08-01

Similar Documents

Publication Publication Date Title
WO2007085186A1 (fr) Procédé de gestion de clé de flux multimédia, système et serveur d&#39;application
RU2391783C2 (ru) Способ управления цифровыми правами при широковещательном/многоадресном обслуживании
CN101155191B (zh) 支持ims终端享用现有iptv业务的***和方法
KR101203266B1 (ko) 스트리밍을 위한 제어 프로토콜 및 전송 프로토콜을 사용한보호 콘텐츠 반송
RU2417532C2 (ru) Доставка обновлений политик для защищенного содержимого
EP2319224B1 (fr) Serveur d&#39;application, système de distribution de média, procédé de commande associé, programme et support de stockage lisible par un ordinateur
JP4722478B2 (ja) 関連するストリーミングプロトコル群に対するセキュリティパラメータの統合
CN100592312C (zh) 一种数字版权保护方法及***、用户设备、多媒体服务器
US8948394B2 (en) Method and apparatus for distribution and synchronization of cryptographic context information
JP5153938B2 (ja) 通信ネットワークにおけるiptvセキュリティ
JP2005510184A (ja) 機密保護インターネット・プロトコル権利管理アーキテクチャ用の鍵管理プロトコルおよび認証システム
WO2009088761A1 (fr) Protection de contenu de télévision sur protocole internet (ip) et contenu vidéo distribué sur un réseau basé sur un sous-système multimédia ip (ims)
JP2007082191A (ja) コンテンツの保護のためのエンティティ同士の関連付け方法及び装置、並びにそのシステム
WO2008040201A1 (fr) Procédé d&#39;obtention d&#39;une clé à long terme (ltk) et serveur de gestion d&#39;abonnement associé
WO2008125023A1 (fr) Système, procédé de protection et serveur pour réaliser un service de canal virtuel
EP2510663A1 (fr) Procédé et agencement pour permettre une lecture de contenu multimédia
WO2009010005A1 (fr) Procédé, système et dispositif de mise en oeuvre de conversion de contenu multimédia
GB2417652A (en) Generating a content decryption key using a nonce and channel key data in an endpoint device
WO2009024071A1 (fr) Système, procédé et dispositif pour réaliser une sécurité de contenu multimédia iptv
KR20060105934A (ko) 브로드캐스트 서비스를 지원하는 서비스 제공자와 단말기간에 디지털 저작권 관리 컨텐츠 공유 방법 및 장치,그리고 그 시스템
WO2007036155A1 (fr) Procede de realisation d&#39;une previsualisation de programmes iptv, appareil de cryptage, systeme central de droits et terminal utilisateur
EP1978707B1 (fr) Procédé et système pour la génération et l&#39;acquisition de droits d&#39;auteurs et centre d&#39;octroi de droits
CN101521570B (zh) 一种实现iptv组播业务媒体安全的方法、***及设备
Chang et al. A cost-effective key distribution of P2P IPTV DRM over opportunistic multicast overlay for e-commerce systems
WO2008128475A1 (fr) Système de télévision sur ip à base d&#39;architecture ims et entité de service de protection de contenu et procédé

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780000180.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07702170

Country of ref document: EP

Kind code of ref document: A1