+

WO2008031292A1 - Encrypting method for hard disk in set top box of cable television system - Google Patents

Encrypting method for hard disk in set top box of cable television system Download PDF

Info

Publication number
WO2008031292A1
WO2008031292A1 PCT/CN2006/003458 CN2006003458W WO2008031292A1 WO 2008031292 A1 WO2008031292 A1 WO 2008031292A1 CN 2006003458 W CN2006003458 W CN 2006003458W WO 2008031292 A1 WO2008031292 A1 WO 2008031292A1
Authority
WO
WIPO (PCT)
Prior art keywords
hard disk
user
identification code
cable television
top box
Prior art date
Application number
PCT/CN2006/003458
Other languages
French (fr)
Chinese (zh)
Inventor
Yangqing Yu
Original Assignee
Shenzhen Excelstor Technology Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Excelstor Technology Ltd. filed Critical Shenzhen Excelstor Technology Ltd.
Publication of WO2008031292A1 publication Critical patent/WO2008031292A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00188Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised devices recording or reproducing contents to/from a record carrier
    • G11B20/00195Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised devices recording or reproducing contents to/from a record carrier using a device identifier associated with the player or recorder, e.g. serial numbers of playback apparatuses or MAC addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/426Internal components of the client ; Characteristics thereof
    • H04N21/42661Internal components of the client ; Characteristics thereof for reading from or writing on a magnetic storage medium, e.g. hard disk drive
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/43622Interfacing an external recording device
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]

Definitions

  • the present invention relates to a method for managing a storage device in a cable television system, and more particularly to a method for encrypting a hard disk for a subscriber set top box of a cable television system.
  • the premise of computer management system implementation is to encrypt digital TV signals.
  • the so-called TV encryption is the process of scrambling and decoding the digital TV signal, so that unauthorized users can't watch it normally, and the user's receiving end decoding process uses the set-top box (DVB).
  • the process of TV encryption is also known as the Conditional Access System (CAS) in the industry. It is the specific application of modern information encryption technology in the field of digital television.
  • the conditional access system generally uses a scrambling control word (CW) to encrypt the transmission, and the receiving end can use the smart card for decryption.
  • the conditional access system includes a User Authorization Management System (SAS).
  • SAS User Authorization Management System
  • the User Authorization Management System obtains authorization information from the User Management System (SMS) and generates Authorization Management Information (EMM).
  • the User Authorization Management System (SAS) generates ECM data for encryption based on the control word, and inserts the ECM information into the multiplexer, and the multiplexer transmits the encrypted digital television signal to the receiving end through the channel.
  • Digital TV operators also need to have a User Management System (SMS), which is an operational management software platform with user management, billing/accounting, customer service, statistical analysis, decision support, and customer relationship management.
  • SMS User Management System
  • the user management system is based on the TCP/IP protocol and generally adopts a three-tier architecture: Database: storage of user, finance, user terminal equipment and other information; application services: package and pricing of program products according to operational strategies, initialization of set-top boxes, smart cards, etc. Definition; client application: user management, financial management, operational policy management, etc.
  • the user management system is inseparable from the conditional access system.
  • a technical solution for achieving the above object is a method for encrypting a hard disk of a set top box of a cable television system, comprising the steps of: setting a corresponding physical address of the cable television user; and assigning a user to the user using the storage device according to the physical address; a unique identification code; the identification code reaches the user end along with the video and audio signal and is written to the hard disk installed on the user end, so that when the identification code in the video and audio signal is compared with the identification code of the hard disk, Allow users to download video and audio signals.
  • the invention enables the user to store video and audio data only on the authorized user terminal, and the hard disk cannot be used on other client terminals or active devices, thereby ensuring the unique correspondence and security of the storage device.
  • the identification code includes physical address information.
  • the identification code is assigned by the user management system and then encrypted and transmitted to the client, and the user decrypts the identification code by the private key.
  • the process of writing the identification code to the hard disk includes the following steps: a processor writes the decrypted identification code into a comparator of the hard disk, and the output of the comparator is connected to a controller integrated in the hard disk.
  • the present invention adopts the above technical solution, and the beneficial technical effects thereof are as follows: 1) The encryption method of the hard disk of the present invention is set by the cable television operator to a corresponding physical address for the cable television user, and for each storage device installed in the set top box Assigning a unique storage device identification code, the identification code is encrypted and transmitted to the corresponding user receiving end, and the receiving end writes the identification code to the storage device in an encrypted manner, so that the unique storage device is accepted by the unique user.
  • End set-top box can make the disassembled storage device unable to be used on other storage reading devices, ensuring the unique correspondence and security of the storage device.
  • the storage device of the present invention cannot be changed once the assigned identification code is written, and the storage device can only download and store the stored video and audio data at a fixed user receiving end.
  • FIG. 1 is a schematic diagram of the identification code transmission of the encryption method for the hard disk of the set top box of the cable television system of the present invention.
  • Figure 2 is a flow chart showing the hard disk write identification code of the encryption method for the hard disk of the set top box of the cable television system of the present invention.
  • a method for encrypting a hard disk of a set top box of a cable television system the cable television operator needs to set a corresponding physical address for each cable television user.
  • the premise of the implementation of the cable television computer management system is to encrypt the digital television signal.
  • the so-called TV encryption is the process of scrambling and decoding digital TV signals, so that unauthorized users can not watch normally.
  • Authorized users receive decoding process using set-top box (DVB) o TV encryption process, which is called the conditional receiving system in the industry. CAS). It is the specific application of modern information encryption technology in the field of digital TV.
  • a general cable television conditional access system includes an encryption header and a decryption reception control terminal.
  • the conditional access system in this embodiment employs a four-fold key transmission mechanism.
  • the four keys are: a control word of the scrambler, which uses a general algorithm to convert the stream of program streams into a stream of random sequences; an authorization key, which encrypts the control words, Forming the authorization control information ECM, the ECM information is inserted into the transport stream, appearing once in the transport stream approximately every few seconds; the user public key encrypts the user management information to form the authorization management information EMM, and the user management information is used by the operator's user.
  • the management system is formed, including the user name, address, smart card number, bill, and so on.
  • EMM is about every 8 ⁇ 10 Inserting the transport stream once; the identification code, the identification code including the physical address information of the user, formed by the operator's user management system, and the identification code is inserted into the transport stream approximately every 8-10 seconds.
  • the encryption header includes a scrambler that scrambles video and audio data, a user authorization system, and a user management system.
  • the information flow of the front-end encryption is:
  • the control word generator randomly generates a descrambling key according to a certain timing, and the descrambling key is respectively transmitted to the scrambler and the control word encryption generator (ECM), and the scrambler is universally scrambled.
  • the algorithm real-time scrambles the video/audio stream, and the ECM encrypts the descrambling key and the access control condition information with a proprietary algorithm to generate the ECM into the multiplexer.
  • the user authorization system of the conditional access system encrypts user management information (e.g., channel information purchased by the user, valid time, etc.) with an authorized key encryption generator (EMM) to generate an EMM into the multiplexer.
  • EMM authorized key encryption generator
  • the decryption information flow of the set top box is the reverse process of the above process, and specifically includes: the set top box of the user first solves the EMM in the stream according to the EMM key stored on the smart card, that is, the private key, and judges according to the authorization information of the user.
  • the set-top box proceeds to the next step, that is, according to the ECM key stored on the smart card, the ECM in the stream and the identification code of the encrypted storage device are solved; finally, the ECM is The included CW is transmitted to the descrambler to restore the video/audio stream, and the decrypted identification code is sent to the processor of the set top box, ready to be written to the hard disk.
  • the operator's user management system assigns an identifier to the user who uses the storage device based on the physical address, which uniquely corresponds to the physical address. After the user terminal decrypts, the identification code is written by the processor to the hard disk installed on the user end.
  • the invention enables the user to store video and audio data only at the authorized user terminal, and the hard disk cannot be used on other client terminals or active devices, thereby ensuring the unique correspondence and security of the storage device.
  • the process of writing the identification code to the hard disk is: the processor writes the decrypted identification code into a comparator of the hard disk, and the output end of the comparator is connected to the input end of a controller.
  • the controller is integrated on the hard disk and located in the path of the processor and the disk data transmission In between, used to control the processor to read and write to the disk.
  • the method for using the encrypted hard disk for the set top box is: the cable television user sets a corresponding physical address; the operator's user management system allocates a unique identification code to the user who uses the storage device according to the physical address, and the identification code includes Physical address information; the identification code assigned by the user management system is encrypted and transmitted to the user end, and the user decrypts the identification code through the private key; the decrypted identification code is written to the hard disk installed on the user end, and a comparator of the hard disk The written identification code is stored; at this time, the user management system intermittently inserts the transmission stream once every 8 to 10 seconds, such as the identification code, and transmits the identification code to the user terminal along with the video and audio data of the cable television system; the conditional receiving system The continuously transmitted and decrypted identification code is again sent to the comparator of the hard disk, the comparator determines the updated identification code and the already written identification code, and transmits the determination result to the controller; the controller The processor is allowed to read or write to the disk according to the judgment result of
  • the comparator If the updated identification code is the same as the written identification, the comparator outputs a result code "1" to the controller, which at this time acts as an adaptation bridge connecting the processor to the disk, allowing the processor to read and write to the disk. If the updated identification code does not match the written identification, the comparator outputs a result code of "0" to the controller, and the controller cuts off the data communication between the processor and the disk at this time, preventing the processor from reading and writing the disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Databases & Information Systems (AREA)
  • Power Engineering (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)

Abstract

An encrypting method for the hard disk in set top box of cable television system is disclosed. The method includes the following steps: the corresponding physical address being set to the cable television user; the exclusive recognition code being distributed to the user using the storage device based on the physical address; said recognition code arriving at the user side with the video-audio signal and being writted into the hard disk of the user side to downloading the video-audio signal when the recognition code in the video-audio signal being same as the hard disk recognition code. Using the method, video-audio data can only be saved inthe authenticated user side, and said hard disk can not be used in the other user side or the initiative apparatus so that the unique correspondence and security of the storage device can be maintained.

Description

用于有线电视系统机顶盒的硬盘的加密方法 【技术领域】  Encryption method for hard disk of cable set system set top box [Technical Field]
本发明涉及一种有线电视系统中存储设备的管理方法,具体是涉 及一种用于有线电视系统用户端机顶盒的硬盘加密方法。  The present invention relates to a method for managing a storage device in a cable television system, and more particularly to a method for encrypting a hard disk for a subscriber set top box of a cable television system.
【背景技术】  【Background technique】
随着国内有线数字电视的发展及普及,有线数字电视计算机管理 系统也越来越完善。  With the development and popularization of domestic cable digital TV, the cable digital TV computer management system has become more and more perfect.
计算机管理系统实施的前提是对数字电视信号进行加密。所谓电 视加密就是对数字电视信号进行扰码再解码的过程,使非授权用户无 法正常收看, 授权用户接收端解码过程使用机顶盒 (DVB)。 电视加 密的过程亦即业界所称的条件接收系统 (CAS) 。它是现代信息加密技 术在数字电视领域的具体应用。条件接收系统一般是采用加扰控制字 (CW)加密传输的方式, 接收端可利用智能卡进行解密。 条件接收系 统包括用户授权管理系统 (SAS)。用户授权管理系统 (SAS)从用户管理 系统 (SMS)获取授权信息并生成授权管理信息 (EMM)。 用户授权管理 系统 (SAS)根据控制字产生用于加密的 ECM数据, 并将 ECM信息插 入到复用器, 复用器通过信道将加密的数字电视信号传送到接收端。 数字电视运营商还需要配备一套用户管理系统 (SMS), 它是一个运营 管理的软件平台, 具有用户管理、 收费 /账务、 客户服务、 统计分析、 决策支持、客户关系管理等功能。用户管理系统是基于 TCP/IP协议, 一般采用三层体系结构: 数据库: 存贮用户、 财务、 用户终端设备 等信息;应用服务:根据运营策略进行节目产品打包和定价,机顶盒、 智能卡等的初始化定义;客户端应用程序:进行用户管理、财务管理、 运营策略管理等。 用户管理系统与条件接收系统是密不可分的。  The premise of computer management system implementation is to encrypt digital TV signals. The so-called TV encryption is the process of scrambling and decoding the digital TV signal, so that unauthorized users can't watch it normally, and the user's receiving end decoding process uses the set-top box (DVB). The process of TV encryption is also known as the Conditional Access System (CAS) in the industry. It is the specific application of modern information encryption technology in the field of digital television. The conditional access system generally uses a scrambling control word (CW) to encrypt the transmission, and the receiving end can use the smart card for decryption. The conditional access system includes a User Authorization Management System (SAS). The User Authorization Management System (SAS) obtains authorization information from the User Management System (SMS) and generates Authorization Management Information (EMM). The User Authorization Management System (SAS) generates ECM data for encryption based on the control word, and inserts the ECM information into the multiplexer, and the multiplexer transmits the encrypted digital television signal to the receiving end through the channel. Digital TV operators also need to have a User Management System (SMS), which is an operational management software platform with user management, billing/accounting, customer service, statistical analysis, decision support, and customer relationship management. The user management system is based on the TCP/IP protocol and generally adopts a three-tier architecture: Database: storage of user, finance, user terminal equipment and other information; application services: package and pricing of program products according to operational strategies, initialization of set-top boxes, smart cards, etc. Definition; client application: user management, financial management, operational policy management, etc. The user management system is inseparable from the conditional access system.
在这样的产业背景下,有关有线数字电视的越来越丰富的衍生功 能也随之应运而生。付费频道、 VOD、 电视游戏等新业务给数字电视 运营商带来新的业务收入。 在涌现的越来越多的数字业务推广的同 时,如何保证运营商提供的数字付费信息受到整个数字电视系统的保 护成为目前亟待解决的问题。如果消费者希望能将自己喜欢的有线数 字电视节目储存起来, 则必须保证储存的节目不会被复制滥用的,侵 害有线电视台的权益。 In this industry background, more and more derivative functions related to cable digital TV have emerged. New services such as pay channels, VOD, video games, etc. Operators bring new business revenue. At the same time as the emergence of more and more digital services, how to ensure that the digital payment information provided by operators is protected by the entire digital TV system has become an urgent problem to be solved. If consumers want to store their favorite cable digital TV programs, they must ensure that stored programs are not copied and abused, infringing the rights of cable TV stations.
【发明内容】  [Summary of the Invention]
本发明的目的是提出一种用于有线电视系统用户端机顶盒的硬 盘加密方法。 实现上述目的的技术方案是一种用于有线电视系统机顶盒的硬 盘的加密方法, 包括以下步骤:有线电视用户被设定一对应的物理地 址; 运营商根据物理地址为使用存储装置的用户分配一唯一的识别 码;所述识别码随着视音频信号到达到用户端并被写入到装设在用户 端的硬盘上,使其当视音频信号内的识别码与硬盘的识别码比对通过 时允许用户下载视音频信号。本发明使得用户只能在授权的用户端存 储视音频数据, 并且所述硬盘无法在其它用户端或者主动设备上使 用, 保证了存储装置的唯一对应性和安全性。  SUMMARY OF THE INVENTION It is an object of the present invention to provide a hard disk encryption method for a subscriber set top box of a cable television system. A technical solution for achieving the above object is a method for encrypting a hard disk of a set top box of a cable television system, comprising the steps of: setting a corresponding physical address of the cable television user; and assigning a user to the user using the storage device according to the physical address; a unique identification code; the identification code reaches the user end along with the video and audio signal and is written to the hard disk installed on the user end, so that when the identification code in the video and audio signal is compared with the identification code of the hard disk, Allow users to download video and audio signals. The invention enables the user to store video and audio data only on the authorized user terminal, and the hard disk cannot be used on other client terminals or active devices, thereby ensuring the unique correspondence and security of the storage device.
所述识别码包括物理地址信息。  The identification code includes physical address information.
所述识别码由用户管理系统分配然后加密传送到用户端,用户通 过私钥解密识别码。  The identification code is assigned by the user management system and then encrypted and transmitted to the client, and the user decrypts the identification code by the private key.
所述识别码写入硬盘的过程包括以下步骤:一处理器将解密的识 别码写入到硬盘的一比较器内,比较器的输出连接一集成在硬盘的控 制器。 本发明采用上述技术方案, 其有益的技术效果在于: 1 )本发明 硬盘的加密方法由有线电视运营商为有线电视用户设定一对应的物 理地址,并为每一装设在机顶盒的存储装置分配一唯一的存储装置识 别码,识别码加密传送到对应的用户接收端, 接收端再将该识别码以 加密的方式写入存储装置,使得唯一的存储装置对应唯一的用户接受 端机顶盒,并且能够使拆卸的存储装置无法在其它存储读取装置上使 用, 保证了存储装置的唯一对应性和安全性。 2) 本发明的存储装置 一旦写入分配的识别码则无法更改,并且存储装置只能用在固定的用 户接收端下载储存视音频数据。 The process of writing the identification code to the hard disk includes the following steps: a processor writes the decrypted identification code into a comparator of the hard disk, and the output of the comparator is connected to a controller integrated in the hard disk. The present invention adopts the above technical solution, and the beneficial technical effects thereof are as follows: 1) The encryption method of the hard disk of the present invention is set by the cable television operator to a corresponding physical address for the cable television user, and for each storage device installed in the set top box Assigning a unique storage device identification code, the identification code is encrypted and transmitted to the corresponding user receiving end, and the receiving end writes the identification code to the storage device in an encrypted manner, so that the unique storage device is accepted by the unique user. End set-top box, and can make the disassembled storage device unable to be used on other storage reading devices, ensuring the unique correspondence and security of the storage device. 2) The storage device of the present invention cannot be changed once the assigned identification code is written, and the storage device can only download and store the stored video and audio data at a fixed user receiving end.
【附图说明】  [Description of the Drawings]
下面通过实施例并结合附图, 对本发明作进一步的详细说明: 图 1 是本发明用于有线电视系统机顶盒的硬盘的加密方法的识 别码传送示意图。  The present invention will now be further described in detail by way of embodiments and with reference to the accompanying drawings. FIG. 1 is a schematic diagram of the identification code transmission of the encryption method for the hard disk of the set top box of the cable television system of the present invention.
图 2是本发明用于有线电视系统机顶盒的硬盘的加密方法的硬 盘写入识别码的流程图。  Figure 2 is a flow chart showing the hard disk write identification code of the encryption method for the hard disk of the set top box of the cable television system of the present invention.
【具体实施方式】  【detailed description】
请参考图 1, 本发明一种用于有线电视系统机顶盒的硬盘的加密 方法,本发明实施的前提时有线电视运营商需对每一有线电视用户设 定一对应的物理地址。 有线电视计算机管理系统实施的前提是对数字电视信号进行加 密。所谓电视加密就是对数字电视信号进行扰码再解码的过程, 使非 授权用户无法正常收看, 授权用户接收端解码过程使用机顶盒 (DVB)o 电视加密的过程亦即业界所称的条件接收系统 (CAS) 。 它 是现代信息加密技术在数字电视领域的具体应用。一般有线电视的条 件接收系统包括加密头端和解密接收控制终端。 本实施方式中的条件接收系统采用四重密钥传输机制。在数字传 输系统中, 四重密钥分别是: 加扰器的控制字, 它采用一个通用的算 法将节目流信息流转换成随机序列的数字流; 授权密钥, 它对控制字 进行加密, 形成授权控制信息 ECM, ECM信息插入传送流, 大约每 几秒钟在传送流中出现一次;用户公钥,它将用户管理信息进行加密, 形成授权管理信息 EMM, 用户管理信息由运营商的用户管理系统形 成, 包括用户名称、 地址、 智能卡号、 帐单等等。 EMM大约每 8〜10 秒插入传送流一次; 识别码, 所述识别码包括用户的物理地址信息, 由运营商的用户管理系统形成, 识别码大约每 8~10秒插入传送流一 Referring to FIG. 1, a method for encrypting a hard disk of a set top box of a cable television system according to the present invention, the cable television operator needs to set a corresponding physical address for each cable television user. The premise of the implementation of the cable television computer management system is to encrypt the digital television signal. The so-called TV encryption is the process of scrambling and decoding digital TV signals, so that unauthorized users can not watch normally. Authorized users receive decoding process using set-top box (DVB) o TV encryption process, which is called the conditional receiving system in the industry. CAS). It is the specific application of modern information encryption technology in the field of digital TV. A general cable television conditional access system includes an encryption header and a decryption reception control terminal. The conditional access system in this embodiment employs a four-fold key transmission mechanism. In a digital transmission system, the four keys are: a control word of the scrambler, which uses a general algorithm to convert the stream of program streams into a stream of random sequences; an authorization key, which encrypts the control words, Forming the authorization control information ECM, the ECM information is inserted into the transport stream, appearing once in the transport stream approximately every few seconds; the user public key encrypts the user management information to form the authorization management information EMM, and the user management information is used by the operator's user. The management system is formed, including the user name, address, smart card number, bill, and so on. EMM is about every 8~10 Inserting the transport stream once; the identification code, the identification code including the physical address information of the user, formed by the operator's user management system, and the identification code is inserted into the transport stream approximately every 8-10 seconds.
所述加密头端包括对视音频数据加扰的加扰器、用户授权系统及 用户管理系统。 前端加密的信息流程为: 控制字发生器按一定时序 随机产生加解扰密钥,加解扰密钥分别传送到加扰器和控制字加密生 成器 (ECM) , 加扰器按通用加扰算法实时加扰视 /音频明流, ECM 将加解扰密钥以及访问控制条件信息用私有算法加密生成 ECM进复 用器。另外条件接收系统的用户授权系统将用户管理信息(如: 用户 购买的频道信息、 有效时间等)用授权密钥加密生成器 (EMM) 加 密生成 EMM进复用器。 所述机顶盒的解密信息流程则是上面过程的逆过程, 具体包括: 用户端的机顶盒先根据智能卡, 亦即私钥, 上存储的 EMM密钥解出 流中的 EMM, 根据该用户的授权信息判断用户在当前时间点是否有 权利收看该频道; 如果有授权, 机顶盒才继续下一步, 即稂据智能卡 上存储的 ECM密钥解出流中的 ECM及加密存储装置的识别码; 最 后将 ECM中包含的 CW传送给解扰器还原出视 /音频明流,同时将解 密的识别码送入机顶盒的处理器, 准备写入硬盘。 运营商的用户管理系统根据物理地址为使用存储装置的用户分 配的识别码是与物理地址唯一对应的。所述识别码在用户端解密后即 通过处理器写入到装设在用户端的硬盘上。本发明使得用户只能在授 权的用户端存储视音频数据,并且所述硬盘无法在其它用户端或者主 动设备上使用, 保证了存储装置的唯一对应性和安全性。 The encryption header includes a scrambler that scrambles video and audio data, a user authorization system, and a user management system. The information flow of the front-end encryption is: The control word generator randomly generates a descrambling key according to a certain timing, and the descrambling key is respectively transmitted to the scrambler and the control word encryption generator (ECM), and the scrambler is universally scrambled. The algorithm real-time scrambles the video/audio stream, and the ECM encrypts the descrambling key and the access control condition information with a proprietary algorithm to generate the ECM into the multiplexer. In addition, the user authorization system of the conditional access system encrypts user management information (e.g., channel information purchased by the user, valid time, etc.) with an authorized key encryption generator (EMM) to generate an EMM into the multiplexer. The decryption information flow of the set top box is the reverse process of the above process, and specifically includes: the set top box of the user first solves the EMM in the stream according to the EMM key stored on the smart card, that is, the private key, and judges according to the authorization information of the user. Whether the user has the right to watch the channel at the current time; if there is authorization, the set-top box proceeds to the next step, that is, according to the ECM key stored on the smart card, the ECM in the stream and the identification code of the encrypted storage device are solved; finally, the ECM is The included CW is transmitted to the descrambler to restore the video/audio stream, and the decrypted identification code is sent to the processor of the set top box, ready to be written to the hard disk. The operator's user management system assigns an identifier to the user who uses the storage device based on the physical address, which uniquely corresponds to the physical address. After the user terminal decrypts, the identification code is written by the processor to the hard disk installed on the user end. The invention enables the user to store video and audio data only at the authorized user terminal, and the hard disk cannot be used on other client terminals or active devices, thereby ensuring the unique correspondence and security of the storage device.
请参考图 2, 所述识别码写入硬盘的过程为: 处理器将解密的识 别码写入到硬盘的一比较器内,比较器的输出端连接一控制器的输入 端。所述控制器集成在硬盘上并位于处理器与磁盘数据传输的路径之 间, 用来控制处理器读写磁盘。 所述用于机顶盒的加密硬盘使用方法为:有线电视用户设定一对 应的物理地址;运营商的用户管理系统根据物理地址为使用存储装置 的用户分配一唯一的识别码,所述识别码包括物理地址信息;所述用 户管理系统分配的识别码加密传送到用户端,用户通过私钥解密识别 码;所述解密的识别码被写入到装设在用户端的硬盘上, 硬盘的一比 较器存储写入的识别码; 此时, 用户管理系统间断地, 如识别码大约 每 8~10秒插入传送流一次, 将识别码随着有线电视系统的视音频数 据传动到用户端;条件接收系统的不断传送和解密的识别码再次被送 入到硬盘的比较器,所述比较器判断更新的识别码与已经写入的识别 码,并将判断结果传送至所述控制器; 所述控制器根据比较器的判断 结果允许或者阻止处理器对磁盘的读写。如果更新的识别码与写入的 识别相同, 则比较器输出结果代码 " 1 "给控制器, 控制器此时充当 连接处理器与磁盘的适配桥路,允许处理器读写磁盘。如果更新的识 别码与写入的识别不相符合, 则比较器输出结果代码 "0"给控制器, 控制器此时切断处理器与磁盘之间的数据通信,阻止处理器读写磁盘 Referring to FIG. 2, the process of writing the identification code to the hard disk is: the processor writes the decrypted identification code into a comparator of the hard disk, and the output end of the comparator is connected to the input end of a controller. The controller is integrated on the hard disk and located in the path of the processor and the disk data transmission In between, used to control the processor to read and write to the disk. The method for using the encrypted hard disk for the set top box is: the cable television user sets a corresponding physical address; the operator's user management system allocates a unique identification code to the user who uses the storage device according to the physical address, and the identification code includes Physical address information; the identification code assigned by the user management system is encrypted and transmitted to the user end, and the user decrypts the identification code through the private key; the decrypted identification code is written to the hard disk installed on the user end, and a comparator of the hard disk The written identification code is stored; at this time, the user management system intermittently inserts the transmission stream once every 8 to 10 seconds, such as the identification code, and transmits the identification code to the user terminal along with the video and audio data of the cable television system; the conditional receiving system The continuously transmitted and decrypted identification code is again sent to the comparator of the hard disk, the comparator determines the updated identification code and the already written identification code, and transmits the determination result to the controller; the controller The processor is allowed to read or write to the disk according to the judgment result of the comparator. If the updated identification code is the same as the written identification, the comparator outputs a result code "1" to the controller, which at this time acts as an adaptation bridge connecting the processor to the disk, allowing the processor to read and write to the disk. If the updated identification code does not match the written identification, the comparator outputs a result code of "0" to the controller, and the controller cuts off the data communication between the processor and the disk at this time, preventing the processor from reading and writing the disk.

Claims

权 利 要 求 书 Claim
1、 一种用于有线电视系统机顶盒的硬盘的加密方法,其特征在于: 包括以下步骤: 有线电视用户被设定一对应的物理地址; 运营商根据 物理地址为使用存储装置的用户分配一唯一的识别码;所述识别码随 着视音频信号到达到用户端并被写入到装设在用户端的硬盘上,使其 当视音频信号内的识别码与硬盘的识别码比对通过时允许用户下载 视音频 号 o  What is claimed is: 1. A method for encrypting a hard disk of a set top box of a cable television system, comprising: the following steps: the cable television user is set to a corresponding physical address; the operator assigns a unique use to the user using the storage device according to the physical address The identification code; the identification code reaches the user end with the video and audio signal and is written to the hard disk installed on the user end, so that when the identification code in the video and audio signal is compared with the identification code of the hard disk, the identification code allows User download video and audio number o
2、 根据权利要求 1所述的用于有线电视系统机顶盒的硬盘的加密 方法, 其特征在于: 所述识别码包括物理地址信息。  2. The encryption method for a hard disk of a set top box of a cable television system according to claim 1, wherein: said identification code comprises physical address information.
3、 根据权利要求 1所述的用于有线电视系统机顶盒的硬盘的加密 方法,其特征在于: 所述识别码由用户管理系统分配然后加密传送到 用户端, 用户通过私钥解密识别码。 3. The encryption method for a hard disk of a set top box of a cable television system according to claim 1, wherein: the identification code is distributed by the user management system and then transmitted to the user end, and the user decrypts the identification code by the private key.
4、 根据权利要求 1至 3任意一项所述的用于有线电视系统机顶盒 的硬盘的加密方法, 其特征在于: 所述识别码写入硬盘的过程包括以 下步骤: 一处理器将解密的识别码写入到硬盘的一比较器内, 比较器 的输出连接一集成在硬盘的的控制器。  The method for encrypting a hard disk of a set top box of a cable television system according to any one of claims 1 to 3, wherein: the process of writing the identification code to the hard disk comprises the following steps: The code is written to a comparator of the hard disk, and the output of the comparator is connected to a controller integrated in the hard disk.
PCT/CN2006/003458 2006-09-13 2006-12-18 Encrypting method for hard disk in set top box of cable television system WO2008031292A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2006100625997A CN101068303A (en) 2006-09-13 2006-09-13 Hardware enciphering method used for wired television system set-top box
CN200610062599.7 2006-09-13

Publications (1)

Publication Number Publication Date
WO2008031292A1 true WO2008031292A1 (en) 2008-03-20

Family

ID=38880729

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/003458 WO2008031292A1 (en) 2006-09-13 2006-12-18 Encrypting method for hard disk in set top box of cable television system

Country Status (2)

Country Link
CN (1) CN101068303A (en)
WO (1) WO2008031292A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101600079B (en) * 2009-07-07 2012-01-04 富士通半导体(上海)有限公司 High-speed downloading system and downloading method based on cable television network
CN102104801A (en) * 2010-12-21 2011-06-22 福建二菱电子有限公司 Confidential method for set-top box software
CN102833637A (en) * 2011-06-17 2012-12-19 宏碁股份有限公司 Multimedia browsing device, system and method
CN104079994B (en) * 2014-07-07 2017-05-24 四川金网通电子科技有限公司 Authorization system and method based on set top box card-free CA

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1355997A (en) * 1999-04-21 2002-06-26 通用仪器公司 Method and system for locating-control channel and data transport steam within signal received by set-top box from cable TV. system
CN1725832A (en) * 2004-07-23 2006-01-25 上海乐金广电电子有限公司 Remote-control controlling method for audio/video record playing device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1355997A (en) * 1999-04-21 2002-06-26 通用仪器公司 Method and system for locating-control channel and data transport steam within signal received by set-top box from cable TV. system
CN1725832A (en) * 2004-07-23 2006-01-25 上海乐金广电电子有限公司 Remote-control controlling method for audio/video record playing device

Also Published As

Publication number Publication date
CN101068303A (en) 2007-11-07

Similar Documents

Publication Publication Date Title
US7801820B2 (en) Real-time delivery of license for previously stored encrypted content
EP1062812B1 (en) Streaming media player with continuous control and protection of media content
US7809138B2 (en) Methods and apparatus for persistent control and protection of content
US7404082B2 (en) System and method for providing authorized access to digital content
US7233948B1 (en) Methods and apparatus for persistent control and protection of content
US20040151315A1 (en) Streaming media security system and method
AU2002351508B2 (en) Method, apparatus and system for securely providing material to a licensee of the material
US20040068659A1 (en) Method for secure distribution of digital data representing a multimedia content
US20080205640A1 (en) Digital content delivery system and method
AU2002351508A1 (en) Method, apparatus and system for securely providing material to a licensee of the material
EP1166562B1 (en) Digital content delivery system and method
WO2008031292A1 (en) Encrypting method for hard disk in set top box of cable television system
JP5400564B2 (en) Receiving apparatus and content re-encryption method
WO2006042467A1 (en) A processing method in accessing catv signal
CN103988513B (en) For method, encryption system and the security module of the content packet for descrambling digital transport stream
CN107547946B (en) Method and medium for transmitting streaming digital content over internet data communication network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06828371

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06828371

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载