Method of transmitting/receiving encryption information in mobile broadcast system and system thereof

FIELD: physics, communications.

SUBSTANCE: invention relates to a method and a device for encryption in a mobile broadcast system. The technical result is achieved due to that in a mobile broadcast system, BCAST service subscription management (BSM) manages terminal subscriber information and sends a first delivery message for BCAST service distribution/adaptation (BSD/A), where the said message contains registration key material (RKM) for registering the broadcast service for the terminal, and also at least one service or content identifier. BSD/A sends a first message to BSM for confirming delivery, where the said message contains information indicating success/failure of receiving the first delivery message, and sends the RKM to the terminal.

EFFECT: increased efficiency of encrypting transmitted content.

21 cl, 18 dwg, 7 tbl

 

2420-150765RU/016

METHOD of TRANSMITTING/RECEIVING INFORMATION ENCRYPTION

In a MOBILE BROADCASTING SYSTEM, AND SYSTEM THEREOF

DESCRIPTION

The technical FIELD TO WHICH the INVENTION RELATES.

The present invention generally relates to a method and device encryption in a mobile broadcast system. More specifically, the present invention relates to a method for transmitting/receiving information encryption designed to protect the service/content in a mobile broadcast system, and the system for such.

The LEVEL of TECHNOLOGY

In General, the broadcast service (BCAST) refers to the technical solution in which the server that manages the broadcast service transmits the encrypted service and many terminals accept encrypted service broadcasting. Each of the terminal decrypts the encrypted service, delivered from the server using its own encryption key, thus giving the user the ability to use the relevant service.

The BCAST service can be a paid service. To satisfy the requirement that technology copyright protection to prevent illegal copying and distribution services, Project (3 GPP) partnership communication systems of the 3rd generation or Outdoor Alliance (OMA) mobile, which is a group of standards development, suggested that those whom ologie management (DRM) digital rights materials which is based on adaptability and tool intended for Right Object (RO, object, rights) of the user. However, the mobile broadcasting system does not define encryption method designed to protect service between objects, and interfaces between objects, so there is a need to define the encryption method.

Accordingly, there is a need for improved device and method for transmitting/receiving information encryption in a mobile broadcast system.

DISCLOSURE of INVENTIONS

Exemplary embodiments of the present invention is addressed to at least the above-mentioned difficulties and/or disadvantages and provide at least the following advantages. Accordingly, an aspect of the present invention should provide a way of transmitting/receiving information encryption between objects in a mobile broadcasting system, and system thereof.

According to one exemplary aspect of the present invention is provided a method of transmitting/receiving information encryption in a mobile broadcast system supporting a broadcast service (BCAST, broadcast), in which a mobile broadcasting system includes a subscription Management service BCAST(BCAST Subscription Manager, abbreviated BSM)to manage subscriber information of the terminal and to generate the encryption key, using to the th terminal decrypts, at least one encrypted service or content, and Distribution/adaptation (BCAST Service Distribution/ Adaptation, abbreviated as BSD/A) service BCAST to transmit the encryption key. The method comprises the steps of transmitting, by the BSD/A BSM first request message that includes at least one identifier of a service or content, and requesting delivery of the material (Registration Key Material, abbreviated RKM) registration key, intended for reception of broadcasting services for the terminal, and after receiving the first request message, the data is transmitted by BSM on BSD/A response message to the first request that includes RKM.

In one exemplary embodiment, the method further comprises the steps of transmitting, by the BSD/A BSM second request message that includes at least one identifier of a service or content, and requesting delivery of the message long-term key (Long-Term Key Message, abbreviated LKM)supplied to the terminal during subscription broadcasting, and after receiving the second request message, the BSM implementation through transfer to the BSD/A response message to the second request includes LKM.

In one exemplary embodiment, the method further comprises the steps of transmitting, by the BSD/A BSM third request message includes, for men is our least one service ID or content, and requesting delivery of the Message (SKM) short-term key included in the Key (TEK) encryption of traffic used by the terminal to decrypt a particular service broadcasting, and after receiving the third request message BSM transmits to the BSD/A response message to the third request, includes SKM.

According to another exemplary aspect of the present invention is provided a method of transmitting/receiving information encryption in a mobile broadcast system supporting the service (BCAST) broadcast, in which a mobile broadcasting system includes Management (BSM) subscription service BCAST for managing subscriber information of the terminal and to generate the encryption key with which the terminal decrypts the at least one encrypted service or content, and Distribution/adaptation (BSD/A) service BCAST to transmit the encryption key. The method comprises a stage of transfer by BSM on BSD/A first message delivery, includes at least one identifier of a service or content, and including material (RKM) the registration key used to register services broadcasting terminal, and the BSD/A transmits at BSM first message delivery confirmation is included in the information indicating success/unsatisfactory is the reception of the first message delivery.

In an exemplary embodiment, the method further includes the steps of transmitting by BSM on BSD/A second message delivery, includes at least one identifier of a service or content, and includes a message (LKM) long-term key provided to the terminal during subscription broadcasting, and implementation by the BSD/A transfer to BSM second message delivery confirmation is included in the information indicating success/failure in reception of the second message delivery.

In an exemplary embodiment, the method further comprises the stage of transfer by BSM on BSD/A third message delivery, includes at least one identifier of a service or content, and includes a message (SKM) short-term key comprising the encryption key traffic (TEK)used by the terminal to decrypt service broadcasting, and the BSD/A BSM transmits a confirmation message to the third delivery, including information indicating success/failure in reception of the third message delivery.

According to an additional one exemplary aspect of the present invention provides a mobile broadcasting system supporting broadcast service (BCAST). Exemplary mobile broadcasting system includes subscription management (BSM) BCAST service to manage AB the subscriber information of the terminal, and for transmission to distribution/adaptation (BSD/A) services BCAST first message delivery, including the key material registration (RKM), provided for the registration of broadcasting terminal and includes at least one identifier or services, or content; and the BSD/A, for transmission to BSM acknowledgment message to the first delivery includes information indicating success/failure in receiving the first message delivery, and transmits RKM to the terminal.

In an exemplary embodiment, BSM transmits to the BSD/A second message delivery Message including the long-term key (LKM)supplied to the terminal during subscription to a particular service broadcasting and including in the composition at least one identifier or services, or content; and the BSD/A BSM transmits the second message delivery confirmation is included in the information indicating success/failure in reception of the second message delivery, and transmits the LKM to the terminal.

In an exemplary embodiment, BSM transmits to the BSD/A third message delivery is included in the Message (SKM) short-term key included in the Key (TEK) encryption of traffic used by the terminal to decrypt the services of broadcasting, and also includes at least one identifier of the service or content; and the BSD/A BSM transmits the third message to confirm Tawke, includes information indicating success/failure in reception of the third message delivery, and SKM sends to the terminal.

According to the following exemplary aspect of the present invention provides a mobile broadcasting system supporting the service (BCAST) broadcast. Exemplary mobile broadcasting system includes Distribution/adaptation (BSD/A) service BCAST to pass on Management (BSM) subscription service BCAST first request message requesting delivery of the Material (RKM) registration key, intended for registration services broadcasting terminal, and includes at least one identifier of a service or content, and after taking RKM from BSM, send RKM terminal and BSM for management of subscriber information of the terminal, and after receiving the first request message to transmit to the BSD/a response message to the first a query that includes RKM.

In an exemplary embodiment, the BSD/A BSM transmits a second request message requesting delivery of the Message (LKM) long-term key provided to the terminal during subscription broadcasting and includes at least one identifier of a service or content, and after taking LKM from the BSM transmits LKM to the terminal after receiving the second request message BSM transmits to the BSD/A, a second request-response message, including the abuser LKM.

In an exemplary embodiment, the BSD/A BSM transmits a third request message requesting delivery of the message (SKM) short-term key included in the Key (TEK) encryption of traffic used by the terminal to decrypt service broadcasting, and that includes at least one identifier of a service or content, and after taking SKM from BSM, SKM sends to the terminal after receiving the third request message BSM transmits to the BSD/A third request-response message that includes SKM.

BRIEF DESCRIPTION of DRAWINGS

The above and other objectives, features and advantages of the present invention will become more apparent from the following detailed description, taken together with the accompanying drawings, in which:

Figure 1 - diagram of the alarm system, illustrating the flow of signals for information encryption in a mobile broadcast system according to an exemplary variant of implementation of the present invention;

Figa and 2B is a diagram illustrating the flow of information between the server objects according to an exemplary variant of implementation of the present invention, to Protect service (Service Protection and content Protection Content Protection), respectively;

Figa and 3B is a diagram illustrating the communications between BSA and BSM for content Protection according to an exemplary variant of the implementation of the present invention;

4 is a diagram illustrating a Protocol stack comprising a data exchange interface between BSA and BSM according to an exemplary variant of implementation of the present invention;

Figa and 5B is a diagram illustrating a method of obtaining a TEK by the BSD/A to Protect the services according to an exemplary variant of implementation of the present invention;

6 is a diagram illustrating a Protocol stack for the interface between the BSD/A, and BSM to Protect the services according to an exemplary variant of implementation of the present invention;

Figa and 7B is a diagram illustrating a method of obtaining SKM by the BSD/A, according to an exemplary variant of implementation of the present invention;

Figa and 8B is a diagram illustrating a method of obtaining LKM by the BSD/A, according to an exemplary variant of implementation of the present invention;

Figa and 9B is a diagram illustrating a method of obtaining RKM by the BSD/A to Protect services and content Protection according to an exemplary variant of implementation of the present invention;

Figure 10 is a diagram illustrating a Protocol stack for the interface between the BSD/A, and BSM to Protect the services according to an exemplary variant of implementation of the present invention;

11 is a diagram illustrating a Protocol stack for the interface between the BSD/A BSM for content Protection according to an exemplary variant of implementation of the present invention;

Fig - schemes is, illustrating a Terminal in a mobile broadcast system according to an exemplary variant of implementation of the present invention.

In all drawings, the same numbers of reference positions refer to the same elements, features and structures.

The IMPLEMENTATION of the INVENTION

Defined in the description of the issues, such as the detailed designs and elements presented to help comprehensive understanding of the embodiments of the invention and are merely exemplary. Accordingly, the average specialists in the art will recognize that can be done various changes and modifications are described in the document of embodiments without going beyond the scope and substance of the invention. Moreover, descriptions of known functions and constructive solutions are omitted for clarity and brevity. Exemplary embodiments of the present invention will hereinafter be described in detail with reference to the drawings.

In the following detailed description will be presented to exemplary embodiments of the present invention to achieve the above and other objectives. Although for convenience, will be used for naming objects defined in the Project (3 GPP) partnership communication systems of the 3rd generation, which is the standard asynchronous mobile communication, or Open Sousa the (Open Mobile alliance, abbreviated OMA) mobile, which is the standard for terminal applications, standards and naming should not limit the scope of the present invention, and the present invention may be applicable to systems having similar technical source data.

The present invention provides a method and system that are intended for the protection of broadcasting services. Specifically, the present invention offers broadcasting network structure to protect services and the function of each object. To this end the present invention consistently delivers sent to the terminal of the service in accordance with the structure and function of each object, including them in the terminal, thus allowing the terminal to reproduce the service.

Exemplary mobile broadcasting system and the flow of messages it will now be described in detail with reference to Figure 1.

1 shows a diagram of the alarm system illustrating the flow of signals for data encryption in a mobile broadcast system according to an exemplary embodiment of the present invention.

First will be described the function of each object in Figure 1. Creating content Creation, abbreviated CC) 10 is a provider of services broadcast (BCAST). The BCAST service may include service broadcasting audio/video service network boot file music/Dunn is x, and similar.

Application services Service Application (BSA) 20 BCAST service processes the data BCAST services, delivered from content Creation 10 in the network (with support) BCAST, generates data BCAST services, and generates standardized metadata necessary for the conduct of mobile broadcasting.

Distribution/adaptation services (BSD/A) 30 BCAST service establishes a means of communication, through which it will send data to the BCAST services, delivered from BSA 20, determines the delivery plan BCAST services, and forms a guide for mobile broadcast.

Subscription management (BSM) 40 BCAST service manages subscription information and information provision (training) services to receive the BCAST services, and information on device for receiving the BCAST services.

The terminal 50 is a terminal capable of receiving the BCAST services, and can be connected to a cellular network in accordance with the capability of the terminal. This will rely that the terminal 50 is a terminal that can be connected to a cellular network.

Now, description will be made of the content Protection and Security services in accordance with an exemplary embodiment of the present invention. "Content protection" protects the files to be transmitted and streams. Management of rights in respect of the content is performed through the terminal. Samisen the s content is encrypted by BSA 20 and then forwarded to the terminal 50. Protection service protects the files to be transmitted and streams, and encryption on the content is performed by the BSD/A 30. Content protection is similar to the Protection of services in terms of protection of contents. However, in contrast to Protection services, content Protection varies according to the use/not use DRM. That is, the content Protection includes the control function is valid diapason for content that the terminal is received, and the ability to create copies of the content. Regarding the protection of content, the content is encrypted by BSA 20 and then forwarded to the Terminal 50.

And to protect the services, and to Protect content BSM 40 performs subscribe to the terminal. If the service is broadcast supplied to the terminal 50 through the objects for each function, the user terminal 50 can use the service. In the document the communication relating to the protection of the service and content Protection, will be called 'information encryption'.

Now with reference 1 will be described an exemplary method of message delivery information encryption. To use the forwarded service and the content, the Terminal 50 must register with the BSM 40 and then take the Material (RKM) registration key stage 100. Thereafter, if the Terminal 50 subscribes to a particular service broadcasting, he should get on the stage 110 message (LKM) long-term key is. In addition, the Terminal 50 must get on the stage 120 Message (SKM) short-term key used for the actual decryption of the encrypted content and services. The terminal 50 can decrypt LKM using RKM, and can decrypt SKM using the Key (SEK) encryption services resulting from decryption. SKM includes Key (TEK) encrypt the traffic, and the Terminal 50 can actually decrypt the encrypted service contents using the TEK. Figure 1 shows that the information message encryption, such as RKM, LKM and SKM are delivered from the BSD/A 30 to the Terminal 50 through the channel of the broadcast. The terminal 50, is able to use the interactive channel, although not shown in figure 1, can alternatively take RKM and LKM through direct connection with the BSM 40.

Now, description will be made of the elements of exemplary messages used to deliver information encryption.

In tables 1 to 6 below shows a schematic of the table described above messages, and shows the normal sequence defining message formats used in exemplary embodiments of implementation of the present invention, and the tables show the description of each field.

Table 1
Format Req-1 request messages
TypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger (integer)
VersionEO1Standard version supported by this messageInteger
Message IDEM1The ID of this messageString
(string)
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
ervice/Content Info EM1Related information such as the identifier of the service/contentString
TimeE01The time when the delivered messageString

Table 2
The format of the Res-1 response message
Field NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Message IDEM 1The message ID of the requestString
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/Content InfoEO1Related information such as the identifier of the service/contentString
StatusEM1The result of the response to the messageInteger
DataEO1Information intended for delivery to the recipientBinary
TimeEO 1The time at which the delivered messageString

Table 3
The format of the Res-2 response message
Field NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
Message IDEM1The message ID of the requestString
StatusEM1The result of the response to the messageInteger
DataE01Information intended for delivery to the recipientBinary
(voiny)

Table 4
The format of Tra-1 messages delivery
Field NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Target TerminalEM1The target terminal to this messageString
Message IDEM1The ID of this messageString
DestinationE M1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/ContentInfoEM1Related information such as the identifier of the service/contentString
DataEM1Information intended for delivery to the recipientBinary
TimeEO1The time at which the delivered messageString

Table 5
The format of the Con-1 confirmation message
Field NameTypeCategoryTo icesto DescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Message IDEM1Message-ID deliveryString
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/ContentInfoEO1Related detail rmacy type identifier of the service/content String
StatusEM1The result of the Confirmation messageInteger
TimeEO1The time at which the delivered messageString

Table 6
The format of the Con-2 confirmation messages
Field NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
Message IDEM1Identifiaction message deliveryString
StatusE M1The result of the Confirmation messageInteger

In the tables field Name (field name) specify the names of elements and attributes that form a message. "Type" (type) matches the corresponding name of the element type or attribute. Each element has values E1, E2, E3 and E4. E1 means the top element to the whole message, E2 indicates a sub-element E1, E3 indicates a sub-element E2, and E4 indicates a sub-element E3. The attribute is denoted by A, and specifies the attribute of the corresponding element. For example, under E1 specifies the attribute E1. 'Category' (category) is used to indicate whether the corresponding element or attribute is mandatory, and has a value of M if the value is required, and the value O if the value is optional. 'Cardinality' (the number of elements in communication) indicates connections between elements and matter{0, 0..1, 1, 0..n, 1..n}, where "0" indicates an optional bond, "1" indicates a mandatory relationship, and 'n' means the possibility of having multiple values. For example, '0..n' means that the corresponding element is not present or there are n corresponding elements. 'Description' (description) defines the value of the corresponding element or attribute. 'Data Type' (data type) specifies the type of data correspond to the element or attribute.

In the following Table 7 below, the type of each message are distinguished using the Tag field used in the message formats defined in tables 1-6. However, the value of Tag defined in the document, simply distinguish the types of messages, and are not always permanent, and are subject to change according to the conditions.

In the response message and the confirmation message, the value of Status='0' indicates that the request message and delivery have been taken successfully, and a related item was made, and the value of Status='1' indicates that the receive request messages and the delivery was unsuccessful, and the execution of the associated item was unsuccessful.

Each message can get improved characteristics using Res-2 or Con-2, which are abbreviated message is provided using the Message ID, as shown in the Apply field format message from the Table 7 below.

Table 7
The Message type and the message format based on the field Tag
The Tag fieldThe message typeUsed message formatShipping information
1The TEK-request messageReq-1 TEK
2Response message to the request TEKRes-1 and Res-2
3Message delivery TEKTra-1
4Message delivery confirmation TEKCon-1 or Con-2
5The request message SKMReq-1SKM
6Response message to the request SKMRes-1 and Res-2
7Message delivery SKMTra-1
8Message delivery confirmation SKMCon-1 or Con-2
9The request message LKMReq-1LKM
10Response message to the request LKMRes-1 and Res-2
11Message LKM Tra-1
12Message delivery confirmation LKMCon-1 or Con-2
13The RKM request messageReq-1RKM
14Response message to the request RKMRes-1 and Res-2
15Message delivery RKMTra-1
16Message delivery confirmation RKMCon-1 or Con-2

Exemplary embodiments of the present invention provide a way to exchange between BSA 20 and BSM 40, and between the BSD/A 30 and BSM 40 encryption information, such as TEK, SKM, LKM and RKM relating to the Protection service and content Protection. On Figa and 2B shows the information exchanged between objects, and detailed examples will be described with reference to the accompanying drawings.

On Figa and 2B shows a diagram illustrating the flow of information between the server objects in accordance with an exemplary embodiment of the present imaging the plants to Protect services and content Protection, respectively. As for Figo and 2B, the object for executing Protection services include Protection encryption services (SP-E) 31 and Dissemination of key-protect service (SP-KD) 32 in the BSD/A 30. SP-E 31 is used to encrypt the service, and SP-KD 32 is used to transmit the related information of the encryption key to the Terminal 50 through the channel of the broadcast. BSM 40, including a Protection management services (SP-M) 41, manages the subscription of the terminal and the formation of the encryption key.

To protect the content (object) Distribution file (FD) 33 in the BSD/A 30 receives information about the encryption key is delivered from the BSM 40, and the channel delivers the accepted information about the encryption key to the terminal. BSM 40, including a Protection-management of content (CP-M) 42, manages the subscription of the terminal and the formation of the encryption key. BSA 20, including a Security-encrypted content (CP-E) 21 controls the encryption of the content. On Figa and 3B shows a diagram illustrating a method of sharing information between BSA 20 and BSM 40 for content Protection in accordance with an exemplary embodiment of the present invention and will be described transmitted information for content Protection. In an exemplary method for content Protection, because the encryption is performed in BSA 20, formed BSM 40 encryption key is supplied to BSA 20. Because the key used to encrypt the content in the rich system of broadcasting, is TEK, that is formed by BSM 40 TEK must be delivered to the BSA 20.

As shown in Figa, an exemplary method of delivery begins with the TEK request message transmitted from BSA 20 at step 300, and the Tag field indicating the request message TEK, set to '1'. The Destination field specifies the BSM 40, and the Source field specifies BSA 20. After receiving a request message TEK, CP-M 42 in the BSM 40 in step 310 transmits a response message to the request TEK with the Tag value='2'. If the Status field in the response set to '0', TEK is stored in the Data before sending it, and if TEK is not transmitted, the Status before the transfer is set to '1'.

In the method according to Figv, BSM 40 transmits TEK without a request from BSA 20. In an exemplary embodiment, CP-M 42 in the BSM 40 in step 320 transmits CP-E 21 BSA in 20 message delivery TEK with a value Tag='3' with the presence of TEK included in the field Data. In response BSA 20 at step 330 transmits on BSM 40 message delivery confirmation TEK with a value Tag='4'. In an exemplary embodiment, the Status field is set to '0', indicating normal reception TEK. If the reception TEK is unsuccessful, the Status field is set to '1'.

Figure 4 illustrates the Protocol stack, forming a data exchange interface between BSA 20 and BSM 40 in accordance with an exemplary embodiment of the present invention. With regard to Figure 4, BSA 20 and BSM 40 can communicate by achieving compatibility with each one is m, using the Protocol. Protection of data delivery between BSA 20 and BSM 40 may implement data protection without limiting Protocol and top-level data using IPSec. TCP and TTP/TTP are as top-level IPSec and CP-E 21 in BSA 20 and CP-M 42 in the BSM 40 are present on it for messaging and associated action interface.

On Figa and 5B illustrate a method of obtaining TEK, in which the BSD/A 30 encrypts and broadcasts services for Security services in accordance with an exemplary embodiment of the present invention.

As for Figo, SP-E 31 in the BSD/A 30 phase 400 passes on BSM 40 TEK-request message. The TEK-request message has the value Tag '1', and its field Destination and Source indicate BSM 40 and the BSD/A 30, respectively. In response to the TEK-request message, the BSM 40 in step 410 transmits a response message to the request TEK with the Tag value='2'. BSM 40 sets the value of the Status field to '0'when it passes the requested TEK. Otherwise, the BSM 40 sets the Status value to '1'. When the value of Status is set to '0', TEK is stored in the Data field of the response message to the request TEK.

In the exemplary embodiment shown in Figv, BSM 40 immediately transmits TEK without a request from the BSD/A 30. As for Pigv, SP-41 M in the BSM 40 in step 420 transmits to the BSD/A 30 message delivery TEK with a value Tag='3' with the presence of TEK incorporated in it. In response, the BSD/A 30 in step 430 transmits n the BSM 40 message delivery confirmation TEK with a value Tag='4'. If the BSD/A 30 successfully took TEK, it sets to '0' the value of Status in the message delivery confirmation TEK. However, if the BSD/A 30 failed in the reception TEK, it sets the Status value to '1'.

Figure 6 shows a diagram illustrating a Protocol stack for data exchange interface between the BSD/A 30 and BSM 40 to protect the services in accordance with an exemplary embodiment of the present invention. Security between interfaces is protected using the IPSec Protocol, and the Protocol relating to the way security services are transmitted over TCP and HTTP/HTTPS. Transferred from the BSM 40 information about encryption controls the BSD/A 30, and information encryption includes RKM, LKM, SKM and TEK.

On Figa and 7B shows a diagram illustrating a method of obtaining SKM by the BSD/A 30 in accordance with an exemplary embodiment of the present invention. This approximate method can be used to Protect services and/or content. SKM is an encryption key with which the terminal can decrypt the service or the content encrypted by the BSD/A 30. SKM can be delivered from the BSM 40 to the Terminal 50 through the interactive channel. However, in the environment channel broadcast, SKM should be delivered from the BSD/A 30 to the Terminal 50 through the channel of the broadcast.

As for Figo, the BSD/A 30 on the stage 500 passes on BSM 40 request message SKM. In the BSM 40, the object to process the message can be the ü SP-M 41 to protect the services and/or CP-42 M for content Protection. The request message SKM has the value '5' Tag field, and a field Destination and Source indicate BSM 40 and the BSD/A 30, respectively. In response to the request message SKM, BSM 40 in step 510 transmits the response message to the request SKM with a value Tag='6'. When the BSM 40 transmits the requested SKM, it sets the Status value to '0' and the Data in SKM. Otherwise, when the BSM 40 cannot pass SKM, it sets the Status value to '1'.

In the example shown in Figv embodiment, BSM 40 immediately transmits SKM without a request from the BSD/A 30. BSM 40 in step 520 transmits to the BSD/A 30 message delivery SKM with a value Tag='7' with the presence of SKM included in it. In response, the BSD/A 30 in step 530 transmits on BSM 40 message delivery confirmation SKM with a value Tag='8'. If the BSD/A 30 successfully accepted SKM, it sets the Status value in the message delivery confirmation SKM to '0'. However, if the BSD/A 30 failed in the reception SKM, it sets the Status value to '1'.

To protect the services, this process is controlled by the SP-KD 32 in the BSD/A 30 and SP-M 41 in the BSM 40. To Protect content, this process is controlled by FD 33 in the BSD/A 30 and CP-M 42 in the BSM 40.

On Figa and 8B shows a diagram illustrating a method of obtaining LKM by the BSD/A 30 in accordance with an exemplary embodiment of the present invention. In the way of Protection services/content information LKM exchanged using channel broadcast. LKM can be delivered from BSM40 to the Terminal 50 through the interactive channel. However, in the environment channel broadcast LKM must be delivered from the BSD/A 30 to the Terminal 50 through the channel of the broadcast.

As for Figo, at step 600 the BSD/A 30 passes on the BSM 40 request message LKM. The request message LKM has the value '9' Tag field, and a field Destination and Source indicate BSM 40 and the BSD/A 30, respectively. In response to the request message LKM, BSM 40 in step 610 transmits the response message to the request LKM with Tag value='10'. When BSM 40 intends to transfer the requested LKM, it sets the Status value to '0'. Otherwise, the BSM 40 sets the Status value to '1'. When the value of Status is set to '0', LKM is stored in the Data field. When the value of Status is set to '1', the response message to the request LKM is transmitted without Data fields.

If Figv, BSM 40 sends LKM no response from the BSD/A 30. In this case, the BSM 40 in step 620 transmits to the BSD/A 30 message delivery LKM with a value Tag='11' with the presence of the included LKM. In response, the BSD/A 30 in step 630 transmits on BSM 40 message delivery confirmation LKM with Tag value='12'. If the BSD/A 30 successfully took LKM, it sets to '0' the value of Status messages with delivery confirmation LKM. However, if the BSD/A 30 failed in the reception LKM, it sets the Status value to '1'.

To protect the services, this process is controlled by the SP-KD 32 in the BSD/A 30 and SP-M 41 in the BSM 40. To Protect content, this process is controlled by FD 33 in the BSD/A 30 and CP-M 42 in the BSM 40.

On Figa and 9B p the pots circuit, illustrating a method of obtaining RKM by the BSD/A 30 to Protect services and content Protection in accordance with an exemplary embodiment of the present invention.

RKM can be delivered from the BSM 40 to the Terminal 50 through the interactive channel. However, in the environment channel broadcast RKM must be delivered from the BSM 40 to the Terminal 50 through the channel of the broadcast.

As for Figo, the BSD/A 30 in step 700 transmits on BSM 40 RKM request message. The RKM request message has the value '13' Tag field, and a field Destination and Source indicate BSM 40 and the BSD/A 30, respectively. In response to the RKM request message, the BSM 40 in step 710 transmits to the BSD/A 30 the response message to the request RKM with Tag value='14'. When BSM 40 intends to transfer the requested RKM, it sets the Status value to '0'. Otherwise, the BSM 40 sets the Status value to '1'. If the value of Status is set to '0', RKM is stored in the Data before transmission. However, if the value of Status is set to '1', the reply message on the RKM request is sent without Data fields.

If Figv, BSM 40 immediately transmits RKM without a request from the BSD/A 30. In an exemplary embodiment, BSM 40 in step 720 transmits to the BSD/A 30 message delivery RKM with Tag value='15' have included RKM. In response, the BSD/A 30 passes RKM message delivery confirmation with Tag='16' on the BSM 40 in step 730. If the BSD/A 30 successfully took RKM, it sets to '0' the value of the Status confirmation message on the rate RKM. However, if the BSD/A 30 failed in the reception RKM, it sets the Status value to '1'.

To protect the services this process manages the SP-KD 32 in the BSD/A 30 and SP-M 41 in the BSM 40. To protect the content of this process manages FD 33 in the BSD/A 30 and CP-M 42 in the BSM 40.

Figure 10 illustrates the Protocol stack for data exchange interface between the BSD/A 30 and BSM 40 to protect the services in accordance with an exemplary embodiment of the present invention. Security between interfaces is protected using the IPSec Protocol, and the Protocol relating to the method of protection services, is transmitted through TCP and HTTP/HTTPS. Related information encryption includes TEK, SKM, LKM and RKM.

Figure 11 illustrates the Protocol stack for the interface between the BSD/A 30 and BSM 40, designed to protect the content, in accordance with an exemplary embodiment of the present invention. Security between interfaces is protected using the IPSec Protocol, and the Protocol associated with the method of content protection, is transmitted through TCP and HTTP/HTTPS. Related information encryption includes SKM, LKM and RKM.

Now with reference to Fig will be completed with the description of the Terminal 50 in accordance with an exemplary embodiment of the present invention.

As illustrated in Fig, the Terminal 50 in accordance with an exemplary embodiment of the present invention contains Odul 1200 applications module 1210 DRM module 1235 authentication module 1260 lockbox module 1265 exchange of information, and the module 1270 (UIM I/F) interface module user identification (user).

Specifically, the module 1200 applications, which can be a module similar to Media Playerâ„¢, is used to play back the decrypted content, delivered from module 1210 DRM, and module 1210 DRM is used to control the registration, subscription services and content usage.

Module 1210 DRM may include a module 1213 management DRM module 1215 registration module 1220 rights management module 1225 flow control keys, and the module 1230 decrypt the content. Regarding the modules, the module 1215 register performs the registration and module 1220 rights management manages the analysis and use of information on the rights obtained during the subscription services. Module 1225 flow control keys performs the decryption of the encrypted key traffic with the help of key services, and the module 1230 decrypt content performs the decryption of the encrypted content using the key traffic. Full action associated with DRM modules are running module 1213 management DRM.

Module 1235 authentication controls the execution of the authentication Protocol with the authentication module to use is on of the motor and the network, for example, service provider, and performs the message generating and verification, using a module of a lower level. Module 1235 authentication may include the administrator 1240 authentication, to supervise the execution of the full Protocol and the control function of the authentication module 1245 decryption-encryption to perform decryption/encryption using their module lower level module 1250 digital signature for the management of electronic signatures, and the module 1255 MAC, to perform the MAC operation.

Specifically, the module 1210 DRM module 1235 receive authentication key group by verifying the response message reception, received from the BSM 40 in accordance with an exemplary embodiment of the present invention, and receive information on the rights of the reply message subscription services, received from the BSM 40 using the key group. In addition, upon receipt of a message key traffic from the BSD/A 30 module 1210 DRM module 1235 receive authentication key traffic using information about the rights and decode transmitted from the BSD/A 30 encrypted service using the received key traffic.

Module 1265 information exchange that is responsible for communicating with the network, receives a message from the network and transmits a corresponding response message in response to the received communicated to the E. Specifically, according to a variant implementation of the present invention, the module 1265 information exchange receives a message from the BSD/A 30 channel broadcast. According to another exemplary variant of implementation of the present invention, the module 1265 exchange of information exchanges messages with BSM 40 interactive channel, and receives from the BSD/A 30 message key encrypted traffic and service.

Module 1260 protected storage stores the encryption keys, and the module 1270 UIM I/F is responsible for communicating with the subscriber identity module (UIM) (not shown).

As can be understood from the preceding description, the present invention provides interfaces for the transfer of data encryption between objects, thus providing a reliable protection services/content to the broadcasting service.

Although the invention has been shown and described with reference to exemplary embodiments of its implementation, specialists in the art it will be clear that it can be made various changes in form and detail without departing from the scope of the volume and nature of the invention as defined by the attached claims.

1. Method of transmitting/receiving information encryption system mobile radio support broadcast (BCAST), the method includes the steps are:
through the older distribution/adaptation (BSD/A) service broadcast (BCAST) pass on the BCAST subscription management (BSM), provided for managing subscriber information of the terminal, the first request message, which includes at least one of the service ID and content-ID and requesting delivery of key material registration (RKM) for the registration of the radio terminal; and
pass by BSM on BSD/A first response message to the request that includes RKM, after receiving the first request message.

2. The method according to claim 1, further comprising stages, which are:
pass to BSM, by the BSD/A, a second request message that includes at least one of the service ID and content-ID and requesting delivery of the message long-term key (LKM)provided to the terminal during subscription broadcasting; and
pass on the BSD/A by BSM second response message to the request that includes LKM, after receiving the second request message.

3. The method according to claim 2, additionally comprising stages, which are:
pass to BSM, by the BSD/A third request message that includes at least one of the service ID and content-ID and requesting the delivery of a short message key (SKM), which includes the encryption key traffic (TEK)used for decryption of the terminal service broadcasting; and
pass to BD/A by BSM third response message to the request, includes SKM, after receiving the third request message.

4. The method according to claim 3 in which each of the request messages from the first to the third contains the fields defined in the table below:

labelThe message typeUsed message formatShipping information
1The request message TECHReq-1TECH
2The response message to the request TECHRes-1 and Res-2
3Message delivery TECHTra-1
4Message delivery confirmation TECHCon-1 or Con-2
5The request message SKMReq-1SKM
6The response message to the request SKMRes-1 and Res-2
7Message delivery SKMTra-1
8Message delivery confirmation SKMCon-1 or Con-2
9The request message LKMReq-1LKM
10The response message to the request LKMRes-1 and Res-2
11Message delivery LKMTra-1
12Message delivery confirmation LKMCon-1 or Con-2
13The RKM request messageReq-1RKM
14The response message to the request RKMRes-1 and Res-2
15Message delivery RKMTra-1
16Message delivery confirmation RKMCon-1 or Con-2

5. The method according to claim 3 in which each of the messages in response to a request from the first to the third message contains field definition is certain in the table below:

NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Version of standard supported data messageInteger
MessageEM1IDString
IDrequest message
DestinatiorEM1IDString
the recipient of the message
SourceEM1Source IDString
message
Service/Content Info.EO1Related information such as the ID of the service/contentString
StatusEM1The result of the response to the messageInteger
DataEO1Information intended for delivery to the recipientBinary
TimeEO1The time at which Dostal is but the message String

6. Method of transmitting/receiving information encryption system mobile radio support broadcast (BCAST), the method includes the steps are:
pass to BCAST service distribution/adaptation (BSD/A) through the BCAST subscription management (BSM) the first message delivery, containing at least one of the service ID and content-ID, and includes material registration key (RKM) for the registration of the subscriber terminal; and
pass to BSM, by the BSD/A first message delivery confirmation, including information indicating success/failure in receiving the first message delivery.

7. The method according to claim 6, further comprising stages, which are:
pass on the BSD/A by BSM second message delivery, comprising at least one of the service ID and content-ID, and includes a message of long-term key (LKM)provided to the terminal during subscription broadcasting service; and
pass to BSM, by the BSD/A second message delivery confirmation, including information indicating success/failure in reception of the second message delivery.

8. The method according to claim 7, additionally comprising stages, which are:
pass on the BSD/A by BSM third message, the access is key, includes at least one of the service ID and content-ID, and includes a short message key (SKM), which includes the encryption key traffic (TEK)used for decryption of the terminal service broadcasting; and
pass to BSM, by the BSD/A third message delivery confirmation, including information indicating success/failure in reception of the third message delivery.

9. The method of claim 8 in which each of the message delivery from the first to the third contains the fields defined in the table below:

NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Target TerminalE M1The target terminal to this messageString
Message IDEM1The ID of this messageString
DestinationEM1The identity of the recipient of the messageString
SourceEM1IDString
the source of the message
Service/Content InfoEM1Related information such as the ID of the service/contentString
DataEM1 Information intended for delivery to the recipientBinary
TimeEO1The time at which the delivered messageString

10. The method of claim 8 in which each of the message delivery confirmation from the first to the third message contains the fields defined in the table below:

NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Message IDEM1Message-ID dostavka the String
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/Conter tInfo.EO1Related information such as the ID of the service/contentString
StatusEM1The result of the confirmation messageInteger
TimeEO1The time at which the delivered messageString

11. System for mobile radio, support broadcast (BCAST), containing:
BCAST subscription management (BSM) for managing subscriber information of the terminal, and to transmit to the BCAST is the home distribution/adaptation (BSD/A) the first message delivery includes material registration key (RKM)applicable registration service broadcasting terminal, and which includes at least one of the service ID and content-ID, and
BSD/A for transmission to BSM first message delivery confirmation, including information indicating success/failure in receiving the first message delivery, and to transfer RKM to the terminal.

12. System for mobile radio according to claim 11, in which the BSM transmits to the BSD/A second message delivery, which includes the message of the long-term key (LKM)provided to the terminal during subscription broadcasting service, and also includes at least one of the service ID and content-ID, and
while the BSD/A BSM transmits the second message delivery confirmation, including information indicating success/failure in reception of the second message delivery, and transmits the LKM to the terminal.

13. System for mobile radio indicated in paragraph 12, in which the BSM transmits to the BSD/A third message delivery, which includes the short message key (SKM), which includes the encryption key traffic (TEK)used for decryption of the terminal service broadcasting, and also includes at least one of the service ID and content-ID, and
while the BSD/A BSM transmits Retie message delivery confirmation, including information indicating success/failure in reception of the third message delivery, and SKM sends to the terminal.

14. System for mobile broadcasting in item 13, in which each of the message delivery from the first to the third contains the fields defined in the table below:

NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Target TerminalEM1The target terminal to this messageString
Message IDEM1 The ID of this messageString
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/Content infoEM1Related information such as the ID of the service/contentString
DataEM1Information intended for delivery to the recipientBinary
TimeEO1The time at which the delivered messageString

15. System for mobile broadcasting in item 13, in which each message delivery confirmation from the first to the third contains the fields defined is in the table below:

NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Message IDEM1Message-ID deliveryString
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/Content infoEO1Related information type identifier service/contentString
StatusEM1The results confirmInteger
message
TimeEO1The time at which the delivered messageString

16. System for mobile radio, support broadcast (BCAST), containing:
BCAST service distribution/adaptation (BSD/A) for transmission to the BCAST subscription management (BSM) of the first request message requesting delivery of key material registration (RKM) for the registration of the radio terminal and includes at least one of the service ID and content-ID, and after taking RKM from BSM to transfer RKM to the terminal; and
BSM to manage subscriber information t is rminal and transfer to the BSD/A response message to the first request, includes RKM, after receiving the first request message.

17. System for mobile radio according to clause 16, in which the BSD/A BSM transmits a second request message requesting delivery of the message long-term key (LKM)provided to the terminal during subscription broadcasting service, and includes at least one of the service ID and content-ID, and after taking LKM from the BSM transmits LKM to the terminal; and
after receiving the second request message BSM transmits to the BSD/A, a second response message to the request that includes LKM.

18. System for mobile broadcasting on 17, in which the BSD/A BSM transmits a third request message requesting delivery of the short message key (SKM), which includes the encryption key traffic (TEK)used for decryption of the terminal service broadcasting, and includes at least one of the service ID and content-ID, and after taking SKM from BSM SKM sends to the terminal; and
after receiving the third request message BSM transmits to the BSD/A third response message to the request that includes SKM.

19. System for mobile broadcasting on 17 in which each of the request messages from the first to the third contains the fields defined in the table below:

td align="left"> Name
TypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Message IDEM1The ID of this messageString
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/Content InfoE M1Related information such as the ID of the service/contentString
TimeEO1The time when the delivered messageString

20. System for mobile broadcasting on 17 in which each of the messages in response to a request from the first to the third contains the fields defined in the table below:

NameTypeCategoryThe number of cellsDescriptionData type
TagEM1The message typeInteger
VersionEO1Standard version supported by this messageInteger
Message IDEM 1The message ID of the requestString
DestinationEM1The identity of the recipient of the messageString
SourceEM1Source ID messageString
Service/Content Info.EO1Related information such as the ID of the service/contentString
StatusEM1The result of the response to the messageInteger
DataEO1Information intended for delivery to the recipientBinary
TimeEO1the time, in which delivered the messageString

21. Method of transmitting/receiving information encryption system mobile radio support broadcast (BCAST), the method includes the steps are:
transmit through the service distribution/adaptation (BSD/A), service broadcast (BCAST) BCAST subscription management (BSM), provided for managing subscriber information of the terminal, the first request message, which includes at least one of the service ID and content-ID, and requesting delivery of key material registration (RKM), intended for reception of the radio terminal;
pass on the BSD/A by BSM first response message to the request that includes RKM, after receiving the first request message;
pass to BSM, by the BSD/A, a second request message that includes at least one of the service ID and content-ID and requesting delivery of the message long-term key (LKM)provided to the terminal during subscription broadcasting service;
pass on the BSD/A by BSM second response message to the request that includes LKM, after receiving the second request message;
pass to BSM, by the BSD/A third request message including at least the least one of the service ID and content-ID and requesting the delivery of a short message key (SKM), which includes the encryption key traffic (TEK)used for decryption of the terminal service broadcasting;
pass on the BSD/A by BSM third response message to the request, includes SKM, after receiving the third request message; and
through terminal extract FLOWED from SKM using RKM and LKM after taking RKM, LKM and SKM.



 

Same patents:

FIELD: physics, communications.

SUBSTANCE: invention relates to communication and more specifically to a method of transmitting data immediately after changing a speaker to at least one corresponding subscriber making a group call. The technical result is achieved due to that during a group call inside a mobile radio communication system which consists of at least one main mobile communication switching centre and at least one auxiliary mobile communication switching centre connected to at least one base station system, a group call uplink is allocated to a second subscriber in order to change the function of the speaker from a first subscriber to the second subscriber. After allocation of a group call uplink, transmission of data, especially group application data, to at least one corresponding group call subscriber is initiated through a group call control message formed by the second subscriber and transmitted over the group call uplink.

EFFECT: possibility of exchanging text data - messages when changing a speaker among group call participants.

13 cl, 2 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to communication and more specifically to a method of transmitting data immediately after changing a speaker to at least one corresponding subscriber making a group call. The technical result is achieved due to that during a group call inside a mobile radio communication system which consists of at least one main mobile communication switching centre and at least one auxiliary mobile communication switching centre connected to at least one base station system, a group call uplink is allocated to a second subscriber in order to change the function of the speaker from a first subscriber to the second subscriber. After allocation of a group call uplink, transmission of data, especially group application data, to at least one corresponding group call subscriber is initiated through a group call control message formed by the second subscriber and transmitted over the group call uplink.

EFFECT: possibility of exchanging text data - messages when changing a speaker among group call participants.

13 cl, 2 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to communication and more specifically to a method of transmitting data immediately after changing a speaker to at least one corresponding subscriber making a group call. The technical result is achieved due to that during a group call inside a mobile radio communication system which consists of at least one main mobile communication switching centre and at least one auxiliary mobile communication switching centre connected to at least one base station system, a group call uplink is allocated to a second subscriber in order to change the function of the speaker from a first subscriber to the second subscriber. After allocation of a group call uplink, transmission of data, especially group application data, to at least one corresponding group call subscriber is initiated through a group call control message formed by the second subscriber and transmitted over the group call uplink.

EFFECT: possibility of exchanging text data - messages when changing a speaker among group call participants.

13 cl, 2 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to voice over IP (VoIP) transmission and other real time services for high-speed downlink packet access (HSDPA), high-speed packet access (HSUPA) in systems based on wide-band code division multiple access. A fixed time allocation approach can be used for a high-speed shared control channel (HS-SCCH). In this case the scheduled time for each user of the VoIP service is semi-static, and therefore there is no need to transmit service information, e.g. over a HS-SCCH to user equipment for initial transmission if the user equipment knows when to receive data over a HS-DSCH and which transportation format is used. There are at least two methods for realising this: 1) signalling over a HS-SCCH)/E-DPCCH to indicate first transmission parametres, with subsequent transmissions using the same parametres (and HS-SCCH/E-DPCCH is always transmitted when changes are required) or 2) fixed allocation, signalling the radio resource control (RRC) level is used to distribute users and communicating default transport parametres.

EFFECT: reduced amount of service information.

27 cl, 10 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to communication systems. Methods and devices designed for routing messages between an end node and an access node through another access node are described. Physical level identification information is used during identification of, for instance a remote adjacent access node as a message recipient. That way, when a connection identifier based on one or more physical level identifiers is accessible to a wireless terminal, for instance from one or more direct communication line signals received from the recipient access node, the wireless terminal can use a connection identifier which corresponds to the recipient node to route the message through the access node with which a return communication line connection has been set up. Such connection identifier information can be used even when some other addressing information, e.g. network level address information related to the recipient access node, is inaccessible to the wireless terminal.

EFFECT: routing messages between an end node and an access node through another access node.

18 cl, 9 dwg

FIELD: physics, communications.

SUBSTANCE: present invention is a method of identifying a point-to-multiple points multi-address service. When several point-to-multiple points multi-address services are multiplexed in a single transport channel, a temporary service identifier (TSI) is given and inserted into the header of the data protocol unit MAC PDU such that several point-to-multiple points multi-address services can be indicated separately.

EFFECT: reduction of amount of information and several services having different quality of service (QoS), several streams with different QoS for the same service can be processed and provided for a mobile terminal.

27 cl, 14 dwg,1 tbl

FIELD: physics, navigation.

SUBSTANCE: invention relates to position finding systems and particularly to systems for approximating position of a device using the signal level of an external medium or external signals. The said result is achieved due to that, variations in the perceived level of radio signals in different positions is used to determine position of a device. In one version an inference procedure is used to process external commercial broadcast signals, evaluate position or probability distribution of positions of the device or training modes and logical inference are used, which are applied to the ranging vector for signal level vectors. Switching to such ranking leads to systems which do not consider absolute signal levels when calculating positions. The invention does not require considerable number of available levels of external signals, thereby providing useful logical inference of position.

EFFECT: accuracy of determining position and reduced requirements for computational resources and data storage requirements.

33 cl, 25 dwg

FIELD: information technology.

SUBSTANCE: embodiments of the present invention efficiently solve problems associated with the fact that an initial interface cannot clearly satisfy the existing requirement and cannot receive information on whether gain of the current TMA is controlled or not etc.

EFFECT: reception from TMA an information servicing unit, which indicates whether the current TMA supports nonlinear control, and the step value for nonlinear gain control supported by TMA; nonlinear gain control of the current TMA in accordance with the received step value for nonlinear gain control when the servicing unit determines, based on the received information, that the current TMA supports nonlinear gain control.

10 cl, 4 dwg, 4 tbl

FIELD: information technology.

SUBSTANCE: invention proposes a method and a system for establishing or processing a connection between a first and a second network element connected to different networks, e.g. a GPRS/UMTS based network and to an IP based network. Connection is established through at least a third network element e.g. SGSN or GGSN which is in one of the said networks. The third network element can send a query to a fourth network element which can be an element which provides a call state control function (CSCF), an element which provides a strategy control function (SCF), or a call processing server (CPS) when connection establishment information is received. Through a query, permission for establishing the requested type of connection is requested or a request is given to check the connection parametre. The first and/or second network element and/or the established connection or the type of connection is indicated in the query. The fourth network element returns a reply containing permission for establishing connection or type of connection, or in which the connection parametre is indicated.

EFFECT: improved process of establishing connection between various network elements.

98 cl, 7 dwg

FIELD: information technology.

SUBSTANCE: in one embodiment, a base station allocates a shared resource using a combination of zero or more individual licenses and zero or more general licenses and generates a multi-value "busy" signal in response to the load condition which exceeds a given level. In another embodiment, a subset of transmitting mobile stations reduces its transmission speed in response to the "busy" multi-value signal. The said subset can include independent transmissions, transmission with a general license, transmission with an individual license or any of their combinations. In various embodiments, speed setup can be probabilistic or non-probabilistic. In one embodiment a speed table is used, and a mobile station reduces or increases transmission speed from one speed value in the table to a lower or higher speed value in the table, respectively, in response to the "busy" multi-value signal.

EFFECT: efficient loading management without parasitic noise and increase in output.

47 cl, 10 dwg, 1 tbl

FIELD: engineering of systems for protecting communication channels, which realize claimed method for user authentication on basis of biometric data by means of provision and extraction of cryptographic key and user authentication.

SUBSTANCE: in accordance to the invention, neither biometric template nor cryptographic user key are explicitly represented in information storage device, without provision of biometric sample and information storage device with a pack stored on it, any cryptographic operations with data are impossible.

EFFECT: creation of biometric access system and method for provision/extraction of cryptographic key and user authentication on basis of biometry, increased key secrecy level, increased reliability, expanded functional capabilities and simplified system creation process.

2 cl, 2 dwg

FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.

SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.

EFFECT: increased level of protection from unsanctioned access.

3 cl, 1 dwg

FIELD: engineering of methods for cryptographic transformation of data, possible use in communication, computer and informational systems for cryptographic encryption of information and computation of numbers close to random.

SUBSTANCE: device contains two memory blocks, current time moment timer, two concatenation blocks, two hash-function computation blocks, operation block, computing block.

EFFECT: increased complexity of encryption analysis and decreased probability of reliable prediction of next values of pseudo-random series bits while increasing operation speed of generator.

1 dwg

The invention relates to telecommunications, and in particular to the field of cryptographic devices to protect information transmitted over telecommunication networks.The device consists of a S2 blocks controlled substitutions (epmo) 1 and S-1 blocks of fixed permutations (FFT) 2

The invention relates to telecommunications and computing, and more particularly to cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and specifically to the field of cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to methods and devices for cryptographic transformation of data

FIELD: engineering of methods for cryptographic transformation of data, possible use in communication, computer and informational systems for cryptographic encryption of information and computation of numbers close to random.

SUBSTANCE: device contains two memory blocks, current time moment timer, two concatenation blocks, two hash-function computation blocks, operation block, computing block.

EFFECT: increased complexity of encryption analysis and decreased probability of reliable prediction of next values of pseudo-random series bits while increasing operation speed of generator.

1 dwg

FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.

SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.

EFFECT: increased level of protection from unsanctioned access.

3 cl, 1 dwg

FIELD: engineering of systems for protecting communication channels, which realize claimed method for user authentication on basis of biometric data by means of provision and extraction of cryptographic key and user authentication.

SUBSTANCE: in accordance to the invention, neither biometric template nor cryptographic user key are explicitly represented in information storage device, without provision of biometric sample and information storage device with a pack stored on it, any cryptographic operations with data are impossible.

EFFECT: creation of biometric access system and method for provision/extraction of cryptographic key and user authentication on basis of biometry, increased key secrecy level, increased reliability, expanded functional capabilities and simplified system creation process.

2 cl, 2 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to a method and a device for encryption in a mobile broadcast system. The technical result is achieved due to that in a mobile broadcast system, BCAST service subscription management (BSM) manages terminal subscriber information and sends a first delivery message for BCAST service distribution/adaptation (BSD/A), where the said message contains registration key material (RKM) for registering the broadcast service for the terminal, and also at least one service or content identifier. BSD/A sends a first message to BSM for confirming delivery, where the said message contains information indicating success/failure of receiving the first delivery message, and sends the RKM to the terminal.

EFFECT: increased efficiency of encrypting transmitted content.

21 cl, 18 dwg, 7 tbl

Up!