CN100484234C - Method for real-time inserting signature and identifying signature in indigit TV transmission flow - Google Patents
Method for real-time inserting signature and identifying signature in indigit TV transmission flow Download PDFInfo
- Publication number
- CN100484234C CN100484234C CN 200510127884 CN200510127884A CN100484234C CN 100484234 C CN100484234 C CN 100484234C CN 200510127884 CN200510127884 CN 200510127884 CN 200510127884 A CN200510127884 A CN 200510127884A CN 100484234 C CN100484234 C CN 100484234C
- Authority
- CN
- China
- Prior art keywords
- transport stream
- bag
- signature
- section
- packets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
Using packet format in transmission flow, and associated relation, the method signs signatures on basic packet in transmission flow sectionally, and inserts signatures into transmission flow, and validates signatures in time of playing back the transmission flow. It is operation in real time for the method to insert and validate signatures. Fault tolerant mechanism is built at validation end in order to reduce erroneous judgment caused by channel disturbance.
Description
Technical field
The present invention relates to digital television techniques, be specifically related to a kind of in digital TV transmission stream the method for real-time inserting signature and real-time verification signature.
Background technology
Along with science and technology development, digital television techniques arises at the historic moment.Because digital television techniques has advantages such as transmission quality height, scope is wide, the user is many, speed is fast, will replace traditional simulated television gradually, thereby has boundless market prospects.
Fig. 1 shows the basic structure of existing digital television broadcasting system.As can be seen from Figure 1, a digital television broadcasting system 100 comprises that TV programme provides subsystem 101, TV signal broadcast subsystem 102, network transmit subsystem 103 and terminal plays subsystem 104.Wherein television programming provider provides subsystem 101 to provide the digital television program transport stream to TV signal broadcast subsystem 102 by TV programme; Network transmit subsystem 103 will be provided by the transport stream that TV programme provides subsystem 101 to provide TV signal broadcast subsystem 102; The transport stream that network transmit subsystem 103 will be received from TV signal broadcast subsystem 102 is sent to terminal plays subsystem 104 by wired or satellite transmits mode; Terminal plays subsystem 104, but the digital television in the user family or have the simulated television of the set-top box of receiving digital signals just, then receive the transport stream of automatic network transmit subsystem 103, and play, thereby the digital television program that makes the user can watch television programming provider to provide by the mode that video shows.
In patent " digital television broadcasting system and method " a kind of have the very digital television broadcasting system and the digital television broadcasting method of high security have been proposed, to prevent that effectively television programming provider from broadcasting illegal TV programme signal and preventing that unauthorized person from transmitting the illegal TV programme of network insertion by controlling wired or satellite etc.
A kind of secure digital television broadcasting system can prevent effectively that television programming provider from broadcasting illegal TV programme signal and preventing that unauthorized person from transmitting the illegal TV programme of network insertion by controlling wired or satellite etc.
As shown in Figure 2, digital television broadcasting system comprises following components:
TV programme provides subsystem, is used to provide the digital television program transport stream;
The TV signal broadcast subsystem is used for the transport stream that TV programme provides subsystem to provide is sent to the network transmit subsystem;
The network transmit subsystem, the transport stream that is used for being received from the TV signal broadcast subsystem is sent to the terminal plays subsystem;
The terminal plays subsystem is used to play the transport stream that is received from the network transmit subsystem.
Wherein TV programme provides subsystem further to comprise the TV programme digital signature device, is used for the TV programme transport stream is carried out digital signature, and digital signature result and digital permission certificate are added to sends in the transport stream of network transmit subsystem then.The TV programme digital signature device is added to digital signature result and digital permission certificate and is undertaken by mode of thanksing for your hospitality or unperturbed mode in the transport stream.The terminal plays subsystem further comprises and self stores the safety certification device of higher level's certificate that the digital permission certificate of subsystem is provided corresponding to program, whether be used for the digital permission certificate that superposes according to this higher level's certification authentication transport stream legal, and whether the digital signature result of checking transport stream is correct, only under situation by described two judgements, the terminal plays subsystem is play the pairing program of this transport stream, otherwise abandons this transport stream.
In the secure digital television system, each television programming provider is issued a digital license passport, television programming provider need carry out digital signature to transport stream when TV programme is provided, and the digital permission certificate of digital signature result and oneself is added to together is sent to end side in this transport stream, whether legal at the digital license of end side checking program provider then, whether the result is correct for the step of going forward side by side card data signature, if by all judgements, then play the pairing program of this transport stream, otherwise abandon this transport stream.If unauthorized person transmits the illegal TV programme of network insertion by controlling wired or satellite etc. like this, because unauthorized person does not have the digital permission certificate of program provider, therefore the illegal TV programme of being inserted can be dropped in the checking of end side, even unauthorized person has obtained the digital permission certificate by various means, can be because he does not have private key yet can not be by the checking of digital signature result, thereby make the illegal TV programme of inserting be dropped.Therefore, can prevent effectively that unauthorized person from transmitting the illegal TV programme of network insertion by controlling wired or satellite etc.Simultaneously, transport stream sends to end side because television programming provider must be added to the digital permission certificate of oneself, if therefore legal television programming provider has been play illegal TV programme, can find the source of this illegal TV programme so at an easy rate by the digital permission certificate of following this illegal TV programme, just be which television programming provider provides this illegal programs.Be aided with other criminal or economic punishment measures then and punish, other program provider of preparing to play illegal programs is caused fright, thereby prevented that from the source television programming provider from broadcasting illegal TV programme signal.
In the secure digital television system, digital signature device is added to digital signature result and digital permission certificate and is undertaken by mode of thanksing for your hospitality or unperturbed mode in the transport stream.If user side is equipped with safety certification device, this safety certification device extracts certificate and signature and transport stream is verified; If user side is not installed safety certification device, insert the signature and the certificate of transport stream by the unperturbed mode, can not influence the normal TV reception of user.Thus by the unperturbed mode in transport stream, add the signature and certificate be in the secure digital television system popularization process necessity an interstage.
But, the broadcast of TV programme for the requirement of real-time than higher, only guaranteedly in digital TV transmission stream, insert signature and signature is carried out the real-time of proof procedure, just can make the user watch smoothness and not have the TV programme of delay, yet do not have corresponding solution at present.
Summary of the invention
The present invention is devoted to provide a kind of method that adopts the unperturbed mode, adds signature and certificate and in real time transport stream is verified in digital TV transmission stream in real time.This method is utilized the structure of transport stream packets and the relation of parlor, by real-time policy, having realized without delay in transport stream the stack signature and transport stream is verified.
Above-mentioned purpose of the present invention is achieved by the following technical solutions:
A kind of in digital TV transmission stream the method for real-time inserting signature comprise:
A, at first, the signature end obtains the information of transport stream, and described transport stream comprises at least: basic bag comprises the transport stream packets of Program Association Table PAT and comprises the transport stream packets of Program Map Table PMT; To set the transport stream that number wraps substantially be one section to comprise then, and this section transport stream is signed, insert signature then and send, and by the delivery header bag as mark to the transport stream segmentation; Wherein, when transport stream is signed, only to the computing of signing of the basic bag in the transport stream.
Described in digital TV transmission stream the method for real-time inserting signature, described insertion signature and transmission comprise: after one section transport stream is sent completely, to be packaged into signature packets to the signature result of this section transport stream, and be right after after this section transport stream and send, after being sent completely, signature packets continues to send next section transport stream again.Described steps A may further comprise the steps:
A11, signature end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives;
A12, be one section to set that number wraps substantially, delivery header bag before first in sending this section wraps substantially, this bag are used for then the bag in this section being sent as the mark to the transport stream segmentation, and the basic bag of this section is put into the Hash operation unit;
A13, the basic bag in the Hash operation unit is carried out Hash operation, and the Hash operation result is signed, the result is packaged into signature packets signature, is right after after this section transport stream to send;
A14, carry out next section transport stream and handle, step is with described A12 and A13.
Described in digital TV transmission stream the method for real-time inserting signature, described insertion signature and transmission comprise: after one section transport stream is sent completely, continue to send next section transport stream, and the last period transport stream the signature result be packaged into the signature packets dispersion and be inserted in described next section transport stream and send.Described steps A may further comprise the steps:
A21, signature end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives;
A22, be one section to set that number wraps substantially, delivery header bag before first in sending this section wraps substantially, this bag are used for then the bag in this section being sent as the mark to the transport stream segmentation, and the basic bag of this section is put into the Hash operation unit; And the Hash operation result that leading portion wraps substantially is packaged into signature packets, disperses to be inserted in the present segment transport stream to send.
A23, the basic bag in the Hash operation unit is carried out Hash operation;
A24, carry out next section transport stream and handle, step is with described A22 and A23.
Described in digital TV transmission stream the method for real-time inserting signature, further comprise:
B, at first, the checking end obtains the information of transport stream, and described transport stream comprises at least: basic bag, signature packets, Tou Bao, the transport stream packets that comprises the transport stream packets of Program Association Table PAT and comprise Program Map Table PMT; The head that sends according to the signature end wraps the division to the transport stream section then, extracts the signature of one section transport stream, and this signature is verified.
Signature packets is right after when sending after pairing one section transport stream, the signature of one section transport stream of described extraction also is verified as this signature: after one section transport stream sends, with the signed data in the described transport stream section signature packets that receives subsequently this section transport stream is verified, if the verification passes, continue to send a hypomere transport stream; If checking is not passed through, next section transport stream section no longer sends;
Signature packets be inserted in back one section transport stream of corresponding transport stream section when sending, the signature of one section transport stream of described extraction also is verified as this signature: after one section transport stream sends, continue to send next section transport stream, in sending next section transport stream process corresponding to the last period transport stream signature packets extract, with the checking of the signed data in signature packets transport stream the last period; If the verification passes, continue to send transport stream, if checking is not passed through, the transport stream section that receives subsequently no longer sends.
Signature packets is right after when sending after pairing one section transport stream, and described step B may further comprise the steps:
B11, checking end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives, and obtain the initial head bag of one section transport stream of sign,
B12, to set the transport stream that number wraps substantially be one section to comprise, the bag of one section transport stream is sent, and the basic bag of this section transport stream put into the Hash operation unit, basic bag in the Hash operation unit is carried out Hash operation, check then whether next bag is signature packets, if signature packets, whether the Hash operation result who receives in signature packets and the checking Hash operation unit is correct, if not signature packets, empty the Hash operation unit, obtain the initial head bag of one section transport stream of sign again, basic bag etc. that receive to set number then is to be verified, described basic bag does not send, and passes through up to basic bag checking, just continues to send basic bag;
Signature packets be inserted in back one section transport stream of corresponding transport stream section when sending, described step B may further comprise the steps:
B21, checking end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives, and obtain the initial head bag of one section transport stream of sign;
B22, be one section, the bag of one section transport stream sent, and the basic bag of this section transport stream is put into the Hash operation unit, the content record of signature packets is got off to comprise the transport stream that given number wraps substantially; Check whether next bag is the head bag; If the head bag, with the Hash operation result of the signature result verification leading portion transport stream of noting; If not Tou Bao, empty the Hash operation unit, obtain the initial head bag of one section transport stream of sign again, the basic bag etc. that receives given number then is to be verified, and described basic bag does not send, and passes through up to basic bag checking, just continues to send substantially and wraps.
In addition, when the checking end is verified transport stream, do not pass through for discontinuous checking, corresponding transport stream still sends to the user and watches.Because transport stream might be subjected to channel disturbance and produce bit error in transmission course, the probability that so just makes the transport stream checking not pass through is very high, and in fact, the bit mistake that is lower than in the certain limit watches it is not influence for the user.So need a fault tolerant mechanism, the transport stream of discontinuous bit mistake still can send to the user and watch.Preferably, in proof procedure, do not pass through if continuous several times (can be 10 times) checking a checking occurs by the back, then this verifies that the transport stream section of passing through also can send to the user.But if not continuous a plurality of transport stream checking by after the checking that occurs do not pass through, then this verifies that the transport stream section of not passing through does not send to the user.
To sum up, the present invention has realized a kind of method of insertion and certifying signature in transport stream in real time.
In addition, the present invention is well suited for using in the transition period that the secure digital TV is promoted.Because bag mark domain (PID) value of signature packets that adds in former transport stream and head bag is different from audio pack, video packets and packet,, does not influence the user and watch so can lose signature packets and Tou Bao during Motion Picture Experts Group (Mpeg) 2 decoder decodes.If user side is not installed safety certification equipment, also can be watching through the transport stream of signature.
Simultaneously, the present invention also has good operability.The present invention makes full use of the packet format of transport stream itself and the incidence relation between the bag, and operation is convenient in the insertion of signing.In addition, at the signature end, elder generation plays out the computing of signing again to transport stream and inserts with signature, makes the broadcast of program have real-time and not delay.At checking end, one section transport stream is played out again verify earlier, if checking not by stop to play next section transport stream, also can guarantee the real-time that program broadcasts.Compare with the digital watermarking mode, the method for adding of the present invention and certifying signature is easier, can improve the efficient of signature and checking, makes system have better real-time property.
In addition, the present invention has also considered can reduce the erroneous judgement for invalid data to a certain extent for the fault-tolerance of the bit mistake of channel disturbance generation.
Description of drawings
Fig. 1 is the schematic diagram according to the digital television broadcasting system of prior art.
Fig. 2 is the schematic diagram according to the digital television broadcasting system of the digital television system of patent " digital television broadcasting system and method " proposition.
Fig. 3 is the associated diagram of digital TV transmission stream bag.
Fig. 4 is the conceptual scheme that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for being sent the signature result by after the transport stream section of signing.
Fig. 5 is the conceptual scheme that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for sending in next section transport stream of the signature result being inserted the transport stream section of being signed.
Fig. 6 is according to the conceptual scheme to transport stream real-time verification signature of the present invention, and the mode of checking is, with the Hash operation result of this section of the signature result verification transport stream that is inserted in one section transport stream back.
Fig. 7 is according to the conceptual scheme to transport stream real-time verification signature of the present invention, and the mode of checking is the signature result combinations that is inserted in the transport stream, to verify the Hash operation result of transport stream the last period.
Fig. 8 is the enforcement illustration that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for sending in next section transport stream of the signature result being inserted the transport stream of being signed.
Fig. 9 is the enforcement illustration that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for sending in next section transport stream of the signature result being inserted the transport stream of being signed.
Figure 10 is according to the enforcement illustration to transport stream real-time verification signature of the present invention, and the mode of checking is, with the Hash operation result of this section of the signature result verification transport stream that is inserted in one section transport stream back.
Figure 11 is according to the enforcement illustration to transport stream real-time verification signature of the present invention, and the mode of checking is the signature result combinations that is inserted in the transport stream, to verify the Hash operation result of transport stream the last period.
Figure 12 is the format chart according to additional packets of the present invention.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.
In order in the secure digital television broadcasting system, to realize a kind of method of unperturbed insertion signature and certifying signature in transport stream in real time, the present invention proposes, signature end in the secure digital television system, the transport stream that signature is packaged into reference format is wrapped substantially, is signature packets, insert in the former transport stream, the method of inserting can be signature packets to be placed on the back of being flowed by signature transmission send, and also can be signature packets to be inserted in next section transport stream that is flowed by signature transmission send.Signature packets is as being sent to the checking end together by the basic bag of signature program.Checking end in the secure digital television system, signature packets is extracted out, again original video stream is verified, the method of checking can be, the Hash operation result who is flowed by signature transmission with the signature result verification of receiving, also can be the signature result combinations that is inserted in the transport stream, the Hash operation result of checking transport stream the last period.The transport stream of being signed does not influence the user yet and watches even without being verified.The method of this insertion signature and certifying signature realizes simple, and can guarantee the real-time of whole system, can and not watch and cause delay the broadcast of program.
Fig. 3 shows the associated diagram of digital TV transmission stream bag.As shown in Figure 3, digital TV transmission stream is made up of the bag of 188 byte-sized, and the kind of bag is broadly divided into basic bag, zero bag and packets of information.Wherein, basic bag is audio pack, video packets and the packet of each road program; Do not comprise any information in zero bag; Packets of information refers to contain the bag that respectively wraps related information in Program Association Table (PAT), the Program Map Table transport stream such as (PMT).Preceding 8 bit in the bag are synchronization field 01000111, also have an important PID field to represent the kind of wrapping in addition in bag, and wherein, zero bag and the PID that comprises the PAT bag fix: the PID of zero bag is 8191, and the PID that comprises the PAT bag is 0.All voice data PID of every road program are identical, all video data PID of every road program are identical, all data PID of every in addition road program also are identical, that is to say the audio pack that just can find all these road programs in the transport stream by the audio frequency PID that knows certain circuit-switched data, video packets also can find with identical method with packet.
Comprise in the bag (PID=0) of PAT and listed the program stream that exists in the transport stream, PAT has specified all PID that comprise the PMT bag, so can find all to comprise the bag of PMT according to PAT.Contain audio pack, the video packets of this road program, the PID of packet among the PMT of each road program, so, can find all audio pack, video packets and the packet of this road program according to the PMT of one road program.
This form of transport stream packets and correlating method just provide condition for insert signature packets in transport stream.Audio pack, video packets and the packet that the basic bag that signature packets can be used as one road program inserts transport stream and this road program is together as the basic bag of this road program.And revise the PMT of this road program, the PID of signature packets is recorded among the PMT.At the checking end, can find the PID of the signature packets of one road program according to PMT, thereby in transport stream, the signature packets of this road program be extracted.Signature packets adds the decoding that does not influence the Mpeg2 decoder in the transport stream, because decoder can not be discerned the PID of signature packets, so will abandon signature packets.
Fig. 4 is the conceptual scheme that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for being sent the signature result by after the transport stream of signing.
When initially receiving transport stream,, obtain the information of transport stream: learn the PID that comprises the PMT bag by PAT, learn the PID of transport stream sound intermediate frequency bag, video packets and packet then by PMT by analyzing the most initial transport stream packets that comprises PAT and PMT that receives.
Substantially wrapping with given number then is one section transport stream, and the bag in this section transport stream is sent; And by the mark of delivery header bag conduct to the transport stream segmentation; The basic bag of this section transport stream is put into the Hash operation unit.
After one section transport stream is sent completely, the basic bag in the Hash operation unit is carried out Hash operation, and the Hash operation result is signed.
At last, signature is packaged into signature packets, sends.
Fig. 5 is the conceptual scheme that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for sending in next section transport stream of the signature result being inserted the transport stream of being signed.
When initially receiving transport stream,, obtain the information of transport stream by analyzing the most initial transport stream packets that comprises PAT and PMT that receives.
Substantially wrapping with given number then is one section transport stream, and the bag in this section transport stream is sent, and basic bag is put into the Hash operation unit; And by the mark of delivery header bag conduct to the transport stream segmentation.In addition, the Hash operation result of the basic bag of leading portion transport stream in the Hash operation unit is done signature, and be packaged into signature packets and disperse insert in the present segment transport stream and send.
At last the basic bag in the Hash operation unit is carried out Hash operation.
Fig. 6 is according to the conceptual scheme to transport stream real-time verification signature of the present invention, and the mode of checking is, with the Hash operation result of this section of the signature result verification transport stream that is inserted in one section transport stream back.
At first, obtain the information of transport stream by the bag that comprises PAT and PMT in the most initial one section transport stream that receives, concrete obtain manner identical with described in Fig. 4, so repeat no more;
Obtain the initial head bag of one section transport stream of sign then;
Next be one section to comprise the transport stream that given number wraps substantially, the bag of one section transport stream sent, and the basic bag of this section transport stream is put into the Hash operation unit;
After one section transport stream is sent completely, the basic bag in the Hash operation unit is carried out Hash operation.Check then whether next bag is signature packets; If signature packets, whether the Hash operation result who receives in signature packets and the checking Hash operation unit is correct, if correct, continue to obtain the initial head bag of one section transport stream of sign, if incorrect, empty the Hash operation unit, again obtain the initial head bag of one section transport stream of sign, the basic bag etc. that receives given number then is to be verified, and described basic bag does not send, pass through up to basic bag checking, just continue to send basic bag; If not signature packets, empty the Hash operation unit, obtain the initial head bag of one section transport stream of sign again, the basic bag etc. that receives given number then is to be verified, and described basic bag does not send, and passes through up to basic bag checking, just continues to send substantially and wraps.
Fig. 7 is according to the conceptual scheme to transport stream real-time verification signature of the present invention, and the mode of checking is the signature result combinations that is inserted in the transport stream, to verify the Hash operation result of transport stream the last period.
At first, obtain the information of transport stream by the bag that comprises PAT and PMT in the most initial one section transport stream that receives, concrete obtain manner identical with described in Fig. 4, so repeat no more;
Be one section to comprise the transport stream that given number wraps substantially then, the bag of one section transport stream sent, and the basic bag of this section transport stream is put into the Hash operation unit, the content record of signature packets is got off;
Basic bag in the Hash operation unit is carried out Hash operation, check then whether next bag is the head bag: if the head bag, Hash operation result with the signature result verification leading portion transport stream of noting, if by checking, continue to obtain the initial head bag of one section transport stream of sign, if not by checking, empty the Hash operation unit, again obtain the initial head bag of one section transport stream of sign, basic bag that receives given number then etc. is to be verified, described basic bag does not send, and passes through up to basic bag checking, just continues to send basic bag; If not Tou Bao, empty the Hash operation unit, obtain the initial head bag of one section transport stream of sign again, the basic bag etc. that receives given number then is to be verified, and described basic bag does not send, and passes through up to basic bag checking, just continues to send substantially and wraps.
Fig. 8 is the enforcement illustration that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for being sent the signature result by after the transport stream of signing.
At first the transport stream that receives is carried out synchronous correction process,, check whether the bag of receiving is the bag that comprises PAT (PID=0) then according to the identification field PID of each bag.If not the bag that comprises PAT, abandon this bag; If, read the content in the bag, then the bag of the described PAT of comprising is sent.Learn the PID that comprises the PMT bag of program in the described transport stream by reading information among the PAT.Continue to receive transport stream,, check whether the bag of receiving is the bag that comprises PMT, if not PMT, abandons this bag according to the identification field PID of each bag; If read the content in the bag.By reading the information among the PMT, learn the PID of the bag of described program audio, video and data.
Continue to receive transport stream, the bag of receiving is analyzed, the bag of receiving is if first in one section transport stream wraps (one of audio pack, video packets, packet or combination arbitrarily) substantially, then send the head bag of the initial signature of a sign position, send then described basic bag input Hash operation unit, and described basic bag.The basic bag of receiving first in one section transport stream wraps substantially, sends then described basic bag input Hash operation unit, and described basic bag.If what receive is to comprise the bag of PMT then revise PMT, in PMT, except audio frequency, data, video data type, increase by one again---additional data type and PID record thereof.The PID of signature packets and head bag is the additional packets PID that writes down among the PMT, can find signature packets and Tou Bao by this PID in transport stream.As for the differentiation of signature packets and head bag, can realize (referring to the explanation of Figure 12) by other fields in wrapping.The bag of having revised that comprises PMT is sent.If the bag that receives is the bag except that comprising PMT and audio frequency, video and data, directly send.Repeat above-mentioned steps, till the basic bag that receives some (can for 150,200 etc.).Then the basic bag of the given number of described input Hash operation unit is carried out Hash operation, the result who obtains signs again, can use the RSA signature algorithm.The result is packaged into the transport stream packets of standard signature, sends then.
Continue to receive next section transport stream then, according to handling with the identical mode of transport stream the last period.
Fig. 9 is the enforcement illustration that adds signature in real time according to of the present invention in transport stream, and the mode of adding is for sending in next section transport stream of the signature result being inserted the transport stream of being signed.
At first transport stream is carried out synchronous correction process.According to the identification field PID of each bag, check whether the bag of receiving is the bag that comprises PAT (PID=0).If not, abandon this bag; If comprise the bag of PAT, read the content in the bag, then described bag is sent.Learn that by the information that reads among the PAT described transport stream comprises the PID of PMT bag.Continue to receive transport stream,, check whether the bag of receiving is the bag that comprises PMT according to the identification field PID of each bag.If not, abandon this bag; If comprise the bag of PMT, read the content in the bag.By reading the information among the PMT, learn the PID of the bag of described program audio, video and data.Continue to receive transport stream, the bag of receiving is analyzed, and the bag of receiving then sends the head bag of the initial signature of a sign position if first in one section transport stream wraps substantially, send then described basic bag input Hash operation unit, and described basic bag.The basic bag of receiving first in one section transport stream wraps substantially, sends then described basic bag input Hash operation unit, and described basic bag.If what receive is to comprise the bag of PMT then revise PMT, in PMT, except audio frequency, data, video, increase by one again---the type and the PID record thereof of additional packets.The PID of signature packets and head bag is the additional packets PID that writes down among the PMT, can find signature packets and Tou Bao by this PID in transport stream.Differentiation as for signature packets and head bag can realize by other fields in wrapping.The bag of having revised that comprises PMT is sent.If the bag that receives is the bag except that comprising PMT and audio frequency, video and data, directly send.Repeat above-mentioned steps, till the basic bag that receives some (can for 150,200 etc.), in the process that sends the Hash operation result that the last period, transport stream was wrapped substantially signed and be packaged as the transport stream packets of standard, send with the current transport stream of transmission that needs.Then the basic bag of the described some of input Hash operation unit is carried out Hash operation, the basic bag of this some is and the corresponding basic bag of current transport stream.
Continue to receive next section transport stream, according to handling with the identical mode of transport stream the last period.
Figure 10 is according to the enforcement illustration to transport stream real-time verification signature of the present invention, and the mode of checking is, with the Hash operation result of this section of the signature result verification transport stream that is inserted in one section transport stream back.
At first the transport stream that receives is carried out synchronous error correction.According to the identification field PID of each bag, check whether the bag of receiving is the bag that comprises PAT then.If not, abandon this bag; If comprise the bag of PAT, read the content in the bag, then the bag of the described PAT of comprising is sent.By reading the content in the bag, learn total several roads program in the transport stream, and the pid value of the PMT of the selected program of verifying bag.Continue to receive transport stream,, check whether the bag of receiving is the PMT that needs one road program of checking according to the identification field PID of each bag.If not, abandon this bag; If, read the content in the bag, then the bag of the described PMT of comprising is sent.According to the described content that comprises the bag of PMT, learn the PID of described program audio bag, video packets, packet and signature packets.Continue to receive transport stream,, then send if what receive is the bag that comprises PMT or PAT; What receive is that audio pack, video packets, packet and the signature packets of this road program then abandons; What receive is that other joint destination packets then send.Receive bag always, till receiving a stature bag, the head bag that receives is sent.Continue to receive bag then,, this bag is done Hash operation, and described bag is sent if what receive is audio pack, video packets or the packet of this road program; If what receive is the bag that comprises PMT or PAT, directly send; What receive also will send if destination packets are saved on other roads.Till the basic bag that receives described program given number.Continue to receive bag,, then the signature result in the signature packets is extracted, described Hash operation result is verified if receive it is signature packets.If the verification passes, then continue to receive transport stream and carry out subsequent operation according to above-mentioned steps; If checking is not passed through, the fundamental packets of the then follow-up some that receives is only done Hash operation, and does not send, and passes through up to the Hash operation result verification, begins subsequent operation again, and transport stream is sent.If the bag that receives is not a signature packets, then the bag that receives is abandoned, till receiving a stature bag.Labour contractor bag sends then, and but follow-up this road program that receives wraps substantially to be done Hash operation no longer send, correct up to the Hash operation result verification, begins subsequent operation again, and transport stream is sent.
Figure 11 is according to the enforcement illustration to transport stream real-time verification signature of the present invention, and the mode of checking is the signature result combinations that is inserted in the transport stream, to verify the Hash operation result of transport stream the last period.
At first transport stream is carried out synchronization check,, check whether the bag of receiving is the bag that comprises PAT then according to the identification field PID of each bag.If not, abandon this bag; If, read the content in the bag, then the described PAT of comprising bag is sent.By reading the bag content, learn total several roads program in the transport stream, and the pid value of the PMT of the selected program of verifying bag.Continue to receive transport stream,, check whether the bag of receiving is the PMT bag that needs one road program of checking according to the identification field PID of each bag.If not, abandon this bag; If, read the content in the bag, then described PMT bag is sent.According to the content of described PMT bag, learn the PID of described program audio bag, video packets, packet and signature packets.Continue to receive transport stream,, then send if what receive is PMT bag or PAT bag; What receive is that audio pack, video packets, packet and the signature packets of this road program then abandons; What receive is that other joint destination packets then send.Receive transport stream always, till receiving a stature bag, the head bag that receives is sent.Continue to receive bag,, directly send if what receive is PMT bag or PAT bag; What receive also will send if destination packets are saved on other roads; If what receive is audio pack, video packets or the packet of this road program, this bag is done Hash operation, and described bag is sent, if what receive is signature packets, then signature packets is write down out, and then send.Up to the basic bag that receives described program given number, check the bag that the next one receives, if the head bag, then together signature result combinations in the signature packets of noting, the Hash operation result of checking the preceding paragraph transport stream.If the verification passes, then as described in above-mentioned step, carry out subsequent operation; If checking is not passed through, then follow-up this road program that receives wraps substantially that only to carry out Hash operation etc. to be verified and do not send, checking by after just can send transport stream in subsequent operation.If after receiving the basic bag of described program given number, check that next bag is not the head bag, then the Hash operation result of basic bag and signature packets are lost, the bag that continues to receive is also lost, till receiving a stature bag.Then the basic bag of follow-up this road program that receives is only done Hash operation and do not send, pass through, carry out subsequent operation up to the result verification of Hash operation.
Figure 12 is according to additional packets format chart of the present invention.Additional packets is the transport stream packets of standard, and packet length is 188 bytes, and by Head (packet header), and Payload (payload) two parts constitute.Wherein, the structure of Head is identical with the Head of the transport stream packets of standard with content; The structure of Payload and content are designed for the present invention.Wherein, Type is used for identifying this bag to be head bag or only to comprise result's the bag of sign, or comprises the bag of sign result and program provider certificate.The type field is that 00 this bag of expression is a head bag, and the type field is that 01 this bag of expression is the bag that only comprises the result that sign, and the type field is that 10 these bags of expression are the bags that not only comprised the signature result but also comprised program provider certificate, and 11 values of the type field are as reservation.Total Section is used for identifying the number of the shared bag of same data (" signature result " or " signature result and program provider certificate "), because " signature result " or " signature result and program provider certificate " need take a plurality of bags; If the head bag, this field contents is exactly 1.Current Section is the numbering that originally wraps in a plurality of bags of the same data of expression, can learn that by reading this numbering signature result and a certificate do not have by the complete checking end that is transferred to.Content among the Length is the byte number of next field Content.Content is signature result or certificate data.Shifling Bytes field is that bit is filled (everybody is made as 1), and making this wrap lucky length is 188 bytes.
A kind of mode that adopts unperturbed, the method for adding signature and certifying signature have in real time been introduced in the secure digital television broadcasting system above.The present invention propose according to the packet format of transport stream itself and the incidence relation of parlor, in transport stream, insert the method for data in real time, can use widely in comprising all systems that insert and verify of need signing to transport stream of digital television system.
Corresponding to Fig. 2, the described operation of Fig. 4, Fig. 5, Fig. 8 and Fig. 9 can provide the digital signature device in the subsystem to finish by TV programme, and the described operation of Fig. 6, Fig. 7, Figure 10 and Figure 11 can be finished by the safety certification device in the terminal plays subsystem.
Because transport stream might be subjected to channel disturbance and produce bit error in transmission course, the probability that so just makes the transport stream checking not pass through is very high, and in fact, the bit mistake that is lower than in the certain limit watches it is not influence for the user.So the present invention can provide a fault tolerant mechanism, the transport stream of discontinuous bit mistake still can send to the user and watch, for example, when not reaching set point continuously by the number of times of verifying, as 5 times, can be considered by checking, still play respective program to the user.Preferably, in proof procedure, do not pass through if continuous several times (can be 10 times) checking a checking occurs by the back, then this verifies that the transport stream section of passing through also can send to the user.But if not continuous a plurality of transport stream checking by after the checking that occurs do not pass through, then this verifies that the transport stream section of not passing through does not send to the user.
Therefore being appreciated that above-mentioned only is displaying to spirit of the present invention, rather than restriction.
Claims (9)
1, a kind of in digital TV transmission stream the method for real-time inserting signature, it is characterized in that this method comprises:
A, at first, the signature end obtains the information of transport stream, and described transport stream comprises at least: basic bag comprises the transport stream packets of Program Association Table PAT and comprises the transport stream packets of Program Map Table PMT; To set the transport stream that number wraps substantially be one section to comprise then, and this section transport stream is signed, insert signature then and send, and by the delivery header bag as mark to the transport stream segmentation; Wherein, when transport stream is signed, only to the computing of signing of the basic bag in the transport stream.
2, method according to claim 1, it is characterized in that, described insertion signature and transmission comprise: after one section transport stream is sent completely, to be packaged into signature packets to the signature result of this section transport stream, and be right after after this section transport stream and send, after being sent completely, signature packets continues to send next section transport stream again.
3, method according to claim 2 is characterized in that, described steps A may further comprise the steps:
A11, signature end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives;
A12, be one section to set that number wraps substantially, delivery header bag before first in sending this section wraps substantially, this bag are used for then the bag in this section being sent as the mark to the transport stream segmentation, and the basic bag of this section is put into the Hash operation unit;
A13, the basic bag in the Hash operation unit is carried out Hash operation, and the Hash operation result is signed, the result is packaged into signature packets signature, is right after after this section transport stream to send;
A14, carry out next section transport stream and handle, step is with described A12 and A13.
4, method according to claim 1, it is characterized in that, described insertion signature and transmission comprise: after one section transport stream is sent completely, continue to send next section transport stream, and the last period transport stream the signature result be packaged into the signature packets dispersion and be inserted in described next section transport stream and send.
5, method according to claim 4 is characterized in that, described steps A may further comprise the steps:
A21, signature end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives;
A22, be one section to set that number wraps substantially, delivery header bag before first in sending this section wraps substantially, this bag are used for then the bag in this section being sent as the mark to the transport stream segmentation, and the basic bag of this section is put into the Hash operation unit; And the Hash operation result that leading portion wraps substantially is packaged into signature packets, disperses to be inserted in the present segment transport stream to send.
A23, the basic bag in the Hash operation unit is carried out Hash operation;
A24, carry out next section transport stream and handle, step is with described A22 and A23.
6, according to the arbitrary described method of claim 1 to 5, it is characterized in that this method further comprises:
B, at first, the checking end obtains the information of transport stream, and described transport stream comprises at least: basic bag, signature packets, Tou Bao, the transport stream packets that comprises the transport stream packets of Program Association Table PAT and comprise Program Map Table PMT; The head that sends according to the signature end wraps the division to the transport stream section then, extracts the signature of one section transport stream, and this signature is verified.
7, method according to claim 6 is characterized in that,
Signature packets is right after when sending after pairing one section transport stream, the signature of one section transport stream of described extraction also is verified as this signature: after one section transport stream sends, with the signed data in the described transport stream section signature packets that receives subsequently this section transport stream is verified, if the verification passes, continue to send a hypomere transport stream; If checking is not passed through, next section transport stream section no longer sends;
Signature packets be inserted in back one section transport stream of corresponding transport stream section when sending, the signature of one section transport stream of described extraction also is verified as this signature: after one section transport stream sends, continue to send next section transport stream, in sending next section transport stream process corresponding to the last period transport stream signature packets extract, with the checking of the signed data in signature packets transport stream the last period; If the verification passes, continue to send transport stream, if checking is not passed through, the transport stream section that receives subsequently no longer sends.
8, method according to claim 7 is characterized in that,
Signature packets is right after when sending after pairing one section transport stream, and described step B may further comprise the steps:
B11, checking end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives, and obtain the initial head bag of one section transport stream of sign,
B12, to set the transport stream that number wraps substantially be one section to comprise, the bag of one section transport stream is sent, and the basic bag of this section transport stream put into the Hash operation unit, basic bag in the Hash operation unit is carried out Hash operation, check then whether next bag is signature packets, if signature packets, whether the Hash operation result who receives in signature packets and the checking Hash operation unit is correct, if not signature packets, empty the Hash operation unit, obtain the initial head bag of one section transport stream of sign again, basic bag etc. that receive to set number then is to be verified, described basic bag does not send, and passes through up to basic bag checking, just continues to send basic bag;
Signature packets be inserted in back one section transport stream of corresponding transport stream section when sending, described step B may further comprise the steps:
B21, checking end obtain the information of transport stream by the transport stream packets that comprises Program Association Table PAT and Program Map Table PMT in the most initial one section transport stream that receives, and obtain the initial head bag of one section transport stream of sign;
B22, be one section, the bag of one section transport stream sent, and the basic bag of this section transport stream is put into the Hash operation unit, the content record of signature packets is got off to comprise the transport stream that given number wraps substantially; Check whether next bag is the head bag; If the head bag, with the Hash operation result of the signature result verification leading portion transport stream of noting; If not Tou Bao, empty the Hash operation unit, obtain the initial head bag of one section transport stream of sign again, the basic bag etc. that receives given number then is to be verified, and described basic bag does not send, and passes through up to basic bag checking, just continues to send substantially and wraps.
9, method according to claim 6 is characterized in that, when the checking end is verified transport stream, does not pass through for discontinuous checking, and corresponding transport stream still sends to the user and watches.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510127884 CN100484234C (en) | 2005-12-07 | 2005-12-07 | Method for real-time inserting signature and identifying signature in indigit TV transmission flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510127884 CN100484234C (en) | 2005-12-07 | 2005-12-07 | Method for real-time inserting signature and identifying signature in indigit TV transmission flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1980375A CN1980375A (en) | 2007-06-13 |
| CN100484234C true CN100484234C (en) | 2009-04-29 |
Family
ID=38131341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510127884 Expired - Fee Related CN100484234C (en) | 2005-12-07 | 2005-12-07 | Method for real-time inserting signature and identifying signature in indigit TV transmission flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100484234C (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102010033229A1 (en) | 2010-08-03 | 2012-02-09 | Siemens Aktiengesellschaft | Method and system for tamper-proof transmission of control data |
| CN102325025B (en) * | 2011-05-25 | 2014-06-04 | 北京数码视讯科技股份有限公司 | Data processing method and system for verifying provision source authenticity |
| CN103067745B (en) * | 2011-10-24 | 2016-01-20 | 北大方正集团有限公司 | A kind of cutting method of video data and device, online editing method and system |
| CN102630045B (en) * | 2012-04-06 | 2014-06-18 | 中国科学院数据与通信保护研究教育中心 | Method and device for signing transport streams of digital television programs |
| CN105898353A (en) * | 2015-12-01 | 2016-08-24 | 乐视致新电子科技(天津)有限公司 | Real-time audio and video transmission method and device, transmission stream packaging method and multiplexer |
| CN105611319B (en) * | 2015-12-24 | 2018-08-17 | 杭州当虹科技有限公司 | A kind of method that video content is anti-tamper |
| CN108989326A (en) * | 2018-08-06 | 2018-12-11 | 上海艾策通讯科技股份有限公司 | A method of comparison network transmission TS Streaming Media consistency |
| CN109274995B (en) * | 2018-11-19 | 2021-04-02 | 上海艾策通讯科技股份有限公司 | Method for guaranteeing IPTV content to be safely broadcast |
| CN111711863A (en) * | 2020-06-29 | 2020-09-25 | 北京数码视讯科技股份有限公司 | Method and device for preventing program insertion, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0989743A1 (en) * | 1998-09-25 | 2000-03-29 | CANAL+ Société Anonyme | Application data table for a multiservice digital transmission system |
| US20020138736A1 (en) * | 2001-01-22 | 2002-09-26 | Marc Morin | Method and system for digitally signing MPEG streams |
| US6560340B1 (en) * | 1995-04-03 | 2003-05-06 | Scientific-Atlanta, Inc. | Method and apparatus for geographically limiting service in a conditional access system |
| CN1487740A (en) * | 2002-09-30 | 2004-04-07 | 北京中视联数字系统有限公司 | Software downloading method in digital TV broadcast |
-
2005
- 2005-12-07 CN CN 200510127884 patent/CN100484234C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6560340B1 (en) * | 1995-04-03 | 2003-05-06 | Scientific-Atlanta, Inc. | Method and apparatus for geographically limiting service in a conditional access system |
| EP0989743A1 (en) * | 1998-09-25 | 2000-03-29 | CANAL+ Société Anonyme | Application data table for a multiservice digital transmission system |
| US20020138736A1 (en) * | 2001-01-22 | 2002-09-26 | Marc Morin | Method and system for digitally signing MPEG streams |
| CN1487740A (en) * | 2002-09-30 | 2004-04-07 | 北京中视联数字系统有限公司 | Software downloading method in digital TV broadcast |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1980375A (en) | 2007-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100484234C (en) | Method for real-time inserting signature and identifying signature in indigit TV transmission flow | |
| CN103283220B (en) | The method sending broadcast service, the method receiving broadcast service and the equipment of reception broadcast service | |
| CN101051906B (en) | Method for transmitting and receiving stream type media and certifying system for stream type media | |
| EP1652383B1 (en) | Content identification for broadcast media | |
| KR101479890B1 (en) | A method for transmitting a broadcast service, a method for receiving it and an apparatus for receiving it | |
| CN102761779B (en) | Conditional Access Module and its system and the apparatus and method for being sent to encryption data | |
| CN100484233C (en) | Safety certification device for digital TV signal, and TV equipment with the device | |
| US20070233701A1 (en) | System and method for securing content ratings | |
| US20040255123A1 (en) | Data embedding method and viewing confirmation method | |
| CN103155454B (en) | Digital multimedia broadcast with valid data transmission for restricting access in transmission stream packet including program association table (PAT) | |
| CN108769742B (en) | IPTV multicast content tamper-proofing method | |
| WO2008030298A3 (en) | System and method of voting via an interactive television system | |
| CN100484232C (en) | Digital TV broadcast system and method | |
| CN107318041A (en) | The method and system that a kind of Video security is played | |
| CN103283219A (en) | Method for transmitting a broadcast service, and method and apparatus for receiving same | |
| CN102301701A (en) | Transmitting/receiving System And Method Of Processing Data In The Transmitting/receiving System | |
| KR20130116307A (en) | System and method for conveying session information for use in forensic watermarking | |
| JP4869845B2 (en) | Digital broadcast content distribution apparatus, digital broadcast content authentication system, digital broadcast content authentication method and program | |
| ES2674873T3 (en) | Transmission concept for a flow comprising access units | |
| CN104255008A (en) | Enabling delivery of protected content using unprotected delivery services | |
| CN101861731A (en) | Digital broadcasting receiver and method for controlling the same | |
| CN110868641A (en) | Method and system for detecting validity of live broadcast source | |
| CN109274995B (en) | Method for guaranteeing IPTV content to be safely broadcast | |
| CN1972433A (en) | Real-time authentication apparatus for digital TV transmission stream and television device with same | |
| CN101729501A (en) | Multimedia broadcasting system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| DD01 | Delivery of document by public notice |
Addressee: Zhang Shi Document name: Notification of Termination of Patent Right |
|
| DD01 | Delivery of document by public notice | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090429 Termination date: 20191207 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |