200524334 九、發明說明: 3 5 U.S.C. §119規定之優先權要求 本專利申請案要求臨時專利申請案第60/496,153號之優 先權’其名稱為「廣播多點傳送服務」,申請曰期為2〇〇3 年8月18日,而且係讓渡給本專利申請案之受讓者並於此明 不以引用的方式併入本文中。 【發明所屬之技術領域】 本發明大體上關於通信,且更明確言之,係關於用以在 利用廣播多點傳送服務(BCMCS)之無線通信系統中對於資 訊服務進行收費的方法與裝置。 【先前技術】 廣播多點傳送服務(BCMCS)在無線通信系統中,提供到 達複數個經由無線通信媒體接收廣播資料之行動台的點對 多點通信服務。由無線通信系統發送至複數個行動台之廣 播資料(即,内容),可包括(但不必然限於)新聞、電影、運 動項目及其類似者。發送給行動台之内容的特定型式可包 括相當多種的多媒體資料,譬如文字、聲頻、目片、串流 視訊等。㈣容通常是由-内容提供者產生,且透過無線 通信系統的廣播頻道,廣播至訂購該特定服務的行動台。 —該廣播内容通常係經由數層次之加密與解密而加密及解 密,以提供至少某些程度之保證,使未經授權之使用者不 能將未獲授權之内容解密(即’未由行動台的使用者訂講之 内容)。為了能將廣播内容加密及解密,廣播多點傳送服務 利用加密密鑰的使用。 95619.doc 200524334 一長期加密密鑰(通常稱為一廣播接取密鑰(BAK))係由 廣播多點傳送服務供應到行動台的記憶體中。一短期密鑰 (SK)係由廣播接取密鑰ΒΑΚ及一隨機數字SKRAND推衍 出。内谷係以短期密鑰SK加密,且連同隨機數字SKRAND 藉由無線通信系統透過空中廣播到行動台。該行動台從該 Ik機數字SKRAND及廣播接取密鑰BAK計算出短期密鑰 sk,且使用該短期密鑰SK將已接收内容解密,用以呈現内 容予行動台的使用者。 通# ’行動台的使用者會被針對接收到廣播接取密鑰 BAK時之廣播内容收費。因此,不管使用者是否實際上觀 看到來自廣播多點傳送服務之廣播内容,該使用者都會在 收到廣播接取密鑰(BAK)時收費。當使用者因其目前未觀 看之廣播内容被收費時,該使用者會因這些不需產生之額 外費用而增加負擔。 本發明係關於克服,或至少減少以上提出的一或多數問 題所造成之影響。 【發明内容】 本發明的一特點提供一方法。該方法包括接收一週期性 改蜒數字,及接收一具有識別符以表示服務頻道之第一密 鑰。一第二密鑰被產生,其係至少該週期性改變數字及該 第一密鑰的一函數。第二密鑰的產生數目經計數以產生一 汁數值,用以對於在終端機顯示的内容收費。 本發明的另一特點係提供一裝置。該裝置包括用以接收 一週期性改變數字的構件,及接收一具有識別符之第一密 95619.doc 200524334 鑰以指示服務頻道的構件。該裝置進一步包括用以產生至少 一第二密鑰之構件,該第二密鑰為至少該週期性改變數字及 該第一密鑰的函數,及用以計數第二密鑰之產生數目,以產 生用以對於在終端機顯示的内容收費之計數值的構件。 【實施方式】 現睛轉到圖式,且特別參考圖1,其顯示依據本發明一具 體貫施例之無線通信系統1 00之示範性方塊圖。無線通信系 統100包含複數個與複數個基地收發站(BTS)u〇通信之行 動台(MS) 105,其等係在地理上分散以致當行動台1〇5在無 線通信系統100中來回移動時,提供與行動台1〇5之持續通 k涵盍。行動台105可採用能從基地收發站丨丨〇接收資訊之 任何元件形式,包括個人數位助理(PDA)、無線電話、具有 無線能力之膝上型電腦、無線數據機或任何其他具無線能 力的元件。 根據一具體實施例,無線通信系統100利用廣播多點傳送 服務(BCMCS),用以點至多點發送資料訊包至在無線通信 系統100内通信之行動台105的預定群組。在一具體實施例 中,該資料訊包提供之内容諸如新聞、電影、運動項目及 其類似者,係從基地收發站110透過一無線通信鏈路115發 送到行動台105。應瞭解發送至行動台1〇5的特定型式内容 可包括相當多種的多媒體資料(如文字、聲頻、圖片、串流 視訊等),且因此無須受限於前述實例。 各基地收發站110係耦合至一基地台控制器(BSC)12〇,其 控制在基地收發站11G與無線通料、統⑽之其他組件間的 95619.doc 200524334 連接。基地收發站110與基地台控制器120協同形成一無線 電接取網路(RAN),用以傳送該内容到在無線通信系統1〇〇 内通信的複數個行動台105。無線電接取網路可由提供訂講 服務至行動台105使用者之無線載體擁有,或可為一由另一 載體擁有的來訪網路,其於該行動台1〇5漫遊時,提供服務 予行動台105的使用者。 在一具體實施例中,基地台控制器120係經由一訊包控制 功此(PCF)|馬合至一訊包資料服務節點(pdsn)14〇,用以經 由一網際網路通信協定(IP)媒體(未顯示),接合無線通信系 統100與内容提供者(CP)160。該PDSN 140處理資料訊包, 用於在廣播多點傳送服務控制器15〇控制下分配至行動台 105,其可或可不具有與pDSN 14〇之直接連接。廣播多點傳 送服務控制器150將由内容提供者16〇提供之内容的廣播與 多點傳送排程,且對於廣播多點傳送服務施行保全功能。 對於廣播多點傳送服務,基地收發站i 從PDSN 接收 到資訊的串流,及在一指定的無線通信鏈路115上提供該資 汛至在無線通信系統1〇〇内通信之預定群組的行動台。 廣播多點傳送服務控制器15〇可進一步耦合至一鑑別、授權 及帳號(AAA)伺服器170,其提供鑑別、授權、帳號給無線 通信系統100之複數個訂購至廣播多點傳送服務之行動台 105。AAA伺服器170可實施為一第三者伺服器,其既不由 起始網路載體也不由行動台丨〇5之服務網路載體擁有。 内谷提供者160產生之内容,將從基地收發站11〇廣播至 經授權接收該特定型式内容之預定群組的行動台1〇5。内 95619.doc 200524334 容提供者160可實施為一第三者内容來源,其既不由起始網 路載體也不由行動台105之服務網路載體擁有。應瞭解基地 台控制器120也可耦合至各種型式之網路,諸如一公用切換 電話網路(PSTN)(未顯示),(例如)用以擴展無線通信系統 100的通信能力。在所示的具體實施例中,基地收發站工工〇 與行動台105係依據一分碼多向近接(CDMA)方案操作。然 而,應瞭解無線通信系統1〇〇可使用各種其他多向進接方 案,諸如分時多向近接(TDMA)及其類似者,而不脫離本發 明的精神與範疇。 热線通信系統100致動經由無線通信鏈路丨i 5高速廣播多 點傳送服務,其包括一能以可由大量行動台105接收的高資 料速率發送之廣播頻道。本文中之名詞「廣播頻道」係用 以指一承載廣播流量之單一正向鏈路實體頻道。資料也可 從行動台105經由無線通信鏈路115之反向鏈路發送至基地 收發站110。在一具體實施例中,反向鏈路可包括一發送信 號流量頻道與一資料速率控制(DRC)頻道。反向鏈路之資料 速率控制(DRC)頻道可經由一資料速率請求使用,以對無線 通k系統100指出可用於透過該正向鏈路之廣播頻道來廣 播内容的一可支援廣播資料速率。 現明芩考圖2,其顯示依據一具體實施例之行動台i 〇5的 方塊圖。在其更簡單的形式中之一,行動台1〇5包括一用以 調諧至該廣播頻道的接收器2〇5,用以接收從基地收發站 110發送的廣播多點傳送服務内容。一發射器21 〇可發送資 料至與行動台1 〇5通信的基地收發站丨1 〇。行動台^ 也包括 95619.doc -10- 200524334 一控制l§ 2 15,用以控制行動台i 〇5的各種操作功能。 行動台105進一步配置有一使用者識別模組(UIM)22〇。在 一具體實施例中,UIM 220可為與行動台1〇5的控制器215 耦合之可移除記憶體模組。然而,應瞭解UIM 22〇或者可實 施為行動台105的一固定部分。UIM 22〇大體上係與行動台 1〇5的一特定使用者聯結,且係用以確認該行動台1〇5的特 定使用者係獲得提供予特定使用者的特權(諸如接取無線 通#系統100、由系統100提供之特定服務/特徵,及/或接取 經由廣播多點傳送服務訂購之特定内容)。 行動台105也可包括一顯示螢幕23〇,以允許觀看由内容 提供者160提供的内容。如上述,在圖2中所示之行動台ι〇5 係以其更簡單的形式提供。因此,行動台1〇5可包括額外的 組件,用以提供各種其他功能而不脫離本發明的精神與範 竒。所以,應瞭解行動台1 〇5 —些組件的功能可整合成一單 一組件,與以一單一實體組件設置不同。 在無線通信系統丨00内廣播的内容係經由數層次之加密 與解始、來加密及解密,以提供至少某些程度之保證,使未 經扠權之使用者不能將未獲授權之内容解密(艮卩,未由行動 台105的使用者訂購之内容)。為了能將該内容加密及解 饴,廣播多點傳送服務利用加密密鑰的使用。一密鑰係一 與密碼演算法一起運作以產生特定密文的值。在多點傳送 -廣播-多媒體系統中之資料内容的加密與解密方式之實例, 係揭示於2001年8月2〇日申請之美國專利申請序號 09/933,972中,其標題為「在資料處理,系統中保全之方法及 95619.doc -11- 200524334 裝置(Method and Apparatus for Security in a Data processing System)」,其全數以引用方式併入本文。 為了在一特定時間將廣播内容解碼,行動台105需要知道 目前的解密密鑰。為了避免竊取由廣播多點傳送服務提供 内容的服務,通常係頻繁地(諸如每分鐘)改變該解密密鑰。 此等解密密鑰係稱為短期密鑰(SK),其係用以對一相當短 時間週期内之廣播内容解碼。 為能獲得接取廣播多點傳送服務控制器150,行動台105 的使用者會登錄且向廣播多點傳送服務訂購。一旦訂購可 行,各種加密密鑰會與行動台105週期性地更新。在登錄過 程中,廣播多點傳送服務控制器150與行動台105之UIM 220 就一登錄密鑰(RK)取得一致,即作為使用者與廣播多點傳 送服務間的安全聯結。此時廣播多點傳送服務控制器150 可接著傳送以登錄密鑰RK加密之UIM 220更機密資訊。登 錄密鑰RK係保密地存在UIM 220中,且對於行動台105的一 給定UIM 220係獨一的(即,每一使用者都指定一不同的登 錄密鑰RK)。200524334 IX. Description of the invention: 3 5 USC § 119 priority claim This patent application claims the priority of provisional patent application No. 60 / 496,153. Its name is "Broadcast Multicast Service" and the application date is 2 August 18, 2003, and was assigned to the assignee of this patent application and is hereby incorporated herein by reference. [Technical Field to which the Invention belongs] The present invention relates generally to communications, and more specifically, to a method and apparatus for charging information services in a wireless communication system using a broadcast multicast service (BCMCS). [Prior Art] Broadcast Multicast Service (BCMCS) provides a point-to-multipoint communication service to a plurality of mobile stations that receive broadcast data via a wireless communication medium in a wireless communication system. Broadcast material (ie, content) sent by a wireless communication system to a plurality of mobile stations may include, but is not necessarily limited to, news, movies, sports events, and the like. The specific type of content sent to the mobile station can include a wide variety of multimedia data, such as text, audio, video, streaming video, and so on. The content is usually generated by a content provider and broadcasted to a mobile station subscribing to that particular service through a broadcast channel of a wireless communication system. — The broadcast content is usually encrypted and decrypted through several levels of encryption and decryption to provide at least some degree of assurance that unauthorized users cannot decrypt unauthorized content (ie, User subscriptions). In order to be able to encrypt and decrypt broadcast content, the broadcast multicast service uses the use of encryption keys. 95619.doc 200524334 A long-term encryption key (commonly known as a Broadcast Access Key (BAK)) is supplied by the broadcast multicast service to the memory of the mobile station. A short-term key (SK) is derived from the broadcast access key BAK and a random number SKRAND. Uchiya is encrypted with a short-term key SK, and together with a random number SKRAND, broadcasts to the mobile station over the air through a wireless communication system. The mobile station calculates the short-term key sk from the Ik digital SKRAND and the broadcast access key BAK, and uses the short-term key SK to decrypt the received content for presentation to the user of the mobile station. The user of the mobile station will be charged for the broadcast content when receiving the broadcast access key BAK. Therefore, regardless of whether the user actually observes the broadcast content from the broadcast multicast service, the user will be charged when receiving the broadcast access key (BAK). When a user is charged for broadcast content that he or she is not currently viewing, the user will be burdened by these extra costs that are not required. The present invention is directed to overcoming, or at least reducing, the effects of one or more of the issues raised above. SUMMARY OF THE INVENTION A feature of the present invention provides a method. The method includes receiving a periodically modified number, and receiving a first key having an identifier to indicate a service channel. A second key is generated as a function of at least the periodically changing number and the first key. The number of generated second keys is counted to generate a value for charging the content displayed on the terminal. Another feature of the present invention is to provide a device. The device includes means for receiving a periodically changing number, and means for receiving a first secret 95619.doc 200524334 key with an identifier to indicate a service channel. The device further includes means for generating at least a second key, the second key being a function of at least the periodically changing number and the first key, and for counting the number of generations of the second key, so that A means for generating a count value for charging content displayed on a terminal. [Embodiment] Turning now to the drawings, and with particular reference to FIG. 1, there is shown an exemplary block diagram of a wireless communication system 100 according to a specific embodiment of the present invention. The wireless communication system 100 includes a plurality of mobile stations (MS) 105 communicating with a plurality of base transceiver stations (BTS) u0, which are geographically dispersed such that when the mobile station 105 moves back and forth in the wireless communication system 100 Provide continuous communication with mobile station 105. The mobile station 105 may be in the form of any component capable of receiving information from a base transceiver station, including a personal digital assistant (PDA), a wireless telephone, a wireless-capable laptop, a wireless modem, or any other wireless-capable device. element. According to a specific embodiment, the wireless communication system 100 utilizes a Broadcast Multicast Service (BCMCS) to send data packets from a point-to-multipoint to a predetermined group of mobile stations 105 communicating within the wireless communication system 100. In a specific embodiment, the content provided by the data packet, such as news, movies, sports events and the like, is transmitted from the base transceiver station 110 to the mobile station 105 through a wireless communication link 115. It should be understood that the specific type of content sent to the mobile station 105 may include a wide variety of multimedia data (such as text, audio, pictures, streaming video, etc.) and is therefore not limited to the foregoing examples. Each base transceiver station 110 is coupled to a base station controller (BSC) 120, which controls the 95619.doc 200524334 connection between the base transceiver station 11G and other components of the wireless communication and system. The base transceiver station 110 cooperates with the base station controller 120 to form a radio access network (RAN) for transmitting the content to a plurality of mobile stations 105 communicating within the wireless communication system 100. The radio access network may be owned by a wireless carrier that provides subscription services to the user of the mobile station 105, or may be a visited network owned by another carrier that provides services to the mobile when the mobile station 105 is roaming Users of the station 105. In a specific embodiment, the base station controller 120 is controlled by a packet control function (PCF) | Mahe to a packet data service node (pdsn) 14o, and is used to pass an Internet Protocol (IP) ) Media (not shown) that connects the wireless communication system 100 and a content provider (CP) 160. The PDSN 140 processes data packets for distribution to the mobile station 105 under the control of the broadcast multicast service controller 15o, which may or may not have a direct connection to the pDSN 14o. The broadcast multicast service controller 150 schedules the broadcast and multicast of the content provided by the content provider 160, and implements a security function for the broadcast multicast service. For broadcast multicast services, the base transceiver station i receives a stream of information from the PDSN, and provides the information on a designated wireless communication link 115 to a predetermined group that communicates within the wireless communication system 100. Action platform. The broadcast multicast service controller 15 may be further coupled to an authentication, authorization, and account (AAA) server 170, which provides authentication, authorization, and account numbers to the wireless communication system 100 for a plurality of actions to order a broadcast multicast service台 105。 Taiwan 105. The AAA server 170 may be implemented as a third-party server, which is neither owned by the originating network bearer nor by the serving network bearer of the mobile station 05. Content produced by Uchiya Provider 160 will be broadcast from base transceiver station 110 to mobile stations 105 of a predetermined group authorized to receive that particular type of content. The content provider 95619.doc 200524334 can be implemented as a third party content source, which is neither owned by the originating network carrier nor by the service network carrier of the mobile station 105. It should be understood that the base station controller 120 may also be coupled to various types of networks, such as a public switched telephone network (PSTN) (not shown), for example, to extend the communication capabilities of the wireless communication system 100. In the specific embodiment shown, the base transceiver station worker 0 and the mobile station 105 operate according to a one-code multi-directional proximity (CDMA) scheme. However, it should be understood that the wireless communication system 100 can use various other multi-directional access schemes, such as time-division multi-directional proximity (TDMA) and the like, without departing from the spirit and scope of the present invention. The hotline communication system 100 activates a high-speed broadcast multicast service via a wireless communication link i5, which includes a broadcast channel that can be transmitted at a high data rate that can be received by a large number of mobile stations 105. The term "broadcast channel" is used herein to refer to a single forward link physical channel carrying broadcast traffic. Data can also be sent from the mobile station 105 to the base transceiver station 110 via the reverse link of the wireless communication link 115. In a specific embodiment, the reverse link may include a transmit signal traffic channel and a data rate control (DRC) channel. The data rate control (DRC) channel of the reverse link can be used via a data rate request to indicate to the wireless communication system 100 that a supportable broadcast data rate can be used to broadcast content through the broadcast channel of the forward link. Now consider FIG. 2 which shows a block diagram of a mobile station i 05 according to a specific embodiment. In one of its simpler forms, the mobile station 105 includes a receiver 205 for tuning to the broadcast channel to receive broadcast multicast service content transmitted from the base transceiver station 110. A transmitter 2 10 can send data to a base transceiver station 1 10 that communicates with the mobile 1 105. The mobile station ^ also includes 95619.doc -10- 200524334 a control l§ 2 15 for controlling various operation functions of the mobile station i 05. The mobile station 105 is further configured with a user identification module (UIM) 22o. In a specific embodiment, the UIM 220 may be a removable memory module coupled to the controller 215 of the mobile station 105. However, it should be understood that UIM 22 or may be implemented as a fixed part of mobile 105. UIM 22 is generally associated with a specific user of mobile station 105, and is used to confirm that the specific user of mobile station 105 has obtained the privileges provided to the specific user (such as access to wireless communication # System 100, specific services / features provided by system 100, and / or access to specific content ordered via a broadcast multicast service). The mobile station 105 may also include a display screen 23 to allow viewing of the content provided by the content provider 160. As mentioned above, the mobile station ιOM5 shown in Fig. 2 is provided in its simpler form. Therefore, the mobile station 105 may include additional components to provide various other functions without departing from the spirit and scope of the present invention. Therefore, it should be understood that the functions of some components of the mobile station 105 can be integrated into a single component, as opposed to a single physical component setting. The content broadcasted in the wireless communication system 00 is encrypted and decrypted through several layers of encryption and decryption to provide at least some degree of assurance so that unauthorized users cannot decrypt unauthorized content (That is, content not ordered by the user of the mobile station 105). In order to be able to encrypt and decrypt this content, the broadcast multicast service uses the use of encryption keys. A key system is a value that works with a cryptographic algorithm to produce a specific ciphertext. An example of data content encryption and decryption methods in a multicast-broadcast-multimedia system is disclosed in U.S. Patent Application Serial No. 09 / 933,972, filed on August 20, 2001, and entitled "In Data "Method and Apparatus for Security in a Data processing System", all of which are incorporated herein by reference. In order to decode the broadcast content at a specific time, the mobile station 105 needs to know the current decryption key. In order to avoid stealing services provided by the broadcast multicast service, the decryption key is usually changed frequently, such as every minute. These decryption keys are called short-term keys (SK), which are used to decode broadcast content over a relatively short period of time. In order to obtain the access broadcast multicast service controller 150, the user of the mobile station 105 logs in and subscribes to the broadcast multicast service. Once ordered, the various encryption keys are periodically updated with the mobile station 105. During the login process, the broadcast multicast service controller 150 and the UIM 220 of the mobile station 105 agree on a login key (RK), that is, as a secure connection between the user and the broadcast multicast service. At this time, the broadcast multicast service controller 150 may then transmit the UIM 220 more confidential information encrypted with the login key RK. The login key RK is stored secretly in the UIM 220 and is unique to a given UIM 220 of the mobile station 105 (i.e., each user specifies a different login key RK).
在訂購過程中,廣播多點傳送服務控制器150以一共同廣 播接取密鑰(BAK)之值傳送UIM 220,其係一用以推衍多個 短期密鑰SK之中期、共享密鑰,且係以一針對各使用者之 架構分配至已訂購使用者之UIM 220。廣播多點傳送服務控 制器150將廣播接取密鑰BAK的值傳送給行動台105的UIM 220,係使用對於UIM 220而言係獨一的登錄密鑰RK加密。 行動台105的UIM 220能從使用儲存於其中之登錄密鑰RK 95619.doc -12- 200524334 鑰RK的加密版本,回復原始廣播接取密鑰BAK的值。廣播 接取密鑰BAK作為廣播多點傳送服務控制器150與廣播多 點傳送服務之已訂購使用者的群組間的安全聯結。廣播接 取密鑰識別符BAKID係以登錄密鑰RK連同一識別符加密 之廣播接取密鑰BAK,以指出發送給行動台105的特定内 容。 對於各訂戶端,廣播多點傳送服務控制器150使用一臨時 密鑰TK將廣播接取密鑰BAK加密,其係由儲存在UIM 220 中之使用者特定登錄密鑰RK及一隨機數字TKRAND推衍 出,以獲得一使用者特定加密廣播接取密鑰識別符 BAKID。廣播多點傳送服務控制器150傳送對應的廣播接取 密鑰識別符BAKID,到已訂購使用者的行動台105。例如, 廣播接取密鑰BAK可當作一使用對應於各UIM 220之登錄 密鑰RK加密的IP訊包發送。在範例性具體實施例中,廣播 接取密鑰識別符BAKID係一 IPSec訊包,且廣播接取密鑰 BAK是一具有使用登錄密鑰RK為密鑰加密之廣播接取密 鑰BAK的一 IPSec訊包。因為登錄密鑰RK係一「針對各使用 者」之密鑰,廣播多點傳送服務控制器150會個別地傳送廣 播接取密鑰BAK至各訂戶端。因此,廣播接取密鑰BAK未 傳送至整個無線通信系統100的廣播頻道。行動台105將廣 播接取密鑰識別符BAKID傳遞UIM 220。UIM 220使用儲存 在UIM 220中登錄密鑰RK之值及廣播接取密鑰識別符 BAKID之值計算廣播接取密鑰BAK。廣播接取密鑰BAK之 值接著儲存在UIM 220中。在一具體實施例中,廣播接取密 95619.doc -13- 200524334 鑰識別符BAKID包括一安全參數索引(SPI)值,其指示行動 台105之控制器215將廣播接取密鑰識別符BAKID傳遞給 UIM 220,且指示UIM 220使用登錄密鑰RK以將廣播接取密 鑰BAK解密。更新廣播接取密鑰BAK之時間週期需足以允 許廣播多點傳送服務控制器150在無須導致明顯負擔下,將 廣播接取密鑰BAK個別地傳送至各訂戶端。 廣播多點傳送服務控制器150接著廣播短期密鑰SK,使 得行動台105能將關連短期密鑰的特定内容解密。短期密鑰 SK是廣播接取密鑰BAK及一週期性改變數字SKRAND的一 函數。週期性改變數字SKRAND可為以功能類似密碼雜湊 函數之雜湊函數產生的一隨機數字。週期性改變數字 SKRAND也可以是一序列數字、一時間戳記或其他改變 值,只要其實施使得使用者無法預先計算該短期密鑰SK。 UIM 220從廣播接取密鑰BAK與SKRAND抽取短期密鍮 SK,係藉由使用廣播接取密鑰BAK與SKRAND的函數,且 傳遞短期密鑰SK至行動1〇5的控制器215。該廣播多點傳送 服務控制器150利用目前短期密鑰SK漿廣播内容解密。在一 具體實施例中,例如會使用一加密演算法(諸如進階加密標 準(AES)密碼演算法)。已加密之内容接著由一依照封入安 全酬載(ESP)發送模式之1Psec訊包傳送。Ipsec訊包也含有 一 SPI值,其指示行動台使用目前之短期密鑰SK以將收 到的廣播内容解密。 使用公用密鑰或共享密鑰以加密及解密之各種其他具體 實施例也可在本發明的範疇中施行。例如,在一替代性具 95619.doc -14- 200524334 體實施例中,安全傳遞或提出廣播接取密鑰BAK給UIM 220,係可藉由使用公用密鑰機制(諸如此項技術中為人已 知之RSA或ElGamal)提供。 圖3係依據本發明一具體實施例,用以施行對於廣播多點 傳送服務進行計時收費之發信號流程圖。用於所關注特定 頻道之廣播接取密鑰BAK會供應至行動台105的使用者識 別模組件(UIM)220中的記憶體。供應訊息的廣播接取密鑰 係在圖3所示之305處從AAA伺服器170發送到行動台105的 UIM 220。廣播多點傳送服務控制器150以臨時密鑰TK將廣 播接取密鑰BAK加密,其係由登錄密鑰RK與隨機數字 TKRAND推衍出。在一具體實施例中,登錄密鑰RK在BAK 於305開始供應前,已供應到行動台ios的UIM 220中。 在310,由基地台控制器120與基地收發站110協同形成之 無線電接取網路(RAN),將已加密内容經由廣播頻道廣播給 行動台105。連同已加密的内容,無線電接取網路也廣播該 週期性改變數字SKRAND與廣播接取密鑰識別符BakID, 以識別廣播接取密錄BAK。該週期性改變數字SKRAND與 廣播接取密鑰BAK係由行動台1〇5使用以計算短期密鑰SK。 行動台105從無線電接取網路的基地收發站11〇接收到已 加密的内容、SKRAND與BAKID。行動台105的控制器215 在315傳送給111^4 220已接收到的3〖^^^0與3八00,連同 一短期密鑰SK(SKRequest)之請求。傳送給υΐΜ 220之請求 SKRequest也包括用於廣播頻道的識別符。在32〇,uim 220 從SKRAND與由BAK識別符BAKID識別出的BAK計算短期 956l9.doc 200524334 密鑰sk。 UIM 220會維持一為各廣播頻道推衍之短期密鑰SK之數 目的短期密鑰計數(SKCount)。UIM 220在每次計算時會遞 增SKCount且傳遞一新短期密鑰。使用者已觀看一特定内容 頻道的時間量可由將SKCount乘以短期密鑰改變之時間週 期(即,SKPeriod)而推衍出。在一具體實施例中,SKPeriod 可由系統操作員根據被竊取内容之可能性加以設定。例 如,SKPeriod之範圍可從幾秒到幾分鐘。 _ 在325,UIM 220傳送短期密鑰SK給行動台105的控制器 215。當從UIM 220接收到短期密鑰SK時,行動台105的控 制器215現可使用短期密鑰SK將内容解密且呈現所收到的 内容,用以在行動台105的顯示螢幕230上觀看。 每當行動台105從無線電接取網路的基地收發站110接收 到新的週期性改變數字SKRAND時,會重複步驟325至 3 10。週期性改變數字SKRAND可經常改變以確保經授權的 使用者觀看到廣播内容。 φ 在330,儲存在行動台105的UIM 220中之廣播接取密鑰 BAK可能逾期或接近逾期。行動台105的控制器215在335 連同一短期密鑰SK的請求SKRequest將SKRAND與BAKID 傳送給UIM 220。 在340,當UIM 220決定廣播接取密鑰BAK逾期時,UIM 220使用登錄密鑰RK與隨機數字TKRAND計算臨時密鑰 TK。臨時密鑰TK是一單次使用之使用者特定密鑰,其可用 以將廣播接取密鑰BAK值加密與解密。TKRAND可為一以 95619.doc -16- 200524334 類似密碼雜湊函數之雜湊函數產生的隨機數字。因此,τκ 是一將登錄密鑰RK用作一機密密鑰的臨時密鑰,且係從登 錄密鑰RK與隨機數字TKRAND中推衍出。 在345,UIM 220使用臨時密鑰ΤΚ將短期密鑰計數 SKCount力口密,且將已力口密SKCouut與TKRAND連同一需求 新廣播接取密输BAK的指示傳送給行動台1 的控制器 215。因為SKCount係用臨時密鑰TK加密(此對行動台105的 控制器215係未知),控制器215無法明智地將加密的 SKCount變成一低值。此實質上減少内容被竊取的可能性, 且保護使用者防止被未經授權地接取使用者之内容觀看計 數。 在另一具體實施例中,短期密鑰SK可明顯地發送且UIM 220可產生一使用SKCount與臨時密鑰TK的簽章。在此具體 實施例中,簽章會被發送至AAA伺服器170。 在350,行動台105的控制器215傳送一需求「未處理」 (即,新)廣播接取密鑰BAK之請求至廣播多點傳送服務控制 器150。連同廣播接取密鑰BAK之請求,行動台105會包括 從UIM 220接收到的已加密SKCount及TKRAND。 在355,廣播多點傳送服務控制器150傳遞已加密之 SKCount與TKRAND至AAA祠月艮器170。AAA飼月艮器170從登 錄密鑰RK與TKRAND計算臨時密鑰TK,且將(SKCount)解 密。AAA伺服器170以SKCount更新使用者的帳號記錄。在 360,一新的廣播接取密鑰BAK會供應到行動台105的UIM 220中。如上述,使用者已觀看一特定内容的時間量可由將 95619.doc -17- 200524334 SKCount乘以短期密鑰改變之時間週期(即,sKPeriod)而推 衍出。因此,行動台105的使用者可被針對使用者實際觀看 該内容之時間量(因為需要短期密鑰SK以觀看該内容)收 費,與從在行動台105接收到BAK的時間計費相反。 為了避免中斷由使用者觀看之廣播服務,行動台1〇5可在 目前BAK逾期前從AAA伺服器170提取一新廣播接取密鑰 BAK。在此情況下,行動台1〇5可在新baK供應到UIM 220 後繼續使用舊BAK—陣子。 重要的是確保SKCount係正確地維持著。在一具體實施例 中,當傳送(SKCount)到行動台1〇5時,UIM 220使舊的計數 不能用,且對於目前考慮之廣播頻道開始一新的計數。當 新BAK供應至UIM 220時可放棄舊計數。如果新BAK尚未供 應’當下次行動台110請求SKCount時,UIM 220回覆舊與 新計數的總如作為SKCount。4監別、授權與帳號之施行可使 用舊與新計數的總和以提供内容觀看時間。 在另一具體實施例中,UIM 220在將計數器之目前值傳送 到行動台105後繼續遞增SKCount。當廣播多點傳送服務控 制器150傳送一新BAK時,其也送回從UIM 220接收在BAK 請求中依加密形式之計數。UIM 220將從廣播多點傳送服務 控制器150接收的計數解密,且從sKCounter中減去所收到 的計數。此特定具體實施例允許預付帳單應用於計時收 費。廣播多點傳送服務控制器170維持已付的計數且將其傳 給UIM 220。按著UIM 22〇計算差異且允許使用者視需要支 付更多計數。 95619.doc -18- 200524334 在另一具體實施例中,當供應一新BAK時,UIM 220會重 設SKCounter為零。在此特定具體實施例中,該使用者不會 為在傳送SKCount與接收新BAK間的時間觀看廣播内容而 被收費。 熟悉意願技術人士應瞭解,可使用任何各種不同科技及 技術呈現資訊及信號。例如,以上說明中可能提及的資料、 指令、命令、資訊、信號、位元、符號及晶片可由電壓、 電流、電磁波、磁場或微粒、光場或微粒或其任何組合表 示0 熟悉此項技術人士應進一步瞭解在此揭示的具體實施例 所說明的各種邏輯區塊、模組、電路及演算步驟可實施為 電子硬體、電腦軟體或兩者之組合。為了清楚說明硬體及 軟體之此互通性,以上已就其功能性大體說明各種示範性 組件、區塊、模組、電路及步驟。此類功能是否實施為硬 體或軟體取決於整體系統所用的特定應用及設計限制。熟 悉此項技術人士可採用各種方法實施每個特定應用之該^ 明功能性,但此類實施決定不應解釋為會造成㈣本發明 之範疇。 結合在此揭示的具體實施例所說明的各種原先性邏輯區 塊、模組及電路,可用一通用處理器、一數位信號處㈣ ⑴吟-特定應用積體電路(ASIC)、一場可程式化閘極陣 列(FPGA)或其他可程式化邏輯元件、離散閘極或電晶體邏 輯、離散硬體組件或設計用以執行在此說明的功能之任何 組合來實施或執行。一通用處理器也可為一微處理器,但 95619.doc -19- 200524334 在替代财’該處理器可以為任何習知處理器、控制器、 u !工制☆或狀悲機n。_處理器也可實施為電腦裝置的一 組合,例如,一 DSP及一婵♦饰口口 * z人 σσ 夂试處理裔之組合、複數個微處理 器、與一 DSP核心社人ΑΑ ^ . u π。的一或多個微處理器或任何其他此 類配置。During the ordering process, the broadcast multicast service controller 150 transmits the UIM 220 with a value of a common broadcast access key (BAK), which is used to derive a plurality of short-term keys SK intermediate and shared keys. And it is a UIM 220 allocated to the subscribed users with a framework for each user. The broadcast multicast service controller 150 transmits the value of the broadcast access key BAK to the UIM 220 of the mobile station 105, and encrypts it using the login key RK unique to the UIM 220. The UIM 220 of the mobile station 105 can reply to the value of the original broadcast access key BAK by using the encrypted version of the registration key RK 95619.doc -12- 200524334 stored in the key RK. The broadcast access key BAK serves as a secure connection between the broadcast multicast service controller 150 and the group of subscribers of the broadcast multicast service. The broadcast access key identifier BAKID is a broadcast access key BAK encrypted with the registration key RK and the same identifier to indicate a specific content to be transmitted to the mobile station 105. For each subscriber, the broadcast multicast service controller 150 uses a temporary key TK to encrypt the broadcast access key BAK, which is pushed by the user-specific login key RK and a random number TKRAND stored in the UIM 220 Derived to obtain a user-specific encrypted broadcast access key identifier BAKID. The broadcast multicast service controller 150 transmits the corresponding broadcast access key identifier BAKID to the mobile station 105 of the subscribed user. For example, the broadcast access key BAK can be transmitted as an IP packet encrypted using the login key RK corresponding to each UIM 220. In the exemplary embodiment, the broadcast access key identifier BAKID is an IPSec packet, and the broadcast access key BAK is a broadcast access key BAK with a login key RK as a key encryption key. IPSec packet. Because the login key RK is a key "for each user", the broadcast multicast service controller 150 individually transmits the broadcast access key BAK to each subscriber terminal. Therefore, the broadcast access key BAK is not transmitted to the broadcast channel of the entire wireless communication system 100. The mobile station 105 passes the broadcast access key identifier BAKID to the UIM 220. The UIM 220 uses the value of the registration key RK and the value of the broadcast access key identifier BAKID stored in the UIM 220 to calculate the broadcast access key BAK. The value of the broadcast access key BAK is then stored in the UIM 220. In a specific embodiment, the broadcast access key 95619.doc -13- 200524334 key identifier BAKID includes a security parameter index (SPI) value, which instructs the controller 215 of the mobile station 105 to broadcast the access key identifier BAKID Passed to UIM 220 and instructs UIM 220 to use the login key RK to decrypt the broadcast access key BAK. The time period for updating the broadcast access key BAK needs to be sufficient to allow the broadcast multicast service controller 150 to individually transmit the broadcast access key BAK to each subscriber without causing a significant burden. The broadcast multicast service controller 150 then broadcasts the short-term key SK so that the mobile station 105 can decrypt the specific content of the short-term key. The short-term key SK is a function of the broadcast access key BAK and a periodically changing number SKRAND. Periodically changing the number SKRAND can be a random number generated by a hash function that functions like a cryptographic hash function. The cyclically changing number SKRAND can also be a sequence of numbers, a time stamp, or other changed values, as long as its implementation prevents the user from pre-calculating the short-term key SK. The UIM 220 extracts the short-term secret SK from the broadcast access keys BAK and SKRAND, by using the function of the broadcast access keys BAK and SKRAND, and passes the short-term key SK to the controller 215 of action 105. The broadcast multicast service controller 150 uses the current short-term key to decrypt the broadcast content. In a specific embodiment, an encryption algorithm (such as an Advanced Encryption Standard (AES) cryptographic algorithm) is used, for example. The encrypted content is then transmitted by a 1 Psec packet in accordance with the Encapsulated Security Payload (ESP) transmission mode. The IPsec packet also contains an SPI value, which instructs the mobile station to use the current short-term key SK to decrypt the received broadcast content. Various other specific embodiments using public or shared keys for encryption and decryption are also possible within the scope of the present invention. For example, in an alternative embodiment of 95619.doc -14-200524334, the secure transmission or submission of a broadcast access key BAK to UIM 220 can be achieved by using a public key mechanism such as (Known as RSA or ElGamal). Fig. 3 is a signalling flowchart for performing timing charging for a broadcast multicast service according to a specific embodiment of the present invention. The broadcast access key BAK for the specific channel of interest is supplied to the memory in the user identification module (UIM) 220 of the mobile station 105. The broadcast access key for the provisioning message is sent from the AAA server 170 to the UIM 220 of the mobile station 105 at 305 shown in FIG. The broadcast multicast service controller 150 encrypts the broadcast access key BAK with a temporary key TK, which is derived from the registration key RK and a random number TKRAND. In a specific embodiment, the login key RK is supplied to the UIM 220 of the mobile station ios before the BAK starts to be supplied at 305. At 310, a radio access network (RAN) formed in cooperation with the base station controller 120 and the base transceiver station 110 broadcasts the encrypted content to the mobile station 105 via a broadcast channel. Along with the encrypted content, the radio access network also broadcasts the periodically changing digital SKRAND and the broadcast access key identifier BakID to identify the broadcast access secret BAK. The periodically changing digital SKRAND and the broadcast access key BAK are used by the mobile station 105 to calculate the short-term key SK. The mobile station 105 receives the encrypted content, SKRAND and BAKID from the base transceiver station 110 of the radio access network. The controller 215 of the mobile station 105 transmits the received 3 ^^^ 0 and 3800 at 315 to 111 ^ 4 220, together with a request for a short-term key SK (SKRequest). Request sent to υΐΜ 220 The SKRequest also includes an identifier for the broadcast channel. At 320, uim 220 calculates the short-term 95619.doc 200524334 key sk from SKRAND and the BAK identified by the BAK identifier BAKID. UIM 220 maintains a short-term key count (SKCount) of the number of short-term keys SK derived for each broadcast channel. UIM 220 increments SKCount and passes a new short-term key for each calculation. The amount of time a user has watched a particular content channel can be derived by multiplying SKCount by the time period during which the short-term key changes (i.e., SKPeriod). In a specific embodiment, SKPeriod can be set by the system operator based on the possibility of the content being stolen. For example, SKPeriod can range from seconds to minutes. _ At 325, the UIM 220 transmits the short-term key SK to the controller 215 of the mobile station 105. When the short-term key SK is received from the UIM 220, the controller 215 of the mobile station 105 can now use the short-term key SK to decrypt the content and present the received content for viewing on the display screen 230 of the mobile station 105. Whenever the mobile station 105 receives a new periodically changing number SKRAND from the base transceiver station 110 of the radio access network, steps 325 to 3 10 are repeated. Periodically changing the digital SKRAND can be changed frequently to ensure that authorized users view the broadcast content. φ At 330, the broadcast access key BAK stored in the UIM 220 of the mobile station 105 may be overdue or close to overdue. The controller 215 of the mobile station 105 connects the request SKRequest of the same short-term key SK with the SKRAND and the BAKID to the UIM 220 at 335. At 340, when the UIM 220 decides that the broadcast access key BAK has expired, the UIM 220 uses the login key RK and the random number TKRAND to calculate a temporary key TK. The temporary key TK is a single-use user-specific key that can be used to encrypt and decrypt the BAK value of the broadcast access key. TKRAND can be a random number generated from a hash function similar to the password hash function of 95619.doc -16- 200524334. Therefore, τκ is a temporary key using the login key RK as a secret key, and is derived from the login key RK and the random number TKRAND. At 345, the UIM 220 uses the temporary key TK to count the short-term key count SKCount, and transmits the instruction of the new broadcast SKCouut and the TKRAND to the new broadcast access key BAK to the controller 215 of the mobile station 1. . Because the SKCount is encrypted with a temporary key TK (this is unknown to the controller 215 of the mobile station 105), the controller 215 cannot wisely change the encrypted SKCount to a low value. This substantially reduces the possibility of content being stolen and protects the user from unauthorized access to the user's content viewing count. In another specific embodiment, the short-term key SK may be obviously sent and the UIM 220 may generate a signature using SKCount and the temporary key TK. In this specific embodiment, the signature is sent to the AAA server 170. At 350, the controller 215 of the mobile station 105 transmits a request for an "unprocessed" (i.e., new) broadcast access key BAK to the broadcast multicast service controller 150. Along with the request to broadcast the key BAK, the mobile station 105 will include the encrypted SKCount and TKRAND received from the UIM 220. At 355, the broadcast multicast service controller 150 passes the encrypted SKCount and TKRAND to the AAA temple server 170. The AAA feeder 170 calculates a temporary key TK from the registration keys RK and TKRAND, and decrypts (SKCount). The AAA server 170 updates the user's account record with SKCount. At 360, a new broadcast access key BAK is supplied to the UIM 220 of the mobile station 105. As mentioned above, the amount of time that a user has watched a particular content can be derived by multiplying 95619.doc -17- 200524334 SKCount by the time period (ie, sKPeriod) of the short-term key change. Therefore, the user of the mobile station 105 can be charged for the amount of time the user actually watches the content (because a short-term key SK is required to watch the content), as opposed to the time charge for receiving a BAK from the mobile station 105. In order to avoid interrupting the broadcast service viewed by the user, the mobile station 105 can extract a new broadcast access key BAK from the AAA server 170 before the current BAK expires. In this case, the mobile station 105 can continue to use the old BAK for a while after the new baK is supplied to the UIM 220. It is important to ensure that the SKCount system is properly maintained. In a specific embodiment, when transmitting (SKCount) to the mobile station 105, the UIM 220 disables the old count and starts a new count for the currently considered broadcast channel. The old count can be discarded when a new BAK is supplied to UIM 220. If the new BAK has not yet been supplied 'When the next time the mobile station 110 requests SKCount, UIM 220 responds with the sum of the old and new counts as SKCount. 4Monitoring, authorization and account execution can use the sum of the old and new counts to provide content viewing time. In another embodiment, the UIM 220 continues to increment SKCount after transmitting the current value of the counter to the mobile station 105. When the broadcast multicast service controller 150 transmits a new BAK, it also returns the count received in encrypted form in the BAK request from the UIM 220. The UIM 220 decrypts the count received from the broadcast multicast service controller 150 and subtracts the received count from the sKCounter. This particular embodiment allows pre-paid bills to be applied to timed charges. The broadcast multicast service controller 170 maintains the paid count and passes it to the UIM 220. Differences are calculated per UIM 22o and allow users to pay more counts as needed. 95619.doc -18- 200524334 In another embodiment, when a new BAK is supplied, UIM 220 resets the SKCounter to zero. In this particular embodiment, the user is not charged for watching broadcast content between the time the SKCount is transmitted and the time the new BAK is received. Those skilled in the art of willingness should understand that information and signals can be presented using any of a variety of different technologies and techniques. For example, the information, instructions, commands, information, signals, bits, symbols, and chips that may be mentioned in the above description can be represented by voltage, current, electromagnetic waves, magnetic fields or particles, light fields or particles, or any combination thereof. 0 Familiar with the technology Persons should further understand that the various logical blocks, modules, circuits, and calculation steps described in the specific embodiments disclosed herein can be implemented as electronic hardware, computer software, or a combination of both. In order to clearly illustrate this interoperability of hardware and software, various exemplary components, blocks, modules, circuits, and steps have been described above in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints used in the overall system. Those skilled in the art can implement the described functionality of each particular application in a variety of ways, but such implementation decisions should not be interpreted as causing a scope of the invention. In combination with the various original logic blocks, modules, and circuits described in the specific embodiments disclosed herein, a general-purpose processor, a digital signal can be used to moan-application-specific integrated circuit (ASIC), a field programmable Implemented or performed by a gate array (FPGA) or other programmable logic element, discrete gate or transistor logic, discrete hardware components, or any combination designed to perform the functions described herein. A general-purpose processor may also be a microprocessor, but 95619.doc -19- 200524334 is an alternative. The processor may be any conventional processor, controller, system, or machine. _ The processor can also be implemented as a combination of computer devices, for example, a DSP and a combination of * ♦ 口 口 * z 人 σσ 夂 test processing combination, multiple microprocessors, and a DSP core agent ΑΑ ^. u π. One or more microprocessors or any other such configuration.
在此結合揭示的該等具體實施例所說明之方法或演算法 的步驟可以直接採用硬體、由__處理器執行的—軟體模組 或採用二者之組合而具體化。軟體模組可駐存SRAM記憶 體、快閃記憶體、R〇MB憶體、EPR0M記憶體、EEpR〇M 記憶體、暫存器、硬碟、可抽取磁碟、CD_RC)M、或此技 術中所熟知之任何其他形式的儲存媒體中。—範例性儲存 媒體係輕合至處理器,以致該處理器可自储存媒體中讀取 資訊,以及寫人資訊到儲存媒體。在#代性範财,該儲 存«可與該處理器整合。該處理器及該儲存媒體可駐留 於單一ASIC中,或成為一行動台中之分離組件。 所揭示之具體實施例之先前制係提供使任何熟悉此項 技術人士可製造或使用本發明。熟悉此項技術人士應明白 此等具體實施例可進行各種修改,而且此處所定義的通用 原理可應用於其他具體實施例而不背離本發明之精神或範 疇。因此,本發明非意於受限本文中所示的具體實施例, 而係符合在此所揭示之原理及新穎特徵—致之最廣泛範 疇。因此,本發明並非欲受限於此處所示的具體實施例, 而係符合與此處所揭示之原理及新穎特徵相一致之最廣範 疇。 95619.doc -20- 200524334 【圖式簡單說明】 圖1係顯示利用依據本發明一具體實施例的廣播多點傳 送服務(BCMCS)之無線通信系統的範例性方塊圖; 圖2係顯示圖1的無線通信系統之行動台的一更詳細表示 法之方塊圖;及 圖3係顯示在圖丨之無線通信系統的組件間發送信號,以 行對於觀看廣播多點傳送服務進行計時收費之發放信號 流程圖。 【主要元件符號說明】 100 無線通信系統 105 行動台 110 基地收發站 115 無線通信鍵路 120 基地台控制器 140 訊包資料服務節點 150 廣播多點傳送服務控制 160 内容提供者 170 鑑別、授權與帳號伺服 205 接收器 210 發射器 215 控制器 220 使用者識別模組 230 顯示螢幕 95619.doc • 21 -The steps of the method or algorithm described in the specific embodiments disclosed herein can be directly implemented by hardware, a software module executed by a processor, or a combination of the two. Software modules can reside in SRAM memory, flash memory, ROM memory, EPR0M memory, EEPROM memory, scratchpad, hard disk, removable disk, CD_RC) M, or this technology Any other form of storage medium known in the art. —Exemplary storage media is light-weighted to the processor so that the processor can read information from the storage medium and write information to the storage medium. In # 代 性 范 财, this storage «can be integrated with this processor. The processor and the storage medium may reside in a single ASIC or may be separate components in a mobile station. The previous embodiments of the disclosed embodiments are provided to enable any person skilled in the art to make or use the present invention. Those skilled in the art will appreciate that various modifications can be made to these specific embodiments, and that the general principles defined herein can be applied to other specific embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not intended to be limited to the specific embodiments shown herein, but is to comply with the principles and novel features disclosed herein—the broadest scope. Therefore, the present invention is not intended to be limited to the specific embodiments shown here, but conforms to the broadest scope consistent with the principles and novel features disclosed herein. 95619.doc -20- 200524334 [Brief description of the drawings] FIG. 1 is an exemplary block diagram showing a wireless communication system using a broadcast multicast service (BCMCS) according to a specific embodiment of the present invention; A block diagram of a more detailed representation of the mobile station of the wireless communication system; and FIG. 3 is a signal for sending signals between the components of the wireless communication system shown in FIG. flow chart. [Description of main component symbols] 100 wireless communication system 105 mobile station 110 base transceiver station 115 wireless communication key 120 base station controller 140 packet data service node 150 broadcast multicast service control 160 content provider 170 authentication, authorization and account number Servo 205 Receiver 210 Transmitter 215 Controller 220 User Identification Module 230 Display screen 95619.doc • 21-