[go: up one dir, main page]

WO2011013303A1 - Procédé d'authentification de données reçues et récepteur de diffusion numérique - Google Patents

Procédé d'authentification de données reçues et récepteur de diffusion numérique Download PDF

Info

Publication number
WO2011013303A1
WO2011013303A1 PCT/JP2010/004496 JP2010004496W WO2011013303A1 WO 2011013303 A1 WO2011013303 A1 WO 2011013303A1 JP 2010004496 W JP2010004496 W JP 2010004496W WO 2011013303 A1 WO2011013303 A1 WO 2011013303A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
application
received
value
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2010/004496
Other languages
English (en)
Japanese (ja)
Inventor
鍵山隆司
畑幸一
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Corp
Original Assignee
Panasonic Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Panasonic Corp filed Critical Panasonic Corp
Publication of WO2011013303A1 publication Critical patent/WO2011013303A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/435Processing of additional data, e.g. decrypting of additional data, reconstructing software from modules extracted from the transport stream
    • H04N21/4353Processing of additional data, e.g. decrypting of additional data, reconstructing software from modules extracted from the transport stream involving decryption of additional data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44236Monitoring of piracy processes or activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/81Monomedia components thereof
    • H04N21/8166Monomedia components thereof involving executable data, e.g. software
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • Patent Literature 1 An authentication method for verifying the credibility of an MHP application when receiving an application conforming to the DVB-MHP standard (hereinafter abbreviated as an MHP application) in a digital broadcast receiver in a conventional digital broadcast system is disclosed in, for example, Patent Literature 1 is disclosed.
  • the authentication process for verifying the credibility of the MHP application to be displayed is the same as the corresponding MHP application received in the past by the received MHP application. Even if it is not updated, since it is executed from the beginning every time it is displayed, there is a problem that the display of the MHP application is displayed with a delay from the display of the general broadcast program.
  • an authentication process for verifying the credibility of an application that needs to be authenticated in a digital broadcast receiver is reliably performed in a shorter time than before, and the display delay of the application is improved. It is aimed. It is an object of the present invention to realize a received data authentication method that can eliminate discomfort in using a digital broadcast receiver for a user, and to provide a digital broadcast receiver equipped with the received data authentication method. It is.
  • the authentication processing unit includes an authentication determination unit and an authentication calculation processing unit,
  • the authentication determination unit receives an instruction from the control unit and notifies the authentication calculation processing unit of information related to the received authentication application,
  • the authentication calculation processing unit executes an authentication calculation process for the received authentication application as a whole, calculates a calculated overall authentication value,
  • the calculated overall authentication value is compared with the stored overall authentication value stored in the storage unit for the entire past authentication application corresponding to the received authentication application, When the comparison result between the calculated total authentication value and the stored total authentication value matches, the control unit is notified that the received authentication application is a valid application.
  • the calculated total authentication value and the authentication value of the authentication file for the entire authentication application received according to the seventh aspect together with the identification number of the received authentication application. It is comprised so that it may preserve
  • FIG. 1 is a block diagram showing a system configuration of the digital broadcast receiver according to the first embodiment.
  • the transport stream (TS) in the MPEG2 format received by the antenna 11 is input to the tuner 12, and the TS of the channel selected by the user is demodulated.
  • the TS includes video data, audio data, object carousel, AIT (Application Information Table), PAT (Program Association Table), PMT (Program Map Table), CAT (Conditional Access Table), and the like.
  • the object carousel is a data structure / system for carrying data broadcast contents such as an application that needs to perform authentication processing, such as an MHP application (an application that conforms to the DVB-MHP standard).
  • the MHP application is generally configured in a hierarchical structure with one root directory, at least one directory, and at least one file, and is transmitted as an object carousel.
  • the MHP application provides information related to video / audio data indicating a general broadcast program to the user, and refers to an application that operates in an interactive Java (registered trademark) execution environment.
  • the TS selected by the tuner 12 is demodulated and input to the transport decoder (TD) 13.
  • the MPEG2 format TS input from the tuner 12 is decoded (filtered).
  • video / audio data indicating a general broadcast program of video data and audio data is output to the AV decoder 18, and data such as an object carousel and AIT is output to the CPU 14 which is a central processing unit.
  • the antenna 11, the tuner 12, and the TD 13 are used as a receiving unit.
  • the CPU 14 serving as a control unit controls the entire operation of the digital broadcast receiver 1.
  • the CPU 14 causes the tuner 12 to select a predetermined channel corresponding to the key code input from the remote controller (remote controller) 2 via the remote controller receiver 21.
  • the remote control receiver 21 receives operation information from the remote control 2 set by the user and outputs data as a key code to the CPU 14.
  • the memory 15 serving as a storage unit in the first embodiment is configured by an HDD, but may be configured by a general storage unit configured by a general volatile / nonvolatile memory.
  • the MHP application is cached based on a command from the CPU 14.
  • the memory 15 provides an MHP application stored in response to an MHP application read instruction from the Java execution unit 17.
  • the memory 15 stores data of authentication values and file paths (locations in the hierarchical structure of MHP applications) for each MHP application that are calculated by the authentication processing unit 16.
  • the authentication processing unit 16 Upon receiving a command from the CPU 14, the authentication processing unit 16 performs authentication calculation processing for the MHP application, and records the authentication value and file path calculated by the authentication calculation processing in the memory 15.
  • the Java execution unit 17 is a Java (registered trademark) virtual machine in the DVB-MHP standard, and reads an MHP application instructed from the memory 15 in response to an execution command of the MHP application from the CPU 14.
  • the MHP application read by the Java execution unit 17 is output to the synthesis circuit 19.
  • the AV decoder 18 decodes (decodes) the video data and audio data input from the TD 13 and outputs them to the synthesis circuit 19.
  • the combining circuit 19 combines the video data of the MHP application input from the Java execution unit 17 and the video data input from the AV decoder 18 and outputs combined video data.
  • the video / audio output circuit 20 outputs the synthesized video data input from the synthesis circuit 19 to a display device such as a display, and outputs the audio data to an audio output device such as a speaker.
  • FIG. 2 is a block diagram illustrating the configuration of the authentication processing unit 16 and the data flow in the digital broadcast receiver 1 according to the first embodiment.
  • the authentication processing unit 16 includes an authentication determination unit 101 and an authentication calculation processing unit 102.
  • the authentication determination unit 101 Upon receiving a command from the CPU 14, the authentication determination unit 101 notifies the authentication calculation processing unit 102 of information related to the MHP application received and stored in the memory 15.
  • the authentication calculation processing unit 102 performs an authentication calculation process on the received MHP application, and calculates an authentication value (hash value).
  • the authentication determination unit 101 compares the calculated authentication value with the hash value recorded in each layer of the MHP application or the hash value recorded in the memory 15 and notifies the CPU 14 of the comparison result. Further, the authentication determination unit 101 notifies the determination result to the CPU 14 according to the determination result, and deletes the data recorded in the memory 15 in some cases. Further, the authentication calculation processing unit 102 records the authentication value calculated as necessary together with the file path in the memory 15.
  • each hash file A, B, and C has an authentication algorithm (hash algorithm) for authentication calculation (hash calculation), for example, MD-5, SHA-1, etc., and each file and directory by the hash algorithm.
  • a hash value H1, H2, H3,...) That is the calculated authentication value is stored.
  • the hash file A in the hierarchy immediately below the directory 3 includes a hash algorithm (for example, MD-5) that operates on the files 1 and 2 existing in the same hierarchy, and a file based on the hash algorithm (MD-5). 1 hash value (H1) and hash value (H2) of file 2 are stored.
  • a hash algorithm for example, MD-5
  • MD-5 hash algorithm 5
  • the hash file B in the hierarchy immediately below the directory 6 includes a hash algorithm (for example, SHA-1) that operates on the file 4 and the file 5 existing in the same hierarchy, and the file 4 by the hash algorithm (SHA-1).
  • a hash value (H4) and a hash value (H5) of file 5 are stored.
  • the hash value (H8) of the root directory calculated as described above is an overall hash value (overall authentication value) obtained by performing an authentication calculation process on the entire received MHP application. )
  • an index file in the memory 15 As an index file in the memory 15.
  • FIG. 4 is a diagram illustrating an example of an Index file in the digital broadcast receiver 1 according to the first embodiment. As shown in FIG. 4, the ID file and the entire hash value (H8) of each MHP application are stored in the Index file.
  • FIG. 5 is a flowchart illustrating an authentication operation when the digital broadcast receiver 1 according to the first embodiment receives an MHP application.
  • the determination operation of the authentication determination unit 101 in the digital broadcast receiver 1 according to the first embodiment is executed by detecting the identifier (application_id) of the AIT included in the transport stream (TS) (step S1). If the AIT identifier does not match any of the MHP application IDs described in the Index file shown in FIG. 4, it is determined that the AIT identifier is the first MHP application, and the AIT identifier is described in the Index file shown in FIG. If it matches any of the existing MHP application IDs, it is determined that the application is not the first MHP application. This determination result is transmitted to the authentication calculation processing unit 102, and the following authentication operation is continued.
  • whether the received MHP application is the first received MHP application or not is determined using the AIT identifier as application identification information.
  • the present invention is not limited to this, and the received MHP application is not limited to this.
  • Other application identification information that can determine whether or not is the first received MHP application may be used.
  • step S3 hash value comparison is performed in order from the lowest layer based on the recognized file structure.
  • This hash value comparison is calculated by a hash algorithm (for example, MD-5, SHA-1, etc.) in which the hash value of each file of the hierarchy is stored in the hash file of the hierarchy, and the calculated hash value (calculation The authentication value) is compared with the hash value (stored authentication value) stored in the hash file in the hierarchy.
  • a hash algorithm for example, MD-5, SHA-1, etc.
  • the hash value of each file of the hierarchy is stored in the hash file of the hierarchy, and the calculated hash value (calculation The authentication value) is compared with the hash value (stored authentication value) stored in the hash file in the hierarchy.
  • hash value comparison of the hierarchy if the hash values match, hash value comparison in another hierarchy is performed. In this way, the hash value comparison of each hierarchy is executed, and if the hash value of the hierarchy immediately below the root directory matches, it is determined that
  • the hash values (H1, H2) of the files 1 and 2 are calculated based on the hash algorithm (MD-5) stored in the hash file A in the hierarchy immediately below the directory 3.
  • the calculated hash values (calculated hash values: H1, H2) are compared with the hash values (stored hash values: H1, H2) stored in the hash file A. If the calculated hash values (H1, H2) and the stored hash values (H1, H2) are compared, and if they match, the hash values of the files in the hierarchy immediately below the directory 6 are compared.
  • hash values of the hierarchy immediately below the root directory are compared.
  • the hash value (H3) of the directory 3 is calculated by applying the hash algorithm (MD-5) stored in the hash file C to the hash file A.
  • the hash value (H6) of the directory 6 is next.
  • the process proceeds to step S4. If it is confirmed that the upper layer is the root directory, the process proceeds to step S5, and the hash value of the root directory is obtained.
  • (H8) is calculated by a hash algorithm (for example, MD-5, SHA-1, etc.) held by the digital broadcast receiver 1.
  • the hash value comparison that is the authentication operation of each layer is performed in step S3, and whether or not the layer in which the hash value comparison is performed in the next step S4 is a layer immediately below the root directory that is the highest layer. Is confirmed.
  • the hash value comparison which is the authentication operation described above, is executed up to the hierarchy immediately below the root directory. If the calculated hash value and the stored hash value of each layer are all matched by the authentication operation in step S3 and step S4, the received MHP application is determined to be valid. If there is a file or directory whose hash values do not match in the authentication operation (hash value comparison), the CPU 14 is notified that the MHP application is an unauthorized MHP application (step S8).
  • step S5 the entire hash value (H8) of the MHP application is stored in the Index file in the memory 15 together with the ID of the MHP application.
  • the Index file stores the MHP application ID of the MHP application and the entire hash value of the root directory (H8: stored overall authentication value).
  • step S6 the certificate public key possessed by the digital broadcast receiver 1 is used to execute a certificate signature verification process. If there is no problem with the signature in the verification process in step S6, the hash value of the certificate is calculated in the next step S7, and the calculation result is stored in the memory 15. Further, the CPU 14 is notified that the MHP application is a valid MHP application, and the display display of the MHP application is executed. If there is a problem in the verification process in step S6, the CPU 14 is notified of an unauthorized MHP application, and the authentication operation is terminated.
  • step S9 if the calculated total hash value of the MHP application and the stored total hash value of the past MHP application do not match, the contents stored in the Index file stored in the memory 15 and the past MHP application Is deleted (step S10).
  • step S10 after deleting the index file stored in the memory 15 and the entire stored hash value of the past MHP application, the process returns to step S2, and the file structure of the received MHP application is changed to the file described in the AIT. Recognizing from the path and the path to the root directory, the process proceeds to the steps after step S3.
  • the authentication operation as described above is executed. Therefore, in the digital broadcast receiver 1 of the first embodiment, when the digital broadcast receiver 1 first receives the MHP application, the authentication operation executes an authentication operation for performing a hash operation on all files (8 Hash calculation and hash value comparison), when a previously loaded MHP application is received, the entire hash value (calculated overall hash value) of the MHP application is calculated and stored in the memory 15. If the calculated total hash value matches the stored total hash value, it is determined that the MHP application is valid (one hash operation and hash value comparison). For this reason, in the digital broadcast receiver 1 of the first embodiment, the number of operations in the authentication operation when receiving a previously loaded MHP application is extremely reduced, and the time loss until the display of the MHP application is greatly reduced. It can be reduced.
  • the digital broadcast receiver according to the second embodiment is a receiver used in the digital broadcast system, and has substantially the same configuration as that of the digital broadcast receiver 1 according to the first embodiment.
  • the digital broadcast receiver according to the second embodiment is different from the digital broadcast receiver 1 according to the first embodiment in an authentication operation when an MHP application as an application that requires an authentication process is updated. Therefore, in the description of the digital broadcast receiver of the second embodiment, the same reference numerals are given to the components having the same functions and configurations as those of the digital broadcast receiver 1 of the first embodiment, and the description of the first embodiment is applied to the description. .
  • the hierarchical structure shown in FIGS. 6A to 6D is a diagram showing an example of the tree structure of the MHP application received by the digital broadcast receiver of the second embodiment, and is the same as the hierarchical structure shown in FIG. 3 in the first embodiment. It is a hierarchical structure.
  • the hierarchical structure shown in FIGS. 6A to 6D is merely an example, and various hierarchical structures are included in the present invention.
  • the hash file A in FIG. 6A stores a hash algorithm (for example, MD-5) and the hash values (H1a, H2) of the file 1 and the file 2 by the hash algorithm (MD-5).
  • the hash file B stores the hash algorithm (SHA-1) and the hash values (H4, H5) of the files 4 and 5 by the hash algorithm (SHA-1).
  • the hash file C the hash value (H3a) of the hash file A, which is the hash value of the directory 3, the hash value (H6) of the hash file B, which is the hash value of the directory 6, the hash value (H7) of the file 7, A hash algorithm (MD-5) acting on the file A, the hash file B, and the hash file 7 is stored.
  • the tree structure shown in FIGS. 6A to 6D has substantially the same hierarchical structure as the tree structure shown in FIG. 3, and the detailed description thereof is the same as that of the first embodiment. Incorporated and omitted here.
  • the authentication operation in the digital broadcast receiver according to the second embodiment differs from the authentication operation according to the first embodiment in an authentication operation when a part of the received MHP application is updated (upgraded). That is, in the MHP application received by the digital broadcast receiver and displayed on the display, the authentication operation when only a part of the information in the MHP application is changed and the MHP application is updated is described above. This is different from the authentication operation in the digital broadcast receiver 1 of the first embodiment.
  • step S9 the calculated total hash value for the entire MHP application in step S9 of the flowchart shown in FIG. And the stored whole hash values do not match, and the process proceeds to step S2 via step S10.
  • the hash value comparison of each layer is sequentially performed from the lowest layer in the processing after step S2.
  • the entire hash value for the entire past MHP application is obtained by the authentication algorithm (hash algorithm) uniquely possessed by the digital broadcast receiver. It is calculated and stored in the Index file of the memory 15 as the entire hash value of the MHP application (H8: stored entire authentication value). Therefore, even in the digital broadcast receiver according to the second embodiment that has received the MHP application, in the first step of the authentication operation, the entire hash value of the received MHP application is calculated using a hash algorithm that the digital broadcast receiver has uniquely.
  • the calculated total hash value (H8: calculated total authentication value) is compared with the total hash value (H8: stored total authentication value) of the past MHP application corresponding to the received MHP application.
  • the calculated total hash value (calculated total authentication value) matches the total hash value (stored total authentication value) of the past MHP application
  • the certificate possessed by the digital broadcast receiver Using the public key, the signature verification process of the certificate (Certificate) is executed. If there is no problem with the signature in this verification process, the hash value of the certificate is calculated and the calculation result is stored in the memory 15 and the CPU 14 is notified that the MHP application is a valid MHP application. To do.
  • the MHP application is displayed on the display.
  • the calculated total hash value of the received MHP application matches the stored total hash value of the past MHP application, as in step S9 and subsequent steps in the flowchart shown in FIG. For example, step S6 and step S7 in FIG. 5 are executed. Therefore, if there is a problem with the signature in the verification process, the CPU 14 is notified that the application is an unauthorized MHP application, and the authentication operation is terminated.
  • the hash value (H3) and hash value (H6) of the hash algorithm (MD-5) of the hash file C, and the hash algorithm (for example, the digital broadcast receiver has unique) , MD-5, SHA-1, etc.) are stored in the Index file of the memory 15 as the hash value (H3, H6, H8) of the MHP application in the Index file.
  • the application ID of the MHP application, the entire hash value (H8), the path of the directory having the hash value (for example, directory 3, directory 6), and the hash value (for example, H6, H3) are stored.
  • FIG. 7 is a diagram illustrating an example of an application ID, an entire hash value (H8), a path, and hash values (H3, H6...) Stored in an Index file in the digital broadcast receiver according to the second embodiment.
  • an area including the file 1, the file 2, and the hash file A is an “A area”, and the file 4, the file 5, and the hash file.
  • An area including B will be described as “B area”, and an area including directory 3, directory 6, file 7, and hash file C will be described as “C area”.
  • the CPU 14 when the MHP application in which only the file in the “A” area is updated is received, the CPU 14 (see FIGS. 1 and 2) stores the received MHP application in the memory 15, and The authentication processing unit 16 starts the authentication operation of the received MHP application.
  • the authentication determination unit 101 of the authentication processing unit 16 calculates the received hash value (H8a) of the MHP application, and the calculated calculated hash value (H8a: calculated total authentication value).
  • the entire stored hash value (H8: entire stored authentication value) of the Index file is compared.
  • the obtained calculated hash values (H1a, H2) and the stored hash values (H1a, H2) stored in the hash file A are compared, and if they do not match, the CPU 14 determines that the MHP application is an unauthorized MHP application. Notice. On the other hand, if they match, the calculated hash value (H3a) of the newly calculated hash file A is stored in the Index file.
  • the calculation process is performed six times (H8a, H3a, H1a, H2, H6, H7).
  • the authentication operation can be completed.
  • the CPU 14 stores the received MHP application in the memory 15 and The authentication operation of the received MHP application is started.
  • the authentication determination unit 101 of the authentication processing unit 16 calculates the entire hash value (H8b) of the received MHP application, and the calculated total hash value (H8b) and the entire storage of the Index file.
  • the hash value (H8) is compared. In this case, since the comparison results do not match, the lowermost hash file A having the area “A” is calculated by the hash algorithm (MD-5) stored in the hash file C, and the calculated hash value is calculated. (H3) is acquired.
  • the calculated hash value (H3) is compared with the stored hash value (H3) of the Index file. The comparison results are consistent.
  • the hash file B in the area “B” is calculated by the hash algorithm (MD-5) stored in the hash file C to obtain the calculated hash value (H6b).
  • the calculated hash value (H6b) is compared with the stored hash value (H6) of the Index file. Since the comparison result does not match, the files 4 and 5 are calculated by the hash algorithm (SHA-1) stored in the hash file B, and the calculated hash values (H4b, H5) are obtained.
  • the obtained calculated hash value (H4b, H5) and the stored hash value (H4b, H5) stored in the hash file B are compared, and if they do not match, the CPU 14 determines that the MHP application is an unauthorized MHP application. Notice. On the other hand, if they match, the calculated hash value (H6b) of the newly calculated hash file B is stored in the Index file.
  • the hash value (H3) and the hash value (H6b) related to the directory 3 and the directory 6 are compared with the stored hash value (H3) and the stored hash value (H6b) stored in the hash file C, If they do not match, the CPU 14 notifies the CPU 14 that the MHP application is an unauthorized MHP application. On the contrary, if the values match, the hash value (H7) relating to the file 7 is calculated by the hash algorithm (MD-5) stored in the hash file C, and the calculated hash value (H7) is obtained. The calculated hash value (H7) is compared with the stored hash value (H7) stored in the hash file C.
  • the calculation processing is performed six times (H8b, H3, H6b, H4b, H5, H7).
  • the authentication operation can be completed.
  • the hash value (H3) and the hash value (H6) regarding the directory 3 and the directory 6, and the stored hash value (H3) and the stored hash value ( H6) is compared, and if they do not match, the CPU 14 is notified that the MHP application is an unauthorized MHP application.
  • the file 7 is calculated by the hash algorithm (MD-5) stored in the hash file C to obtain the calculated hash value (H7c).
  • the calculated hash value (H7c) is compared with the stored hash value (H7c) stored in the hash file C. If the hash value comparison does not match, the CPU 14 is notified that the MHP application is an unauthorized MHP application.
  • the authentication operation is performed by four times (H8c, H3, H6, H7c) of arithmetic processing. Can be completed.
  • the CPU 14 stores the received MHP application in the memory 15 and the authentication processing unit 16. In response, the authentication operation of the received MHP application is started.
  • the authentication determination unit 101 of the authentication processing unit 16 calculates the entire hash value (H8d) of the received MHP application, and the calculated total hash value (H8d) and the entire storage of the Index file. The hash value (H8) is compared.
  • the hash file B in the area “B” is calculated by the hash algorithm (MD-5) stored in the hash file C to obtain the calculated hash value (H6).
  • the calculated hash value (H6) and the stored hash value (H6) are compared. Since the comparison results match, the authentication operation for the area “C” is performed next.
  • the hash value (H3a) and hash value (H6) related to the directory 3 and directory 6 are compared with the stored hash value (H3a) and stored hash value (H6) stored in the hash file C.
  • the CPU 14 notifies the CPU 14 that the MHP application is an unauthorized MHP application.
  • the hash value related to the file 7 is calculated by the hash algorithm (MD-5) stored in the hash file C to obtain the calculated hash value (H7c).
  • the calculated hash value (H7c) is compared with the stored hash value (H7c) stored in the hash file C.
  • the CPU 14 If the hash value comparison does not match, the CPU 14 is notified that the MHP application is an unauthorized MHP application.
  • a hash algorithm for example, MD-5, SHA-1 or the like
  • the hash value (H8d) acquired by the above becomes the hash value (H8d) of the root directory and is stored in the Index file.
  • the authentication operation when the files in the “A” area and the “C” area are updated is performed six times (H8d, H3a, H1a, H2, H6, H7c).
  • the authentication operation can be completed by the arithmetic processing.
  • a reception data authentication method and a digital broadcast receiver that perform authentication processing for verifying the reliability of an application compliant with the DVB-MHP standard in a shorter time than before are described.
  • the present invention is not limited to the DVB-MHP standard, and the received data authentication method and digital broadcast receiver of the present invention can be used for applications that require authentication processing similar to the DVB-MHP standard, for example, the standard for cable television in North America.
  • the present invention can also be applied to an application conforming to the standard OCAP (OpenCable Application Platform) standard.
  • the present invention provides a highly useful digital broadcast receiver capable of performing an authentication operation for verifying the reliability of an application in a short time when an application conforming to the DVB-MHP standard is received in the digital broadcast system. can do.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Virology (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Circuits Of Receivers In General (AREA)

Abstract

L'invention porte sur un procédé d'authentification de données reçues qui permet, dans un récepteur de diffusion numérique, de simplifier un traitement d'authentification réalisé pour vérifier le caractère de confiance d'une application demandant une authentification, et réduire de ce fait le retard d'affichage de l'application. Le procédé consiste à : déterminer, sur la base d'informations d'identification d'application, si une application reçue demandant une authentification est une application reçue pour la première fois ou non ; et, lorsqu'il est déterminé que l'application reçue demandant une authentification n'est pas une application reçue pour la première fois, exécuter un traitement d'authentification par rapport à l'application reçue demandant une authentification dans l'ensemble.
PCT/JP2010/004496 2009-07-30 2010-07-12 Procédé d'authentification de données reçues et récepteur de diffusion numérique Ceased WO2011013303A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2009177550 2009-07-30
JP2009-177550 2009-07-30

Publications (1)

Publication Number Publication Date
WO2011013303A1 true WO2011013303A1 (fr) 2011-02-03

Family

ID=43528977

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2010/004496 Ceased WO2011013303A1 (fr) 2009-07-30 2010-07-12 Procédé d'authentification de données reçues et récepteur de diffusion numérique

Country Status (1)

Country Link
WO (1) WO2011013303A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012257228A (ja) * 2011-05-19 2012-12-27 Nippon Hoso Kyokai <Nhk> 受信機
JP2013009360A (ja) * 2011-05-20 2013-01-10 Nippon Hoso Kyokai <Nhk> 放送送信装置、放送通信連携受信装置およびそのプログラム、ならびに、放送通信連携システム
JP2014011715A (ja) * 2012-07-02 2014-01-20 Nippon Hoso Kyokai <Nhk> 放送通信連携受信装置、アプリケーション認証プログラム及び放送通信連携システム
JP2015079404A (ja) * 2013-10-18 2015-04-23 株式会社日立製作所 不正検知方法
EP2797023A4 (fr) * 2011-12-21 2015-06-10 Sony Corp Dispositif de traitement d'informations, dispositif de serveur, procédé de traitement d'informations, procédé de traitement de serveur et programme
WO2018024545A1 (fr) 2016-08-04 2018-02-08 Smardtv S.A. Procédé et dispositif pour vérifier l'authenticité d'une application associée à un hbbtv

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002508624A (ja) * 1998-03-25 2002-03-19 カナル プラス ソシエテ アノニム ディジタル伝送システムにおけるデータ認証方法
JP2007515092A (ja) * 2003-12-18 2007-06-07 松下電器産業株式会社 プログラムデータファイル保存方法および認証プログラム実行方法
JP2007528048A (ja) * 2003-07-10 2007-10-04 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ ソフトウェアアプリケーション実行方法
WO2009057627A1 (fr) * 2007-10-30 2009-05-07 Kyocera Corporation Appareil récepteur

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002508624A (ja) * 1998-03-25 2002-03-19 カナル プラス ソシエテ アノニム ディジタル伝送システムにおけるデータ認証方法
JP2007528048A (ja) * 2003-07-10 2007-10-04 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ ソフトウェアアプリケーション実行方法
JP2007515092A (ja) * 2003-12-18 2007-06-07 松下電器産業株式会社 プログラムデータファイル保存方法および認証プログラム実行方法
WO2009057627A1 (fr) * 2007-10-30 2009-05-07 Kyocera Corporation Appareil récepteur

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012257228A (ja) * 2011-05-19 2012-12-27 Nippon Hoso Kyokai <Nhk> 受信機
JP2013009360A (ja) * 2011-05-20 2013-01-10 Nippon Hoso Kyokai <Nhk> 放送送信装置、放送通信連携受信装置およびそのプログラム、ならびに、放送通信連携システム
EP2797023A4 (fr) * 2011-12-21 2015-06-10 Sony Corp Dispositif de traitement d'informations, dispositif de serveur, procédé de traitement d'informations, procédé de traitement de serveur et programme
US9723376B2 (en) 2011-12-21 2017-08-01 Saturn Licensing Llc Information processing apparatus, server apparatus, information processing method, server processing method, and program
JP2014011715A (ja) * 2012-07-02 2014-01-20 Nippon Hoso Kyokai <Nhk> 放送通信連携受信装置、アプリケーション認証プログラム及び放送通信連携システム
JP2015079404A (ja) * 2013-10-18 2015-04-23 株式会社日立製作所 不正検知方法
WO2018024545A1 (fr) 2016-08-04 2018-02-08 Smardtv S.A. Procédé et dispositif pour vérifier l'authenticité d'une application associée à un hbbtv

Similar Documents

Publication Publication Date Title
JP4971388B2 (ja) データのダウンロード
KR101073170B1 (ko) 프로그램 데이터 파일 저장 방법 및 인증된 프로그램 실행방법
WO2011013303A1 (fr) Procédé d&#39;authentification de données reçues et récepteur de diffusion numérique
CN100459659C (zh) 应用执行设备、应用执行方法、和集成电路
JP5006388B2 (ja) データ管理装置
RU2602355C2 (ru) Устройство обработки информации, устройство сервера, способ обработки информации, способ обработки сервера и программа
US8392724B2 (en) Information terminal, security device, data protection method, and data protection program
US20140344846A1 (en) Receiver, program and receiving method
US8510544B2 (en) Starts up of modules of a second module group only when modules of a first group have been started up legitimately
JP2007535204A (ja) 認証プログラム実行方法
US8031717B2 (en) Communication apparatus and communication method
RU2414757C2 (ru) Носитель записи, устройство и способ для воспроизведения данных, устройство и способ для сохранения данных
CN101099211A (zh) 用于保护共享数据的方法和装置以及使用本地存储从记录介质中再现数据的方法和装置
WO2006129654A1 (fr) Dispositif electronique, serveur de mise a jour et dispositif de mise a jour de cles
CN102282564B (zh) 信息处理设备和信息处理方法
JP5961165B2 (ja) 放送通信連携受信装置及び放送通信連携システム
KR20060081338A (ko) 공유 콘텐츠 보호방법, 로컬 스토리지를 이용한 기록매체재생방법 및 재생장치
US20100115616A1 (en) Storage Device and Method for Dynamic Content Tracing
CN113127891A (zh) 一种智能媒体桌面的模板文件加密方法和装置
US7502294B2 (en) Information recording and playback apparatus, content management method, and content management program capable of preventing illegal copying of content
CN115509587B (zh) 固件升级方法、装置、电子设备及计算机可读存储介质
KR20070037697A (ko) 데이터 이동 방법, 데이터 이동원 장치, 데이터 이동처장치, 데이터 이동 프로그램이 기억된 기억 매체 및 이동데이터 기록 프로그램이 기억된 기억 매체
KR102379069B1 (ko) 방송 데이터를 인증하는 방송 장치 및 방법
CN106294020B (zh) 安卓系统应用分区文件保护方法及终端
WO2013190598A1 (fr) Procédé d&#39;écrasement de programme de dispositif de réception de radiodiffusion, dispositif de réception de radiodiffusion, et programme

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10804056

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10804056

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP