WO2010130228A1 - Mobile multimedia broadcasting system and applied encryption method thereof - Google Patents

Mobile multimedia broadcasting system and applied encryption method thereof Download PDF

Info

Publication number
WO2010130228A1
WO2010130228A1 PCT/CN2010/072795 CN2010072795W WO2010130228A1 WO 2010130228 A1 WO2010130228 A1 WO 2010130228A1 CN 2010072795 W CN2010072795 W CN 2010072795W WO 2010130228 A1 WO2010130228 A1 WO 2010130228A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
mobile multimedia
multimedia broadcast
key
service
Prior art date
Application number
PCT/CN2010/072795
Other languages
French (fr)
Chinese (zh)
Inventor
柯尊友
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2010130228A1 publication Critical patent/WO2010130228A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/06Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services

Definitions

  • the present invention relates to a mobile multimedia broadcast service system, and more particularly to a mobile multimedia broadcast system and an encryption method therefor. Specifically, the present invention relates to a method for encrypting a service key using a user key when a user roams in a mobile multimedia broadcast service system.
  • Device. Background technique
  • Figure 1 shows the system structure of a mobile multimedia broadcast system. For the convenience of description, only the relevant structure of the system when the terminal is roaming is shown here.
  • the system includes China Mobile Multimedia Broadcasting (CMMB) and mobile communication network service platform; the mobile multimedia broadcasting system can only include the CMMB network service platform.
  • CMMB China Mobile Multimedia Broadcasting
  • the CMMB network service platform includes: Mobile multimedia broadcasting service platforms built in various provinces, such as mobile multimedia broadcasting service platforms for mobile multimedia broadcasting users (B province mobile multimedia broadcasting platform in Figure 1), mobile multimedia broadcasting users belonging to provincial mobile multimedia
  • the broadcasting service platform (the mobile multimedia broadcasting platform of province A in Figure 1); the national business platform may include a number of local city platforms, as shown in Figure 1, there are two mobile multimedia broadcasting platforms in the provinces of B; the national mobile multimedia broadcasting platform.
  • Location of the terminal The mobile multimedia broadcast platform of the B province and each mobile multimedia broadcast platform are connected through interfaces such as service key synchronization interface and service key encryption interface.
  • the mobile communication network service platform includes: Provincial mobile communication network service platform, as shown in Fig. 1, the B provincial mobile communication platform is a provincial mobile communication service platform for mobile users roaming.
  • the mobile communication network service platform can be China Mobile Co., Ltd., or it can be a mobile network service platform of other mobile operators.
  • the mobile multimedia broadcasting platform can have self-run programs, and can also broadcast programs from cities, provinces, and national platforms. Therefore, the service key of the mobile multimedia broadcast platform can be derived from Local, municipality, province, and national platform.
  • CAS Supplemental Access System
  • the terminal When an end user uses an encrypted program, the terminal needs to obtain a service key from the network side. Due to the security requirement, the service key needs to be encrypted by the user key of the mobile multimedia broadcast before being sent to the terminal by the mobile multimedia broadcast visiting platform.
  • the user information such as the user key is stored in the mobile multimedia broadcast province platform where the user belongs, and the user key information is transmitted to other systems, that is, transmitted to the visited mobile system outside the mobile multimedia broadcast province platform for business confidentiality.
  • the key is encrypted, it is easy to cause leakage of user information and threaten the user's information security.
  • An encryption method used in a mobile multimedia broadcast system when a user terminal roams, the method includes:
  • the mobile multimedia broadcast service platform of the terminal visited the base station to request the encrypted service key from the mobile multimedia broadcast service platform of the terminal home location;
  • the mobile multimedia broadcast service platform at the home of the terminal detects the service key according to the encrypted service key request, the service key is encrypted by using the corresponding user key;
  • the mobile multimedia broadcast service platform at the home of the terminal sends the encrypted service key to the mobile multimedia broadcast service platform of the visited place of the terminal.
  • the information requesting the encrypted service key includes a user identifier.
  • the information requesting the encrypted service key further includes a service key to be encrypted.
  • the mobile multimedia broadcast service platform of the terminal visited the mobile multimedia service service platform of the terminal to request the encrypted service key, and further Request a service key;
  • the process of performing the encryption on the service key by the mobile multimedia broadcast service platform at the home of the terminal includes: the mobile multimedia broadcast service platform at the home of the terminal directly uses the service key generated by the mobile multimedia broadcast service platform according to the encrypted service key request
  • the service key is strongly secreted corresponding to the user key.
  • the method further includes:
  • the mobile multimedia broadcast service platform of the terminal visited to return the service key to the mobile multimedia broadcast service platform at the home of the terminal;
  • the mobile multimedia broadcast service platform at the home of the terminal encrypts the service key using the corresponding user key.
  • the timing of initiating the request includes:
  • the timing of initiating the request includes:
  • a mobile multimedia broadcast system the system includes a device for encrypting a service key by using a user key when the user terminal roams, the device comprising:
  • An encryption requesting unit configured to request, from a mobile multimedia broadcast service platform of the terminal visited location, an encrypted service key to the mobile multimedia broadcast service platform of the terminal home location;
  • the service key encryption unit is configured to: after the service key is detected according to the encrypted service key request, the mobile multimedia broadcast service platform at the home location of the terminal uses the corresponding user key to perform the security key on the service key;
  • the service key returning unit is configured to send the encrypted service key to the mobile multimedia broadcast service platform of the terminal visited by the mobile multimedia broadcast service platform at the home of the terminal.
  • the system further includes a service key encryption request initiation unit, configured to trigger an encryption request unit to initiate a request encryption service when the terminals of both communication parties request a valid service key or when the service key is updated and needs to be sent to the terminal of the communication party. Key.
  • the system further includes a service key requesting unit, configured to request, when the mobile multimedia broadcast platform of the terminal's home location receives the encrypted service key request, and the service key is not detected, to the mobile multimedia broadcast platform of the terminal visited Business key.
  • a service key requesting unit configured to request, when the mobile multimedia broadcast platform of the terminal's home location receives the encrypted service key request, and the service key is not detected, to the mobile multimedia broadcast platform of the terminal visited Business key.
  • the invention has the beneficial effects that: the encryption of the service key is implemented by using the invention, and the risk of information leakage caused by transmitting the user key to the mobile multimedia broadcast service platform other than the home location can be avoided.
  • FIG. 1 is a structural diagram of a mobile multimedia broadcast system provided by the prior art
  • FIG. 2 is a flow chart showing the steps of encrypting a service key by using a user key when a terminal roams in a mobile multimedia broadcast service system according to an embodiment of the present invention
  • FIG. 3 is a flowchart of processing for encrypting a service key when a program source is generated by a home mobile multimedia broadcast service platform according to an embodiment of the present invention
  • FIG. 4 is a flowchart of another service key encryption process according to an embodiment of the present invention
  • FIG. 5 is a structural diagram of an apparatus for encrypting a service key according to an embodiment of the present invention. detailed description
  • the user key is encrypted by the mobile multimedia broadcast service platform to which the user belongs, and then the encrypted service key is transmitted to the service platform of the visited place. Thereby, the risk of information leakage caused by transmitting the user key to the mobile multimedia broadcast service platform other than the home location is avoided.
  • the mobile multimedia broadcast system may include a CMMB network service platform, a mobile communication network service platform, and a terminal for use by a user.
  • CMMB network service platform a mobile multimedia broadcast system associated with the present invention.
  • the CMMB network service platform includes national, provincial, and municipal business platforms.
  • the CAS (Conditional Access System) in the platform can generate a service key, receive the synchronized service key, and save the service key; synchronously send the service key to the relay platform; receive the service key of the mobile communication network service platform Requesting, and returning the service key; requesting the service key encryption from the visited province platform to the home province platform; requesting the service key from the visited national platform to the broadcasted platform.
  • the mobile communication network service platform may: send an update service key indication to the terminal, to trigger the terminal to initiate a service key update process; may obtain a service key from the mobile multimedia broadcast service platform where the program source in the CMMB network service platform is located; receive the terminal service Key acquisition request, and return corresponding service key information;
  • Service Key Generated by the mobile multimedia broadcast service platform where the program source is located.
  • Terminals You can request the service key from the CMMB network service platform or the mobile communication network service platform to receive and use the service key.
  • Terminals are mainly divided into one-way terminals and two-way terminals.
  • a unidirectional terminal is a receiving terminal that can only receive mobile multimedia broadcast television services without an uplink transmission channel, and mainly includes a PDA (Personal Digital Assistant), MP3, MP4, and a digital camera; the two-way terminal is capable of receiving mobile
  • the receiving terminal with the uplink transmission channel mainly includes a mobile phone and a notebook computer.
  • the originating mobile multimedia broadcast platform initiates an encryption service key request to the home mobile multimedia broadcast platform, including when the terminal requests a valid service key; and when the service key is updated and needs to be sent to the terminal.
  • the two-way terminal When the terminal requests a valid service key, the two-way terminal needs a service key to initiate a request for a valid service key or a service key that is valid according to the mobile multimedia platform to visit the request, or for any other reason.
  • the terminal requests a valid service key; when the service key is updated and needs to be sent to the terminal, the mobile multimedia broadcast platform of the program source updates the service key of the program, and then sends an update service key indication to the relevant mobile multimedia broadcast platform.
  • the terminal may be a unidirectional terminal. In this case, the mobile multimedia platform that the one-way terminal visits needs to actively send the updated service key to the unidirectional terminal.
  • the mobile multimedia broadcast platform can be set to send the updated service key to the terminal when the terminal is a two-way terminal.
  • FIG. 2 is a flow chart showing the steps of encrypting a service key by using a user key when a terminal roams in a mobile multimedia broadcast service system according to an embodiment of the present invention. For the convenience of description, only the parts related to the present invention are shown here:
  • step S201 the terminal visited mobile multimedia broadcast platform requests the encrypted media service platform to move the multimedia broadcast platform to the terminal;
  • the information that the visited mobile multimedia broadcast platform requests the encrypted mobile service key from the home mobile multimedia broadcast province platform includes a user identifier, such as a user mobile phone number.
  • step S202 after the home mobile multimedia broadcast platform detects the service key, encrypt the service key by using the corresponding user key; The home mobile multimedia broadcast platform selects to encrypt the service key by using the user key in the corresponding user information according to the user identifier provided in step S201.
  • step S203 the home mobile multimedia broadcast platform returns the encrypted service key to the visited mobile multimedia broadcast platform;
  • the encrypted service key obtained by the visited mobile multimedia broadcast province platform can correspond to the above user identifier. This completes the encryption of the business key.
  • FIG. 3 is a flowchart showing a process of encrypting a service key when a program source is a home mobile multimedia broadcast service platform according to an embodiment of the present invention. Including the following steps:
  • step S301 the visited mobile multimedia broadcast platform requests the service key and requests the encrypted service key at the same time;
  • the program source is the mobile multimedia broadcast platform of the terminal attribution
  • the visited mobile multimedia broadcast platform requests the service key from the terminal mobile multimedia broadcast platform, the service key can be simultaneously requested to be encrypted.
  • the request message includes fields such as a user ID (e.g., a user's mobile number).
  • a user ID e.g., a user's mobile number
  • step S302 the home mobile multimedia service platform generates and encrypts the service key; the home mobile multimedia broadcast platform generates a service key, and according to the user identifier provided in step 301, selects the user secret in the corresponding user information.
  • the key using an encryption algorithm, directly encrypts the service key corresponding to the program generated by itself.
  • step S303 the service key is encrypted and returned.
  • the home mobile multimedia broadcast province platform provides a response to the visited mobile multimedia broadcast platform, including the encrypted service key.
  • the mobile multimedia service platform is requested to request the service key at the same time, and the encrypted service key is requested at the same time, and the mobile multimedia service platform generates the service key to generate the service key, and then directly encrypts, so that the encryption of the service key can be accelerated.
  • FIG. 4 is a flowchart showing another process of encrypting a service key according to an embodiment of the present invention, including The following steps:
  • step S401 the visited mobile multimedia broadcast platform requests an encrypted mobile service key from the home mobile multimedia broadcast platform;
  • the encrypted service key request is sent by the CAS of the visited mobile multimedia broadcast platform to the home wide-level station; the requested message includes user identification information.
  • step S402 if the CAS of the mobile broadcast platform does not detect the service key, the CAS of the mobile multimedia platform is requested to request the service key corresponding to the encrypted service key request;
  • step S403 the CAS of the visited mobile multimedia broadcast platform returns the service key to the CAS of the home mobile multimedia broadcast platform;
  • step S404 the user belongs to the mobile multimedia broadcast platform CAS to encrypt the service key by using the corresponding user key;
  • step S405 the home mobile multimedia broadcast platform CAS returns the encrypted service key to the visited mobile multimedia broadcast platform CAS.
  • FIG. 5 shows an apparatus for encrypting a service key according to an embodiment of the present invention.
  • the device is a device for encrypting a service key using a user key when the user terminal roams, and can be placed in a mobile multimedia broadcast system. For the convenience of description, only parts relevant to the present invention are shown here.
  • the system includes:
  • the encryption requesting unit 501 is configured to request, from the mobile multimedia broadcast service platform of the terminal visited by the terminal, the encrypted service key to the mobile multimedia broadcast service platform of the terminal home; as described above.
  • the service key encryption unit 502 is configured to encrypt the service key by using the corresponding user key after detecting the service key according to the encrypted service key request according to the encrypted service key request; as described above.
  • the service key returning unit 503 is configured to send the encrypted service key to the mobile multimedia broadcast service platform of the terminal visited by the mobile multimedia broadcast service platform at the home of the terminal. Specific As mentioned above.
  • the mobile multimedia broadcast service platform of the visited place can securely encrypt the service key to be transmitted to the terminal.
  • the system further includes a service key encryption request initiating unit, configured to trigger the encryption request unit 501 to initiate a request for the encrypted service key when the two-way terminal requests the valid service key or the service key is updated and needs to be sent to the one-way terminal. Specifically as described above.
  • the system may further include a service key requesting unit, configured to: when the terminal does not detect the service key after receiving the encrypted service key request, the terminal broadcasts the multimedia broadcast platform to request the service key. Specifically as described above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Provided are a system and method, applied in the mobile multimedia broadcasting system, for encrypting a service key with a user key when the user terminal is roaming. The method includes: a mobile multimedia broadcasting service platform in the terminal visiting location requests a mobile multimedia broadcasting service platform in the terminal home location to encrypt a service key; after detecting the service key according to the service key encryption request, the mobile multimedia broadcasting service platform in the terminal home location encrypts the service key with the corresponding user key; the mobile multimedia broadcasting service platform in the terminal home location sends the encrypted service key to the mobile multimedia broadcasting service platform in the terminal visiting location. The above method avoids the risk of information disclosure brought by sending a user key to mobile multimedia broadcasting service platforms outside the home location.

Description

移动多媒体广播***及其使用的加密方法 技术领域  Mobile multimedia broadcasting system and encryption method therefor
本发明涉及移动多媒体广播业务***, 尤其涉及移动多媒体广播*** 及其使用的加密方法, 具体地说, 本发明涉及移动多媒体广播业务***中 当用户漫游时使用用户密钥加密业务密钥的方法和装置。 背景技术  The present invention relates to a mobile multimedia broadcast service system, and more particularly to a mobile multimedia broadcast system and an encryption method therefor. Specifically, the present invention relates to a method for encrypting a service key using a user key when a user roams in a mobile multimedia broadcast service system. Device. Background technique
图 1 示出了一种移动多媒体广播***的***结构。 为了便于描述, 这 里只示出了终端漫游时***的相关结构。 该***包括***多媒体广播 网络业务平台 (China Mobile Multimedia Broadcasting, CMMB )及移动通 信网络业务平台;移动多媒体广播***可以是只包括 CMMB网络业务平台。  Figure 1 shows the system structure of a mobile multimedia broadcast system. For the convenience of description, only the relevant structure of the system when the terminal is roaming is shown here. The system includes China Mobile Multimedia Broadcasting (CMMB) and mobile communication network service platform; the mobile multimedia broadcasting system can only include the CMMB network service platform.
CMMB网絡业务平台包括: 各省建有的移动多媒体广播业务平台, 如 移动多媒体广播用户漫游地省移动多媒体广播业务平台 (图 1 中的 B省移 动多媒体广播平台)、 移动多媒体广播用户归属省移动多媒体广播业务平台 (图 1 中的 A省移动多媒体广播平台) 等; 省业务平台可以包括地市平台 若干, 如图 1 中 B省有地市移动多媒体广播平台 2个; 全国移动多媒体广 播平台。终端所在地 B省移动多媒体广播平台与各个移动多媒体广播平台, 通过业务密钥同步接口、 业务密钥加密接口等接口进行联系。  The CMMB network service platform includes: Mobile multimedia broadcasting service platforms built in various provinces, such as mobile multimedia broadcasting service platforms for mobile multimedia broadcasting users (B Province mobile multimedia broadcasting platform in Figure 1), mobile multimedia broadcasting users belonging to provincial mobile multimedia The broadcasting service platform (the mobile multimedia broadcasting platform of Province A in Figure 1); the provincial business platform may include a number of local city platforms, as shown in Figure 1, there are two mobile multimedia broadcasting platforms in the provinces of B; the national mobile multimedia broadcasting platform. Location of the terminal The mobile multimedia broadcast platform of the B province and each mobile multimedia broadcast platform are connected through interfaces such as service key synchronization interface and service key encryption interface.
移动通信网络业务平台包括: 各省移动通信网络业务平台, 如图 1 中 示出的 B省移动通信平台为移动用户漫游地的省移动通信业务平台。 移动 通信网络业务平台可以是***有限公司的, 也可以是其他移动运营商 的移动网络业务平台。  The mobile communication network service platform includes: Provincial mobile communication network service platform, as shown in Fig. 1, the B provincial mobile communication platform is a provincial mobile communication service platform for mobile users roaming. The mobile communication network service platform can be China Mobile Co., Ltd., or it can be a mobile network service platform of other mobile operators.
移动多媒体广播平台可以有自办节目, 也可转播各地市、 他省、 全国 平台的节目。 因此, 拜访地移动多媒体广播平台的业务密钥, 可以来源于 本地、 所辖地市、 他省、 全国平台。 The mobile multimedia broadcasting platform can have self-run programs, and can also broadcast programs from cities, provinces, and national platforms. Therefore, the service key of the mobile multimedia broadcast platform can be derived from Local, municipality, province, and national platform.
业务密钥通过节目源所在移动多媒体广播业务平台的条件接收*** The conditional receiving system of the mobile multimedia broadcast service platform where the service key is located
( Conditional Access System, CAS )产生后下发到终端的。 在图 1所示的 CMMB与移动通讯网络融合的移动多媒体广播***, 业务密钥需要通过移 动多媒体广播拜访地省平台及移动网络拜访地省平台下发给终端。 (Conditional Access System, CAS) is sent to the terminal after it is generated. In the mobile multimedia broadcast system in which the CMMB and the mobile communication network are integrated as shown in FIG. 1, the service key needs to be sent to the terminal through the mobile multimedia broadcast visited provincial platform and the mobile network visited provincial platform.
终端用户使用加密节目时, 终端需要从网络侧获得业务密钥。 由于安 全性的需要, 该业务密钥在移动多媒体广播拜访地省平台下发到终端前, 需要使用移动多媒体广播的用户密钥加密业务密钥。  When an end user uses an encrypted program, the terminal needs to obtain a service key from the network side. Due to the security requirement, the service key needs to be encrypted by the user key of the mobile multimedia broadcast before being sent to the terminal by the mobile multimedia broadcast visiting platform.
但是, 用户密钥等用户信息保存在用户归属地的移动多媒体广播省平 台, 将用户密钥信息传送给其他***, 即传送给该归属的移动多媒体广播 省平台之外的拜访地***进行业务密钥加密时, 容易造成用户信息的泄漏 而威胁到用户的信息安全。 发明内容  However, the user information such as the user key is stored in the mobile multimedia broadcast province platform where the user belongs, and the user key information is transmitted to other systems, that is, transmitted to the visited mobile system outside the mobile multimedia broadcast province platform for business confidentiality. When the key is encrypted, it is easy to cause leakage of user information and threaten the user's information security. Summary of the invention
本发明的目的在于提供一种移动多媒体广播***及其使用的加密方 法, 旨在解决现有技术下, 移动多媒体广播***中加密业务密钥时容易泄 露用户信息的问题。  It is an object of the present invention to provide a mobile multimedia broadcast system and an encryption method therefor, which aims to solve the problem of easily leaking user information when encrypting a service key in a mobile multimedia broadcast system in the prior art.
为了解决上述技术问题, 本发明的技术方案是这样实现的:  In order to solve the above technical problem, the technical solution of the present invention is implemented as follows:
一种移动多媒体广播***中使用的加密方法, 当用户终端漫游时, 所 述方法包括:  An encryption method used in a mobile multimedia broadcast system, when a user terminal roams, the method includes:
终端拜访地的移动多媒体广播业务平台向终端归属地的移动多媒体广 播业务平台请求加密业务密钥;  The mobile multimedia broadcast service platform of the terminal visited the base station to request the encrypted service key from the mobile multimedia broadcast service platform of the terminal home location;
当终端归属地的移动多媒体广播业务平台根据加密业务密钥请求检测 到业务密钥后, 使用对应用户密钥对业务密钥进行加密;  After the mobile multimedia broadcast service platform at the home of the terminal detects the service key according to the encrypted service key request, the service key is encrypted by using the corresponding user key;
终端归属地的移动多媒体广播业务平台将加密后的业务密钥发送给终 端拜访地的移动多媒体广播业务平台。 请求所述加密业务密钥的信息中包括用户标识。 The mobile multimedia broadcast service platform at the home of the terminal sends the encrypted service key to the mobile multimedia broadcast service platform of the visited place of the terminal. The information requesting the encrypted service key includes a user identifier.
请求所述加密业务密钥的信息中进一步包括待加密的业务密钥。  The information requesting the encrypted service key further includes a service key to be encrypted.
当业务密钥是向所述终端归属地的移动多媒体广播业务平台请求时, 所述终端拜访地的移动多媒体广播业务平台向终端归属地的移动多媒体广 播业务平台请求加密业务密钥的同时, 进一步请求业务密钥;  When the service key is requested by the mobile multimedia broadcast service platform at the home of the terminal, the mobile multimedia broadcast service platform of the terminal visited the mobile multimedia service service platform of the terminal to request the encrypted service key, and further Request a service key;
终端归属地的移动多媒体广播业务平台对业务密钥进行所述加密的过 程包括: 所述终端归属地的移动多媒体广播业务平台根据加密业务密钥请 求检测到自身产生的业务密钥后, 直接使用对应用户密钥对该业务密钥进 行力口密。  The process of performing the encryption on the service key by the mobile multimedia broadcast service platform at the home of the terminal includes: the mobile multimedia broadcast service platform at the home of the terminal directly uses the service key generated by the mobile multimedia broadcast service platform according to the encrypted service key request The service key is strongly secreted corresponding to the user key.
在终端归属地的移动多媒体广播业务平台收到加密请求后、 并且检测 不到业务密钥时, 进一步包括:  After the mobile multimedia broadcast service platform at the home of the terminal receives the encryption request and does not detect the service key, the method further includes:
向终端拜访地的移动多媒体广播业务平台请求所述加密请求对应的业 务密钥;  Requesting, by the mobile multimedia broadcast service platform of the terminal visited, the service key corresponding to the encryption request;
终端拜访地的移动多媒体广播业务平台返回所述业务密钥给终端归属 地的移动多媒体广播业务平台;  The mobile multimedia broadcast service platform of the terminal visited to return the service key to the mobile multimedia broadcast service platform at the home of the terminal;
终端归属地的移动多媒体广播业务平台使用对应的用户密钥对所述业 务密钥进行加密。  The mobile multimedia broadcast service platform at the home of the terminal encrypts the service key using the corresponding user key.
所述终端拜访地的移动多媒体广播业务平台向终端归属地的移动多媒 体广播业务平台请求加密业务密钥步骤中, 发起请求的时机包括:  In the step of requesting the mobile multimedia broadcast service platform of the terminal to the mobile multimedia service platform of the terminal to request the encrypted service key, the timing of initiating the request includes:
终端请求有效业务密钥时; 或,  When the terminal requests a valid service key; or,
业务密钥更新并需要发送给终端时。  When the service key is updated and needs to be sent to the terminal.
所述终端拜访地的移动多媒体广播业务平台向终端归属地的移动多媒 体广播业务平台请求加密业务密钥步骤中, 发起请求的时机包括:  In the step of requesting the mobile multimedia broadcast service platform of the terminal to the mobile multimedia service platform of the terminal to request the encrypted service key, the timing of initiating the request includes:
终端请求有效业务密钥时; 或,  When the terminal requests a valid service key; or,
业务密钥更新并需要发送给终端时。 一种移动多媒体广播***, 所述***包括用户终端漫游时使用用户密 钥加密业务密钥的装置, 该装置包括: When the service key is updated and needs to be sent to the terminal. A mobile multimedia broadcast system, the system includes a device for encrypting a service key by using a user key when the user terminal roams, the device comprising:
加密请求单元 , 用于从终端拜访地的移动多媒体广播业务平台向终端 归属地的移动多媒体广播业务平台请求加密业务密钥;  An encryption requesting unit, configured to request, from a mobile multimedia broadcast service platform of the terminal visited location, an encrypted service key to the mobile multimedia broadcast service platform of the terminal home location;
业务密钥加密单元, 用于在终端归属地的移动多媒体广播业务平台根 据加密业务密钥请求在检测到业务密钥后, 使用对应用户密钥对业务密钥 进行力口密;  The service key encryption unit is configured to: after the service key is detected according to the encrypted service key request, the mobile multimedia broadcast service platform at the home location of the terminal uses the corresponding user key to perform the security key on the service key;
业务密钥返回单元, 用于从终端归属地的移动多媒体广播业务平台将 加密后的业务密钥发送给终端拜访地的移动多媒体广播业务平台。  The service key returning unit is configured to send the encrypted service key to the mobile multimedia broadcast service platform of the terminal visited by the mobile multimedia broadcast service platform at the home of the terminal.
所述***还包括业务密钥加密请求发起单元, 用于在通信双方的终端 均请求有效业务密钥时或业务密钥更新并需要发送给通信一方的终端时, 触发加密请求单元发起请求加密业务密钥。  The system further includes a service key encryption request initiation unit, configured to trigger an encryption request unit to initiate a request encryption service when the terminals of both communication parties request a valid service key or when the service key is updated and needs to be sent to the terminal of the communication party. Key.
所述***还包括业务密钥请求单元, 用于在终端归属地的移动多媒体 广播平台收到加密业务密钥请求后、 并且检测不到业务密钥时, 向终端拜 访地的移动多媒体广播平台请求业务密钥。  The system further includes a service key requesting unit, configured to request, when the mobile multimedia broadcast platform of the terminal's home location receives the encrypted service key request, and the service key is not detected, to the mobile multimedia broadcast platform of the terminal visited Business key.
本发明的有益效果是: 使用本发明实现对业务密钥的加密, 可以避免 将用户密钥传给归属地以外的移动多媒体广播业务平台而造成的信息泄漏 风险。 附图说明  The invention has the beneficial effects that: the encryption of the service key is implemented by using the invention, and the risk of information leakage caused by transmitting the user key to the mobile multimedia broadcast service platform other than the home location can be avoided. DRAWINGS
图 1是现有技术提供的移动多媒体广播***的结构图;  1 is a structural diagram of a mobile multimedia broadcast system provided by the prior art;
图 2是本发明实施例提供的移动多媒体广播业务***中终端漫游时使 用用户密钥加密业务密钥的步骤流程图;  2 is a flow chart showing the steps of encrypting a service key by using a user key when a terminal roams in a mobile multimedia broadcast service system according to an embodiment of the present invention;
图 3 是本发明实施例提供的一种节目源为归属地移动多媒体广播业务 平台产生时加密业务密钥的处理流程图;  3 is a flowchart of processing for encrypting a service key when a program source is generated by a home mobile multimedia broadcast service platform according to an embodiment of the present invention;
图 4是本发明实施例提供的另一种业务密钥加密处理流程图; 图 5是本发明实施例提供的一种加密业务密钥的装置结构图。 具体实施方式 4 is a flowchart of another service key encryption process according to an embodiment of the present invention; FIG. 5 is a structural diagram of an apparatus for encrypting a service key according to an embodiment of the present invention. detailed description
为了使本发明的目的、 技术方案及优点更加清楚明白, 以下结合附图 及实施例, 对本发明进行进一步详细说明。 应当理解, 此处所描述的具体 实施例仅仅用以解释本发明, 并不用于限定本发明。  The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
在本发明实施例中, 通过由用户归属地的移动多媒体广播省业务平台 进行用户密钥加密业务密钥, 然后将加密后的业务密钥传给拜访地的业务 平台使用。 从而避免了将用户密钥传给归属地以外的移动多媒体广播业务 平台而造成的信息泄漏风险。  In the embodiment of the present invention, the user key is encrypted by the mobile multimedia broadcast service platform to which the user belongs, and then the encrypted service key is transmitted to the service platform of the visited place. Thereby, the risk of information leakage caused by transmitting the user key to the mobile multimedia broadcast service platform other than the home location is avoided.
移动多媒体广播***可以包括有 CMMB网络业务平台、移动通信网络 业务平台和供用户使用的终端。 移动多媒体广播***中各部分与本发明相 关的功能如下所述:  The mobile multimedia broadcast system may include a CMMB network service platform, a mobile communication network service platform, and a terminal for use by a user. The functions of the various parts of the mobile multimedia broadcast system associated with the present invention are as follows:
CMMB网络业务平台包括全国、 各省、 地市业务平台。 平台中的 CAS ( Conditional Access System, 条件接收***)可以产生业务密钥、 接收同 步的业务密钥及保存业务密钥; 向转播平台同步发送业务密钥; 接收移动 通信网络业务平台的业务密钥请求, 并返回业务密钥; 从拜访地省平台向 归属省平台请求业务密钥加密; 从拜访地省平台向被转播地平台请求业务 密钥。  The CMMB network service platform includes national, provincial, and municipal business platforms. The CAS (Conditional Access System) in the platform can generate a service key, receive the synchronized service key, and save the service key; synchronously send the service key to the relay platform; receive the service key of the mobile communication network service platform Requesting, and returning the service key; requesting the service key encryption from the visited province platform to the home province platform; requesting the service key from the visited provincial platform to the broadcasted platform.
移动通信网络业务平台: 可向终端发送更新业务密钥指示, 以触发终 端发起业务密钥更新流程; 可以从 CMMB网络业务平台中的节目源所在移 动多媒体广播业务平台获取业务密钥; 接收终端业务密钥获取请求, 并返 回相应的业务密钥信息;  The mobile communication network service platform may: send an update service key indication to the terminal, to trigger the terminal to initiate a service key update process; may obtain a service key from the mobile multimedia broadcast service platform where the program source in the CMMB network service platform is located; receive the terminal service Key acquisition request, and return corresponding service key information;
业务密钥: 由节目源所在地的移动多媒体广播业务平台产生。  Service Key: Generated by the mobile multimedia broadcast service platform where the program source is located.
终端: 可以向 CMMB网络业务平台或移动通信网络业务平台请求获取 业务密钥, 接收和使用业务密钥。 终端主要分为单向终端和双向终端两种 形式。 单向终端是只能接收移动多媒体广播电视业务而不具备上行传输通 道的接收终端, 主要包括 PDA ( Personal Digital Assistant, 个人数字助理)、 MP3、 MP4 和数码相机等; 双向终端是除了能接收移动多媒体广播电视业 务外, 同时具备上行传输通道的接收终端, 主要包括手机、 笔记本电脑等。 Terminal: You can request the service key from the CMMB network service platform or the mobile communication network service platform to receive and use the service key. Terminals are mainly divided into one-way terminals and two-way terminals. Form. A unidirectional terminal is a receiving terminal that can only receive mobile multimedia broadcast television services without an uplink transmission channel, and mainly includes a PDA (Personal Digital Assistant), MP3, MP4, and a digital camera; the two-way terminal is capable of receiving mobile In addition to the multimedia broadcast TV service, the receiving terminal with the uplink transmission channel mainly includes a mobile phone and a notebook computer.
在本发明中拜访地移动多媒体广播平台向归属地移动多媒体广播省平 台发起加密业务密钥请求的发起时机包括终端请求有效的业务密钥时; 及 业务密钥更新并需要发送给终端时。  In the present invention, the originating mobile multimedia broadcast platform initiates an encryption service key request to the home mobile multimedia broadcast platform, including when the terminal requests a valid service key; and when the service key is updated and needs to be sent to the terminal.
终端请求有效的业务密钥时是指双向终端需要业务密钥而主动发起请 求有效的业务密钥或者是根据拜访地移动多媒体广播平台指示发起请求有 效的业务密钥, 或者是其它任意原因使双向终端请求有效的业务密钥; 业 务密钥更新并需要发送给终端时是指节目源的移动多媒体广播平台对节目 的业务密钥进行了更新后, 向相关移动多媒体广播平台发送更新业务密钥 指示。 在本发明实施例中可以 支设终端为单向终端, 此时该单向终端拜访 地移动多媒体广播平台需要主动将更新的业务密钥发送给单向终端。 本领 域的技术人员可以理解, 可以设置拜访地移动多媒体广播平台在终端为双 向终端时, 也需要主动将更新的业务密钥发送给终端。  When the terminal requests a valid service key, the two-way terminal needs a service key to initiate a request for a valid service key or a service key that is valid according to the mobile multimedia platform to visit the request, or for any other reason. The terminal requests a valid service key; when the service key is updated and needs to be sent to the terminal, the mobile multimedia broadcast platform of the program source updates the service key of the program, and then sends an update service key indication to the relevant mobile multimedia broadcast platform. . In the embodiment of the present invention, the terminal may be a unidirectional terminal. In this case, the mobile multimedia platform that the one-way terminal visits needs to actively send the updated service key to the unidirectional terminal. A person skilled in the art can understand that the mobile multimedia broadcast platform can be set to send the updated service key to the terminal when the terminal is a two-way terminal.
图 2 示出了本发明实施例提供的移动多媒体广播业务***中终端漫游 时使用用户密钥加密业务密钥的步骤流程。 为了便于描述, 这里只示出了 与本发明相关的部份:  FIG. 2 is a flow chart showing the steps of encrypting a service key by using a user key when a terminal roams in a mobile multimedia broadcast service system according to an embodiment of the present invention. For the convenience of description, only the parts related to the present invention are shown here:
在步骤 S201中: 终端拜访地移动多媒体广播平台向终端归属地移动多 媒体广播平台请求加密业务密钥;  In step S201: the terminal visited mobile multimedia broadcast platform requests the encrypted media service platform to move the multimedia broadcast platform to the terminal;
拜访地移动多媒体广播平台向归属地移动多媒体广播省平台请求加密 业务密钥的信息包括用户标识, 例如用户手机号码等。  The information that the visited mobile multimedia broadcast platform requests the encrypted mobile service key from the home mobile multimedia broadcast province platform includes a user identifier, such as a user mobile phone number.
在步骤 S202中: 归属地移动多媒体广播平台检测到业务密钥后, 使用 对应用户密钥加密业务密钥; 归属地移动多媒体广播平台根据步骤 S201提供的用户标识, 选择使用 其对应的用户信息中的用户密钥对业务密钥进行加密。 In step S202: after the home mobile multimedia broadcast platform detects the service key, encrypt the service key by using the corresponding user key; The home mobile multimedia broadcast platform selects to encrypt the service key by using the user key in the corresponding user information according to the user identifier provided in step S201.
在步骤 S203中: 归属地移动多媒体广播平台向拜访地移动多媒体 广播平台返回加密后的业务密钥;  In step S203: the home mobile multimedia broadcast platform returns the encrypted service key to the visited mobile multimedia broadcast platform;
拜访地移动多媒体广播省平台获得的加密后的业务密钥, 能够与上述 用户标识对应。 这样就完成了对业务密钥的加密。  The encrypted service key obtained by the visited mobile multimedia broadcast province platform can correspond to the above user identifier. This completes the encryption of the business key.
图 3 示出了本发明实施例提供的一种节目源为归属地移动多媒体广播 业务平台时加密业务密钥的处理流程。 包括如下步骤:  FIG. 3 is a flowchart showing a process of encrypting a service key when a program source is a home mobile multimedia broadcast service platform according to an embodiment of the present invention. Including the following steps:
在步骤 S301中: 拜访地移动多媒体广播平台请求业务密钥同时请求加 密业务密钥;  In step S301: the visited mobile multimedia broadcast platform requests the service key and requests the encrypted service key at the same time;
因为节目源为终端归属地的移动多媒体广播平台, 所以当拜访地移动 多媒体广播平台向终端归属地移动多媒体广播平台请求业务密钥时, 可以 同时请求对该业务密钥进行加密。  Because the program source is the mobile multimedia broadcast platform of the terminal attribution, when the visited mobile multimedia broadcast platform requests the service key from the terminal mobile multimedia broadcast platform, the service key can be simultaneously requested to be encrypted.
请求消息包括了用户标识 (例如, 用户手机号码)等字段。  The request message includes fields such as a user ID (e.g., a user's mobile number).
在步骤 S302中:归属地移动多媒体广播业务平台产生并加密业务密钥; 归属地移动多媒体广播省平台产生业务密钥, 根据步骤 301 提供的用 户标识, 选择使用其对应的用户信息中的用户密钥, 使用加密算法, 直接 对其自身产生的节目对应的业务密钥进行加密。  In step S302, the home mobile multimedia service platform generates and encrypts the service key; the home mobile multimedia broadcast platform generates a service key, and according to the user identifier provided in step 301, selects the user secret in the corresponding user information. The key, using an encryption algorithm, directly encrypts the service key corresponding to the program generated by itself.
在步骤 S303中: 加密业务密钥并返回。  In step S303: the service key is encrypted and returned.
归属地移动多媒体广播省平台向拜访地移动多媒体广播平台提供响 应, 包含加密后的业务密钥。  The home mobile multimedia broadcast province platform provides a response to the visited mobile multimedia broadcast platform, including the encrypted service key.
这样, 在拜访地移动多媒体广播业务平台请求业务密钥同时请求加密 业务密钥, 归属地移动多媒体广播业务平台产生业务密钥后直接进行加密, 这样可以加快实现业务密钥的加密。  In this way, the mobile multimedia service platform is requested to request the service key at the same time, and the encrypted service key is requested at the same time, and the mobile multimedia service platform generates the service key to generate the service key, and then directly encrypts, so that the encryption of the service key can be accelerated.
图 4示出了本发明实施例提供的另一种业务密钥加密处理流程, 包括 如下步骤: FIG. 4 is a flowchart showing another process of encrypting a service key according to an embodiment of the present invention, including The following steps:
在步骤 S401中: 拜访地移动多媒体广播平台向归属地移动多媒体广播 平台请求加密业务密钥;  In step S401: the visited mobile multimedia broadcast platform requests an encrypted mobile service key from the home mobile multimedia broadcast platform;
在本实施例中, 由拜访地移动多媒体广播平台的 CAS向归属地广电平 台发送此加密业务密钥请求; 请求的消息中包含有用户标识信息。  In this embodiment, the encrypted service key request is sent by the CAS of the visited mobile multimedia broadcast platform to the home wide-level station; the requested message includes user identification information.
在步骤 S402中: 如杲归属地移动多媒体广播平台的 CAS没有检测到 业务密钥时, 则向拜访地移动多媒体广播平台的 CAS请求该加密业务密钥 请求对应的业务密钥;  In step S402, if the CAS of the mobile broadcast platform does not detect the service key, the CAS of the mobile multimedia platform is requested to request the service key corresponding to the encrypted service key request;
在步骤 S403 中: 拜访地移动多媒体广播平台的 CAS返回该业务密钥 给归属地移动多媒体广播平台的 CAS;  In step S403: the CAS of the visited mobile multimedia broadcast platform returns the service key to the CAS of the home mobile multimedia broadcast platform;
在步骤 S404中: 用户归属地移动多媒体广播平台 CAS使用对应的用 户密钥对业务密钥进行加密;  In step S404: the user belongs to the mobile multimedia broadcast platform CAS to encrypt the service key by using the corresponding user key;
在步骤 S405中: 归属地移动多媒体广播平台 CAS将加密后的业务密 钥返回给拜访地移动多媒体广播平台 CAS。  In step S405: the home mobile multimedia broadcast platform CAS returns the encrypted service key to the visited mobile multimedia broadcast platform CAS.
图 5 示出了本发明实施例提供的一种加密业务密钥的装置。 该装置为 用户终端漫游时使用用户密钥加密业务密钥的装置, 可以置于移动多媒体 广播***中。 为了便于描述, 这里只示出了与本发明相关部分。 所述*** 包括:  FIG. 5 shows an apparatus for encrypting a service key according to an embodiment of the present invention. The device is a device for encrypting a service key using a user key when the user terminal roams, and can be placed in a mobile multimedia broadcast system. For the convenience of description, only parts relevant to the present invention are shown here. The system includes:
加密请求单元 501 ,用于从终端拜访地的移动多媒体广播业务平台向终 端归属地的移动多媒体广播业务平台请求加密业务密钥; 具体如上所述。  The encryption requesting unit 501 is configured to request, from the mobile multimedia broadcast service platform of the terminal visited by the terminal, the encrypted service key to the mobile multimedia broadcast service platform of the terminal home; as described above.
业务密钥加密单元 502,用于在终端归属地的移动多媒体广播业务平台 根据加密业务密钥请求在检测到业务密钥后, 使用对应用户密钥对业务密 钥进行加密; 具体如上所述。  The service key encryption unit 502 is configured to encrypt the service key by using the corresponding user key after detecting the service key according to the encrypted service key request according to the encrypted service key request; as described above.
业务密钥返回单元 503,用于从终端归属地的移动多媒体广播业务平台 将加密后的业务密钥发送给终端拜访地的移动多媒体广播业务平台。 具体 如上所述。 The service key returning unit 503 is configured to send the encrypted service key to the mobile multimedia broadcast service platform of the terminal visited by the mobile multimedia broadcast service platform at the home of the terminal. Specific As mentioned above.
通过上述三个单元, 拜访地的移动多媒体广播业务平台可以安全地实 现将其要发送到终端的业务密钥进行加密。  Through the above three units, the mobile multimedia broadcast service platform of the visited place can securely encrypt the service key to be transmitted to the terminal.
上述***还包括业务密钥加密请求发起单元, 用于在双向终端请求有 效业务密钥时或业务密钥更新并需要发送给单向终端时触发加密请求单元 501发起请求加密业务密钥。 具体如上所述。  The system further includes a service key encryption request initiating unit, configured to trigger the encryption request unit 501 to initiate a request for the encrypted service key when the two-way terminal requests the valid service key or the service key is updated and needs to be sent to the one-way terminal. Specifically as described above.
上述***可以还包括业务密钥请求单元, 用于在终端归属地移动多媒 体广播平台收到加密业务密钥请求后检测不到业务密钥时向终端拜访地移 动多媒体广播平台请求业务密钥。 具体如上所述。  The system may further include a service key requesting unit, configured to: when the terminal does not detect the service key after receiving the encrypted service key request, the terminal broadcasts the multimedia broadcast platform to request the service key. Specifically as described above.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡在 本发明的精神和原则之内所作的任何修改、 等同替换和改进等, 均应包含 在本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

权利要求书 Claim
1、 一种移动多媒体广播***中使用的加密方法, 其特征在于, 当用户 终端漫游时, 所述方法包括:  An encryption method used in a mobile multimedia broadcast system, wherein when the user terminal roams, the method includes:
终端拜访地的移动多媒体广播业务平台向终端归属地的移动多媒体广 播业务平台请求加密业务密钥;  The mobile multimedia broadcast service platform of the terminal visited the base station to request the encrypted service key from the mobile multimedia broadcast service platform of the terminal home location;
当终端归属地的移动多媒体广播业务平台根据加密业务密钥请求检测 到业务密钥后, 使用对应用户密钥对业务密钥进行加密;  After the mobile multimedia broadcast service platform at the home of the terminal detects the service key according to the encrypted service key request, the service key is encrypted by using the corresponding user key;
终端归属地的移动多媒体广播业务平台将加密后的业务密钥发送给终 端拜访地的移动多媒体广播业务平台。  The mobile multimedia broadcast service platform at the home of the terminal sends the encrypted service key to the mobile multimedia broadcast service platform of the terminal visited.
2、 如权利要求 1所述的加密方法, 其特征在于, 请求所述加密业务密 钥的信息中包括用户标识。  The encryption method according to claim 1, wherein the information requesting the encrypted service key includes a user identifier.
3、 如权利要求 2所述的加密方法, 其特征在于, 请求所述加密业务密 钥的信息中进一步包括待加密的业务密钥。  The encryption method according to claim 2, wherein the information requesting the encrypted service key further includes a service key to be encrypted.
4、 如权利要求 1所述的加密方法, 其特征在于, 当业务密钥是向所述 终端归属地的移动多媒体广播业务平台请求时, 所述终端拜访地的移动多 媒体广播业务平台向终端归属地的移动多媒体广播业务平台请求加密业务 密钥的同时, 进一步请求业务密钥;  The encryption method according to claim 1, wherein when the service key is requested by the mobile multimedia broadcast service platform at the home of the terminal, the mobile multimedia broadcast service platform of the terminal visited the terminal belongs to the terminal. The mobile multimedia broadcast service platform of the ground requests the encryption service key and further requests the service key;
终端归属地的移动多媒体广播业务平台对业务密钥进行所述加密的过 程包括: 所述终端归属地的移动多媒体广播业务平台根据加密业务密钥请 求检测到自身产生的业务密钥后, 直接使用对应用户密钥对该业务密钥进 行力口密。  The process of performing the encryption on the service key by the mobile multimedia broadcast service platform at the home of the terminal includes: the mobile multimedia broadcast service platform at the home of the terminal directly uses the service key generated by the mobile multimedia broadcast service platform according to the encrypted service key request The service key is strongly secreted corresponding to the user key.
5、 如权利要求 1或 2所述的加密方法, 其特征在于, 在终端归属地的 移动多媒体广播业务平台收到加密请求后、 并且检测不到业务密钥时, 进 一步包括:  The encryption method according to claim 1 or 2, wherein, after the mobile multimedia broadcast service platform at the home of the terminal receives the encryption request and the service key is not detected, the method further includes:
向终端拜访地的移动多媒体广播业务平台请求所述加密请求对应的业 务密钥; Requesting the corresponding service corresponding to the encryption request to the mobile multimedia broadcast service platform of the terminal visited Service key
终端拜访地的移动多媒体广播业务平台返回所述业务密钥给终端归属 地的移动多媒体广播业务平台;  The mobile multimedia broadcast service platform of the terminal visited to return the service key to the mobile multimedia broadcast service platform at the home of the terminal;
终端归属地的移动多媒体广播业务平台使用对应的用户密钥对所述业 务密钥进行加密。  The mobile multimedia broadcast service platform at the home of the terminal encrypts the service key using the corresponding user key.
6、 如权利要求 1至 4任一项权利要求所述的加密方法, 其特征在于, 所述终端拜访地的移动多媒体广播业务平台向终端归属地的移动多媒体广 播业务平台请求加密业务密钥步骤中, 发起请求的时机包括:  The encryption method according to any one of claims 1 to 4, wherein the step of requesting the mobile multimedia broadcast service platform of the terminal to request the encryption service key from the mobile multimedia broadcast service platform at the home of the terminal The timing of the request is:
终端请求有效业务密钥时; 或,  When the terminal requests a valid service key; or,
业务密钥更新并需要发送给终端时。  When the service key is updated and needs to be sent to the terminal.
7、 如权利要求 5所述的加密方法, 其特征在于, 所述终端拜访地的移 动多媒体广播业务平台向终端归属地的移动多媒体广播业务平台请求加密 业务密钥步骤中, 发起请求的时机包括:  The encryption method according to claim 5, wherein in the step of requesting the mobile multimedia broadcast service platform of the terminal visited by the mobile multimedia broadcast service platform of the terminal to request the encrypted service key, the timing of initiating the request includes :
终端请求有效业务密钥时; 或,  When the terminal requests a valid service key; or,
业务密钥更新并需要发送给终端时。  When the service key is updated and needs to be sent to the terminal.
8、 一种移动多媒体广播***, 其特征在于, 所述***包括用户终端漫 游时使用用户密钥加密业务密钥的装置, 该装置包括:  A mobile multimedia broadcast system, comprising: means for encrypting a service key by using a user key when the user terminal is roaming, the apparatus comprising:
加密请求单元 , 用于从终端拜访地的移动多媒体广播业务平台向终端 归属地的移动多媒体广播业务平台请求加密业务密钥;  An encryption requesting unit, configured to request, from a mobile multimedia broadcast service platform of the terminal visited location, an encrypted service key to the mobile multimedia broadcast service platform of the terminal home location;
业务密钥加密单元, 用于在终端归属地的移动多媒体广播业务平台根 据加密业务密钥请求在检测到业务密钥后, 使用对应用户密钥对业务密钥 进行加密;  a service key encryption unit, configured to encrypt the service key by using a corresponding user key after detecting the service key according to the encrypted service key request at the mobile multimedia broadcast service platform of the terminal attribution;
业务密钥返回单元, 用于从终端归属地的移动多媒体广播业务平台将 加密后的业务密钥发送给终端拜访地的移动多媒体广播业务平台。  The service key returning unit is configured to send the encrypted service key to the mobile multimedia broadcast service platform of the terminal visited by the mobile multimedia broadcast service platform at the home of the terminal.
9、 如权利要求 8所述的***, 其特征在于, 所述***还包括业务密钥 加密请求发起单元, 用于在通信双方的终端均请求有效业务密钥时或业务 密钥更新并需要发送给通信一方的终端时, 触发加密请求单元发起请求加 密业务密钥。 9. The system of claim 8 wherein: said system further comprises a service key The encryption request initiating unit is configured to trigger the encryption requesting unit to initiate the request to encrypt the service key when the terminals of the communication parties both request the valid service key or the service key is updated and needs to be sent to the terminal of the communication party.
10、 如权利要求 8或 9所述的***, 其特征在于, 所述***还包括业 务密钥请求单元, 用于在终端归属地的移动多媒体广播平台收到加密业务 密钥请求后、 并且检测不到业务密钥时, 向终端拜访地的移动多媒体广播 平台请求业务密钥。  The system according to claim 8 or 9, wherein the system further comprises a service key requesting unit, configured to: after the mobile multimedia broadcast platform at the home of the terminal receives the encrypted service key request, and detects When the service key is not available, the service key is requested from the mobile multimedia broadcast platform of the terminal visited.
PCT/CN2010/072795 2009-05-15 2010-05-14 Mobile multimedia broadcasting system and applied encryption method thereof WO2010130228A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910107364.9 2009-05-15
CN200910107364.9A CN101888628B (en) 2009-05-15 2009-05-15 Mobile multimedia broadcasting system and encryption method employed by same

Publications (1)

Publication Number Publication Date
WO2010130228A1 true WO2010130228A1 (en) 2010-11-18

Family

ID=43074299

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/072795 WO2010130228A1 (en) 2009-05-15 2010-05-14 Mobile multimedia broadcasting system and applied encryption method thereof

Country Status (2)

Country Link
CN (1) CN101888628B (en)
WO (1) WO2010130228A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105515768B (en) * 2016-01-08 2017-07-21 腾讯科技(深圳)有限公司 A kind of methods, devices and systems of more new key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1829389A (en) * 2006-04-14 2006-09-06 ***通信集团公司 Method and system for holding terminal nomadism in mobile broadcast television service
CN101383673A (en) * 2008-10-20 2009-03-11 中兴通讯股份有限公司 Controlling method and system for mobile multimedia broadcast service
CN101394243A (en) * 2008-10-29 2009-03-25 中兴通讯股份有限公司 System and method for realizing mobile multimedia broadcast service
CN101409595A (en) * 2008-11-26 2009-04-15 中兴通讯股份有限公司 System and method for implementing mobile multimedia broadcast service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1829389A (en) * 2006-04-14 2006-09-06 ***通信集团公司 Method and system for holding terminal nomadism in mobile broadcast television service
CN101383673A (en) * 2008-10-20 2009-03-11 中兴通讯股份有限公司 Controlling method and system for mobile multimedia broadcast service
CN101394243A (en) * 2008-10-29 2009-03-25 中兴通讯股份有限公司 System and method for realizing mobile multimedia broadcast service
CN101409595A (en) * 2008-11-26 2009-04-15 中兴通讯股份有限公司 System and method for implementing mobile multimedia broadcast service

Also Published As

Publication number Publication date
CN101888628B (en) 2014-11-05
CN101888628A (en) 2010-11-17

Similar Documents

Publication Publication Date Title
KR101819556B1 (en) Apparatus and method for supporting family cloud in cloud computing system
KR20110102395A (en) Trust establishment from forward link only to non-forward link only devices
CN101415187B (en) Method for implementing position business, method and apparatus for broadcasting base station geographic position information
ES2721601T3 (en) Procedures, apparatus and access admission control system for mobile communication systems
KR20130003806A (en) Apparatus, method and system for creating and maintaining multiast data encryption key in machine to machine communication system
US10673611B2 (en) Data transmission method, device, and system
WO2023184561A1 (en) Relay communication methods and apparatuses, communication device, and storage medium
US8595486B2 (en) Systems and methods for authorization and data transmission for multicast broadcast services
KR101662967B1 (en) Security for mobility between mbms servers
WO2018113536A1 (en) Method and system for achieving multi-device connected communication
WO2010020190A1 (en) Method for enhancing the security of the multicast or broadcast system
CN112383532B (en) Device networking method and device, electronic device and storage medium
CN100471314C (en) Method and system for providing digital broadcast to roaming users
WO2006107427A2 (en) Broadcast subscription management method and apparatus
CN101448286B (en) A roaming authorization method of mobile digital TV user
US20110072512A1 (en) Apparatus and method for providing communication service using common authentication
US20120185894A1 (en) Method and System for Order Relationship Authentication, and Mobile Multimedia Broadcasting-Conditional Access System
WO2010130228A1 (en) Mobile multimedia broadcasting system and applied encryption method thereof
CN102711104B (en) Method for determining secret key updating time and secret key using entity
WO2012022139A1 (en) Method and system for obtaining mobile phone tv service keys
EP2995146B1 (en) Elimination of muting during evolved multicast broadcast service (embs) service change
KR20070112053A (en) Method and apparatus for receiving/transmitting encrypted electric service guide in dvb-h cbms system
CN101478725B (en) Service cipher key synchronization method and system
KR100943761B1 (en) Method apparatus for packet service electronic surveillance
CN101998153A (en) Method and device for reporting watched channels based on broadcast mobile multimedia service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10774569

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10774569

Country of ref document: EP

Kind code of ref document: A1