CN100442839C

Movatterモバイル変換

Info

Publication number: CN100442839C
Application number: CNB031308066A
Authority: CN
Inventors: 颜宏华; 王庆文
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2003-05-09
Filing date: 2003-05-09
Publication date: 2008-12-10
Anticipated expiration: 2023-05-09
Also published as: CN1549595A

Abstract

本发明公开了一种交互数字广播电视系统的信息传输方法，该方法包括：1)该系统的前端部分通过广播网络向系统中所有用户终端发送包含业务信息、并经过加扰的信息传输流；2)前端部分通过交互网络接收用户终端的用户信息，并为接入系统的每个用户终端生成条件接收信息，将该条件接收信息通过交互网络分别发送给用户终端；3)用户终端根据该条件接收信息，对从广播网络接收的信息传输流进行解扰，得到业务信息。本发明同时公开了一种交互数字广播电视系统的信息传输装置，其前端部分使用了条件接收信息处理模块；终端部分的智能卡系统包含解密模块和用户身份认证模块。本发明实现简便，增加了破解的难度，提高了信息传输的安全性。

The invention discloses an information transmission method of an interactive digital broadcast television system. The method comprises: 1) the front-end part of the system sends a scrambled information transmission stream containing service information to all user terminals in the system through a broadcast network; 2) The front-end part receives the user information of the user terminal through the interactive network, and generates conditional access information for each user terminal connected to the system, and sends the conditional access information to the user terminal through the interactive network; 3) the user terminal according to the condition Receive information, descramble the information transmission stream received from the broadcast network, and obtain service information. The invention also discloses an information transmission device of an interactive digital broadcasting television system, the front end of which uses a conditional reception information processing module; the smart card system of the terminal part includes a decryption module and a user identity authentication module. The invention is easy to implement, increases the difficulty of deciphering, and improves the security of information transmission.

Description

Translated fromChinese

一种交互数字广播电视系统的信息传输方法及装置An information transmission method and device for an interactive digital broadcast television system

技术领域technical field

本发明涉及数字广播电视系统的信息传输技术，特别涉及一种交互数字广播电视系统的信息传输方法及装置。The invention relates to an information transmission technology of a digital broadcast television system, in particular to an information transmission method and device of an interactive digital broadcast television system.

背景技术Background technique

目前，欧洲的数字视频广播(DVB)标准已经成熟，根据该标准建立的数字广播电视系统平台中的条件接入(CA)系统具有安全保护作用，并且通过CA系统传输信息实现“加扰到用户”，可以彻底解决“加扰到有线台”在收费问题上的困扰。At present, the digital video broadcasting (DVB) standard in Europe has matured. The conditional access (CA) system in the digital broadcasting television system platform established according to this standard has the function of security protection, and the transmission of information through the CA system realizes "scrambling to the user". ", which can completely solve the problem of "scrambling to cable stations" on the charging issue.

由于CA系统涉及整个广播电视网络，包括数字电视前端、传输网络和用户端，CA系统通过对数字电视节目及信息在电视传输网络前端进行实时加扰，在用户端进行解扰还原，是一个可以抵抗恶意攻击的数字电视的安全系统，其主要安全目标是：防止数字电视用户授权装置由于商业目的被盗版者大量伪造或复制，以及阻止非法数字电视节目或信息混入数字视频广播网络中。同时，CA系统对已付费用户在线授权，可以使付费的电视用户正常收看节目，未付费的电视用户无法收看节目，所以CA系统也是一种以保护电视运营商利益为根本目的、利用加密技术实现的收费控制系统。Since the CA system involves the entire broadcast TV network, including the digital TV front end, transmission network and user end, the CA system performs real-time scrambling of digital TV programs and information at the front end of the TV transmission network, and descrambles and restores them at the user end. The main security objectives of the digital TV security system against malicious attacks are: to prevent digital TV user authorization devices from being counterfeited or duplicated by pirates for commercial purposes, and to prevent illegal digital TV programs or information from being mixed into digital video broadcasting networks. At the same time, the CA system authorizes paid users online, enabling paid TV users to watch programs normally, and unpaid TV users cannot watch programs. Therefore, the CA system is also a fundamental purpose of protecting the interests of TV operators and using encryption technology to achieve charge control system.

目前的CA系统，是针对单向广播电视系统设计的，其传输信息的实现方法参见图1，图1为现有单向数字广播电视系统中CA系统传输信息的实现框图。如图1所示，现有的数字广播电视系统的前端部分110包含：复合器111、加扰器112、加密器113、加密器114、业务信息(SI)发生器115、用户授权系统116、控制字(CW)发生器117、节目信息管理系统118和用户管理系统119，用户授权系统116和用户管理系统119也可以合称为用户授权管理系统；用户终端部分(STB)包含：解扰器132、解复合器131、解密器133、解密器134、安全处理器135。终端部分130中的解密器133、解密器134、安全处理器135是组合在一起的，它们的功能由一个智能卡系统136来实现。The current CA system is designed for the one-way broadcast television system, and its implementation method of transmitting information is shown in Fig. 1, which is a block diagram of realizing the information transmission of the CA system in the existing one-way digital broadcast television system. As shown in Figure 1, the front-end part 110 of existing digital broadcast television system comprises: multiplexer 111,scrambler 112,encryptor 113, encryptor 114, service information (SI)generator 115, user authorization system 116, Control word (CW) generator 117, programinformation management system 118 anduser management system 119, user authorization system 116 anduser management system 119 can also collectively be referred to as user authorization management system; User terminal part (STB) comprises:descrambler 132 , adecomplexer 131 , adecryptor 133 , adecryptor 134 , and asecurity processor 135 . Thedecryptor 133 ,decryptor 134 , andsecurity processor 135 in theterminal part 130 are combined together, and their functions are realized by asmart card system 136 .

在上述单向数字广播电视系统中，CA系统传输信息的安全性完全集中在终端，下面给出其具体过程。In the above-mentioned one-way digital broadcasting television system, the security of the information transmitted by the CA system is completely concentrated on the terminal, and the specific process is given below.

在前端部分，现有CA系统采用三重密钥机制来对传输节目进行加密：In the front end, the existing CA system uses a triple key mechanism to encrypt the transmission program:

1、用加扰器112，根据控制字(CW)发生器117产生的控制字，对伪随机序列发生器起始触发，产生新的伪随机序列对业务信息进行加扰，控制字是一组随机数，每隔几秒钟随机变化一次，在接收端要在同样的控制字的控制下来解扰；1. Using thescrambler 112, according to the control word generated by the control word (CW) generator 117, the pseudo-random sequence generator is initially triggered to generate a new pseudo-random sequence to scramble the service information. The control word is a set of The random number changes randomly every few seconds, and it needs to be descrambled under the control of the same control word at the receiving end;

2、用加密器114使用业务密钥(SK)对控制字(CW)发生器117产生的控制字进行加密，生成CW密文，放入授权控制信息(ECM)；2. Encrypt the control word generated by the control word (CW) generator 117 using the service key (SK) with the encryptor 114, generate the CW ciphertext, and put it into the authorization control message (ECM);

3、用加密器113使用用户个人分配密钥(PDK)对SK和用户管理系统119提供的用户管理信息进行加密，形成包含SK密文的授权管理信息(EMM)，用户管理信息包括用户名称、地址、智能卡号、帐单等，EMM每8～10秒插入传送流(TS流)一次。3. Use the user's personal distribution key (PDK) withencryptor 113 to encrypt the user management information provided by SK anduser management system 119 to form authorization management information (EMM) that includes SK ciphertext. User management information includes user name, Addresses, smart card numbers, bills, etc., EMM is inserted into the transport stream (TS stream) every 8 to 10 seconds.

4、加密后的ECM、EMM、节目特定信息(PSI)以及业务信息经过复合器111复合，再经加扰器112加扰后，形成TS流通过广播网120传输到用户终端部分130，也就是说现有技术所有信息都通过广播网120传输到用户终端部分130。4. The encrypted ECM, EMM, program specific information (PSI) and service information are compounded by the compounder 111, and then scrambled by thescrambler 112 to form a TS stream and transmit it to theuser terminal part 130 through thebroadcast network 120, that is, Said prior art all information is transmitted to theuser terminal part 130 through thebroadcast network 120 .

5、在用户终端部分130，现有CA系统先由解密器134用PDK对TS流中的EMM解密，取出SK，发送给安全处理器135，并判断本终端是否有权接收业务。如果有权，则由解密器133使用业务密钥SK将ECM中的控制字CW解密出来，然后将CW提供给解扰器132使用。解扰器132用该控制字来进行解扰，解扰后的业务信息发送给解复合器131；否则不能接收业务信息。其中，由于SK、CW、PDK都与条件接入相关，是用户终端接收业务信息的重要信息，所以都可以被称为条件接收信息。5. In theuser terminal part 130, in the existing CA system, thedecryptor 134 uses the PDK to decrypt the EMM in the TS stream, takes out the SK, sends it to thesecurity processor 135, and judges whether the terminal has the right to receive services. If authorized, thedecryptor 133 uses the service key SK to decrypt the control word CW in the ECM, and then provides the CW to thedescrambler 132 for use. Thedescrambler 132 uses the control word to perform descrambling, and the descrambled service information is sent to thedecomplexer 131; otherwise, the service information cannot be received. Among them, since SK, CW, and PDK are all related to conditional access and are important information for user terminals to receive service information, they can all be called conditional access information.

从上面所述的现有CA系统传输信息的方案可以看出，因CA受单向网络的限制，使得该方案不仅复杂，而且在安全性方面存在一些缺点：From the information transmission scheme of the existing CA system described above, it can be seen that the scheme is not only complicated but also has some disadvantages in terms of security because the CA is limited by the one-way network:

1、它的安全性集中依赖于终端的能力，一旦算法被破解，系统作用领域内的任何地方都完全暴露在被盗解的威胁之下。1. Its security relies heavily on the capabilities of the terminal. Once the algorithm is cracked, any place in the system's functional area will be completely exposed to the threat of stolen solutions.

2、现有的CA系统无法对具体的业务授权进行认证，所以难以防止非法业务。2. The existing CA system cannot authenticate specific business authorization, so it is difficult to prevent illegal business.

3、因现有CA系统结构的单向性，其加解密算法完全与设备绑定，所以盗解者有足够的机会研究完全破解方案，备份算法等辅助措施也无法弥补这一根本缺陷，因此现有系统安全性差。3. Due to the one-way nature of the existing CA system structure, its encryption and decryption algorithms are completely bound to the device, so hackers have enough opportunities to research a complete cracking solution, and auxiliary measures such as backup algorithms cannot make up for this fundamental defect, so The existing system has poor security.

4、为了保证新接入的用户能及时获取用户授权信息EMM，必须周期性地在广播信道上发送EMM消息，占用了宝贵的带宽资源，增加了开销。4. In order to ensure that new access users can obtain user authorization information EMM in time, EMM messages must be sent periodically on the broadcast channel, which occupies valuable bandwidth resources and increases overhead.

随着交互式的数字电视广播技术的成熟，出现了交互数字广播电视系统，使得交互电视将日渐普及，这是一种可提供丰富信息和娱乐业务的双向交互式系统，它在单向分配业务的基础上，增加交互功能，形成双向信道。With the maturity of interactive digital TV broadcasting technology, interactive digital broadcasting TV system has emerged, making interactive TV more and more popular. This is a two-way interactive system that can provide rich information and entertainment services. It distributes services in one direction. On the basis of , add interactive functions to form a two-way channel.

交互数字广播电视系统是按照DVB提出的交互广播电视网络结构设计的。参见图2，图2为DVB提出的交互广播电视网络结构框架示意图。该结构分3部分：前端、传播网络、机顶盒。The interactive digital broadcast TV system is designed according to the interactive broadcast TV network structure proposed by DVB. Referring to Fig. 2, Fig. 2 is a schematic diagram of the structural framework of the interactive broadcast television network proposed by DVB. The structure is divided into three parts: the front end, the transmission network, and the set-top box.

前端由4个模块构成：The front end consists of 4 modules:

广播业务供应模块211(Broadcast Service Provider)：用以提供广播业务。Broadcast service supply module 211 (Broadcast Service Provider): used to provide broadcast services.

广播网络适配器213(Broadcast Network Adaptor)：用以提供广播业务供应模块和广播网络之间的适配接口。Broadcast Network Adapter 213 (Broadcast Network Adapter): used to provide an adaptation interface between the broadcast service supply module and the broadcast network.

交互业务供应模块212(Interactive Service Provider)：用以提供交互业务。Interactive service supply module 212 (Interactive Service Provider): used to provide interactive services.

交互网络适配器214(Interactive Network Adaptor)：用以提供交互业务供应模块和交互网络之间的适配接口。Interactive Network Adapter 214 (Interactive Network Adaptor): used to provide an adaptation interface between the interactive service supply module and the interactive network.

其中，交互业务供应模块212的业务也可以通过广播网络适配器213，以广播的形式发送给用户终端。Wherein, the service of the interactiveservice supply module 212 may also be sent to the user terminal in the form of broadcast through thebroadcast network adapter 213 .

传播网络分2部分：The communication network is divided into 2 parts:

广播网络221(Broadcasting Delivery Media)：用以提供广播业务的传播途径。Broadcasting Network 221 (Broadcasting Delivery Media): It is used to provide a broadcasting channel for broadcasting services.

交互网络222(Interactive Network)：用以提供交互业务的传播途径。Interactive Network 222 (Interactive Network): used to provide a transmission path for interactive services.

机顶盒与用户终端相连，其包含3部分：The set-top box is connected to the user terminal, which consists of 3 parts:

广播接口231(Broadcast Interface Module)：提供机顶盒和广播媒介通信接口。Broadcast interface 231 (Broadcast Interface Module): Provides a communication interface between the set-top box and broadcast media.

交互接口232(Intractive Interface Module)：提供机顶盒和交互网络通信接口。Interactive interface 232 (Intractive Interface Module): Provides a set-top box and an interactive network communication interface.

机顶单元233(Set Top Unit )：机顶盒的其他功能单元。Set Top Unit 233 (Set Top Unit): Other functional units of the set top box.

其中，传送网络有两个，一个是承载广播通道(BC：Broadcast Channel)的广播网络221，另一个是承载交互通道(IC：Interaction Channel)的交互网络222。广播网络221是单向的，从网络侧发送音视频流和数据给终端用户，它也可以承载交互网络的下行交互通道。交互网络222中包括两种通道，即上行交互通道(Return interaction path)和下行交互通道(Forward interaction path)。上行交互通道，从用户终端到网络侧的业务提供服务器，用来进行请求和响应消息的传送。下行交互通道，从网络侧的业务提供服务器到给终端用户，用来进行数据下载以及请求和响应消息的传送。Among them, there are two transmission networks, one is abroadcast network 221 carrying a broadcast channel (BC: Broadcast Channel), and the other is aninteraction network 222 carrying an interaction channel (IC: Interaction Channel). Thebroadcast network 221 is unidirectional, sending audio and video streams and data to end users from the network side, and it can also bear the downlink interactive channel of the interactive network. Theinteraction network 222 includes two channels, namely, an uplink interaction path (Return interaction path) and a downlink interaction path (Forward interaction path). The uplink interaction channel is used to transmit request and response messages from the user terminal to the service providing server on the network side. The downlink interaction channel is used to download data and transmit request and response messages from the service provider server on the network side to end users.

这样用户不仅可通过上行交互信道返回信号参与选择，同时通过下行交互通道节目信息收看节目，提供点播电视、电视购物、电视教育、电子银行、多媒体电子邮件，交互式游戏等各种的是满足终端与网交互服务。In this way, users can not only participate in the selection through the return signal of the uplink interactive channel, but also watch programs through the program information of the downlink interactive channel, and provide various services such as on-demand TV, TV shopping, TV education, electronic banking, multimedia email, and interactive games. Interact with web services.

在上述的交互广播电视网络结构框架下，信息传输可以由以下步骤来实现：Under the framework of the above-mentioned interactive broadcasting and television network structure, information transmission can be realized by the following steps:

步骤1、使用交互网络本身的用户接入协议将用户终端接入交互网络；Step 1, using the user access protocol of the interactive network itself to connect the user terminal to the interactive network;

步骤2、用户终端通过与前端互相进行身份认证，接入交互数字广播电视系统；Step 2, the user terminal accesses the interactive digital broadcasting television system through mutual identity authentication with the front end;

步骤3、利用CA系统传输信息。Step 3, using the CA system to transmit information.

其中的步骤1、2充分利用了交互网络的优点，增加了系统的安全性，但步骤3仍用现有CA系统的方案，没有利用交互网络的优点，显然没有解决现有技术CA系统方案在安全性方面的缺点和问题。Wherein steps 1 and 2 make full use of the advantages of the interactive network, which increases the security of the system, but step 3 still uses the existing CA system solution, does not utilize the advantages of the interactive network, and obviously does not solve the problem of the prior art CA system solution. Security weaknesses and issues.

发明内容Contents of the invention

有鉴于此，本发明的主要目的在于提供一种交互数字广播电视系统的信息传输方法，增加系统中信息传输的安全性。In view of this, the main purpose of the present invention is to provide an information transmission method for an interactive digital broadcasting television system to increase the security of information transmission in the system.

本发明的另一个目的在于提供一种交互数字广播电视系统的信息传输装置，保证系统中信息传输的安全性。Another object of the present invention is to provide an information transmission device for an interactive digital broadcasting television system to ensure the security of information transmission in the system.

根据上述的一个目的，本发明提供了一种交互数字广播电视系统的信息传输方法，该方法包括以下步骤：According to an above-mentioned purpose, the present invention provides a kind of information transmission method of interactive digital broadcast television system, and this method comprises the following steps:

1)该系统的前端部分通过广播网络向系统中所有用户终端发送经过加扰控制字加扰的业务信息传输流；1) The front-end part of the system sends the service information transmission stream scrambled by the scrambled control word to all user terminals in the system through the broadcast network;

2)前端部分通过交互网络接收用户终端的用户信息，并为接入系统的每个用户终端生成加密的业务密钥(SK)或业务密钥，并生成用户终端的授权控制信息(ECM)，将该信息通过广播网络发送给用户终端；或为接入系统的每个用户终端生成加密的加扰控制字(CW)；前端部分将所述加密的业务密钥或加扰控制字或业务密钥通过交互网络分别发送给用户终端；2) The front-end part receives the user information of the user terminal through the interactive network, and generates an encrypted service key (SK) or service key for each user terminal accessing the system, and generates the authorization control information (ECM) of the user terminal, Send the information to the user terminal through the broadcast network; or generate an encrypted scrambled control word (CW) for each user terminal accessing the system; the front-end part sends the encrypted service key or scrambled control word or service key The key is sent to the user terminal respectively through the interactive network;

3)用户终端根据从交互网络接收的所述加密的业务密钥或业务密钥，对接收的授权控制信息进行解密，得到加扰控制字，或根据从交互网络接收的所述加密的加扰控制字解密得到加扰控制字，对从广播网络接收的业务信息传输流进行解扰，得到业务信息。3) The user terminal decrypts the received authorization control information according to the encrypted service key or service key received from the interactive network to obtain a scrambled control word, or according to the encrypted scrambled key received from the interactive network The control word is decrypted to obtain the scrambled control word, and the service information transmission stream received from the broadcast network is descrambled to obtain the service information.

前端部分为接入系统的每个用户终端生成加密的业务密钥(SK)，所述的授权控制信息可以包含对加扰控制字(CW)进行加密的密文；The front-end part generates an encrypted service key (SK) for each user terminal accessing the system, and the authorization control information may include encrypted ciphertext for the scrambling control word (CW);

所述的步骤3)可以为：用户终端对从交互网络接收的加密的业务密钥进行解密，得到业务密钥，用该业务密钥对从广播网络接收的授权控制信息进行解密，得到加扰控制字，用该加扰控制字对从广播网络接收传输流进行解扰，得到业务信息。The step 3) may be: the user terminal decrypts the encrypted service key received from the interactive network to obtain the service key, and uses the service key to decrypt the authorization control information received from the broadcast network to obtain the scrambled A control word, using the scrambled control word to descramble the transport stream received from the broadcast network to obtain service information.

对所述业务密钥(SK)进行加密的方法可以为：使用公开密钥算法进行加密；对所述加密的业务密钥进行解密的方法可以为：用与业务密钥加密算法对应的公开密钥算法进行解密。The method for encrypting the service key (SK) may be: use a public key algorithm to encrypt; the method for decrypting the encrypted service key may be: use the public key corresponding to the service key encryption algorithm key algorithm for decryption.

对所述业务密钥(SK)进行加密的方法可以为：用前端部分保存的公钥，使用RSA加密算法对业务密钥进行加密；The method for encrypting the service key (SK) may be: use the public key stored in the front end to encrypt the service key using the RSA encryption algorithm;

对所述加密的业务密钥进行解密的方法可以为：用用户终端保存的私钥，使用RSA解密算法进行解密，将业务密钥解密出来。The method for decrypting the encrypted service key may be: use the private key stored in the user terminal to decrypt using the RSA decryption algorithm to decrypt the service key.

对所述加扰控制字(CW)进行加密的方法可以为：使用对称密钥算法进行加密；对授权控制信息进行解密的方法为使用对称密钥算法进行解密。The method for encrypting the scrambled control word (CW) may be: using a symmetric key algorithm for encryption; the method for decrypting the authorization control information is using a symmetric key algorithm for decryption.

对所述加扰控制字(CW)进行加密的方法可以为：用业务密钥作为密钥，使用高级数据加密标准(AES)加密算法对加扰控制字进行加密；The method for encrypting the scrambled control word (CW) may be: using a service key as a key, and using the Advanced Encryption Standard (AES) encryption algorithm to encrypt the scrambled control word;

对所述授权控制信息进行解密的方法可以为：用解密后的业务密钥，使用AES解密算法对加密的加扰控制字进行解密，得到加扰控制字。The method for decrypting the authorization control information may be: use the decrypted service key to decrypt the encrypted scrambled control word using the AES decryption algorithm to obtain the scrambled control word.

对所述加扰控制字(CW)进行加密的方法可以为：用业务密钥作为密钥，使用3DES加密算法对加扰控制字进行加密；The method for encrypting the scrambled control word (CW) may be: use the service key as a key, and use the 3DES encryption algorithm to encrypt the scrambled control word;

对所述授权控制信息进行解密的方法可以为：用解密后的业务密钥，使用3DES解密算法对加密的加扰控制字进行解密，得到加扰控制字。The method for decrypting the authorization control information may be: use the decrypted service key to decrypt the encrypted scrambled control word using the 3DES decryption algorithm to obtain the scrambled control word.

前端部分为接入系统的每个用户终端生成加密的加扰控制字，所述步骤2)可以为：前端部分用用户终端的用户个人分配密钥(PDK)作为密钥对加扰控制字进行加密处理，将加密后的加扰控制字发送给用户终端；The front-end part generates an encrypted scrambled control word for each user terminal accessing the system, and the step 2) may be: the front-end part uses the user personal distribution key (PDK) of the user terminal as a key to scramble the control word Encryption processing, sending the encrypted scrambled control word to the user terminal;

所述的步骤3)可以为：用户终端用用户个人分配密钥(PDK)对从交互网络接收的加密的加扰控制字进行解密，得到加扰控制字，用该加扰控制字对从广播网络接收传输流进行解扰，得到业务信息。The step 3) may be: the user terminal uses the user's personal distribution key (PDK) to decrypt the encrypted scrambled control word received from the interactive network to obtain the scrambled control word, and use the scrambled control word to decrypt the scrambled control word received from the interactive network. The network receives the transport stream for descrambling to obtain service information.

所述步骤2)可以进一步包括：加扰控制字每隔预定时间修改一次。The step 2) may further include: modifying the scrambling control word every predetermined time.

步骤2)所述的条件接收信息可以为业务密钥；步骤2)可以进一步包括，前端部分生成用户终端的授权控制信息(ECM)，并将该信息通过广播网络发送给用户终端。The conditional access information in step 2) may be a service key; step 2) may further include that the front-end part generates entitlement control information (ECM) of the user terminal, and sends the information to the user terminal through the broadcast network.

前端部分为接入系统的每个用户终端生成业务密钥，所述的授权控制信息可以包含用业务密钥对加扰控制字(CW)进行加密的密文；The front-end part generates a service key for each user terminal accessing the system, and the authorization control information may include a ciphertext encrypted with the service key to the scrambled control word (CW);

所述的步骤3)可以为：用户终端用从交互网络接收的业务密钥对从广播网络接收的授权控制信息进行解密，得到加扰控制字，用该加扰控制字对从广播网络接收传输流进行解扰，得到业务信息。The step 3) may be: the user terminal uses the service key received from the interactive network to decrypt the authorization control information received from the broadcast network to obtain a scrambled control word, and use the scrambled control word to receive transmissions from the broadcast network The stream is descrambled to obtain service information.

根据上述的另一个目的，本发明提供了一种交互数字广播电视系统的信息传输装置，包含前端部分和用户终端部分，其前端部分包含复合器、加扰器、控制字发生器、用户授权管理系统；复合器和控制字发生器分别与加扰器相连，加扰器与广播网络相连；According to another object above, the present invention provides an information transmission device for an interactive digital broadcast television system, which includes a front-end part and a user terminal part, and the front-end part includes a multiplexer, a scrambler, a control word generator, a user authorization management system; the multiplexer and the control word generator are respectively connected to the scrambler, and the scrambler is connected to the broadcast network;

终端部分包含解复合器、解扰器、智能卡系统；解复合器与解扰器相连，智能卡系统与解扰器相连，解扰器与广播网络相连，所述前端部分进一步包含条件接收信息处理模块，其与用户授权管理系统、控制字发生器和交互网络分别相连；且用户授权管理系统与交互网络相连；The terminal part includes a demultiplexer, a descrambler, and a smart card system; the demultiplexer is connected to the descrambler, the smart card system is connected to the descrambler, and the descrambler is connected to the broadcast network, and the front-end part further includes a conditional access information processing module , which are respectively connected to the user authorization management system, the control word generator and the interactive network; and the user authorization management system is connected to the interactive network;

复合器将业务信息，或业务信息和授权控制信息复合后发送给加扰器；加扰器用控制字发生器产生的加扰控制字对业务信息进行加扰后通过广播网络发送出去；The compounder combines the service information, or service information and authorization control information, and then sends it to the scrambler; the scrambler uses the scramble control word generated by the control word generator to scramble the service information and then sends it out through the broadcast network;

用户授权管理系统产生的业务密钥(SK)和控制字发生器产生的加扰控制字，或保存的用户个人分配密钥和控制字发生器产生的加扰控制字发送给条件接收信息处理模块；条件接收信息处理模块对加扰控制字和用户授权管理系统产生的业务密钥(SK)或保存的用户个人分配密钥进行处理后通过交互网络发送出去，并用业务密钥(SK)对加扰控制字加密形成授权控制信息，发送至复合器；The service key (SK) generated by the user authorization management system and the scrambled control word generated by the control word generator, or the saved user's personal distribution key and the scrambled control word generated by the control word generator are sent to the conditional access information processing module ; The conditional access information processing module sends out through the interactive network after processing the scrambling control word and the service key (SK) generated by the user authorization management system or the saved user's personal distribution key, and uses the service key (SK) to scramble The scrambling control word is encrypted to form authorization control information, which is sent to the compounder;

所述终端部分进一步包含交互处理单元，该交互处理单元与交互网络相连；所述智能卡系统包含解密模块和用户身份认证模块，该智能卡系统与交互网络相连；The terminal part further includes an interactive processing unit, which is connected to the interactive network; the smart card system includes a decryption module and a user identity authentication module, and the smart card system is connected to the interactive network;

用户身份认证模块通过交互处理单元与无线交互网络进行交互，完成身份认证；且终端部分的交互处理单元与前端的用户授权管理系统进行信息交互，完成业务的申请，将终端部分接入交互数字广播电视系统；The user identity authentication module interacts with the wireless interactive network through the interactive processing unit to complete identity authentication; and the interactive processing unit of the terminal part performs information interaction with the front-end user authorization management system to complete the service application and connect the terminal part to the interactive digital broadcasting system. television system;

解密模块将通过交互处理单元从交互网络接收的加密的业务密钥(SK)解密得到业务密钥，对从广播网络接收的授权控制信息进行解密得到加扰控制字，或根据保存的用户个人分配密钥对从交互网络接收的加密的加扰控制字进行解密，得到加扰控制字，发送给解扰器；解扰器根据加扰控制字对从广播网络接收的业务信息进行解扰，并将解扰后的业务信息发送给解复合器；复合器对业务信息进行解复合输出给用户。The decryption module decrypts the encrypted service key (SK) received from the interactive network through the interactive processing unit to obtain the service key, and decrypts the authorization control information received from the broadcast network to obtain the scrambled control word, or according to the stored user personal allocation The key decrypts the encrypted scrambled control word received from the interactive network, obtains the scrambled control word, and sends it to the descrambler; the descrambler descrambles the service information received from the broadcast network according to the scrambled control word, and Send the descrambled service information to the demultiplexer; the demultiplexer decomplexes the service information and outputs it to the user.

所述的条件接收信息处理模块可以进一步包含：第一加密器和第二加密器；The conditional access information processing module may further include: a first encryptor and a second encryptor;

第一加密器，用用户授权管理系统产生的业务密钥，对加扰控制字发生器产生的加扰控制字进行加密，形成授权控制信息，并发送给复合器，复合器将该授权控制信息与业务信息一起进行复合，通过广播网络发送出去；The first encryptor encrypts the scrambling control word generated by the scrambling control word generator with the service key generated by the user authorization management system to form authorization control information and send it to the compounder, and the compounder uses the authorization control information Composite with business information and send it out through the broadcast network;

第二加密器，对用户授权管理系统产生的业务密钥进行加密，通过交互网络发送出去；The second encryptor encrypts the service key generated by the user authorization management system and sends it out through the interactive network;

所述的解密模块可以进一步包含：第一解密器和第二解密器；The decryption module may further include: a first decryptor and a second decryptor;

第二解密器，对从交互网络接收的加密的业务密钥进行解密，得到的业务密钥发送给第一解密器，The second decryptor decrypts the encrypted service key received from the interactive network, and sends the obtained service key to the first decryptor,

第一解密器，用第二解密器解出的业务密钥，对从广播网络接收的，且由解复合器解复合后得到的授权控制信息进行解密，得到加扰控制字发送给解扰器。The first descrambler uses the service key deciphered by the second descrambler to decrypt the authorization control information received from the broadcast network and decomplexed by the decomplexer to obtain the scrambled control word and send it to the descrambler .

所述的第一加密器可以为对称密钥算法加密器，例如为AES加密器或3DES加密器；第一解密器可以为对称密钥算法解密器，例如为AES解密器或3DES解密器。The first encryptor may be a symmetric key algorithm encryptor, such as an AES encryptor or a 3DES encryptor; the first decryptor may be a symmetric key algorithm decryptor, such as an AES decryptor or a 3DES decryptor.

所述的第二加密器为公开密钥算法的加密器，例如为RSA加密器，其用用户授权管理系统保存的公钥，进行加密；第二解密器为与第二加密器对应的公开密钥算法的解密器，例如为RSA解密器，其用智能卡系统保存的私钥，进行解密。The second encryptor is an encryptor of a public key algorithm, such as an RSA encryptor, which encrypts with the public key stored by the user authorization management system; the second decryptor is a public key corresponding to the second encryptor. The decryptor of the key algorithm, such as an RSA decryptor, uses the private key stored in the smart card system to decrypt.

所述的条件接收信息处理模块可以为一加密器；其用用户授权管理系统保存的用户个人分配密钥，对加扰控制字发生器产生的加扰控制字进行加密，并通过交互网络发送出去；The conditional access information processing module can be an encryptor; it encrypts the scrambling control word generated by the scrambling control word generator with the user's personal distribution key stored in the user authorization management system, and sends it out through the interactive network ;

所述的解密模块可以为一解密器；其用用户身份认证模块保存的用户个人分配密钥对从交互网络接收的加密的加扰控制字进行解密，得到的加扰控制字发送给解扰器。The decryption module may be a decryptor; it uses the user's personal distribution key stored in the user identity authentication module to decrypt the encrypted scrambled control word received from the interactive network, and the obtained scrambled control word is sent to the descrambler .

所述的条件接收信息处理模块可以为一加密器；用用户授权管理系统产生的业务密钥，对加扰控制字发生器产生的加扰控制字进行加密，形成授权控制信息，并发送给复合器，复合器将该授权控制信息与业务信息一起进行复合，通过广播网络发送出去；并将该业务密钥通过交互网络发送出去；The conditional access information processing module can be an encryptor; use the service key generated by the user authorization management system to encrypt the scrambling control word generated by the scrambling control word generator to form authorization control information and send it to the complex The compounder combines the authorization control information with the service information and sends it through the broadcast network; and sends the service key through the interactive network;

所述的解密模块可以为一解密器；其用从交互网络接收的业务密钥，对从广播网络接收的，且由解复合器解复合后得到的授权控制信息进行解密，得到加扰控制字发送给解扰器。The decryption module may be a decryptor; it uses the service key received from the interactive network to decrypt the authorization control information received from the broadcast network and decomplexed by the decomplexer to obtain the scrambled control word sent to the descrambler.

所述的交互网络可以为无线交互网络，包括：全球移动通信系统(GSM)网络、或宽带码分多址(WCDMA)无线通信网络，或CDMA 2000无线通信网络，或时分同步-码分多址(TD-SCDMA)网络。Described interactive network can be wireless interactive network, comprises: Global System for Mobile Communications (GSM) network or wideband code division multiple access (WCDMA) wireless communication network, or CDMA 2000 wireless communication network, or time division synchronous-code division multiple access (TD-SCDMA) network.

当交互网络为全球移动通信系统(GSM)网络时，所述身份认证模块可以为SIM卡模块；当交互网络为宽带码分多址(WCDMA)无线通信网络，或时分同步-码分多址(TD-SCDMA)网络时，所述身份认证模块可以为USIM卡模块；当交互网络为CDMA 2000无线通信网络时，所述身份认证模块可以为R-UIM卡模块。When the interactive network is a Global System for Mobile Communications (GSM) network, the identity authentication module can be a SIM card module; when the interactive network is a Wideband Code Division Multiple Access (WCDMA) wireless communication network, or Time Division Synchronous-Code Division Multiple Access ( TD-SCDMA) network, the identity authentication module can be a USIM card module; when the interactive network is a CDMA 2000 wireless communication network, the identity authentication module can be an R-UIM card module.

由本发明的技术方案可见，本发明的交互数字广播电视系统的信息传输方法及其装置，将业务信息和条件接收信息分别从广播网络或交互网络下发，充分利用了交互数字广播电视系统的优势，虽然实现简便，但是增加了破解的难度，提高了信息传输的安全性，并且能够节省系统开销，应用范围广泛。It can be seen from the technical solution of the present invention that the information transmission method and device of the interactive digital broadcast television system of the present invention send service information and conditional access information respectively from the broadcast network or the interactive network, making full use of the advantages of the interactive digital broadcast television system , although it is easy to implement, it increases the difficulty of cracking, improves the security of information transmission, and can save system overhead, and has a wide range of applications.

附图说明Description of drawings

图1为现有单向数字广播电视系统中CA系统传输信息的实现框图；Fig. 1 is the realization block diagram of CA system transmission information in the existing unidirectional digital broadcasting television system;

图2为DVB提出的交互广播电视网络结构框架示意图；Fig. 2 is a schematic diagram of the structure framework of the interactive broadcast television network proposed by DVB;

图3为本发明第一较佳实施例的信息传输装置示意图；3 is a schematic diagram of an information transmission device in a first preferred embodiment of the present invention;

图4为本发明第二较佳实施例的信息传输装置示意图；4 is a schematic diagram of an information transmission device according to a second preferred embodiment of the present invention;

图5为本发明第三较佳实施例的信息传输装置示意图。FIG. 5 is a schematic diagram of an information transmission device according to a third preferred embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白，下面结合三个实施例和附图，对本发明进一步详细说明。In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with three embodiments and accompanying drawings.

本发明的交互数字广播电视系统的信息传输方法及其装置，主要思想是将业务信息和条件接收信息分别从广播网络或交互网络下发，增加破解的难度，提高信息传输的安全性，同时本发明方法适用于多种交互网络的交互数字广播电视系统，例如：全球移动通信系统(GSM)网络、或宽带码分多址(WCDMA)无线通信网络，或CDMA 2000无线通信网络，或时分同步-码分多址(TD-SCDMA)网络等无线交互网络。The information transmission method and device of the interactive digital broadcast television system of the present invention, the main idea is to send service information and conditional access information respectively from the broadcast network or interactive network, increase the difficulty of cracking, improve the security of information transmission, and at the same time The inventive method is applicable to the interactive digital broadcast television system of multiple interactive networks, for example: Global System for Mobile Communications (GSM) network, or Wideband Code Division Multiple Access (WCDMA) wireless communication network, or CDMA 2000 wireless communication network, or time division synchronous- Code division multiple access (TD-SCDMA) network and other wireless interactive networks.

参见图3，图3为本发明第一较佳实施例的信息传输装置示意图。该装置包含前端部分310和用户终端部分330，其前端部分330包含复合器311、加扰器312、控制字发生器313、用户授权管理系统314、条件接收信息处理模块315；复合器311和控制字发生器313分别与加扰器312相连，加扰器312与广播网络320相连；条件接收信息处理模块315与复合器311、用户授权管理系统314、控制字发生器313和交互网络321分别相连；用户授权管理系统314与交互网络321相连；其中，条件接收信息处理模块315包含AES加密器316和RSA加密器317。这里AES加密器316也可以使用其他对称密钥算法的加密器、RSA加密器317也可以使用其他公开密钥算法的加密器。Referring to FIG. 3 , FIG. 3 is a schematic diagram of an information transmission device according to a first preferred embodiment of the present invention. The device comprises a front-end part 310 and a user terminal part 330, and its front-end part 330 comprises a compounder 311, a scrambler 312, a control word generator 313, a user authorization management system 314, and a conditional access information processing module 315; the compounder 311 and the control The word generator 313 is connected to the scrambler 312 respectively, and the scrambler 312 is connected to the broadcast network 320; the conditional access information processing module 315 is connected to the compounder 311, the user authorization management system 314, the control word generator 313 and the interactive network 321 respectively The user authorization management system 314 is connected to the interactive network 321; wherein, the conditional access information processing module 315 includes an AES encryptor 316 and an RSA encryptor 317. Here, the AES encryptor 316 may also use other symmetric key algorithm encryptors, and the RSA encryptor 317 may also use other public key algorithm encryptors.

终端部分330包含解复合器331、解扰器332、智能卡系统333、交互处理单元336；解复合器331与解扰器332、智能卡系统333分别相连，智能卡系统333与解扰器332、交互处理单元336分别相连，解扰器332与广播网络320相连，交互处理单元336与交互网络321相连；其中，智能卡系统333包含AES解密器334和RSA解密器335和用户身份认证模块336。这里AES解密器334也可以使用其他与前端部分的加密器对应的对称密钥算法的解密器、RSA解密器335也可以使用其他与前端部分的加密器对应的公开密钥算法的解密器。The terminal part 330 includes a decomplexer 331, a descrambler 332, a smart card system 333, and an interactive processing unit 336; The units 336 are respectively connected, the descrambler 332 is connected to the broadcast network 320, and the interactive processing unit 336 is connected to the interactive network 321; wherein, the smart card system 333 includes an AES decryptor 334, an RSA decryptor 335 and a user identity authentication module 336. Here, the AES decryptor 334 can also use other decryptors of symmetric key algorithms corresponding to the encryptors of the front end, and the RSA decryptor 335 can also use decryptors of other public key algorithms corresponding to the encryptors of the front end.

在前端部分310：In front end section 310:

复合器311将业务信息复合后发送给加扰器312；加扰器312用控制字发生器313产生的加扰控制字对业务信息进行加扰后通过广播网络320发送出去；The multiplexer 311 composites the service information and sends it to the scrambler 312; the scrambler 312 uses the scrambling control word generated by the control word generator 313 to scramble the service information and then sends it out through the broadcast network 320;

用户授权管理系统314产生的业务密钥和控制字发生器313产生的加扰控制字发送给条件接收信息处理模块315；条件接收信息处理模块315中的AES加密器316用业务密钥，对加扰控制字进行加密，形成授权控制信息，并发送给复合器311，复合器311将该授权控制信息与业务信息一起进行复合，通过广播网络320发送出去；条件接收信息处理模块315中的RSA加密器317，用用户授权管理系统保存的加密公钥N和e对业务密钥进行加密，通过交互网络321发送出去；The scrambling control word that the service key that user authorization management system 314 produces and control word generator 313 produces is sent to conditional access information processing module 315; Encrypt the scrambling control word to form authorization control information, and send it to the compounder 311, and the compounder 311 compound the authorization control information and service information together, and send it out through the broadcast network 320; the RSA encryption in the conditional access information processing module 315 The device 317 encrypts the service key with the encrypted public key N and e stored in the user authorization management system, and sends it out through the interactive network 321;

在终端部分330：In terminal section 330:

用户身份认证模块336通过交互处理单元337与无线交互网络321进行交互，完成身份认证；且终端部分330的交互处理单元337与前端部分310的用户授权管理系统314进行信息交互，完成业务的申请，将终端部分330接入交互数字广播电视系统；The user identity authentication module 336 interacts with the wireless interactive network 321 through the interaction processing unit 337 to complete identity authentication; and the interaction processing unit 337 of the terminal part 330 performs information interaction with the user authorization management system 314 of the front end part 310 to complete the application of the service, Connect the terminal part 330 to the interactive digital broadcasting television system;

RSA解密器335，用智能卡系统333保存的解密私钥N和d，对从交互网络321接收的加密的业务密钥进行解密，得到的业务密钥发送给AES解密器334；AES解密器334，用该业务密钥，对从广播网络320接收的，且由解复合器331解复合后得到的授权控制信息进行解密，得到加扰控制字发送给解扰器332；解扰器332根据该加扰控制字对从广播网络320接收的业务信息进行解扰，并将解扰后的业务信息发送给解复合器331；复合器331对业务信息进行解复合输出给用户。The RSA decryptor 335 decrypts the encrypted service key received from the interactive network 321 with the decrypted private key N and d stored by the smart card system 333, and the obtained service key is sent to the AES decryptor 334; the AES decryptor 334, Use the service key to decrypt the authorization control information received from the broadcast network 320 and decomplexed by the decomplexer 331 to obtain a scrambled control word and send it to the descrambler 332; the descrambler 332 The scrambling control word descrambles the service information received from the broadcast network 320, and sends the descrambled service information to the demultiplexer 331; the multiplexer 331 demultiplexes the service information and outputs it to the user.

本实施例中，由周期性广播发送EMM消息变为点对点的一次业务请求只传一次加密的业务密钥，极大地降低了开销；对CW的加密使用了AES算法，大大提高了CW传输的安全性；对业务密钥SK使用了RSA算法，并且公钥不需要传送，保留在DVB前端，极大地提高了RSA算法的安全性；由于所使用的两个加密算法都是公开的算法，有利于系统设备的标准化。In this embodiment, instead of sending EMM messages by periodic broadcast, a point-to-point service request only transmits an encrypted service key once, which greatly reduces the overhead; the AES algorithm is used for CW encryption, which greatly improves the security of CW transmission The RSA algorithm is used for the service key SK, and the public key does not need to be transmitted, and it is kept at the front end of the DVB, which greatly improves the security of the RSA algorithm; since the two encryption algorithms used are public algorithms, it is beneficial to Standardization of system equipment.

参见图4，图4为本发明第二较佳实施例的信息传输装置示意图。该装置包含前端部分410和用户终端部分430，其前端部分410包含复合器411、加扰器412、控制字发生器413、用户授权管理系统414、条件接收信息处理模块415；复合器411和控制字发生器413分别与加扰器412相连，加扰器412与广播网络420相连；条件接收信息处理模块415与用户授权管理系统414、控制字发生器413和交互网络421分别相连；用户授权管理系统414与交互网络421相连；其中，条件接收信息处理模块415为一个加密器416。Referring to FIG. 4 , FIG. 4 is a schematic diagram of an information transmission device according to a second preferred embodiment of the present invention. The device comprises a front-end part 410 and auser terminal part 430, and its front-end part 410 comprises a compounder 411, ascrambler 412, acontrol word generator 413, a userauthorization management system 414, and a conditional access information processing module 415; the compounder 411 and thecontrol Word generator 413 is connected withscrambler 412 respectively, andscrambler 412 is connected withbroadcasting network 420; Conditional access information processing module 415 is connected with userauthorization management system 414,control word generator 413 andinteractive network 421 respectively; User authorization management Thesystem 414 is connected to theinteractive network 421 ; wherein, the conditional access information processing module 415 is anencryptor 416 .

终端部分430包含解复合器431、解扰器432、智能卡系统433、交互处理单元436；解复合器431与解扰器432相连，智能卡系统433与解扰器432、交互处理单元436分别相连，解扰器432与广播网络420相连，交互处理单元436与交互网络421相连；其中，智能卡系统433包含解密器434和用户身份认证模块435。Theterminal part 430 includes adecomplexer 431, adescrambler 432, asmart card system 433, and an interactive processing unit 436; thedemultiplexer 431 is connected to thedescrambler 432, and thesmart card system 433 is connected to thedescrambler 432 and the interactive processing unit 436 respectively, Thedescrambler 432 is connected to thebroadcast network 420 , and the interaction processing unit 436 is connected to theinteraction network 421 ; wherein, thesmart card system 433 includes adecryptor 434 and a useridentity authentication module 435 .

在前端部分410：In front end section 410:

复合器411将业务信息复合后发送给加扰器412；加扰器412用控制字发生器413产生的加扰控制字对业务信息进行加扰后通过广播网络420发送出去；The compositer 411 composites the service information and sends it to thescrambler 412; thescrambler 412 uses the scrambling control word generated by thecontrol word generator 413 to scramble the service information and then sends it out through thebroadcast network 420;

用户授权管理系统414保存的用户个人分配密钥和控制字发生器413产生的加扰控制字发送给条件接收信息处理模块415，每个节目的加扰控制字一小时或者一天修改一次；条件接收信息处理模块415用用户个人分配密钥对加扰控制字进行加密，通过交互网络421发送出去。The user's personal distribution key stored in the userauthorization management system 414 and the scrambling control word generated by thecontrol word generator 413 are sent to the conditional access information processing module 415, and the scrambling control word of each program is revised once an hour or a day; conditional access The information processing module 415 encrypts the scrambled control word with the user's personal distribution key, and sends it out through theinteractive network 421 .

在终端部分430：In terminal section 430:

用户身份认证模块435通过交互处理单元436与无线交互网络421进行交互，完成身份认证；且终端部分430的交互处理单元436与前端部分410的用户授权管理系统414进行信息交互，完成业务的申请，将终端部分430接入交互数字广播电视系统；The useridentity authentication module 435 interacts with the wirelessinteractive network 421 through the interaction processing unit 436 to complete the identity authentication; and the interaction processing unit 436 of theterminal part 430 performs information interaction with the userauthorization management system 414 of thefront end part 410 to complete the application of the service, Connect theterminal part 430 to the interactive digital broadcasting television system;

解密器434从用户身份认证模块435中取出用户个人分配密钥对从交互网络420接收的加密的加扰控制字进行解密，解密后的加扰控制字发送给解扰器432，解扰器432根据该加扰控制字对从广播网络420接收的业务信息进行解扰，并将解扰后的业务信息发送给解复合器431；复合器431对业务信息进行解复合输出给用户。Thedecryptor 434 takes out the user's personal distribution key from the useridentity authentication module 435 to decrypt the encrypted scrambled control word received from theinteractive network 420, and the decrypted scrambled control word is sent to thedescrambler 432, and thedescrambler 432 Descramble the service information received from thebroadcast network 420 according to the scrambling control word, and send the descrambled service information to thedemultiplexer 431; themultiplexer 431 demultiplexes the service information and outputs it to the user.

本实施例中，CW加密后通过无线交互网络传送，更新频率为每个节目的CW一小时或者一天变化一次，使广播通道上不再传送ECM和EMM消息，极大地降低了带宽的开销；CW在无线交互网路上传送，而被CW加密的TS流在广播通道上传送，增加了破解者的难度，提高了系统的安全性。In this embodiment, the CW is encrypted and transmitted through the wireless interactive network, and the update frequency is that the CW of each program changes once an hour or once a day, so that ECM and EMM messages are no longer transmitted on the broadcast channel, which greatly reduces the bandwidth overhead; It is transmitted on the wireless interactive network, and the TS stream encrypted by CW is transmitted on the broadcast channel, which increases the difficulty for crackers and improves the security of the system.

参见图5，图5为本发明第三较佳实施例的信息传输装置示意图。该装置包含前端部分510和用户终端部分530，其前端部分510包含复合器511、加扰器512、控制字发生器513、用户授权管理系统514、条件接收信息处理模块515；复合器511和控制字发生器513分别与加扰器512相连，加扰器512与广播网络520相连；条件接收信息处理模块515与复合器511、用户授权管理系统514、控制字发生器513和交互网络521分别相连；用户授权管理系统514与交互网络521相连；其中，条件接收信息处理模块515为一个加密器516。Referring to FIG. 5 , FIG. 5 is a schematic diagram of an information transmission device according to a third preferred embodiment of the present invention. The device comprises a front-end part 510 and auser terminal part 530, and its front-end part 510 comprises acompounder 511, ascrambler 512, acontrol word generator 513, a userauthorization management system 514, and a conditional accessinformation processing module 515; thecompounder 511 and the control Theword generator 513 is connected to thescrambler 512 respectively, and thescrambler 512 is connected to thebroadcast network 520; the conditional accessinformation processing module 515 is connected to thecompounder 511, the userauthorization management system 514, thecontrol word generator 513 and theinteractive network 521 respectively ; The userauthorization management system 514 is connected to theinteractive network 521 ; wherein, the conditional accessinformation processing module 515 is anencryptor 516 .

终端部分530包含解复合器531、解扰器532、智能卡系统533、交互处理单元536；解复合器531与智能卡系统533、解扰器532分别相连，智能卡系统533与解扰器532、交互处理单元536分别相连，解扰器532与广播网络520相连，交互处理单元536与交互网络521相连；其中，智能卡系统533包含解密器534和用户身份认证模块535。Theterminal part 530 includes adecomplexer 531, adescrambler 532, asmart card system 533, and an interactive processing unit 536; The units 536 are respectively connected, thedescrambler 532 is connected to thebroadcast network 520 , and the interaction processing unit 536 is connected to theinteraction network 521 ; wherein, thesmart card system 533 includes adecryptor 534 and a useridentity authentication module 535 .

在前端部分510：In front end section 510:

复合器511将业务信息复合后发送给加扰器512；加扰器512用控制字发生器513产生的加扰控制字对业务信息进行加扰后通过广播网络520发送出去；Thecompositer 511 composites the service information and sends it to thescrambler 512; thescrambler 512 uses the scrambled control word generated by thecontrol word generator 513 to scramble the service information and sends it out through thebroadcast network 520;

用户授权管理系统514产生的业务密钥和控制字发生器513产生的加扰控制字发送给条件接收信息处理模块515；条件接收信息处理模块515中的加密器516用业务密钥，对加扰控制字进行加密，形成授权控制信息，并发送给复合器511，复合器511将该授权控制信息与业务信息一起进行复合，通过广播网络520发送出去；同时条件接收信息处理模块515将业务密钥直接通过交互网络521发送出去。The service key generated by the userauthorization management system 514 and the scrambling control word produced by thecontrol word generator 513 are sent to the conditional accessinformation processing module 515; theencryptor 516 in the conditional accessinformation processing module 515 uses the service key to scramble Encrypt the control word to form authorization control information, and send it to thecompounder 511. Thecompounder 511 combines the authorization control information with the service information and sends it out through thebroadcast network 520; at the same time, the conditional accessinformation processing module 515 sends the service key Send out directly through theinteractive network 521.

在终端部分530：In terminal section 530:

用户身份认证模块535通过交互处理单元536与无线交互网络521进行交互，完成身份认证；且终端部分530的交互处理单元536与前端部分510的用户授权管理系统514进行信息交互，完成业务的申请，将终端部分530接入交互数字广播电视系统；The useridentity authentication module 535 interacts with the wirelessinteractive network 521 through the interaction processing unit 536 to complete the identity authentication; and the interaction processing unit 536 of theterminal part 530 performs information interaction with the userauthorization management system 514 of thefront end part 510 to complete the application of the service, Connect theterminal part 530 to the interactive digital broadcasting television system;

解密器534，用从交互网络521接收的业务密钥，对从广播网络520接收的，且由解复合器531解复合后得到的授权控制信息进行解密，得到加扰控制字发送给解扰器532；解扰器532根据该加扰控制字对从广播网络520接收的业务信息进行解扰，并将解扰后的业务信息发送给解复合器531；复合器531对业务信息进行解复合输出给用户。Decryptor 534, using the service key received frominteractive network 521, decrypts the authorization control information received frombroadcast network 520 and decomplexed bydecomplexer 531, and sends the scrambled control word to thedescrambler 532; thedescrambler 532 descrambles the service information received from thebroadcast network 520 according to the scrambling control word, and sends the descrambled service information to thedecomplexer 531; thecompounder 531 decomplexes the service information and outputs it to the user.

本实施例中，SK通过无线交互网络传送，使广播通道上不再传送EMM消息，极大地降低了带宽的开销；SK消息在无线交互网路上传送，而ECM消息在广播通道上传送，增加了破解的难度，提高了系统的安全性。In this embodiment, the SK is transmitted through the wireless interactive network, so that the EMM message is no longer transmitted on the broadcast channel, which greatly reduces the bandwidth overhead; the SK message is transmitted on the wireless interactive network, and the ECM message is transmitted on the broadcast channel, increasing the bandwidth. The difficulty of cracking improves the security of the system.

上述三个实施例中的用户身份认证模块336、435和535，根据交互网络的不同有所不同：当交互网络为全球移动通信系统(GSM)网络时，该身份认证模块为GSM手机常用的SIM卡模块；当交互网络为宽带码分多址(WCDMA)无线通信网络，或时分同步-码分多址(TD-SCDMA)网络时，所述身份认证模块可以为USIM卡模块；当交互网络为CDMA 2000无线通信网络时，所述身份认证模块可以为R-UIM卡模块。上述实施例中将解密功能和用户身份认证模块集成到了智能卡系统中，充分利用了用户身份认证模块的现有功能，在用户的接入鉴权认证和业务认证上将通信和广电行业融合在一起了。The useridentity authentication modules 336, 435 and 535 in the above-mentioned three embodiments are different according to the difference of the interactive network: when the interactive network is a Global System for Mobile Communications (GSM) network, this identity authentication module is the SIM commonly used by GSM mobile phones. card module; when the interactive network is a wideband code division multiple access (WCDMA) wireless communication network, or time division synchronous-code division multiple access (TD-SCDMA) network, the identity authentication module can be a USIM card module; when the interactive network is During CDMA 2000 wireless communication network, described identity authentication module can be R-UIM card module. In the above embodiments, the decryption function and the user identity authentication module are integrated into the smart card system, fully utilizing the existing functions of the user identity authentication module, and integrating the communication and broadcasting industries in the user access authentication authentication and service authentication up.

由上述的实施例可见，本发明的交互数字广播电视系统的信息传输方法及其装置，充分利用了交互数字广播电视系统的优势，虽然实现简便，但是增加了破解的难度，提高了信息传输的安全性，并且能够节省系统开销，应用范围广泛。It can be seen from the above embodiments that the information transmission method and device of the interactive digital broadcast television system of the present invention fully utilize the advantages of the interactive digital broadcast television system. Although the implementation is simple, it increases the difficulty of cracking and improves the efficiency of information transmission. Security, and can save system overhead, a wide range of applications.