JP2008010999A - Content transmission device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encryption system capable of executing copy protection for preventing illegitimate copying of contents in the case of transmission of the contents by utilizing an in-home LAN and quickly coping with missing of packets on the occurrence of the missing of packet on the way of transmission. <P>SOLUTION: In the case of transmission of the contents, a content transmission apparatus and a content receiving apparatus revise an encryption size of contents transmitted by a wired LAN or a wireless LAN and transmit the revised contents. Alternatively, the content transmission apparatus and the content receiving apparatus determine a degree of congestion on LAN routing and revise the encryption size of the contents going to be transmitted. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a transmitting device and a receiving device suitable for protecting the copyright of transmitted content when transmitting and receiving content such as video and audio via a network.

With the development of processing capacity such as the computing speed and storage capacity of personal computers (hereinafter referred to as PCs), the capacity of hard disk drives (hereinafter referred to as HDDs) built into PCs is also increasing. Under these circumstances, it is now possible to record TV broadcast programs using a HDD and view them on a PC display even on a PC with a rank that is used in general households. I came.
On the other hand, due to the low price of large-capacity HDDs, HDD recording devices that have built-in HDDs and digitally record video and audio information are also appearing as home recording devices, and discs are used as recording media. Ease of use due to the use is attracting attention.
In video recorders and PCs that use HDDs such as those mentioned above, video and audio information is recorded on HDDs that are fixed in the equipment, so you may want to watch programs recorded in other rooms in your house. In some cases, it was difficult to carry the video / audio information at the medium level, which could be carried by a plurality of recording / playback devices that use a replaceable medium such as a VTR.

Therefore, a wired or wireless LAN (Local Area Network) interface is installed in such a recording device, and it is sent to other PCs or receiving devices via the network to view the recorded video / audio information anywhere in the house. An example of an apparatus that can be used is described in Non-Patent Document 1.
However, in the apparatus described in Non-Patent Document 1, no consideration is given to the copyright protection of video / audio information (hereinafter referred to as content) whose copyright is to be protected, and the video / audio recorded on the HDD is not considered. The information can be further stored in the HDD in another PC received via the LAN, and the video and audio information that can be handled had to be “Copy free” content that can be freely copied.

In general, when digitally recorded content is recorded by transmitting from one device to another device via a network or the like as described above, there is little deterioration in data quality at the time of transmission, and there is a transmission side device. Since the receiver can create a copy (duplicate) of the same quality as the content, consideration should be given to content that should be protected by copyright to prevent unauthorized copying of content that deviates from the scope of personal use. is necessary.
For example, when content is transmitted between digital AV devices, encryption is performed on the content transmission device side, and information for decryption is shared with the content reception device side, so that the transmission destination Copy protection is implemented to prevent the creation of unlimited copies by preventing content from being correctly received and decrypted by devices other than a content receiving device.

  As an example of such a copy protection method, there is a DTCP (Digital Transmission Content Protection) system that defines a copy protection method on an IEEE1394 bus, for example, as incorporated in a digital AV device (Non-patent Document 2). Description). In the DTCP method, content is classified and managed as "Copy free", "Copy one generation", "No more copies", and "Copy never". The recording device records only the contents of "Copy free" and "Copy one generation" Copy one generation content is recorded as “No more copies” after it has been recorded once, and on the bus, except for “Copy free” content, the content is encrypted and transmitted on the transmission side for unlimited content. Is not allowed to be copied.

  In content transmission using a wired or wireless LAN, several techniques for realizing copy protection for copyright protection have been disclosed based on the same concept as the DTCP method. For example, Patent Document 1 discloses a technique for applying a technique similar to DTCP to a copy protection method for distributing digital content on a network, and Patent Document 2 similarly protects the copyright of content. Therefore, a technique for configuring devices that communicate with each other after encryption is disclosed.

JP 2000-287192 A (6th page, FIG. 1) Japanese Patent Laid-Open No. 2001-358706 (page 13, FIG. 9) Toshiba Review, Vol. 57 No9. (Page 6-7) Hitachi, Ltd. 5C Digital Transmission Content Protection White Paper

When transmitting content via a wired network or a wireless network with the above-described conventional technology, the content transmission device is encrypted content in consideration of whether the network is wired or wireless, network route congestion, and content reception device performance. Has not been sent.
For example, if you record the content on a PC HDD or a recording device with a built-in HDD and want to transmit it to another device in the home from here via LAN, applying the above encryption technology, When the LAN is wireless, there may be a case where a packet is lost in the middle of the route and cannot be played back by a playback device such as a plasma television as compared to the wired case. Further, due to the congestion of the route of the home LAN, there is a possibility that the packet may be dropped before the encrypted content reaches the playback device, and in this case, playback is impossible.
It is an object of the present invention to perform copy protection that prevents unauthorized duplication of content during transmission of content using a wired or wireless LAN, and to cope immediately when packet loss occurs. It is to provide an encryption method that can be used.

  In order to solve the above problems, in the present invention, in a content transmission apparatus that transmits content via a wired or wireless LAN, a network communication processing means that transmits and receives data via the LAN is connected via the LAN. Content to be transmitted to the content receiving apparatus to be transmitted to the network communication means, and receiving an authentication request from the content receiving apparatus to determine authentication for the authentication request, and to the content receiving apparatus An authentication unit that issues an authentication request to itself, and key information is generated based on information obtained by executing an authentication process by the authentication unit, and encryption of content to be transmitted to the content receiving device using the key information Means for transmitting an authentication request to the content receiving device or receiving the content Timer means for measuring the time until arrival of reception confirmation from the content receiving apparatus in response to transmission of a response to the authentication request from the device, and the encryption means is a size of content to be encrypted in a wired network and a wireless network Configured to change. More specifically, the size of the content to be encrypted is increased in the case of a wired network, and the size of the content to be encrypted is reduced in the case of a wireless network, or the congestion of the LAN is judged by the time measured by the timer means, and the encryption is performed. The size of the content to be encrypted is changed, or the setting of the size of the content to be encrypted is changed to the size requested by the content receiving device.

  According to the present invention, when content is transmitted using a wired or wireless LAN, copy protection that prevents unauthorized duplication of the content can be performed. It is possible to provide an encryption method that can be used.

Embodiments of the present invention will be described with reference to the drawings.

FIG. 1 shows the configuration of a content transmission apparatus 100 and a content reception apparatus 200 according to Embodiment 1 of the present invention. The content transmission apparatus 100 and the content reception apparatus 200 are connected to each other via a wired LAN.
In the content transmission apparatus 100, 101 is a content transmission circuit that transmits content to the content transmission apparatus 200, 102 is an encryption circuit that encrypts content output from the content transmission circuit 101, and the encryption circuit 102 is the network determination circuit 110. In response to the result of determining whether the connection form between the content transmitting apparatus 100 and the content receiving apparatus 200 is a wired LAN or a wireless LAN, the content length to be encrypted is determined and transmitted to the content receiving apparatus 200 in units of the content length. Encrypt content.
Reference numeral 103 denotes a network communication processing circuit for exchanging the output of the encryption circuit 102 and the input / output of the authentication circuit 104 with another device via a wired LAN. Reference numeral 104 denotes information between other devices connected to the wired LAN. An authentication circuit that performs mutual authentication between devices by exchanging information, 105 is a non-volatile memory that stores information necessary for processing in the authentication circuit 104, and 106 is an encryption circuit 102 for encrypting content based on information in the authentication circuit 104 ID code of “Copy free”, “Copy one generation”, “No more copies”, “Copy never” indicating how to handle the content transmitted from the content transmission circuit 101. To the content receiving apparatus 200.

A network determination circuit 110 determines whether the content transmission apparatus 100 and the content reception apparatus 200 are connected via a wired LAN or a wireless LAN. For example, the network determination circuit determines whether the content transmission apparatus 100 and the content reception apparatus 200 are connected via a wireless LAN.
In the content receiving apparatus 200, 201 is a content receiving circuit that receives content transmitted via a wired LAN, and 202 receives content encrypted by the encryption circuit 102 of the content transmitting circuit 100 from the network communication processing circuit 203. A decryption circuit that decrypts and outputs the decryption circuit to the content reception circuit 201; 203, a network communication processing circuit that exchanges an input to the decryption circuit 202 and an input / output of the authentication circuit 204 with another device via a network; Is an authentication circuit that exchanges information with other devices and performs mutual authentication between devices, 205 is a non-volatile memory that stores information required for processing in the authentication circuit 204, and 206 is information output from the authentication circuit 204 A key for generating a key necessary for content decryption in the decryption circuit 202 based on the key The received content is processed according to the identification codes of “Copy free”, “Copy one generation”, “No more copies”, and “Copy never” that are sent with the content, and “Copy free” and “Copy one generation” Recording on a content recording medium is possible, and when “Copy one generation” content is recorded, the content is handled as “No more copies” thereafter.

  FIG. 2 shows the configuration of the content transmission device 100 and the content reception device 200. The content transmission device 100 and the content reception device 200 are connected to each other via a wireless LAN. Wireless network communication processing circuits 107 and 207 are used for connection to a LAN, and WEP (Wired Equivalent Privacy) encryption processing circuits 108 and 208 are provided. WEP is a known encryption method that is used as a standard for the purpose of security protection in a wireless LAN, and communication with security protection between a transmission device and a reception device can be realized under user management.

  FIG. 3 shows a configuration example of a home LAN including the content transmission device 100 and the content reception device 200. One content transmission device 100 and two content reception devices 200a and 200b are connected to a network hub device 300 by a wired LAN cable and a wireless LAN, and the network hub device 300 is connected to a router 400. The router 400 is connected to the Internet via a modem or a photoelectric converter. The content transmitting device 100, the content receiving devices 200a and 200b, and the router 400 each have an IP address that identifies itself on the LAN.

A 48-bit MAC (Media Access Control) address is given in advance to the interface section of each network communication processing circuit at the time of manufacture. For example, the router 400 is operated as a DHCP server by DHCP (Dynamic Host Configuration Protocol), which has been widely used for automatic address setting in the network, and the IP address of each device is set. Should be allocated.
When IPv6 (Internet Protocol Version 6) is used, each device can determine its own IP address from the upper 64 bits of the IP address of the router 400 and the MAC address by a method called stateless automatic setting. The configuration of the LAN in FIG. 3 is merely an example, and three or more content receiving apparatuses 200 may be connected.
Two or more content transmission apparatuses may be connected. In this case, different contents can be transmitted simultaneously from the respective content transmission apparatuses to the content reception apparatus as long as the LAN bandwidth permits. Note that the minimum necessary configuration in the present invention is a state in which one content transmitting device and one content receiving device are connected to the LAN.

FIG. 4 is a diagram showing an example of the content format after being encrypted by the encryption circuit 102. Reference numeral 500 denotes an encrypted packet that is encrypted by the encryption circuit 102 and transmitted to the content receiving apparatus 200 via the network communication process 103.
Reference numeral 501 denotes an encryption algorithm. In this embodiment, for example, a known technique such as AES (Advanced Encryption Standard) or DES (Data Encryption Standard) indicates which encryption algorithm is used to encrypt the content. A value promised between the content transmitting apparatus 100 and the content receiving apparatus 200, for example, “1” when AES is used, and “2” when DES is used may be set. Reference numeral 502 denotes copy information. In this embodiment, identification codes of “Copy free”, “Copy one generation”, “No more copies”, and “Copy never” indicating how to handle content are set. Reference numeral 503 denotes key information, for example, a random number that is a basis for generating a public key or a key used for encrypting content.

Reference numeral 504 denotes the content length of the encrypted content, and the size of the encrypted content is set. The encryption algorithm 501, copy information 502, key information 503, and content length 504 are combined to form an encryption header 505. Reference numeral 506 denotes an encrypted content encrypted based on the set encryption header 505.
After receiving the encrypted packet 500, the content receiving apparatus 200 analyzes the encrypted header 505 and decrypts the encrypted content 506. Therefore, for example, if an IP packet including the encryption header 505 is lost on the LAN path before reaching the content receiving device 200, the content receiving device 200 cannot decrypt the encrypted content. The present invention solves the above problems.

FIG. 5 shows a packet configuration when content encrypted by the content transmission device 100 is transmitted to the LAN via the network communication processing circuit 103 when content is transmitted and received between the content transmission device 100 and the content reception device 200a. It is a figure which shows an example.
(A) shows a packet configuration example when the network determination circuit 110 determines that the content transmission device 100 and the content reception device 200 are connected by a wired LAN cable.
Reference numerals 601 to 604 denote data portions of IP packets transmitted from the network communication processing 103 of the content transmission apparatus 100 to the content reception apparatus 200 via the LAN. The encryption circuit 102 generates an encrypted packet 500 and sends it to the network communication processing circuit 103. The network communication processing circuit 103 divides the encrypted packet (wired) 500 into IP packets 601 to 604 and transmits them on the wired LAN.

(B) shows a packet configuration example when the network determination circuit 110 determines that the content transmission device 100 and the content reception device 200 are connected by a wireless LAN cable. Reference numerals 500a to 500d denote encrypted packets, and reference numeral 700 denotes an IP packet transmitted on the wireless LAN, which is divided into 701 to 704 for transmission.
In the figure, the encrypted packets 500a to 500d are set to have the same size as the IP packets 701 to 704. This is because the use of a wireless LAN can cause a loss of IP packets (any of 701 to 704 or all IP packets) on the route.

For example, when the IP packet 701 is lost, the content receiving device 200b analyzes the encryption header when the IP packet 702 is received, and can decrypt the encrypted content. If the encryption circuit 102 generates the encrypted content 500 as shown in FIG. 5, if the IP packet 601 is lost on the wireless LAN, the content receiving device 200b does not receive the IP packet 601 including the encryption header 505. The encrypted content of the received IP packets 602 to 604 cannot be decrypted.
Further, since the encryption header 505 is missing, it is difficult to find the next encryption header.

  However, considering that the user uses a wireless LAN, if the encrypted packet 500 is generated finely as shown in FIG. 6, the decryption of the content receiving apparatus 200 is possible in a situation where packet loss such as a wired LAN is hardly considered. The encrypting circuit 202 needs to analyze the encryption header every time it receives a packet from the LAN, and it takes time for the decryption process. This causes a problem that the throughput of the system is lowered. If the throughput is lower than the bit rate of the content transmitted and received between the content transmitting apparatus 100 and the content receiving apparatus 200, the content receiving apparatus 200 cannot reproduce the content.

  The feature of the present invention is that the content transmitting apparatus 100 and the content receiving apparatus 200 are connected via a wired LAN to transmit / receive content, and the content transmitting apparatus 100 and the content receiving apparatus 200 are connected via a wireless LAN. When the transmission / reception is performed, the encryption circuit 102 changes the size of the content to be encrypted. When connected by a wired LAN, the encryption circuit 102 increases the size of the content to be encrypted so that high throughput can be ensured. In order to prevent the content reproduction due to packet loss when it is connected via a LAN, the size of the content to be encrypted is reduced. Thereby, the above-mentioned problem can be solved.

Next, a second embodiment of the present invention will be described with reference to the drawings.
FIG. 6 is a diagram showing a second embodiment of the present invention. Reference numerals 109 and 209 denote timer circuits. For example, the content transmission apparatus 100 transmits a specific packet to the content reception apparatus 200, and the time ΔT until the reception confirmation response of the specific packet from the content reception apparatus 200 is received. Measure.
FIG. 7 shows an example of a procedure at the time of content transmission / reception by the content transmission device 100 and the content reception device 200. The left side represents the content transmitting apparatus 100 and the right side represents the content receiving apparatus 200, and the timing and direction of information transmission / reception between the two are indicated by arrows.

  Prior to content transmission, the content transmission device 100 and the content reception device 200 mutually authenticate each other's device, and then transmit the content. TCP is used as a protocol for sending and receiving information for authentication. When various information such as an authentication request to the other device and an authentication response to the other device is sent, a reception confirmation for this is returned from the other device. A communication path capable of detecting a transmission error is secured. In FIG. 7, transmission / reception of data for establishing and discarding a connection by TCP is omitted.

  First, an authentication request is created from the content receiving device 200 side. The authentication request is sent to the content transmitting apparatus 100 with a public key unique to the apparatus generated by a specific authentication authority and held in the nonvolatile memory 205 of the content receiving apparatus 200 and a certificate for the public key. The public key and the certificate are stored in advance in the nonvolatile memory 205 when the content receiving device 200 is manufactured. When the authentication request is received and the reception confirmation is sent to the content receiving apparatus 200, the content transmitting apparatus 100 creates an authentication request from its own side, and the content transmitting apparatus 100 issued by the authentication authority is unique as in the case of the content receiving apparatus. The public key and its certificate are attached and sent to the content receiving apparatus side 200.

  On the other hand, the content transmitting apparatus 100 authenticates the content receiving apparatus 200 based on a predetermined public key signature algorithm. If the authentication is successful, an authentication response is issued and transmitted to the content receiving apparatus 200. Similarly, the content receiving apparatus 200 also performs authentication after receiving an authentication request from the content transmitting apparatus 100, and if successful, issues an authentication response and transmits it to the content transmitting apparatus 100. As described above, when authentication is successful, a common authentication key is generated and shared. A well-known key exchange algorithm such as Diffie-Hellman may be used to generate the authentication key.

When the sharing of the authentication key is completed, the content transmitting apparatus 100 generates an exchange key and a random number, encrypts the exchange key and the random number with the authentication key, and sends the encrypted key and the random number to the content receiving apparatus 200. In FIG. 7, the exchange key and the random number are separately transmitted from the content transmitting apparatus 100 to the content receiving apparatus 200, but they may be transmitted together.
The content receiving device 200 decrypts the exchange key transmitted from the content transmitting device 100 using the authentication key, and holds it together with the random number received and decrypted. Subsequently, a common key is generated according to a predetermined calculation algorithm using an exchange key and a random number on each side of the content transmission device 100 and the content reception device 200. The content transmitting apparatus 100 encrypts and transmits the content using the common key thus obtained, and the content receiving apparatus 200 can receive the decrypted content.

When actually starting the content transmission, the content transmitting device 100 transmits a congestion confirmation request to the content receiving device 200 in order to determine the degree of congestion on the LAN path. At this time, the timer circuit 109 of the content transmitting apparatus 100 starts the timer at the same time as transmitting the congestion confirmation request.
When the content reception device 200 receives the congestion confirmation request packet, the content reception device 200 transmits a reception confirmation response to the content transmission device 100. When the content transmission apparatus receives the reception confirmation response, the content transmission apparatus stops the timer of the timer circuit 109 and measures the time ΔT from the congestion confirmation request transmission to the reception confirmation response reception.

  Note that although ΔT is the time from the congestion confirmation request transmission to the reception confirmation response reception, there is no problem even if it is a specific packet transmitted from the content receiving apparatus 200. The content transmitting apparatus 100 determines an encrypted size based on the result, and after receiving a content request packet from the content receiving apparatus 200, transmits the content encrypted for each encrypted size to the content receiving apparatus 200.

FIG. 8 is an example of an encryption size correspondence table based on the above measurement results. For example, when the value of ΔT is 10 ms, the content transmitting apparatus 100 considers that there is no congestion with other packets on the LAN path, and that there is no packet loss, and the encrypted size is increased to 150 Kbytes. It transmits toward the receiving apparatus 200.
For example, when the value of ΔT is 30 ms, the content transmitting apparatus 100 is congested with other packets on the LAN route, and the packet is likely to be dropped before reaching the content receiving apparatus 200. The size is reduced to 1.5 Kbytes, and the encrypted content is transmitted to the content receiving device 200.

  As a result, the encrypted content is transmitted from the content transmission device 100 to the content reception device 200, and before the content reception device 200 receives the packet, a packet loss occurs due to congestion on the LAN path. When the encrypted content has not arrived, the encrypted content decrypting process in the content receiving device 200 can be recovered at an early stage.

  In this embodiment, a circuit for measuring the degree of congestion on the LAN path is inserted between the inter-device authentication process performed between the content transmission apparatus 100 and the content reception apparatus 200 and the transmission / reception process of the encrypted content. As described above, the circuit for measuring the degree of congestion on the LAN path may be performed in the device authentication process.

Next, Embodiment 3 of the present invention will be described with reference to the drawings.
In this embodiment, the content receiving device 200 requests the content transmitting device 100 for an encrypted content size that is optimal for the content receiving device 200 to receive and decrypt the encrypted content. After receiving the content, the content is encrypted for each encrypted content size and transmitted to the content receiving apparatus 200.

  In the present embodiment, for example, in a home LAN, when the content transmitting apparatus 100 transmits encrypted content to a plurality of content receiving apparatuses 200 by UDP, performance varies depending on the content receiving apparatus 200, and a certain content receiving apparatus Even if it is played normally, some content receivers have poor performance and cannot be played due to packet loss on the LAN path.

  FIG. 9 is a diagram showing a third embodiment of the present invention, and shows a sequence diagram of the present embodiment. After the inter-device authentication process between the content transmitting apparatus 100 and the content receiving apparatus 200, the encrypted content request is transmitted from the content receiving apparatus 200 to the content transmitting apparatus 100 before the encrypted content transmitting process. The cipher size request to be transmitted at this time may be included in a content request to be transmitted later to the content transmitting apparatus 100, or may be transmitted to the content transmitting apparatus 100 in a specific packet. This makes it possible to transmit encrypted content that matches the performance of the content receiving apparatus 200, and solve the problem that content cannot be reproduced due to packet loss on the LAN path.

  When content is transmitted using a wired or wireless LAN, copy protection can be implemented to prevent unauthorized duplication of content, and an encryption method is provided that can quickly cope with packet loss It becomes possible to do.

It is a figure which shows the structure of wired LAN of Example 1 of this invention. It is a figure which shows the structure of the wireless LAN of Example 1 of this invention. It is a figure which shows the structural example of the home LAN by the Example of this invention. It is a figure which shows an example of an encryption format. It is a figure which shows the example of a packet structure at the time of encrypted content transmission. It is a figure which shows the structure of Example 2 of this invention. It is a figure which shows the procedure of Example 2 of this invention. It is a correspondence table of the encryption size of Example 2 of the present invention. It is a figure which shows the procedure of Example 3 of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 ... Content transmission apparatus 101 ... Content transmission circuit 102 ... Encryption circuit 103 ... Network communication processing circuit 104 ... Authentication circuit 105 ... Non-volatile memory 106 ... Key generation circuit 107 ... Wireless network communication processing circuit 108 ... WEP encryption processing circuit 109 ... Timer Circuit 110 ... Network determination circuit 200 ... Content reception device 201 ... Content reception circuit 202 ... Decryption circuit 203 ... Network communication processing circuit 204 ... Authentication circuit 205 ... Non-volatile memory 206 ... Key generation circuit 207 ... Wireless network communication processing circuit 208 ... WEP Encryption processing circuit 209 ... Timer circuit 300 ... Hub 400 ... Router 500 ... Encrypted packet 501 ... Encryption algorithm 502 ... Copy information 503 ... Key information 504 ... Content length 505 ... Encryption header 06 ... encrypted content 600 ... wired LAN transmission packet 700 ... wireless LAN transmission packet

Claims (4)

Network communication processing means for transmitting and receiving data via a network;
Transmission content generation means for supplying the network communication means with content to be transmitted to a content receiver connected via the network;
An authentication unit that receives an authentication request from the content receiving device and determines authentication for the authentication request, and issues an authentication request to the content receiving device.
Content encryption means for generating key information based on information obtained by executing authentication processing by the authentication means, and encrypting content to be transmitted to the content receiving device using the key information;
The content encryption unit is characterized in that when encrypting content to be transmitted to a content receiving device, the content length to be encrypted is changed based on the key information generated by the authentication unit, and encryption processing is performed. Content transmitting device. The content transmission device has network determination means for determining whether the network is a wired network or a wireless network,
The content encryption means greatly changes the content length to be encrypted based on the key information generated by the authentication means in the wired network from the network determination means, and encrypts based on the key information generated by the authentication means in the wireless network. 2. The content transmission apparatus according to claim 1, wherein the content length to be converted is changed to be small and encryption processing is performed. The content transmission device has timer means for measuring a time until a reception confirmation from the content reception device with respect to transmission of an authentication request to the content reception device or transmission of a response to the authentication request from the content reception device. ,
2. The content according to claim 1, wherein the content encryption unit changes the content length to be encrypted based on the key information generated by the authentication unit according to the time measured by the timer unit, and performs the encryption process. Transmitter device. 2. The content encryption means changes the content length to be encrypted based on the key information generated by the authentication means in accordance with the content length requested from the content receiving device, and performs encryption processing. Content transmission device.

Images