The invention relates to transmitting media data from a multicast service.
With a multicast connection or multipoint connection in a computer network, in particular the Internet or a UMTS network, outgoing media data is simultaneously transmitted by a sender, e.g. a server for multicast services, to a plurality of receivers. Such media data includes audio data, video data or streaming media for example. If the transmission is performed in a continuous data stream, and if the received data stream is processed, in particular decoded and displayed, continuously in the terminal during the transmission, this is referred to as “streaming”. In many cases the data transmitted via a multicast connection is intended only for a specific group of receivers and is therefore encrypted. A new receiver that wishes to use a multicast service must first authenticate itself to the server in order to obtain additional information that enables it to decrypt the data stream. In addition, the messages or data between the receiver and server may be integrity protected. Security functions such as authentication, integrity protection or encryption and decryption may include steps that can only be executed on one particular device of a subscriber or user.
In the text below, the terms “process” or “procedure” are used synonymously with the term “function”, for example the security function and the security process.
The publication DE 102 15 747 B4 relates to the protected downloading of an electronic object. It discloses the distribution of various functionalities required for protected downloading of the electronic object, e.g. software, to a plurality of devices connected by a personal area network (PAN). Said functionalities may be, for instance, control functions, security functions and transmission functions. The security task (SA) must be performed during said protected downloading, by which a security check of the electronic object (IE) is carried out. In this case the protected downloading is only completed or fully executed, that is to say the downloaded electronic object is only accepted by the receiving device, once one or more security checks have been successfully executed. The publication DE 102 15 747 B4 furthermore describes that it is sufficient for the security task or the security check of the downloaded electronic object to be performed by a function unit in the PAN, so that if the result of checking is positive, the electronic object is deemed to be secure on the level of the PAN, that is to say for all function units of the PAN. The publication DE 102 15 747 B4 is thus intended to enable the receiver to verify the security attributes of the received object by performing appropriate security checks. This method thus serves solely to protect the receiver.
The disadvantage of the method set out in the publication DE 102 15 747 B4 is that it is not suitable for restricting the reception of the electronic objects solely to authorized receivers. One typical way of verifying security attributes is verification of a digital signature. The security data required to verify the security attributes, such as a cryptographic key for example, may be public (e.g. Public Key). One typical way of preventing unauthorized reception is encryption by the sender and distribution of the encryption key solely to authorized receivers. The security data required to prevent unauthorized reception, e.g. cryptographic keys, must however be secret.
The technical specification 3GPP TS 33.234 “Wireless Local Area Network (WLAN) Interworking Security”, which on the filing date of the present application was available on the 3GPP website, describes the security architecture for the interworking between a 3GPP system and WLAN access networks. This relates to the mutual authentication and the protection of a connection between user terminals and an IP network, such as the Internet or the IP network of a mobile radiocommunications network operator for example, and is restricted to WLAN access networks. Both the access of a computer to an IP network of a UMTS network operator as well as access to the Internet or only to the local WLAN network are considered here. In all cases, the user is authenticated using the smartcard (UICC or SIM) which the user obtained from the network operator through his subscription to a mobile radiocommunications network, and which is checked by the UMTS network operator when the WLAN is accessed. The protocol used for this is EAP-SIM in the case of a SIM card, or EAP-AKA in the case of a USIM application on an UICC. The method also assumes the further use of the security standard for WLANs according to IEEE 802.11i or the use of the security standard IPsec for IP networks according to IETF RFC2401. Said security methods are however not suitable for protecting multicast methods or multicast services. Moreover, independent transport of security and media data is not possible.