数字电视条件接收系统的研究与实现
|
摘要
数字电视的蓬勃发展为广大用户提供了视频点播、按次付费、信息点播等更优质的服务,也为服务提供商和网络运营商提供了更好的服务平台,而作为数字电视的重要部分的条件接收(ConditionalAccess,CA)系统是实现数字电视服务的必要条件。其保障了节目提供商,网络运营商和用户三方的利益。CA系统通过加密技术的支持、良好的系统设计及严格的法规,从技术和法律的角度维护用户的合法权益,保证运营商的利益。
本文在对CA系统各个方面综述的基础上,主要完成了以下三部分工作:
1.介绍了条件接收系统中涉及到的加密技术;详细分析了条件接收系统的原理和安全体系结构,其中包括CA系统的组成、原理、框架以及安全体系结构。
2.引入了IP-CA的概念,提出了基于IP网的条件接收系统设计方案,该方案不仅根据《数字电视广播条件接收系统规范》制定的标准控制加扰器对原始传输流进行加扰,而且利用基于IP网的密钥分发系统代替传统的IC卡,实现对用户的认证、授权和计费管理。
3.详细描述了基于IP网的密钥分发系统的设计方案,其中身份认证子系统利用数字证书技术实现对用户身份的认证,安全通道子系统利用非对称加密、数字签名、数字信封等技术保障通信的完整性和保密性;最后还对IP-CA中客户端(DVB-IP)的结构和功能进行了描述。
基于IP网的CA系统利用IP网的双向性,使用软件替代IC卡,不仅节省了系统的成本,提高了系统的安全性,而且对于将来的有线电视网和计算机网的融合有一定的借鉴意义。
With the development of the digital television, many new services have been provided to serve people, such as Video-On-Demand, pay-per-view, information-on-demand. Digital television provided a service platform for services and Network Company. The conditional access is the key system of the digital television. It ensures the benefit of consumer, program supply and network company. It guarantees the legal benefit of consumer and supply by encryption technology, good design and strict rule of law.
This paper is based on the concise and deep-going survey of CA system and finished the following three parts:
1. Introduce the encryption technology involved in the CA system; analyze the principle and the secure framework of the CA system, including the composition, principle, architecture and secure framework of the CA system.
2. Introduce the concept of IP-CA, suggest to design the CA system based on IP net, the design not only scrambles the original video stream according to the standard scrambler, but also uses the security authentication system, instead of the IC card, to realize the authentication, authorization and charge management.
3. Describe the design of the CA system based on IP net, and the Identity Authentication system uses the digital certificate to realize the Authentication of client's identity, and Secure Tunnel system uses the Digital Signature, Asymmetrical Encryption and Digital Envelope Technology to ensure the confidentiality and integrality of the communication between the server and client. At last, describe the architecture and function of the client which belongs to the IP-CA system.
The IP-CA system takes take advantage of the duplex communication in the IP net, and uses the software to replace the IC card, then not only reduces the cost of the system and enhances the security of the system, but also provides one method for the convergence of cable net and IP net.
本文在对CA系统各个方面综述的基础上,主要完成了以下三部分工作:
1.介绍了条件接收系统中涉及到的加密技术;详细分析了条件接收系统的原理和安全体系结构,其中包括CA系统的组成、原理、框架以及安全体系结构。
2.引入了IP-CA的概念,提出了基于IP网的条件接收系统设计方案,该方案不仅根据《数字电视广播条件接收系统规范》制定的标准控制加扰器对原始传输流进行加扰,而且利用基于IP网的密钥分发系统代替传统的IC卡,实现对用户的认证、授权和计费管理。
3.详细描述了基于IP网的密钥分发系统的设计方案,其中身份认证子系统利用数字证书技术实现对用户身份的认证,安全通道子系统利用非对称加密、数字签名、数字信封等技术保障通信的完整性和保密性;最后还对IP-CA中客户端(DVB-IP)的结构和功能进行了描述。
基于IP网的CA系统利用IP网的双向性,使用软件替代IC卡,不仅节省了系统的成本,提高了系统的安全性,而且对于将来的有线电视网和计算机网的融合有一定的借鉴意义。
With the development of the digital television, many new services have been provided to serve people, such as Video-On-Demand, pay-per-view, information-on-demand. Digital television provided a service platform for services and Network Company. The conditional access is the key system of the digital television. It ensures the benefit of consumer, program supply and network company. It guarantees the legal benefit of consumer and supply by encryption technology, good design and strict rule of law.
This paper is based on the concise and deep-going survey of CA system and finished the following three parts:
1. Introduce the encryption technology involved in the CA system; analyze the principle and the secure framework of the CA system, including the composition, principle, architecture and secure framework of the CA system.
2. Introduce the concept of IP-CA, suggest to design the CA system based on IP net, the design not only scrambles the original video stream according to the standard scrambler, but also uses the security authentication system, instead of the IC card, to realize the authentication, authorization and charge management.
3. Describe the design of the CA system based on IP net, and the Identity Authentication system uses the digital certificate to realize the Authentication of client's identity, and Secure Tunnel system uses the Digital Signature, Asymmetrical Encryption and Digital Envelope Technology to ensure the confidentiality and integrality of the communication between the server and client. At last, describe the architecture and function of the client which belongs to the IP-CA system.
The IP-CA system takes take advantage of the duplex communication in the IP net, and uses the software to replace the IC card, then not only reduces the cost of the system and enhances the security of the system, but also provides one method for the convergence of cable net and IP net.
引文
[1]ETSI.TS 101 197:Digital Video Broadcasting(DVB):DVB SimulCrypt;Head-end architecture and synchronization.2002.
[2]ETSI.TS 1031 97:Digital Video Broadcasting(DVB):Head-end implementation of DVB Simul-Crypt.2003.
[3]木昌洪,刘卫忠,王旭升,基于DVB-C的条件接收系统的原理及其在机顶盒中的实现,中国有线电视,2004,153(9):29-31.
[4]连晨阳,杭大明,李臻.DVB条件接收系统的实现.河北理工学院学报,2000,22(3):26-32.
[5]Wim Mooij.Advances in Conditional Access Technology.International Broadcasting Convention Conference Publication,1997,(9):461-464.
[6]Frank Kamperman,Bart van Rijnsoever.Conditional access system interoperability through software downloading.IEEE Trans on Consumer Electronics,2001,47(1):47-54.
[7]杨义先,孙伟,钮心忻.现代密码新理论[M].北京:科学出版社,2001.
[8]RSA Laboratories.PKCS #1:RSA Cryptography Standard.Version 2.1,Jun,14,2002.
[9]Jakob Jonsson&RSA Laboratories Europe,RC6 Block Cipher,http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/,2000.
[10]王明臣,姜秀华,张永辉.数字电视与高清晰度电视[M].北京:中国广播电视出版社,2006.
[11]马正先,DVB条件接收及其应用,中国有线电视,2004(3)
[12]朱倩,DVB条件接收系统结构研究,中国有线电视,2005(2)
[13]朱文涛.安全组播中密钥分配问题的研究,软件学报,2006(14)
[14]ISO/IEC7 816-3,Information technology Identification cards Integrated circuit(s)cards with contacts-Part3:Electronic signals and transmission protocols,1997
[15]郑志航.数字电视原理与应用.中国广播电视出版社,2001
[16]王庆军.数字电视条件接收系统与同密技术.有线电视系统,2004,(9):54-56.
[17]陈君,孙鹏,曾学文,DVB条件接收系统多密技术的设计与实现.中国有线电视,2003,(06):12-16.
[18]安德鲁.柯尔.有条件接收系统的安全性和保护.世界有线电视信息,2000,14(7):30-33.
[19]陈文全,付国映,赵利.数字电视条件接收系统的安全性研究.中国有线电视,2004,259(1):6-9.
[21]国家广电总局.有线数字电视广播条件接收系统入网技术要求和测评方法(暂行).2003.
[22]洪钧,关宏超.条件接收系统密码体系综述.广播与电视技术,2002,(9):127-130.
[23]冯传岗.论我国数字电视的条件接收系统有线电视技术,2003,(7):72-79.
[24]邢汉青,王欣然,罗建平,DVB通用接口和基于它的条件接收模块的设计.中国有线电视, 2004,(03/04):30-34.
[25]马止先.DVB条件接收及其应用.中国有线电视,2004,(03104):40-43.
[26]David J.Cutts.DVB conditional access.Electronics& Communication Engineering Journey,2000,(2):21-27.
[27]Didier Angebaud,Jean LUC Giachetti.Conditional Access Mechanisms for All-Digital Broadcast Signals.IEEE Transactions on Consumer Electronics,1992,38(3):53-62.
[28]Jean Luc Giacheti,Vincent Lenoir,Andre Godet.A Common Conditional Access Interface for Digital Video Broadcasting Decoders.IEEE Transaction on Consumer Electronics.2000,141(3):836-841
[29]白敏丹.多功能机顶盒的技术分析.北京广播学院学报(自然科学版),2004,11(2):32-35
[30]郑立新,刘卫忠,罗白云.DVB系统中的有条件接收技术及其实现.中国有线电视,2003,(14):32-34.
[31]许巡恩,浅谈数字电视CA技术.中国有线电视,2004,(14):40-43.
[32]刘革军.数字电视用户管理系统的设计与实现.有线电视系统,2004,(4):37-39.
[33]潘铮,苏凯雄.DVB条件接收系统公共接口(CI)的研究与实现.福建电脑,2004,(01):29-32.
[34]国家广电总局.GY/Z-175-2001数字电视广播条件接收系统规范(讨论稿).2001.
[35]黄海.数字电视有条件接收系统及其应用.TV engineering,2003,(7):56-58.
[36]ETSI.ETR 162:Digital Broadcasting systems for television,sound and data services:Allocation of Service Information(SI)codes for Digital Video Broadcasting(DVB)systems.1999.
[37]Atul Kahate.Cryptography and Network Security[M].McGraw-Hill Companies,2003
[38]郑艳清.基于UML的以认证中心的设计[J].哈尔滨师范大学自然科学学报.2003(5).
[39]余胜生.IPSec-VPN中应用PKI的研究与实现方案[J].计算机仿真.2003(3).
[40]史创明.数字签名及PKI技术原理与应用[J].微计算机信息.2005(8).
[41]周明全,吕林涛,李军怀.网络信息安全技术[M].西安:西安电子科技大学出版社.2003.
[42]陈峰,周军.数字电视条件接收系统中的安全性分析中国有线电视,2002,(18):21-23.
[43]Measurement guidelines for DVB systems,ETR290,DVB,1997
[44]Implementation Guidelines of the DVB Simulcrypt Standard,ETSIT R102035 V1.1.1,DVB,2002
[45]DVB SimulCrypt:Head-end architecture and synchronization,ETSI TS 101197 V1.2.1,DVB,2002
[2]ETSI.TS 1031 97:Digital Video Broadcasting(DVB):Head-end implementation of DVB Simul-Crypt.2003.
[3]木昌洪,刘卫忠,王旭升,基于DVB-C的条件接收系统的原理及其在机顶盒中的实现,中国有线电视,2004,153(9):29-31.
[4]连晨阳,杭大明,李臻.DVB条件接收系统的实现.河北理工学院学报,2000,22(3):26-32.
[5]Wim Mooij.Advances in Conditional Access Technology.International Broadcasting Convention Conference Publication,1997,(9):461-464.
[6]Frank Kamperman,Bart van Rijnsoever.Conditional access system interoperability through software downloading.IEEE Trans on Consumer Electronics,2001,47(1):47-54.
[7]杨义先,孙伟,钮心忻.现代密码新理论[M].北京:科学出版社,2001.
[8]RSA Laboratories.PKCS #1:RSA Cryptography Standard.Version 2.1,Jun,14,2002.
[9]Jakob Jonsson&RSA Laboratories Europe,RC6 Block Cipher,http://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/,2000.
[10]王明臣,姜秀华,张永辉.数字电视与高清晰度电视[M].北京:中国广播电视出版社,2006.
[11]马正先,DVB条件接收及其应用,中国有线电视,2004(3)
[12]朱倩,DVB条件接收系统结构研究,中国有线电视,2005(2)
[13]朱文涛.安全组播中密钥分配问题的研究,软件学报,2006(14)
[14]ISO/IEC7 816-3,Information technology Identification cards Integrated circuit(s)cards with contacts-Part3:Electronic signals and transmission protocols,1997
[15]郑志航.数字电视原理与应用.中国广播电视出版社,2001
[16]王庆军.数字电视条件接收系统与同密技术.有线电视系统,2004,(9):54-56.
[17]陈君,孙鹏,曾学文,DVB条件接收系统多密技术的设计与实现.中国有线电视,2003,(06):12-16.
[18]安德鲁.柯尔.有条件接收系统的安全性和保护.世界有线电视信息,2000,14(7):30-33.
[19]陈文全,付国映,赵利.数字电视条件接收系统的安全性研究.中国有线电视,2004,259(1):6-9.
[21]国家广电总局.有线数字电视广播条件接收系统入网技术要求和测评方法(暂行).2003.
[22]洪钧,关宏超.条件接收系统密码体系综述.广播与电视技术,2002,(9):127-130.
[23]冯传岗.论我国数字电视的条件接收系统有线电视技术,2003,(7):72-79.
[24]邢汉青,王欣然,罗建平,DVB通用接口和基于它的条件接收模块的设计.中国有线电视, 2004,(03/04):30-34.
[25]马止先.DVB条件接收及其应用.中国有线电视,2004,(03104):40-43.
[26]David J.Cutts.DVB conditional access.Electronics& Communication Engineering Journey,2000,(2):21-27.
[27]Didier Angebaud,Jean LUC Giachetti.Conditional Access Mechanisms for All-Digital Broadcast Signals.IEEE Transactions on Consumer Electronics,1992,38(3):53-62.
[28]Jean Luc Giacheti,Vincent Lenoir,Andre Godet.A Common Conditional Access Interface for Digital Video Broadcasting Decoders.IEEE Transaction on Consumer Electronics.2000,141(3):836-841
[29]白敏丹.多功能机顶盒的技术分析.北京广播学院学报(自然科学版),2004,11(2):32-35
[30]郑立新,刘卫忠,罗白云.DVB系统中的有条件接收技术及其实现.中国有线电视,2003,(14):32-34.
[31]许巡恩,浅谈数字电视CA技术.中国有线电视,2004,(14):40-43.
[32]刘革军.数字电视用户管理系统的设计与实现.有线电视系统,2004,(4):37-39.
[33]潘铮,苏凯雄.DVB条件接收系统公共接口(CI)的研究与实现.福建电脑,2004,(01):29-32.
[34]国家广电总局.GY/Z-175-2001数字电视广播条件接收系统规范(讨论稿).2001.
[35]黄海.数字电视有条件接收系统及其应用.TV engineering,2003,(7):56-58.
[36]ETSI.ETR 162:Digital Broadcasting systems for television,sound and data services:Allocation of Service Information(SI)codes for Digital Video Broadcasting(DVB)systems.1999.
[37]Atul Kahate.Cryptography and Network Security[M].McGraw-Hill Companies,2003
[38]郑艳清.基于UML的以认证中心的设计[J].哈尔滨师范大学自然科学学报.2003(5).
[39]余胜生.IPSec-VPN中应用PKI的研究与实现方案[J].计算机仿真.2003(3).
[40]史创明.数字签名及PKI技术原理与应用[J].微计算机信息.2005(8).
[41]周明全,吕林涛,李军怀.网络信息安全技术[M].西安:西安电子科技大学出版社.2003.
[42]陈峰,周军.数字电视条件接收系统中的安全性分析中国有线电视,2002,(18):21-23.
[43]Measurement guidelines for DVB systems,ETR290,DVB,1997
[44]Implementation Guidelines of the DVB Simulcrypt Standard,ETSIT R102035 V1.1.1,DVB,2002
[45]DVB SimulCrypt:Head-end architecture and synchronization,ETSI TS 101197 V1.2.1,DVB,2002