CN101110671A - Multimedia business protection and key management method based on mobile terminal - Google Patents
Multimedia business protection and key management method based on mobile terminalDownload PDFInfo
- Publication number
- CN101110671A CN101110671ACNA2007101451130ACN200710145113ACN101110671ACN 101110671 ACN101110671 ACN 101110671ACN A2007101451130 ACNA2007101451130 ACN A2007101451130ACN 200710145113 ACN200710145113 ACN 200710145113ACN 101110671 ACN101110671 ACN 101110671A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- portable terminal
- business cipher
- multimedia service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726management methodMethods0.000titleclaimsabstractdescription30
- 238000000034methodMethods0.000claimsabstractdescription19
- 238000012545processingMethods0.000claimsdescription11
- 230000008569processEffects0.000claimsdescription7
- 230000005540biological transmissionEffects0.000claimsdescription4
- 238000010586diagramMethods0.000description2
- 230000006870functionEffects0.000description2
- 230000002146bilateral effectEffects0.000description1
- 230000000903blocking effectEffects0.000description1
- 230000009977dual effectEffects0.000description1
- 238000005516engineering processMethods0.000description1
- 230000006872improvementEffects0.000description1
- 230000004048modificationEffects0.000description1
- 238000012986modificationMethods0.000description1
- 238000003672processing methodMethods0.000description1
- 238000012797qualificationMethods0.000description1
- 238000010200validation analysisMethods0.000description1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Description
Technical field
The present invention relates to the communications field, particularly, relate to that a kind of (MobileEquipment, multimedia business protection ME) and key management method are used to realize the service protection and the key management of multimedia service distribution based on portable terminal.
Background technology
At present, the service protection of mobile multi-media service is based on hierarchical encryption system shown in Figure 1.As shown in Figure 1, each layer and relevant treatment thereof are described below:
Ground floor: authentication management.Authenticate mutually between user and the network, authentication obtains to share key by the back, share key thus and generate login key and user key in terminal and network, terminal authenticates to multi-media broadcasting service control centre by login key, after authentication was passed through, user key was used for the business cipher key encrypted transmission of carrying out subsequently.
The second layer: business cipher key management.Network based user's order relations sends business cipher key to user by cipher mode, will use user key when network is encrypted business cipher key, and terminal will be used the local user key that generates during to the business cipher key decrypt messages.
The 3rd layer: the multimedia data stream key management, data stream key is used for the ciphering multimedia data, to use business cipher key data encrypted stream secrete key on radio network or bilateral network, to transmit, and after terminal receives, use the corresponding business key that it is decrypted and promptly obtain data stream key.
The 4th layer: the multi-medium data flow management.Distribute by network after using the multi-medium data stream secrete key to multimedia data encryption, terminal uses the data stream key of deciphering to be decrypted, and can obtain multi-medium data.
In the authentication and key management of multimedia service, dual mode is arranged: a kind of key management system that is based on smart card Smart Card Profile, a kind of key management system that is based on portable terminal ME.Its mirror wooden fork and key management are respectively as shown in Figure 2.
In authentication and key management based on terminal, user terminal (UE) includes special secure storage areas, be called MGV-S (MBMS key Generation and ValidationStorage), and include key and generate and management function module MGV-F (MBMS keyGeneration and Validation Function), be used to be implemented in terminal and prevent responsive security information (as the MBMS key) leakage.The various keys of MGV-S store M BMS, MGV-F realize that the relevant various keys of multimedia service are not exposed to part not protected among the ME.
In authentication and cryptographic key protection based on ME, between user and network, authenticate mutually, authentication obtains to share key (being commonly referred to user key) by the back, and user key is kept in the smart card.When the user used multimedia service, terminal read user key from card, then at UE during to network platform requested service key, by with the mirror wooden fork flow process of network, obtain the business cipher key packets of information of encrypting, use user key to decipher, obtain business cipher key.Use business cipher key, can carry out decryption processing the multimedia service data stream of encrypting.Certainly, in some cases, need derive login key or KI through certain key algorithm in terminal, use the key of deriving to be used for to business platform requested service key the time, carrying out terminal authentication then from blocking the user key that directly obtains.
When the user had changed a different smart card, general processing method was that the original subscriber that will preserve in terminal blocks corresponding all keys (user key, registration or KI, business cipher key etc.) and deletes.Like this when the user changes card, all these user's corresponding service keys all need again to the application of multimedia service management platform, and the management method of this key uses multimedia service to make troubles to the user, and efficient is lower.
Summary of the invention
Consider the above-mentioned problems in the prior art and propose the present invention.For this reason, the present invention aims to provide a kind of multimedia business protection and key management method based on portable terminal, and it can realize the authentication of different user and the key management in the multimedia service distribution on same terminal.
In the multimedia business protection and key management method based on portable terminal according to the present invention, user key is kept in the smart card, in the memory block that the information beyond the user key and key are kept at portable terminal.
Wherein, above-mentioned user key information and key in addition comprises: the user ID of smart card, user key relevant information, business cipher key, business cipher key relevant information.The user key relevant information further comprises: the term of validity of user key, the login key of being derived by user key or mirror wooden fork key; The business cipher key relevant information further comprises: the term of validity of business cipher key.
In addition, in the memory block of portable terminal, preserve user key information and key in addition with tabular form.Like this, in the memory block corresponding, preserve user key relevant information, business cipher key and the business cipher key relevant information corresponding with the user ID of smart card with the user ID of smart card.
In the method, when mobile terminal user was used multimedia service, specifically comprise following processing: portable terminal read the user ID of smart card; Portable terminal judges whether it has preserved the user key of user ID correspondence; In judged result is under the situation that is, the user selects a certain multimedia service, judged result for situation not under, portable terminal obtains user key to the multimedia service network platform, obtain successfully after, the user selects a certain multimedia service; Portable terminal judges whether to have preserved the multimedia service corresponding service key of selecting with the user according to user ID; In judged result is under the situation that is, the user uses the multimedia service of selecting by business cipher key, is that portable terminal obtains business cipher key to multimedia service platform under the situation not in judged result, after obtaining successfully, the user uses the multimedia service of selecting by business cipher key.
In aforesaid operations, the processing that portable terminal obtains user key is specially: portable terminal and multimedia service network platform carry out the user key arrangement flow process, obtain user key, and it is stored in the smart card; Preserved under the situation of user ID in the memory block of portable terminal, the relevant information of user key has been saved in the memory block of user ID correspondence; Do not preserve under the situation of user ID in the memory block of portable terminal, add user ID, and the relevant information of user key is saved in the memory block of user ID correspondence in the memory block of portable terminal.
In addition, in aforesaid operations, the processing of mobile terminal to obtain business cipher key is specially: portable terminal reads user key, initiates the business cipher key request to network side, with the multimedia service corresponding service key of request user selection; After passing through the service authentication of network side, the multimedia service network platform obtains the business cipher key of encryption; Portable terminal obtains the business cipher key of the encryption of multimedia service network platform transmission, and uses user key that it is decrypted, and obtains business cipher key; Preserve business cipher key in the memory block corresponding with user ID.
Wherein, at network side, the login key or the mirror wooden fork key that use user key or user key to derive carry out authentication.
By the present invention, realized the key management of the service protection of multimedia distribution, make when many subscriber cards use that can effectively solve user terminal needs again problem to network authentication request miscellaneous service key on same terminal.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of being write, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide further understanding of the present invention, and constitutes the part of specification, is used from explanation the present invention with embodiments of the invention one, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the schematic diagram according to the hierarchical encryption management system of prior art;
Fig. 2 is according to the authentication of prior art and the schematic diagram of key management;
Fig. 3 be according to the embodiment of the invention based on the multimedia business protection of portable terminal and the flow chart of key management method; And
Fig. 4 is the detailed process flow chart of method shown in Figure 3.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, and be not used in qualification the present invention.
According to the embodiment of the invention, a kind of multimedia business protection and key management method based on ME is provided, it can realize the authentication of different user and the key management in the multimedia service distribution on same terminal.
In multimedia business protection and key management method based on ME according to the embodiment of the invention; user key is kept in the smart card; information beyond the user key and key (for example, the user ID of smart card, user key relevant information, business cipher key, the business cipher key relevant information corresponding with user ID) are kept in the memory block of portable terminal.
Promptly; in this side; the protection and the key management of this multimedia service are based on ME's; after UE and multimedia service platform are finished registration and subscription authentication; flow process obtains user key through consultation; and user key is stored in the smart card (subscriber card), and all being stored in ME, remaining key and information carries out computing acquisition and storage administration.
Wherein, the user key relevant information further comprises: the term of validity of user key, the login key or the KI of being derived by user key; The business cipher key relevant information further comprises: the term of validity of business cipher key.Like this, when the user uses a certain multimedia service, can judge whether corresponding key is effective earlier, if effectively be edible,, then can delete this business cipher key, and ask this key to upgrade again if invalid according to the term of validity.
Preferably, in the memory block of ME, preserve user key information and key in addition with tabular form.Like this, in the memory block corresponding, preserve user key relevant information, business cipher key and the business cipher key relevant information corresponding with the user ID of smart card with the user ID of smart card.Following form shows an example of storage mode.
| ID1 | The relevant information of user key | The business cipher key tabulation of obtaining |
| ID2 | The relevant information of user key | The business cipher key tabulation of obtaining |
| ...... | ||
| IDn | The relevant information of user key | The business cipher key tabulation of obtaining |
In ME, the maximum number of user that can preserve (promptly storing the quantity of the key information of subscriber card sign ID and correspondence thereof), and the quantity of preserving in user key information list and the business cipher key tabulation in each subscriber card sign corresponding storage can decide according to the ME actual conditions, and the present invention is not particularly limited this.
When the user used business cipher key deciphering multimedia service data stream, ME can find this user's corresponding service key of storage according to the sign of current smart card, is decrypted multimedia service data with it then.As shown in Figure 3, specifically can be described as following operation:
Step S302, ME read the user ID of smart card; ME judges whether it has preserved the user key of user ID correspondence;
Step S304, in judged result is under the situation that is, be directly to step S306, in judged result is under the situation not, ME obtains user key (this operation will be described in detail hereinafter) to network side business platform (multimedia service network platform), obtain under the case of successful, proceed to step S306;
Step S306, user select a certain multimedia service;
Step S308, ME judges whether to have preserved the multimedia service corresponding service key of selecting with the user according to user ID;
Step S310, in judged result is under the situation that is, the user uses the multimedia service of selecting by business cipher key, in judged result is under the situation not, ME obtains business cipher key (this operation will be described in detail hereinafter) to network side business platform (multimedia service network platform), after obtaining successfully, the user can use the multimedia service of selecting by business cipher key.
Show in detail the process that above-mentioned ME obtains user key and business cipher key among Fig. 4.As shown in Figure 4:
The processing that ME obtains user key is specially (processing 4,5 among Fig. 4): ME and multimedia service network platform carry out the user key arrangement flow process, obtain user key, and it is stored in the smart card; Afterwards, preserved under the situation of user ID, the relevant information (for example, the relevant information of the user key term of validity, derive login key or KI) of user key has been saved in the memory block of user ID correspondence in the memory block of ME; Do not preserve under the situation of user ID in the memory block of ME, add user ID, and the relevant information of user key is saved in the memory block (can be understood as) of user ID correspondence user key and user ID binding in the memory block of ME.
In addition, in aforesaid operations, the processing that ME obtains business cipher key is specially (processing 8,9 among Fig. 4): ME reads user key, initiates the business cipher key request to network side, with the multimedia service corresponding service key of request user selection; Behind the business mirror wooden fork by network side, the multimedia service network platform obtains the business cipher key of encryption, if do not pass through, then informs the user; ME obtains the business cipher key of the encryption of multimedia service network platform transmission, and uses user key that it is decrypted, and obtains business cipher key; Preserve business cipher key (can be understood as) with business cipher key and user ID binding in the memory block corresponding with user ID.
Under some particular case, ME can not directly use the user key that reads to carry out authentication, needs ME to pass through the specific key algorithm, derives login key or KI and carry out authentication with the multimedia service network platform from user key.
By the present invention, realized the key management of the service protection of multimedia distribution, make when many subscriber cards use on same terminal, can effectively solve the problem that user terminal need reflect wooden fork request miscellaneous service key to network again.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (9)
1. multimedia business protection and key management method based on a portable terminal is characterized in that, user key are kept in the smart card, in the memory block that the information beyond the described user key and key are kept at portable terminal.
2. method according to claim 1 is characterized in that, information and key beyond the described user key comprise: the user ID of smart card, user key relevant information, business cipher key, business cipher key relevant information.
3. method according to claim 2 is characterized in that, described user key relevant information further comprises: the term of validity of described user key, the login key or the KI of being derived by described user key; Described business cipher key relevant information further comprises: the term of validity of described business cipher key.
4. method according to claim 2 is characterized in that, preserves described user key described information and key in addition with tabular form in the memory block of described portable terminal.
5. method according to claim 4 is characterized in that, preserves user key relevant information, business cipher key and the business cipher key relevant information corresponding with the user ID of described smart card in the memory block corresponding with the user ID of described smart card.
6. according to each described method in the claim 1 to 5, it is characterized in that, when described mobile terminal user is used multimedia service, specifically comprise following processing:
Described portable terminal reads the user ID of smart card;
Described portable terminal judges whether it has preserved the user key of described user ID correspondence;
In judged result is under the situation that is, the user selects a certain multimedia service, judged result for situation not under, described portable terminal obtains user key to the multimedia service network platform, obtain successfully after, the user selects a certain multimedia service;
Described portable terminal judges whether to have preserved the described multimedia service corresponding service key of selecting with the user according to described user ID;
In judged result is under the situation that is, the user uses the described multimedia service of selecting by described business cipher key, in judged result is under the situation not, described portable terminal obtains described business cipher key to the multimedia service network platform, after obtaining successfully, the user uses the described multimedia service of selecting by described business cipher key.
7. method according to claim 6 is characterized in that, the processing that described portable terminal obtains user key is specially:
Described portable terminal and multimedia service network platform carry out the user key arrangement flow process, obtain described user key, and it is stored in the described smart card;
Preserved under the situation of described user ID in the memory block of described portable terminal, the relevant information of described user key has been saved in the memory block of described user ID correspondence;
Do not preserve under the situation of described user ID in the memory block of described portable terminal, add described user ID, and the relevant information of described user key is saved in the memory block of described user ID correspondence in the memory block of described portable terminal.
8. method according to claim 6 is characterized in that, the processing that described portable terminal obtains described business cipher key is specially:
Described portable terminal reads described user key, initiates the business cipher key request to network side, with the described multimedia service corresponding service key of request user selection;
After passing through the service authentication of described network side, the multimedia service network platform obtains the business cipher key of encryption;
Described portable terminal obtains the business cipher key of the described encryption of multimedia service network platform transmission, and uses described user key that it is decrypted, and obtains described business cipher key; And
Preserve described business cipher key in the memory block corresponding with described user ID.
9. method according to claim 8 is characterized in that, at described network side, the login key or the KI that use described user key or described user key to derive carry out authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710145113ACN100589377C (en) | 2007-08-22 | 2007-08-22 | Multimedia Service Protection and Key Management Method Based on Mobile Terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710145113ACN100589377C (en) | 2007-08-22 | 2007-08-22 | Multimedia Service Protection and Key Management Method Based on Mobile Terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101110671Atrue CN101110671A (en) | 2008-01-23 |
| CN100589377C CN100589377C (en) | 2010-02-10 |
Family
ID=39042582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710145113AExpired - Fee RelatedCN100589377C (en) | 2007-08-22 | 2007-08-22 | Multimedia Service Protection and Key Management Method Based on Mobile Terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100589377C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010148880A1 (en)* | 2009-11-23 | 2010-12-29 | 中兴通讯股份有限公司 | Method and terminal for implementing hot-plug of smart card |
| US8737616B2 (en) | 2008-11-13 | 2014-05-27 | Huawei Technologies Co., Ltd. | Method and apparatus for identifying CGA public key, and method, apparatus, and system for determining CGA public key |
| WO2014194856A1 (en)* | 2013-06-08 | 2014-12-11 | 安徽量子通信技术有限公司 | Method for allocating communication key based on android intelligent mobile terminal |
| CN105515764A (en)* | 2015-12-08 | 2016-04-20 | 北京元心科技有限公司 | Method and device for protecting security of secret key in mobile terminal |
| CN109327313A (en)* | 2018-11-07 | 2019-02-12 | 西安电子科技大学 | A two-way identity authentication method and server with privacy protection feature |
| CN110740036A (en)* | 2019-10-31 | 2020-01-31 | 广州知弘科技有限公司 | Anti-attack data confidentiality method based on cloud computing |
- 2007
- 2007-08-22CNCN200710145113Apatent/CN100589377C/ennot_activeExpired - Fee Related
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8737616B2 (en) | 2008-11-13 | 2014-05-27 | Huawei Technologies Co., Ltd. | Method and apparatus for identifying CGA public key, and method, apparatus, and system for determining CGA public key |
| WO2010148880A1 (en)* | 2009-11-23 | 2010-12-29 | 中兴通讯股份有限公司 | Method and terminal for implementing hot-plug of smart card |
| US8428266B2 (en) | 2009-11-23 | 2013-04-23 | Zte Corporation | Method and terminal for implementing hot-plug of smart card |
| US9668127B2 (en) | 2013-06-08 | 2017-05-30 | Quantumctek Co., Ltd. | Method for allocating communication key based on android intelligent mobile terminal |
| CN104243144A (en)* | 2013-06-08 | 2014-12-24 | 安徽量子通信技术有限公司 | A communication key distribution method based on Android smart mobile terminal |
| WO2014194856A1 (en)* | 2013-06-08 | 2014-12-11 | 安徽量子通信技术有限公司 | Method for allocating communication key based on android intelligent mobile terminal |
| CN104243144B (en)* | 2013-06-08 | 2018-03-13 | 科大国盾量子技术股份有限公司 | A communication key distribution method based on Android smart mobile terminal |
| CN108156180A (en)* | 2013-06-08 | 2018-06-12 | 科大国盾量子技术股份有限公司 | A kind of communication key distribution method based on Android intelligent mobile terminal |
| CN108156180B (en)* | 2013-06-08 | 2021-04-09 | 科大国盾量子技术股份有限公司 | Communication key distribution method based on Android intelligent mobile terminal |
| CN105515764A (en)* | 2015-12-08 | 2016-04-20 | 北京元心科技有限公司 | Method and device for protecting security of secret key in mobile terminal |
| CN105515764B (en)* | 2015-12-08 | 2019-06-07 | 北京元心科技有限公司 | A kind of method and apparatus for protecting key safety in the terminal |
| CN109327313A (en)* | 2018-11-07 | 2019-02-12 | 西安电子科技大学 | A two-way identity authentication method and server with privacy protection feature |
| CN110740036A (en)* | 2019-10-31 | 2020-01-31 | 广州知弘科技有限公司 | Anti-attack data confidentiality method based on cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100589377C (en) | 2010-02-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10565400B2 (en) | Implementation of an integrity-protected secure storage | |
| CN102196425B (en) | Quantum-key-distribution-network-based mobile encryption system and communication method thereof | |
| CN102196422B (en) | Method for preventing leakage of lost file of handheld communication terminal | |
| CN101350718B (en) | A protection method for playing content authority range based on user identification module | |
| CN103533539A (en) | Virtual SIM card parameter management method and device | |
| CN102065148A (en) | Memory system access authorizing method based on communication network | |
| US20090254997A1 (en) | Method and apparatus for content rights management | |
| CN108683510A (en) | A kind of user identity update method of encrypted transmission | |
| CN101903889A (en) | Device and method for digital right management | |
| CN104966023A (en) | Data protection system, method and apparatus | |
| CN101562520B (en) | Service key distribution method and system, and key distribution method | |
| CN101110671A (en) | Multimedia business protection and key management method based on mobile terminal | |
| CN101711028B (en) | Method for automatically protecting user data on mobile terminal | |
| CN104123506A (en) | Data access method and device and data encryption storage and access method and device | |
| JP2008535427A (en) | Secure communication between data processing device and security module | |
| CN112507296B (en) | User login verification method and system based on blockchain | |
| CN101656583B (en) | Key management system and key management method | |
| CN107333263A (en) | A kind of follow-on SIM card and mobile communication personal identification method and system | |
| CN101415185A (en) | Mobile terminal, method and system for keeping secret of platform-striding information | |
| CN112632587B (en) | Method and device for processing data by service center | |
| CN105701390A (en) | Encryption terminal remote management method, encryption terminal and manager | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| CN100499470C (en) | System and method for implementing prepaid services in mobile multimedia broadcast | |
| CN101917671B (en) | Method for managing authentication parameters and terminal | |
| US7933597B2 (en) | Method of registering a network, and mobile station and communication system using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20100210 Termination date:20170822 |