JP3798605B2 - Information distribution method and information distribution apparatus - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a pay broadcasting system, for example.
[0002]
[Prior art]
As digital broadcasting begins with communications satellites (CS), cable TV and terrestrial broadcasting have been digitized, and further enhancement of services is expected. From now on, it will continue to play a leading role in broadcasting services. Seem.
[0003]
The biggest feature of digital broadcasting is that the introduction of information compression technology can improve the frequency usage efficiency required for program transmission, and can greatly increase the number of broadcast channels compared to analog broadcasting. . Further, since advanced error correction technology can be applied, it is possible to provide a high quality and uniform service.
[0004]
Also, digitalization enables not only broadcasting by image and sound as in the past, but also broadcasting by text and data (data broadcasting). For example, news is streamed as text data, and PC software is broadcast. And systems for providing such services are appearing one after another. In addition to conventional stationary devices, mobile devices such as portable information terminals that can be used while moving, mobile terminals installed in automobiles, and other mobile-type receiving devices have also appeared. Yes.
[0005]
When realizing a pay broadcasting service in such a system, it is necessary to be able to manage customers in accordance with the contract period and contract contents, such as transmitting broadcast contents after encrypting them and releasing the scramble based on the contract contents. The customer management in accordance with the contract period is, for example, that a program can be provided on the contract channel only within a contract period contracted by payment of a predetermined fee.
[0006]
Also, key information for scrambled or decrypted by the receiving device must be provided only to legitimate viewers (in accordance with the contract channel and contract period) from the viewpoint of preventing unauthorized viewing. .
[0007]
In order to realize this, conventionally, a master key is prepared for each broadcast receiving apparatus, and a contract form including a work key of a channel subscribed to a reception contracted viewer and channel information that can be viewed is provided. The contract information shown was encrypted with a master key and transmitted over a broadcast wave. Here, the work key is a channel-specific key, and the channel key of the channel transmitted after being encrypted can be decrypted. The channel key is used to descramble (decrypt) the scrambled (encrypted) content.
[0008]
In such a conditional access system, the work key and contract information encrypted with the master key (set for each receiving device) are the limited reception information unique to the receiving device, and the work key (common to multiple receiving devices) It can be said that the channel key encrypted in the above is common conditional access information.
[0009]
Conventionally, even limited reception information that is unique has been transmitted by broadcast waves (unsuitable for transmitting unique information). This is necessary because information on individual subscribers is transmitted to all the subscribers, and not only the transmission bandwidth is unnecessarily occupied, but also information on whether or not the subscribers have received cannot be obtained. It was necessary to send repeatedly for a long period.
[0010]
Furthermore, the work key included in the individual limited reception information is set for each contract period (usually one month), and the limited reception information must be sent individually from the broadcasting station for each period. Because the contract management center does not know whether it was received or not, it had to be sent repeatedly for a certain period. For this reason, the ratio of individual limited reception information in the current limited reception information is considerably large.
[0011]
In order to solve this problem, the receiving device has a bidirectional communication function such as a telephone line, the limited reception information of each receiving device is a bidirectional line, and the common limited reception information such as a channel key is broadcasted. A method of transmitting is conceivable. However, in the current broadcasting business, bidirectional lines are not essential (for receiving regular broadcasts), so some subscribers do not own bidirectional lines for limited reception. Therefore, the above-described method based on a bidirectional line cannot be used for all subscribers. Furthermore, when a detachable mobile phone or the like is used as a bidirectional line, there is a problem that transmission is not possible because it is not connected (for some reason) at the time of limited reception information transmission.
[0012]
On the other hand, when the limited reception information is transmitted through the bidirectional line, the receiving apparatus is currently called from the contract management center. This is in order to avoid the confusion of the line due to the call origination time overlapping by making a call from the receiving device. However, for this reason, the center side must always make a call, and there is a problem that communication costs are incurred. Furthermore, when a mobile phone is used as a two-way line like a mobile receiver, the mobile phone must always be waiting for an incoming call (since it is not known when a call is made from the center), so it consumes power. There is a problem that the amount is large.
[0013]
[Problems to be solved by the invention]
As described above, the conventional conditional access system has a problem that the information to be delivered to each subscriber increases as the number of subscribers increases, and if these are broadcasted, the broadcast band is compressed. It was.
[0014]
In addition, even if delivery is made to each subscriber through two-way communication such as a telephone network, the receiving side does not have such receiving means, or the communication line cannot be connected such as when the receiving side is powered off. Or, because it is necessary to make calls frequently, the burden of communication costs on the transmission side becomes large, or on the receiving side, it is necessary to always be in the waiting state for incoming calls, which increases power consumption and makes it mobile environment There was a problem that it was not suitable.
[0015]
Therefore, in view of such a current situation, the present invention provides an information distribution method capable of providing a highly secure pay broadcast service that can prevent unauthorized viewing without pressing the broadcast band even if the number of subscribers increases. It is another object of the present invention to provide an information distribution apparatus and a broadcast receiving apparatus using the same.
[0016]
[Means for Solving the Problems]
An information distribution method and apparatus according to the present invention is a reception apparatus that receives encrypted content information broadcasted and decrypts content information that can be decrypted, and is necessary for decrypting the content information. For a receiving device that decrypts the broadcast-distributed content information based on decryption control information including information unique to the receiving device and key information necessary to decrypt the content information independent of the receiving device, Broadcasting the key information and distributing individual control information for updating a part or all of the decryption control information stored in the receiving device by bidirectional communication with the receiving device, When the reception of the individual control information at the receiving device is not confirmed, the individual control information is broadcast and distributed.
[0017]
According to the present invention, key information common to all receiving apparatuses is broadcasted, and individual control information for each receiving apparatus is distributed by two-way communication such as a telephone line, and the receipt of the individual control information cannot be confirmed. Since the individual control information is broadcasted at the same time, even if the number of subscribers increases, a large amount of individual control information can be distributed to prevent unauthorized viewing without damaging the broadcast bandwidth. Enables provision of broadcasting services. In addition, since individual control information can be distributed through two-way communication such as a telephone line or broadcast waves, it is stored in the receiving device when the viewing channel is changed (when the contract is updated). When the decryption control information (for example, channel contract information, work key, etc.) is updated, the individual control information is transmitted by reliable bidirectional communication with respect to the receiving device connected to the bidirectional communication line. If not connected, individual control information can be transmitted by broadcast waves. That is, the individual control information can be reliably delivered to the subscriber.
[0018]
Preferably, the individual control information is distributed by broadcasting the command for placing the receiving device in the incoming call waiting state, then calling the receiving device and distributing the individual control information by the bidirectional communication. Only when the receiving device is placed in a waiting state for incoming calls, the power saving of the receiving device can be achieved, and the individual control information can be reliably distributed, and a pay broadcasting system suitable for the mobile environment can be provided.
[0019]
Preferably, in order to distribute the individual control information by the two-way communication, a command for instructing a call from the receiving device is broadcast and distributed, so that the individual control information is obtained by a call from the receiving device side. Even in the case of distribution, it is difficult to connect the line to the information distribution apparatus by managing the generation timing of the call on the information distribution apparatus side, for example, by concentrating the call from the reception apparatus in a certain time zone. This situation can be avoided.
[0020]
Further, preferably, by authenticating the receiving device and then distributing the individual control information by two-way communication, in particular, even when distributing the individual control information by a call from the receiving device side, The individual control information can be distributed safely.
[0021]
Also, the same effect as described above can be obtained by encrypting the key information so that it can be decrypted with other key information generated based on the key generation information broadcasted to the receiving device and broadcasting it.
[0022]
The broadcast receiving apparatus according to the present invention is necessary for decrypting the broadcast-delivered content information in the broadcast-receiving apparatus that receives the encrypted content information broadcasted and decrypts the content information to be decrypted. Storage means for storing decoding control information including information unique to the device itself, and a first distribution apparatus for distributing individual control information for updating a part or all of the decoding control information stored in the storage means A first receiving means for receiving individual control information addressed to the own apparatus distributed by two-way communication or broadcast from the first distribution apparatus; and the first apparatus by two-way communication with the first receiving means. When receiving the individual control information addressed to the reception means, the transmission means for transmitting the receipt to the first distribution device, and the storage means based on the individual control information received by the first reception means Update means for updating the stored decryption control information, and the key information broadcast-distributed from the second distribution device that distributes key information common to all the broadcast receiving devices necessary for decrypting the content information The content information distributed by broadcast is decrypted based on the second receiving means for receiving the information, the decryption control information stored in the storage means, and the key information received by the second receiving means. Features.
[0023]
According to the present invention, each broadcast receiving device transmits key information common to all receiving devices by broadcasting, and individual control information of each receiving device by two-way communication such as a telephone line or two-way communication. If it cannot be received by broadcasting, even if the number of subscribers increases, a large amount of individual control information is distributed, so that it is possible to prevent unauthorized viewing without squeezing the broadcast bandwidth and paying a high level of safety Enables provision of broadcasting services. In addition, since individual control information can be distributed through two-way communication such as a telephone line or broadcast waves, it is stored in the receiving device when the viewing channel is changed (when the contract is updated). When the decryption control information (for example, channel contract information, work key, etc.) is updated, the receiving device connected to the two-way communication line receives the individual control information by two-way communication and is connected for some reason. If not, the individual control information can be received by broadcast waves. That is, each receiving device can reliably receive the individual control information.
[0024]
Preferably, receiving the individual control information by receiving the broadcast-distributed command and placing the own device in a waiting state so that the individual control information distributed from the first distribution device can be received. Only when it is necessary to wait for an incoming call, the power consumption of the receiving device can be reduced, the individual control information can be reliably distributed, and a receiving device suitable for a mobile environment can be provided.
[0025]
Further, preferably, by receiving the broadcast-distributed command and calling the first distribution device to receive the individual control information, the individual control information is obtained by a call from the receiving device side. Even in the case of reception, by managing the generation timing of the call on the first distribution device side, for example, by concentrating on the time zone where the call from the reception device exists, the center (first It is possible to avoid a situation in which it is difficult to connect the line to the distribution device.
[0026]
In addition, it is preferable that the device itself receives the individual control information after being authenticated from the first distribution device, and particularly receives the individual control information by a call from the receiving device side. However, it is possible to safely distribute the individual control information.
[0027]
The key information is also encrypted by being encrypted so that it can be decrypted with other key information generated based on separately received key generation information.
[0028]
DETAILED DESCRIPTION OF THE INVENTION
Embodiments of the present invention will be described below with reference to the drawings.
[0029]
First, terms are defined. Only a limited number of people (hereinafter referred to as legitimate subscribers, subscribers or users) who have applied the prescribed contract / subscription procedure with encryption etc. when receiving broadcast content consisting of one or more channels Permitting broadcast content viewing is generally referred to as limited reception. In addition, systems that implement limited reception are collectively referred to as limited reception systems. In the present embodiment, for example, a conditional access system for pay broadcasting service will be described as an example.
[0030]
In order to perform limited reception, information describing the contract status for each channel for each subscriber is called channel contract information. For example, a channel number is assigned to each channel, and a bit string representing the channel contract state depending on whether or not the bit corresponding to the channel number is “1” as shown in FIG. 2 is the channel contract information. FIG. 2 shows that the second, fifth, seventh and eighth channels are contracted.
[0031]
Furthermore, as shown in FIG. 6, information that restricts channel contract information such as the expiration date of the channel contract information and information that expresses the subscriber contract form in more detail are added to the channel contract information shown in FIG. Thus, channel contract information may be configured.
[0032]
Each subscriber of the pay broadcast service according to the present embodiment has a different contract content (such as a channel to be viewed and a viewing period). That is, in order to enable limited reception to the broadcast receivers possessed by these subscribers, it is necessary to individually distribute the control information of the broadcast receivers based on different contract contents (use conditions) for each subscriber. There is. Such control information is called individual control information. Since the individual control information is distributed in a packet format, in that case, it is also called an individual control packet. This individual control packet corresponds to, for example, EMM (Entitlement Management Message) and EMM-S (Entitlement Management Message for S-band) in the current CS broadcasting standard (reference document “BS Digital Broadcast Limited Reception System Standard ARIB STD-B25”). Radio Industry Association) ”).
[0033]
Broadcast content information (hereinafter, simply referred to as “content”) is encrypted with different key information for each channel, that is, “channel key” here. Therefore, in order to view the content of the desired (contracted) channel in the broadcast receiving device possessed by each subscriber, all subscribers (such as the key information depending on the content information) It is also necessary to distribute control information common to all broadcast receiving apparatuses). Such control information is called common control information. Since the common control information is also distributed in the packet format, in that case, it is also called a common control packet. This common control packet corresponds to, for example, ECM (Entitlement Control Message) and ECM-S (Entitlement Control Message for S-band) in the current CS broadcast standard (reference document “BS Digital Broadcast Limited Reception System Standard ARIB STD-B25”). Radio Industry Association) ”.
[0034]
The broadcast receiving apparatus possessed by each subscriber can receive the individual control information and the common control information, thereby enabling viewing of the content information according to the contract details of each subscriber.
[0035]
Through the following embodiments, a configuration (mainly hardware) that implements a conditional access method inside a reception device is referred to as a conditional access unit or a conditional access chip. Since the limited reception chip includes secret information for limited reception, it is assumed that the internal memory and hardware configuration cannot be easily read, written and changed from the outside. In addition, a limited reception unit is used as a set top box, and a television receiver, a radio, or the like for actually reproducing content information such as audio and video decoded by the set top box is connected to the set top box. The broadcast receiving apparatus may be configured as a whole.
[0036]
In the following description, decrypting encrypted content information using a channel key may be referred to as descrambling.
[0037]
Further, the conditional access system described in the following embodiment mainly includes a broadcast receiving apparatus possessed by a service subscriber and a contract for distributing individual control information, common control information, encrypted content information, etc. to the broadcast receiving apparatus. It is composed of an information distribution device (contract management device) as a management center (sometimes called a center).
[0038]
(First embodiment)
The first embodiment of the present invention is an embodiment in a conditional access system in which each receiving apparatus has an individual master key. Such a limited reception system has a problem that the amount of transmission increases because control information including channel contract information and the like must be encrypted periodically and transmitted separately. However, on the other hand, it has been used in CS broadcasts and others because of its high security, such as the limited scope of damage when the master key is broken. However, as the number of subscribers increases in recent years, the amount of control information to be sent to each receiving apparatus has become enormous, and this embodiment provides this solution.
[0039]
In such a conditional access system, for example, a key configuration as shown in FIG. 3 is adopted. In other words, the work key Kw common to all receiving apparatuses defined for each channel is encrypted with the master key KM of each receiving apparatus and transmitted. Further, the channel key Kch is encrypted using the work key Kw and transmitted. Since the broadcast content is encrypted with a conventional encryption method using the channel key Kch, it can be decrypted with this channel key. Here, the channel key must be changed in a short time of about 10 minutes in order to prevent decryption. If an individual master key is used to transmit this, the amount of transmission becomes enormous. Therefore, it is necessary to use a work key common to all receiving apparatuses. Also, since it is dangerous to use the same key in units of months, it is necessary to change the work key, and this is a mechanism that encrypts it with an individual master key. Thus, even if the master key is known, free viewing can be prevented by changing the work key.
[0040]
The data received from the broadcast wave by the broadcast receiving apparatus used in the conditional access system according to the first embodiment are three types of content packets, common control packets, and individual control packets.
[0041]
The content packet has the packet format shown in FIG. 4 and includes an information identifier, a channel identifier, a channel key identifier, and scrambled (encrypted) broadcast content. The information identifier indicates the type of the packet, and here, an identifier indicating a content packet is described. The channel identifier indicates which channel the broadcast content is. The channel key identifier indicates an identifier of a channel key for decoding the broadcast content. The broadcast content is raw program data and is encrypted with the channel key Kch specified by the channel key identifier. It is assumed that all information (data) described in the present embodiment is expressed in a fixed length.
[0042]
The common control packet described here is a common control packet for channel key distribution, and has an information identifier, a work key identifier, a channel identifier, a channel key identifier (1), a channel key (1), a packet format shown in FIG. It consists of a channel key identifier (2) and a channel key (2), and the part from the channel identifier to the channel key (2) is encrypted with the work key indicated by the work key identifier. The information identifier indicates the type of the packet. Here, an identifier indicating a common control packet (common control packet for channel key distribution) is described. The channel identifier indicates which channel the common control packet belongs to. The work key identifier is information indicating which work key Kw is used to encrypt the common control packet. The channel key identifier is an identifier of a channel key described next. The channel key indicates a channel key used for encrypting broadcast content of the channel specified by the channel identifier.
[0043]
Here, there are two sets of channel key identifier and channel key. Since the channel key is changed in a relatively short time as described above, it is necessary to smoothly switch the channel key. This is because the channel key to be used next time is sent simultaneously. Of course, the transmission of two sets in this manner does not directly affect the present invention, and therefore one set may be used.
[0044]
In the present embodiment, there are two types of individual control information: a case where the individual control information is distributed via a modem from a bidirectional communication line using a public network (telephone network) or the like, and a case where the individual control information is distributed by a broadcast wave. In any case, the individual control information is transmitted in the packet format in the same way as the common control information, but the format is slightly different.
[0045]
The individual control packet transmitted through the two-way communication line is an individual control packet for contract information distribution configured as shown in FIG. 7A, and includes an information identifier, a master key identifier, and encrypted contract information. ing. The information identifier indicates the type of the packet, and here, an identifier indicating that it is an individual control packet for contract information distribution is described. The master key identifier is identification information of a master key that can decrypt the individual control packet. If the master key identifier is correctly transmitted and received, the master key identifier of the receiving apparatus that should receive the packet is described here.
[0046]
The individual control packet distributed by broadcast is also the individual control packet for contract information distribution, and the point that the receiving device ID is added to the unencrypted part as shown in FIG. Different from the individual control packet (see FIG. 7A). This receiving device ID is information indicating which receiving device the individual control packet is addressed to, and is indispensable information because the master key (decrypting this packet) differs for each receiving device.
[0047]
As shown in FIG. 5, the contract information includes a receiving device ID, channel contract information, the number n of work keys, a pair of n work keys and work key identifiers, and a digital signature. The receiving device ID is an identifier of a receiving device that should receive the contract information, and is an ID that matches the receiving device ID in the limited receiving unit 100 inside the receiving device if it is normally transmitted and received. The channel contract information indicates a channel that can be received by the receiving apparatus having the receiving apparatus ID. Here, for example, the channel contract information includes channel contract information and its expiration date as shown in FIG. The work key identifier (i) is an identifier of the subsequent work key (i). In this embodiment, since the work key is set for each channel, a set of a work key and a work key identifier corresponding to the channel contract information is entered. The digital signature is information for confirming the validity of the contract information (particularly channel contract information), and is mainly used for preventing forgery.
[0048]
In the first embodiment, since all of these pieces of information are data expressed in a fixed length, the algorithm for extracting each piece of information from the received packet will not be described again.
[0049]
Next, the configuration and processing operation of the broadcast receiving apparatus (hereinafter sometimes simply referred to as a receiving apparatus) according to the first embodiment will be described. FIG. 1 shows a configuration example of a main part of a broadcast receiving apparatus. First, an individual control packet reception processing operation by bidirectional communication shown in FIG. 9 will be described with reference to FIG.
[0050]
The broadcast receiving apparatus in FIG. 1 responds to a call from the center via the modem unit 101, thereby establishing a session for transmitting / receiving the individual control packet via the bidirectional communication line (step S1). . When the transmission / reception unit 102 receives the individual control packet as shown in FIG. 7 (a) and recognizes from the information identifier that the packet is for contract information distribution, the transmission / reception unit 102 transmits the packet to the individual control information decoding unit. 104, and a master key identifier is acquired from the packet (steps S2 and S3). If the acquired master key identifier is not a master key identifier corresponding to the master key stored in the master key storage unit 103, an error is transmitted to the center using the established session (steps S3 and S10). ). When it is a corresponding master key identifier (step S3), the contract information included in the received packet is decrypted using the master key output from the master key storage unit 103 (step S4) (step S5).
[0051]
The work key and its identifier included in the decrypted contract information are stored in the work key storage unit 105 (step S11). Also, the receiving device ID included in the contract information is compared with the receiving device ID stored in the receiving device ID storage unit 106, and if they do not match, an error is output to the center via the transmitting / receiving unit 102 ( Step S6, Step S12). If they match, the contract information authentication unit 107 uses the key information stored in the digital signature verification key storage unit 108 (for example, the channel contract information or the part other than the digital signature in the contract information shown in FIG. Is encrypted with the key information, and the digital signature of the contract information is verified (by comparing the result with the digital signature in the contract information) (step S7). An error is returned to the center via the unit 102 (step S13).
[0052]
If the verification is successful, the channel contract information is stored in the contract information storage unit 121 (step S8), and then a receipt notification indicating that the update of the contract information has been normally completed is transmitted to the center and the process ends (step S9).
[0053]
Here, the digital signature verification process in the contract information authentication unit 107 will be described. The digital signature here can be roughly divided into two. One is a common key cipher, which has a common encryption algorithm and a common secret key in the center and the receiving device, sequentially encrypts the contract information with the secret key in block units, and the last block This is a digital signature method. Here, sequential encryption is an encryption method in which the previous block affects the encryption of the current block. For example, the present block can be realized by encrypting the current block with a secret key, and using the exclusive OR of the encrypted result and the encrypted result of the previous block as the encrypted result of the current block. When this method is used, even if a block in the middle is falsified, a different digital signature is generated (in most cases), so falsification is detected.
[0054]
Signature verification by common key cryptography can be done at high speed In addition, although the circuit scale may be small, the receiving apparatus has the same information as the center, and is therefore vulnerable to hacking and the like. In addition to the above-described technique, there is known a technique for calculating the feature amount of the entire data to be signed, called a hash value, and encrypting the value for the digital signature. The hash value is calculated from the entire data, and if the data is changed even by one bit, the hash value is not only significantly different, but it is difficult to create data having the same hash value. Because of this property, tampering detection is possible. The hash value is fixed length data and is created by a hash function.
[0056]
The other is a method using public key cryptography, in which a signature signed with a private key is verified with the public key. Here, since it is extremely difficult to derive a secret key from a public key, even if the receiving device is hacked and the public key is extracted, it is characteristic that falsification is considerably difficult. This method is extremely safe, but it is not only low speed but also has the disadvantage of increasing the circuit scale.
[0057]
Due to the superior nature of the digital signature, it can be said that the receiving apparatus authenticates the information distribution apparatus (also referred to as the contract management apparatus) (through the digital signature added to the individual control packet). However, a digital signature is not essential to solve the problems considered in the present invention. That is, the digital signature is not essential in the individual control packet of the present invention, and the present invention can be implemented without contradiction even in a configuration in which the digital signature is removed from the individual control packet.
[0058]
Next, a processing operation in which the broadcast receiving apparatus in FIG. 1 receives common control information, content information, and common control information from a broadcast wave will be described with reference to flowcharts shown in FIGS. When the receiving device 111 receives the broadcast wave transmitted from the center and obtains an electrical signal (step S21), the A / D converter 112 converts the analog signal from the analog signal into a digital signal. Conversion into digital data (step S22, step S23). After the digital data is sent to the error detection / correction unit 113 and predetermined error detection / correction is performed (step S24), any one of the content packet, the common control packet, and the individual control packet is referred to by referring to the information identifier of the received packet. Is determined, and the process branches accordingly.
[0059]
Incidentally, the channel selection interface (I / F) 115 acquires the channel identifier currently being viewed, and the acquired channel identifier is passed to the channel selection unit 114 and the channel information input unit 123 (see FIG. 12). Step S51 to Step S53).
[0060]
If it is a content packet (step S25), the channel selection unit 114 obtains the channel currently being viewed via the channel I / F 115, and based on this, only the content packet of the viewing channel is filtered by the limited reception unit 100. It passes to the part 116 (step S28). The filter unit 116 sends this to the descrambling unit 120 (step S29).
[0061]
On the other hand, if it is a common control packet (step S26), it is sent to the common control information decoding unit 117 by the filter unit 116 via the channel selection unit 114, and decoding is started (step S41).
[0062]
Next, processing for content packets will be described in detail with reference to the flowchart of FIG. The channel identifier and the channel key identifier are separated from the content packet sent to the descrambling unit 120 in step S 29 of FIG. 10, and they are passed to the channel key output unit 119. The descrambling unit 120 requests the channel key output unit 119 to output a channel key.
[0063]
The channel key output unit 119 extracts the channel key of the reception channel currently being viewed from the channel key storage unit 118 based on the contract determination for the channel identifier in the contract determination unit 112. That is, as shown in FIG. 12, the contract determination unit 122 acquires the channel identifier of the channel currently being viewed from the channel information input unit 123 (step S54), and is already stored in the contract information storage unit 121. Referring to the channel contract information as shown in FIG. 2, if the bit corresponding to the acquired channel identifier is “1”, a “permitted” signal is sent, and if it is “0”, a “not permitted” signal is sent to the channel key output unit. It sends to 119 (step S55). The channel key output unit 119 obtains a channel key having the channel key identifier extracted from the content packet from the channel key storage unit 118 from the channel key storage unit 118 if the sent determination result is “permitted”. The data is passed to the scramble unit 120 (step S57). If the determination result is “non-permitted”, the processing relating to the content packet is terminated.
[0064]
When the descrambler 120 receives the channel key from the channel key output unit 119, the descrambler 120 decrypts and outputs the encrypted content information included in the content packet using the channel key (steps S31 to S33 in FIG. 11).
[0065]
Next, the process for the common control packet will be described with reference to the flowchart shown in FIG. The common control packet is sent from the filter unit 116 to the common control information decoding unit 117 (step S41 in FIG. 10). Here, the work key is acquired from the work key storage unit 105 based on the work key identifier included in the unencrypted part of the common control packet (step S42 in FIG. 13). If the work key cannot be acquired, the process ends. When the work key is acquired, the encryption unit of the common control packet is decrypted with the work key (step S44). The channel key Kch is acquired from the encrypted common control packet encryption unit, and stored in the channel key storage unit 118 (step S45).
[0066]
Next, processing for the individual control packet will be described with reference to the flowchart shown in FIG. The individual control packet is sent from the filter unit 116 to the individual control information decoding unit 104 (step S61 in FIG. 10). Here, the receiving device ID is extracted from the individual control packet (its unencrypted portion) and collated with the receiving device ID of the own device stored in the receiving device ID storage unit 106 (step S62 in FIG. 14). If the extracted receiving device ID does not match that of its own device, the processing of this packet is terminated. If they match, the master key is acquired from the master key storage unit 103 using the master key identifier extracted from the received packet (its unencrypted unit) as a key. Further, the contract information in the individual control packet is decrypted using the master key (step S63), and the work key and its identifier are extracted from the contract information (see FIG. 5) obtained by decryption, and the work key storage unit It stores in 105 (step S64).
[0067]
Next, the decrypted contract information is sent to the contract information authentication unit 107. In the contract authentication unit 107, the part other than the digital signature of the contract information is stored in the digital signature verification key storage unit 108, so that the digital signature is encrypted by using the digital signature verification key and the digital signature is obtained. The digital signature is verified based on whether or not it matches the digital signature (step S65). If the verification is successful, the channel contract information in the contract information is stored in the contract information storage unit 121, and the process ends (step S66). If the verification fails, the channel contract information may have been forged or broken due to poor reception, and the process ends without storing.
[0068]
As described above, according to the broadcast receiving apparatus according to the first embodiment, when individual control information is received by two-way communication such as a telephone line, and when received by broadcast waves is received. Therefore, when changing the viewing channel (when updating the contract), when updating the channel contract information stored in the receiving device, it is connected to the two-way communication line. With respect to the receiving device, the individual control packet can be transmitted by reliable two-way communication, and when the connection is not established for some reason, the individual control packet can be transmitted by a broadcast wave.
[0069]
In the first embodiment, only the configuration of the broadcast receiving apparatus is shown (the information distribution apparatus according to the first embodiment will be described in the fifth embodiment), but the individual control information as described above is bidirectional. Distribution by both communication and broadcasting enables, for example, a channel contract even for a broadcast receiving apparatus that does not have a bi-directional communication function (such as a cellular phone or the like) (without the modem unit 101 and the transmission / reception unit 102 in FIG. 1). Information can be updated reliably.
[0070]
(Second Embodiment)
Next, some variations are described. In the first variation, prior to transmitting the individual control information from the center using the bidirectional communication line, a command to turn on the power of the bidirectional communication function (for example, the mobile phone function) on the receiving device side is transmitted by broadcast waves. Is.
[0071]
By doing so, it is not necessary for the receiving apparatus side to always be in the power-on state (waiting for incoming call) for the individual control information that does not know when the incoming call arrives, and power saving can be realized. Such power saving is important in a mobile environment where batteries are the main power source.
[0072]
FIG. 15 shows the configuration of the main part of the broadcast receiving apparatus according to the second embodiment. In FIG. 15, the bidirectional communication function corresponds to the transmission / reception unit 102 and the modem unit 101 and later. Since the limited reception unit has a feature, the detailed configuration of the bidirectional communication function unit and the description thereof are omitted, and only the configuration related to the operation for performing power on / off control of the function will be described. For example, a bidirectional communication function unit can be configured by connecting a mobile phone to the transmission / reception unit 102 using a predetermined connection cable.
[0073]
In FIG. 15, the configuration unit related to the reception process of the individual control packet transmitted by the broadcast wave is different from the first embodiment. Actually, since the reception procedure of the common control packet is the same as that of the first embodiment, only the difference, that is, the configuration of the individual control packet received from the broadcast wave and the reception processing operation will be described below. .
[0074]
In the second embodiment, there are two types of individual control packets received by broadcast waves, one for contract information distribution and one for command distribution. Since the individual control packet for contract information distribution is the same as that of the first embodiment (see FIG. 7B), here, the individual control packet for command distribution (hereinafter also referred to as command packet). I will explain only.
[0075]
As shown in FIG. 16, the command packet includes an information identifier and a command body. As shown in FIG. 17, the command body is roughly divided into the number of command identifiers, the number of receiving device IDs, and the number of receiving device IDs, followed by a digital signature. The digital signature is attached to the number of receiving device IDs and the arrangement of receiving device IDs to prevent forgery. The command identifier here is, for example, a “power on” command for starting the supply of power to the bidirectional communication function of the broadcast receiving apparatus so as to make it ready for incoming calls (waiting for incoming calls). This is a command identifier for identifying this. Hereinafter, a command packet that distributes a “power-on” command is referred to as a power-on command packet.
[0076]
FIG. 18 is a flowchart for explaining the reception processing operation of the individual control packet by the broadcast wave of the broadcast receiving apparatus shown in FIG. Hereinafter, the processing flow will be described with reference to FIG.
[0077]
First, a packet is passed from the filter unit 116 to the individual control information decoding unit 104. If the information identifier of the packet is referred to and the packet is an individual control packet for contract information distribution, the same processing as in the first embodiment (see FIG. 14) is performed (steps S71 to S76). ).
[0078]
When the packet is a command packet, the individual control information decoding unit 104 refers to the command identifier in the packet and checks whether the packet is a power-on command packet (step S77). If the packet is not a power-on command packet, the process ends.
[0079]
If it is a power-on command packet, the receiving device ID of the own device stored in the receiving device ID storage unit 106 and the receiving device ID in the packet are collated one by one (step S78). If the receiving device ID of the own device is not included in the packet, the process is terminated. If included, the packet is sent to the individual control information authentication unit 107.
[0080]
The individual control information authenticating unit 107 acquires a verification key from the digital signature verification key storage unit 108 and verifies the digital signature (step S79). If the verification of the digital signature fails, the process is terminated. If the verification is successful, the power management unit 125 starts supplying power to the function units related to the bidirectional communication function such as the modem unit 101 and the transmission / reception unit 102 (power on The power management unit 125 receives the signal and starts supplying power to these function units to always wait for an incoming call (step S80).
[0081]
In step S80, the bidirectional communication function enters the incoming call waiting state, and then the broadcast receiving apparatus receives the individual control packet for contract information distribution via the bidirectional communication line in the procedure as shown in FIG. be able to.
[0082]
The power supply here means standby power supply (power) for waiting for an incoming call on a bidirectional communication line, but depending on the configuration, the power can be turned on (or off) for other components by the command packet. It becomes. Note that the power management unit 125 turns off the power that is turned on in this embodiment after receiving a separate control packet for contract information distribution via a bidirectional communication line or after a certain period even if it is not received. Is desirable.
[0083]
As described above, by transmitting the individual control packet separately for the broadcast wave and the communication, it is possible to configure a conditional access system that is effective in terms of bandwidth reduction and power saving. This is the end of the description of the first variation.
[0084]
(Third embodiment)
A second variation of the first embodiment will be described. This is a variation related to a method of making a call from the broadcast receiving apparatus side in order to transmit individual control information from the center using a bidirectional communication line. When a call is made from the receiving device side, the call may not be received by the center side system because the calls are not uniformly distributed. The present embodiment is intended to solve this problem. Furthermore, in this embodiment, there is provided means for authenticating whether or not the receiving device that is calling is valid. Authentication is not necessarily required for the purpose of making the calls uniform, but unlike the center call as in the first to second embodiments, the authenticity of the receiver is authenticated in the case of a receiver call. It is difficult to maintain safety without authentication means.
[0085]
The structure of the principal part of the broadcast receiving apparatus which concerns on 3rd Embodiment is shown in FIG. In FIG. 19, the processing operation for receiving the individual control packet distributed by the broadcast wave is different from the case of the first embodiment. Therefore, only the configuration of the individual control packet received from the broadcast wave and its reception processing operation will be described below.
[0086]
In the third embodiment, as in the second embodiment, there are two types of individual control packets received by broadcast waves: contract information distribution and command distribution (command packet). The data configuration of the individual control packet for contract information distribution is the same as that described in the first embodiment (see FIG. 7B), and the configuration of the command packet is also described in the second embodiment (FIG. 16 and FIG. 17), except that the command identifier is an identifier of a command for instructing the broadcast receiving apparatus to make a call to the center. Hereinafter, such a command is called a call command, and the packet is called a call command packet.
[0087]
FIG. 20 is a flowchart for explaining the reception processing operation of the individual control packet by the broadcast wave of the broadcast receiving apparatus of FIG. 19, and the processing flow will be described along FIG. 20 based on FIG.
[0088]
First, the individual control packet received by the broadcast wave is passed from the filter unit 116 to the individual control information decoding unit 104. With reference to the information identifier of the packet, if the packet is a packet for contract information distribution, the same processing as in the first embodiment (see FIG. 14) is performed (steps S91 to S96).
[0089]
If the packet is a command packet, it is checked whether or not the packet is a call command packet with reference to the command identifier in the packet (step S97). If the packet is not a call command packet, the process ends.
[0090]
If the packet is a call command packet, the receiving device ID of the own device stored in the receiving device ID storage unit 106 and the receiving device ID in the packet are collated one by one (step S98). If the receiving device ID of the own device is not included in the packet, the process is terminated. If it is included, the packet is sent to the individual control information authentication unit 107.
[0091]
The individual control information authenticating unit 107 acquires a verification key from the digital signature verification key storage unit 108 and authenticates the digital signature (step S99). If the verification of the digital signature fails, the process is terminated. If the verification is successful, a signal to instruct the center calling unit 162 to make a call to the center is sent to the center calling unit 162. A call is made to the center through the modem unit 101 (step S100).
[0092]
Thus, in a conditional access system that transmits individual control packets using both broadcast waves and bidirectional communication, a bidirectional communication line is connected between the receiving device and the center by a call from the receiving device side. In this case, the call from the receiving device is instructed from the center side, and the generation timing of the call is managed on the center side, for example, by concentrating on a certain time zone of the call from the receiving device, It is possible to avoid a situation in which it is difficult to connect the line to the center.
[0093]
Next, processing operations from when the broadcast receiving apparatus makes a call to the center until receiving the individual control packet will be described. As shown in FIG. 21, a packet transmitted and received by bidirectional communication between the center and the broadcast receiving apparatus is composed of an information identifier and an information main body. It can be classified into three packets according to the difference in the information body. Here, for example, a packet similar to the individual control packet shown in FIG. 7A (hereinafter, this packet is referred to as an individual control packet to distinguish the other two types of packets), a challenge packet, and a response There is a packet.
[0094]
The individual control packet includes an information identifier, a master key identifier, and encrypted contract information as shown in FIG. Here, the contract information is the same as in FIG. As shown in FIG. 23, the challenge packet includes an information identifier for identifying that it is a challenge packet, a challenge number, and a challenge information body. The challenge number is a question from the center called a challenge to the receiving device. And the problem management number. The challenge assumed in the present embodiment is a challenge for inquiring a receiving apparatus ID, a challenge for inquiring a master key identifier, and a challenge for creating a signature with a secret key (specific to each receiving apparatus) in challenge information. In addition to this, there may be a challenge in which the encrypted challenge information is decrypted with the secret key and the decryption result is responded. Here, if the target data is necessary, such as a challenge for signing with a secret key, it is described in the challenge information body and transmitted.
[0095]
The basics of challenge and response are to ask questions not to use information that can only be known by the broadcast receiver and the center, and to answer the question accurately. It is to confirm that it is a legitimate device (registered).
[0096]
As shown in FIG. 24, the response packet includes an information identifier for identifying the response packet, a challenge number, a challenge information body, and a response information body. It is assumed that the response information body has a format determined by the challenge number (similar to the challenge information body).
[0097]
FIG. 25 is a flowchart showing the processing operation after the receiving apparatus receives the call command. Hereinafter, the processing flow will be described with reference to FIG. First, a call is made from the receiving apparatus to the center (step S101), and when the bidirectional communication line is connected between the receiving apparatus and the center, an individual control packet is transmitted from the center. The inter-center communication analysis unit 151 of the receiving apparatus receives the individual control packet via the connected bidirectional communication line, the modem unit 101, and the inter-center communication unit 152 (step S102). The received packet is passed to the center-to-center communication analysis unit 151, where the type of packet is identified from the information identifier of the packet.
[0098]
When the received packet is a challenge packet (step S103), the inter-center communication analysis unit 151 passes it to the response creation unit 152 (step S106). If it is an individual control packet for contract information distribution (step S104), it is passed to the individual control information decoding unit 104 (step S107), and the same processing as in the first embodiment (steps S3 to S9 in FIG. 9). ), The contract information is authenticated and stored (step S108). If the received packet is neither of the above, it is transmitted as an error to the center via the bidirectional communication line (step S105).
[0099]
Next, response packet creation and transmission processing operations will be described with reference to the flowchart shown in FIG. The response creation unit 152 refers to the challenge number in the challenge packet and confirms the type of challenge. If it is a challenge for inquiring about the receiving device ID (step S111), the receiving device ID is extracted from the receiving device ID storage unit 106 (step S115), and the receiving device ID is converted into a predetermined response information format. Is created (step S116) and transmitted to the center (step S117). When it is a challenge to inquire about the master key identifier (step S112), the master key identifier is acquired from the master storage unit 103, a response packet is created as described above, and transmitted to the center (steps S118 to S120).
[0100]
If it is a signature creation challenge (step S113), the challenge information body, which is data to be signed, is acquired from the received packet (step S121), and the secret key is acquired from the secret key storage unit 153 (step S121). S122) A signature for the challenge information body is created (step S123). The created signature is converted into a response information body format according to a predetermined format, and transmitted to the center in a response packet format as shown in FIG. 24 (steps S124 to S125). If the transmitted challenge information does not apply to any of the above three methods, an error is transmitted to the center (step S114).
[0101]
With the above processing, the center side can transmit the individual control packet after confirming the validity of the receiving device from the received response packet. In the present embodiment (as described in the first embodiment), it can be said that the receiving apparatus recognizes the information distribution apparatus (center) side by the digital signature attached to the individual control packet. For this reason, it is possible to consider that mutual authentication is performed between the receiving apparatus and the center according to the present embodiment. However, as described in the first embodiment, such a form is not essential in the present invention, and an embodiment in which the center side recognizes the receiving apparatus as in the present invention is essential.
[0102]
This is the end of the description of the second variation.
[0103]
In the conditional access system that can make a call for transmitting the individual control packet by bidirectional communication between the receiving device and the center, the conditional access system that satisfies the second and third embodiments at the same time. Can also be implemented. This is because both variations are different from each other only in the type of command (command identifier) and are independent of each other, so that both can be executed simultaneously. In this sense, the first and second embodiments can be regarded as embodiments in which a command packet for each receiving apparatus is transmitted by broadcasting and an individual control packet for contract information distribution is transmitted by bidirectional communication.
[0104]
In the above embodiment, main processing is performed only in the conditional access unit 100, but there is also an idea that only the descrambling unit 120 is mounted outside the conditional access chip. The descrambling unit 120 must decode in real time (because it decodes the broadcast content), and therefore requires high-speed processing. However, the other parts do not always have to operate, and since there is some margin in processing time, this is often advantageous in implementation. Furthermore, when sharing the receiving device with other broadcasts, the broadcast content is scrambled for all broadcasts, and only the limited receiving unit 100 (which wants to keep confidential information in each broadcast) is attached and detached. A possible mounting method is possible on a possible medium. It is added that the above-described implementation is possible in the embodiment described above and the embodiment described below.
[0105]
(Fourth embodiment)
The fourth embodiment is a case of a conditional access system in which all broadcast receiving apparatuses have a common master key. In the conditional access system in the fourth embodiment, since the master key is common to all broadcast receiving apparatuses, the master key (common to all receiving apparatuses) plays the role of the work key in the first embodiment. As shown in FIG. 28, it has a simple key configuration with no work key. Since such a conditional access system has a simple configuration, it is very useful in terms of reducing the transmission amount of individual control information (assuming transmission on a broadcast wave) (see JP-A-11-243536). However, since the master key is common, the channel keys of all the channels are received equally by any broadcast receiving device, and therefore, only the channel contract information depends on the limited reception.
[0106]
The structure of the principal part of the broadcast receiving apparatus which concerns on 4th Embodiment is shown in FIG. In the fourth embodiment, as in the case of the first embodiment, an individual control packet as shown in FIG. 7 is used. However, since there is no work key in the fourth embodiment, the contract information has a configuration including a receiving apparatus ID, channel contract information, and a digital signature as shown in FIG. In addition, two types of common control packets are used: a common control packet for master key generation information distribution (see FIG. 30A) and a common control packet for channel key distribution (see FIG. 30B).
[0107]
The common control packet for channel key distribution is the same as in the case of the first embodiment (see FIG. 8). As shown in FIG. 30A, the common control packet for distributing master key generation information includes an information identifier, a master key identifier, master key generation information, and a digital signature.
[0108]
Here, the information identifier is information indicating that the packet is a common control packet for distributing master key generation information, and is used to distinguish it from other packets. The master key identifier is an identifier of a master key generated from the following master key generation information. The digital signature is for preventing forgery of the master key generation information. Like the digital signature used in the first embodiment, there are a secret key encryption method and a public key encryption method. May be.
[0109]
Next, the configuration and processing operation of the broadcast receiving apparatus in FIG. 27 will be described. Since the processing operation of the broadcast receiving apparatus according to the fourth embodiment has many parts overlapping with those of the first embodiment, only the different parts will be described.
[0110]
The common control packet reception processing operation will be described with reference to the flowchart shown in FIG. In FIG. 31, the reception apparatus receives the common control packet, and starts when the common control packet is passed from the filter unit 116 to the common control information decoding unit 117.
[0111]
First, the common control information decoding unit 117 refers to the information identifier of the received packet and determines whether the packet is for channel key distribution (step S301). If it is a common control packet for channel key distribution, a master key identifier is extracted from the unencrypted portion of the packet, and a master key having the master key identifier is obtained from the master key storage unit 105 (step S302). The encrypted part of the packet is decrypted using the acquired master key (step S303). The channel key obtained as a result of the decryption is stored in the channel key storage unit 118, and the process ends.
[0112]
On the other hand, if the received packet is a common control packet for distributing master key generation information (step S305), the master key identifier is extracted from the packet, and the master key corresponding to the master key identifier exists in the master key storage unit 103. It is determined whether or not to perform (step S306). If it already exists, it ends there. If it does not exist, a new master key is generated next.
[0113]
First, the master key generation information verification unit 181 verifies the digital signature included in the packet (step S307). If the verification is unsuccessful, the master key generation information verification unit 181 ends. If the verification is successful, the master key generation information verification unit 181 includes the packet. A master key is generated from the master key generation information in accordance with a predetermined algorithm (step S308), the generated master key is stored in the master key storage unit 103, and the process ends (step S309).
[0114]
Here, a little explanation of master key generation information and master key generation processing has to be made. The master key generation information is, for example, random number seed information for generating a master key, and generates a master key by means of random number generation using a random number seed and a predetermined algorithm and parameters of the master key generation unit 182. Since the generation is performed in tamper-resistant hardware, there is no security problem even if the master key generation information remains unencrypted.
[0115]
The operation is similar to that of the first embodiment from the reception of the individual control packet transmitted by bidirectional communication.
[0116]
Note that variations (second and third embodiments) of the first embodiment can also be applied to the fourth embodiment.
[0117]
(Fifth embodiment)
In the fifth embodiment, an information distribution apparatus (also referred to as a contract management center apparatus or a contract management apparatus) provided on the center side for distributing the individual control packet common control packet to the broadcast receiving apparatus according to the first embodiment. Will be described.
[0118]
FIG. 32 shows a configuration example of a main part of the information distribution apparatus according to the fifth embodiment. Hereinafter, the information shown in FIG. 32 along the flowcharts shown in FIGS. 35 to 39 with reference to FIG. The configuration and processing operation of the distribution apparatus will be described.
[0119]
In FIG. 32, the subscriber database (DB) 202 stores the subscriber data of all subscribers. As shown in FIG. 33, the data structure of the subscriber data includes a subscriber ID, a receiving device ID, a master key identifier, a master key, channel contract information, a transmitted flag, a broadcast transmission flag, and a calling number. One piece of subscriber data.
[0120]
The subscriber ID is a management number added to each subscriber. In the present embodiment, it is assumed that numbers from 1 to “MAXID” are assigned for simplicity. The receiving device ID indicates the receiving device ID of the subscriber indicated by the subscriber ID. The master key identifier is an identifier of a master key currently existing in the subscriber's receiving device (master key storage unit 103), and the master key is a master key corresponding to the master key identifier. The channel contract information represents the contract status of the subscriber, as shown in FIGS. The transmitted flag is a flag indicating whether or not the channel contract information has been transmitted to the subscriber by two-way communication, and is not transmitted when “0”, and has been transmitted when “1”. The broadcast transmission flag is a flag indicating whether or not the channel contract information of the subscriber data should be broadcasted. When the value is “0”, it indicates that broadcast distribution is not necessary. It is necessary to do.
[0121]
Here, it is assumed that the individual control packet is first distributed by two-way communication. At that time, normal reception is not performed even though a number of attempts are made to the receiving device to receive the individual control packet. When an error is returned or no response is received, the distribution of the individual control packet is switched to broadcast distribution. Let N be the number of calls allowed before switching the distribution of individual control packets to the broadcast receiving apparatus from bidirectional communication to broadcast distribution. Further, it is assumed that the calling number is a telephone number of a bidirectional communication line connected to the receiving device of the subscriber.
[0122]
First, the processing operation when transmitting the individual control packet in the information distribution apparatus of FIG. 32 by bidirectional communication will be described along the flowchart shown in FIG. This process is periodically started by the individual control information control unit 206 every time the work key is updated.
[0123]
Upon receiving the individual control packet creation instruction from the individual control information control unit 206, the individual control information creation unit 203 sets the variable k = 0 (step S3301a), i = 1 (step S301b), and the subscriber whose subscriber ID is i. It is checked whether or not the data exists in the subscriber DB 202 (step S302). The process when it does not exist will be described. If not, the process proceeds to step S313, i is incremented by 1, and after confirming that i does not exceed “MAXID” (step S314), the process returns to step S302, and the subscriber ID is set with the new i. To check.
[0124]
If i exceeds “MAXID” in step S314, this means that the processing for all the subscriber data has been completed, so that the process proceeds to step S315, where all subscriber DBs 202 are searched. It is checked whether there is untransmitted subscriber data (whether there is subscriber data whose transmission flag is “0”). If there is untransmitted subscriber data, k (meaning k-th search of subscriber data in the subscriber DB 302) is incremented by 1 (step S316), and k is N (maximum number of calls). ) (Step S317), for the subscriber whose subscriber data transmission flag is “0” at that time, the individual control packet is abandoned by bidirectional communication, and the transmission flag is “0”. The broadcast transmission flags of the subscriber data of all the subscribers “1” are set to “1”, and the process ends (step S318). If k does not exceed 1, the process returns to step S301b, i = 1 is set, and the subsequent processing is repeated. In step S315, if there is no subscriber record whose untransmitted flag is “0”, the process ends. If k does not exceed N, i = 1 is set and the algorithm is executed from the beginning. If there is no untransmitted subscriber data, the process ends.
[0125]
In step S302, if there is subscriber data with the subscriber ID i, the transmission completion flag in the subscriber data is referred to. If it is “1”, the transmission has been completed. If i does not exceed “MAXID” (step S314), the process returns to step S302 to return to the presence check of the subscriber ID. It should be noted that the process of checking the presence of a subscriber ID while incrementing i by 1 until this "MAXID" is exceeded is a process that frequently appears below, and is therefore referred to as an increment process in the following description for simplicity. .
[0126]
In step S302, when there is subscriber data of subscriber ID = i, referring to the transmitted flag of the subscriber data, if it is “1”, i is incremented by one because i has already been transmitted and the subscriber ID Return to the existence check. When the transmitted flag is “0”, the individual control information creation unit 203 acquires a necessary work key from the work key DB 210 based on the channel contract information of the subscriber data (step S304). Here, since it is assumed that work keys are set for each channel (as described in the first embodiment), it is necessary to obtain a work key for the contracted channels.
[0127]
The individual control information creation unit 203 creates a contract information body other than the digital signature from the acquired work key, the receiving device ID of the subscriber data, and the channel contract information, and is stored in the digital signature generation key storage unit 205. Using the digital signature generation key, this contract information body or the contract information body and a hash value as a feature amount thereof are encrypted to create a digital signature to create the contract information as shown in FIG. To do. Further, the created contract information is encrypted with the master key in the subscriber data, and a master key identifier and an information identifier are added to create an individual control packet as shown in FIG. 7A (step S305). .
[0128]
The created packet is transferred to the transmission / reception control unit 207 together with the calling number in the subscriber data via the individual control information control unit 206, and the transmission / reception control unit 207 uses the calling number to transmit the subscriber's data. The broadcast receiving apparatus shown in FIG. 1 is called (step S306). If the receiving apparatus does not return a response to this call (step S307), a reception error is output from the error output unit 215 (step S308), the process proceeds to step S313, and increment processing is performed. Move processing to subscriber data.
[0129]
In step S307, when a response is returned from the receiving device to the call, the created individual control packet is transmitted by a predetermined protocol (step S307). When there is a receipt notification from the receiving device for a certain period after transmission (step S310), the individual control information control unit 206 sets the transmitted flag of the subscriber data to “1” (step S312), and goes to step S313. After performing the advance increment process, the process moves to the next subscriber data.
[0130]
As described in the increment processing section, this processing confirms that i exceeds “MAXID” and that all subscriber data has been transmitted (step S315), or k exceeds the predetermined value N and is individually When the distribution of the control packet by bidirectional communication is given up, the process is terminated (step S318).
[0131]
Next, the transmission processing operation for transmitting the common control packet and the individual control packet by broadcasting in FIG. 32 and the components related to this transmission processing operation will be described with reference to the flowchart shown in FIG. This process is started simultaneously with the start of broadcasting, and is repeated without interruption while the broadcasting continues. First, the common control information creation unit 209 searches the channel key database (DB) 211 to obtain channel key data having the smallest channel ID (step S401).
[0132]
Here, the channel key data is data including at least the channel key for each channel registered in the channel key DB 211, and has a structure shown in FIG. The channel key data includes a channel ID, a channel identifier, a channel key identifier (1), a channel key (1), a channel key identifier (2), and a channel key (2). Here, the channel ID is a DB management number assigned to each channel. The channel identifier is information for the broadcast receiving apparatus to identify each channel, and is the same as that described in the first to fourth embodiments. Further, the channel key identifier and the channel key are the same as those described in the first to fourth embodiments.
[0133]
Here, there are two pairs of channel keys and their identifiers. It is necessary to transmit the currently valid channel key (channel key (1)) and the next used channel key (channel key (2)) together. This is because, depending on the configuration, only the channel key currently used may be used.
[0134]
First, a command for creating a common control packet is issued from the broadcast transmission control unit 213 to the common control information control unit 212. By this command, the common control information control unit 221 instructs the common control information creation unit 209 to search the channel key DB 211 to search for channel key data having the smallest channel key ID. In response to this, the common control information creation unit 209 searches the channel key DB 211 to obtain channel key data (step S401).
[0135]
Also, an instruction to create an individual control packet is issued from the broadcast transmission control unit 213 to the individual control information control unit 206. By this command, the individual control information control unit 206 instructs the individual control information creation unit 203 to search the subscriber DB 202 to search for subscriber data having the minimum subscriber ID whose broadcast transmission flag is “1”. To do. In response to this, the individual control information creation unit 206 searches the subscriber DB 202 to acquire subscriber data (step S406).
[0136]
On the other hand, the common control information creation unit 209 acquires a channel identifier, a channel key identifier (1), a channel key (1), a channel key identifier (2), and a channel key (2) from the acquired channel key data. The common control packet as shown in FIG. 4 is created (step S404). At this time, the work key DB 210 is searched using the channel identifier as a key, a valid work key for the channel is extracted, and the part to be encrypted of the common control packet is encrypted using the work key. Further, a common control packet is generated by attaching a work key identifier and an information identifier of the work key, and is sent to the broadcast transmission unit 214 via the common control information control unit 212 and the broadcast transmission control unit 213. The broadcast transmission unit 214 The packet is transmitted on a broadcast wave (step S405).
[0137]
Next, the individual control information creation unit 206 extracts channel contract information from the acquired subscriber data, and acquires a necessary work key from the work key DB 204 based on this (step S407). As in the case of distribution by two-way communication, a contract information body other than a digital signature is created from the work key, the receiving device ID in the subscriber data, and channel contract information, and stored in the digital signature generation key storage unit 205. Create contract information using the digital signature generation key. Further, the contract information is encrypted with the master key in the subscriber data, and an individual control packet is created by adding a master key identifier and an information identifier (step S408). The created packet is passed to the broadcast transmission control unit 213 via the individual control information control unit 206, and the packet is transmitted on the broadcast wave from here (step S409).
[0138]
The above processing operation shows an example in which common control packets (common control packets for channel key distribution) and individual control packets (individual control packets for contract information distribution) are alternately broadcast. However, the distribution ratio such as how much the former is distributed and how much the latter is distributed is originally determined in accordance with the convenience of the broadcaster, and the change of the ratio can be easily realized.
[0139]
Returning to the description of FIG. 36, when the transmission of one set of common control packet and individual control packet is completed, generation of the next transmission packet is started. That is, the common control information control unit 212 extracts the next channel key data from the channel key DB 211 in accordance with an instruction from the broadcast transmission control 213 (step S410). Here, the next channel key data is channel key data having a channel ID next to the channel ID of the channel key data related to the previously transmitted common control packet. If there is no such channel key data, channel key data having the smallest channel ID is extracted from the channel key DB 211 (step S414).
[0140]
Similarly, with respect to subscriber data, the subscriber data whose broadcast transmission flag is “1” is extracted from the subscriber data whose subscriber ID exceeds the subscriber ID of the processed subscriber data. (Step S412). Here, if there is no such subscriber data, subscriber data having the smallest subscriber ID is extracted (step S402).
[0141]
The extracted data is subjected to packet creation / transmission processing as described above in the common control information creation unit 212 and the individual control information creation unit 203, respectively. In this way, it continues to move without interruption since the start of broadcasting.
[0142]
As is clear from the above description, the generation of the common control packet and the generation of the individual control packet can be performed in parallel. This is because the generation / transmission of two types of packets can be controlled by the broadcast transmission control unit 213 and transmitted at a certain rate.
[0143]
(Sixth embodiment)
Next, some variations are described. As a first variation, a center side for distributing a command packet, an individual control packet, and a common control packet to a broadcast receiving apparatus according to the second embodiment in which a power-on command is individually distributed from the center to each receiving apparatus. An information distribution apparatus (also referred to as a contract management center apparatus or a contract management apparatus) provided in FIG. This first variation will be described as a sixth embodiment.
[0144]
As a second variation, for the broadcast receiving apparatus according to the third embodiment, the call command is individually distributed to each receiving apparatus from the center and the center receives a call from the receiving apparatus side. An information distribution apparatus (also referred to as a contract management center apparatus or a contract management apparatus) provided on the center side for distributing packets and common control packets will be described. This second variation will be described later as a seventh embodiment.
[0145]
The configuration example of the main part of the information distribution apparatus according to the sixth embodiment is the same as in the case of the fifth embodiment (FIG. 32), but the processing operation is different. First, the case where the individual control information is distributed by bidirectional communication after the power-on command packet is distributed by a broadcast wave will be described with reference to the flowcharts shown in FIGS.
[0146]
This process is started in accordance with the contract change timing (for example, every month). The individual control information control unit 206 is a receiving device that should first transmit contract information for updating channel contract information or the like to the individual control information creation unit 206 when the contract change time comes. A command to sequentially transmit a power-on command is performed to a receiving apparatus that has not transmitted In response to this, the individual control information creation unit 203 searches the subscriber DB 202, and extracts a maximum of M pieces of subscriber data having a transmitted flag of “0” from those with a small subscriber ID (step S501). Here, M is a constant determined by the information capacity and the like of the power-on command packet.
[0147]
Next, a receiving device ID is extracted from each extracted subscriber data (step S502), and a digital signature is attached to the sequence of the extracted receiving device ID and the number of the receiving device IDs. A digital signature generation key is extracted from the key (step S504), and the reception device ID and the number of the reception device IDs are encrypted with the key to generate a digital signature (step S505). A command body having a data format as shown in FIG. 17 is created from the extracted receiving device ID, the number of the receiving device IDs, the digital signature, and the command identifier of the power-on command. An information identifier is attached to the command body thus created, and a command packet is generated (step S506). The generated command packet is sent to the broadcast transmission unit 214 via the individual control information control unit 206 (step S507), temporarily stored in the buffer memory in the broadcast transmission unit 214, and the common control packet is processed in the procedure described later. At the same time, it is broadcasted (see FIG. 39).
[0148]
Next, a process of distributing an individual control packet for the broadcast receiving apparatus that needs to update channel contract information or the like is performed. With i = 1 (step S508), out of the (maximum) M subscriber data extracted in step S501, a work key is extracted from the work key DB 210 based on channel contract information in the i-th subscriber data. (Step S509). Further, an individual control packet (individual control packet for contract information distribution) is created in the same manner as described in the fifth embodiment (step S510). Next, a call is made using the calling number in the subscriber data (step S511), and bidirectional communication with the broadcast receiving apparatus of the calling destination is started. If there is no response from the receiving apparatus (step S512), an error indicating the reception error is returned to the individual control information control 206, and the individual control signal information control unit 206 displays this on the error output unit 215 (step S512). S522), the process proceeds to step S516 in FIG. 38, and the process proceeds to the next subscriber data.
[0149]
In step S512, when a response is returned from the broadcast receiving device that is the call destination, the created individual control packet is transmitted (step S513). If there is no receipt notification from the receiving device before the elapse of a predetermined time after sending the individual control packet (step S514), an error indicating a receipt error is returned to the individual control information control unit 206, The individual control information control unit 206 displays a reception error message on the error output unit 215, proceeds to step S516 in FIG. 38, and moves to the next subscriber data.
[0150]
If there is a receipt notification in step S514, the process proceeds to step S515 in FIG. 38, the transmitted flag of the i-th subscriber data is set to “1”, and the process proceeds to step S516 to process the next subscriber data. Transfer.
[0151]
When moving to the next subscriber data, the following processing is required. That is, i = i + 1 is set (step S516), and it is checked whether i does not exceed M (step S517). If not, if there is i-th subscriber data (step S518), the process returns to step S509, and thereafter, the subscriber data is processed as described above. If the subscriber data does not exist in step S518, the process proceeds to step S519, where the subscriber DB 202 is searched to extract the next (maximum) M records whose transmission flag is “0” (step S519). If one or more subscriber data can be extracted (step S520), the process returns to step S502, and a power-on command is created for the subscriber data group. If no subscriber data is extracted from the subscriber DB 202 in step S520, the one-round processing is completed. Therefore, all the subscriber data in the subscriber DB 202 are searched and the transmitted flag is set to “ It is confirmed whether there is a "0" (step S521). In this case, the process returns to step S501, and thereafter the same as described above. If there is no transmission flag “0” in step S 521, the process ends because all the subscriber data has been transmitted.
[0152]
On the other hand, if i exceeds M in step S517, it means that the individual control packet to the receiving apparatus that has broadcasted the power-on command has been transmitted. Therefore, the process proceeds to step S519, and the subscriber DB 202 is searched. Then, the next (maximum) M subscriber data whose transmitted flag is “0” are extracted. If one or more pieces of subscriber data can be extracted (step S520), the process returns to the step of creating a power-on command for the subscriber data group (step S502) and is repeated. If no subscriber data is extracted in step S520, the process is completed. Therefore, all the subscriber data in the subscriber DB 202 is searched and the transmitted flag is “0”. Whether or not (step S521). If at least one subscriber data is extracted, the process returns to the beginning of step S501. If no subscriber data is extracted, the process ends because all the subscriber data has been transmitted.
[0153]
The above is the processing operation from broadcasting the power-on command to transmitting the individual control packet by bidirectional communication. According to the present embodiment, the power supply of the components related to the bidirectional communication via the broadcast wave is previously applied to the broadcast receiving apparatus configured as shown in FIG. After giving an instruction to turn on and placing the receiving / receiving device in a call waiting state, the center side (information distribution device in FIG. 32) makes a call for distributing the individual control packet. For broadcast receiving apparatuses that can receive packets, it is possible to reliably distribute individual control packets by bidirectional communication.
[0154]
Next, the transmission processing operation of the transmission information of the common control packet will be described along the flowchart shown in FIG. This process is started at the start of broadcasting, and continues thereafter without interruption until the end of broadcasting.
[0155]
First, the common control information control unit 212 instructs the common control information creation unit 209 to search for channel key data having the smallest channel key ID (step S601). In response to this instruction, the common control information creation unit 209 searches the channel key DB 211 and acquires the channel key. Further, the channel identifier, channel key identifier (1), channel key (1), channel key identifier (2), and channel key (2) are obtained from the obtained channel key data, and the common control packet as shown in FIG. Is created (step S602). At this time, the work key DB 210 is searched using the channel identifier as a key, a valid work key for the channel is extracted, and the part to be encrypted of the common control packet is encrypted using the work key. Further, a common control packet is generated by attaching a work key identifier and an information identifier of the work key, and is sent to the broadcast transmission unit 214 via the common control information control unit 212 and the broadcast transmission control unit 213. The broadcast transmission unit 214 The packet is transmitted on a broadcast wave (step S603).
[0156]
Next, the broadcast transmission unit 214 checks whether or not the power-on command packet created by the processing in steps S501 to S507 in FIG. 37 exists in the buffer memory (step S604). Among the command packets, the command packet that has been created the oldest is broadcast from the broadcast transmission unit 214 (step S605), and the process proceeds to step S606. On the other hand, if it does not exist, step S605 is skipped and the process proceeds to step S606. move on.
[0157]
In step S606, an instruction to retrieve channel key data of the next channel key ID from the channel key DB 211 is transmitted from the broadcast transmission control unit 213 to the common control information creation unit 209 via the common control information control unit 212. The common control information creation unit 209 searches the channel key DB 211 and extracts channel key data (step S606). If the extraction is successful (step S607), the process for creating / transmitting the common control packet for channel key distribution after step S602 is performed. If the extraction fails, the process starts at step S601. Returning again, the channel key data having the smallest channel key ID is retrieved again.
[0158]
As described above, by transmitting one or more power-on command packets (more generally, command packets) when one or more common control packets for channel key distribution are distributed, The command packet can be transmitted in a timely manner without causing any trouble in the transmission of the common control packet.
[0159]
Note that the channel key must be transmitted twice a second (because of the start of timely reception), while the frequency of issuing the power-on command is 1 second due to the transmission time of the individual control packet. It is thought that it is not once. For this reason, the ratio of the number of power-on command packets to be distributed during the distribution of common control packets is extremely low. Furthermore, since a power-on command packet is created from this, it can be expected to be transmitted immediately after it is sent to the broadcast transmission control unit 213, so when calling a broadcast receiving device for individual control packet transmission It can be considered that the power supply of the bidirectional communication line on the receiving device side is already turned on.
[0160]
(Seventh embodiment)
A command packet, an individual control packet, and a common control packet are transmitted to the broadcast receiving apparatus according to the third embodiment in which a call command is individually distributed from the center to each receiving apparatus and the receiving apparatus calls the center. An information distribution apparatus (also referred to as a contract management center apparatus or a contract management apparatus) provided on the center side for distribution will be described.
[0161]
A configuration example of a main part of an information distribution apparatus according to the seventh embodiment is shown in FIG. 40, and a command packet creation processing operation will be described along the flowchart shown in FIG. 41 with reference to FIG. This processing operation is started every month, for example, in accordance with the change timing of the channel contract information and the like. When the time for changing the channel contract information or the like comes, the individual control information control unit 206 first instructs the individual control information creation unit 203 to sequentially transmit a call command to the receiving device whose channel contract information has not been updated. In response to this, the individual control information creation unit 203 searches the subscriber DB 204, and extracts a maximum of M pieces of subscriber data having a transmitted flag of “0” from those having a small subscriber ID (step S611). In order to attach a digital signature to the extracted receiving device IDs and the number of receiving device IDs, a digital signature generating key is extracted from the digital signature generating key storage unit 205 (step S612). A digital signature is generated by encrypting the number of the receiving device IDs or the data string and the hash value as the feature amount (step S613). A command body having a data format as shown in FIG. 17 is created from the extracted receiving device ID, the number of the receiving device IDs, the digital signature, and the command identifier of the calling command. An information identifier is attached to the command body thus created, and a calling command packet is generated (step S614).
[0162]
The generated call command packet is sent to the individual broadcast transmission control unit 213 via the individual control information control unit 206 (step S615), and is broadcasted together with other common control packets as shown below. .
[0163]
The individual control packet transmission processing operation by bidirectional communication will be described according to the flowcharts shown in FIGS. 42 to 43 with reference to FIG. This process is started by a call from the broadcast receiving apparatus (step S701). The center receives a call from the receiving device via the modem 208 by the transmission / reception control unit 207 (step S702), and the transmission / reception control unit 207 sends a challenge creation command asking the receiving device ID to the challenge creation unit 252. In response to this, the challenge creation unit 252 creates a challenge packet having the configuration shown in FIG. Here, the challenge database (DB) 251 is a database in which a challenge number of various challenges and a set of processes are described. The challenge creation unit 252 extracts processing contents from the challenge DB 251 using the challenge number for inquiring the receiving apparatus ID as a key. The created challenge packet is transmitted from the transmission / reception unit 207 to the reception device via the modem 208 (step S703). If the response packet is not transmitted from the receiving device within a predetermined time after transmission (step S704), the individual control information control unit 206 outputs an error output indicating a challenge failure asking for the receiving device ID. The process is output from the error output unit 215 and the processing for the receiving apparatus is terminated (step S717).
[0164]
If a response packet is transmitted within a predetermined time in step S704, the response packet is transmitted from the transmission / reception control unit 207 to the response verification unit 253. After verifying the format of the response packet, the response verification unit 253 outputs the receiving device ID extracted from the packet to the transmission / reception control unit 207 (step S705). The transmission / reception control unit 207 instructs the individual control information control unit 206 to extract the subscriber data of the reception device ID from the subscriber DB 202 using the reception device ID as a key. Here, if there is no corresponding subscriber data, the receiving apparatus ID does not exist (step S705), so an error output or the like is performed and the process is terminated (step S722). When the subscriber data is acquired (step S706), the subscriber data is sent to the transmission / reception control unit 207, and the transmission / reception control unit 207 sends it to the response inspection unit 253.
[0165]
Thereafter, the transmission / reception control unit 207 instructs the challenge creation unit 252 to create a challenge for asking for the master key identifier, as in the case of challenge creation for asking the receiving apparatus ID, and the challenge packet created as a result is transmitted (step S707). ), The response packet sent within the predetermined time is inspected (steps S708 and S709). If the master key identifier does not match that of the subscriber data, an error output indicating that the master key identifier does not match is output (step S719). If they match, the receiver authentication process described below is performed. Move.
[0166]
The receiving device authentication process is a process for generating one or more challenges to be answered using information known only by a legitimate receiving device and performing authentication using the response. First, the transmission / reception control unit 207 sets j = 1 (step S710), and requests the challenge creation unit 252 to issue an authentication challenge. Upon receiving the request, the challenge creation unit 252 randomly extracts challenges from the challenge DB 251, creates a challenge packet as shown in FIG. 23 (step S 711), and transmits it from the transmission / reception control unit 207 to the broadcast receiving device via the modem 208. (Step S712). If a response packet is not sent from the receiving device within a certain period after transmission (step S713), an error message indicating that the authentication challenge has failed is output, and the process ends (step S720). When a response packet is sent, the response packet is sent from the transmission / reception control unit 207 to the response verification unit 253, and the response verification unit 253 performs an authentication check using an authentication algorithm defined in the challenge DB 251 (step S714). If the authentication check is successful, it is indicated that the response is correct, so j is incremented by 1 (step S715), and it is checked whether j exceeds N (step S716). N is a constant depending on the system in advance and means the number of authentication challenge attempts. If j does not exceed N, the receiving device authentication processing in steps S711 to S714 is repeated until j exceeds N. If the authentication check fails in step S714, since the response is incorrect, an error message indicating the authentication failure is output and the process ends (step S721).
[0167]
If j exceeds N in step S716, this means that the authentication has been completed, and it has been confirmed that the receiving apparatus currently communicating on the information distribution apparatus (center) side is valid. Become. Therefore, the process proceeds to step S722 in FIG. 43, and an authentication end signal is sent from the transmission / reception control unit 207 to the individual control information control unit 206, and the individual control information control unit 206 creates an individual control packet for the subscriber data. The control information creation unit 203 is requested. In response to this, the individual control information creation unit 203 acquires a necessary work key from the work key DB 210 based on the channel contract information in the subscriber data (step S722). Here, since it is assumed that the work keys are set for each channel, it is necessary to obtain the work keys for the contracted channels specified by the channel contract information.
[0168]
Next, the contract information body other than the digital signature is created from the acquired work key and work key identifier pair, the receiving device ID of the subscriber data, and the channel contract information, and the contract information is created using the digital signature generation key. To do. Further, the contract information is encrypted with the master key of the subscriber data, and the master key identifier and the information identifier are added to create an individual control packet as shown in FIG. 22 (step S723). The created packet is sent to the transmission / reception control unit 207 via the individual control information control unit 206 and transmitted to the receiving device. If there is a receipt notification from the receiving device for a certain period after the transmission (step S724), the transmission completion flag of the subscriber data is set to “1” and the process ends (step S725). If there is no receipt notification, an error output indicating that the individual control packet has not been received is output and the process ends (step S726).
[0169]
According to the seventh embodiment, it is possible to adjust the timing of calls from the reception device side from the center side so that calls from the reception device side do not concentrate at one time. Even after authenticating the authenticity of the receiving device, it is possible to send an individual control packet for updating the channel contract information stored in the receiving device. It can prevent fraud.
[0170]
As is clear from the above description, since the first variation is based on the center call and the second variation is based on the reception device call, it is possible to perform this simultaneously. In other words, a power-on command packet is transmitted to a receiving device that does not call anyway even if a call command packet is transmitted, and a center call is made or a separate control packet is transmitted by a broadcast wave if it is not received yet. Make up. In this way, the opportunity for transmitting the individual control packet is increased, and not only illegal viewing can be prevented, but also the trouble that the contract is not renewed even though it is contracted is reduced.
[0171]
Furthermore, combining these and the fifth embodiment, for example, based on the transmission of individual control packets by two-way communication by center call, but for receiving devices that do not respond, broadcast power-on command packets. Forcing the two-way communication function unit of the receiving device into a state where it can receive calls (power-on state), or sending a call command packet by broadcasting to make a call from the receiving device side, etc. A conditional access system capable of distributing individual control packets for updating channel contract information stored in the receiving apparatus can be constructed. Especially for portable receiving devices in mobile environments, it is advantageous to have more means for sending individual control packets (since the receiving devices are not always in the same state).
[0172]
(Eighth embodiment)
In the eighth embodiment, an information distribution apparatus (contract management center apparatus or contract management apparatus) provided on the center side for distributing individual control information and common control information to the broadcast receiving apparatus described in the fourth embodiment. Will also be described.
[0173]
In the eighth embodiment, since there are many overlapping parts in the configuration and processing operation with the information distribution apparatus according to the fifth to seventh embodiments, only the different parts will be described. That is, the individual control packet is handled in the same way even if there is a slight difference in the data configuration. Therefore, the components and processing operations for distributing the individual control packet by bidirectional communication are the fifth to seventh embodiments. It is the same as the case of the form. Therefore, the following description will be focused on the constituent unit that broadcasts the individual control packet common control packet and its processing operation.
[0174]
In the fifth to seventh embodiments, what is transmitted from the broadcast transmission unit 214 is a common control packet for channel key distribution and an individual control packet for distribution of channel contract information and the like. In the embodiment, three common control packets for channel key distribution, common control packet for master key generation information distribution, and individual control packet for channel contract information distribution are assumed. Therefore. In the eighth embodiment, the above three types of packets must be broadcast. This point is essentially different from the fifth to seventh embodiments.
[0175]
A configuration example of a main part of the information distribution apparatus according to the eighth embodiment is shown in FIG. 44, and FIGS. 45 to 46 show processing operations when the three types of packets are broadcast. Hereinafter, description will be made along the flowcharts shown in FIGS. 45 to 46 with reference to FIG. 44.
[0176]
This process is started at the same time as the start of broadcasting, and is repeated without interruption while the broadcasting continues. First, the common control information creation unit 209 searches the channel key DB 211 to obtain channel key data having the smallest channel ID. Here, the channel key data is data including at least the channel key for each channel registered in the channel key DB 211 and has a structure shown in FIG. The channel key data includes a channel ID, a channel identifier, a channel key identifier (1), a channel key (1), a channel key identifier (2), and a channel key (2). Here, the channel ID is a database management number assigned to each channel. The channel identifier is information for the receiving apparatus to identify each channel, and is the same as in the description of the above-described embodiment. Further, the channel key identifier and the channel key are the same as those described in the above embodiment. Here, there are two pairs of channel key and its identifier because it is necessary to transmit the currently valid channel key and the next used channel key together, and depending on the configuration, the channel key currently used It does n’t matter.
[0177]
First, a command for creating a common control packet for channel key distribution is issued from the broadcast transmission control 213 to the common control information control unit 212. By this command, the common control information control unit 212 instructs the common control information creation unit 209 to search the channel key DB 211 to search for channel key data having the minimum channel ID. In response to this, the common control information creation unit 209 searches the channel key DB 211 to obtain channel key data (step S801).
[0178]
In addition, the broadcast transmission control unit 213 issues an individual control packet creation command to the individual control information control unit 206. In response to this command, the individual control information control unit 206 instructs the individual control information creation unit 203 to search the subscriber DB 202 to search for subscriber data having the minimum subscriber ID whose broadcast transmission flag is “1”. . In response to this, the individual control information creation unit 203 searches the subscriber DB 202 to acquire subscriber data (step S802).
[0179]
Next, the common control information creation unit 209 acquires a channel identifier, a channel key identifier (1), a channel key (1), a channel key identifier (2), and a channel key (2) from the acquired channel key data (step S2). In step S803, creation of a common control packet for channel key distribution as shown in FIG. 30B is started. That is, a valid master key is extracted from the master key storage unit 261, and the channel identifier, channel key identifier (1), channel key (1), channel key identifier (2), channel key (2) are extracted using the master key. ) Is encrypted. Further, a common control packet for channel key distribution is generated with the master key identifier and information identifier of the master key added (step S804). The common control packet is sent to the broadcast transmission unit 214 via the common control information control unit 212 and the broadcast transmission control unit 213, and is transmitted on the broadcast wave from here (step S805).
[0180]
Next, the individual control information creation unit 203 obtains the receiving apparatus ID and channel contract information from the obtained subscriber data (step S806), and creates contract information other than the digital signature from them. Further, by using the digital signature generation key stored in the digital signature generation key storage unit 205, the data string from the receiving device ID to the channel contract information, or the data string and the hash value as its feature value are encrypted. A digital signature is created and attached to the end of the data string from the receiving device ID to the channel contract information to create contract information as shown in FIG. Further, the contract information is encrypted with the master key extracted from the subscriber data, and the master key identifier, the receiving device ID, and the information identifier are added to create an individual control packet as shown in FIG. S807, step S808).
[0181]
The created packet is sent to the broadcast transmission unit 214 via the individual control information control unit 206 and the broadcast transmission control unit 213, and transmitted from here on the broadcast wave (step S809).
[0182]
Next, the common control information creation unit 209 creates a common control packet for distributing master key generation information. First, master key generation information and a master key identifier (master key identifier) generated from the master key generation information storage unit 264 are acquired, and then a digital signature generation key is acquired from the digital signature generation key storage unit 205. Then, the master key generation information or the master key generation information and the hash value as the feature amount thereof are encrypted to create a digital signature for the master key generation information, and the digital signature and the information identifier are added. The common control packet for master key generation information distribution having the configuration shown in (2) is created (steps S810 to S811).
[0183]
The created packet is sent to the broadcast transmission unit 214 via the common control information control unit 212 and the broadcast transmission control unit 213, and transmitted from here on a broadcast wave (step S812).
[0184]
The above description shows an example in which a common control packet for channel key distribution, an individual control packet for contract information distribution, and a common control packet for master key generation information distribution are broadcast in sequence. However, the ratio of the amount of packets to be transmitted, such as how many packets are transmitted and how many of the next packets are transmitted, is originally determined according to the broadcaster's convenience, and it is easy to change the ratio. .
[0185]
When transmission of one set of the common control packet for channel key distribution, the individual control packet for contract information distribution, and the common control packet for master key generation information distribution is completed, the process proceeds to generation of a packet to be transmitted next. That is, the common control information creation unit 209 searches the channel key DB 211 for the next channel key data (step S813). Here, the next channel key data is the smallest channel ID among channel key data having a channel ID larger than the channel ID of the channel key data related to the previously transmitted packet. If there is no such channel key data (step S814), channel key data having the smallest channel ID is extracted from the channel key DB 211 (step S817).
[0186]
Similarly, regarding the subscriber data, among the subscriber data whose broadcast transmission flag is “1”, the smallest one of the subscriber data whose subscriber ID is larger than the subscriber ID value of the processed subscriber data is selected. Extract (step S815). If there is no such subscriber data (step S816), the subscriber data having the smallest subscriber ID is extracted (step S802).
[0187]
Based on the channel key data and the subscriber data extracted in this way, according to the above description, the common control packet for channel key distribution and the individual control packet for contract information distribution are created / transmitted. A process for creating / transmitting a common control packet for distributing master key generation information is performed. The above processing continues to move without interruption from the start of broadcasting.
[0188]
The common control packet for channel key distribution, the individual control packet for contract information distribution, and the common control packet for master key generation information distribution can be generated in parallel. In such an implementation, the broadcast transmission control unit 213 performs generation / transmission control such as how many of the three types of packets are generated and how much each is transmitted, and is generated / transmitted at a certain rate.
[0189]
Further, as is easily understood, the fifth to seventh embodiments can be used in combination with the eighth embodiment.
[0190]
(Appendix)
In broadcasting with a small number of channels, limited reception using only work keys is possible without using channel contract information. Actually, since the work key is a key set for each channel, the work key is updated every contract period (for example, one month), and the updated work key is viewed while viewing the channel during the contract period. By transmitting it as individual control information only to the subscriber, viewing only to the contractor can be limited.
[0191]
In such a configuration, when the channel key of the corresponding channel is transmitted in the common control packet, the receiving device side uses the work key identifier described in the header portion of the common control packet as a key to perform the work of the corresponding channel. Check whether the key exists in the work key storage. If it exists, the encryption part of the control packet is decrypted, and the channel key of the channel is obtained. If not, the process for the common control packet is terminated. Accordingly, only the viewing contractor of the channel having the work key of the channel can acquire the channel key, so that limited reception can be realized.
[0192]
In this way, the conditional access system can be configured simply by updating the work key of each channel for each contract period. However, when the number of channels is large as in the current CS broadcasting, if the work key is changed for each contract period, the work key update information becomes large, which is not realistic. Therefore, in the current CS broadcasting, a system using channel contract information as described in the first to eighth embodiments is desirable. However, for example, in broadcasting with only one channel (or only one contract form), since one work key is sufficient, the conditional access system using only the work key as described above has an advantage.
[0193]
In the first embodiment and related embodiments, the channel contract information and work key stored in the receiving device may be updated simultaneously with one individual control packet, or only one of them may be updated. You may make it update.
[0194]
In the first to eighth embodiments, when a digital signature is created, the digital signature may be created by encrypting the information portion that is the target of the digital signature and the hash value as its feature amount. That is, for example, in the case of the digital signature in the contract information of FIG. 5, the digital signature of the contract information may be created by encrypting the portion other than the digital signature and its hash value.
[0195]
In addition, this invention is not limited to the said 1st-8th embodiment, In the implementation stage, it can change variously in the range which does not deviate from the summary. Further, the above embodiments include inventions at various stages, and various inventions can be extracted by appropriate combinations of a plurality of disclosed constituent requirements. For example, even if some constituent elements are deleted from all the constituent elements shown in the embodiment, the problem (at least one of them) described in the column of the problem to be solved by the invention can be solved, and the column of the effect of the invention When the effect (at least one) described in (1) is obtained, a configuration in which this configuration requirement is deleted can be extracted as an invention.
[0196]
【The invention's effect】
As described above, according to the present invention, even if the number of subscribers increases, a highly safe pay broadcast that can prevent unauthorized viewing without compressing the broadcast band by distributing a large amount of individual control information. Enable service provision.
[Brief description of the drawings]
FIG. 1 is a diagram illustrating a configuration example of a main part of a broadcast receiving apparatus according to a first embodiment of the present invention.
FIG. 2 is a diagram showing an example of channel contract information.
FIG. 3 is a diagram showing an example of a key configuration used in the conditional access system.
FIG. 4 is a diagram showing an example of the data structure of a content packet.
FIG. 5 is a diagram showing an example of contract information.
FIG. 6 is a diagram showing another example of channel contract information.
FIG. 7 is a diagram illustrating an example of a data configuration of an individual control packet.
FIG. 8 is a diagram illustrating an example of a data configuration of a common control packet.
9 is a flowchart for explaining an individual control packet reception processing operation by bidirectional communication of the broadcast receiving apparatus shown in FIG.
10 is a flowchart for explaining the reception processing operation of an individual control packet / common control packet / content packet by a broadcast wave of the broadcast receiving apparatus shown in FIG. 1;
FIG. 11 is a flowchart for explaining the reception processing operation of an individual control packet / common control packet / content packet by a broadcast wave.
FIG. 12 is a flowchart for explaining a channel selection / channel key acquisition processing operation;
FIG. 13 is a flowchart for explaining the reception processing operation of an individual control packet / common control packet / content packet by a broadcast wave.
FIG. 14 is a flowchart for explaining the reception processing operation of an individual control packet / common control packet / content packet by a broadcast wave.
FIG. 15 is a diagram illustrating a configuration example of a main part of a broadcast receiving apparatus according to a second embodiment of the present invention.
FIG. 16 is a diagram showing a data configuration example of a command packet.
FIG. 17 is a diagram showing a data configuration example of a command main body.
18 is a flowchart for explaining the reception processing operation of the individual control packet by the broadcast wave of the broadcast receiving apparatus of FIG.
FIG. 19 is a diagram illustrating a configuration example of a main part of a broadcast receiving apparatus according to a third embodiment of the present invention.
20 is a flowchart for explaining the reception processing operation of the individual control packet by the broadcast wave of the broadcast receiving apparatus of FIG.
FIG. 21 is a diagram illustrating a data configuration example of a packet transmitted and received by bidirectional communication.
FIG. 22 is a diagram illustrating a data configuration example of an individual control packet.
FIG. 23 is a diagram showing a data configuration example of a challenge packet.
FIG. 24 is a diagram showing a data configuration example of a response packet.
FIG. 25 is a flowchart showing a processing operation after the receiving apparatus receives a call command.
FIG. 26 is a flowchart showing a processing operation after the receiving apparatus receives a call command.
FIG. 27 is a diagram showing a configuration example of a main part of a broadcast receiving apparatus according to a fourth embodiment of the present invention.
FIG. 28 is a diagram showing an example of a key configuration used in the conditional access system according to the fourth embodiment.
FIG. 29 is a diagram showing an example of contract information according to the fourth embodiment.
30 is a diagram showing an example of the data structure of a common control packet, where (a) shows a common control packet for distributing master key generation information, and (b) shows a common control packet for distributing channel key. Is shown.
FIG. 31 is a flowchart for explaining a common control packet reception processing operation;
FIG. 32 is an information distribution apparatus for individual control information according to the fifth embodiment of the present invention, and is a configuration of a main part of the information distribution apparatus corresponding to the broadcast receiving apparatus (FIG. 1) according to the first embodiment; The figure which showed the example.
33 is a diagram showing an example of subscriber data stored in the subscriber database of FIG. 32. FIG.
34 is a diagram showing an example of channel key data stored in the channel key database of FIG. 32. FIG.
35 is a flowchart for explaining the processing operation of the information distribution apparatus in FIG. 32;
36 is a flowchart for explaining the processing operation of the information distribution apparatus in FIG. 32;
FIG. 37 is a view for explaining the processing operation in the case where the individual control information is distributed by bidirectional communication after the power-on command packet is distributed by the broadcast wave of the information distribution apparatus according to the sixth embodiment of the present invention. flowchart.
FIG. 38 is a diagram for explaining the processing operation in the case where the individual control information is distributed by bidirectional communication after the power-on command packet is distributed by the broadcast wave of the information distribution apparatus according to the sixth embodiment of the present invention. flowchart.
FIG. 39 is a flowchart for explaining a common control packet transmission processing operation of the information distribution apparatus according to the sixth embodiment of the present invention;
FIG. 40 is a diagram illustrating a configuration example of a main part of an information distribution apparatus according to a seventh embodiment of the present invention.
FIG. 41 is a flowchart for explaining a command packet creation processing operation;
FIG. 42 is a flowchart for explaining an individual control packet transmission processing operation by bidirectional communication;
FIG. 43 is a flowchart for explaining a transmission processing operation of an individual control packet by bidirectional communication.
FIG. 44 is a diagram showing a configuration example of a main part of an information distribution apparatus according to an eighth embodiment of the present invention.
45 is a flowchart for explaining the processing operation of the information distribution apparatus in FIG. 44;
46 is a flowchart for explaining the processing operation of the information distribution apparatus in FIG. 44;
[Explanation of symbols]
100: Limited reception unit
101 ... Modem part
102: Transmission / reception unit
103 ... Master key storage unit
104. Individual control information decoding unit
105: Work key storage unit
106: Receiving device ID storage unit
107 ... Contract Information Authentication Department
108: Digital signature verification key storage unit
111 ... broadcast wave receiver
112 ... A / D converter
113 ... Error detection / correction unit
114 ... Channel selection section
115 ... Channel selection interface (I / F) section
116: Filter section
117 ... Common control information decoding unit
118: Channel key storage
119: Channel key output section
120 ... descrambling
121 ... Contract information storage unit
122 ... Contract determination unit
123 ... Channel information input section
202 ... Subscriber database
203 ... Individual control information creation unit
204 ... Work key database
205: Digital signature generation key creation unit
206: Individual control information control unit
207 ... Transmission / reception control unit
208 ... modem
209 ... Common control information creation unit
210 ... Work key database
211 ... Channel key database
212 ... Common control information control unit
213 ... Broadcast transmission control unit
214 ... Broadcast transmitter

Claims (14)

It is a receiving device that receives encrypted content information broadcasted and is independent of the receiving device and control information including channel contract information specific to the receiving device necessary for selection of decodable content information. Part or all of the control information stored in the receiving device for the receiving device that selects and decrypts the content information broadcasted based on the key information necessary for decrypting the content information An information distribution method in an information distribution apparatus comprising: individual control information for updating the information; broadcast distribution means for distributing the key information; and communication means,
A first distribution step in which the broadcast distribution means broadcasts the key information to the receiving device;
A second distribution step in which the communication means distributes the individual control information by bidirectional communication with the receiving device ;
A third distribution step in which when the reception device has not confirmed receipt of the individual control information, the broadcast distribution means broadcasts the individual control information to the reception device;
Information delivery method including   In the second distribution step, the distribution of the individual control information is repeated a predetermined number of times until receipt of the individual control information is confirmed by the receiving device to which the individual control information is distributed,
  In the third distribution step, when the distribution of the individual control information is repeated a predetermined number of times and the reception of the individual control information is not confirmed by the receiving device to which the individual control information is distributed, The information distribution method according to claim 1, wherein distribution means distributes the individual control information by broadcast. Channel receiving information unique to the receiving device that is necessary for selecting content information that can be decrypted and that is a receiving device that receives encrypted content information broadcasted and content selected based on the channel contract information Selection and decryption of the broadcast-delivered content information is performed based on the decryption control information including the work key information for decrypting the key information that is not dependent on the receiving device necessary for decrypting the information and the key information Information distribution provided with broadcast distribution means and communication means for distributing individual control information and key information for updating a part or all of the decryption control information stored in the reception apparatus to the reception apparatus An information distribution method in a device,
A first distribution step in which the broadcast distribution means broadcasts the key information to the receiving device;
A second distribution step in which the communication means distributes the individual control information by bidirectional communication with the receiving device ;
A third distribution step in which, when reception of the individual control information is not confirmed by the receiving device, the broadcast distribution means broadcasts the individual control information to the receiving device;
Information delivery method including   In the second distribution step, the distribution of the individual control information is repeated a predetermined number of times until receipt of the individual control information is confirmed by the receiving device to which the individual control information is distributed,
  In the third distribution step, when the distribution of the individual control information is repeated a predetermined number of times and the reception of the individual control information is not confirmed by the receiving device to which the individual control information is distributed, 4. The information distribution method according to claim 3, wherein a distribution means broadcasts the individual control information. The second distribution step includes
The broadcast distribution means for broadcasting a command for placing the receiving device in a waiting state for an incoming call ;
The communication means calling the receiving device and distributing the individual control information by the bidirectional communication ;
Claim 1 or 3 information distribution method according to, characterized in that it comprises a. The second distribution step includes
The broadcast distribution means for broadcasting a command for instructing a call from the receiving device ;
The communication means delivering the individual control information by the bidirectional communication in response to a call from the receiving device;
Claim 1 or 3 information distribution method according to, characterized in that it comprises a. The first distribution step includes:
Encrypting the key information so that it can be decrypted with other key information generated based on the key generation information broadcast to the receiving device ,
Claim 1 or 3 information distribution method according to, characterized in that broadcast distribution key information the encrypted other key information. The second delivery step, according to claim 1 or 3 information distribution method according to, characterized in that distributed by two-way communication with the individual control information after authenticating the receiving device. It is a receiving device that receives encrypted content information broadcasted and is independent of the receiving device and control information including channel contract information specific to the receiving device necessary for selection of decodable content information. Part or all of the control information stored in the receiving device for a receiving device that selects and decrypts the content information broadcasted based on key information necessary for decrypting the content information An information distribution apparatus for distributing the individual control information for updating the key information and the key information,
First distribution means for broadcasting the key information;
Second distribution means for distributing the individual control information by bidirectional communication with the receiving device;
A third distribution means for broadcasting the individual control information when reception of the individual control information is not confirmed by the receiving device to which the individual control information is distributed;
An information distribution apparatus comprising: Channel receiving information unique to the receiving device that is necessary for selecting content information that can be decrypted and that is a receiving device that receives encrypted content information broadcasted and content selected based on the channel contract information Selection and decryption of the broadcast-delivered content information is performed based on the decryption control information including the work key information for decrypting the key information that is not dependent on the receiving device necessary for decrypting the information and the key information An information distribution device for distributing individual control information and key information for updating a part or all of the decryption control information stored in the reception device to a reception device,
First distribution means for broadcasting the key information;
Second distribution means for distributing the individual control information by bidirectional communication with the receiving device;
A third distribution means for broadcasting the individual control information when reception of the individual control information is not confirmed by the receiving device to which the individual control information is distributed;
An information distribution apparatus comprising: The second distribution means broadcasts a command for placing the reception device in an incoming call waiting state, and then calls the reception device to distribute the individual control information by the bidirectional communication. The information distribution apparatus according to claim 9 or 10 . The second distribution means broadcasts and distributes a command for instructing a call from the receiving apparatus to the own apparatus in order to distribute the individual control information by the bidirectional communication, and then makes a call from the receiving apparatus. The information distribution apparatus according to claim 9 or 10, wherein the individual control information is distributed by the bidirectional communication in accordance with the information. The first distribution means encrypts the key information so that it can be decrypted with other key information generated based on key generation information broadcast to the receiving device, and distributes the broadcast. Item 9. The information distribution device according to Item 9 or 10 . The information distribution apparatus according to claim 9 or 10, wherein the second distribution unit distributes the individual control information after authenticating the reception apparatus.

Images