[go: up one dir, main page]

WO2015034020A1 - Dispositif de transmission, dispositif de réception, système de réception limitée, et procédé de réception limitée - Google Patents

Dispositif de transmission, dispositif de réception, système de réception limitée, et procédé de réception limitée Download PDF

Info

Publication number
WO2015034020A1
WO2015034020A1 PCT/JP2014/073389 JP2014073389W WO2015034020A1 WO 2015034020 A1 WO2015034020 A1 WO 2015034020A1 JP 2014073389 W JP2014073389 W JP 2014073389W WO 2015034020 A1 WO2015034020 A1 WO 2015034020A1
Authority
WO
WIPO (PCT)
Prior art keywords
scramble
packet
layer
information
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2014/073389
Other languages
English (en)
Japanese (ja)
Inventor
千草 山村
大竹 剛
西本 友成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Japan Broadcasting Corp
Original Assignee
Nippon Hoso Kyokai NHK
Japan Broadcasting Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Hoso Kyokai NHK, Japan Broadcasting Corp filed Critical Nippon Hoso Kyokai NHK
Publication of WO2015034020A1 publication Critical patent/WO2015034020A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets
    • H04L65/61Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio
    • H04L65/611Network streaming of media packets for supporting one-way streaming services, e.g. Internet radio for multicast or broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/238Interfacing the downstream path of the transmission network, e.g. adapting the transmission rate of a video stream to network bandwidth; Processing of multiplex streams
    • H04N21/2389Multiplex stream processing, e.g. multiplex stream encrypting
    • H04N21/23895Multiplex stream processing, e.g. multiplex stream encrypting involving multiplex stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/438Interfacing the downstream path of the transmission network originating from a server, e.g. retrieving encoded video stream packets from an IP network
    • H04N21/4385Multiplex stream processing, e.g. multiplex stream decrypting
    • H04N21/43853Multiplex stream processing, e.g. multiplex stream decrypting involving multiplex stream decryption

Definitions

  • the present invention relates to a transmission apparatus, a reception apparatus, a conditional access system, and a conditional access method for performing limited reception in a broadcasting system using MMT (MPEG-Media-Transport).
  • MMT MPEG-Media-Transport
  • MPEG2-TS MPEG-2 Transport Transport
  • MPEG2-TS MPEG-2 Transport Transport
  • This MPEG2-TS can encrypt the payload portion of the TS packet in order to protect the content safely (see Non-Patent Document 1).
  • MMT MPEG-Media-Transport
  • TLV Type-Length-Value
  • MMT multimedia transport protocol
  • IP packets MMT over IP
  • IPsec which is a protocol having an encryption function and an authentication function, is widely used as a method for safely protecting data on IP in the network layer.
  • the present invention has been made in view of such problems.
  • a broadcasting system is constructed using MMT, not only data protection in the network layer but also fine service protection in the MMT layer is realized. It is an object of the present invention to provide a transmission device, a reception device, a conditional access system, and a limited reception method capable of performing the above.
  • the transmitting device and the receiving device that constitute the conditional access system of the present invention are configured as follows. That is, the transmitting device is an MMT package table generating unit, a conditional access table generating unit, an MMTP packet configuring unit, an IP packet configuring unit, and a scramble unit in a transmitting device that transmits contents in IP packets using MMT. And a header setting means.
  • the transmitting apparatus uses the MMT package table generating means to create an MMT package table (MPT) which is table information designating position information specifying the location of common key information common to the receiving apparatus in which the scramble key is encrypted with the work key. ) Is generated. Further, the transmitting device uses table information specifying position information specifying the location of individual key information obtained by encrypting the work key with an individual encryption key for each management unit of the receiving device determined in advance by the limited reception table generating unit. A certain limited reception table (CAT) is generated.
  • MMT package table MMT package table
  • the transmission apparatus configures the content as an MMTP packet of the MMT layer by the MMTP packet configuration unit.
  • the content is encapsulated and transmitted as an MMTP packet.
  • the transmission apparatus adds the headers of the transport layer and the network layer to the MMTP packet by the IP packet configuration unit, and configures it as an IP layer IP packet.
  • the MMTP packet is encapsulated as an IP packet.
  • the transmission device uses the scramble means to determine a predetermined scramble target policy or a control signal input from the outside, based on the payload area of the IP packet or the payload area of the MMTP packet (more specifically, The data part of the area is scrambled with a scramble key.
  • the scramble means can scramble two different layers of the IP layer and the MMT layer.
  • the transmission apparatus sets scramble control information indicating the presence / absence of scramble in the header part of the scramble target layer by the header setting means. Then, the transmitting apparatus embeds control information including the layer identification indicating the scramble target layer in the MMT package table by the MMT package table generation means, or the control including the scramble target layer identification by the conditional access table generation means. A process of embedding information in the conditional access table is performed. As a result, the transmission apparatus can notify the reception apparatus of which layer data is scrambled in the IP layer or the MMT layer.
  • the receiving device includes an MMT package table processing unit, a limited reception table processing unit, a key information processing unit, a descrambling unit, and an IP packet.
  • the configuration includes filtering means and MMTP packet filtering means.
  • the receiving apparatus receives the MMT package table by the MMT package table processing means, and extracts the position information of the common key information. Further, the receiving device uses table information specifying position information for specifying the location of individual key information obtained by encrypting a work key with an individual encryption key for each management unit of the receiving device determined in advance by the limited reception table processing means. A certain limited reception table is received, and the position information of the individual key information is extracted. Then, the receiving device extracts the scramble key from the common key information and the individual key information acquired based on the extracted position information by the key information processing means. That is, the key information processing means extracts the scramble key by decrypting the individual key information with the encryption key unique to the receiving device and extracting the work key, and decrypting the common key information with the work key.
  • the receiving device descrambles the payload area of the IP packet by the descrambling unit, and extracts the MMTP packet from the IP packet. Further, when the MMT layer is scrambled by the MMTP packet filtering means, the receiving apparatus descrambles the payload area of the MMTP packet (more specifically, the data portion of the area) by the descrambling means, Content is extracted from the MMTP packet.
  • the IP packet filtering means when the conditional access table or the MMT package table includes control information including a layer identification indicating that the scramble target is the IP layer, or a header immediately before the payload of the IP packet, it is determined that the payload area of the IP packet is scrambled.
  • the MMTP packet filtering means when the limited reception table or the MMT package table includes control information including a layer identification indicating that the scramble target is the MMT layer, or is scrambled in the header of the MMTP packet
  • the scramble control information indicating that the MMTP packet is present is set, it is determined that the payload area of the MMTP packet (more specifically, the data portion of the area) is scrambled. Accordingly, the receiving apparatus can correctly recognize the scrambled IP layer or MMT layer and descramble the data of each layer.
  • the present invention has the following excellent effects.
  • an MMT that constitutes a service can be protected in a broadcasting system that uses MMT as a media transport system and transmits content regardless of a transmission path (broadcast / communication).
  • the present invention can realize fine service protection in units of components, such as making it possible to charge only sub-audio transmitted by broadcasting, and data not related to programs. Data protection can also be realized.
  • FIG. 6 is a data structure diagram showing the structure of an MPT generated by the MPT generating means in FIG. 5, where (a) shows an example of specifying a conditional access method in units of assets, and (b) shows an example of specifying a conditional access method in units of programs. It is. It is a data structure figure which shows the structure of CAT which the CAT production
  • FIG. 10 It is a block block diagram which shows the structure of the key information generation means of FIG. It is a data structure figure which shows the structure of ECM which the ECM production
  • FIG. 6 is a data structure diagram illustrating the structure of an MPT generated by the MPT generating unit in FIG. 5 in a modification of the first embodiment of the present invention, in which (a) is an example of designating a conditional access method in units of assets; ) Is an example in which the limited reception method is specified in units of programs.
  • FIG. 6 is a data structure diagram showing a structure of a CAT generated by the CAT generation unit of FIG. 5 in a modification of the first embodiment of the present invention. It is explanatory drawing for demonstrating the CBC mode of encryption utilization mode. It is explanatory drawing for demonstrating the CFB mode of encryption utilization mode. It is explanatory drawing for demonstrating OFB mode of encryption utilization mode. It is explanatory drawing for demonstrating CTR of encryption utilization mode.
  • FIG. 24 is a data structure diagram showing a structure of a scramble method descriptor set in each table by the MPT generation unit and the CAT generation unit of FIG.
  • FIG. 10 is a diagram illustrating an example of specifying initial value identification. It is a block block diagram which shows the structure of the transmitter which concerns on 3rd Embodiment of this invention. It is a figure which shows the content of the policy memorize
  • FIG. 28 is a data structure diagram showing a structure of a scramble method descriptor set in each table by the MPT generation unit and the CAT generation unit of FIG. 27, where (a) designates a message authentication method and a scramble method (encryption method). (B) is a figure which shows the case where a message authentication system is designated, (c) is a figure which shows the case where a message authentication system, a scramble system (encryption system), and an initial value are designated.
  • FIG. 28 is a data structure diagram illustrating a structure of a message authentication scheme descriptor set in each table by the MPT generation unit and the CAT generation unit of FIG. 27.
  • the conditional access system (broadcast system) S uses MMT (MPEG Media Transport) as a media transport system, converts the contents into IP packets, and transmits them via a broadcast wave W or a communication line N.
  • MMT MPEG Media Transport
  • the conditional access system S protects data and services (programs) by scrambling the two different layers of the network layer (IP layer) and the media transport layer (MMT layer), and performs conditional access. Is realized.
  • the limited reception system S includes a digital broadcast transmission device 1 (or a transmission device 1 that provides a communication network service) owned by a broadcaster, and digital broadcast reception devices 3, 3,... It consists of.
  • the transmission device 1 converts video, audio, data, and other contents into MMTP packets, and then converts them into IP packets (MMT over IP), and scrambles the network layer and media transport layer as necessary. And transmitted via the broadcast wave W or the communication line N. Note that the transmission device 1 also performs IP packet TLV conversion when transmitting via the broadcast wave W.
  • the receiving device 3 receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is.
  • PLT Package List Table
  • packages programs constituting a service transmitted by an IP packet are described in an MPT list format.
  • This PLT specifies an MPT by specifying an arrangement location (position information) for specifying the location of the MPT as information for specifying the MPT.
  • MPT MMT Package Table
  • An asset is a component unit having the same transmission characteristic information.
  • the same transmission feature information is the same information indicating the transmission characteristics of the asset, and indicates the same presentation target, presentation timing, and the like.
  • asset A1 can be a unit of main audio received by broadcasting
  • asset A2 can be a unit of sub audio received by communication.
  • the asset can be a unit that can control service protection. For example, only the asset A2 is charged, or the security requirement of the asset A3 is higher than that of the asset A1, and the encryption method is changed.
  • a plurality of data such as single media data (data specifying presentation time) such as video and audio, and files (data that does not require specification of presentation time) are stored in the same
  • a unit managed by ID is an asset. That is, an asset is a unit indicating data in which one or more MPUs are linked by the same asset ID (Aid1, Aid2, Aid3) as shown in FIG.
  • the MPT has a description in which an arrangement location of common key information (ECM: Entitlement Control Message) common to the receiving apparatuses 3, 3,... Is specified as key information for limited reception.
  • ECM Entitlement Control Message
  • a child access control descriptor or conditional access method descriptor
  • MPT designates one ECM (E0) for one package (program) specified by the MPT, and designates ECM (E2, E3) for each asset constituting the program. is there.
  • ECM Entitlement Control Message
  • the CAT (Conditional Access Table) is an access control description that is a descriptor that specifies an arrangement location of individual key information (EMM: Entitlement Management Message) for each receiving device 3 as key information for performing limited reception. This is table information describing a child (or conditional access system descriptor). The specific structure of the CAT and EMM will be described later.
  • MMT packet MMTP packet
  • CAT, MPT, ECM, EMM, etc. are arranged as a control message or MPU is arranged in the MMTP payload.
  • MPU has an MFU (Media Fragment Unit) arranged in the MPU payload.
  • This MFU is data obtained by fragmenting the MPU, and is media data (access unit, NAL [Network Abstraction Layer] unit, file) below the access unit that is the minimum unit of video and audio encoding and decoding. It is.
  • NAL Network Abstraction Layer
  • the MMTP packet is further configured as an IP packet by adding a TCP / UDP (Transmission Control Protocol / User Datagram Protocol) header as a transport layer and an IP header as a network layer.
  • TCP / UDP Transmission Control Protocol / User Datagram Protocol
  • IP header as a network layer.
  • TLV header is further added.
  • the transmission device 1 performs processing to appropriately scramble the MMT layer and the IP layer when the content is converted into an MMTP packet and then transmitted as an IP packet.
  • the transmission apparatus 1 includes an encoding unit 10, an MPU generation unit 11, a control message generation unit 12, an MMTP packet configuration unit 13, an IP packet configuration unit 14, a policy storage unit 15, and a scramble unit 16. , A packet reconfiguration unit 17, a data transmission unit 18, a PLT generation unit 19, an MPT generation unit 20, a CAT generation unit 21, and a key information generation unit 22.
  • the encoding means 10 encodes (encodes) content (baseband signals such as video and audio).
  • the encoding means 10 is, for example, H.264, which is one of the video compression standards, for video. It encodes with H.265 (HEVC: High Efficiency Video Coding).
  • the encoding unit 10 encodes audio by, for example, MPEG4 AAC (Advanced Audio Coding).
  • the encoding unit 10 outputs the encoded data to the MPU generation unit 11 as media data below an access unit such as a NAL unit, for example.
  • the MPU generation means 11 is a media processing unit that is a data processing unit in the MMT for media data encoded by the encoding means 10 and data (file) used in data broadcasting separately input (not shown) from the outside. (MPU).
  • the MPU generation unit 11 subdivides (fragments) the data, and includes a header including sequence numbers (data order) in media data and files below the access unit such as a NAL unit. Is added to configure a media fragment unit (MFU). Further, the MPU generating unit 11 generates an MPU by adding a header including at least an asset identifier (asset ID) for identifying the MPU and a sequence number (the order of the MPUs in the asset) to the MFU. . As a result, the MPU is uniquely identified. Note that the MPU generation unit 11 generates an MPU for each predetermined asset unit, for example, a single medium such as video, audio, or data. The MPU generation unit 11 outputs the generated MPU to the MMTP packet configuration unit 13.
  • asset ID asset identifier
  • sequence number the order of the MPUs in the asset
  • the control message generation unit 12 generates a control message including control information for notifying the reception device 3.
  • the control message generator 12 is generated by a PLT (package list table) generated by a PLT generator 19 described later, an MPT (MMT package table) generated by an MPT generator 20, and a CAT generator 21.
  • a CAT (restricted reception table), an ECM (common key information) generated by the key information generation means 22 and an EMM (individual key information), etc. are input to identify PLT, MPT, CAT, ECM, EMM, etc.
  • the control message including the identification information (table ID) is generated.
  • control message generation unit 12 outputs the generated control message to the MMTP packet configuration unit 13. Note that the control message generation unit 12 may output the generated control message to the IP packet configuration unit 14.
  • the MMTP packet configuring unit 13 encapsulates the MPU generated by the MPU generating unit 11 and the control message generated by the control message generating unit 12 into an MMTP packet.
  • the MMTP packet composing means 13 composes the payload of the MMTP packet by dividing or concatenating the inputted MPU and control message. Then, the MMTP packet configuring unit 13 sets at least a packet ID (a different value for each asset and control message) and a payload type indicating the content type of the payload in the header of the MMTP packet. This payload type is, for example, identification information indicating whether an MPU is set or a control message is set.
  • the MMTP packet configuring unit 13 outputs the generated MMTP packet to the IP packet configuring unit 14.
  • the IP packet configuration unit 14 adds the headers of the transport layer and the network layer to the MMTP packet generated by the MMTP packet configuration unit 13 and configures it as an IP packet.
  • the IP packet configuration unit 14 converts the control message into an IP packet.
  • the IP packet composing means 14 composes a transport layer protocol TCP or UDP payload with an MMTP packet, adds a TCP / UDP header, and further specifies a destination, a source address, and the like.
  • An IP packet is generated by adding the included IP header.
  • the IP packet configuring unit 14 does not show data irrelevant to the program, files necessary for engineering services such as firmware update of the receiving device 3, etc. from the outside without going through the MMTP packet configuring unit 13. Enter directly by the method. That is, the IP packet configuring unit 14 can not only encapsulate the MMTP packet but also configure data other than the MMTP packet by the IP packet.
  • the IP packet composing means 14 is a network layer such as transport layer header information such as whether to add a TCP header or a UDP header as a transport layer header, and destination information set in an IP packet. The header information is appropriately set from the outside or inside based on the setting information stored therein corresponding to the content input to the transmission device 1 or the like.
  • the IP packet construction unit 14 outputs the generated IP packet to the scramble unit 16.
  • the policy storage means 15 stores conditions (policy) for scrambling two different layers, that is, a network layer (IP layer) and a media transport layer (MMT layer).
  • This policy storage means 15 can be constituted by a general storage medium such as a semiconductor memory, for example.
  • the policy stored in the policy storage unit 15 is referred to by the scramble unit 16, and the scramble target is determined.
  • the conditions (policy) for performing the scramble are “IP Ver”, “transmission destination address”, “transmission source address”, “transmission destination port”, “transmission source port”, “transport layer protocol”.
  • “Scramble target”, “MMT scramble condition”, and “scramble method (encryption method)” are set in a plurality.
  • IP Ver indicates the version of the IP protocol. For example, the types of IPv4 and IPv6 are shown. “Destination address” and “Source address” indicate the IP address of the transmission destination that transmits the IP packet and the IP address of the transmission source that transmits the IP packet, respectively. “Transmission destination port” and “transmission source port” indicate a transmission destination and a transmission source port number determined in advance for each type of TCP or UDP. “Transport layer protocol” indicates the protocol type of the transport layer. For example, the type of TCP or UDP is shown.
  • “Scramble target” indicates an area to be scrambled on an IP packet.
  • a scramble target whether to scramble at the network layer level (IP) or scramble at the media transport layer level (MMT) is shown.
  • MMT scramble condition indicates a detailed condition of which asset is scrambled when the scramble target is the media transport layer. That is, if this “MMT scramble condition” is set, the MMT becomes a scramble target in units of assets.
  • “Scramble method” indicates an encryption method when scrambled.
  • the type of scramble method (encryption method) to be used such as encryption (AES-256_CBC) with a key length of 256 bits and an operation mode of CBC (Cipher Block Chaining) with AES (Advanced Encryption Standard) encryption Set.
  • a UDP IP packet transmitted by “3300” as a transmission destination port and “3000” as a transmission source port is scrambled with IP layer data. Is meant to do.
  • UDP is transmitted with a transmission destination address of “239.192.0.1”, a transmission source port of “100”, and a transmission destination port of “100”. This means that MPUs with asset identifiers “00000001” and “00000011” are to be scrambled in the MMT layer.
  • the scramble unit 16 refers to the policy stored in the policy storage unit 15 with respect to the IP packet generated by the IP packet configuration unit 14, determines the scramble target, and scrambles the target It is.
  • the scramble means 16 refers to the policy shown in FIG. 6 and identifies the scramble target according to the contents of the IP header, transport protocol header, and MMTP header included in the IP packet. Then, the scramble means 16 applies the policy shown in FIG. 6 to the network layer payload area or the media transport layer payload area (more specifically, the data portion of the area) as a scramble target.
  • the scramble key Ks generated by the key information generation means 22 is scrambled by the described scramble method (encryption method). In this case, the scramble means 16 refers to the policy stored in the policy storage means 15, but the scramble target and the scramble method are separately input from the control signal as information set externally. Also good.
  • the packet reconstructing means (header setting means) 17 reconstructs an IP packet by adding information on the scrambling performed by the scramble means 16 to the header part of the scrambled layer.
  • the packet reconstructing means 17 expands an ESP (Encapsulated Security Payload) header used in general IPsec (Security Architecture for IP) and relates to scramble. Set various information.
  • the packet reconstructing unit 17 inserts an ESP header between the IP header and the TCP / UDP header, and scramble control information, scramble ( Embed encryption) scheme identification.
  • “Scramble control information (scramble control bit)” indicates whether or not the IP is a scramble target, and further, a key used for scramble, such as an odd key (even key) or even key (even key) Indicates information that can uniquely identify the information.
  • “Scramble system identification (encryption system identification)” indicates information for identifying a scramble system when scrambling an IP.
  • the packet reconfiguration unit 17 sets various information related to scramble in the header of the MMTP packet (MMTP header). Specifically, as shown in FIG. 7B, the packet reconfiguration unit 17 embeds scramble control information and scramble method identification in the MMTP header. Note that these embedded data are the same as the data described with reference to FIG. 7A, and only the scramble target is different.
  • the packet reconstruction unit 17 outputs the IP packet obtained by reconstructing the packet to the data transmission unit 18.
  • the scramble control information and the scramble method identification may be embedded as individual information, respectively.
  • the presence / absence of scramble, key information used for scramble, and the combination of scramble methods are linked to a unique identifier. It is also possible to manage the information and embed it as one piece of control information indicating the scrambled content using the identifier.
  • the data transmitting unit 18 transmits an IP packet to the receiving device 3.
  • the data transmission unit 18 transmits the IP packet reconstructed with the information embedded in the header by the packet reconstruction unit 17 to the reception device 3.
  • the data transmission unit 18 includes a broadcast transmission unit 180 and a communication transmission unit 181.
  • Broadcast transmission means 180 transmits an IP packet as broadcast data via a broadcast wave W.
  • the broadcast transmission means 180 encapsulates an IP packet with TLV (Type Length Value), MPEG2-TS, etc., modulates it, and outputs it as broadcast data.
  • TLV Type Length Value
  • MPEG2-TS MPEG2-TS
  • the medium for transmitting the broadcast wave W may be wired or wireless.
  • the communication transmission means 181 transmits an IP packet as communication data via the communication line N.
  • the communication transmission unit 181 transmits via a network interface such as Ethernet (registered trademark).
  • the data transmission means 18 is appropriately set from the outside as to whether the IP packet is transmitted by a broadcast wave or a communication line.
  • the PLT generation means (package list generation means) 19 generates a package list table (PLT) in which information for specifying the MPT is described in a list format.
  • the PLT generation means 19 describes location information indicating the MPT placement location as table information. Note that the PLT generation unit 19 appropriately inputs various information to be set in the PLT from the outside.
  • the MPT generating means (MMT package table generating means) 20 generates an MMT package table (MPT) in which information for specifying elements (assets) constituting a package (program) is described in a list format.
  • the MPT generation means 20 describes what assets the program is composed of (location information indicating asset acquisition destinations) as table information. Further, when the MPT generation means 20 performs limited reception of the program, the access control descriptor (or limited reception method descriptor) including an arrangement location (location information) for specifying the location of the key information (ECM) common to the receiving device. Is further described as table information.
  • FIG. 8A shows an example of MPT that designates a conditional access method in units of assets
  • FIG. 8B shows an example of MPT that designates a conditional access method in units of programs.
  • the MPT generation unit 20 sets table identification indicating a unique value for identifying table information, version, data length, and various types of information according to the number of assets (N). Then, MPT is generated. Specifically, asset identification, asset location information, and an access control descriptor are set in the MPT for each asset.
  • Asset identification is a unique ID (asset ID) for individually identifying assets.
  • assert location information is information indicating the location of the asset, and may be information including an acquisition destination address and a port, for example, according to the type (IPv4, IPv6, URL, etc.). It may be information indicating the previous packet ID.
  • access control descriptor is a descriptor in which information specifying the conditional access method is set, and includes conditional access method identification, ECM location information, and the like.
  • the “restricted reception system identification” refers to, for example, a plurality of conditional access systems such as CAS (Conditional Access System) for realizing pay broadcasting and RMP (Rights Management and Protection) for realizing broadcasting specialized for content protection. Information for identifying one of them.
  • CAS Consumer Access System
  • RMP Lights Management and Protection
  • the “ECM location information” is information indicating the location of the ECM, for example, the IP address and port (port number) of the placement destination, the packet ID, and the like.
  • ECM location information When the ECM is arranged in a server or the like on the network, an IP address and a port (port number) are set in “ECM location information”.
  • ECM location information When the ECM is transmitted as an MMT control message, the packet ID of the MMT is set in “ECM location information”. In this way, by specifying a limited reception method for each asset, it is possible to perform limited reception on an asset basis.
  • conditional reception is performed in units of programs. It can be performed.
  • the various types of information in FIG. 8B are the same as those in FIG. Note that the MPT generating unit 20 generates various information set in the MPT from the outside as appropriate or based on the setting information stored in the inside. Returning to FIG. 5, the description of the configuration of the transmission device 1 will be continued.
  • the CAT generation means (limited reception table generation means) 21 generates a limited reception table (CAT) in which information for performing limited reception is described.
  • the CAT generation unit 21 includes an access control descriptor (location information) that includes an arrangement location (location information) for specifying the location of individual key information (EMM) for each management unit of a predetermined receiving apparatus for limited reception of a program. Or the conditional access system descriptor) is described as table information.
  • the CAT generating unit 21 sets a table identification indicating a unique value for identifying table information, a version, a data length, and an access control descriptor, and generates a CAT.
  • This access control descriptor is the same as that described with reference to FIG. 8 except that the location information indicates the location of the ECM or the location of the EMM.
  • the CAT generation unit 21 generates various information to be set in the CAT appropriately from the outside or based on the setting information stored in the inside. Returning to FIG. 5, the description of the configuration of the transmission device 1 will be continued.
  • the key information generation unit 22 generates a scramble key for scrambling the content, and as common key information (ECM) common to the reception device and predetermined reception as key information for extracting the scramble key in the reception device 3.
  • ECM common key information
  • Individual key information (EMM) is generated for each management unit of the apparatus.
  • the key information generation unit 22 includes a scramble key generation unit 220, a work key generation unit 221, an ECM generation unit 222, a master key storage unit 223, and an EMM generation unit 224.
  • the scramble key generation means 220 generates a key (scramble key Ks) for scrambling the content.
  • the scramble key generation unit 220 generates a scramble key Ks by generating a random number at a predetermined time interval (for example, about once every several seconds). Then, the scramble key generation unit 220 outputs the generated scramble key Ks to the ECM generation unit 222. Note that the scramble key generation means 220 generates a scramble key at the present time and a scramble key to be used next as a scramble key Ks as a pair of an odd key and an even key.
  • the scramble key generation means 220 outputs information for identifying an encryption key for identifying whether the scramble key Ks currently output to the scramble means 16 is an odd key or an even key to the packet reconstruction means 17. To do.
  • the work key generation unit 221 generates a key (work key Kw) for encrypting the scramble key Ks.
  • the work key generation unit 221 generates a work key Kw by generating a random number at a predetermined time interval (for example, about one month) with a longer update time than the scramble key Ks.
  • the work key generation unit 221 then generates the generated work key Kw and key information (work key identification) such as an ID for identifying the generated work key Kw, the ECM generation unit 222, the EMM generation unit 224, Output to.
  • the work key generation unit 221 may generate a current work key and a work key to be used next as a work key Kw as a pair of an odd key and an even key.
  • the ECM generating means 222 encrypts the scramble key Ks with the work key Kw, and generates common key information (ECM) that is key information common to the receiving device 3 including the encrypted scramble key Ks.
  • ECM generation unit 222 encrypts one or more scramble key Ks pairs (odd key, even key) generated by the scramble key generation unit 220 with the work key Kw and key information of the corresponding work key Kw. (Work key identification) is arranged, and an ECM is generated with a data structure as shown in FIG.
  • the other information “protocol number”, “business entity identification”, and “time information” shown in FIG. 11 are the same information as the ECM information defined in STIB-B25 of ARIB. Since there is no direct relationship with the present invention, the description is omitted here. Then, the ECM generation unit 222 outputs the generated ECM to the control message generation unit 12.
  • the master key storage unit 223 is an encryption key for encrypting the work key Kw generated by the work key generation unit 221 and stores a unique key (master key Km) previously assigned to each receiving device 3. To do.
  • the master key storage unit 223 can be configured by a storage medium such as a general semiconductor memory.
  • the EMM generation unit 224 encrypts the work key Kw with the master key Km of the receiving device 3 and generates individual key information (EMM) that is key information of the receiving device 3 including the encrypted work key Kw. Is.
  • the EMM generation unit 224 encrypts the work key Kw pair (odd key, even key) generated by the work key generation unit 221 with the master key Km, and generates an EMM with a data structure as shown in FIG. .
  • the other information “device identification”, “byte length of related information”, “protocol number”, “business entity identification”, and “update number” shown in FIG. 12 are defined by ARIB STD-B25. The information is the same as the information of the EMM, and is not directly related to the present invention, so the description thereof is omitted here. Then, the EMM generation unit 224 outputs the generated EMM to the control message generation unit 12.
  • the encryption key for encrypting the work key Kw is an individual key for each management unit of the receiving device 3 that is determined in advance.
  • the EMM generation unit 224 uses the management unit for each receiving device 3 and encrypts the work key Kw with the master key that is a key of each receiving device.
  • the work key Kw is encrypted using the device key assigned to the receiving apparatus 3 in advance as the encryption key.
  • the transmission device 1 converts the content into an MMTP packet and then converts it into an IP packet (MMT over IP), and in accordance with a policy, a network layer (IP layer)
  • IP layer a network layer
  • the data of the media transport layer (MMT layer) can be scrambled and transmitted via the broadcast wave W or the communication line N.
  • the transmission apparatus 1 can realize service protection in units of programs and assets. For example, the transmission apparatus 1 can realize a process in which only the sub audio transmitted by broadcasting is charged and only the assets constituting the sub audio are encrypted. Furthermore, the transmission apparatus 1 can simultaneously realize data protection of various data not related to the program. Further, since the transmission device 1 can select a scramble method (encryption method), the calculation load accompanying encryption is reduced or the security strength is increased according to the type of data to be transmitted and security requirements.
  • the scramble can be performed by a scramble method suitable for the content of data to be transmitted.
  • the receiving device 3 receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is.
  • the receiving device 3 includes data receiving means 30, IP packet filtering means 31, MMTP packet filtering means 32, descrambling means 33, control message separating means 34, PLT processing means 35, and CAT processing means. 36, MPT processing means 37, location solving means 38, key information processing means 39, MPU processing means 40, decoding means 41, and data processing means 42.
  • the data receiving means 30 receives broadcast data and communication data transmitted from the transmission device 1.
  • the data receiving unit 30 includes a broadcast receiving unit 300 and a communication receiving unit 301.
  • Broadcast receiving means 300 receives broadcast data transmitted via broadcast wave W.
  • the broadcast receiving means 300 demodulates the modulated broadcast data, extracts IP packets encapsulated in TLV, MPEG2-TS, etc., and outputs them to the IP packet filtering means 31.
  • the communication receiving unit 301 receives an IP packet transmitted as communication data via the communication line N.
  • the communication receiving unit 301 outputs the received IP packet to the IP packet filtering unit 31.
  • the IP packet filtering unit 31 analyzes the header of the IP packet received by the data receiving unit 30 and distributes the packet. Specifically, the IP packet filtering unit 31 refers to an ESP header (see FIG. 7A) added to the IP header to determine whether or not the IP payload area is scrambled. At this time, if the IP payload area is scrambled, the IP packet filtering means 31 descrambles the scramble control information and scramble method identification included in the ESP header, and the IP payload data (scramble data). The data is output to 33 and descrambling is instructed.
  • an ESP header see FIG. 7A
  • the IP packet filtering unit 31 includes the MMTP packet in the IP payload that has not been scrambled and the IP payload that has been descrambled by the descrambling unit 33 depending on the presence or absence of the transport protocol header or MMTP header. It is determined whether or not.
  • the IP packet filtering unit 31 outputs the MMTP packet to the MMTP packet filtering unit 32.
  • the IP packet filtering unit 31 outputs the payload portion of the IP packet to the data processing unit 42.
  • the IP packet filtering unit 31 outputs the control message to the control message separation unit 34 when the IP payload includes a control message without being converted into an MMTP packet.
  • the MMTP packet filtering unit 32 analyzes the header of the MMTP packet filtered by the IP packet filtering unit 31 and performs packet distribution. Specifically, the MMTP packet filtering unit 32 scrambles the MMT payload area (more specifically, the data portion of the area) with the scramble control information (see FIG. 7B) included in the MMTP header. It is determined whether or not it has been done. At this time, if the payload area of the MMT is scrambled, the MMTP packet filtering means 32 descrambles the scramble control information and the scramble method identification included in the MMTP header, and the MMT payload data (scramble data). The data is output to 33 and descrambling is instructed.
  • the MMTP packet filtering unit 32 uses the payload type (not shown) included in the MMTP header to control the unscrambled MMT payload and the MMT payload descrambled by the descrambling unit 33 as control messages. It is determined whether it is an MPU or not.
  • the MMTP packet filtering means 32 outputs the MMT payload to the control message separation means 34. If the MMT payload is an MPU, the MMTP packet filtering unit 32 outputs the MMT payload to the MPU processing unit 40.
  • the MMTP packet filtering unit 32 is instructed to acquire the key information (ECM, EMM), MPT, and asset by the ID (packet ID) of the MMTP packet from the location solution unit 38, and the packet ID is assigned to the packet ID. It is assumed that the ECM, EMM and MPT control messages transmitted in the corresponding MMTP packet are extracted. Further, the MMTP packet filtering unit 32 is transmitted in the MMTP packet corresponding to the packet ID by being instructed by the location solution unit 38 to acquire the MPU constituting the asset by the ID (packet ID) of the MMTP packet. MPU to be extracted. The MMTP packet filtering unit 32 extracts a control message corresponding to a predetermined unique packet ID of the MMTP packet for the PLT and CAT control messages.
  • Descrambling means 33 descrambles the scrambled data.
  • the descrambling means 33 uses the scramble key Ks corresponding to the scramble control information designated by the IP packet filtering means 31 among the scramble keys extracted by the key information processing means 39 to identify the scramble system.
  • the scramble data of the IP packet is descrambled by a designated scramble method.
  • the descrambling means 33 is designated by scrambling method identification using the scramble key Ks corresponding to the scramble control information designated by the MMTP packet filtering means 32 among the scramble keys extracted by the key information processing means 39.
  • the scrambled data of the MMTP packet is descrambled by the scrambled method.
  • the descrambling means 33 outputs the descrambled data to the IP packet filtering means 31 or the MMTP packet filtering means 32 instructing descrambling, respectively.
  • the control message separation means 34 discriminates PLT, MPT, CAT, ECM, EMM, etc. based on the identification information (table ID) included in the control message extracted by the MMTP packet filtering means 32, and extracts them individually. (Separate).
  • the control message separation unit 34 outputs the extracted ECM and EMM to the key information processing unit 39. Further, the control message separation unit 34 outputs the extracted PLT to the PLT processing unit 35, outputs the extracted CAT to the CAT processing unit 36, and outputs the extracted MPT to the MPT processing unit 37.
  • the PLT processing means (package list processing means) 35 performs various processes based on the PLT separated by the control message separation means 34.
  • the PLT processing unit 35 notifies the location resolution unit 38 of location information that is the acquisition destination of the MPT included in the PLT.
  • the CAT processing means (conditional reception table processing means) 36 refers to the access control descriptor (see FIG. 9) or the conditional access method descriptor included in the CAT separated by the control message separation means 34, and The EMM position (location information) to be acquired is notified to the location solution means 38.
  • the conditional access system identification described in the access control descriptor (see FIG. 9) or the conditional access system descriptor and the receiving apparatus 3 stored in the storage means (not shown) are contracted in advance.
  • the location solution means 38 is notified of the location information of the EMM described in the access control descriptor or the conditional access system descriptor that matches the conditional access system identification (CAS, RMP, etc.) set by
  • the MPT processing means (MMT package table processing means) 37 performs various processes based on the MPT separated by the control message separation means 34.
  • the MPT processing unit 37 refers to the access control descriptor (see FIG. 8) or the conditional access method descriptor included in the MPT, and determines the ECM position (location information) from which the ECM is acquired as a location.
  • the solution means 38 is notified.
  • This MPT processing means 37 is preliminarily contracted with the reception apparatus 3 stored in the storage means (not shown) and the conditional access system identification described in the access control descriptor (see FIG. 8) or the conditional access system descriptor.
  • the location solution means 38 is notified of the location information of the ECM described in the access control descriptor or the conditional access system descriptor that matches the conditional access system identification (CAS, RMP, etc.) set by Further, the MPT processing unit 37 notifies the location solution unit 38 of the asset position (location information) that is the acquisition destination of the asset included in the MPT.
  • the location solution unit 38 controls acquisition of control messages and MPUs based on the location information notified from the PLT processing unit 35, the CAT processing unit 36, and the MPT processing unit 37. That is, the location resolution unit 38 corresponds to the MPT packet ID notified from the PLT processing unit 35, the EMM packet ID notified from the CAT processing unit 36, and the ECM or asset packet ID acquired from the MPT processing unit 37.
  • the MMTP packet filtering means 32 is instructed to extract a packet to be extracted. If the location information is location information on the network (transmission destination address, transmission destination port (port number)), the location resolution means 38 sends the designated MMTP packet via the communication control means (not shown). get. Then, the location solution unit 38 outputs the MMTP packet acquired through the communication control unit to the MMTP packet filtering unit 32.
  • the key information processing unit 39 extracts a scramble key for descrambling content from the ECM and EMM separated by the control message separation unit 34.
  • the configuration of the key information processing means 39 will be described with reference to FIG. 14 (refer to FIG. 13 as appropriate).
  • the key information processing unit 39 includes a master key storage unit 390, an EMM processing unit 391, and an ECM processing unit 392.
  • the master key storage unit 390 stores a unique encryption key (master key Km or device key) assigned to each receiving device 3 in advance.
  • the master key storage unit 390 can be configured by a storage medium such as a general semiconductor memory.
  • the EMM processing unit 391 decrypts the EMM with the master key Km stored in the master key storage unit 390 and acquires the work key Kw.
  • the EMM processing means 391 outputs the decrypted work key Kw to the ECM processing means 392.
  • the ECM processing unit 392 decrypts the ECM with the work key Kw decrypted by the EMM processing unit 391 and acquires the scramble key Ks.
  • the ECM processing unit 392 outputs the decrypted scramble key Ks to the descrambling unit 33. Returning to FIG. 13, the description of the configuration of the receiving device 3 will be continued.
  • the MPU processing means 40 outputs to the decoding means 41 a set of MPUs having the same asset ID described in the MPU header extracted by the MMTP packet filtering means 32 as a unit. That is, the MPU processing unit 40 outputs the MFU included in the MPU having the same asset ID to the decoding unit 41 in units of assets.
  • the decoding unit 41 decodes the asset unit MPU (MFU) output from the MPU processing unit 40 in units of MFU. For example, if the MPU is video data, the decoding means 41 is H.264. If the MPU is audio data, decoding is performed using MPEG4 AAC. The decoded data is output to the outside (display device, speaker, etc.) as reproduced content.
  • MFU asset unit MPU
  • the data processing unit 42 acquires an IP packet that does not include the MMT from the IP packet filtering unit 31 and processes a predetermined IP packet.
  • the process performed by the data processing unit 42 is, for example, a process for obtaining a file necessary for the firmware update engineering service of the receiving device 3 using an IP packet and updating the firmware.
  • the receiving device 3 receives the scrambled IP packet to the network layer (IP layer) or the media transport layer (MMT layer), and The layer data can be descrambled.
  • IP layer network layer
  • MMT layer media transport layer
  • conditional access system ⁇ Operation of conditional access system
  • the control message and content are transmitted and received serially.
  • the control message is transmitted and received at a sequentially generated timing. Not too long.
  • the policy storage means 15 stores conditions (policy) for scrambling in advance as shown in FIG.
  • the transmission device 1 when realizing limited reception of content, the transmission device 1 generates MPT and CAT including the position information of the key information (ECM and EMM) by the MPT generation unit 20 and the CAT generation unit 21, and controls the control message.
  • a control message is generated by the generation means 12 (step S10).
  • the transmitting apparatus 1 uses the MPT generating means 20 to place the key information (ECM) common to the receiving apparatus together with the information for specifying the elements (assets) constituting the package (program) as shown in FIG.
  • An MPT is generated by describing an access control descriptor or a conditional access system descriptor including. Further, as shown in FIG. 9, the transmitting device 1 describes an access control descriptor or a conditional access method descriptor including an arrangement location of individual key information (EMM) of the receiving device by the CAT generating unit 21. , CAT is generated. Then, the transmission apparatus 1 generates a control message by adding unique identification information by the control message generation unit 12 at the timing when the MPT or CAT is generated or at an arbitrarily specified timing.
  • the transmission apparatus 1 generates common key information (ECM) and individual key information (EMM) as key information for extracting the scramble key in the reception apparatus 3 by the key information generation unit 22, and generates a control message.
  • ECM common key information
  • EMM individual key information
  • the control message is generated by adding unique identification information by means 12 (step S11).
  • the transmitting apparatus 1 generates a PLT in which the list of MPTs is described by the PLT generation unit 19, and generates a control message by adding unique identification information by the control message generation unit 12 (step S12).
  • the transmission device 1 converts the input content and the control message generated in steps S10 to S12 into an MMTP packet (step S13). That is, the transmission apparatus 1 encodes (encodes) the content by the encoding unit 10, and converts the data encoded by the encoding unit 10 by the MPU generation unit 11 into a media processing unit (MPU) that is a data processing unit in MMT. ). Then, the transmitting apparatus 1 encapsulates the MPU and the control message generated in steps S10 to S12 into the MMTP packet by the MMTP packet constituting unit 13.
  • MPU media processing unit
  • the transmission apparatus 1 adds the headers of the transport layer (TCP / UDP) and the network layer (IP) to the MMTP packet generated in step S13 by the IP packet composing unit 14 to form an IP packet ( Step S14). Then, the transmitter 1 determines whether the contents of the TCP / UDP header and the IP header match the policy stored in the policy storage unit 15 by the scramble unit 16 (step S15).
  • TCP / UDP transport layer
  • IP network layer
  • the transmitting apparatus 1 further determines whether the scramble target specified by the policy is an IP by the scramble means 16 (step S16). .
  • the transmitting apparatus 1 scrambles the IP payload by the scramble method defined by the policy by the scramble means 16 (step S17).
  • the transmission apparatus 1 adds the ESP header to the IP header by the packet reconstructing unit 17 and uses the scramble control information indicating the scramble control information and the scramble system identification for identifying the scramble system as the scramble information.
  • the ESP header is set (step S18). At this time, the scramble control information and the scramble method identification may be combined and assigned to one identifier and set in the ESP header using the identifier.
  • the transmitting apparatus 1 further determines whether or not the scramble target specified by the policy is MMT by the scramble means 16 (step S19).
  • the transmitting apparatus 1 uses the scramble means 16 to scramble the MMTP payload area (more specifically, the data portion of the area) defined by the policy.
  • the scramble method is used (step S20).
  • the transmitting apparatus 1 sets the scramble control information indicating the presence / absence of scramble and the scramble system identification for identifying the scramble system as scramble information in the MMTP header by the packet reconstruction unit 17 (step S21). .
  • the transmission apparatus 1 uses the data transmission means 18 to change the IP packet scrambled in the IP layer in step S18, the IP packet scrambled in the MMT layer in step S21, or the contents of the header in steps S15 and S19.
  • the IP packet that does not match and is not scrambled is transmitted to the receiving device 3 by broadcast or communication (step S22).
  • the transmission device 1 can perform individual scrambling on each data of the IP layer and the MMT layer.
  • the receiving device 3 receives the data via the data receiving means 30, and separates the PLT from the extracted control message via the IP packet filtering means 31 and the MMTP packet filtering means 32 by the control message separating means 34. (Step S30). Similarly, the receiving device 3 separates MPT and CAT by the control message separation unit 34 (step S31).
  • the receiving device 3 extracts the position information (location information) of the key information (ECM, EMM) by the MPT processing unit 37 and the CAT processing unit 36 (step S32). That is, the receiving apparatus 3 extracts ECM position information from the MPT by the MPT processing unit 37. Further, the receiving device 3 extracts the EMM position information from the CAT by the CAT processing means 36.
  • the receiving device 3 filters the control message corresponding to the position information (packet ID) of the key information extracted in step S32 by the MMTP packet filtering unit 32 according to the instruction of the location solution unit 38, and the control message separation unit 34 separates ECM and EMM (step S33). Then, the receiving device 3 extracts the scramble key for descrambling the content from the ECM and EMM separated in step S33 by the key information processing means 39 (step S34).
  • the receiving device 3 When receiving the IP packet via the data receiving means 30, the receiving device 3 is set by the IP packet filtering means 31 to the ESP header added to the IP header (see FIG. 7A). It is determined whether or not the IP payload area is scrambled based on the scramble control information (step S35). Here, when the IP payload is scrambled (Yes in step S35), the receiving device 3 uses the scramble key Ks associated with the scramble control information by the descrambling means 33 to scramble the scramble set in the ESP header. The descrambling is performed by the method (step S36). If the IP payload is not scrambled (No in step S35), the receiving device 3 advances the operation to step S37.
  • the receiving device 3 uses the scramble control information set in the MMTP header (see FIG. 7B) by the MMTP packet filtering unit 32, and uses the MMT payload area (more specifically, the data portion of the area). Is scrambled (step S37).
  • the receiving apparatus 3 is set in the MMTP header by the descrambling means 33 with the scramble key Ks associated with the scramble control information.
  • the descrambling is performed by the scramble method (step S38). If the MMTP payload area is not scrambled (No in step S37), the reception device 3 advances the operation to step S39.
  • the receiving device 3 acquires the MPU constituting the asset from the MMTP packet filtering unit 32 by the MPU processing unit 40 for each asset, and decodes the content by the decoding unit 41 (step S39).
  • the receiving apparatus 3 can descramble the individually scrambled data for the IP layer and the MMT layer.
  • the configuration and operation of the conditional access system S, the transmission device 1, and the reception device 3 according to the first embodiment of the present invention have been described above, but the present invention can be implemented with various modifications.
  • Modification 1 For example, here, an example has been described in which the transmission device 1 sets a scramble method in the policy storage unit 15 and selects one from a plurality of scramble methods. However, this scrambling method may use one predetermined scrambling method. In this case, the “scramble method” is omitted from the policy stored in the policy storage unit 15 of the transmission device 1. The scramble means 16 scrambles with a predetermined scramble method. At this time, the packet reconfiguration unit 17 does not set “scramble method identification” in the information set in each header shown in FIG.
  • the descrambling means 33 performs descrambling in a predetermined scrambling method without referring to the “scramble method identification” of the header in the IP packet filtering means 31 or the MMTP packet filtering means 32. Good.
  • Modification 2 Also, here, the scrambling method identification is set in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header). It is good also as setting with a layer. For example, a scramble scheme descriptor is added to MPT as shown in FIG. 17, or a scramble scheme descriptor is added to CAT as shown in FIG.
  • This “scramble system descriptor” is a descriptor in which information related to scramble is set, and includes, for example, layer identification, scramble system identification, and the like.
  • layer identification is information indicating which layer of IP or MMT is to be scrambled.
  • the “scramble method identification” is information for identifying the scramble method (encryption method).
  • This scramble method descriptor may be set for each asset as shown in FIG. 17 (a), or as shown in FIG. 17 (b). It may be set for each package by setting it at the top of the information. Further, the scramble method descriptor may be set in the CAT as shown in FIG.
  • MPT generation means 20 and CAT generation means 21 may be operated as follows in transmission apparatus 1 in FIG.
  • the MPT generation means 20 refers to the policy storage means 15, and if the network layer (IP) or the media transport layer (MMT) is a scramble target and the scramble system is set, the MPT scramble system Set the descriptor.
  • IP network layer
  • MMT media transport layer
  • the MPT generation unit 20 sets a scramble method descriptor for each asset as shown in FIG. To do. If no scramble method is set for each asset ID in the policy storage unit 15, the MPT generation unit 20 sets a scramble method descriptor for each package as shown in FIG. .
  • the CAT generation means 21 scramble method descriptor in the CAT as shown in FIG. Set.
  • the reception device 3 is specified by the scramble method descriptor.
  • the contents may be notified to the IP packet filtering means 31 and the MMTP packet filtering means 32.
  • the conditional access system according to the second embodiment further has a function of updating the initial value used in the scrambled cipher usage mode with respect to the conditional access system S described in FIG.
  • the transmission device 1 and the reception device 3 of the conditional access system S described in FIG. 1 are changed to the transmission device 1B (FIG. 23) and the reception device 3B (FIG. 25), respectively. Replace and configure.
  • the cipher usage mode (Block cipher modes of operation) is a method of encrypting data longer than the block length using a common key block cipher.
  • This cipher usage mode includes, for example, a CBC (Cipher Block Chaining) mode shown in FIG. 19, a CFB (Cipher Feed Back) mode shown in FIG. 20, an OFB (Output Feed Back) mode shown in FIG. 21, and a CTR ( Counter) mode.
  • the result of encrypting the previous plaintext block and the next plaintext block are subjected to an XOR (exclusive OR) operation, and the result is converted to the encryption key key (the scramble key of the present invention).
  • the operation for generating the next cipher block is sequentially performed by the number of plaintext blocks.
  • an initial vector IV: Initial Vector
  • an initial vector given from the outside is used as a value to be XORed with the first plaintext block.
  • the result of encrypting the encryption block corresponding to the previous plaintext block with the encryption key “key” and the next plaintext block are XORed to obtain the encryption corresponding to the next plaintext block.
  • the operation of generating blocks is sequentially performed for the number of plaintext blocks.
  • an initial vector given from the outside is encrypted with the encryption key key as a value to be XORed with the first plaintext block.
  • a cipher block is generated by XORing the result obtained by encrypting the initial vector given from the outside with the cipher key key and the plaintext block, and first encrypted with the cipher key key.
  • the operation of generating the next cipher block by XORing the result and the next plaintext block is sequentially performed by the number of plaintext blocks.
  • the result of encrypting the counter initial value given from the outside with the encryption key key and the plaintext block are XORed to generate a cipher block.
  • an encrypted block is generated by performing an XOR operation with a result obtained by sequentially incrementing (+1) the initial counter value with the encryption key key.
  • the initial vector used in the CBC mode or the CFB mode is unpredictable from the viewpoint of safety.
  • the scramble means 16 (FIG. 5) and the descramble means 33 (FIG. 13) described in the first embodiment when the encryption use mode is used as the scramble method (encryption method), the initial vector and the counter initial value are set. This is a predetermined fixed value.
  • an initial vector and a counter initial value (hereinafter referred to as an initial value) can be set at an arbitrary timing when an encryption usage mode is used to scramble content. It will be updated at.
  • the transmitting device 1B and the receiving device 3B that can update the initial value of the encryption usage mode will be sequentially described.
  • the transmission apparatus 1B performs processing of appropriately scrambling the MMT layer and the IP layer when the content is converted into an MMTP packet and then transmitted as an IP packet. Further, the transmitter 1B has a function of updating the initial value used in the encryption usage mode at an arbitrary timing when scrambling is performed.
  • the transmission apparatus 1B includes an encoding unit 10, an MPU generation unit 11, a control message generation unit 12, an MMTP packet configuration unit 13, an IP packet configuration unit 14, a policy storage unit 15, and a scramble unit 16B.
  • the scramble means 16B refers to the policy stored in the policy storage means 15 for the IP packet generated by the IP packet construction means 14, determines the scramble target, and scrambles the target. And it has the same function as the scramble means 16 described in FIG.
  • the scrambler 16B uses the initial value generated by the initial value generator 23 as the initial value of the encryption usage mode when performing the scramble. Note that the scrambler 16B does not necessarily use all of the initial value, and may be a part of a predetermined initial value.
  • the scrambler 16B updates the initial value to be used at the timing when the initial value is notified from the initial value generator 23.
  • the packet reconstruction unit (header setting unit) 17B adds a header to the payload area scrambled by the scramble unit 16B to reconstruct the IP packet, and is the same as the packet reconstruction unit 17 described with reference to FIG. It has a function.
  • the packet reconstructing means 17B has a function of embedding initial value information notified from the initial value generating means 23 in the header of the payload area scrambled by the scramble means 16B. Specifically, as shown in FIG. 24A, when the scramble target is IP, the packet reconstructing unit 17B inserts an ESP header between the IP header and the TCP / UDP header, and the ESP header Embedded with scramble control information, scramble method identification, and initial value information. “Scramble control information” and “scramble method identification” are the same information as in FIG. The “initial value information” may be information that identifies which initial value is used among the initial values themselves or some initial values prepared in advance.
  • the initial value information is used as the initial value identification information or the seed for generating the initial value, information for associating the initial value with the initial value identification information and information for specifying the initial value generation algorithm are separately controlled. It shall be specified by a message.
  • the packet reconstructing unit 17B sets various information related to scramble in the MMTP header. Specifically, as shown in FIG. 24B, the packet reconstruction unit 17B embeds scramble control information, scramble method identification, and initial value information in the MMTP header. Note that these embedded data are the same as the data described with reference to FIG. 24A, and only the scramble target is different, and therefore description thereof is omitted.
  • the initial value generator 23 generates an initial value of a scrambled cipher use mode performed in the scrambler 16B.
  • the initial value generating means 23 generates an initial value at a constant period or at a timing instructed from the outside. For example, the initial value generating unit 23 generates an initial value using a random number. Then, the initial value generator 23 outputs the generated initial value to the scrambler 16B, and outputs the initial value information to the packet reconstructor 17B. Further, when the initial value information is used as the initial value identification information, the initial value generation unit 23 outputs information in which the initial value and the initial value identification information are associated with each other to the control message generation unit 12, and the control message generation unit 12 generates a control message.
  • the transmission apparatus 1B can scramble the content and data to the network layer (IP layer) and the media transport layer (MMT layer) according to the policy.
  • IP layer network layer
  • MMT layer media transport layer
  • the initial value of the encryption usage mode can be updated as appropriate, so that the safety of data transmitted by broadcasting or communication can be improved.
  • the receiving device 3B receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is.
  • the receiving device 3B has a function of performing descrambling in the encryption usage mode using the initial value (initial vector or counter initial value) updated by the transmitting device 1B.
  • the receiving device 3B includes data receiving means 30, IP packet filtering means 31B, MMTP packet filtering means 32B, descrambling means 33B, control message separation means 34, PLT processing means 35, and CAT processing means. 36, MPT processing means 37, location solving means 38, key information processing means 39, MPU processing means 40, decoding means 41, and data processing means 42. Since the configuration other than the IP packet filtering unit 31B, the MMTP packet filtering unit 32B, and the descrambling unit 33B is the same as that of the receiving apparatus 3 described with reference to FIG.
  • the IP packet filtering unit 31B analyzes the header of the IP packet received by the data receiving unit 30 and distributes the packet, and has the same function as the IP packet filtering unit 31 described with reference to FIG.
  • the IP packet filtering unit 31B determines that the initial value of the encryption usage mode is set based on the initial value information (see FIG. 24A) of the ESP header added to the IP header, the EPS header Has a function of notifying the descrambling means 33B of the initial value information added to.
  • the IP packet filtering unit 31B can notify the descrambling unit 33B that the IP payload is scrambled using the initial value of the encryption usage mode specified by the initial value information.
  • the MMTP packet filtering unit 32B analyzes the header of the MMTP packet filtered by the IP packet filtering unit 31 and distributes the packet, and has the same function as the MMTP packet filtering unit 32 described with reference to FIG.
  • the MMTP packet filtering unit 32B determines that the initial value of the encryption usage mode is set based on the initial value information of the MMTP header (see FIG. 24B), the initial value added to the MMTP header. It has a function of notifying information to the descrambling means 33B. As a result, the MMTP packet filtering means 32B uses the initial value of the encryption usage mode specified by the initial value information to confirm that the MMT payload area (more specifically, the data portion of the area) is scrambled. The descrambling means 33B can be notified.
  • the descrambling means 33B descrambles the scrambled data, and has the same function as the descrambling means 33 described with reference to FIG. Further, when the initial value is notified as the initial value information from the IP packet filtering unit 31B or the MMTP packet filtering unit 32B, the descrambling unit 33B performs descrambling using the notified initial value. Thereby, the descrambling means 33B can correctly perform descrambling using the same initial value as the initial value of the encryption usage mode used in the scramble means 16B (see FIG. 23) of the transmitting apparatus 1.
  • the descrambling unit 33B acquires the information from the control message separation unit 34, Descrambling is performed using a predetermined initial value corresponding to the identification information or an initial value generated by a predetermined generation algorithm. Further, the descrambling means 33B does not necessarily use all of the initial value, and may be a part of the predetermined initial value. In this case, which part of the initial value is used is known information with the scrambler.
  • the receiving device 3B acquires the initial value as control information when the transmitting device 1B performs scrambling by updating the initial value of the encryption usage mode. Can be descrambled. As a result, the receiving device 3B can update the initial value of the encryption usage mode as appropriate, so that the safety of data transmitted by broadcasting or communication can be improved.
  • each structure of the transmitter 1B and the receiver 3B which comprise the conditional access system which concerns on 2nd Embodiment of this invention was demonstrated.
  • the basic operation of the conditional access system according to the second embodiment is the same as the operation of the conditional access system according to the first embodiment described with reference to FIGS. 15 and 16.
  • the initial value of the encryption usage mode is transmitted, and information for identifying the initial value is set in the headers of the IP layer and the MMT layer. Since it is only different from the system, detailed description is omitted here.
  • the initial value information is set in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header).
  • This information will be described in (Modification 2) of the first embodiment. As described above, it may be set in a higher layer without setting in individual packets. In this case, the MPT shown in FIG. 17 or the CAT scramble system descriptor shown in FIG. 18 may be replaced with the scramble system descriptor shown in FIG. In FIG. 26A, initial value information is newly added to the scramble method descriptors of FIGS.
  • the receiving device 3B when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the scramble system descriptor is set in the CAT or MPT, the content specified by the scramble system descriptor (the scramble target) Scramble method identification, initial value information, etc.) may be notified to the IP packet filtering means 31B and the MMTP packet filtering means 32B.
  • the transmission device 1B may use one predetermined scramble method.
  • the scramble method descriptor may omit the scramble method identification from FIG. 26 (a).
  • the conditional access system according to the third embodiment further has a falsification detection function for IP layer and MMT layer data in addition to the conditional access system S described in FIG.
  • the transmission device 1 and the reception device 3 of the conditional access system S described in FIG. 1 are changed to the transmission device 1C (FIG. 27) and the reception device 3C (FIG. 31), respectively. Replace and configure.
  • the transmission device 1C performs processing of appropriately scrambling the MMT layer and the IP layer when the content is converted into an MMTP packet and then transmitted as an IP packet.
  • the transmitting apparatus 1C has a function of adding authentication data (message authentication data) to the MMT layer and the IP layer.
  • the transmitting apparatus 1C includes an encoding unit 10, an MPU generation unit 11, a control message generation unit 12, an MMTP packet configuration unit 13, an IP packet configuration unit 14, a policy storage unit 15C, and a scramble unit 16.
  • the policy storage unit 15C stores conditions (policy) for performing scrambling for two different layers of the IP layer and the MMT layer.
  • the policy storage unit 15C stores the same information as the policy storage unit 15 described in FIG. Remember.
  • the policy storage unit 15C stores an authentication method (message authentication method) in addition to the scramble condition.
  • the message authentication method is referred to by the packet reconfiguration unit 17C, and the object of the message authentication data and the message authentication method are determined.
  • “Scramble authentication target” indicates an area to be scrambled / message authenticated on an IP packet.
  • a scramble / message authentication target whether scramble / message authentication is performed at the network layer level (IP) or scramble / message authentication is performed at the media transport layer level (MMT) is shown.
  • IP network layer level
  • MMT media transport layer level
  • MMT scramble authentication condition indicates detailed conditions for which scramble / message authentication is further targeted when the scramble / message authentication target is the media transport layer. That is, if this “MMT scramble authentication condition” is set, the MMT becomes a scramble / message authentication target in units of assets.
  • Message authentication method indicates the type of message authentication method used when message authentication data is assigned to the IP layer or MMT layer.
  • a general message authentication method may be set. For example, HMAC-SHA-1 (Keyed Hashing for Message Authentication Code-SHA-1), HMAC-SHA-256, etc. that perform message authentication using a common key (authentication key).
  • HMAC-SHA-1 Keyed Hashing for Message Authentication Code-SHA-1
  • HMAC-SHA-256 HMAC-SHA-256
  • authentication key a common key
  • the UDP IP packet transmitted by “3300” as the transmission destination port and “3000” as the transmission source port includes the payload data of the IP layer as a message.
  • message authentication data is given by HMAC-SHA-1 as an authentication target.
  • the scramble target and the message authentication target are the same target here, they may be different targets. For example, the scramble target is set to the IP layer and the message authentication target is set to the MMT layer.
  • the packet reconstruction means (header setting means) 17C adds a header to the payload area scrambled by the scramble means 16 to reconstruct the IP packet. Further, the packet reconfiguration unit 17C refers to the policy stored in the policy storage unit 15, and the IP version, transmission destination address, transmission source address, transmission destination port, transmission source port set in the IP packet. The message authentication target and the message authentication method are specified according to the transport layer protocol, and the information is set in the header. That is, the packet reconstructing unit 17C extends the ESP (Encapsulated Security Payload) header used in general IPsec (Security Architecture for IP) when the scramble target or the authentication target is IP. Set information related to scramble and information related to message authentication.
  • ESP Encapsulated Security Payload
  • the packet reconstruction unit 17C inserts an ESP header between the IP header and the TCP / UDP header, and scramble control information and a scramble system in the ESP header. Embedding identification, message authentication control information, and message authentication method identification.
  • “Scramble control information” and “scramble method identification” are the same information as in FIG. “Message authentication control information (message authentication control bit)” indicates whether or not to add message authentication data. Moreover, you may point the information which identifies an authentication key. “Message authentication method identification” indicates information for identifying a message authentication method for authenticating an IP.
  • the packet reconfiguration unit 17C sets various information related to message authentication in the MMTP header. Specifically, as shown in FIG. 29B, the packet reconstructing unit 17C embeds scramble control information, scramble method identification, message authentication control information, and message authentication method identification in the MMTP header. These embedded data are the same as the data described with reference to FIG. 29A, and only the scramble target is different.
  • the packet reconstructing means 17C displays both the ESP header and the MMTP header in FIGS. 29 (a) and 29 (b). Embed the same data as.
  • the packet reconstructing unit 17C sets the information related to scramble and the information related to message authentication in the header, but the unique identifier that associates the information related to scramble and the information related to message authentication. The specific contents may be indicated by setting in the header.
  • the key information generation unit 22C generates a scramble key for scrambling the content, and as key information for extracting the scramble key in the reception device 3C, common key information (ECM) common to the reception device and individual reception device Individual key information (EMM) is generated. Furthermore, the key information generation unit 22C also manages an authentication key that is a key used when providing message authentication data by a predetermined message authentication method.
  • the message authentication data is generated using the authentication key for the following reason. That is, when authentication is performed using only the hash function (message digest), tampering cannot be detected when data is tampered in the middle of transmission and new authentication data is added using the same hash function. Therefore, in the present invention, message authentication data is generated using an authentication key in order to prevent an intermediate attack in consideration of transmission by communication.
  • the key information generation unit 22C includes a scramble key generation unit 220, a work key generation unit 221, an ECM generation unit 222, a master key storage unit 223, an EMM generation unit 224, and an authentication key management. Means 225. Since the configuration other than the authentication key management unit 225 is the same as that of the key information generation unit 22 described with reference to FIG.
  • the authentication key management means 225 manages (stores) authentication keys in advance.
  • the authentication key management unit 225 notifies the message authentication data providing unit 24 of the authentication key Ka when requested by the message authentication data providing unit 24. Further, when managing a plurality of authentication keys, the authentication key management unit 225 responds with an authentication key Ka associated with the identification information when a request including the key identification information is received from the message authentication data providing unit 24. I decided to. Returning to FIG. 27, the description of the configuration of the transmitting apparatus 1C will be continued.
  • the message authentication data giving means (authentication data giving means) 24 gives message authentication data to the IP layer and / or the MMT layer for the IP packet whose information is set in each header by the packet reconstruction means 17C. is there.
  • the message authentication data giving means 24 refers to the message authentication control information set in the header of each layer (IP layer, MMT layer), and when information for adding message authentication data is set, Message authentication data is assigned to each layer.
  • the message authentication data adding unit 24 uses the authentication key Ka managed by the authentication key management unit 225 (see FIG. 30) of the key information generation unit 22C and uses the message authentication method set in the header of each layer. Generate message authentication data.
  • the message authentication control information set in the header of each layer includes key identification information
  • the message authentication data adding unit 24 uses the authentication key Ka corresponding to the identification information to authenticate the message. Generate data.
  • the message authentication data adding unit 24 applies message authentication data (IP) to data after the ESP header added after the IP header, as shown in FIG. Message authentication data). Further, when the MMT layer is set as the authentication range, the message authentication data adding unit 24 adds message authentication data (MMT message authentication data) to data after the MMTP header, as shown in FIG.
  • IP message authentication data
  • MMT message authentication data message authentication data
  • the message authentication data providing unit 24 first assigns message authentication data to the MMT layer as shown in FIG. 29 (c). The message authentication data for the IP layer is assigned. Thus, it goes without saying that the message authentication data adding unit 24 updates the packet length in the IP header when the message authentication data is added.
  • the transmission device 1C scrambles content and data to the network layer (IP layer) and the media transport layer (MMT layer) according to the policy. And message authentication data can be attached. As a result, the transmission device 1 ⁇ / b> C can detect falsification of content or data in the reception device.
  • IP layer network layer
  • MMT layer media transport layer
  • the receiving device 3C receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is.
  • the receiving device 3C has a function of detecting falsification of data for performing data authentication of the layer to which the message authentication data is given by the transmitting device 1C.
  • the receiving apparatus 3C includes a data receiving unit 30, an IP packet filtering unit 31C, an MMTP packet filtering unit 32C, a descrambling unit 33, a control message separation unit 34, a PLT processing unit 35, and a CAT processing unit. 36, MPT processing means 37, location solving means 38, key information processing means 39, MPU processing means 40, decoding means 41, data processing means 42, and message authentication means 43.
  • the configuration other than the IP packet filtering unit 31C, the MMTP packet filtering unit 32C, and the message authentication unit 43 is the same as that of the receiving device 3 described with reference to FIG.
  • the IP packet filtering unit 31C analyzes the header of the IP packet received by the data receiving unit 30 and distributes the packet, and has the same function as the IP packet filtering unit 31 described in FIG.
  • the IP packet filtering unit 31C determines that the message authentication data has been given by the message authentication control information (see FIG. 29A) of the ESP header added to the IP header, the message authentication data is The assigned IP packet is subjected to message authentication by the message authentication means 43. At this time, the IP packet filtering unit 31C notifies the message authentication unit 43 of the message authentication method identification (see FIG. 29A) set in the ESP header, so that the same message authentication method as that of the transmission device 1C is used. Message authentication can be performed. When tampering is detected by message authentication, the IP packet filtering unit 31C discards the IP packet.
  • the MMTP packet filtering unit 32C analyzes the header of the MMTP packet filtered by the IP packet filtering unit 31C and distributes the packet, and has the same function as the MMTP packet filtering unit 32 described in FIG.
  • the MMTP packet filtering unit 32C determines that the message authentication data has been assigned in the message authentication control information (see FIG. 29B) of the MMTP header, the MMTP packet filtering unit 32C The message authentication unit 43 authenticates the message. At this time, the MMTP packet filtering unit 32C notifies the message authentication unit 43 of the message authentication method identification (see FIG. 29B) set in the MMTP header, so that the authentication is performed by the same authentication method as that of the transmission device 1C. Can be performed. When falsification is detected by message authentication, the MMTP packet filtering unit 32C discards the IP packet including the MMTP packet.
  • the message authentication means 43 authenticates data to which message authentication data is attached.
  • the message authentication unit 43 uses the authentication key Ka corresponding to the specified message authentication method identification in advance as the message authentication method identification. Is obtained from a storage means (not shown) that stores an authentication key corresponding to, and IP layer or MMT layer message authentication is performed by the instructed message authentication method.
  • the message authentication unit 43 notifies the authentication result to the IP packet filtering unit 31C or the MMTP packet filtering unit 32C that requested the authentication.
  • the receiving device 3C By configuring the receiving device 3C as described above, when the message authentication data is added to the IP layer or the MMT layer in the transmitting device 1C, the receiving device 3C can perform data transmission using the same authentication method as the transmitting device 1C. Authentication can be performed. As a result, the receiving device 3C can detect falsification of data, and thus can improve the safety of data transmitted by broadcasting or communication.
  • the configurations of the transmission device 1C and the reception device 3C constituting the conditional access system according to the third embodiment of the present invention have been described.
  • the basic operation of the conditional access system according to the third embodiment is the same as the operation of the conditional access system according to the first embodiment described with reference to FIGS. 15 and 16.
  • information related to message authentication (message authentication control information, message authentication method identification) is further set in step S18 and step S21 in FIG. Give data.
  • the receiving device 3C authenticates the message authentication data before step S35. Since other operations are basically the same as those of the first embodiment, detailed description thereof is omitted.
  • information related to message authentication is set in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header).
  • ESP header the header of the MMTP packet
  • MMTP header the header of the MMTP packet
  • FIG. 32A shows the presence / absence of message authentication, authentication key identification information (corresponding to message authentication control information), and message authentication method identification with respect to the scramble method descriptors of FIGS. Newly added.
  • the transmission device 1C may use one predetermined scrambling method.
  • the scramble method descriptor may omit the scramble method identification from FIG. 32 (a).
  • the transmitting apparatus 1C of FIG. 27 includes the initial value generating means 23 described in FIG. 23, and the descrambling means 33 of the receiving apparatus 3C of FIG. 31 performs descrambling using the notified initial value. Good.
  • the transmitting apparatus 1C of FIG. 27 includes the initial value generating means 23 described in FIG. 23, and the descrambling means 33 of the receiving apparatus 3C of FIG. 31 performs descrambling using the notified initial value. Good.
  • message authentication messages authentication control information, message authentication method identification
  • initial value information in the header of the IP packet and the header of the MMTP packet ESP header, MMTP header
  • the scramble method descriptor of MPT shown in FIG. 17 or the CAT shown in FIG. 18 may be replaced with the scramble method descriptor shown in FIG.
  • the reception device 3C when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the scramble method descriptor is set in the CAT or MPT, the reception device 3C is specified by the scramble method descriptor.
  • the contents may be notified to the IP packet filtering means 31C and the MMTP packet filtering means 32C.
  • information related to message authentication may be set separately as a descriptor (message authentication method descriptor) different from the scramble method descriptor.
  • This message authentication scheme descriptor can have, for example, the data structure of FIG. Since each data of the message authentication scheme descriptor is the same as the data of FIG. 32, the description is omitted.
  • the transmitting apparatus 1C of FIG. 27 may set the message authentication scheme descriptor shown in FIG. 33 in the MPT (for example, FIG. 17) in the MPT generation means 20. Further, the transmission apparatus 1C may set the message authentication scheme descriptor shown in FIG. 33 in the CAT (for example, FIG. 18) in the CAT generation unit 21. 31 is identified by the message authentication method descriptor when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the message authentication method descriptor is set in the CAT or MPT. The contents (message authentication control information, message authentication method identification, etc.) may be notified to the IP packet filtering means 31C and the MMTP packet filtering means 32C.
  • the transmitting device 1 (1B, 1C) and the receiving device 3 (3B, 3C) in the above-described embodiment may be realized by a computer. That is, the transmission apparatus 1 (1B, 1C) and the reception apparatus 3 (3B, 3C) can each be operated by a program for causing the computer to function as each means described above. In that case, the program may be recorded on a computer-readable recording medium, and the program recorded on the recording medium may be read by the computer system and executed so as to function.
  • the “computer system” includes an OS and hardware such as peripheral devices. Further, this function may be a multitasking OS so that each function can be operated in parallel.
  • the “computer-readable recording medium” refers to a storage device such as a flexible disk, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system.
  • the “computer-readable recording medium” as used herein refers to a dynamic communication for a short time, such as a communication line when transmitting a program via a network such as the Internet or a communication line such as a telephone line. It may include a program that holds a program, and a program that holds a program for a certain time, such as a volatile memory inside a computer system that serves as a server or client in that case. In addition, this program may be for realizing a part of the above-described functions, and may be capable of realizing the above-described functions in combination with a program already recorded in the computer system. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un système de réception limitée apte à protéger à la fois une couche IP et une couche MMT quand un contenu converti en paquets IP par la MMT est distribué. Dans le système de réception limitée (S), un dispositif de transmission (1) est utilisé à embrouiller les données d'une couche IP ou d'une couche MMT et ajouter des informations d'embrouillage à l'en-tête de chaque couche, et un dispositif de réception (3) est utilisé pour détecter la présence ou l'absence d'embrouillage en analysant l'en-tête de chaque couche et en exécutant un désembrouille.
PCT/JP2014/073389 2013-09-06 2014-09-04 Dispositif de transmission, dispositif de réception, système de réception limitée, et procédé de réception limitée Ceased WO2015034020A1 (fr)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
JP2013185269 2013-09-06
JP2013185268 2013-09-06
JP2013-185269 2013-09-06
JP2013-185271 2013-09-06
JP2013-185270 2013-09-06
JP2013185271 2013-09-06
JP2013185270 2013-09-06
JP2013-185268 2013-09-06

Publications (1)

Publication Number Publication Date
WO2015034020A1 true WO2015034020A1 (fr) 2015-03-12

Family

ID=52628483

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/073389 Ceased WO2015034020A1 (fr) 2013-09-06 2014-09-04 Dispositif de transmission, dispositif de réception, système de réception limitée, et procédé de réception limitée

Country Status (1)

Country Link
WO (1) WO2015034020A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016067686A1 (fr) * 2014-10-31 2016-05-06 株式会社 東芝 Système d'émission, dispositif de génération de codes d'authentification de messages, dispositif de réception, procédé de génération de codes d'authentification de messages et procédé de comparaison de codes d'authentification de messages
EP3605538A4 (fr) * 2017-03-24 2020-03-25 Sony Corporation Dispositif de traitement d'informations, support d'enregistrement d'informations, procédé de traitement d'informations, et programme
JPWO2023053621A1 (fr) * 2021-09-30 2023-04-06

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007028474A (ja) * 2005-07-21 2007-02-01 Matsushita Electric Ind Co Ltd 限定受信システムの暗号処理装置
JP2010045469A (ja) * 2008-08-11 2010-02-25 Kddi Corp 放送信号転送装置および放送信号再送信システム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007028474A (ja) * 2005-07-21 2007-02-01 Matsushita Electric Ind Co Ltd 限定受信システムの暗号処理装置
JP2010045469A (ja) * 2008-08-11 2010-02-25 Kddi Corp 放送信号転送装置および放送信号再送信システム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SHUICHI AOKI: "A Study on Implementation of MMT in Next Generation Broadcasting Systems", FIT2013 DAI 12 KAI FORUM ON INFORMATION TECHNOLOGY KOEN RONBUNSHU SEPARATE VOL. 3 SADOKU TSUKI RONBUN·IPPAN RONBUN GAZO NINSHIKI· MEDIA RIKAI GRAPHICS·GAZO HUMAN COMMUNICATION & INTERACTION KYOIKU KOGAKU·FUKUSHI KOGAKU· MULTIMEDIA OYO, FORUM ON, vol. 3, 20 August 2013 (2013-08-20), pages 355 - 356 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016067686A1 (fr) * 2014-10-31 2016-05-06 株式会社 東芝 Système d'émission, dispositif de génération de codes d'authentification de messages, dispositif de réception, procédé de génération de codes d'authentification de messages et procédé de comparaison de codes d'authentification de messages
JP2016092532A (ja) * 2014-10-31 2016-05-23 株式会社東芝 送信システム、メッセージ認証コード生成装置、受信装置、メッセージ認証コード生成方法及びメッセージ認証コード照合方法
US10225266B2 (en) 2014-10-31 2019-03-05 Kabushiki Kaisha Toshiba Transmission system, message authentication code generating apparatus, receiver, message authentication code generating method, and message authentication code verifying method
EP3605538A4 (fr) * 2017-03-24 2020-03-25 Sony Corporation Dispositif de traitement d'informations, support d'enregistrement d'informations, procédé de traitement d'informations, et programme
JPWO2023053621A1 (fr) * 2021-09-30 2023-04-06
WO2023053621A1 (fr) * 2021-09-30 2023-04-06 株式会社デンソー Système de communication de données, dispositif central, dispositif maître, programme de chiffrement et programme de déchiffrement
JP7768236B2 (ja) 2021-09-30 2025-11-12 株式会社デンソー データ通信システム、センター装置、マスタ装置、暗号化プログラム及び復号化プログラム

Similar Documents

Publication Publication Date Title
JP6592569B2 (ja) 送信装置および受信装置
US8321690B2 (en) Protecting digital media of various content types
JP6596133B2 (ja) 送信装置、受信装置および限定受信システム
EP2040411B1 (fr) Dispositif de terminal, dispositif de serveur et système de distribution de contenus
KR20100089228A (ko) 멀티미디어 컨텐트의 전송 스트림 암호화 방법 및 그 장치,복호화 방법 및 그 장치
WO2015034020A1 (fr) Dispositif de transmission, dispositif de réception, système de réception limitée, et procédé de réception limitée
WO2016002545A1 (fr) Dispositif de transmission, et dispositif de réception
JP4098348B2 (ja) 端末装置、サーバ装置及びコンテンツ配信システム
JP6539389B2 (ja) 送信装置、受信装置および限定受信システム
JP6596130B2 (ja) 送信装置、受信装置および限定受信システム
JP6543395B2 (ja) 送信装置、受信装置および限定受信システム
JP6417271B2 (ja) 暗号化装置および復号装置
CN103873887A (zh) 点播节目的播放方法、装置和系统
JP5132651B2 (ja) ライセンス情報送信装置およびライセンス情報送信プログラム
JP2008118708A (ja) 端末装置及びサーバ装置
JP2008187691A (ja) コンテンツ配信システム、及びコンテンツ配信方法
JP5391315B2 (ja) ライセンス情報受信装置、ライセンス情報受信プログラムおよびライセンス情報受信方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14842851

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14842851

Country of ref document: EP

Kind code of ref document: A1