WO2008046323A1

WO2008046323A1 - Mobile telephone television service protect method, system and apparatus

Info

Publication number: WO2008046323A1
Application number: PCT/CN2007/070477
Authority: WO
Inventors: Qinwei Zhang; Zhibin Li; Ruinan Sun
Original assignee: Huawei Technologies Co., Ltd.
Priority date: 2006-10-16
Filing date: 2007-08-14
Publication date: 2008-04-24
Also published as: CN101166259A; CN101166259B

Abstract

A mobile telephone television service protect method is provided, the method includes the following steps: a mobile telephone television server uses the content key to encrypt the broadcast content, uses the service key to encrypt the content key, uses the user key to encrypt the service key, then broadcasts and sends the encrypted content and content key by the broadcast channel, and sends the encrypted service key to a terminal by the point to point channel; the terminal uses the user key to decrypt the received encrypted service key to obtain the service key, uses the obtained service key to decrypt the received encrypted content key to obtain the content key, and uses the obtained content key to decrypt the encrypted content to obtain the content. In addition, a mobile telephone television service protect system, a mobile telephone television server, a mobile telephone television terminal and a smart card are provided. In this way, the service quality can be improved with the terminal burden reduced to the greatest extent, and the service expansion adaptability is further improved.

Description

手机电视业务保护方法、 ***及装置技术领域 Mobile TV service protection method, system and device

本发明涉及手机电视领域，尤其涉及一种手机电视业务保护方法、 *** 及装置。发明背景 The present invention relates to the field of mobile phone television, and in particular, to a mobile phone television service protection method, system and device. Background of the invention

随着信息技术的迅速发展，移动终端的升级换代日新月异，各种基于移动终端开展的业务也越来越丰富。比如，如今的手机已经远远超过了打电话的功能，手机还可以拍照、听音乐等，而手机电视作为一项全新的业务，在世界各地逐渐开始测试或试商用甚至商用。 With the rapid development of information technology, the upgrading of mobile terminals is changing with each passing day, and various services based on mobile terminals are becoming more and more abundant. For example, today's mobile phones have far surpassed the function of making calls. Mobile phones can also take pictures and listen to music. As a brand-new business, mobile TV is gradually testing or trial-commercial or even commercial.

手机电视业务的运营，通常需要业务保护机制的支持，业务保护提供一种授权接入控制，保证只有订购了手机电视业务的用户才能接收并展现手机电视节目。业务保护的基本思想是采用三重密钥传输机制，具体来说，手机电视服务器和终端需要做的工作分别如下： The operation of the mobile TV service usually requires the support of a service protection mechanism. The service protection provides an authorized access control to ensure that only users who subscribe to the mobile TV service can receive and display mobile TV programs. The basic idea of service protection is to adopt a triple key transmission mechanism. Specifically, the mobile TV server and terminal need to do the following work:

手机电视服务器： 1、使用内容密钥通过对称加密算法对内容进行加密，并广播下发加密的内容； 2、使用业务密钥通过对称加密算法加密内容密钥，并广播下发加密后的内容密钥； 3、使用用户密钥通过对称加密算法或非对称加密算法加密业务密钥，并使用点对点通道或广播通道下发加密后的业务密钥。 Mobile TV server: 1. Encrypt the content through the symmetric encryption algorithm using the content key, and broadcast the encrypted content; 2. Encrypt the content key through the symmetric encryption algorithm using the service key, and broadcast the encrypted content. The key is obtained by using a user key to encrypt the service key through a symmetric encryption algorithm or an asymmetric encryption algorithm, and using the peer-to-peer channel or the broadcast channel to deliver the encrypted service key.

终端： 1、接收加密后的业务密钥，使用用户密钥解密，获得业务密钥明文并保存； 2、接收加密后的内容密钥，并使用第 1步获得的业务密钥解密，获得内容密钥； 3、接收加密后的内容，并使用第 2步获得的内容密钥解密，获得内容。 Terminal: 1. Receive the encrypted service key, decrypt it with the user key, obtain the business key plaintext and save it; 2. Receive the encrypted content key, and decrypt it using the service key obtained in step 1, to obtain the content. Key; 3. Receive the encrypted content, and decrypt it using the content key obtained in step 2 to obtain the content.

在终端正式开始使用手机电视业务前，需要和服务器协商用户密钥，用户密钥分别在终端和服务器侧生成，不在点对点交互通道上传送。现有的手机电视***主要分为基于地面或卫星数字广播技术、以及基于多媒体广播组播业务（MBMS, Multimedia Broadcast/Multicast Service )技术两种，其中， MBMS ^于第三代移动通信网络开展的业务。下面分别对基于数字广播技术和基于 MBMS技术的手机电视***中的业务保护机制进行筒要说明。 Before the terminal officially starts using the mobile TV service, it needs to negotiate the user key with the server. The user key is generated on the terminal and server side respectively, and is not transmitted on the point-to-point interaction channel. The existing mobile TV system is mainly divided into terrestrial or satellite digital broadcasting technology and multimedia broadcast/multicast service (MBMS) technology, among which MBMS ^ is carried out in the third generation mobile communication network. business. The following is a description of the service protection mechanism in the mobile TV system based on digital broadcasting technology and MBMS technology.

一、基于数字广播技术的手机电视*** 1. Mobile TV system based on digital broadcasting technology

基于数字广播技术的手机电视***使用数字广播网络分发内容，在带宽和能够提供的频道上，比基于 MBMS技术的手机电视***即基于移动网络的手机电视***更具有优势。基于数字广播技术的手机电视***使用条件接收 ***提供的机制实施业务保护，数字传输过程中的三重密钥分别是：控制字 ( CW, Control Word )、业务密钥（ SK, Service Key )、个人分配密钥（ PDK, Personal Distribution Key ),其中， CW相当于内容密钥、 SK即业务密钥、 PDK 相当于用户密钥。 Mobile TV systems based on digital broadcasting technology use digital broadcast networks to distribute content. On the bandwidth and available channels, it is more advantageous than mobile TV systems based on MBMS technology, that is, mobile TV based mobile TV systems. The mobile TV system based on digital broadcasting technology uses the mechanism provided by the conditional access system to implement service protection. The triple keys in the digital transmission process are: Control Word (CW, Control Word), Service Key (SK, Service Key), Personal A distribution key (PDK, Personal Distribution Key), where CW is equivalent to a content key, SK is a business key, and PDK is equivalent to a user key.

参见图 1所示，条件接收***主要包括加密前端和解密接收控制终端。其中，前端主要包括控制字发生器、加扰器、授权控制消息生成器（ECMG, Entitlement Control Message Generator ), 授权管理消息生成器（EMMG, Entitlement Management Message Generator ), 复用器、用户授权***（SAS, Subscriber Authorization System ) 和用户管理*** ( SMS , Subscriber Management System )„ 控制字发生器按一定时序随机产生加解扰密钥 CW, 并将产生的 CW传送给加扰器和 ECMG;加扰器采用 CW通过通用加扰算法实时加扰视 /音频数据节目流，并通过复用器将加扰后的节目流发送出去； ECMG采用业务密钥 SK对 CW进行加密，将 CW及访问条件（AC, Access Condition )信息用条件访问（CA, Condition Access )厂商的私有算法加密，生成授权控制信息（ECM, Entitlement Control Message ), 并通过复用器将 ECM发送出去； EMMG采用 PDK对 SK和用户管理信息进行加密，生成授权管理消息（ EMM, Entitlement Management Message ),并通过复用器将 EMM 发送出去，用户管理信息由提供商的用户管理***形成，包括用户名称、地址、智能***、账单、用户购买的频道信息、有效时间等等。 Referring to FIG. 1, the conditional access system mainly includes an encryption front end and a decryption reception control terminal. The front end mainly includes a control word generator, a scrambler, an Entitlement Control Message Generator (ECMG), an Entitlement Management Message Generator (EMMG), a multiplexer, and a user authorization system ( SAS, Subscriber Authorization System) and User Management System (SMS, Subscriber Management System) „ Control word generator randomly generates the descrambling key CW according to a certain timing, and transmits the generated CW to the scrambler and ECMG; scrambler The CW is used to encrypt the video/audio data program stream in real time through the universal scrambling algorithm, and the scrambled program stream is sent out through the multiplexer; ECMG encrypts the CW by using the service key SK, and the CW and access conditions (AC) , Access Condition ) information is encrypted with the private algorithm of the conditional access (CA, Condition Access) vendor, generating Entitlement Control Message (ECM), and will be passed through the multiplexer. The ECM sends out; the EMMG uses the PDK to encrypt the SK and user management information, generates an Entitlement Management Message (EMM), and sends the EMM through the multiplexer. The user management information is formed by the provider's user management system. Includes user name, address, smart card number, billing, channel information purchased by the user, valid time, and more.

终端主要包括解复用器、授权管理消息解密器、授权控制消息解密器和解扰器。其中，解复用器用于接收前端发送的数据流，并进行解复用；授权管理消息解密器用于根据智能卡上存储的 EMM密钥（用户私钥 )解密流中的 EMM; 授权控制消息解密器用于根据智能卡上存储的 ECM密钥（业务密钥 )解密流中的 ECM, 并将 ECM中包含的 CW传送给解扰器；解扰器采用 CW对加扰后的节目流进行解扰，还原出节目流明文。 The terminal mainly includes a demultiplexer, an authorization management message decryptor, an authorization control message decryptor, and a descrambler. The demultiplexer is configured to receive the data stream sent by the front end and perform demultiplexing; the authorization management message decryptor is configured to decrypt the EMM in the stream according to the EMM key (user private key) stored on the smart card; and the authorization control message decryptor Decrypting the ECM in the stream according to the ECM key (service key) stored on the smart card, and transmitting the CW included in the ECM to the descrambler; the descrambler uses the CW to descramble the scrambled program stream, and restores The program stream is clear.

可见，在基于数字广播技术的手机电视***中，手机电视服务器需要将 It can be seen that in the mobile TV system based on digital broadcasting technology, the mobile TV server needs to

EMM广播发送给所有终端，各个终端需要识别每个 EMM是否属于自己；并且，由于是广播发送，服务器无法知晓终端是否接收到 EMM, 为了保证终端能够接收到 EMM, 服务器需要重复为每个终端发送 EMM。这样的发送方式将严重占用广播通道的带宽；并且，由于 EMM是广播发送的，所有终端都能接收，但是每一个 EMM只有一个终端能使用，因此每个终端都需要判断 EMM是否是发送给自己的，这将严重增加终端的处理负担；另外，即使终端已经接收到自己的 EMM, 但是由于服务器并不知晓仍在重复发送，终端就需要重复进行处理，这样同样会增加终端的处理负担。 The EMM broadcast is sent to all terminals, and each terminal needs to identify whether each EMM belongs to itself. Moreover, since it is broadcast transmission, the server cannot know whether the terminal receives the EMM. In order to ensure that the terminal can receive the EMM, the server needs to repeatedly send for each terminal. EMM. Such a transmission method will seriously occupy the bandwidth of the broadcast channel; and, since the EMM is broadcasted, all terminals can receive, but only one terminal can be used by each EMM, so each terminal needs to determine whether the EMM is sent to itself. In addition, this will seriously increase the processing load of the terminal; in addition, even if the terminal has received its own EMM, since the server does not know that the transmission is still repeated, the terminal needs to repeat the processing, which also increases the processing load of the terminal.

二、基于 MBMS技术的手机电视*** Second, mobile phone TV system based on MBMS technology

基于 MBMS技术的手机电视***使用基站***提供的信道下发内容，由于带宽和频率的限制，可以提供的频道比基于数字广播技术的手机电视*** 少，广播通道的带宽也小。基于 MBMS技术的手机电视***的业务保护技术是基于第三代移动通信标准伙伴化项目（ 3GPP )制定的通用引导框架（ GBA, Generic Bootstrapping Architecture ) 的 , 具有以下基本特征： 1、使用 MBMS流密钥（MTK, MBMS traffic key )通过对称加密算法对广播下发的内容进行加密； 2、使用 MBMS业务密钥（ MSK, MBMS service Key )通过对称加密算法加密广播下发的 MTK; 3、使用 MBMS 用户密钥 ( MUK, MBMS User Key )通过对称加密算法加密点对点下发的 MSK; 4、通过 GBA初始化过程，终端和网络侧协商 GBA共享密钥 MUK, 共享密钥分别在终端和网络侧生成，不需要在任何通道上生成。 The mobile phone television system based on MBMS technology uses the channel provided by the base station system to deliver content. Due to the limitation of bandwidth and frequency, the channel can be provided less than the mobile TV system based on digital broadcasting technology, and the bandwidth of the broadcast channel is also small. The service protection technology of mobile TV system based on MBMS technology is based on the Generic Bootstrapping Architecture (GBA) developed by the 3rd Generation Mobile Communication Standard Partnering Project (3GPP), which has the following basic features: 1. Use the MBMS flow key (MTK, MBMS traffic key) to encrypt the content delivered by the broadcast through the symmetric encryption algorithm; 2. Use the MBMS service key (MSK, MBMS service key) to encrypt the broadcast delivered by the symmetric encryption algorithm. MTK; 3. Using the MBMS user key (MUK, MBMS User Key) to encrypt the MSK delivered by the peer-to-peer through the symmetric encryption algorithm; 4. Through the GBA initialization process, the terminal and the network side negotiate the GBA shared key MUK, and the shared key is respectively Terminal and network side generation, no need to generate on any channel.

GBA初始化过程是 3GPP制定的一个通用安全认证流程，终端和网络侧之间通过该流程协商一个初始共享密钥 Ks, 该 Ks将作为密钥种子使用，可以生成具体应用中需要的密钥。 The GBA initialization process is a general security authentication process established by the 3GPP. The terminal and the network side negotiate an initial shared key Ks through the process. The Ks will be used as a key seed to generate the key required for the specific application.

参见图 2所示， GBA初始化流程主要包括以下步骤： Referring to Figure 2, the GBA initialization process mainly includes the following steps:

步骤 201:终端向引导服务功能模块（ BSF, Bootstrapping Server Function ) 发送密钥协商请求，该请求中包含用户标识。 Step 201: The terminal sends a key negotiation request to a Bootstrapping Server Function (BSF), where the request includes a user identifier.

其中， BSF 是网络侧的一个服务器；用户标识为国际移动用户标识 ( IMSI, International Mobile Subscriber Identity )或 IP多媒体私有标识（ IMPI, IP Multimedia Private Identity )等。终端主要包括收发单元和智能卡两部分，收发单元主要负责与 BSF之间的通信和数据传输；智能卡中保存有运营商预置的机密密钥 K, 用户标识 IMPI/IMSI、以及一些安全算法等信息。 The BSF is a server on the network side; the user identifier is an International Mobile Subscriber Identity (IMSI) or an IP Multimedia Private Identity (IMI). The terminal mainly includes two parts: a transceiver unit and a smart card. The transceiver unit is mainly responsible for communication and data transmission with the BSF; the smart card stores the secret key K preset by the operator, the user identifier IMPI/IMSI, and some security algorithms. .

步骤 202: BSF收到终端发起的密钥协商请求后，从鉴权中心获取鉴权元组 ( AV, Authentication Vector ), AV = RANDIIAUTNIIXRESIICKIIIK。 Step 202: After receiving the key negotiation request initiated by the terminal, the BSF obtains an authentication element set (AV, Authentication Vector), AV = RANDIIAUTNIIXRESIICKIIIK from the authentication center.

其中， RAND、 AUTN、 XRES、 CK和 IK等参数的具体定义请参考 3GPP 标准规范 33220-720-GAA-Generic bootstrapping architecture(GBA)₀ For the specific definition of parameters such as RAND, AUTN, XRES, CK and IK, please refer to 3GPP standard specification 33220-720-GAA-Generic bootstrapping architecture (GBA) ₀

步骤 203： BSF将鉴权元组中的 RAND和 AUTN发送给终端。 Step 203: The BSF sends the RAND and the AUTN in the authentication tuple to the terminal.

其中， AUTN用于终端对网络进行认证； RAND用于终端生成会话密钥和响应消息，然后将响应消息发送给 BSF, 让 BSF对终端进行认证。 The AUTN is used by the terminal to authenticate the network; the RAND is used by the terminal to generate a session key and a response message, and then sends a response message to the BSF, so that the BSF authenticates the terminal.

步骤 204: 终端收到 BSF发来的数据后，使用智能卡内置的安全算法及机密密钥 K对 AUTN进行认证，认证通过后，终端使用机密密钥 K和 BSF 下发的随机数 RAND计算 RES和会话密钥 IK、 CK。 Step 204: After receiving the data sent by the BSF, the terminal uses the security algorithm built in the smart card and The secret key K authenticates the AUTN. After the authentication is passed, the terminal calculates the RES and the session keys IK, CK using the secret key K and the random number RAND issued by the BSF.

步骤 205: 终端将 RES携带在响应消息中发送给 BSF。 Step 205: The terminal sends the RES to the BSF in a response message.

步骤 206: BSF收到终端发送来的响应消息后，对终端进行认证，判断响应消息中携带的 RES是否等于鉴权中心发来的 XRES, 也就是判断用户是否合法即判断智能卡内的私密信息是否合法，如果认证通过， BSF则生成一个 GBA 共享密钥 Ks、及密钥标识 ( B-TID , Bootstrapping Transaction Identifier ), 并配置密钥 Ks的生命周期，其中， Ks=CKIIIK。 Step 206: After receiving the response message sent by the terminal, the BSF authenticates the terminal, and determines whether the RES carried in the response message is equal to the XRES sent by the authentication center, that is, whether the user is legal, that is, whether the private information in the smart card is determined. Legally, if the authentication is passed, the BSF generates a GBA shared key Ks, a B-TID, a Bootstrapping Transaction Identifier, and configures the life cycle of the key Ks, where Ks=CKIIIK.

步骤 207: BSF将 B-TID和生命周期信息发送给终端。 Step 207: The BSF sends the B-TID and lifecycle information to the terminal.

步骤 208: 终端收到 B-TID和生命周期信息后，根据步骤 204中生成的 IK和 CK生成 Ks=CKIIIK,并将 BSF发来的 B-TID和生命周期作为刚生成的 Ks的密钥标识和生命周期。 Step 208: After receiving the B-TID and the lifecycle information, the terminal generates Ks=CKIIIK according to the IK and CK generated in step 204, and uses the B-TID and the lifecycle sent by the BSF as the key identifier of the newly generated Ks. And the life cycle.

Ks 生成以后，终端和 BSF 就可以将 Ks 作为密钥种子，继续生成 Ks_int_NAF和 Ks_ext_NAF, 这两个密钥将在具体的业务流程中使用。沿用 MBMS对这两个密钥的称呼，其中， Ks_int_NAF在 MBMS中称为 MUK, 用来加密业务密钥； Ks_ext_NAF称为 MBMS请求密钥（ MRK, MBMS Request Key ), 用于业务订购和业务密钥请求时的用户身份认证。 After Ks is generated, the terminal and BSF can use Ks as the key seed and continue to generate Ks_int_NAF and Ks_ext_NAF, which will be used in specific business processes. The name of the two keys is used in the MBMS. The Ks_int_NAF is called MUK in the MBMS and is used to encrypt the service key. The Ks_ext_NAF is called the MBMS Request Key (MRK, MBMS Request Key), which is used for service ordering and service confidentiality. User authentication at the time of the key request.

可见，在基于 MBMS技术的手机电视***中，通过移动网络使用点对点通道协商用户密钥和下发业务密钥是一种比较安全的机制。但是，受到移动网络本身的限制，在内容下发时存在明显的缺点，由于一个基站所能提供的带宽有限，支持的频道相对地面数字广播要少，而高质量视频需要占用较多的带宽，因此，基于 MBMS技术的视频质量要比地面数字广播的差，也就是说,基于 MBMS技术的手机电视***所提供的业务质量要低于基于数字广播技术的手机电视***所提供的业务质量。发明内容 It can be seen that in the mobile TV system based on MBMS technology, it is a relatively safe mechanism to negotiate the user key and deliver the service key through the mobile network using the peer-to-peer channel. However, due to the limitations of the mobile network itself, there are obvious shortcomings when content is delivered. Because a base station can provide limited bandwidth, the supported channels are less than terrestrial digital broadcasts, and high-quality video requires more bandwidth. Therefore, the quality of video based on MBMS technology is worse than that of terrestrial digital broadcasting. That is to say, the quality of service provided by mobile TV system based on MBMS technology is lower than that provided by mobile TV system based on digital broadcasting technology. Summary of the invention

有鉴于此，本发明的目的在于提供一种手机电视业务保护方法、 ***及装置，在尽量降低终端负担的情况下提高业务质量。 In view of the above, an object of the present invention is to provide a mobile phone television service protection method, system and device, which improve service quality while minimizing terminal load.

为达到上述目的，本发明实施例提供的手机电视业务保护方法如下：手机电视服务器使用内容密钥对广播内容进行加密，使用业务密钥对内容密钥进行加密，使用用户密钥对业务密钥进行加密，并通过广播通道广播下发加密后的内容和内容密钥，通过点对点通道向终端下发加密后的业务密钥； To achieve the above objective, the mobile TV service protection method provided by the embodiment of the present invention is as follows: The mobile TV server encrypts the broadcast content by using the content key, encrypts the content key by using the service key, and uses the user key to the service key. Encrypting, and transmitting the encrypted content and content key through the broadcast channel, and delivering the encrypted service key to the terminal through the peer-to-peer channel;

终端使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并使用获得的内容密钥对加密后的内容进行解密获得内容。 The terminal decrypts the received encrypted service key by using the user key to obtain a service key, decrypts the received encrypted content key using the obtained service key, obtains the content key, and uses the obtained content. The key decrypts the encrypted content to obtain the content.

其中，所述手机电视服务器使用用户密钥对业务密钥进行加密之前进一步包括：终端和引导服务功能模块 BSF协商用户密钥，手机电视服务器从 BSF获取该终端的用户密钥。 Before the mobile phone television server encrypts the service key by using the user key, the terminal further includes: the terminal and the guiding service function module BSF negotiate the user key, and the mobile TV server acquires the user key of the terminal from the BSF.

所述手机电视服务器通过点对点通道向终端下发加密后的业务密钥时进一步包括：根据用户订购关系确定业务密钥有效期，并将业务密钥有效期通过点对点通道下发给终端。 When the mobile phone television server sends the encrypted service key to the terminal through the point-to-point channel, the method further includes: determining the validity period of the service key according to the user subscription relationship, and delivering the service key validity period to the terminal through the point-to-point channel.

该方法进一步包括：根据内容密钥的加密周期将计费周期划分为时间区间的组合； The method further includes: dividing the billing period into a combination of time zones according to an encryption period of the content key;

所述用户为包月用户时，所述业务密钥有效期开始时刻为计费周期开始时刻，所述业务密钥有效期结束时刻为计费周期结束时刻； When the user is a monthly user, the service key validity period start time is a billing period start time, and the service key validity period end time is a billing period end time;

所述用户为按次消费用户时，所述业务密钥有效期开始时刻为节目开始时刻所在时间区间的下限，所述业务密钥有效期结束时刻为节目终止时刻所在时间区间的上限。 When the user is a pay-per-view user, the service key validity period start time is a lower limit of a time interval in which the program start time is located, and the service key validity period end time is an upper limit of a time interval in which the program termination time is.

所述手机电视服务器通过广播通道广播下发加密后的内容密钥时进一步包括：根据内容密钥生效时刻 CW_ID 生成内容密钥标识 MTK_ID, 并将 MTKJD广播下发给终端； When the mobile TV server broadcasts the encrypted content key through the broadcast channel, further The method includes: generating a content key identifier MTK_ID according to the content key effective time CW_ID, and transmitting the MTKJD broadcast to the terminal;

所述终端使用获得的业务密钥对收到的加密后的内容密钥进行解密之前进一步包括：终端判断内容密钥标识 MTK_ID是否在业务密钥有效期内，如果是，则使用获得的业务密钥对收到的加密后的内容密钥进行解密；否则，拒绝进行解密。 Before the terminal decrypts the received encrypted content key by using the obtained service key, the terminal further includes: determining, by the terminal, whether the content key identifier MTK_ID is within the validity period of the service key, and if yes, using the obtained service key Decrypt the received encrypted content key; otherwise, refuse to decrypt.

所述内容密钥标识 MTK_ID为内容密钥生效时刻 CW_ID所在时间区间的上限值。 The content key identifier MTK_ID is an upper limit value of a time interval in which the content key effective time CW_ID is located.

对应所提供的方法，本发明还提供了一种手机电视业务保护***，该系统包括：手机电视服务器和手机电视终端，其特征在于，所述手机电视服务器包括加扰器和密钥管理单元，其中， Corresponding to the provided method, the present invention further provides a mobile phone television service protection system, the system comprising: a mobile phone television server and a mobile phone television terminal, wherein the mobile phone television server comprises a scrambler and a key management unit, among them,

加扰器，用于生成内容密钥，将生成的内容密钥发送给密钥管理单元，并使用内容密钥对广播内容进行加密，通过广播通道广播下发加密后的内容；密钥管理单元，用于管理用户密钥和业务密钥，使用用户密钥对业务密钥进行加密，通过点对点通道将加密后的业务密钥发送给终端，并用于接收来自加扰器的内容密钥，使用业务密钥对内容密钥进行加密，通过广播通道广播下发加密后的内容密钥； a scrambler, configured to generate a content key, send the generated content key to the key management unit, and encrypt the broadcast content by using the content key, and broadcast the encrypted content through the broadcast channel; the key management unit For managing the user key and the service key, encrypting the service key with the user key, transmitting the encrypted service key to the terminal through the peer-to-peer channel, and receiving the content key from the scrambler, using The service key encrypts the content key, and broadcasts the encrypted content key through the broadcast channel;

所述终端包括智能卡和收发单元，其中， The terminal includes a smart card and a transceiver unit, wherein

智能卡，用于管理用户密钥，并用于接收来自手机电视服务器的加密后的业务密钥，使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，并用于接收来自手机电视服务器的加密后的内容密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元； a smart card, configured to manage a user key, and configured to receive an encrypted service key from a mobile TV server, decrypt the received encrypted service key using a user key, obtain a service key, and receive the mobile phone from the mobile phone The encrypted content key of the television server, decrypting the received encrypted content key using the obtained service key to obtain a content key, and transmitting the obtained content key to the transceiver unit;

收发单元，用于接收来自智能卡的内容密钥以及来自手机电视服务器的加密后的内容，并使用收到的内容密钥对收到的加密后的内容进行解密获得内容明文。 a transceiver unit, configured to receive a content key from the smart card and the encrypted content from the mobile phone television server, and decrypt the received encrypted content by using the received content key The content is clear.

所述加扰器包括控制字生成器和内容加密模块，其中， The scrambler includes a control word generator and a content encryption module, wherein

控制字生成器，用于生成内容密钥，并将生成的内容密钥发送给密钥管理单元和内容加密模块； a control word generator, configured to generate a content key, and send the generated content key to the key management unit and the content encryption module;

内容加密模块，用于接收来自控制字生成器的内容密钥，并使用内容密钥对广播内容进行加密，通过广播通道广播下发加密后的内容； a content encryption module, configured to receive a content key from the control word generator, and encrypt the broadcast content by using a content key, and broadcast the encrypted content through a broadcast channel;

所述密钥管理单元包括用户密钥管理模块、业务密钥管理模块、内容密钥消息生成模块和授权控制消息生成器，其中， The key management unit includes a user key management module, a service key management module, a content key message generation module, and an authorization control message generator, where

用户密钥管理模块，用于管理用户密钥； a user key management module, configured to manage a user key;

业务密钥管理模块，用于管理业务密钥，将业务密钥发送给内容密钥消息生成模块，并用于从用户密钥管理模块获取用户密钥，使用用户密钥对业务密钥进行加密，生成包括加密后业务密钥的业务密钥消息，并通过点对点通道将业务密钥消息发送给终端； a service key management module, configured to manage a service key, send the service key to the content key message generating module, and obtain the user key from the user key management module, and encrypt the service key by using the user key, Generating a service key message including the encrypted service key, and transmitting the service key message to the terminal through the point-to-point channel;

内容密钥消息生成模块，用于接收来自业务密钥管理模块的业务密钥以及来自控制字生成器的内容密钥，使用业务密钥对内容密钥进行加密，生成包括加密后内容密钥的内容密钥消息，并将内容密钥消息发送给授权控制消息生成器； a content key message generating module, configured to receive a service key from the service key management module and a content key from the control word generator, encrypt the content key by using the service key, and generate the content key including the encrypted content key a content key message, and sending the content key message to the authorization control message generator;

授权控制消息生成器，用于接收来自内容密钥消息生成模块的内容密钥消息，将内容密钥消息进一步打包，生成授权控制消息，并将生成的授权控制消息发送给加扰器； An authorization control message generator, configured to receive a content key message from the content key message generating module, further package the content key message, generate an authorization control message, and send the generated authorization control message to the scrambler;

所述加扰器进一步用于接收来自授权控制消息生成器的授权控制消息，并通过广播通道广播下发收到的授权控制消息。 The scrambler is further configured to receive an authorization control message from the authorization control message generator, and broadcast the received authorization control message through the broadcast channel.

所述智能卡包括用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，其中， The smart card includes a user key management module, a service key management module, and a content key decryption module, where

用户密钥管理模块，用于管理用户密钥；业务密钥管理模块，用于接收来自手机电视服务器的业务密钥消息，从用户密钥管理模块获取用户密钥，使用用户密钥对收到的业务密钥消息中携带的加密后业务密钥进行解密获得业务密钥，并将获得的业务密钥发送给内容密钥解密模块； a user key management module, configured to manage a user key; a service key management module, configured to receive a service key message from the mobile phone television server, obtain a user key from the user key management module, and use the user key to encrypt the encrypted service key carried in the received service key message. Decrypting to obtain a service key, and transmitting the obtained service key to the content key decryption module;

内容密钥解密模块，用于接收来自业务密钥管理模块的业务密钥以及来自收发单元的内容密钥消息，并使用收到的业务密钥对收到的内容密钥消息中携带的加密后内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元； a content key decryption module, configured to receive a service key from the service key management module and a content key message from the transceiver unit, and use the received service key to encrypt the received content key message Decrypting the content key to obtain a content key, and transmitting the obtained content key to the transceiver unit;

所述收发单元包括授权控制消息解析模块、内容解密模块和内容展现模块，其中， The transceiver unit includes an authorization control message parsing module, a content decryption module, and a content presentation module, where

授权控制消息解析模块，用于接收来自手机电视服务器的授权控制消息，从授权控制消息中解析出内容密钥消息，并将解析出的内容密钥消息发送给内容解密模块； The authorization control message parsing module is configured to receive an authorization control message from the mobile phone television server, parse the content key message from the authorization control message, and send the parsed content key message to the content decryption module;

内容解密模块，用于接收来自内容密钥解密模块的内容密钥以及来自手机电视服务器的加密后的内容，使用收到的内容密钥对收到的加密后的内容进行解密获得内容明文，并将解密后的内容发送给内容展现模块； a content decryption module, configured to receive a content key from the content key decryption module and the encrypted content from the mobile TV server, and decrypt the received encrypted content using the received content key to obtain a plaintext, and Sending the decrypted content to the content presentation module;

内容展现模块，用于接收来自内容解密模块的内容，并对收到的内容进行解码展现。 a content presentation module, configured to receive content from the content decryption module, and decode and display the received content.

所述手机电视服务器的业务密钥管理模块进一步用于根据用户订购关系确定业务密钥有效期，并在生成的业务密钥消息中进一步携带业务密钥有效期。 The service key management module of the mobile phone television server is further configured to determine a service key validity period according to the user subscription relationship, and further carry the service key validity period in the generated service key message.

所述加扰器进一步用于在生成内容密钥后确定内容密钥生效时刻，并将内容密钥生效时刻发送给内容密钥消息生成模块； The scrambler is further configured to determine a content key effective time after generating the content key, and send the content key effective time to the content key message generating module;

所述内容密钥消息生成模块进一步用于接收来自加扰器的内容密钥生效时刻，并根据内容密钥生效时刻生成内容密钥标识，并在生成的内容密钥消息中进一步携带内容密钥标识。 The content key message generating module is further configured to receive a content key effective time from the scrambler, and generate a content key identifier according to the content key effective time, and generate the content key The content further carries the content key identifier.

所述终端的内容密钥解密模块进一步用于从终端的业务密钥管理模块获取业务密钥有效期，并判断收到的内容密钥消息中携带的内容密钥标识是否在业务密钥有效期内。 The content key decryption module of the terminal is further configured to obtain a service key validity period from the service key management module of the terminal, and determine whether the content key identifier carried in the received content key message is within a validity period of the service key.

并且，本发明还提供了一种手机电视服务器，包括：加扰器和密钥管理单元，其中， Moreover, the present invention also provides a mobile phone television server, including: a scrambler and a key management unit, wherein

加扰器，用于生成内容密钥，将生成的内容密钥发送给密钥管理单元，并使用内容密钥对广播内容进行加密，通过广播通道广播下发加密后的内容；密钥管理单元，用于管理用户密钥和业务密钥，使用用户密钥对业务密钥进行加密，通过点对点通道下发加密后的业务密钥，并用于接收来自加扰器的内容密钥，使用业务密钥对内容密钥进行加密，通过广播通道广播下发加密后的内容密钥。 a scrambler, configured to generate a content key, send the generated content key to the key management unit, and encrypt the broadcast content by using the content key, and broadcast the encrypted content through the broadcast channel; the key management unit For managing the user key and the service key, encrypting the service key with the user key, delivering the encrypted service key through the peer-to-peer channel, and receiving the content key from the scrambler, using the service key The key encrypts the content key, and broadcasts the encrypted content key through the broadcast channel.

业务密钥管理模块，用于管理业务密钥，将业务密钥发送给内容密钥消息生成模块，并用于从用户密钥管理模块获取用户密钥，使用用户密钥对业务密钥进行加密，生成包括加密后业务密钥的业务密钥消息，并通过点对点通道下发业务密钥消息； a service key management module, configured to manage a service key, send the service key to the content key message generating module, and obtain the user key from the user key management module, and encrypt the service key by using the user key, Generating a service key message including the encrypted service key, and delivering a service key message through the peer-to-peer channel;

内容密钥消息生成模块，用于接收来自业务密钥管理模块的业务密钥以及来自控制字生成器的内容密钥，使用业务密钥对内容密钥进行加密，生成包括加密后内容密钥的内容密钥消息，并将内容密钥消息发送给授权控制消息生成器； a content key message generating module, configured to receive a service key from the service key management module And the content key from the control word generator, encrypting the content key using the service key, generating a content key message including the encrypted content key, and transmitting the content key message to the authorization control message generator;

所述业务密钥管理模块进一步用于根据用户订购关系确定业务密钥有效期，并在生成的业务密钥消息中进一步携带业务密钥有效期。 The service key management module is further configured to determine a validity period of the service key according to the user subscription relationship, and further carry the service key validity period in the generated service key message.

所述内容密钥消息生成模块进一步用于接收来自加扰器的内容密钥生效时刻，并根据内容密钥生效时刻生成内容密钥标识，并在生成的内容密钥消息中进一步携带内容密钥标识。 The content key message generating module is further configured to receive a content key effective time from the scrambler, generate a content key identifier according to the content key effective time, and further carry the content key in the generated content key message. Logo.

本发明还提供了一种手机电视终端，包括：智能卡和收发单元，其中，智能卡，用于管理用户密钥，并用于接收点对点下发的加密后的业务密钥，使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，并用于接收来自广播下发的加密后的内容密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元； The invention also provides a mobile phone television terminal, comprising: a smart card and a transceiver unit, wherein the smart card is used for managing the user key and is used for receiving the encrypted service key delivered by the peer-to-peer, using the user key pair to receive The encrypted service key is decrypted to obtain a service key, and is used for receiving the encrypted content key delivered from the broadcast, and decrypting the received encrypted content key using the obtained service key to obtain the content secret. Key, and sending the obtained content key to the transceiver unit;

收发单元，用于接收来自智能卡的内容密钥以及广播下发的加密后的内容，并使用收到的内容密钥对收到的加密后的内容进行解密获得内容明文。 The transceiver unit is configured to receive the content key from the smart card and the encrypted content delivered by the broadcast, and decrypt the received encrypted content by using the received content key to obtain the content plaintext.

所述智能卡包括用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，其中，用户密钥管理模块，用于管理用户密钥； The smart card includes a user key management module, a service key management module, and a content key decryption module, where a user key management module, configured to manage a user key;

业务密钥管理模块，用于接收点对点下发的业务密钥消息，从用户密钥管理模块获取用户密钥，使用用户密钥对收到的业务密钥消息中携带的加密后业务密钥进行解密获得业务密钥，并将获得的业务密钥发送给内容密钥解密模块； The service key management module is configured to receive the service key message sent by the peer-to-peer, obtain the user key from the user key management module, and use the user key to perform the encrypted service key carried in the received service key message. Decrypting to obtain a service key, and transmitting the obtained service key to the content key decryption module;

授权控制消息解析模块，用于接收广播下发的授权控制消息，从授权控制消息中解析出内容密钥消息，并将解析出的内容密钥消息发送给内容密钥解密模块； The authorization control message parsing module is configured to receive the authorization control message delivered by the broadcast, parse the content key message from the authorization control message, and send the parsed content key message to the content key decryption module;

内容解密模块，用于接收来自内容密钥解密模块的内容密钥以及广播下发的加密后的内容，使用收到的内容密钥对收到的加密后的内容进行解密获得内容明文，并将解密后的内容发送给内容展现模块； a content decryption module, configured to receive the content key from the content key decryption module and the encrypted content delivered by the broadcast, decrypt the received encrypted content using the received content key, and obtain the content plaintext, and The decrypted content is sent to the content presentation module;

所述内容密钥解密模块进一步用于从业务密钥管理模块获取业务密钥有效期，并判断收到的内容密钥消息中携带的内容密钥标识是否在业务密钥有效期内。 The content key decryption module is further configured to obtain a valid period of the service key from the service key management module, and determine whether the content key identifier carried in the received content key message is within the validity period of the service key.

另外，本发明还提供了一种智能卡，包括：用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，其中， In addition, the present invention further provides a smart card, including: a user key management module, a business key management module, and a content key decryption module, wherein

用户密钥管理模块，用于管理用户密钥；业务密钥管理模块，用于接收点对点下发的业务密钥消息，从用户密钥管理模块获取用户密钥，使用用户密钥对收到的业务密钥消息中携带的加密后业务密钥进行解密获得业务密钥，并将获得的业务密钥发送给内容密钥解密模块； a user key management module, configured to manage a user key; The service key management module is configured to receive the service key message sent by the peer-to-peer, obtain the user key from the user key management module, and use the user key to perform the encrypted service key carried in the received service key message. Decrypting to obtain a service key, and transmitting the obtained service key to the content key decryption module;

内容密钥解密模块，用于接收来自业务密钥管理模块的业务密钥以及来自收发单元的内容密钥消息，并使用收到的业务密钥对收到的内容密钥消息中携带的加密后内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元。 a content key decryption module, configured to receive a service key from the service key management module and a content key message from the transceiver unit, and use the received service key to encrypt the received content key message The content key is decrypted to obtain a content key, and the obtained content key is transmitted to the transceiving unit.

由此可见，本发明实施例结合了基于条件接收和 3GPP通用认证框架的手机电视保护技术，通过数字广播网络广播下发内容和内容密钥，通过移动网络点对点下发业务密钥，不仅充分利用了现有移动网络的封闭性和安全性，而且还解决了移动网络带宽有限、提供的频道少、视频质量差等缺点，达到了在尽量降低终端负担的情况下提高业务质量的需求。并且，本发明实施例通过设置业务密钥有效期，还实现了同一个业务中的节目可以被包月和按次消费等各种类型的用户同时接收，提高了业务开展的灵活性。附图简要说明 It can be seen that the embodiment of the present invention combines the mobile phone television protection technology based on the conditional reception and the 3GPP universal authentication framework, and delivers the content and the content key through the digital broadcast network, and delivers the service key through the mobile network point-to-point, which not only fully utilizes The existing mobile network is closed and secure, and it also solves the shortcomings of limited bandwidth of the mobile network, fewer channels provided, and poor video quality, and the need to improve the quality of the service while minimizing the burden on the terminal. Moreover, in the embodiment of the present invention, by setting the validity period of the service key, it is also realized that programs in the same service can be simultaneously received by various types of users, such as monthly subscription and pay-per-view, thereby improving the flexibility of service development. BRIEF DESCRIPTION OF THE DRAWINGS

图 1为现有技术中的条件接收***结构示意图。 FIG. 1 is a schematic structural diagram of a conditional access system in the prior art.

图 2为现有技术中的 GBA初始化流程示意图。 2 is a schematic diagram of a GBA initialization process in the prior art.

图 3为本发明实施例中的手机电视业务保护***结构示意图。 FIG. 3 is a schematic structural diagram of a mobile phone television service protection system according to an embodiment of the present invention.

图 4为本发明实施例中手机电视业务保护***的一种实现结构示意图。图 5为本发明实施例中的完整手机电视***结构示意图。 FIG. 4 is a schematic structural diagram of an implementation of a mobile phone television service protection system according to an embodiment of the present invention. FIG. 5 is a schematic structural diagram of a complete mobile phone television system according to an embodiment of the present invention.

图 6为本发明实施例中的手机电视业务保护方法流程图。图 7为本发明实施例中的 HTTP digest认证过程示意图。 FIG. 6 is a flowchart of a method for protecting a mobile phone television service according to an embodiment of the present invention. FIG. 7 is a schematic diagram of an HTTP digest authentication process according to an embodiment of the present invention.

图 8为本发明实施例中的 CW生效时刻、节目播放时间和时间区间的关系示意图。 FIG. 8 is a schematic diagram showing the relationship between the CW effective time, the program playing time, and the time interval in the embodiment of the present invention.

图 9为本发明实施例中终端进行业务接收的流程图。实施本发明的方式 FIG. 9 is a flowchart of receiving a service by a terminal according to an embodiment of the present invention. Mode for carrying out the invention

为使本发明的目的、技术方案及优点更加清楚明白，下面参照附图并举实施例，对本发明作进一步详细说明。 The present invention will be further described in detail below with reference to the drawings and embodiments.

本发明提供的手机电视业务保护方法的基本思想是：结合基于条件接收和 3GPP通用认证框架的手机电视保护技术，通过数字广播网络广播下发内容和内容密钥，通过移动网络点对点下发业务密钥。 The basic idea of the mobile phone television service protection method provided by the present invention is: combining the mobile phone television protection technology based on the conditional reception and the 3GPP universal authentication framework, broadcasting the content and the content key through the digital broadcast network, and transmitting the business secret through the mobile network point-to-point key.

也就是说，手机电视服务器使用内容密钥对广播内容进行加密，使用业务密钥对内容密钥进行加密，使用用户密钥对业务密钥进行加密，并通过广播通道广播下发加密后的内容和内容密钥，通过点对点通道向终端下发加密后的业务密钥；终端使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并使用获得的内容密钥对加密后的内容进行解密获得内容。 That is, the mobile TV server encrypts the broadcast content using the content key, encrypts the content key using the service key, encrypts the service key using the user key, and broadcasts the encrypted content through the broadcast channel. And the content key, the encrypted service key is sent to the terminal through the peer-to-peer channel; the terminal decrypts the received encrypted service key by using the user key to obtain the service key, and uses the obtained service key pair to receive The encrypted content key is decrypted to obtain a content key, and the encrypted content is decrypted using the obtained content key to obtain the content.

对应所提供的手机电视业务保护方法，本发明还提供了一种手机电视业务保护***，参见图 3所示，该***包括手机电视服务器和手机电视终端。 Corresponding to the provided mobile TV service protection method, the present invention also provides a mobile TV service protection system. As shown in FIG. 3, the system includes a mobile TV server and a mobile TV terminal.

手机电视服务器包括加扰器和密钥管理单元，其中，加扰器，用于生成内容密钥，将生成的内容密钥发送给密钥管理单元，并使用内容密钥对广播内容进行加密，通过广播通道广播下发加密后的内容；密钥管理单元，用于管理用户密钥和业务密钥，使用用户密钥对业务密钥进行加密，通过点对点通道将加密后的业务密钥发送给终端，并用于接收来自加扰器的内容密钥，使用业务密钥对内容密钥进行加密，通过广播通道广播下发加密后的内容密钥。终端包括智能卡和收发单元，其中，智能卡，用于管理用户密钥，并用于接收来自手机电视服务器的加密后的业务密钥，使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，并用于接收来自手机电视服务器的加密后的内容密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元；收发单元，用于接收来自智能卡的内容密钥以及来自手机电视服务器的加密后的内容，并使用收到的内容密钥对收到的加密后的内容进行解密获得内容明文。 The mobile TV server includes a scrambler and a key management unit, wherein the scrambler is configured to generate a content key, send the generated content key to the key management unit, and encrypt the broadcast content by using the content key, The encrypted content is broadcasted through the broadcast channel; the key management unit is configured to manage the user key and the service key, encrypt the service key by using the user key, and send the encrypted service key to the encrypted service key through the peer-to-peer channel The terminal is configured to receive the content key from the scrambler, encrypt the content key by using the service key, and broadcast the encrypted content key through the broadcast channel. The terminal includes a smart card and a transceiver unit, wherein the smart card is configured to manage the user key, and is configured to receive the encrypted service key from the mobile phone television server, and decrypt the received encrypted service key by using the user key. a service key, and configured to receive the encrypted content key from the mobile TV server, decrypt the received encrypted content key using the obtained service key, obtain the content key, and send the obtained content key The transceiver unit is configured to receive the content key from the smart card and the encrypted content from the mobile TV server, and decrypt the received encrypted content using the received content key to obtain the content plaintext.

关于图 3提供的手机电视服务器和终端的具体实现结构可参见图 4所示，其中，加扰器包括控制字生成器和内容加密模块；密钥管理单元包括用户密钥管理模块、业务密钥管理模块、内容密钥消息生成模块和授权控制消息生成器 ECMG; 智能卡包括用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，收发单元包括授权控制消息解析模块 EECM、内容解密模块和内容展现模块。关于各个模块的功能以及相互之间的连接关系，后续将结合方法进行详细阐述。 For a specific implementation structure of the mobile TV server and the terminal provided in FIG. 3, reference may be made to FIG. 4, wherein the scrambler includes a control word generator and a content encryption module; the key management unit includes a user key management module and a service key. The management module, the content key message generating module and the authorization control message generator ECMG; the smart card comprises a user key management module, a service key management module and a content key decryption module, and the transceiver unit comprises an authorization control message parsing module EECM, a content decryption module And content presentation module. The functions of each module and the connection relationship between them will be elaborated in the following.

并且，本发明还提供了一种手机电视服务器和手机电视终端，其结构分别与图 3中的服务器和终端一致，具体实现可分别与图 4中的服务器和终端一致，这里不再一一赘述。另外，本发明还提供了一种智能卡，其结构与图 4中的智能卡一致，这里也不再赘述。 The present invention also provides a mobile phone television server and a mobile phone television terminal, the structure of which is identical to the server and the terminal in FIG. 3, and the specific implementation can be consistent with the server and the terminal in FIG. 4, respectively. . In addition, the present invention also provides a smart card, the structure of which is the same as that of the smart card in FIG. 4, and details are not described herein again.

在实际的手机电视业务运营过程中，要构成完整的手机电视***，除了具备上述基本的逻辑实体之外，可能还包括其它的一些逻辑实体，比如，参见图 5所示，手机电视服务器除了包括密钥管理单元和加扰器之外，还包括业务逻辑处理模块、业务管理模块、订购关系管理模块、复用器及其它功能模块； BSF是移动网络标准件；内容源为内容提供商。 In the actual mobile TV service operation process, to form a complete mobile TV system, in addition to the above basic logical entities, there may be other logical entities, for example, as shown in Figure 5, the mobile TV server includes In addition to the key management unit and the scrambler, the business logic processing module, the service management module, the order relationship management module, the multiplexer and other functional modules are included; the BSF is a mobile network standard component; the content source is a content provider.

其中，业务逻辑处理模块相当于手机电视服务器的调度模块，负责接收及处理用户的请求，协同各个功能模块之间的工作；业务管理模块的功能主要是管理服务商提供的每一个业务，如维护业务名称，业务定价，订购方式限定，计费周期控制等；订购关系管理模块主要用来管理用户的订购关系；复用器主要用于接收来自加扰器的数据流，并将这些流复用后发送出去；其它功能模块可能包括计费实体、数据库等。 The service logic processing module is equivalent to the scheduling module of the mobile TV server, and is responsible for receiving and processing the user's request, and cooperating with the work between the various functional modules; If the management service provider provides each service, such as maintenance service name, service pricing, subscription mode limitation, billing cycle control, etc.; the order relationship management module is mainly used to manage the user's subscription relationship; the multiplexer is mainly used to receive from the plus The data stream of the scrambler is multiplexed and sent out; other functional modules may include billing entities, databases, and the like.

为便于理解，下面结合图 3、图 4及图 5对本发明提供的手机电视业务保护方法进行详细说明，参见图 6所示，该方法主要包括以下步骤： For ease of understanding, the mobile phone service protection method provided by the present invention is described in detail below with reference to FIG. 3, FIG. 4 and FIG. 5. Referring to FIG. 6, the method mainly includes the following steps:

步骤 601: 终端和 BSF协商 GBA共享密钥，其具体操作与现有的 GBA 初始化过程一致，这里不再赘述。 Step 601: The terminal and the BSF negotiate the GBA shared key, and the specific operation is consistent with the existing GBA initialization process, and details are not described herein again.

步骤 602: 用户操作终端向手机电视服务器发送业务订购请求。 Step 602: The user operates the terminal to send a service subscription request to the mobile TV server.

业务订购请求中包括业务标识 ServicelD, 可能还包括订购日期、订购类型等信息。 The service order request includes the service identifier ServicelD, which may also include information such as the order date and order type.

手机电视服务器会为每个业务都配置一个业务密钥 MSK,并保存业务与业务密钥的对应关系 <ServiceID, MSK_ID >, MSK_ID是业务密钥标识。配置业务密钥及所述对应关系的保存可由手机电视服务器的业务密钥管理模块完成。 The mobile TV server configures a service key MSK for each service and stores the correspondence between the service and the service key <ServiceID, MSK_ID >, and the MSK_ID is the service key identifier. The configuration of the service key and the preservation of the correspondence may be performed by a service key management module of the mobile TV server.

步骤 603: 手机电视服务器收到终端发起的业务订购请求后，对用户进行基于 GBA共享密钥的 HTTP digest认证，若认证通过，则执行步骤 604; 否则，手机电视服务器拒绝进行业务处理，结束本流程。 Step 603: After receiving the service subscription request initiated by the terminal, the mobile TV server performs HTTP digest authentication based on the GBA shared key. If the authentication passes, step 604 is performed; otherwise, the mobile TV server refuses to perform service processing, and ends the present. Process.

步骤 604: 手机电视服务器根据收到的业务订购请求为用户创建订购关系。 Step 604: The mobile TV server creates a subscription relationship for the user according to the received service subscription request.

比如，创建的订购关系为： <用户标识，业务标识，订购类型，订购日期〉，用户的订购关系由订购关系管理模块负责保存。 For example, the created subscription relationship is: <user identification, business identification, order type, order date>, and the user's subscription relationship is saved by the subscription relationship management module.

为便于后续流程的描述，下面先对手机电视服务器侧的数据下发过程进行筒要说明。 In order to facilitate the description of the subsequent process, the following is a description of the data delivery process on the mobile TV server side.

加扰器中的控制字生成器在生成内容密钥 CW后，将生成的内容密钥发送给内容密钥消息生成模块和内容加密模块；内容加密模块使用收到的来自控制字生成器的内容密钥对广播内容节目流进行加密，并通过广播通道广播下发加密后的内容；内容密钥消息生成模块使用从业务密钥管理模块获取的业务密钥对收到的来自控制字生成器的内容密钥进行加密，生成包括加密后内容密钥的内容密钥消息，并将内容密钥消息发送给授权控制消息生成器The control word generator in the scrambler sends the generated content key after generating the content key CW And sending a content key message generating module and a content encryption module; the content encryption module encrypts the broadcast content program stream by using the received content key from the control word generator, and broadcasts the encrypted content through the broadcast channel; The key message generating module encrypts the received content key from the control word generator using the service key acquired from the service key management module, generates a content key message including the encrypted content key, and encrypts the content Key message is sent to the authorization control message generator

ECMG; 授权控制消息生成器将来自内容密钥消息生成模块的内容密钥消息进一步打包，生成授权控制消息 ECM,并将生成的 ECM消息发送给加扰器；加扰器通过广播通道广播下发收到的来自授权控制消息生成器的 ECM消息。 The ECMG; the authorization control message generator further packages the content key message from the content key message generating module, generates an authorization control message ECM, and sends the generated ECM message to the scrambler; the scrambler broadcasts the broadcast through the broadcast channel Received an ECM message from the Authorization Control Message Generator.

步骤 605: 终端接收手机电视服务器下发的加密后的内容及 ECM消息，如果发现没有解密内容密钥的业务密钥，则从 ECM消息中提取 MSK_ID, 生成业务密钥请求消息，并发送给手机电视服务器，请求获取业务密钥，业务密钥请求消息中可能包括 GBA共享密钥等相关安全参数。 Step 605: The terminal receives the encrypted content and the ECM message delivered by the mobile TV server. If the service key of the content key is not decrypted, the MSK_ID is extracted from the ECM message, and a service key request message is generated and sent to the mobile phone. The TV server requests to obtain a service key, and the service key request message may include related security parameters such as a GBA shared key.

步骤 606: 手机电视服务器收到终端发送来的业务密钥请求后，对终端进行基于 GBA共享密钥的 HTTP digest认证，若认证通过，则执行步骤 607; 否则，结束本流程的处理。 Step 606: After receiving the service key request sent by the terminal, the mobile TV server performs HTTP digest authentication based on the GBA shared key on the terminal. If the authentication passes, step 607 is performed; otherwise, the process of the process ends.

此处的 HTTP digest认证过程与图 7基本一致，主要由手机电视服务器的用户密钥管理模块完成，区别在于，图 7中提到的业务订购请求在这里变更为业务密钥请求，关于认证的具体过程，这里不再——赘述。 The HTTP digest authentication process here is basically the same as that of FIG. 7, and is mainly completed by the user key management module of the mobile TV server. The difference is that the service subscription request mentioned in FIG. 7 is changed here as a service key request, regarding the authentication. The specific process, here is no longer - repeat.

步骤 607: 手机电视服务器查找终端所请求的 MSK_ID所对应的业务密钥，并使用 GBA共享密钥 MUK对业务密钥进行加密，再生成业务密钥消息，然后将生成的业务密钥消息通过移动网络点对点下发给终端。 Step 607: The mobile TV server searches for the service key corresponding to the MSK_ID requested by the terminal, encrypts the service key by using the GBA shared key MUK, generates a service key message, and then moves the generated service key message by moving. The network is sent to the terminal point-to-point.

另外，为满足灵活开展业务的需要，还可在业务密钥消息中携带业务密钥有效期，具体过程如下： In addition, in order to meet the needs of flexible service development, the service key validity period can also be carried in the service key message, as follows:

认证通过后，用户密钥管理模块将用户认证通过结果反馈给业务逻辑处理模块；业务逻辑处理模块收到认证通过结果后，向订购关系管理模块查询该用户的订购关系，获得用户订购关系后，业务逻辑处理模块将订购关系发送给业务密钥管理模块，请求业务密钥管理模块为用户生成并发送业务密钥消息；业务密钥管理模块取得先前生成并由自己维护的 MSK_ID所对应的业务密钥，并在获得订购关系后，根据订购关系确定业务密钥有效期，并向用户密钥管理模块请求 GBA共享密钥 MUK, 使用 MUK加密业务密钥，再生成业务密钥消息，加密时遵循 MIKEY协议（参考 RFC3830 )规定的加密方法， MUK作为 MIKEY协议中描述的 pre-shared-key, 然后，业务密钥管理模块通过移动网络将生成的业务密钥消息点对点下发给终端。 After the authentication is passed, the user key management module feeds back the user authentication result to the business logic processing module; after receiving the authentication and passing the result, the business logic processing module queries the subscription relationship management module. After the user's subscription relationship is obtained, the service logic processing module sends the subscription relationship to the service key management module, requesting the service key management module to generate and send a service key message for the user; the service key management module obtains the previous Generate the service key corresponding to the MSK_ID maintained by itself, and after obtaining the subscription relationship, determine the validity period of the service key according to the subscription relationship, and request the GBA shared key MUK from the user key management module, and use the MUK to encrypt the service key. Regenerate the service key message. The encryption follows the encryption method specified by the MIKEY protocol (refer to RFC3830). MUK is the pre-shared-key described in the MIKEY protocol. Then, the service key management module generates the confidential service through the mobile network. The key message is sent to the terminal point-to-point.

步骤 608: 终端收到业务密钥消息后，使用 GBA共享密钥 MUK对收到的业务密钥消息中携带的加密后的业务密钥进行解密，获得业务密钥并保存。 Step 608: After receiving the service key message, the terminal decrypts the encrypted service key carried in the received service key message by using the GBA shared key MUK to obtain the service key and save it.

步骤 608的具体过程如下：终端的收发单元收到业务密钥消息后，将收到的业务密钥消息发送给智能卡中的业务密钥管理模块，业务密钥管理模块从终端的用户密钥管理模块获取 GBA共享密钥 MUK, 并使用 GBA共享密钥 MUK对收到的业务密钥消息中携带的加密后的业务密钥进行解密，获得业务密钥并保存，如果业务密钥消息中包括业务密钥有效期信息，业务密钥管理模块则同时保存该业务密钥有效期。 The specific process of step 608 is as follows: After receiving the service key message, the transceiver unit of the terminal sends the received service key message to the service key management module in the smart card, and the service key management module manages the user key from the terminal. The module obtains the GBA shared key MUK, and uses the GBA shared key MUK to decrypt the encrypted service key carried in the received service key message, obtains the service key and saves it, if the service key message includes the service The key validity period information, the service key management module saves the service key validity period at the same time.

步骤 609:终端收到 ECM消息后，从 ECM消息中解析出内容密钥消息，并使用获得的业务密钥对内容密钥消息中携带的加密后的内容密钥进行解密，获得内容密钥。 Step 609: After receiving the ECM message, the terminal parses the content key message from the ECM message, and decrypts the encrypted content key carried in the content key message by using the obtained service key to obtain the content key.

步骤 610: 终端使用获得的内容密钥对收到的加密后的内容进行解密，获得内容明文，从而实现了订购的业务的收看。 Step 610: The terminal decrypts the received encrypted content by using the obtained content key, and obtains the plaintext of the content, thereby realizing the viewing of the subscribed service.

其中，步骤 603所述 HTTP digest认证的过程主要由手机电视服务器的用户密钥管理模块完成，其具体过程参见图 7所示，主要包括以下步骤：步骤 701: 终端向手机电视服务器发送业务订购请求。 The process of the HTTP digest authentication in step 603 is mainly performed by the user key management module of the mobile phone television server. The specific process is shown in FIG. 7 , and the method mainly includes the following steps: Step 701: The terminal sends a service subscription request to the mobile TV server. .

业务订购请求中可能包括 GBA共享密钥等相关安全参数，如 B-TID以及使用 MD5 算法生成的哈希 hash 值 response , 其中， response = MD5 [MD5(username:realm:password):nonce:nc:cnonce:qop:MD5(method:URI)] , response参数是服务器认证用户的依据，其生成时使用 B-TID作为 username, 使用 MRK作为 password, response参数的具体计算方法及其它参数的说明详请参考 IETF制定的标准规范 rfc 2617: HTTP Authentication: Basic and Digest Access Authentication , 这里不再一一详述。 The service subscription request may include related security parameters such as GBA shared key, such as B-TID. And the hash hash value response generated by the MD5 algorithm, where response = MD5 [MD5(username:realm:password):nonce:nc:cnonce:qop:MD5(method:URI)] , the response parameter is the server authentication user According to the definition, the B-TID is used as the username, the MRK is used as the password, the specific calculation method of the response parameter and the description of other parameters are detailed in the standard specification rfc 2617: HTTP Authentication: Basic and Digest Access Authentication. More details.

步骤 702: 手机电视服务器中的业务逻辑处理模块收到终端发送来的业务订购请求后，将收到的业务订购请求发送给用户密钥管理模块，用户密钥管理模块判断收到的业务订购请求中是否已经包括 GBA共享密钥等相关安全参数，如果是，则执行步骤 706; 否则，执行步骤 703。 Step 702: After receiving the service subscription request sent by the terminal, the service logic processing module in the mobile TV server sends the received service subscription request to the user key management module, and the user key management module determines the received service subscription request. Whether the relevant security parameters such as the GBA shared key have been included, and if yes, step 706 is performed; otherwise, step 703 is performed.

步骤 703: 如果业务订购请求中不包括这些参数，导致认证失败，而用户密钥管理模块从业务订购请求中的客户端软件信息中发现终端支持基于 GBA共享密钥的 HTTP digest认证，则用户密钥管理模块向终端返回未授权响应消息，要求终端使用基于 GBA共享密钥的 HTTP digest认证机制重新进行认证。 Step 703: If the service subscription request does not include the parameters, the authentication fails, and the user key management module finds that the terminal supports the HTTP digest authentication based on the GBA shared key from the client software information in the service subscription request, and the user is secret. The key management module returns an unauthorized response message to the terminal, requesting the terminal to re-authenticate using the HTTP digest authentication mechanism based on the GBA shared key.

步骤 704: 终端收到未授权响应消息后，重新生成业务订购请求，该请求消息的认证 ( Authorization )头部分遵守 HTTP digest中的规定，其中包含参数 B-TID及 response Step 704: After receiving the unauthorized response message, the terminal regenerates the service subscription request, and the authorization (Authentication) header part of the request message complies with the HTTP digest specification, where the parameter includes the B-TID and the response.

步骤 705: 终端向手机电视服务器发送步骤 704中重新生成的业务订购请求。 Step 705: The terminal sends the service subscription request regenerated in step 704 to the mobile TV server.

步骤 706: 手机电视服务器的用户密钥管理模块收到业务订购请求后，根据其中携带的 B-TID找到对应的 MRK, 并使用与步骤 701 中所述终端生成 response相同的机制生成一个 response„ Step 706: After receiving the service subscription request, the user key management module of the mobile TV server finds the corresponding MRK according to the B-TID carried therein, and generates a response by using the same mechanism as the terminal generation response described in step 701.

如果用户密钥管理模块在自身保存的数据中没有找到 B-TID对应的用户密钥（MUK、 MRK等），或者保存的用户密钥已经过期，则用户密钥管理模块向 BSF发送获取新的用户密钥的请求，以获取用户密钥，该请求中包括If the user key management module does not find the user key (MUK, MRK, etc.) corresponding to the B-TID in the data saved by itself, or the saved user key has expired, the user key management mode The block sends a request for acquiring a new user key to the BSF to obtain a user key, and the request includes

B-TID , 以便 BSF寻找对应的用户密钥。 B-TID, so that the BSF looks for the corresponding user key.

BSF是一个标准件，用户密钥管理模块和 BSF之间接口的设计只要遵循 3GPP标准组织制定标准规范 3GPP TS 24.109 V7.1.0 ： Bootstrapping interface ( Ub ) and network application function interface ( Ua ) 中描述的应用服务器 BSF is a standard component. The design of the interface between the user key management module and the BSF is as follows: 3GPP TS 24.109 V7.1.0: Application described in Bootstrapping interface ( Ub ) and network application function interface ( Ua ) server

( NAF )和 BSF之间的接口，用户密钥管理模块就可以和 BSF进行通信。用户密钥管理模块保存的 GBA共享密钥在后续的业务流程中用于鉴权或者加密业务密钥。 The interface between the (NAF) and the BSF, the user key management module can communicate with the BSF. The GBA shared key saved by the user key management module is used to authenticate or encrypt the service key in subsequent business processes.

步骤 707 : 业务密钥管理模块判断生成的 response 和终端发送来的 response是否相同，如果相同，则说明终端保存的 B-TID、 MRK和用户密钥管理模块维护的 B-TID、 MRK相同，该用户合法，认证通过，执行步骤 708; 否则，说明该终端为非法终端，业务密钥管理模块拒绝为该终端进行业务处理，结束本流程。 Step 707: The service key management module determines whether the generated response is the same as the response sent by the terminal. If they are the same, the B-TID and the MRK saved by the terminal are the same as the B-TID and MRK maintained by the user key management module. If the user is authenticated, the authentication is passed, and step 708 is performed; otherwise, the terminal is an illegal terminal, and the service key management module refuses to perform service processing for the terminal, and the process ends.

用户密钥管理模块对用户的认证通过后，订购关系管理模块就要为该用户生成订购关系并保存。 After the user key management module passes the authentication of the user, the order relationship management module generates a subscription relationship for the user and saves it.

步骤 708: 用户密钥管理模块向终端返回认证成功响应消息，该消息包括 Authenticate-info头、 response-auth参数。 Step 708: The user key management module returns an authentication success response message to the terminal, where the message includes an Authenticate-info header and a response-auth parameter.

步骤 709：终端对收到的认证成功响应消息进行认证，即脸证 response-auth参数，具体验证方法详请参考 rfc 2617标准规范，这里不再赘述。该步骤可选。 Step 709: The terminal authenticates the received authentication success response message, that is, the face response-auth parameter. For details of the verification method, refer to the rfc 2617 standard specification, which is not described here. This step is optional.

其中，在步骤 708中，用户密钥管理模块还可以将业务密钥携带在认证成功响应消息中发送给终端，这样，终端在解密订购的业务时，就可以不用再向手机电视服务器请求业务密钥。业务密钥通过移动网络点对点下发，且下发之前使用 MUK进行加密，具体加密方式参考 IETF标准文档 rfc 3830 MIKEY: Multimedia Internet KEYing , MUK 将作为该标准中描述的 pre- shared-key使用。 In step 708, the user key management module may further send the service key to the terminal in the authentication success response message, so that when the terminal decrypts the subscribed service, the terminal may not need to request the service confidentiality from the mobile TV server. key. The service key is delivered to the point-to-point through the mobile network, and is encrypted by MUK before being sent. For the specific encryption method, refer to the IETF standard document rfc 3830 MIKEY: Multimedia Internet KEYing, MUK will be described in the standard. Pre-shared-key is used.

关于上述业务密钥有效期，是指业务密钥可以解密内容密钥的使用时间，业务密钥管理模块可以通过设置业务密钥有效期来控制业务密钥的使用期限，业务密钥有效期在业务密钥下发时设置，随同业务密钥消息一起下发。一个业务密钥有效期的长短与该业务密钥将用来解密同一个业务中的节目数量有关，如果一个业务密钥用来解密整个业务的所有节目，则该业务密钥的有效期就需要覆盖该业务所有节目的播出时间；如果一个业务密钥只用来解密该业务中的一个节目，则该业务密钥的有效期就是该节目预定播出的持续时间段。这样配置的原因就是考虑到了业务开展时，包月业务中的节目也可以同时提供给用户按次消费（ pay-per-view )。 The service key validity period refers to the usage time of the service key to decrypt the content key, and the service key management module can control the service key usage period by setting the service key validity period, and the service key validity period is in the service key. Set when it is delivered, and it is delivered along with the service key message. The length of a service key validity period is related to the number of programs that the service key will be used to decrypt the same service. If a service key is used to decrypt all programs of the entire service, the validity period of the service key needs to be overwritten. Broadcast time of all programs of the service; If a service key is only used to decrypt one program in the service, the validity period of the service key is the duration of the scheduled broadcast of the program. The reason for this configuration is that when the business is launched, the programs in the monthly business can also be provided to the user for pay-per-view.

业务密钥有效期可以使用绝对时间表示，如果一个业务密钥用来解密所有计费周期内的节目，则该业务密钥的有效期范围为<计费周期开始时刻，计费周期结束时刻〉，比如一个业务密钥的有效期范围为 <20060801000000, 20060831235959〉，则表示该业务密钥在 2006年 8月 1 日 0点整生效，至 2006 年 8月 31 日 24点整失效，也就是说这个密钥可以解密 06年 8月 1 日零点至 06年 8月 31 日 24点之间属于该业务的所有节目。如果一个业务密钥用来解密一个业务中的一个节目，即按次消费的情况，则业务密钥的有效期范围为 <订购节目开始时刻，订购节目结束时刻〉。 The service key validity period can be expressed in absolute time. If a service key is used to decrypt programs in all charging periods, the validity period of the service key ranges from <the billing period start time and the billing period end time>, for example. The validity period of a service key is <20060801000000, 20060831235959>, which means that the service key takes effect at 0:00 on August 1, 2006, and expires at 4:00 on August 31, 2006. It is possible to decrypt all programs belonging to the business between 0:00 on August 1, 2006 and 24 o'clock on August 31, 2006. If a service key is used to decrypt a program in a service, that is, in the case of pay-per-view, the validity period of the service key is <order start time, order end time>.

当终端试图使用业务密钥解密内容密钥时，需要判断当前时刻是否在该业务密钥有效期的范围内，如果不在业务密钥有效期范围内，则智能卡拒绝解密内容密钥，并停止处理解密过程，内容的解密解码也将终止。这种方式的安全性需要终端和手机电视服务器之间的时间同步机制来保证，已有的同步机制可以由 3G移动网络提供。 When the terminal attempts to decrypt the content key by using the service key, it is required to determine whether the current time is within the validity period of the service key. If it is not within the validity period of the service key, the smart card refuses to decrypt the content key and stops processing the decryption process. The decryption decoding of the content will also terminate. The security of this approach requires a time synchronization mechanism between the terminal and the mobile TV server to ensure that the existing synchronization mechanism can be provided by the 3G mobile network.

另一种设置业务密钥有效期的方法是将有效期对应到 MTK_ID区间上， MTK_ID是一组递增的序列号，具体做法如下：由业务管理模块确定计费周期的持续时间长度；由加扰器确定内容密钥 CW的加密周期，并通知业务密钥管理模块， CW的加密周期就是每个 CW将用来加密多长时间的内容；业务密钥管理模块使用 CW的加密周期把计费周期划分为多个时间区间。 Another way to set the validity period of the service key is to match the validity period to the MTK_ID interval, and the MTK_ID is a set of incremental sequence numbers, as follows: The billing week is determined by the service management module. The duration of the period; the encryption period of the content key CW is determined by the scrambler, and the service key management module is notified, and the encryption period of the CW is the content that each CW will be used to encrypt; the service key management module The charging period is divided into a plurality of time intervals using the encryption period of the CW.

由于在加扰器加密内容时并非能够做到每个 CW的加密周期正好对应一个终端上的时间区间，因此业务密钥有效期生成规则如下： Since the encryption period of each CW does not correspond to the time interval on one terminal when the content is encrypted by the scrambler, the service key validity period generation rule is as follows:

业务密钥有效期开始时刻 =节目开始时刻所在时间区间的下限；业务密钥有效期结束时刻 =节目终止时刻所在时间区间的上限。 Service key validity period start time = lower limit of the time zone in which the program start time is located; service key validity period end time = upper limit of the time zone in which the program termination time is located.

如果业务密钥是解密整个计费周期内的节目的，则 If the service key is to decrypt the program during the entire billing period, then

业务密钥有效期开始时刻 =计费周期开始时刻； Service key validity period start time = billing cycle start time;

业务密钥有效期结束时刻 =计费周期结束时刻。 End of service key validity period = end of billing period.

加扰器生成 CW后，需要确定 CW的生效时刻 CW_ID, 即加扰器用该 CW加密内容的开始时刻，然后，加扰器将 CW_ID随 CW—起发送给内容密钥消息生成模块，内容密钥消息生成模块根据 CWJD生成内容密钥标识 MTK_ID。其中， MTK_ID 除了用于终端解密内容时根据这个标识查找对应的内容密钥 CW之外，还用于智能卡判断所保存业务密钥能否解密该标识对应的内容密钥，也就是说，判断 MTK_ID是否在业务密钥有效期范围内，如果在，智能卡则使用业务密钥解密内容密钥；如果不在，智能卡则终止解密过程。 After the scrambler generates the CW, it is necessary to determine the CW_ID of the CW, that is, the start time of the content encrypted by the scrambler with the CW, and then the scrambler sends the CW_ID along with the CW to the content key message generating module, the content key. The message generation module generates a content key identifier MTK_ID according to the CWJD. The MTK_ID is used by the smart card to determine whether the stored service key can decrypt the content key corresponding to the identifier, in addition to searching for the corresponding content key CW according to the identifier, for example, determining the MTK_ID. Whether it is within the validity period of the service key, if it is, the smart card uses the service key to decrypt the content key; if not, the smart card terminates the decryption process.

其中， CW_ID是一个 UTC时间信息，加扰器可以根据节目的编排及 CW 的加密周期计算出每个 CW的生效时刻。由于每一个节目的播出时间都是预先编排的，因此可以根据节目的播放开始时间和结束时间计算得到节目持续时间，且由于 CW的加密周期是可以设定的，因此每一个节目播放时将使用多少 CW来加密可以通过节目持续时间除以 CW加密周期计算获得。对于一个编排好的节目，将被用来加密它的第一个 CW的生效时刻就是节目开始播出的时刻，其他的 CW的生效时刻就是在前一个 CW的生效时刻的基础上累加一个 CW加密周期即可，即 " 二 ⁷^- i ^{+ CW}加密周期，其中， " = 2， 3， 4"··， «表示第 "个 cw的生效时刻， =节目开始时刻。需要说明的是，由于 CW 生效时刻是一个 UTC 时间，而 CW 的加密周期是按秒计算的，因此The CW_ID is a UTC time information, and the scrambler can calculate the effective time of each CW according to the programming of the program and the encryption period of the CW. Since the broadcast time of each program is pre-arranged, the program duration can be calculated according to the play start time and end time of the program, and since the CW encryption period can be set, each program will be played. How many CWs are used for encryption can be obtained by dividing the program duration by the CW encryption period. For a programmed program, the first CW that will be used to encrypt it is the moment when the program starts to air. The other CW's effective moment is based on the effective time of the previous CW. Add a CW encryption cycle, that is, "two ⁷ ^- i ^{+ CW} encryption cycle, where, " = 2, 3, 4"··, « denotes the effective time of the first cw, = program start time. It should be noted that since the CW effective time is a UTC time, and the CW encryption period is calculated in seconds,

^Γ» ^{= 7}^ ^{+ CW}加密周期只是一个示意性的公式， 1 ^{+ CW}加密周期这部分需要进行标准时间的转换。 ^Γ » ^{= 7} ^ ^{+ The CW} encryption cycle is just an illustrative formula. The 1 ^{+ CW} encryption cycle requires a standard time conversion.

另外，根据 CW_ID生成 MTK_ID的方法也有很多种，比如，直接使用 CW_ID作为 MTK_ID; 或者，使用 CW_ID转换后的形式作为 MTK_ID, 如内容密钥消息生成模块接收到加扰器发来的 CW及 CW_ID后，判断 CW生效时刻是在哪个时间区间内，然后使用所在时间区间的上限值作为 MTK_ID, 即 MTK_ID = CW生效时刻所在时间区间的上限值。 In addition, there are many methods for generating the MTK_ID according to the CW_ID, for example, directly using the CW_ID as the MTK_ID; or, using the CW_ID converted form as the MTK_ID, such as after the content key message generation module receives the CW and CW_ID sent by the scrambler. In which time interval the CW is valid, and then use the upper limit of the time interval as the MTK_ID, that is, the upper limit of the time interval in which the MTK_ID = CW effective time.

图 8所示为 CW生效时刻、节目播放时间和时间区间的关系示意图，其中，第一条线表示每个 CW的生效时刻，第二条线表示节目播放时间，第三条线表示时间区间，可见，第二个 CW的生效时刻点位于 tl、 t2两个时间点之间，即位于整个计费周期的第二时间区间内，因此可取 MTK_ID=2, 类似的还可以确定其它 MTK_ID。图 8中的节目播放时间从第二时间区间开始，在第五时间区间结束，为了保证业务密钥能解密所有加密该节目的 CW, 业务密钥有效期为 tl - t5 , 业务密钥能解开 MTK_ID=2、 3、 4、 5的 CW。其中， tl就是节目开始时刻所在区间的下限， t5就是节目结束时刻所在区间的下限。 FIG. 8 is a schematic diagram showing the relationship between the CW effective time, the program playing time, and the time interval. The first line indicates the effective time of each CW, the second line indicates the program playing time, and the third line indicates the time interval. It can be seen that the effective time point of the second CW is located between two time points of t1 and t2, that is, in the second time interval of the entire billing period, so MTK_ID=2 can be taken, and similarly, other MTK_IDs can be determined. The program play time in FIG. 8 starts from the second time interval and ends in the fifth time interval. In order to ensure that the service key can decrypt all CWs that encrypt the program, the service key is valid for tl - t5 , and the service key can be unlocked. MTK_ID = CW of 2, 3, 4, 5. Among them, tl is the lower limit of the interval where the program starts, and t5 is the lower limit of the interval where the program ends.

业务密钥下发前需要生成业务密钥消息，参见表 1所示的业务密钥消息格式，可以使用 IETF标准组织建议 rfc 3830 MIKEY协议中描述的方式封装密钥及相关参数，关于业务密钥消息的组织结构详细说明可以参考 rfc 3830 标准文档，这里仅对本发明相关的数据域进行重点说明。

A service key message needs to be generated before the service key is sent. See the service key message format shown in Table 1. The key and related parameters can be encapsulated in the manner described in the IETF standard organization recommendation rfc 3830 MIKEY protocol. For a detailed description of the organization of the message, reference may be made to the rfc 3830 standard document, and only the data fields related to the present invention will be highlighted here.

表 1 Table 1

Common HDR: 每个 MIKEY消息必要的通用消息头； Common HDR: a common header for each MIKEY message;

MSK_ID: 此域是对 MIKEY协议的扩展，其中放置业务密钥标识； TS: Time Stamp, 时间戳，用于防止重放攻击和防止重复接收 MIKEY 消息； MSK_ID: This field is an extension of the MIKEY protocol, in which the service key identifier is placed; TS: Time Stamp, timestamp, used to prevent replay attacks and prevent repeated reception of MIKEY messages;

MIKEY RAND:一个业务密钥模块随机数，用于结合 KEMAC中密钥数据生成加密密钥和险证密钥； MIKEY RAND: a service key module random number used to generate an encryption key and a risk key in combination with the key data in the KEMAC;

IDi: 消息发送者 ID; IDi: message sender ID;

IDr: 消息接受者 ID; IDr: message recipient ID;

KEMAC: 其中放置业务密钥、业务密钥有效期及本业务密钥消息的验证码。 KEMAC通常放置在整个 MIKEY消息的最后一个域，其结构如表 2 所示： KEMAC: The authentication code in which the service key, the service key validity period, and the service key message are placed. The KEMAC is usually placed in the last field of the entire MIKEY message, and its structure is shown in Table 2:

0 1. 2 3 4 5 6 7 S S 0 1 2 .3 4 5 6 7 8 Si 0 1 2 3 4 5 e 7 8 & 0 1 0 1. 2 3 4 5 6 7 S S 0 1 2 .3 4 5 6 7 8 Si 0 1 2 3 4 5 e 7 8 & 0 1

~ii E E J- - + - + - H 1 1 h - + - H \ ί ^ Η 1 ί Ϊ Ϊ i j- - + - 1 1 1 1 "一 H 1 \ \ h~ii E E J- - + - + - H 1 1 h - + - H \ ί ^ Η 1 ί Ϊ Ϊ i j- - + - 1 1 1 1 "One H 1 \ \ h

I l i^t pay load i En alg I Enc:r dat a len ίI l i^t pay load i En alg I Enc:r dat a len ί

~ii E E j- - + - + - H 1 1 h - + - H \ S ^ H 1 ί i i i j- - + - 1 1 1 1 "一 H 1 \ \ h ί Encr dat a ~ii E E j- - + - + - H 1 1 h - + - H \ S ^ H 1 ί i i i j- - + - 1 1 1 1 "1 H 1 \ \ h ί Encr dat a

I Mac alg i MAC 表 2 I Mac alg i MAC Table 2

Next payload: 指明下一个数据域的载荷，这里也遵从 MIKEY协议； Encr alg: 指明使用的加密算法； Encr data len: 指明加密数据部分的长度； Next payload: indicates the payload of the next data field, which also follows the MIKEY protocol; Encr alg: indicates the encryption algorithm used; Encr data len: indicates the length of the encrypted data portion;

Encr data: 其中放置了加密后的业务密钥、业务密钥有效期及一些相关参数； Encr data: where the encrypted service key, the service key validity period and some related parameters are placed;

Mac alg：指明消息认证算法； Mac alg: specifies the message authentication algorithm;

Mac: 存放业务密钥消息验证码，用于验证本业务密钥消息的完整性， Mac在整个 MIKEY消息封装完后使用 HMAC - SHA - 1算法计算获得，并存放在 Mac域中。 Mac: Stores the service key message verification code, which is used to verify the integrity of the service key message. After the entire MIKEY message is encapsulated, the Mac uses the HMAC-SHA-1 algorithm to calculate and store it in the Mac domain.

其中， Encr data结构如表 3所示： Among them, the Encr data structure is shown in Table 3:

CS 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 & 0 1 2 3 4： 5 « 7 β & 0 1 ί Next Payload i Type ί KV 〗 s，/ data len i CS 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 & 0 1 2 3 4: 5 « 7 β & 0 1 ί Next Payload i Type ί KV 〗 s, / data len i

+■― " +■― "

I ； Key dat I ; Key dat

+■― " +■― "

ί Sal t l<¾ I optional ) ί Sal t data (op ional ) Sal Sal t l<3⁄4 I optional ) ί Sal t data (op ional )

+— _f γ j— ^ )— -¾ 1 1 [ ί 1 i i ί 1 [ \ ί 1 i \ l·— f b '- " 1~— 1 ¾ h ί KY da t a 表 3 +— _f γ j— ^ )— -3⁄4 1 1 [ ί 1 i i ί 1 [ \ ί 1 i \ l·- f b '- " 1~— 1 3⁄4 h ί KY da t a Table 3

Next payload: 指明下一个数据域的载荷； Next payload: indicates the payload of the next data field;

Type: 指明包含的密钥类型，如 Type=2, 表示是一个密钥，这里的类型是 MIKEY协议指定的，具体可以参考 MIKEY协议； Type: Indicates the key type to be included, for example, Type=2, which means that it is a key. The type here is specified by the MIKEY protocol. For details, refer to the MIKEY protocol.

KV: 指明有效期的类型，如 KV=Interval, 表示有效期是一个时间间隔； Key data len: 加密后的密钥数据长度； KV: indicates the type of validity period, such as KV=Interval, indicating that the validity period is a time interval; Key data len: the length of the encrypted key data;

Key data: 加密后的密钥数据，这里包含了加密后的业务密钥； Key data: The encrypted key data, which contains the encrypted service key;

Salt data, Salt len: 可选的随机数及其长度，本发明不需要； Salt data, Salt len: optional random number and its length, which are not required by the present invention;

KV data: 业务密钥有效期，使用一个时间上、下限对构成。 KV data: The validity period of the business key, which is composed of a pair of upper and lower limits.

KV data结构如表 4所示： 0 1 2 3 4 7 8 9 0 1 2 3 4 5 β 7 8 9 Q 1 2 3 4 5 ^ 7 a D 1The KV data structure is shown in Table 4: 0 1 2 3 4 7 8 9 0 1 2 3 4 5 β 7 8 9 Q 1 2 3 4 5 ^ 7 a D 1

I VF Length I Val id From 〜 ί VT Length ί Val id To ( ex ir ee ) 〜 — i 一 " '一 -— \ 一 i —— — 一 1- 表 4 I VF Length I Val id From ~ ί VT Length ί Val id To ( ex ir ee ) ~ — i a " ' one - - \ one i -- one - 1 - 4

VF length: 有效期开始时刻长度； VF length: the length of the start time of the validity period;

Valid From: 有效期开始时刻，如放置业务密钥有效期的时间区间下限值（标准时间格式或序列号形式）； Valid From: The start time of the validity period, such as the lower limit of the time interval in which the service key is valid (standard time format or serial number format);

VT length: 有效期结束时刻长度； VT length: the length of the end of the validity period;

Valid To:有效期结束时刻，如放置业务密钥有效期的时间区间上限值（标准时间格式或序列号形式）。 Valid To: The end of the validity period, such as the upper limit of the time interval in the validity period of the service key (standard time format or serial number format).

终端的收发单元收到手机电视服务器下发的 MIKEY消息后，将收到的 MIKEY消息转发给智能卡；智能卡首先判断收到的 MIKEY消息的类型，如果该 MIKEY消息包括 MSK_ID和 MTK_ID , 则说明该 MIKEY消息是内容密钥消息，如果该 MIKEY消息只包括 MSKJD, 则说明该 MIKEY消息是业务密钥消息，在判断出 MIKEY消息是业务密钥消息后，智能卡利用 IDi、 IDr生成用户密钥标识 MUK_ID, 并提取 KEMAC中的 Mac验证码，进行消息完整性验证，如果验证失败，则智能卡丢弃该消息，并向收发单元返回失败响应，如果验证成功，则智能卡读取 MUK_ID对应的 MUK, 并使用 MUK 解密 KEMAC中的加密后的业务密钥及业务密钥有效期 KV data, 获得 MSK 和业务密钥有效期并关联保存。 After receiving the MIKEY message sent by the mobile TV server, the transceiver unit of the terminal forwards the received MIKEY message to the smart card. The smart card first determines the type of the received MIKEY message. If the MIKEY message includes the MSK_ID and the MTK_ID, the MIKEY is indicated. The message is a content key message. If the MIKEY message includes only the MSKJD, the MIKEY message is a service key message. After determining that the MIKEY message is a service key message, the smart card generates the user key identifier MUK_ID by using the IDi and the IDr. And extracting the Mac verification code in KEMAC to perform message integrity verification. If the verification fails, the smart card discards the message and returns a failure response to the transceiver unit. If the verification is successful, the smart card reads the MUK corresponding to the MUK_ID and decrypts it using MUK. The encrypted service key and the service key validity period KV data in the KEMAC are obtained and stored in association with the validity period of the MSK and the service key.

内容密钥消息生成模块根据 CW_ID生成内容密钥标识 MTK_ID后，使用业务密钥加密内容密钥 CW, 并封装成内容密钥消息，参见表 5所示的内容密钥消息格式，加密方式和封装格式可以遵循 rfc 3830标准中建议的方式进行。 Common HDR After the content key message generating module generates the content key identifier MTK_ID according to the CW_ID, the content key CW is encrypted by using the service key, and is encapsulated into a content key message. See the content key message format shown in Table 5, encryption mode and encapsulation. The format can be followed in the manner suggested in the rfc 3830 standard. Common HDR

MSK—ID MSK-ID

MTK—ID MTK-ID

TS KEMAC 表 5 TS KEMAC Table 5

Common HDR: MIKEY消息通用消息头； Common HDR: MIKEY message general message header;

MSK_ID: 加密 CW使用的业务密钥标识； MSK_ID: Encrypt the service key identifier used by the CW;

MTK_ID: 内容密钥标识，与某个 CW对应； MTK_ID: content key identifier, corresponding to a CW;

TS: 时间戳，防止重放攻击和终端用于避免重复处理相同的内容密钥消 TS: Timestamp, to prevent replay attacks and terminals used to avoid repeated processing of the same content key

KEMAC: 内容密钥及本内容密钥消息的验证码。 KEMAC: The content key and the verification code for this content key message.

与业务密钥消息中的 KEMAC不同的是，内容密钥消息的 KEMAC中没有 CW的有效期信息。内容密钥消息的 KEMAC结构如表 6所示： Unlike the KEMAC in the service key message, there is no CW validity period information in the KEMAC of the content key message. The KEMAC structure of the content key message is shown in Table 6:

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 & & 0 1 ϋ— -t— +■— ^'一 H— H— H 1 1 — — I ] iH— "— ~ ~— ~— H— ϋ -— ~ + ~ Η— +■— I 1 1— H 1 ] ] 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 & & 0 1 ϋ— -t— +■— ^'H-H—H 1 1 — — I ] iH — "— ~ ~ — ~ — H — ϋ — — ~ + ~ Η — +■ — I 1 1—H 1 ] ]

1 He t ay load i Encr alg I En data len. i ϊ.— -t— +■— ~ H— H— H 1 1 — — I ] iH— "— ~ ~— ~— H— -ji i-— ~ + ~ H— +■— l 1 1— H 1 ] ] ί Enc r data i a.— -t— +■— ~ H— H— H 1 1 — — I ] iH— "- ~ ~~ ~ — H— -ji i- — ~ + ~ H— +■— l 1 1—H 1 ] ] ί Enc r data

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+

I Ha. o a 1 g ！ M¾.C """"I Ha. o a 1 g ! M3⁄4.C """"

+-+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 表 6 +-+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+ Table 6

Encr alg: 指明使用的加密算法； Encr alg: indicates the encryption algorithm used;

Encr data len: 指明加密数据部分的长度； Encr data len: indicates the length of the encrypted data portion;

Encr data: 其中放置了被业务密钥 MSK加密后的内容密钥 CW及一些相关参数； Encr data: where the content key CW encrypted by the service key MSK and some related parameters are placed;

Mac: 存放内容密钥消息验证码，用于验证本内容密钥消息的完整性。其中， Encr data的结构如表 7所示: Mac: Stores a content key message verification code that is used to verify the integrity of this content key message. The structure of Encr data is shown in Table 7:

0 1 2 3 4 5 6 7 S 9 0 1 2 3 4 5 S 7 8 9 Q 1 2 3 4 5 € 7 8 9 0 1 0 1 2 3 4 5 6 7 S 9 0 1 2 3 4 5 S 7 8 9 Q 1 2 3 4 5 € 7 8 9 0 1

— I |r - -j|— -) i \ |r— 1|-— |r— i— H— ~i 1— ~i h—— I ί ¾— -) i \ [-— li-— |— ¾— H— ~i \ jr i ifext F y load ί Ty e ! V ί Key da a len I— I |r - -j|— -) i \ |r— 1|-— |r— i— H— ~i 1— ~ih — I ί 3⁄4— -) i \ [-- li-— | — 3⁄4— H— ~i \ jr i ifext F y load ί Ty e ! V ί Key da a len I

+— [-— ^ Ij — — -J j (-— — j j—— Η— - 1 jr—-— ί— Η — Η— -) \ . — j j—— Η+— [-- ^ Ij — — -J j (--- j j—— Η— - 1 jr—-— ί— Η — Η—-) \ . — j j—— Η

I Key da a I Key da a

|· _ _ _j _^ _^ j_ ^_ j _j _^ +一 _j _― + _ ^ _j _^ +一 _^ . ^_ j _j _^ _j 表 7 |· _ _ _j _^ _^ j_ ^_ j _j _^ + one _j _― + _ ^ _j _^ + one _^ . ^_ j _j _^ _j Table 7

Next payload: 指示下一个数据域的载荷； Next payload: indicates the payload of the next data field;

KV: 有效期类型，由于内容密钥没有有效期，因此内容密钥消息中的该值为 0, 具体可以参考规范中的规定； KV: Validity type, because the content key has no expiration date, the value in the content key message is 0. For details, refer to the specification.

Key data len: 加密后的密钥数据长度； Key data len: the length of the encrypted key data;

Key data: 加密后的密钥数据。 Key data: Encrypted key data.

内容密钥消息生成模块生成内容密钥消息后，将生成的内容密钥消息发送给授权控制消息生成器 ECMG, ECMG将内容密钥消息进一步打包，生成复用器能复用的授权控制消息 ECM, 并将生成的 ECM消息发送给加扰器。 ECMG生成 ECM消息的过程与条件接收***中生成的过程一致，这里不再赘述。 After the content key message generating module generates the content key message, the generated content key message is sent to the authorization control message generator ECMG, and the ECMG further packages the content key message to generate an authorization control message ECM that the multiplexer can multiplex. And send the generated ECM message to the scrambler. The process of generating an ECM message by the ECMG is consistent with the process generated in the conditional access system, and will not be described here.

ECMG和加扰器之间的接口属于现有技术，在现有技术中，加扰器生成的 CW直接发送给 ECMG, ECMG生成的 ECM再返回给加扰器。本发明中沿用这两个接口，但是， CW供给接口是加扰器和内容密钥消息生成模块相连接， ECM返回接口是 ECMG和加扰器相连接。这一对接口的通信将先建立通信通道，再建立流，这两个步骤都是以发送数据为目的，在本发明中，加扰器可以通过 CW_provision消息将 CW及 CW_ID发送给内容密钥消息生成模块， ECMG生成 ECM后，可以通过 ECM_response消息将 ECM返回给加扰器。加扰器使用内容密钥 CW加扰节目内容，节目的播放是事先编排好并严格按照编排顺序进行播放的，加密这些节目内容的 CW的使用时间必须尽可能和加扰器通知手机电视业务平台的 CW生效时刻相同，误差不能超过一个The interface between the ECMG and the scrambler belongs to the prior art. In the prior art, the CW generated by the scrambler is directly sent to the ECMG, and the ECM generated by the ECMG is returned to the scrambler. The two interfaces are used in the present invention. However, the CW supply interface is connected to the scrambler and the content key message generating module, and the ECM return interface is connected to the ECMG and the scrambler. The communication of the pair of interfaces will first establish a communication channel and then establish a flow. Both steps are for the purpose of transmitting data. In the present invention, the scrambler can send the CW and CW_ID to the content key message through the CW_provision message. After the ECM generates the ECM, the ECM can return the ECM to the scrambler through the ECM_response message. The scrambler scrambles the content of the program by using the content key CW. The playback of the program is pre-arranged and played in strict accordance with the order of the arrangement. The usage time of the CW for encrypting the content of the program must be notified to the mobile TV service platform as much as possible by the scrambler. The CW is effective at the same time, and the error cannot exceed one.

CW加密周期，现有条件接收***的同步机制可以保证这个要求；否则，终端在接收到加密内容后将无法解密播放或无法完整解密播放一个节目，如何保证终端及时获得 ECM并使用正确的 ECM中的 CW解密节目内容属于条件接收***的现有技术。广播节目时，节目内容和对应的 ECM消息将被加扰器封装成 MPEG-2 TS流，然后经复用器复用，向终端进行广播。 CW encryption cycle, the synchronization mechanism of the existing conditional access system can guarantee this requirement; otherwise, the terminal will not be able to decrypt the playback after receiving the encrypted content or can not completely decrypt and play a program, how to ensure that the terminal obtains the ECM in time and uses the correct ECM. The CW decryption program content belongs to the prior art of the conditional access system. When the program is broadcast, the program content and the corresponding ECM message will be encapsulated into MPEG-2 TS streams by the scrambler, and then multiplexed by the multiplexer to be broadcast to the terminal.

下面对终端得到业务密钥后，进行业务接收的过程作进一步详细阐述，参见图 9所示，主要包括以下步骤： After the service key is obtained by the terminal, the process of receiving the service is further elaborated. Referring to FIG. 9, the method mainly includes the following steps:

步骤 901: 终端的收发单元接收到广播的 MPEG-2 TS流后，通过解复用器进行解复用，获取节目内容数据及 ECM消息，并緩存节目内容，且由 ECM 解析模块 EECM从 ECM消息中解析出 MIKEY消息，并将解析出的 MIKEY 消息发送给智能卡，请求智能卡进行解密以获取内容密钥 CW。 Step 901: After receiving the broadcast MPEG-2 TS stream, the transceiver unit of the terminal performs demultiplexing by using a demultiplexer to obtain program content data and an ECM message, and caches the program content, and the ECM parsing module EECM receives the ECM message. The MIKEY message is parsed, and the parsed MIKEY message is sent to the smart card, and the smart card is requested to decrypt to obtain the content key CW.

步骤 902: 智能卡收到收发单元发送来的 MIKEY消息后，首先判断收到的 MIKEY消息的类型，如果该 MIKEY消息包括 MSK_ID和 MTK_ID, 则说明该 MIKEY消息是内容密钥消息，智能卡从收到的内容密钥消息中提取出 MSK_ID。 Step 902: After receiving the MIKEY message sent by the transceiver unit, the smart card first determines the type of the received MIKEY message. If the MIKEY message includes the MSK_ID and the MTK_ID, the MIKEY message is a content key message, and the smart card receives the message. The MSK_ID is extracted from the content key message.

步骤 903：智能卡再提取 MIKEY消息中的 TS信息，并与保存的步骤 902 中提取的 MSK_ID对应的 TS进行比较，如果再次提取的 TS小于或等于保存的 TS, 则丢弃该消息，并向收发单元返回失败响应，结束本流程的处理；如果再次提取的 TS大于保存的 TS, 则执行步骤 904。 Step 903: The smart card re-extracts the TS information in the MIKEY message, and compares it with the TS corresponding to the MSK_ID extracted in step 902. If the TS extracted again is less than or equal to the saved TS, the message is discarded, and the message is sent to the transceiver unit. The failure response is returned, and the processing of the flow is ended. If the TS extracted again is larger than the saved TS, step 904 is performed.

步骤 904: 智能卡根据在步骤 902中获得的 MSK_ID寻找自身保存的业务密钥，找到 MSK_ID对应的 MSK后，智能卡判断该 MIKEY消息中携带的 MTK_ID是否在业务密钥有效期范围内，如果 MTK_ID小于等于有效期的下限、或者大于等于有效期的上限，则智能卡丢弃该 MIEKY消息，并向收发单元返回失败响应，结束本流程的处理；如果 MTK_ID介于有效期的上、下限之间，则执行步骤 905。 Step 904: The smart card searches for the service key saved by the MSK_ID obtained in step 902, and finds the MSK_ID corresponding to the MSK_ID. The smart card determines whether the MTK_ID carried in the MIKEY message is within the validity period of the service key, if the MTK_ID is less than or equal to the validity period. If the lower limit of the validity period is greater than or equal to the upper limit of the validity period, the smart card discards the MIEKY message and returns a failure response to the transceiver unit to end the processing of the process. If the MTK_ID is between the upper and lower limits of the validity period, step 905 is performed.

步骤 905：智能卡从 MIEKY消息中提取出 Mac验证码，并进行消息完整性验证，如果验证失败，智能卡则丢弃该 MIEKY消息，并向收发单元返回失败响应，结束本流程的处理；如果险证成功，智能卡则将新收到的 TS 替换先前保存的、与本消息中包含的 MSK_ID相对应的 TS, 然后执行步骤 906。 Step 905: The smart card extracts the Mac verification code from the MIEKY message, and performs message integrity verification. If the verification fails, the smart card discards the MIEKY message, and returns a failure response to the transceiver unit, and ends the process of the process; if the risk is successful The smart card replaces the newly received TS with the previously saved TS corresponding to the MSK_ID included in the message, and then performs step 906.

步骤 906: 智能卡使用 MSK对 MIEKY消息中携带的加密后的内容密钥进行解密，获取内容密钥 CW, 并将获取的 CW返回给收发单元。 Step 906: The smart card uses the MSK to decrypt the encrypted content key carried in the MIEKY message, obtains the content key CW, and returns the obtained CW to the transceiver unit.

接收收发单元发送来的内容密钥消息，使用业务密钥 MSK进行解密获取内容密钥 CW, 并将获取的 CW返回给收发单元的过程，主要由智能卡中的内容密钥解密模块完成。 The process of receiving the content key message sent by the transceiver unit, decrypting the content key CW using the service key MSK, and returning the acquired CW to the transceiver unit is mainly completed by the content key decryption module in the smart card.

步骤 907: 收发单元中的内容解密模块收到智能卡返回的 CW后，使用 CW对收到的广播下发的加密后的内容进行解密，并将解密后的内容发送给内容展现模块，内容展现模块收到后进行解码并播示。 Step 907: After receiving the CW returned by the smart card, the content decryption module in the transceiver unit decrypts the encrypted content delivered by the received broadcast by using the CW, and sends the decrypted content to the content presentation module, and the content presentation module. After receiving, decode and broadcast.

为便于理解，下面通过一具体实施例对本发明进行筒要说明。 For ease of understanding, the present invention will be described below by way of a specific embodiment.

假设手机电视服务器以频道形式向用户提供业务，一个业务对应一个频道，一个频道配置一个业务密钥，一个频道中含有多个节目。用户可以订购一个频道，以包月方式接收手机电视业务，也可以按次消费 pay-per-view, 随时订购任一个频道中的节目，包月用户只要订购了一个频道，就可以收看这个频道的所有节目。 It is assumed that the mobile TV server provides services to users in the form of channels, one service corresponds to one channel, one channel is configured with one service key, and one channel contains multiple programs. Users can order a channel, receive mobile TV services in monthly subscriptions, or pay per-view pay-per-view to order programs on any channel at any time. Users who subscribe to a channel can watch all the programs on this channel. .

手机电视运营商每提供一个体育频道节目，手机电视服务器中的业务管理模块就配置该业务，并为新业务分配一个业务标识 SportsOOl , 配置订购选项为包月和按次消费，设置价格信息为：包月 5元 /月，按次消费 0.5元 /节目。业务密钥管理模块生成并维护该体育频道的业务密钥 MSK, 同时维护Each mobile TV operator provides a sports channel program, the service management module in the mobile TV server configures the service, and assigns a service identifier SportsOOl to the new service, and configures the subscription option to be monthly and per-time consumption. The price information is set as: monthly 5 yuan / month, consumption 0.5 yuan / section Head. The service key management module generates and maintains the service key MSK of the sports channel while maintaining

MSK 和对应业务的对应关系 <Sports001, MSK_sports001>，其中， MSK_sports001为该业务密钥标识。 The correspondence between the MSK and the corresponding service <Sports001, MSK_sports001>, where MSK_sports001 is the service key identifier.

4叚设用户某天上午 10: 00查看业务指南，发现上述体育频道，不想包月，只想看当天晚上 20: 00 - 20: 30的 "世界杯精彩进球"节目，于是操作终端发送一个业务订购请求，用户需要点选 "世界杯精彩进球"，订购类型选择 pay-per-view。手机电视服务器接收订购请求，对用户进行认证后，创建订购关系 <用户名 xxxxxx (如手机号）， "世界杯精彩进球"， pay-per-view, 订购日期， …… （可选信息）〉。 4 Set the user to check the business guide at 10: 00 am one day, find the above sports channel, do not want to cover the month, just want to watch the "World Cup wonderful goal" program at 20: 00 - 20: 30 that evening, then the operation terminal sends a service order The request, the user needs to click on the "World Cup wonderful goal", the order type select pay-per-view. The mobile TV server receives the order request, and after authenticating the user, creates a subscription relationship <user name xxxxxx (such as mobile phone number), "World Cup wonderful goal", pay-per-view, order date, ... (optional information) .

到当天晚上 8点，用户打开手机电视终端，准备接收精彩进球节目，如果终端接收加密的内容后，发现智能卡中没有解密 CW的业务密钥，则从内容密钥消息中寻找业务密钥标识 MSK_ID, 并向手机电视服务器发送业务密钥请求消息，这些步骤对用户透明。手机电视服务器收到业务密钥请求消息后，对用户进行认证，并在认证通过后，向业务管理模块查询用户订购关系，当发现此用户订购了 SportsOOl 频道的世界杯精彩进球节目，且属于 pay-per-view 消费方式时，业务密钥管理模块根据 "世界杯精彩进球" 的节目安排计算出应该为该用户的 SportsOOl频道的业务密钥配置本日 20: 00 - 20: 30 这段时间的时间区间为业务密钥有效期，也就是这段时间将使用的 CW的 MTK_ID区间范围，然后使用该用户之前协商的 GBA共享密钥 MUK 加密业务密钥并点对点下发。 At 8 o'clock in the evening, the user opens the mobile TV terminal and prepares to receive the wonderful goal program. If the terminal receives the encrypted content and finds that the smart card does not decrypt the service key of the CW, the service key identifier is searched for from the content key message. MSK_ID, and send a service key request message to the mobile TV server, these steps are transparent to the user. After receiving the service key request message, the mobile TV server authenticates the user, and after the authentication is passed, queries the service management module for the user subscription relationship, and finds that the user subscribes to the World Cup wonderful goal program of the SportsOOl channel, and belongs to the pay In the -per-view consumption mode, the business key management module calculates the business key of the SportsOOl channel for the user according to the "World Cup Wonderful Goals" program schedule. 20: 00 - 20: 30 of this time The interval is the service key validity period, that is, the range of the MTK_ID interval of the CW to be used during this period, and then the service key is encrypted using the GBA shared key MUK negotiated by the user and sent to the peer-to-peer.

终端接收到业务密钥后才开始解密内容，解密内容时，首先由智能卡使用业务密钥解密加密后的 CW, 并且，智能卡每解密一个 CW之前，都需要判断 MTK_ID是否在业务密钥有效期范围之内，如果在，则继续解密加密后的 CW; 如果不在，则拒绝继续解密。得到解密后的 CW后，终端使用 CW 对加密后的节目内容进行解密，获得节目内容明文并展现给用户。在播放节目半个小时后，智能卡发现 MTK_ID超出业务密钥有效期的上限值，则停止解密加密后的 CW, 用户将无法收看超过订购时间的其它节目。 After the terminal receives the service key, it starts to decrypt the content. When the content is decrypted, the smart card first decrypts the encrypted CW by using the service key. Before the smart card decrypts a CW, it needs to determine whether the MTK_ID is in the valid period of the service key. If it is, continue to decrypt the encrypted CW; if not, refuse to continue decryption. After obtaining the decrypted CW, the terminal decrypts the encrypted program content by using the CW, and obtains the plaintext of the program content and presents it to the user. In the play section After half an hour, the smart card finds that the MTK_ID exceeds the upper limit of the validity period of the service key, and then stops decrypting the encrypted CW, and the user will not be able to watch other programs that exceed the subscription time.

以上所述对本发明的目的、技术方案和有益效果进行了进一步的详细说明，所应理解的是，以上所述并不用以限制本发明，凡在本发明的精神和原则之内，所做的任何修改、等同替换、改进等，均应包含在本发明的保护范围之内。 The above-mentioned objects, technical solutions, and advantageous effects of the present invention are further described in detail. It is to be understood that the above description is not intended to limit the present invention, and is within the spirit and principles of the present invention. Any modifications, equivalent substitutions, improvements, etc., are intended to be included within the scope of the present invention.

Claims

权利要求书 Claim

1、一种手机电视业务保护方法，其特征在于，该方法包括： A mobile phone television service protection method, characterized in that the method comprises:

手机电视服务器使用内容密钥对广播内容进行加密，使用业务密钥对内容密钥进行加密，使用用户密钥对业务密钥进行加密，并通过广播通道广播下发加密后的内容和内容密钥，通过点对点通道向终端下发加密后的业务密钥。 The mobile TV server encrypts the broadcast content by using the content key, encrypts the content key by using the service key, encrypts the service key by using the user key, and broadcasts the encrypted content and the content key through the broadcast channel. The encrypted service key is sent to the terminal through the peer-to-peer channel.

2、根据权利要求 1所述的方法，其特征在于，该方法进一步包括：终端使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并使用获得的内容密钥对加密后的内容进行解密获得内容。 The method according to claim 1, wherein the method further comprises: the terminal decrypting the received encrypted service key by using a user key to obtain a service key, and using the obtained service key to collect The encrypted content key is decrypted to obtain a content key, and the encrypted content is decrypted using the obtained content key to obtain the content.

3、根据权利要求 1或 2所述的方法，其特征在于，所述手机电视服务器使用用户密钥对业务密钥进行加密之前进一步包括：终端和引导服务功能模块 BSF协商用户密钥，手机电视服务器从 BSF获取该终端的用户密钥。 The method according to claim 1 or 2, wherein before the mobile phone television server encrypts the service key by using the user key, the method further comprises: the terminal and the guiding service function module BSF negotiating the user key, the mobile phone television The server obtains the user key of the terminal from the BSF.

4、根据权利要求 1或 2所述的方法，其特征在于，所述手机电视服务器通过点对点通道向终端下发加密后的业务密钥时进一步包括：根据用户订购关系确定业务密钥有效期，并将业务密钥有效期通过点对点通道下发给终端；终端在所述业务密钥有效期范围内执行所述对加密后的内容密钥进行解密的操作。 The method according to claim 1 or 2, wherein the mobile phone server sends the encrypted service key to the terminal through the point-to-point channel, further comprising: determining the validity period of the service key according to the user subscription relationship, and The service key validity period is sent to the terminal through the point-to-point channel; the terminal performs the operation of decrypting the encrypted content key within the service key validity period.

5、根据权利要求 4所述的方法，其特征在于，所述手机电视服务器通过广播通道广播下发加密后的内容密钥时进一步包括：根据内容密钥生效时刻生成内容密钥标识，并将该内容密钥标识广播下发给终端； The method according to claim 4, wherein the mobile phone television server broadcasts the encrypted content key through the broadcast channel, further comprising: generating a content key identifier according to the content key effective time, and The content key identifier is broadcasted to the terminal;

所述终端使用获得的业务密钥对收到的加密后的内容密钥进行解密之前进一步包括：终端判断所述内容密钥标识是否在业务密钥有效期范围内，如果是，则使用获得的业务密钥对收到的加密后的内容密钥进行解密；否则，拒绝进行解密。 Before the terminal decrypts the received encrypted content key by using the obtained service key, the terminal further includes: determining, by the terminal, whether the content key identifier is within a valid period of the service key, and if yes, using the obtained service The key decrypts the received encrypted content key; otherwise, the decryption is denied.

6、根据权利要求 4或 5所述的方法，其特征在于，该方法进一步包括：根据内容密钥的加密周期将计费周期划分为时间区间的组合； The method according to claim 4 or 5, wherein the method further comprises: dividing the charging period into a combination of time intervals according to an encryption period of the content key;

7、根据权利要求 6所述的方法，其特征在于，所述根据内容密钥生效时刻生成内容密钥标识包括：直接将内容密钥生效时刻作为内容密钥标识，或者将内容密钥生效时刻所在时间区间的上限值作为内容密钥标识。 The method according to claim 6, wherein the generating the content key identifier according to the content key effective time comprises: directly using the content key effective time as the content key identifier, or validating the content key The upper limit of the time interval is identified as the content key.

8、一种接收手机电视业务的方法，其特征在于，包括： 8. A method for receiving a mobile TV service, the method comprising:

终端接收手机电视服务器下发的加密后的内容、加密后的内容密钥以及加密后的业务密钥，并使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，使用获得的内容密钥对加密后的内容进行解密获得内容。 The terminal receives the encrypted content delivered by the mobile TV server, the encrypted content key, and the encrypted service key, and decrypts the received encrypted service key by using the user key to obtain a service key, and uses the service key. The obtained service key decrypts the received encrypted content key to obtain a content key, and decrypts the encrypted content using the obtained content key to obtain the content.

9、根据权利要求 8所述的方法，其特征在于，该方法进一步包括：终端接收手机电视服务器下发的业务密钥有效期，在该业务密钥有效期范围内执行所述对加密后的内容密钥进行解密的操作。 The method according to claim 8, wherein the method further comprises: receiving, by the terminal, a service key validity period delivered by the mobile TV server, and executing the encrypted content confidentiality within the validity period of the service key The operation of decrypting the key.

10、根据权利要求 9所述的方法，其特征在于，所述使用获得的业务密钥对收到的加密后的内容密钥进行解密之前进一步包括：终端接收手机电视服务器下发的内容密钥标识，并判断该内容密钥标识是否在所述业务密钥有效期范围内，如果是，则使用获得的业务密钥对收到的加密后的内容密钥进行解密；否则，拒绝进行解密。 The method according to claim 9, wherein the decrypting the received encrypted content key by using the obtained service key further comprises: receiving, by the terminal, a content key delivered by the mobile TV server And determining whether the content key identifier is within the validity period of the service key, and if yes, decrypting the received encrypted content key using the obtained service key; otherwise, decrypting is refused.

11、一种手机电视业务保护***，包括手机电视服务器和手机电视终端，其特征在于，所述手机电视服务器包括加扰器和密钥管理单元，其中，加扰器，用于生成内容密钥，将生成的内容密钥发送给密钥管理单元，并使用内容密钥对广播内容进行加密，通过广播通道广播下发加密后的内容；密钥管理单元，用于管理用户密钥和业务密钥，使用用户密钥对业务密钥进行加密，通过点对点通道将加密后的业务密钥发送给终端，并用于接收来自加扰器的内容密钥，使用业务密钥对内容密钥进行加密，通过广播通道广播下发加密后的内容密钥； A mobile phone television service protection system, comprising a mobile phone television server and a mobile phone television terminal, wherein the mobile phone television server comprises a scrambler and a key management unit, wherein a scrambler, configured to generate a content key, send the generated content key to the key management unit, and encrypt the broadcast content by using the content key, and broadcast the encrypted content through the broadcast channel; the key management unit For managing the user key and the service key, encrypting the service key with the user key, transmitting the encrypted service key to the terminal through the peer-to-peer channel, and receiving the content key from the scrambler, using The service key encrypts the content key, and broadcasts the encrypted content key through the broadcast channel;

收发单元，用于接收来自智能卡的内容密钥以及来自手机电视服务器的加密后的内容，并使用收到的内容密钥对收到的加密后的内容进行解密获得内容明文。 The transceiver unit is configured to receive the content key from the smart card and the encrypted content from the mobile TV server, and decrypt the received encrypted content using the received content key to obtain the plaintext.

12、根据权利要求 11所述的***，其特征在于，所述加扰器包括控制字生成器和内容加密模块，其中， The system according to claim 11, wherein the scrambler comprises a control word generator and a content encryption module, wherein

业务密钥管理模块，用于管理业务密钥，将业务密钥发送给内容密钥消息生成模块，并用于从用户密钥管理模块获取用户密钥，使用用户密钥对业务密钥进行加密，生成包括加密后业务密钥的业务密钥消息，并通过点对点通道将业务密钥消息发送给终端； a service key management module for managing a service key and transmitting the service key to the content key And an information generating module, configured to obtain a user key from the user key management module, encrypt the service key by using the user key, generate a service key message including the encrypted service key, and send the service key message through the peer-to-peer channel Sent to the terminal;

13、根据权利要求 12所述的***，其特征在于，所述智能卡包括用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，其中， The system according to claim 12, wherein the smart card comprises a user key management module, a service key management module, and a content key decryption module, wherein

业务密钥管理模块，用于接收来自手机电视服务器的业务密钥消息，从用户密钥管理模块获取用户密钥，使用用户密钥对收到的业务密钥消息中携带的加密后业务密钥进行解密获得业务密钥，并将获得的业务密钥发送给内容密钥解密模块； a service key management module, configured to receive a service key message from the mobile phone television server, obtain a user key from the user key management module, and use the user key to encrypt the encrypted service key carried in the received service key message. Decrypting to obtain a service key, and transmitting the obtained service key to the content key decryption module;

所述收发单元包括授权控制消息解析模块、内容解密模块和内容展现模块，其中，授权控制消息解析模块，用于接收来自手机电视服务器的授权控制消息，从授权控制消息中解析出内容密钥消息，并将解析出的内容密钥消息发送给内容解密模块； The transceiver unit includes an authorization control message parsing module, a content decryption module, and a content presentation module, where The authorization control message parsing module is configured to receive an authorization control message from the mobile phone television server, parse the content key message from the authorization control message, and send the parsed content key message to the content decryption module;

14、根据权利要求 12或 13所述的***，其特征在于，所述手机电视服务器的业务密钥管理模块进一步用于根据用户订购关系确定业务密钥有效期，并在生成的业务密钥消息中进一步携带业务密钥有效期。 The system according to claim 12 or 13, wherein the service key management module of the mobile TV server is further configured to determine a validity period of the service key according to the user subscription relationship, and in the generated service key message. Further carrying the service key validity period.

15、根据权利要求 14所述的***，其特征在于，所述加扰器进一步用于在生成内容密钥后确定内容密钥生效时刻，并将内容密钥生效时刻发送给内容密钥消息生成模块； The system according to claim 14, wherein the scrambler is further configured to determine a content key effective time after generating the content key, and send the content key effective time to the content key message generation Module

16、根据权利要求 15所述的***，其特征在于，所述终端的内容密钥解密模块进一步用于从终端的业务密钥管理模块获取业务密钥有效期，并判断收到的内容密钥消息中携带的内容密钥标识是否在业务密钥有效期内。 The system according to claim 15, wherein the content key decryption module of the terminal is further configured to obtain a service key validity period from the service key management module of the terminal, and determine the received content key message. Whether the content key identifier carried in the service key is valid.

17、一种手机电视服务器，其特征在于，该手机电视服务器包括加扰器和密钥管理单元，其中， 17. A mobile TV server, characterized in that the mobile TV server comprises a scrambler and a key management unit, wherein

加扰器，用于生成内容密钥，将生成的内容密钥发送给密钥管理单元，并使用内容密钥对广播内容进行加密，通过广播通道广播下发加密后的内容；密钥管理单元，用于管理用户密钥和业务密钥，使用用户密钥对业务密钥进行加密，通过点对点通道下发加密后的业务密钥，并用于接收来自加扰器的内容密钥，使用业务密钥对内容密钥进行加密，通过广播通道广播下发加密后的内容密钥。 a scrambler, configured to generate a content key, send the generated content key to the key management unit, and encrypt the broadcast content by using the content key, and broadcast the encrypted content through the broadcast channel; the key management unit For managing user keys and business keys, using user keys for business secrets The key is encrypted, the encrypted service key is delivered through the peer-to-peer channel, and the content key from the scrambler is received, the content key is encrypted by using the service key, and the encrypted content is broadcasted through the broadcast channel. key.

18、根据权利要求 17所述的手机电视服务器，其特征在于，所述加扰器包括控制字生成器和内容加密模块，其中， The mobile phone television server according to claim 17, wherein the scrambler comprises a control word generator and a content encryption module, wherein

19、根据权利要求 18所述的手机电视服务器，其特征在于，所述业务密钥管理模块进一步用于根据用户订购关系确定业务密钥有效期，并在生成的业务密钥消息中进一步携带业务密钥有效期。 The mobile phone television server according to claim 18, wherein the service key management module is further configured to determine a service key validity period according to the user subscription relationship, and further carry the service confidentiality in the generated service key message. Key validity period.

20、根据权利要求 19所述的手机电视服务器，其特征在于，所述加扰器进一步用于在生成内容密钥后确定内容密钥生效时刻，并将内容密钥生效时刻发送给内容密钥消息生成模块； The mobile phone television server according to claim 19, wherein the scrambler is further configured to determine a content key effective time after generating the content key, and send the content key effective time to the content key Message generation module;

21、一种手机电视终端，其特征在于，包括智能卡和收发单元，其中，智能卡，用于管理用户密钥，并用于接收点对点下发的加密后的业务密钥，使用用户密钥对收到的加密后的业务密钥进行解密获得业务密钥，并用于接收来自广播下发的加密后的内容密钥，使用获得的业务密钥对收到的加密后的内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元； A mobile phone television terminal, comprising: a smart card and a transceiver unit, wherein the smart card is configured to manage the user key and is used for receiving the encrypted service key delivered by the peer-to-peer, using the user key pair to receive The encrypted service key is decrypted to obtain a service key, and is used for receiving the encrypted content key delivered from the broadcast, and decrypting the received encrypted content key using the obtained service key to obtain the content secret. Key, and sending the obtained content key to the transceiver unit;

22、根据权利要求 21所述的终端，其特征在于，所述智能卡包括用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，其中， The terminal according to claim 21, wherein the smart card comprises a user key management module, a service key management module, and a content key decryption module, wherein

内容密钥解密模块，用于接收来自业务密钥管理模块的业务密钥以及来自收发单元的内容密钥消息 , 并使用收到的业务密钥对收到的内容密钥消息中携带的加密后内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元； a content key decryption module, configured to receive a service key from the service key management module and The content key message of the transceiver unit is obtained, and the encrypted content key carried in the received content key message is decrypted using the received service key to obtain a content key, and the obtained content key is sent to the transceiver. unit;

23、根据权利要求 22所述的终端，其特征在于，所述内容密钥解密模块进一步用于从业务密钥管理模块获取业务密钥有效期，并判断收到的内容密钥消息中携带的内容密钥标识是否在业务密钥有效期内。 The terminal according to claim 22, wherein the content key decryption module is further configured to obtain a service key validity period from the service key management module, and determine the content carried in the received content key message. Whether the key identifier is within the validity period of the service key.

24、一种智能卡，其特征在于，该智能卡包括用户密钥管理模块、业务密钥管理模块和内容密钥解密模块，其中， A smart card, comprising: a user key management module, a service key management module, and a content key decryption module, wherein

内容密钥解密模块，用于接收来自业务密钥管理模块的业务密钥以及来自收发单元的内容密钥消息，并使用收到的业务密钥对收到的内容密钥消息中携带的加密后内容密钥进行解密获得内容密钥，并将获得的内容密钥发送给收发单元。 a content key decryption module, configured to receive a service key from the service key management module and a content key message from the transceiver unit, and use the received service key pair to receive the received content key message The encrypted content key carried in the decryption obtains the content key, and sends the obtained content key to the transceiver unit.

25、根据权利要求 24所述的智能卡，其特征在于，所述内容密钥解密模块进一步用于从业务密钥管理模块获取业务密钥有效期，并判断收到的内容密钥消息中携带的内容密钥标识是否在业务密钥有效期内。 The smart card according to claim 24, wherein the content key decryption module is further configured to obtain a service key validity period from the service key management module, and determine the content carried in the received content key message. Whether the key identifier is within the validity period of the service key.