JP2009081658A - Signature verification method and receiving apparatus - Google Patents

Abstract

Provided is a signature verification technique with improved usability, which can authenticate that there is a high possibility of receiving an illegal wave even if the signature cannot be verified.
A receiving device (100) includes a receiving unit (110) that receives a signed transport stream and a verification packet for verifying the signature, and a generation unit that generates a hash value from the transport stream packet (120), collation unit (142) that collates the hash value included in the verification packet next to the verification packet and the hash value generated by the generation unit, and verifies the interval from the verification packet to the next verification packet The verification unit (144) determines that the section cannot be verified when the next verification packet cannot be received even after a predetermined time has elapsed since the reception of the verification packet.
[Selection] Figure 1

Description

  The present invention relates to a stream signature verification method and a receiving apparatus.

  Conventionally, content such as television and radio has been broadcast / transmitted in an analog format. However, with the recent development of digital technology, content and service data have been digitized, and content and service have been broadcast in the form of digital data. Furthermore, terrestrial digital broadcasting has been put into practical use, and one-segment broadcasting, which is digital broadcasting for mobile terminals, has started.

  In such digital broadcasting, not only normal video and audio services (contents) but also services such as captions and data for data broadcasting (content-attached information) are broadcast. Such content and content-attached information are packetized and broadcast as a series of packets by streaming. In particular, since terrestrial digital broadcasting (including one-segment broadcasting) is transmitted using radio waves, when an attacker transmits an illegal broadcast wave as a jamming radio wave on the same channel, a general viewer The digital broadcast receiving terminal used by can not distinguish between a broadcast wave by a regular broadcast station and an illegal broadcast wave by an attacker. FIG. 5 schematically shows, for example, a situation when illegal broadcasting is performed in a conventional system. As shown in FIG. 5A, a receiving terminal in an environment where an attacker's unauthorized broadcast wave is stronger than a regular broadcast wave regards the unauthorized broadcast wave as a regular broadcast wave. I receive it. Therefore, as shown in FIG. 5B, the viewer views the video and audio based on the illegal broadcast wave without realizing it, and the information on such video and audio is correct. There is a risk of recognition. In the case of one-segment broadcasting, it is expected that transmission devices such as relay devices and gap fillers for difficult viewing areas in urban areas such as underground shopping centers and indoors are expected. Furthermore, in the case of one-segment broadcasting, a small transmission device has been developed that performs independent broadcasting for a narrow reception area in a store or commercial facility. In such a receiving device that receives broadcast waves from various types of transmission devices, whether or not the received broadcast wave is a broadcast wave from a regular broadcast station, or a reliable business operator If there is a function for discriminating whether or not the broadcast wave is from, it is convenient for the user, but such a mechanism and technology have not been developed.

  In this way, improper broadcast waves can cause problems such as spoofing to a legitimate broadcasting station, data tampering, and induction to a malicious site (phishing scam). In particular, data such as subtitle broadcasting and data broadcasting are important information in economic activities (names, specifications and prices of products sold on TV / radio shopping, etc., economic indicators such as stock prices and economic statistics, telephone numbers and Website address). As a result, various economic activities are often carried out between viewers and companies, and it is very important to guarantee the legitimacy and reliability of the content of broadcast waves (ie, the non-falsification of content and content-attached information). Is important to. For example, since data broadcasting is broadcast in BML (Broadcast Markup Language), an instruction for a script described in BML to jump to a link destination URL unrelated to broadcasting, an instruction to start an unnecessary application, etc. May be replaced with malicious code. It is also very important to prevent such an operation different from the original operation.

  Therefore, in order to guarantee the legitimacy and safety of the broadcast wave, the null packet that is periodically inserted into the stream to some extent is replaced with a verification packet that includes a hash value (signature information) calculated using a specific packet. A stream including a verification packet is transmitted on the transmission side, and the hash value calculated using the specific packet and the hash value included in the verification packet are compared and authenticated on the reception side, thereby confirming whether or not tampering has occurred. The applicant has developed a technique to confirm this.

  A technique for adding a hash value to a stream transfer type packet by a technique developed by the present applicant will be described. FIG. 6 is a diagram for explaining a hash value calculation method on the transmission side. As shown in the upper part of FIG. 6, the original message (original TS packet) includes packets P0 (null packet), P1 (PID = A), P2 (PID = B), P3 (PID = A), P4 (PID = C), P5 (PID = A), P6 (null packet), P7 (PID = A), P8 (PID = B), P9 (PID = A), P10 (PID = B), P11 (null packet) In this order. In this case, packets P1 to P10 exist in the signature verification section between verification packets [VP-VP]. The packet P0 of the null packet is replaced with a VP packet. This VP packet includes an identifier (PID = A, n = 4) designating a specific packet for which a hash value is calculated, and a hash value H for a section preceding itself. On the transmission side, up to n TS packets having a PID (packet ID) of A are sequentially selected according to the identifier, a hash value is generated in a chain, and a verification packet including the generated hash value is used as a packet P11 (null packet). ). Specifically, first, as shown in the lower part of FIG. 6, a 16-byte hash value is obtained from a message (184 bytes) stored in the payload portion of the packet P1 (PID = A) using a predetermined hash function. h1 is generated. Next, a hash value h2 is generated from the hash value h1 and the message m1 (184 bytes) of the packet P3 (PID = A). Similarly, the hash value h3 is generated from the hash value h2 and the message m2 (184 bytes) of the packet P5 (PID = A), and further the message m3 (184 bytes) of the hash value h3 and the packet P7 (PID = A). ) To generate a hash value h4. Since n packets in the section have been processed, the last hash value h4 is set as the final hash value H, and the packet P11 (null packet) is replaced with a verification packet (VP) including the hash value H. Then, these packets are transmitted as a stream.

  Next, the reception process of the stream shown in FIG. 6 by the technology developed by the present applicant will be described. FIG. 7 is a diagram for explaining a technique for calculating a hash value from a received transport stream (TS) message and verifying the validity of the message. On the receiving side, according to the identifier included in the verification packet, up to n TS packets with PID A are sequentially selected to generate a hash value h4, the generated hash value h4, and the next received verification packet (packet P11) Is compared with the hash value H included in.

In addition, as a conventional technique for guaranteeing the legitimacy and safety of broadcast waves, authentication information is derived from each packet, each authentication information thus derived is added to each packet, and the contents of each packet are received on the receiving side. Has been proposed (see Patent Document 1).
JP 2001-251296 A

  However, the technology developed by the applicant described above is to determine the validity of the stream using the hash value included in the verification packet, and the stream cannot be authenticated because the verification packet cannot be received. Was not mentioned.

  The above problem will be described with reference to the drawings. FIG. 8 is a diagram illustrating a case where a falsified illegal stream is received during reception of a signed stream. As shown in FIG. 8, after receiving the packet P3 included in the signed normal stream, the receiving apparatus receives an illegal stream (packets P20 to P28). In such a case, since the verification packet is not included in the illegal stream, the receiving side cannot obtain a hash value for authenticating the signature, and the signature is not verified indefinitely. . Therefore, the receiving apparatus cannot recognize whether the stream being received is illegal or signed, and cannot accurately notify the user of the validity of the content. For example, when the receiving device notifies the user of the validity of the content by displaying subtitles or icons, since the verification is not performed, a message indicating that the content is valid is received as an illegal stream. It will not change inside. In addition, when it is indicated that a subtitle or an icon is not displayed indicates a valid stream, nothing is notified (displayed) even if an illegal stream is received.

  Therefore, an object of the present invention is to solve the above problem and recognize the state of a stream (whether it is an illegal stream or a possibility of an illegal stream) even when a verification packet cannot be received. It is to provide a technique (apparatus, method) that can be used.

In order to solve the above-described problems, the receiving device according to the first invention provides:
A receiving unit that receives a signed transport stream and a verification packet for verifying a signature of the transport stream;
From the transport stream received by the receiving unit, a specific packet is selected from the transport stream based on information included in the verification packet, and a hash value is generated (calculated) from the selected transport stream packet. A generator,
A collation unit that collates a hash value included in a verification packet next to the verification packet with a hash value generated by the generation unit;
A verification unit that verifies a section from the verification packet to the next verification packet based on a verification result by the verification unit;
When the verification unit cannot receive the next verification packet even after a predetermined time has elapsed after receiving the verification packet, the verification unit determines that the section cannot be verified;
It is characterized by that.

The receiving apparatus according to the second invention is
A measuring unit for measuring a time from receiving the verification packet to receiving the next verification packet;
A storage unit for storing the predetermined time,
The verification unit determines that the section cannot be verified when the time measured by the measurement unit exceeds the predetermined time stored in the storage unit.
It is characterized by that.

A receiving device according to a third invention is
The storage unit stores, as the predetermined time, a time based on a maximum transmission interval between the verification packets (a predetermined maximum value of an interval at which the verification packet is transmitted).
It is characterized by that.

A receiving device according to a fourth invention is
A measuring unit for measuring time in a section from the verification packet to the next verification packet;
A storage unit for storing the time in each section measured by the measurement unit,
When the time measured by the measurement unit exceeds a set time calculated based on the time in each section stored in the storage unit, the verification unit cannot verify the section. judge,
It is characterized by that.

A receiving apparatus according to a fifth invention is
The verification unit calculates, as the set time, an average time obtained by averaging the time in each section stored in the storage unit;
It is characterized by that.

A receiving apparatus according to the sixth invention is:
The verification unit calculates the set time based on a maximum value of time in each section stored in the storage unit;
It is characterized by that.

  As described above, the solution of the present invention has been described as an apparatus. However, the present invention can be realized as a method, a program, and a storage medium storing the program, which are substantially equivalent to these. It should be understood that these are also included.

For example, the signature verification method according to the seventh aspect of the present invention realized as a method is as follows:
Receiving a signed transport stream and a verification packet for verifying the signature of the transport stream;
Selecting a specific packet from the transport stream based on information included in the verification packet from the received transport stream, and generating a hash value from the selected transport stream packet;
Collating a hash value included in a verification packet next to the verification packet with the generated hash value;
Verifying a section from the verification packet to the next verification packet based on the verification result,
The step of verifying determines that the section cannot be verified when the next verification packet cannot be received even after a predetermined time has elapsed after receiving the verification packet;
It is characterized by that.
It should be noted that arithmetic means (a processor such as a CPU, DSP, or MPU) can be used as necessary for calculation or processing of each step.

  According to the present invention, even when a verification packet cannot be received, it is possible to recognize the state of a stream (whether it is an illegal stream or a possibility that it is an illegal stream).

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The present invention can be applied regardless of whether the transmission path of the packet (broadcast wave) is wired or wireless. However, the present invention is applied to a one-segment broadcasting system using a wireless transmission path, which will most benefit from the present invention. A mode will be described. Typical examples of a receiving apparatus having a one-segment broadcast receiving function are a mobile phone terminal and a notebook personal computer.

  FIG. 1 is a block diagram showing a basic configuration of a receiving apparatus according to an embodiment of the present invention. As shown in the figure, the receiving apparatus 100 includes an antenna ANT1, a receiving unit 110, a hash value calculation unit (generation unit) 120, a packet processing unit 130, an authentication unit 140, a control unit 150, a memory 160, an output unit 170, and a decoder 180. And a measurement unit 190. The antenna ANT1 receives a broadcast wave including a packet and supplies the received broadcast wave to the receiving unit 110. The receiving unit 110 generates a transport stream (TS) signal (TS packet, null packet, and verification packet) obtained by performing signal processing (such as OFDM demodulation processing) from the received broadcast wave, a hash value calculation unit 120, a packet processing unit 130 and the memory 160. The memory 160 stores the TS packet, the hash value, the predetermined time t, and the time measured by the measuring unit 190 (details will be described later).

  Further, the receiving unit 110 separates and analyzes information for specifying content (for example, program specifying information PSI storing the program association table PAT and the program map table PMT) from the received transport stream. Then, based on the information, the video signal, the audio signal, and the data signal are separated from the transport stream. The decoder 180 decodes audio packets, video packets, data broadcast packets, and the like stored in the memory 160 and supplies them to the display unit 172 and the speaker 174 provided in the output unit 170.

  The packet processing unit 130 extracts a verification packet (VP packet) from the TS signal, and a hash value as signature information for a TS packet that is included in the verification packet and exists in a section [VP-VP] between the verification packets H is acquired, and the acquired hash value H is stored in the memory 160. The hash value calculation unit 120 generates a hash value as signature information using a predetermined function by chaining specific TS packets existing in a section [VP-VP] between verification packets, and generating the generated hash The value h is supplied to the authentication unit 140. The hash value calculation unit 120 repeats the same hash value calculation process every time a new verification packet is received. A specific TS packet can be specified by, for example, a packet ID (PID), a flag, or the like.

  The measurement unit 190 includes a timer TIM, and continues to measure time during the period in which the TS packet is received after receiving the verification packet. The measurement unit 190 resets the timer TIM every time a verification packet is received, and starts measuring a new time. In addition, when a predetermined time t stored in the memory 160 elapses after the measurement starts, the measurement unit 190 notifies the verification unit 144 to that effect.

  The authentication unit 140 includes a verification unit 142 and a verification unit 144. The collation unit 142 collates whether or not the hash value H as the signature information included in the next verification packet matches the generated hash value h. When the hash value H as signature information included in the next verification packet does not match the generated hash value h as a result of the collation by the collation unit 142, the verification unit 144 determines that the section is an illegal section. Then, the determination result (collation result) is supplied to the control unit 150. Further, when the verification unit 144 receives a notification from the measurement unit 190 that the time since the reception of the verification packet has passed the predetermined time t, the verification unit 144 determines that the section is an unverifiable section, and to that effect Is supplied to the control unit 150.

  The control unit 150 controls the supply of data to the output unit 170 and the decoder 180. In other words, the control unit 150 outputs the content or service using the transport stream packet of the section determined to be an illegal section or an unverifiable section based on the determination results supplied from the authentication section 140 and the measurement section 190. Stop, output with captions indicating that it is an illegal section or a section that cannot be verified, superimpose characters and icons to that effect, or output a sound to that effect Thus, the display unit 172 and the speaker 174 are controlled.

FIG. 2 is a flowchart showing an example of a signature verification method executed by the receiving apparatus of FIG. First, in step J11, the hash value calculation unit 120 selects a verification packet from the TS, and in step J12, the measurement unit 190 starts measuring time using the timer TIM. Then, the hash value calculation unit 120 starts loop 1 (steps J14 and J15). In Step J14, from the specific TS packet until the end condition of Step J16 is satisfied from the message m (payload) of the specific TS packet and the previous hash value h0 (null at the first execution), the following A hash value h is generated using a predetermined hash function f.
h = f (m, h0)
Here, the termination condition is that a hash value is calculated using a specified number of specific TS packets specified in the received verification packet. Further, during the calculation of the hash value, in step J15, it is determined whether or not the time after the measurement unit 190 starts measuring the time has passed a predetermined time t stored in the memory 160, If it is determined that the time has elapsed, loop 1 is terminated.

  If the loop 1 is terminated without calculating the predetermined time t during calculation of the hash value in step J15, the process proceeds to step J17. In step J17, control unit 150 determines whether or not the time measured by measuring unit 190 has passed a predetermined time t before receiving the next VP packet. In step J17 and step J15, when it is determined that the time measured by the measurement unit 190 has passed the predetermined time t, the process proceeds to step J21, and the verification unit 144 transmits the verification packet in the section (step J11). The section from reception until the reception of the next verification packet that has not been received at present is regarded as an unverifiable section and notifies the control unit 150 to that effect. The control unit 150 receives the verification result of the verification unit 144, and outputs that the content received in the section is unverifiable and may have received an illegal broadcast. To control. As the predetermined time t, a maximum value of the interval for transmitting VP packets can be determined in advance on the transmission side, and the maximum transmission interval can be set to the predetermined time t. The maximum transmission interval may be transmitted by being included in, for example, a verification packet or another TS packet, and the reception side may set the received maximum transmission interval as a predetermined time t. In this way, the upper limit value of the transmission interval between VP packets that is predetermined on the transmission side is used as a determination time for determining whether or not an illegal broadcast is received. Even though it is not a stream, it is possible to prevent the receiving apparatus from erroneously determining that there is a high possibility of being an illegal stream.

  In step J17, if the predetermined time t has not elapsed before receiving the VP packet and the next VP packet is normally received, the process proceeds to step J18, and the packet processing unit 130 The hash value H as the signature information stored in is acquired and stored in the memory 160. Next, in step J19, the collation unit 142 in the authentication unit 140 determines whether or not the hash value H as the signature information acquired from the VP packet matches the hash value h generated by the hash value calculation unit 120. Match. If the acquired hash value H and the generated hash value h match, the processing is completed assuming that the signature information has been successfully authenticated. Under the control of the control unit 150, the TS packet in the relevant section is normally transmitted by the decoder 180. Decoded and output by the output unit 170. If the acquired hash value H and the generated hash value h do not match, the process proceeds to step J20, the collation unit 142 regards the section as an illegal section, and the control unit 150 obtains the collation result of the collation unit 142. In response, the decoder 180 and the output unit 170 are controlled so as not to output the content received in the section.

  A signature verification method according to the present invention will be described with reference to the drawings. FIG. 3 is a diagram for explaining a reception process according to the present invention when an illegal stream (a stream without a verification packet) is received. First, when a VP packet (packet P0) is received, the measurement unit 190 starts measuring time. After that, after receiving the signed packet P3, it is assumed that the received stream is switched to an illegal stream. As shown in the middle part of FIG. 3, in the conventional technique, since the VP packet including the hash value is not received, signature verification is not performed indefinitely, and the receiving apparatus indicates that the content being received is an illegal broadcast. Can not be notified. In contrast, in the present invention, as shown in the lower part of FIG. 3, when a predetermined time t close to the timing of receiving the VP packet (packet P11) has elapsed since the start of time measurement, the measurement unit 190 Notifies the verification unit 144 to that effect. The verifying unit 144 receives the notification from the measuring unit 190, receives TS packets (packets P1 to P3, and packets P1 to P3, and so on) from when the VP packet P0 is received until the next VP packet (not shown) is received. It is determined that it is impossible to verify packets after packet P30). Based on the determination result of the verification unit 144, the control unit 150 controls the display unit 172 and the speaker 174 to add and output a caption indicating that the currently received broadcast wave cannot be verified, The characters and icons to that effect are superimposed and output, or sound indicating that is output.

  In the above description, the predetermined time t is described as the maximum transmission interval. However, in another embodiment, the predetermined time t can be set to other values. For example, while receiving a signed normal stream, the measurement unit 190 determines the time between VP packets (the time required from receiving a VP packet to receiving the next VP packet of the VP packet). ) Is measured between each VP packet and stored in the memory 160. Then, the verification unit 144 adds a certain time α seconds as the fluctuation range of the maximum value to the maximum value of the time measured in each section stored in the memory 160, and sets the predetermined time t. With this α, it is possible to avoid misperception that there is a possibility of an illegal stream even though the next VP packet can be received after α seconds of the maximum value, which is actually a normal stream. Note that the value of α is set to be large (wide fluctuation range) at the beginning of TS packet reception, and the actual fluctuation range tends to be smaller than the initially set α value after receiving some VP packets. If it is, the value of α should be reduced (update the predetermined time t). In this way, by setting the predetermined time t for determining that the stream being received is likely to be an illegal stream that does not include a VP packet as the maximum value between VP packets, It becomes possible to detect an illegal stream in accordance with the state of the stream being received.

  In yet another embodiment, the predetermined time t can be set to a time obtained by averaging the time between the VP packets. That is, while receiving a signed normal stream, the measurement unit 190 measures the time between each VP packet and stores it in the memory 160, and the verification unit 144 is stored in the memory 160. An average time obtained by averaging the times measured in each section is set as the predetermined time t. The average time may be calculated and updated every time a verification packet is received, or may be updated after buffering the time measured in the memory 160 to some extent. Therefore, also in this embodiment, it is possible to detect an illegal stream in accordance with the state of the stream being received.

  It is also conceivable that the user switches the service being received by the receiving apparatus 100. Considering this, the verification unit 144 uses the time calculated in any of the above-described embodiments as the predetermined time t while the content ID (program ID) of the content extracted by the reception unit 110 is the same, If the content ID changes because the service is switched, the calculated time is reset. In the beginning, the maximum transmission interval preset in the switching destination service is used as the predetermined time t, and the predetermined time t is updated as in the above-described embodiment while the switched stream is normal. Just go.

  FIG. 4 shows an example of a display transition diagram of the display unit 172 of the receiving device 100. The control unit 150 displays on the display unit 172 before starting the verification that the stream being received, such as “Unsigned broadcast is being received”, is the one before the verification as shown in the screen D1. Display the message that indicates. If the hash value H included in the VP packet matches the hash value h generated by the hash value calculation unit 120 of the receiving apparatus 100 by the signature verification method described above, and the hash value is successfully verified, the screen D2 is displayed. Thus, for example, a message indicating that the received stream has been successfully authenticated is displayed, such as “successful signature verification”. If the hash value H included in the VP packet and the generated hash value h do not match and verification of the hash value fails, for example, “Unauthorized broadcast is received” on screen D3. Displays a message indicating that the stream is invalid. If the VP packet cannot be received, and therefore the hash value H included in the VP packet cannot be acquired and the hash value cannot be verified, the signature verification method described in the above embodiment is used to invalidate the content being received. It is possible to determine that there is a high possibility that the stream is a stream. Therefore, the control unit 150 displays, for example, a message “There is a possibility of receiving an illegal broadcast” on the display unit 172, such as the screen D4.

  Note that the example of notification to the user shown in FIG. 4 is merely an example, and notification can be made by other methods. For example, although the text message is displayed in the center of the screen in FIG. 4, it may be displayed in a telop at the edge of the screen. Alternatively, an icon indicating each state may be notified to the user in advance, and the icon may be notified by displaying it on the screen. In addition, when notifying them, it may be possible to superimpose while displaying the video on the screen, or to stop displaying the video when notifying that it is an illegal broadcast or there is a possibility of it. Each notification may be displayed.

  A specific packet used for the hash calculation may be selected according to a selection rule determined in advance between the reception device and the transmission device. The present invention can be applied to all signature verification methods for receiving a VP packet including a hash value as signature information and determining the validity of a stream using the hash value. Does not matter.

  The advantages of the present invention will be described again. In the present invention, the VP packet cannot be acquired because the illegal stream is received, and the illegal stream is received even when the signature information cannot be verified (that is, the safety of the received radio wave) cannot be executed. Recognizing that there is a possibility and notifying the user of that, it is possible to improve usability as compared with the conventional technique in which it is impossible to recognize that the stream is illegal and to continue receiving. Also, to determine that there is a possibility of receiving an illegal stream, a timer is added to the receiving side, and the receiving side only resets the timer every time a VP packet is received. It can be easily implemented. Furthermore, since it is possible to determine whether or not the stream is an illegal stream only by the receiving device, no special processing is imposed on the transmitting side that generates the packet.

  Although the present invention has been described based on the drawings and examples, it should be noted that those skilled in the art can easily make various modifications and corrections based on the present disclosure. Therefore, it should be noted that these variations and modifications are included in the scope of the present invention. For example, the functions included in each unit, each means, each step, etc. can be rearranged so as not to be logically contradictory, and a plurality of means, steps, etc. can be combined or divided into one. It is.

  That is, in the embodiment, the PID indicating the video signal packet is used as the specific packet. However, the PID indicating the audio signal packet, the PID indicating the data broadcast signal packet, or the like is used, or the section is updated. Each time, a PID may be selected at random from a packet indicating a video signal, a packet indicating an audio signal, and a packet indicating a data broadcast signal, and the method of generating a hash value is not limited. In the embodiment, the text message display is used as a notification method to the user.

It is a block diagram which shows the basic composition of the receiver by the embodiment of this invention. 3 is a flowchart illustrating an example of a signature verification method executed by the receiving apparatus in FIG. 1. It is a figure explaining the method to detect that there is a high possibility of receiving an illegal transport stream (TS) according to an embodiment of the present invention. It is an example of the transition diagram of the display part of the receiver of FIG. It is a figure which shows typically the unauthorized broadcast reception in a conventional system. It is a figure explaining the method of calculating a hash value from the message of a transport stream (TS). It is a figure explaining the method of calculating a hash value from the message of a transport stream (TS). It is a figure explaining the problem of the method of FIG.

Explanation of symbols

100 receiving device 110 receiving unit 120 hash value calculation unit 125 counter unit 130 packet processing unit 140 authentication unit 142 verification unit 144 verification unit 150 control unit 160 memory 170 output unit 172 display unit 174 speaker 180 decoder 190 measurement unit TIM timer ANT1 antenna h0 -4 Hash value m1-3 Message P1-P11, P20-P28, P30-P38 Packet VP Verification packet D1-D4 Screen

Claims (7)

A receiving unit that receives a signed transport stream and a verification packet for verifying a signature of the transport stream;
A generation unit that selects a specific packet from the transport stream based on information included in the verification packet from the transport stream received by the reception unit, and generates a hash value from the selected transport stream packet; ,
A collation unit that collates a hash value included in a verification packet next to the verification packet with a hash value generated by the generation unit;
A verification unit that verifies a section from the verification packet to the next verification packet based on a verification result by the verification unit;
When the verification unit cannot receive the next verification packet even after a predetermined time has elapsed after receiving the verification packet, the verification unit determines that the section cannot be verified;
A receiving apparatus. The receiving device according to claim 1,
A measuring unit for measuring a time from receiving the verification packet to receiving the next verification packet;
A storage unit for storing the predetermined time,
The verification unit determines that the section cannot be verified when the time measured by the measurement unit exceeds the predetermined time stored in the storage unit.
A receiving apparatus. The receiving device according to claim 2,
The storage apparatus stores the time based on the maximum transmission interval between the verification packets as the predetermined time. The receiving device according to claim 1,
A measuring unit for measuring time in a section from the verification packet to the next verification packet;
A storage unit for storing the time in each section measured by the measurement unit,
When the time measured by the measurement unit exceeds the set time calculated based on the time in each section stored in the storage unit, the verification unit cannot verify the section. A receiving apparatus characterized by determining. The receiving device according to claim 4,
The receiving device, wherein the verification unit calculates an average time obtained by averaging the times in the sections stored in the storage unit as the set time. The receiving device according to claim 4,
The receiving device, wherein the verification unit calculates the set time based on a maximum value of time in each section stored in the storage unit. Receiving a signed transport stream and a verification packet for verifying the signature of the transport stream;
Selecting a specific packet from the transport stream based on information included in the verification packet from the received transport stream, and generating a hash value from the selected transport stream packet;
Collating a hash value included in a verification packet next to the verification packet with the generated hash value;
Verifying a section from the verification packet to the next verification packet based on the verification result,
The step of verifying determines that the section cannot be verified when the next verification packet cannot be received even after a predetermined time has elapsed after receiving the verification packet;
And a signature verification method.

Images