JP2002217894A - Method for data distribution service - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform a contents control service using detailed information regarding contents. SOLUTION: A broadcasting side defines a contents which provides method to a viewer, utilizing conditions, contents storage in a ciphered state, limited reception to a terminal, limited reception to an individual, etc., distributes the defined details to a reception side with the contents and performs the viewing control of the viewer, storage control, copy control, ciphering/deciphering control, etc., so as to provide a service capable of protecting the right of the contents of copyright, etc. To this end, a general data distribution system attaches meta data which are the contents-related information to each content. In this meta data, general information about the name and the details of the contents, constitution in the contents, etc., information concerning copyright protection of information, such as control information concerning storing and reproducing processing, control information concerning charging processing, information on the contents ciphering system of the decoding key, etc., of the contents are described.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data distribution service method for providing content on a content providing side and receiving and using the content on a using side, and more particularly, to a data distribution service method having a mechanism for protecting the content. The present invention relates to a data distribution service method having a mechanism for adding and distributing metadata as content-related information.

[0002]

2. Description of the Related Art Hitherto, broadcasting or communication using satellite waves or terrestrial waves has generally been real-time broadcasting, and there has been some storage-type communication. In storage-type broadcasting and communication, distributed programs and information can be stored in a large-capacity storage medium by a user's own storage operation. Thus, the program can be viewed whenever the user desires.

As a method of protecting real-time broadcast contents, a method of encrypting contents is generally used. The use of encryption makes unauthorized viewing and tampering difficult. CAS (Conditional Access System), a conditional access system for BS digital broadcasting, is used as the content encryption system.
tem). The CAS encrypts the content with a first encryption scheme, and encrypts a first decryption key for decrypting the encrypted content with a second encryption scheme. Then, the encrypted content and the first key are distributed to the user. The user who can receive the content holds a second decryption key which is a decryption key of the second encryption method in advance. Therefore, only the user holding the second decryption key can receive the first decryption key, and only the user who can receive the first decryption key can receive the content. As described above, by using CAS, only a limited number of users can acquire and view the content, and it is possible to control the users who can view the content. In BS digital broadcasting, SI (service information) is defined as information related to content.

[0004]

The prior art CAS as described above is a conditional access system used in real-time broadcasting. In this method, the content is decrypted simultaneously with the reception of the content. At this time, reception control for the user is possible, but reproduction control cannot be performed because the content is decrypted. In addition, since the content is in a plaintext state during storage, the content cannot be protected.

[0005] Further, in the current satellite digital broadcasting standard, only the SI exists as a means for defining information regarding contents. Although the SI is information related to the content, it is information for an EPG (Electronic Program Guide), and is not described in detail. Since there is no means for defining detailed information on various contents in the broadcasting standard, it is not possible to provide detailed services based on control for each content. As a result, the content control service using the detailed information on the content cannot be performed. In addition, since the existing broadcast is a service with a view to viewing the content in real time, the information for performing the storage control and the copy control of the content is scarce and is insufficient for use in the storage broadcast.

SUMMARY OF THE INVENTION In view of the above, it is an object of the present invention to provide a data distribution service method for storing broadcasts and adding control information capable of protecting contents.

[0007]

SUMMARY OF THE INVENTION An integrated data distribution system according to the present invention provides an encryption system for receiving an encrypted content, storing the content in a storage medium, and decrypting the content for the first time. Also, metadata as content-related information is attached to each content. The metadata includes, for example, general information such as the name and content of the content, the configuration in the content, control information on the storage / reproduction process, control information on the charging process, and information on the content encryption method such as a content decryption key. And other information related to copyright protection. Based on the information, the viewer control, the storage control, the copy control, the encryption / decryption control, and the like are performed. This enables the protection of the content rights, the protection of the user rights, and the like.

According to a first solution of the invention, a satellite,
In a data distribution service method for distributing content using a communication line such as a terrestrial line or a media medium such as a removable medium, the transmitting apparatus encrypts the content after generating the content, and blocks the encrypted content. Each element of the encrypted content that is divided and divided into blocks in the payload portion of the distribution stream is stored, assembled into a distribution data format, the content is distributed, and the content presentation method, usage conditions, and the content encryption key including the content encryption key are stored. Generates and distributes metadata storing related information, and the receiving terminal assembles the content without decrypting the payload portion when assembling the content, accumulates the content and metadata in an encrypted state, and receives the content. Side can make decisions regarding the use of content. Charging control for Ceiling, data distribution service method to perform rights protection is provided.

According to a second solution of the present invention, a satellite,
In a data distribution service method for distributing content using a communication line such as a terrestrial line or a media medium such as a removable medium, a receiving terminal is a terminal ID, a personal ID, a channel to which a user wants to contract, Notifying the sending device of a contract request including a program or content, and the sending device generates pre-contract metadata from the notified contract request,
D, the personal ID is unencrypted, the payer ID, the company key Kw unique to each company, and the contract information including the contract code are encrypted with the unique terminal key Kmc for each receiving terminal, and the receiving terminal Step of distributing to the receiving terminal, the terminal ID stored in the non-encrypted part of the metadata for the pre-contract, the terminal, the personal ID, to determine whether the information is addressed to the user using the terminal,
If it is determined that it is addressed to the user, decrypting the pre-contract metadata with the terminal key Kmc stored in advance in the receiving terminal and obtaining contract information including the business key Kw, the receiving terminal Requesting the content to be broadcast by the contracted company based on the obtained contract information, and the transmitting device synchronizes with the delivery of the encrypted content, includes the paying company ID as non-encrypted, and views the content. The necessary part including the encryption key Kk of the content required when encrypting the key distribution metadata encrypted with the business key Kw, and the necessary part including the usage restriction information for the content including the position of the content distribution apparatus is referred to as the content key Kk. Distributing the storage / playback metadata encrypted in step (a), and the receiving terminal receives the key distribution metadata distributed in synchronization with the encrypted content, The toll operator ID, which is stored in the encrypted part to determine whether broadcast by the contract operator,
If it is determined that the metadata is key distribution metadata for the content broadcasted by the contracting carrier, the encrypted part is decrypted with the carrier key Kw distributed by the preliminary contract metadata, and the decrypted target contract code and The content code Kk is stored in the receiving terminal if the content is available within the user's contract form based on the contract code distributed by the contract metadata. Content key K is used to encrypt the data
decrypting by k, confirming the usage restriction information on the content, and if the user can use the content, receiving the encrypted content based on the information on the distribution location of the encrypted content stored in the storage / playback metadata. And a data distribution service method including:

[0010]

BEST MODE FOR CARRYING OUT THE INVENTION Overview (Service overview) This comprehensive data distribution service is an information (data) distribution service that can be viewed at the place where you want to see the content you want to see, and is a conventional real-time type (viewing what you are broadcasting) digital Unlike broadcasting, this service provides not only real-time delivery but also storage-based information delivery. This provides a Near Video On Demand (NVOD) -like service that allows the viewer to select and view his / her favorite content from the stored content whenever he wants. . In addition, the content is directly stored in a removable medium or an external device connected to a receiving terminal that receives the service, or the content can be viewed at a user's favorite place by copying. Furthermore, in the conventional digital broadcasting service, the content usage contract form is limited to a narrow range such as a contract on a terminal basis. However, this service provides a wide range of content usage contract forms capable of contracting on an individual user basis. .

FIG. 1 shows a configuration diagram of the receiving side of the comprehensive data distribution service. As an overview of the comprehensive data distribution service, a storage-type television broadcast will be described with reference to FIG. The receiving side includes the antenna 2, the receiving terminal 3, and the television 9. A storage-type television broadcast is, like a conventional television broadcast, a content 1 (program) transmitted from a broadcast side (broadcasting station), an antenna 2 (distribution by cable, distribution in a package), a receiving terminal. 3 to start viewing from the moment when it is received and distributed by a monitor device such as a television 9.
Like the conventional VCR, once distributed content is stored in a storage medium 4 (a large-capacity storage medium such as a hard disk) and then viewed. Is sometimes used as a storage medium), and an information distribution service that enables services such as real-time type + storage type viewing 7 for viewing the stored content and the distributed real-time viewing type content together.

(System Overview) FIG. 2 shows an overall system configuration diagram of the comprehensive data distribution service. As a system that provides this comprehensive data distribution service, in addition to infrastructure using radio waves such as satellite broadcasting and terrestrial broadcasting, services using infrastructure using communication lines such as cable TV and the Internet are possible, but in the present invention, as an example, A case where digital satellite broadcasting using satellites as shown in FIG.

An outline of a system in which a comprehensive data distribution service is provided will be described with reference to FIG. The system of this comprehensive data distribution service includes a sending side 100 and a receiving side 20.
0, a satellite link 10, a terrestrial link 11, and a distribution network 1 using a satellite, which is a transmission path connecting the sending side 100 and the receiving side 200.
2. The mobile phone network 13 is provided. The receiving side 200 here
"Public terminal 202" such as a vending machine, a terminal installed in a store 203 such as a convenience store, and an in-vehicle mounted in an automobile or the like, which is a mobile body, is not limited to the receiving terminal 3 installed in the home 201. The terminal 204, the mobile terminal 205, and the like are also assumed. On the sending side 100, the content 1
And a distribution center that produces and manages control information and distributes it to the receiving side 200, a key management center that generates and manages a key used for encrypting content, a customer management center that manages information of a user on the receiving side, and a receiving side. Distribution (delivery) of packaged media such as DVDs to terrestrial line 11 such as requests from users, collection of viewing history, etc., terrestrial line management center that manages communication using mobile phone 206, users, dealers, etc. And a logistics management center that performs

(Service Contents) Next, services performed in the system shown in FIG. 2 will be described. As a service in this comprehensive data distribution service, for example,
As described above, the satellite digital line 10 is mainly used to distribute digital data such as video, music, electronic magazines, games, and other video, audio, and data to the receiving terminal 3 installed at home. Home service 3
00. Second, data is distributed to the vending machine 202 and the retail store 203 in the same manner as the home service 300, and data that cannot be stored in the home in capacity, backup of data not stored, and vending machine For example, there is a vending machine / store service 301 that handles data and the like that can be sold only at the store, buys an electronic magazine that can be sold only at the store, and watches the data at the receiving terminal 3 at home. Third, the home receiving terminal 3 or the vending machine 20 is connected to an external device such as the in-vehicle device 204 and the portable terminal 205.
2. It is possible to carry contents from a store 203 or the like and view the contents outside the home. For example, map data distributed to a receiving terminal at home can be stored in a removable medium such as a DVD or the like.
A mobile service that uses the C card to take it to the in-vehicle device 204 and uses it in a car, or uses music media such as a removable medium such as a memory card or an IC card to take it out and play it on the mobile terminal 205. 302. Fourth, contents that cannot be distributed through the satellite network 10 using the distribution network 12 are stored on CD-ROMs and DVD-ROMs.
There is a package delivery service 303 that distributes contents such as dramas from a receiving terminal by distributing the contents through a package medium such as a ROM and the like, and distributes the contents to the home from home via a DVD-ROM or the like via a home delivery service or the like. Fifth, by using an external device having communication means such as the mobile phone 206 and controlling a receiving terminal in the home via the sending side, for example, the EPG on the screen of the mobile phone 206 can be controlled.
(Electronic program guide) There is a mobile phone service 304 for making a program reservation or the like to a home receiving terminal from outside. Further, the present invention is not limited to these, and a wide variety of services can be provided with the development of the communication infrastructure. In the present embodiment, the home service 300 will be particularly described, but the present invention is also applicable to other services.

(Rights protection method) The comprehensive data distribution service is a service for distributing contents directly to a home or the like and performing storage / copy / reproduction with digital data in the home or the like. Falsification of data,
Since issues related to copyrights and other rights such as copying and reproduction that exceed private use arise, it is necessary to protect and manage the copyrights of content, broadcasters, and viewers.

FIG. 3 is an explanatory diagram of a right protection method in the comprehensive data distribution service. The rights protection method in the present comprehensive data distribution service will be described with reference to FIG. The rights protection method in the comprehensive data distribution service is that the metadata 18 storing information such as a method of presenting the content to the viewer defined on the transmitting side, usage conditions, and a content encryption key is encrypted. Content (encrypted content) 17, other PSI / SI (Progra
m Specific Information / Service Information) 19
And the right protection function 16 on the receiving terminal 3 side.
(RMP function) interprets the metadata 18 and controls the reception of the content 17 to the receiving terminal 3, the storage control for the storage medium 4 and the removable medium 5, the copy control, and the encryption.
This is a method for performing control such as decryption control, presentation control for a monitor device such as a TV 9, authentication control for an external device 14, and authentication / billing control for an IC card 15 for identifying an individual.

Next, the PSI / SI 19, content 17, and metadata 18 distributed from the sending side will be described. PSI /
The SI 19 is data for acquiring necessary data from a stream being distributed, as in the case of conventional digital broadcasting. The integrated data distribution service uses the SI 19 to acquire metadata, encrypted content, and the like. The distinction of services from conventional digital broadcasting is based on NIT (Network
This is done by using the service list descriptor stored in the Information Table), the stream identification descriptor stored in the PMT (Program Map Table), and the like.

The contents 17 are basically stored in the storage medium 4, the removable medium 5, and the like in the comprehensive data distribution service in a state of being encrypted in order to prevent data falsification and unauthorized use. The content 17 in the comprehensive data distribution service is conceptual and can be designated in a unit intended by the sending side, not in a unit indicating a constant physical quantity. Can recognize the contents. For example, contents are classified into video-based contents that can be viewed by selecting a channel similar to that of conventional digital broadcasting and video-based contents that can be viewed mainly after storage and viewing.

FIG. 50 shows an example of an explanatory diagram of data constituting video and data contents. In this comprehensive data distribution service, each data of a data group constituting the content is called an element. Therefore, the content is composed of one or a plurality of elements. The metadata 18 is defined as
For example, general information used for searching for the content, structure, etc. of the content assigned to the content specified in the unit intended by the broadcaster on the sending side, the copyright holder and related rights It includes information such as a method of presenting content to viewers and usage conditions, etc., whose protection is defined on the sending side. The metadata controls the terminal with these pieces of information and enables rights protection. Therefore, since the metadata includes information to be protected as in the case of the content, a part of the metadata is distributed and distributed, and the data is stored in the encrypted state even when the data is stored. In addition, depending on the distribution timing and contents, the metadata for the advance contract, the metadata for the EPG,
It is classified into metadata for reproduction and metadata for key distribution.

The pre-contract metadata includes information such as a business key, which is a key unique to each pay broadcast business, whether all programs broadcast by the contracted business can be viewed, and whether some programs can be viewed. A contract code or the like to be interpreted on the terminal side is stored, and is delivered to the individual user asynchronously with the delivery of the content. The EPG metadata stores information such as the name, content, and scheduled broadcast date of the content necessary for confirming the content to be distributed and making viewing / storage reservations on the receiving terminal side. Will be delivered to all receiving devices before the targeted content is delivered,
It is mainly for performing EPG display of the receiving terminal, viewing / storage reservation, and the like. The storage / playback metadata stores information for receiving, storing, and subscribing to the content, and synchronizes the distribution of the target content to all receiving terminals regardless of the user who uses the receiving terminal. It will be delivered. The key distribution metadata stores information on a key that has encrypted the content, and is distributed in synchronization with the distribution of the target content in the same manner as the storage / reproduction metadata. The metadata list stores information for updating the EPG metadata accumulated by using it together with PSI / SI, and information for acquiring necessary data from the stream group being distributed, and uses the receiving terminal. It is always distributed to all receiving terminals regardless of the user. The system key update metadata stores information for updating a common key for the entire system, which is stored in the terminal in advance, and distributes content to all receiving terminals regardless of the user who uses the receiving terminal. Is delivered asynchronously.

(Encryption System) Next, an encryption system of contents and metadata in the present comprehensive data distribution service will be described. The content and metadata encryption method of this comprehensive data distribution service stores encrypted content and encrypted metadata without decrypting them. Is a method of performing encryption when generating metadata.

FIG. 4 is an explanatory diagram showing a comparison of encryption methods between the comprehensive data distribution service and the existing service. A comparison between the encryption system in the present comprehensive data distribution service and the encryption system in the conventional digital broadcasting will be described with reference to FIG. In the conventional method, the content is generated 20 and the generated content is a data format at the time of distribution before encryption.
To form the TSP 21, a part 23 of the content divided into blocks and divided into the payload part 22 of the TSP 21
Is stored, and then the payload portion of the TSP is encrypted 24. Therefore, when assembling the content on the receiving terminal side, it is necessary to decrypt the payload portion. On the other hand, in the case of the encryption system in the present comprehensive data distribution service, the transmitting side encrypts the content 25 after generating the content 20.
To block the encrypted content,
In order to store and distribute the partial block 26 of the encrypted content divided into the payload portion 22 of the P, the content can be assembled without decrypting the payload portion when assembling the content at the receiving terminal side, and the encryption is performed at the sending side. Content and metadata can be stored as they are.

(Content and Metadata Encryption System) FIG. 5 is an explanatory diagram of a content encryption system.
FIG. 6 is an explanatory diagram of a metadata encryption method. Next, the encrypted images of the content and the metadata will be described with reference to FIGS. The content encryption in the comprehensive data distribution service is performed for each element constituting each content regardless of the type of the video content 27 and the data content 28. For example, if the video content 27 is MPEG2-
When it is composed of two elements, Video (PES) 29 and MPEG2-AAC (PES) 30, all data are encrypted for each element, and encrypted elements 31, 32 are generated. At this time, the encryption key 33 for performing encryption uses a common encryption key Kk1 in the content. In the present comprehensive data distribution service, the encryption key 33 assigned to each content is referred to as a content key Kk1. Therefore, each element constituting the data system content 28 which is different from the video system content 27 is a different encryption key 34
Is encrypted. At this time, a common key Kk2 in the content is similarly used as the encryption key 34. Note that the content key Kk is a generic term for the entire content key.

The encryption of the metadata in the present comprehensive data distribution service is different from the encryption of the content, and is not to encrypt the entire metadata that needs to be encrypted.
As shown in FIG. 6, only the portion 35 requiring encryption is extracted and encrypted, and encrypted data 37 to which information such as the capacity 36 of the encrypted data is added is generated. In addition, in the present comprehensive data distribution service, it is possible to embed the encrypted data 37 again in metadata 38 that is not encrypted and distribute the encrypted data 37 or distribute it as a separate file.
FIG. 51 is an explanatory diagram of contents, an encryption key used for encrypting each metadata described above, and an encryption key in the comprehensive data distribution service.

(Conditional Reception System) FIG. 7 is an explanatory diagram of the conditional access system in the comprehensive data distribution service. next,
With reference to FIG. 7, a description will be given of a limited reception system in which contents such as pay broadcasts are received / stored only by a user who has a contract with a broadcasting company in the comprehensive data distribution service. The conditional access system in this comprehensive data distribution service is different from the system used in conventional digital broadcasting in which each terminal uses a channel and a program for each terminal. In addition, conditional access in content units is enabled. As described above, since the content unit is a unit intended by the broadcaster, the minimum unit is an element unit, and limited reception in small units such as one scene constituting a program becomes possible. In the method of this comprehensive data distribution service, limited reception is performed using pre-contract metadata and key distribution metadata.

First, the user of the receiving side 200 sends a terminal ID, a personal ID, a channel to be contracted, a program,
The sending side 100 is notified of a contract request 39 for contents or the like. The sending side 100 generates pre-contract metadata based on the contract request notified by the user, encrypts necessary parts such as contract information with a terminal key Kmc unique to each receiving terminal, 45 for each delivery. The receiving terminal of the receiving side 200 determines whether the information is directed to the user who uses the terminal based on the terminal ID and the personal ID stored in the non-encrypted portion of the pre-contract metadata 40, and stores the ID addressed to the user. If it is, the metadata for the pre-contract is decrypted by the terminal key Kmc43 stored in the terminal in advance, and the payer ID, the operator key Kw4 unique to each operator are decrypted.
4. Obtain contract information including a contract code and the like. The user who has obtained the contract information makes a request 46 for the content 17 broadcasted by the contract operator. Sending side 10
In the case of 0, the content encryption key Kk3 required for synchronizing with the distribution of the encrypted content 17 and viewing the content.
3 is stored, and the key distribution metadata 41 whose necessary part is encrypted with the business key Kw44 is distributed to all terminals. Also,
The transmitting side 100 stores the usage / restriction information for the content and the like, and distributes the storage / reproduction metadata 42 in which the necessary portion is encrypted with the content key Kk33 to all terminals.
The receiving terminal receives the key distribution metadata 41 distributed at the same time as the content, determines whether the broadcast is performed by the contracted carrier based on the paying carrier ID stored in the non-encrypted portion, and broadcasts the broadcast by the contracted carrier. If it is determined that the metadata is key distribution metadata 41 for the content to be encrypted, the encrypted part is decrypted with the business key Kw distributed by the preliminary contract 40 metadata, and the decrypted target contract code and the preliminary contract metadata are decrypted. It is determined from the contract code distributed by 40 whether the content is available within the contract form of the user. Here, if available, the content key Kk33 is stored in the receiving terminal, the encrypted portion of the storage / reproduction metadata 42 received at the same time is decrypted by the content key Kk33, and usage restriction information such as age restriction on the content is obtained. If it is confirmed that the user can use the encrypted content 17, the encrypted content 17 can be received based on the information on the distribution location of the encrypted content 17 stored in the storage / reproduction metadata 42. This comprehensive data distribution service enables conditional access by the above method.

2. Billing Method Next, a billing method in the comprehensive data distribution service will be described. In this comprehensive data distribution service, there are roughly two types of charging: a charging for a prior contract and a charging for viewing a content.

(Charge for Prior Contract) FIG. 8 is an explanatory diagram of a charge method based on a prior contract. First, charging for a prior contract will be described with reference to FIG. The billing for the pre-contract is a billing method in which the sending side 100 performs billing based on the customer information obtained in advance by the user registration 47, so that a fixed amount billing can be performed regardless of whether or not the user views the content. . The user who purchased the receiving terminal 3 sends the information on the terminal ID, personal ID, the company to be contracted, the contract type, the contract period, etc. to the sending side 100 along with the information of the settlement destination bank account 48 by postcard or telephone. Notice. The sending side 100 generates and manages customer information based on the information,
Generates the pre-contract metadata 40 storing the key of the contracted company, the contract code indicating the contract form, the expiration date of the contract, etc., distributes it to the receiving terminal 3 of the contract user, and from the account 48 specified by the user. Charge for a content usage contract for a certain period. The user who has received the pre-contract metadata 40 can use the contents of the contracted business operator within the stored validity period. The charging flow for the prior contract in this comprehensive data distribution service has been described above.

(Charging for Viewing Contract) Next, charging for the viewing contract will be described. The charging method for the viewing contract in the present comprehensive data distribution service is classified into a charging method based on an uplink on a transmitting side from a receiving terminal such as a ground line and a charging method not based on an uplink.

(Charging method without assuming uplink) FIG. 9
FIG. 3 shows an explanatory diagram of a billing method for a viewing contract that does not require an uplink. First, a charging method that does not assume an uplink such as a terrestrial line will be described with reference to FIG. The charging method that does not assume an uplink is a method in which a usage fee of a certain point is paid in advance in the same manner as in the case of a pre-contract, and the content is viewed within the range of the point. However, if a certain point is exceeded, additional points can be contracted each time. As a specific means, the user who purchased the receiving terminal notifies the sending side 100 of the terminal ID, personal ID, the company to be contracted, the contract type, the settlement destination bank account 48, and the like, as in the case of charging for the pre-contract. When the contract is made, the contract is made by notifying the number of points 49 for using the content, not the contract for a certain period. On the sending side 100,
Based on this information, customer information is generated and managed, and information on the number of points to be granted is stored in the pre-contract metadata 40 instead of the information on the expiration date of the contract and distributed to the receiving terminal 3 of the contract user. The transmitting side 100 stores and distributes information on the number of points required when using the content in the storage / reproduction metadata 42 to be synchronized and distributed when distributing the content 17. When using the content, the receiving terminal 3 uses the storage / reproduction metadata 4 based on the number of points distributed by the pre-contract metadata 40.
Since the content is reproduced by subtracting the required number of points stored in No. 2, it is possible to view the content within the range of the number of points distributed by the pre-contract metadata 40. When the number of points distributed in the pre-contract metadata 40 is exhausted, the user contracts again with the sending side 100 and the points can be supplemented by receiving the pre-contract metadata 40. On the sending side, charging can be performed from the designated account or the like 48 notified in advance according to the number of points granted to the user, so that charging can be performed according to the user's viewing of the content. Although the number of points distributed by the pre-contract metadata 40 is basically stored in the IC card, it may be stored in the receiving terminal in the case of points for a user group using the receiving terminal. .

(Charging method on the premise of uplink) Next, a charging method on the assumption that an uplink such as the terrestrial line 11 is connected to the receiving terminal 3 will be described. As an extension of the charging method for points in the preceding paragraph in this comprehensive data distribution service, a method of applying for points, adding points, and the like online through the ground line 11 or the like connected to the receiving terminal 3 and a method of actually using the receiving terminal side The billing information 50 when using the content is transmitted to the sending side 100 by the ground line 1.
1 and the like, and there is a method of charging based on the information.

FIG. 10 is an explanatory diagram of an online charging system using an uplink. Here, the latter billing information 50
Will be described with reference to FIG. Specific means for sending the billing information 50 to the sending side 100 online and performing billing include, as in the billing method described above, the user who purchased the receiving terminal 3 receives the terminal ID, personal ID, the business operator to be contracted, Sending form 1 such as form, settlement account 48, etc.
At the time of notification to 00, a contract for sending the billing information 50 for viewing the content online is made instead of a contract for a certain number of points for a certain period. In this comprehensive data distribution service, this agreement is called an online PPV license agreement. The sending side 100 generates and manages customer information based on the above information, and uses the online PPV permission instead of the information such as the expiration date of the contract and the number of permitted points as information on the transmission destination at the time of transmitting the billing information for the prior contract. It is stored in the metadata 40 and distributed to the receiving terminal 3 of the contract user. In addition, the transmitting side 100 stores the information that is the basis for generating the billing information 50 such as the usage fee required when using the content in the storage / playback metadata 42 that is synchronized and distributed when the content 17 is distributed. Store and distribute. When using the content at the receiving terminal, the storage / playback metadata 4
The information such as the ID of the user is added to the source information for generating the billing information 50 stored in “0”, and the information is transmitted to the destination specified by the pre-contract metadata 40 using the ground line. . Thus, the sending side 100 can charge the fee in the billing information 50 transmitted from the contracted user's receiving terminal 3 from the designated account 48 registered in advance according to the user's content viewing amount.

3. Service Flow FIG. 11 is an explanatory diagram of a service flow in the comprehensive data distribution service. Next, a service flow in the present comprehensive data distribution service will be described with reference to FIG. This comprehensive data distribution service is, for example, the receiving terminal 3
Prior contract flow 105 at the time of user registration using a postcard or telephone attached at the time of purchase, content generation 102 at transmission side 100, transmission side flow 101 from metadata generation 103 to distribution 104, reception and reproduction of contents, etc. It includes the receiving side flow 331.

(Advance Contract Flow) FIG. 12 is an explanatory diagram of a service flow in an advance contract. Hereinafter, a service flow in the prior contract will be described with reference to FIG.
Advance contract flow 105 in comprehensive data distribution service
Means the service receiving user 106 on the sending side 100
The purpose of this is to perform customer information management 107. Since the integrated data distribution service is a service that is mainly for paid storage type content, the user needs an IC card 15 for making a content viewing contract.
The means by which the user acquires the card 15 is a prior contract. As described in the conditional access system and the charging system described above, the user 106 of the receiving side 200 can use the postcard or telephone attached at the time of purchasing the terminal to set the user's 106 The personal information about the user, such as an account, and the paid service to be viewed and the contract form are registered in the sending side 100 together with information for identifying the receiving terminal such as a terminal ID. The sending side 100 provides the user with personal information based on information such as personal information registered with the user, contract information, and a terminal ID for identifying the receiving terminal 3.
An ID is allocated and customer information is generated and managed 107. Further, the transmitting side 100 stores information such as a personal ID allocated to the IC card 15 based on the customer information,
To the receiving terminal 3, the distributed IC card 1
5, the user 106 having the IC card distributes the pre-contract metadata 40 storing information such as a key of a contractor who has made a contract and a contract code indicating the contract form. The user 106 can use the contracted content,
The sending side 100 can manage customer information of the contract user.

(Transmission side flow) FIG. 13 is an explanatory diagram of a service flow on the transmission side. The service flow on the sending side will be described below with reference to FIG. The service flow on the sending side in the comprehensive data distribution service is, for example, content generation 102, program scheduling 20
8. Content encryption 209, delivery format 2
12, PSI / SI generation 210, metadata generation 103, metadata encryption 211, and distribution 104.

The content generation 102 is to generate the content 1 from each element of video / audio / data. The programming 208 is to produce a broadcast program by combining one or more of the generated contents. The content encryption 209 is to generate an encrypted content 17 by encrypting an element included in each content converted into a program using a content key Kk which is a key for each content. Distribution Formatting 2
Numeral 12 is to convert the encrypted content 17 and the encrypted metadata into TSP, which is a data format at the time of distribution, according to the type of element. The PSI / SI generation 210 is to generate the PSI / SI table 19 based on the operation information of the program generated by performing the program scheduling 208. Metadata generation 103 means content generation 10
2. Content at the time of program scheduling 208, title, content, structure, use restriction information, and the like for the program, information such as an encryption method and an encryption key in the content encryption 209, a distribution position on a transmission path when the distribution format 212 is performed, and the like. List 250, EPG metadata 2 from the information of
51, generating metadata 252 for storage / reproduction, and metadata 253 for key distribution. The metadata encryption 211 is a method of encrypting each portion of the metadata generated by the metadata generation 103 that needs to be protected, thereby encrypting the EPG metadata 254 and encrypting / reproducing metadata. 255, that is, to generate the encryption key distribution metadata 256. The delivery 212 is
PSI / SI, metadata, and encrypted contents are multiplexed and distributed to the receiving side.

(Receiving Side Flow) FIG. 14 is an explanatory diagram of a service flow on the receiving side. The service flow on the receiving side in the comprehensive data distribution service includes, for example, reservation 332, content reception / storage 333, viewing contract 33
4, including playback 335. The reservation 332 is the sending side 100
Using the EPG metadata 254 distributed by the user, reservation of desired content is performed. The content reception / storage 333 means that the storage / reproduction metadata 255, the key distribution metadata 256, and the encrypted content 17 are received at the content distribution time based on the reserved information.
That is, the reproduction metadata 255 and the encrypted content 17 are stored. The viewing contract 334 is the accumulated storage
This is to make a content viewing contract based on the usage restriction information of the reproduction metadata, the personal information in the IC card 15, the contract information, and the like. The reproduction 335 means that the reproduction permission or the like of the content is determined based on the information on the viewing contract, the encrypted content 17 is decrypted, and then the content is reproduced.

4. Sending side system Next, a sending side system for realizing these service flows will be described. FIG. 15 shows a configuration diagram of the entire transmission side system. The overall configuration of the sending system in the integrated data distribution service will be described with reference to FIG. As described above, the sending system includes a distribution center 220 that generates, encrypts, and distributes content and metadata, a key used in the integrated data distribution service system, a key management center 240 that generates and manages IDs, and user registration information. A customer management center 260 for generating and managing customer information such as user personal information and contract information;
A terrestrial line management center 214 that manages the connection by the terrestrial line 11 when using the bidirectional communication service such as viewing history information / billing information, requests from the user, a user,
A distribution management center 213 and the like for managing distribution using the distribution network 12 such as distribution of merchandise and the like to a store are provided. In the present invention, the distribution center 220, the key management center 240, and the customer management center 260, which are particularly important for realizing the comprehensive data distribution service, will be described in detail.

(1) Configuration of Distribution Center FIG. 16 shows the configuration of the distribution center. Distribution center 2
20 will be described with reference to FIG. Distribution center 2
20 is an authoring system 2 for producing contents
21, a program composition management system 222 that organizes a program from the content produced by the authoring system 221, and generates and manages an operation schedule and the like; generated when the content is generated from the authoring system 221 and the program configuration management system 222; A metadata generation device 223 that generates each metadata based on information such as titles and configurations of contents and programs, a program configuration management system 2
22, a PSI / SI generating device 224 for generating PSI / SI based on the operation schedule and the like generated in 22;
22, a content encryption device 225 for encrypting each element in the content organized by the program 22, a metadata encryption device 226 for encrypting the metadata generated by the metadata generation device 223, a PSI / SI device 224,
Content encryption device 225, metadata encryption device 2
And a transmission system 227 that multiplexes the information input from the H.26 or the like and converts it into a format that can be distributed. Hereinafter, each of these components will be described.

(Authoring System) FIG. 17 shows the configuration of the authoring system. The authoring system 221 for generating content will be described with reference to FIG. The authoring system 221 generates and manages the content 1, and converts a related file 233 in which information such as a completed content, a title, a content, and a configuration in the content generated when the content is generated is stored in the program configuration. Management system 222
It is a system to hand over. Authoring system 22
1 includes a video authoring tool 228 for producing and editing video, audio, and data elements, an audio authoring tool 229, and a data authoring tool 23.
0, a content 1 composed of elements output from each authoring tool, and a content composition device 231 for generating a related file 233, and a content management server 232 for storing and managing the content generated by the content composition device and the related file 233. Is provided.

Video authoring tool 228, audio authoring tool 229, data authoring tool 23
0, each authoring tool is for analog material input 2 such as VHS video, laser disk (registered trademark), photograph
Functions such as video capture and scanner for digitizing 34, digital material input such as DAT, CD, DVD, etc.
4 has a function of converting to a format that can be displayed by the receiving terminal on the receiving side, an editing function of each digital material, a digital output function of each element produced and edited by the content composition device 231, and the like. The content composition device 231 composes the content 1 from one or a plurality of elements output from each authoring tool, and at the same time, restricts the use of content name, content ID, content content, genre, copy restrictions, target age, copyright, etc. It has a function of generating a related file 233 by inputting information such as information, a data format of a constituent element, a capacity, and the like, and accumulating the related file 233 in the content management server 232. The content management server 232 notifies the completion of the content to the program configuration management system 222, and when a transfer request of the content and the related file 233 occurs from the program configuration management system 222, the content requested to the program configuration management system 222 1. It has a function of transferring the related file 233. However, the content management server 232 also has a function of forcibly transferring the content 1 and the related file 233 to the program configuration management system even when there is no transfer request from the program configuration management system 222.

(Program Configuration Management System) FIG. 18 shows a configuration diagram in the program configuration management system. Next, the program configuration management system 222 will be described with reference to FIG. The program configuration management system 222 is the authoring system 2
This is a system for composing a program by composing a program from the content generated in 21 and generating and managing an operation schedule and the like for the composed program. The program configuration management system 222 generates a program operation schedule 238 for a program configuration device 235 that configures a program from the content 1 input from the content management server 232 in the authoring system 221, and generates a program operation schedule to be assigned. The apparatus 236 includes a program management server 237 that accumulates and manages a programized content group, a related file group corresponding thereto, and an operation schedule.
Note that a file in which information related to the content in the content generation in FIGS.
33.

The program composition device 235 comprises one or a plurality of contents 1 from the contents management server 232 and a program from related files 233, and includes a group of contents as the program, information on the program, for example, the title of the program,
Program ID, program content, genre, broadcaster I
D, a function of adding information relating to a contract, information relating to charging, information such as the configuration of contents in a program, etc. to a related file 233 inputted from the contents management server 232 and storing the information in the program management server 237. The program operation schedule generation device 236 includes the program management server 2
The program management server 237 has a function of allocating information related to a broadcast location such as a broadcast date and time, a channel, and the like to the programs stored in the program 37, generating an operation schedule 238, and storing the generated schedule 238 in the program management server 237. The program management server 237 stores the program configuration device 23
5. The content group 1, the related file group 233, the operation schedule 238, and the like input from the program operation schedule generation device 236 are stored and managed, and the operation schedule 238 is stored.
Based on the information, the operation schedule 238 and the related file group 233 are input to the metadata generation device 223 and the PSI / SI generation device 224, and the metadata generation device 223 and the PSI / SI generation device are input to the content encryption device 225. 224 has a function of inputting a content group and a content ID group corresponding to the program information input.

(PSI / SI Generation Apparatus) FIG. 19 is an explanatory diagram of the PSI / SI generation apparatus. The PSI / SI generation device 224 will be described with reference to FIG. The PSI / SI generation device 224 generates an operation schedule 238 input from the program management server 237 in the program configuration management system 222, and generates a PSI / SI table based on the MPEG2-System from the related file group 233, and operates the system. It has a function of inputting each PSI / SI table converted into TSP to the transmission system 227 based on schedule information.

(Metadata Generating Apparatus) FIG. 20 is an explanatory diagram of the metadata generating apparatus. Next, the metadata generation device 223 will be described with reference to FIG. The metadata generation device 223 includes a group of related files input from the program management server 237 in the program configuration management system 222, an operation schedule, and a key management center 240.
The metadata list 25 is based on the content key Kk obtained by transferring the ID and the distribution position information of the content and the like input from the transmission system 227 on the transmission path.
0, EPG metadata 251, key distribution metadata 25
3. It has a function of generating storage / playback metadata 252, outputting a metadata list to the transmission system 227, and outputting other metadata to the metadata encryption device 226. The distribution position information on the transmission path of the content or the like input from the transmission system is transmitted to the transmission system 22.
If it is possible for the device on the 7 side to specify the module that is the distribution position, it may not be necessary.

(Content Encryption Apparatus) FIG. 21 is an explanatory diagram of the content encryption apparatus. The content encryption device 225 in this system will be described with reference to FIG. The content encryption device 225 is an ID (content ID) input from the program management server 237 based on a content group and an ID (content ID) group input from the program management server 237 in the program configuration management system 222.
Is notified to the key management center 240, and the corresponding content key is
It has a function of receiving Kk, encrypting each element in the corresponding content with the content key Kk according to the content encryption method described above, and outputting the generated encrypted content to the transmission system 227.

(Metadata Encryption Apparatus) FIG. 22 is an explanatory diagram of a metadata encryption apparatus. Next, the metadata encryption device 226 will be described with reference to FIG. The metadata encryption device 226 includes EPG metadata 251, storage / playback metadata 252, key distribution metadata 253 input from the metadata generation device 223, and a prior contract input from the customer management center 260. Metadata 259
Is encrypted with the encryption key information input from the key management center 240, and the generated encrypted metadata is output to the transmission system 227.

The encryption method of each metadata will be described below. For the EPG metadata 251, necessary parts are encrypted by a system key Ksy 264 common to all receiving terminals obtained by passing the system ID stored in the EPG metadata 251 to the key management center 240. Is As for the storage / playback metadata 252, a unique content key Kk3 for each content obtained by passing the content ID stored in the storage / playback metadata 252 to the key management center 240.
3 encrypts necessary parts. For the key distribution metadata 253, the ID stored in the metadata is encrypted as follows. That is, in the case of the key distribution metadata 257 for the free content, a necessary part is encrypted with the system key Ksy 264 obtained by transferring the system ID to the key management center 240. Further, in the case of the key distribution metadata 258 for the pay content, the company ID is encrypted for each necessary part by the company key Kw44. The pre-contract metadata 259 is encrypted at a necessary portion by a terminal key Kmc43 obtained by passing the terminal ID stored in the pre-contract metadata 259 to the key management center 240.

Thus, for the sending system 227, the generated metadata for encrypted EPG 254, the metadata for encrypted storage / reproduction 255, the metadata for encryption key distribution (free) 261 and the data for encryption key distribution Metadata (paid) 26
2. The encrypted pre-contract metadata 263 is output.

(Sending System) FIG. 23 shows a configuration diagram of the inside of the sending system. Hereinafter, the transmission system 227 in the comprehensive data distribution service will be described with reference to FIG. The transmission system 227 includes data such as PSI / SI, encrypted content, and metadata input from the PSI / SI generation device 224, the content encryption device 225, the metadata encryption device 226, and the metadata generation device 223. , A system for assembling data that can be distributed to the receiving terminal 3. The transmission system 227 includes a carousel generation device 239, a packetizer 241, a multiplexer (MUX).
242, and a commissioned broadcasting facility 243. The carousel generation device 239 includes data-based encrypted content input from the content encryption device 225, encrypted metadata input from the metadata encryption device, and metadata input from the metadata generation device. MPEG from list
In order to generate a data carousel in the 2-system, each data is modularized, converted into DII and DDB, and output to the packetizer 241. Packetizer 24
1 is MPEG2-Vi input from the content encryption device
Video-based encrypted contents such as deo PES and MPEG2-Audio PES, and data such as DII and DDB input from the carousel generation device are divided into TSP format data and multiplexed (MUX) 24
2 is provided. Multiplexer (MUX) 2
Reference numeral 42 has a function of multiplexing a TSP input from the PSI / SI generation device 224 and the packetizer 241 according to conditions such as a transmission rate to generate a TS and outputting the TS to the commissioned broadcast facility 243. The commissioned broadcasting equipment 243 is a multiplexing device (MU
X) has a function of further multiplexing a plurality of TSs input from the 242, forming a data form that can be distributed to the receiving terminal 3, and performing distribution from the transmitting antenna. The above is the configuration in the distribution center 220, the function of each component device, and the data generation flow in this comprehensive data distribution service.

(2) Key Management Center Configuration FIG. 24 shows a configuration diagram of the key management center. Next, the key management center 240 will be described with reference to FIG. The key management center 240 is a system that generates an encryption key for each ID registered by the distribution center 220 and the customer management center 260 and transfers the encryption key in response to a request for an encryption key from each center. The key management center 240
4. A key management server 245 is provided.

(Key Generation Apparatus) FIG. 25 is an explanatory diagram of the key generation apparatus. Next, the key generation device 244 in the key management center 240 will be described with reference to FIG. The key generation device 244 generates a content key Kk33 that is an encryption key of a content corresponding to each ID from a plurality of content IDs 246 input from the metadata generation device 223 in the distribution center 220, and generates the generated content key Kk33. To the key management server 245 together with the content ID 246. Further, as for the system key Ksy 264, the company key Kw44, the terminal key Kmc43, and the personal key Km265, the system ID 247, the company ID 248, the terminal ID 249,
It is generated by directly specifying the ID 270 and output to the key management server 245 together with each ID.

(Key Management Server) FIG. 26 is an explanatory diagram of the key management server. Next, the key management server 245 will be described with reference to FIG.
6 will be described. The key management server 245 manages the key and ID generated by the key generation device 244, and stores the content encryption device 225, the metadata encryption device 226, the metadata generation device 223, and the customer management center 260 in the distribution center 220. It has a function of passing an encryption key corresponding to a request for an encryption key from the customer information management server 267 in the server. For example, when a content ID is passed as a request for an encryption key from the content encryption device 225 in the distribution center 220, the content key Kk which is an encryption key corresponding to the content ID is transferred.

(3) Configuration of Customer Management Center FIG. 27 shows a configuration diagram of the customer management center. Next, a customer management center in the comprehensive data distribution service system will be described with reference to FIG. Customer management center 26
0 means that customer information is generated based on the user registration information from the user 106, an IC card and pre-contract metadata are generated based on information such as an encryption key passed from the key management center 240, and the IC card is This is a system that distributes the metadata to the distribution center 220 and distributes the pre-contract metadata to the distribution center 220. The customer management center 200 includes a customer information generation system 266 and a customer information management system 271.

(Customer Information Generation System) FIG. 28 shows a configuration diagram of the customer information generation system. Customer management center 2
60 for the customer information generation system 266 in FIG.
8 will be described. The customer information generation system 266 is a system that generates customer information from information on which the user 106 has performed user registration such as a pre-contract or the like attached by postcard or telephone attached when purchasing the terminal, and outputs the information to the customer information management system 271. Yes, a user I / F 268 and a customer information generation device 269 are provided. The user I / F 268 has a function of receiving user registration information from a user by postcard, telephone, or the like, and digitizing the registered information. The customer information generation device 269 is a user I / F 268
It has a function of editing the user registration information digitized by the above into customer information in a data format recognizable by the customer information management system 271 and outputting it to the customer information management system 271.

(Customer Information Management System) FIG. 29 shows the configuration of the customer information management system. The customer information management system 271 requests a personal ID 270, a personal key 265, and the like from the key management server 245 in the key management center based on the customer information input by the customer information generation system 266,
This system uses the received personal ID 270, personal key 265, and the like to generate pre-contract metadata 40, IC card 15, and the like. The customer information management system 271 includes a customer information management server 267, an IC card generation device 272, and a pre-contract metadata generation device 273.

The customer information management server 267 manages the customer information generated by the customer information generation system 266 and receives information such as the personal key Km 265 and the business operator key Kw with which the user makes a contract from the key management server 245. And generates the user information 150 for output to the key management server 245. The user information 150 is, for example, information indicating how many users use the receiving terminal on the receiving side assigned a certain terminal ID, and which broadcaster the user using the terminal contracts with. It is. This user information 1
50, the key management server 245 manages the personal ID 2
70 / personal key Km 265 is secured for the number of users stored in the user information, the terminal key Kmc 43 corresponding to the terminal ID 249 also stored in the user information, and the company corresponding to the company ID to which each user contracts. The key Kw can be transferred to the customer information management server 267. The customer information management server 267 receives the personal ID 270, the personal key Km265, the terminal ID 249, the terminal key Kmc43, and the company I
D. By adding the company key Kw to the customer information, the terminal used by the user, personal information of the user himself, contract information, etc. can be grasped, and customer management becomes possible. The IC card generation device 272 stores the personal ID 27 in a predetermined area in the empty IC card based on the customer information in the customer information management server 267.
0, personal key Kmc 265, terminal ID 249, personal contract information such as each user's name, telephone number, date of birth, etc. are stored and distributed to each user 106. The pre-contract metadata generation device 273 is, like the IC card generation device 272, the ID of the business contracted to each user, the business key Kw, and the contract code indicating the contract form based on the customer information in the customer information management server 267. And the personal ID 270 assigned to each user,
The pre-contract metadata storing the ID 249 of the receiving terminal used by each user is generated and transferred to the metadata encryption device 226 in the distribution center. The above is the configuration of the transmission side system and the data flow between the devices.

(Information Generated and Delivered on the Sending Side) Next, metadata generated on the sending side and delivered to the receiving terminal will be described. As a description method of metadata in the present comprehensive data distribution service, description in a text format such as XML in FIG. 6 described above and description in a binary format such as PSI / SI are possible. However, the parts that need to be encrypted are described in binary format, especially for the purpose of improving the description interpretation processing in the receiving terminal. Operation by text description is also possible. The description contents and configuration of each metadata will be described.

(Pre-Contract Metadata) FIG. 30 shows the structure of the pre-contract metadata and information to be stored. First, the pre-contract metadata will be described with reference to FIG. As described above, the pre-contract metadata 263 includes the contents such as the business key Kw of the pay broadcast business and the contract code corresponding to the contract form, and is mainly used as a determination material when performing limited reception. This is data that is distributed at the time of terminal purchase, contract renewal, update of the operator key Kw, and the like. User identification information 275 for identifying whether the receiving terminal, such as a terminal ID or personal ID, is data sent to the user who uses the terminal, and an ID indicating the encryption method, encryption part, and encryption key of the metadata (terminal ID), encryption information 276 relating to encryption applied to metadata, user's own personal information 277 such as user's name, telephone number, address, settlement ability, settlement destination, password, etc. And contract information such as contractor ID, business key Kw, contract expiration date, contract code, and contract point.
The encrypted portion corresponds to personal information 277 in which information such as the settlement destination of each user is stored, and contract information 278 in which information such as a business key Kw is stored, and is based on a terminal-specific key Kmc43 used by the user. It is encrypted on the sending side and distributed to the receiving terminal. As for the encryption key used for encryption, a private key Km can be used depending on the operation. Also,
Depending on the operation, it is possible to store metadata attribute information to be described later in addition to the above information in the metadata for pre-contract.

(EPG Metadata) FIG. 31 is a diagram showing the structure of EPG metadata and information to be stored. Next, the EPG metadata 254 will be described with reference to FIG. The EPG metadata 254 is mainly used by the user to confirm the content to be distributed, to view /
This is metadata for making storage reservations, and the distribution of EPG metadata overlaps with the distribution of storage / playback metadata and key distribution metadata. Metadata attribute information 279 such as data type and metadata size, encryption information 276 relating to the encryption part of the metadata as well as the pre-contract metadata, program ID, scheduled broadcast date and time, program contents,
Program information 280 on the program such as genre, content configuration, program size, etc., and content information 281 such as content ID, content content, element configuration, etc.
And usage restriction information 282 such as age restriction, copy restriction, and storage restriction, which are restriction information on the user who uses the content and the content itself. The encrypted part corresponds to use restriction information 282 such as copy restriction, and is encrypted and distributed on the transmission side by a system key Ksy 264 common to all receiving terminals in order to allow all users to use metadata. The content information 281 can be distributed without being stored depending on the operation level of the EPG in the comprehensive data distribution service. Similarly, the operation may be performed without storing the usage restriction information, and the EPG metadata may be distributed without being encrypted.

(Storage / Reproduction Metadata) FIG. 32 is an explanatory diagram of the structure of storage / reproduction metadata and information to be stored. Next, the storage / reproduction metadata 255 will be described with reference to FIG. Storage / playback metadata 2
Reference numeral 55 denotes metadata including information necessary for content reception, storage, and reproduction, which is used when searching for stored content and used to control a user's content usage method. The storage / playback metadata is EPG
Attribute information 279 for identifying the metadata itself, the encryption information 276, the program information 280, the content information 281, the usage restriction information 282, and the storage / reproduction The content encryption information such as the content encryption method and the encryption key ID, the contract information 284 such as the contract type and the contractable period of use for viewing the content, and the contract fee, the charging timing, etc. It includes billing information 285 and the like. For the encrypted part, use restriction information 282, content encryption information 283 including information such as a content encryption method and an encryption key ID, contract information 284 including information such as a use restriction period, a charge at the time of charging, timing And the like, which is encrypted and distributed on the transmission side by the same content key Kk33 as the key used to encrypt the content. As for the content information 281 in the storage / reproduction metadata, information such as the distribution position of the content is added to the content information stored in the EPG metadata.

(Key Distribution Metadata) FIG. 33 is an explanatory diagram of the structure of key distribution metadata and information stored therein. Next, the key distribution metadata 256 will be described with reference to FIG. The key distribution metadata 256 is metadata for distributing information related to the encryption key of the content. In the case where the content is a pay broadcast, limited reception is performed so that only users who have contracted with the broadcasting company can receive the content. Information is included. The key distribution metadata 256 is
It includes metadata attribute information 279 for distinguishing from other metadata, encryption information 276 related to encryption of metadata itself, content key information 286 such as a content ID and a content encryption key Kk, and the like. With respect to the encrypted portion, content key information such as the content key Kk is encrypted on the sending side and distributed. As for the encryption key, the key distribution metadata 256 is metadata for the pay content, and when performing limited reception in which only the user who has contracted with the provider can receive, a unique provider key Kw44 is used for each provider. In the case of metadata for free content that can be viewed by users other than the contractor, a system key Ksy264 common to all receiving terminals is used. Information such as a company ID and a target contract code for realizing conditional access is stored in the content key information, encrypted, and distributed.

(Metadata List) FIG. 34 is an explanatory diagram of the structure of the metadata list and the information stored.
Next, the metadata list 250 will be described with reference to FIG. The metadata list is the EP in the distribution stream
This is metadata for acquiring the distribution position of G metadata, storage / playback metadata, etc., has information that complements the PSI, and has the EPG in the distribution stream compared to the EPG metadata stored in the receiving terminal. Information for storing difference metadata when the metadata for use is updated. The metadata list 250 includes metadata list attribute information 2 such as a version for identifying information update on the receiving terminal side.
87, metadata ID corresponding to the content ID, and EPG
And metadata for identifying storage / playback metadata, a version of metadata for identifying update of EPG metadata, and list information 288 such as position information on a distribution stream. Since the metadata list itself is information for acquiring the metadata from the distribution stream, it does not require any particular protection and is distributed without encryption. As a method for acquiring the metadata list, the metadata list is acquired by designating the distribution stream in the PMT in the PSI table.

(System Key Update Metadata) FIG. 35
FIG. 4 shows an explanatory diagram of the configuration of the system key updating metadata and information to be stored. Next, system key update metadata will be described with reference to FIG. The system key update metadata 289 is the system key Ksy stored in the receiving terminal and common to all receiving terminals.
Metadata to update to 3. The system key update metadata 289 includes metadata attribute information 279 for distinguishing it from other metadata, encryption information 276 relating to encryption of the metadata itself, a system ID corresponding to a system key to be updated, System key information 290 including information such as the changed system ID, system key, and update timing is included.

The encrypted part corresponds to system key information 290 including information such as an updated system key and a change timing. The encryption key is a system key registered in advance in the receiving terminal as a spare system key. Use Ksy2. The system key Ksy is a generic term for the entire system key, and usually one is valid. However, when there is damage such as a hack, a spare system key Ksy2 is used. For this purpose, the receiver usually contains two system keys Ksy1 and Ksy2.
In order to specifically explain the process of updating the system key Ksy,
Two system keys Key1 and Key2, which are the actual configuration of the system key Key in the receiver, will be described. Key1 and Key2 are built in the receiver, and when these keys are updated or changed, the system key transmitting side transmits another system key Key3 from the satellite, and the receiving terminal uses the system key Ksy1. It will be changed to Key3. From this, the system key is stored in the actual receiver.
There will be two keys, Key2 and Ksy3. Further, the system key Key2 is actually a valid key. The above is the metadata distributed from the transmitting side in the present comprehensive data distribution service.

5. Receiving System Next, a receiving terminal that is a receiving system that executes the above-described service flow will be described. (Reception Terminal Configuration) FIG. 36 shows a configuration diagram in the reception terminal. Next, the receiving terminal 3 on the receiving side in the present comprehensive data distribution service will be described with reference to FIG. The receiving terminal 3 receives information such as the contents 17, PSI / SI 19, and metadata 18 via the satellite 2 via the antenna 2, outputs the information to the monitor device such as the TV 9, and outputs the information after being stored in the storage medium 4 so as to be output to the user. Enable viewing. In the future, the receiving terminal 3 may be built in a monitor device such as the TV 9, but here, as an example, the receiving terminal 3 will be described as a separate device. A major feature of the receiving terminal 3 for the comprehensive data distribution service is that the receiving terminal 3 has a storage medium 4 for storing information such as the content 17 and the metadata 18 and also decrypts and receives encrypted and distributed data. Important data generated in the terminal is encrypted, copyright protection and other rights, authentication and accounting processes, RMP16 functions related to control, personal authentication of the user using this receiving terminal, and user It has an IC card 15 which is a personal authentication device for performing group authentication of a family or the like to which the user belongs. This RMP1
The six functions include an RMP controller 306 that interprets the contents of metadata and controls processing related to rights protection, a metadata decryption function 307 that decrypts encrypted metadata,
A content decryption function 308 for decrypting the encrypted content, a key management table 311 for managing keys used in the receiving terminal, a profile 310 for setting an environment of a user who uses the receiving terminal, A metadata encryption function 309 for encrypting data that needs to be protected, such as information for permitting viewing of content generated from metadata or the like, is included. The storage medium 4 is a large-capacity storage medium fixed to the receiving terminal in which information such as the reservation information 313 generated in the receiving terminal and the search / EPG table 312 are stored in addition to the content 17 and the metadata 18 described above. And a removable medium such as a removable DVD-RAM or a memory card for storing information such as necessary content and metadata. The IC card 15 stores the personal ID 270, the personal key 265, and the personal contract information 27 described above.
In addition to 4, permission information 314 and the like, which serve as a judgment material for permitting viewing of the content generated in the receiving terminal, are stored. The RMP 16 has a configuration in which security is secured as a security measure against pirates, decryption, and the like, but a configuration in which the module can be replaced due to a decrease in security strength or the like is also conceivable.

Next, RMP1 which is a characteristic function of the receiving terminal.
6, the storage medium 4, and the IC card 15 will be described. (RMP) The RMP16 function in this comprehensive data distribution service includes an RMP controller 306 that interprets the contents of metadata and controls processing related to rights protection, a metadata decryption function 307 that decrypts encrypted metadata, Content decryption function 308 for decrypting encrypted content, key management table 311 for managing keys used in the receiving terminal, profile 310 for setting the environment of the user using the receiving terminal, meta in the receiving terminal It includes a metadata encryption function 309 for encrypting data that needs to be protected, such as information permitting viewing of content generated from data and the like.

FIG. 52 shows main control processing performed by the RMP controller 306. The main functions of the RMP controller 306 include, for example, reception control,
Storage control, copy control, presentation control, viewing contract control, charging control, personal authentication control, key management, profile management, time management, application authentication control, external device authentication control,
There are external device authentication control and communication line control.

(Metadata Decoding) FIG. 37 is an explanatory diagram of the metadata decoding function. Next, metadata decoding will be described with reference to FIG. When the decryption request is issued from the RMP controller 306, the metadata decryption function 307 reads the RMP controller 306 from the key management table 311.
Is a function of decrypting the encrypted metadata and the like using the encryption key passed through the. RMP controller 3
06, when it is determined that the metadata needs to be decrypted at the time of receiving / accumulating the content, at the time of a content viewing contract, etc., first, the encrypted metadata in the storage medium or the encrypted metadata in the IC card are encrypted. Copy personal contract information, etc.
The encryption key ID in the above-described encryption information stored in the unencrypted portion of each data is read, and the encryption key ID is transferred to the key management table 311. The key management table 311 identifies the corresponding encryption key from the received encryption key ID, and transfers the encryption key to the RMP controller 306. The RMP controller 306 passes the encryption key and the metadata passed from the key management table to the metadata decryption function 307, and requests decryption. The metadata decryption function 307 extracts an encrypted portion of the received metadata, decrypts the extracted encrypted portion with the encryption key also passed from the RMP controller 306, and extracts a predetermined portion of the metadata of the unencrypted portion. , And transferred to the RMP controller 306 as decrypted metadata. However, since the data format of the decrypted data may be different from that of the non-encrypted part depending on the operation as described above, in such a case, an operation of performing subsequent processing without storing the data may be performed. The above is the decoding processing of the metadata decoding function 307. The metadata decoded by the metadata decoding function 307 is EPG metadata 2
54, storage / playback metadata 255, key distribution metadata (free) 261, key distribution metadata (paid) 26
2. In addition to the metadata of the pre-contract metadata 263 and the metadata of the system key update 289, there are personal contract information 274 and permission information 314 stored in the IC card. As for the personal contract information 274 and the license information 314, which are information in the IC card, the encryption key is not stored in the key table. Therefore, the personal key Km 265 in the IC card is obtained from the RMP controller 306 and decrypted.

(Content Decoding) FIG. 38 is an explanatory diagram of the content decoding function. Figure 3 about content decryption
8 will be described. The content decryption function 308 is
A function of decrypting each element in the content 17 using a content key which is an encryption key of the content received from the key management table 311 via the RMP controller 306 in response to a decryption request from the RMP controller 306,
This processing is mainly performed at the time of content reproduction.

(Profile) FIG. 39 shows a configuration diagram of a profile. Next, the profile will be described with reference to FIG. The profile 310 is the personal contract information 2 generated in the RMP from the pre-contract metadata 263.
74, which is data that needs to be protected.
It is stored in a secure storage area (secure memory) 317 inside P, and is used at the time of content viewing / storage reservation, determination of limited reception, and the like. Profile 3
Reference numeral 10 includes an overall profile 315 storing contract information and the like for the entire terminal user, and a personal profile 316 storing contract information for each user.

(Key Management Table) FIG. 40 shows the configuration of the key management table. The key management table will be described with reference to FIG. The key management table 311 is a table that stores an ID and a key, which are information for transferring a key corresponding to the ID specified by the RMP controller 306, and is composed of key data that needs to be protected. Are stored in a storage area (secure memory) 317 within the RMP in which security is secured, like the profile.

(Metadata Encryption) FIG. 41 is an explanatory diagram of the metadata encryption function. Fig. 4 About metadata encryption
1 will be described. What is the metadata encryption function 309?
When the RMP 16 stores the personal contract information 274 generated from the metadata for the pre-contract and the license information 314 of the content generated from the metadata for storage / reproduction on the IC card 15, each information is stored in the individual in the IC card 15. This is a function of encrypting using the key Km265.

(Storage Medium) FIG. 42 is an explanatory diagram of the storage state of information stored in the storage medium. Next, the receiving terminal 3
The storage state of data stored in the storage medium 4 will be described with reference to FIG. The data stored in the storage medium 4 includes a metadata list 250, EPG metadata 254, a search / EPG table 312, and reservation information 31.
3, storage / playback metadata 255, content 17,
In addition, there are OS of the receiving terminal, software such as applications, and the like. Since the storage medium 4 itself does not have a security-protected structure in this example, data that needs to be protected in data stored in the storage medium is stored in an encrypted state. A metadata list 250 for receiving the EPG metadata 254, the storage / playback metadata 255, and the like, and the EPG display and search processing of the receiving terminal generated from the EPG metadata 254 and the storage / playback metadata 255 The search / EPG table 312 for performing the search and the reservation information 313 for the content viewing / storage reservation generated from the EPG metadata 254 are data that do not need to be protected in particular, so that the storage medium is not encrypted. Is stored in However, if protection is required in operation, encryption is performed using a terminal key Kmc or the like that exists in the terminal in advance. EPG metadata 2 storing content usage restriction information, etc.
54, storage / playback metadata 255, content 17
Is stored in an encrypted state on the sending side, and when each data is required for processing, a copy is generated, and the decryption and use of the copy eliminates the need for re-encryption processing in the receiving terminal Becomes

(IC Card) FIG. 43 is an explanatory diagram of the configuration inside the IC card. The configuration in the IC card 15 used in the comprehensive data distribution service will be described with reference to FIG. The IC card 15 includes a storage area (secure memory) 317 where security is secured and a normal storage area (normal memory) 318. Normal storage area 31
8 stores data that does not need to be protected or data that needs to be protected but is protected by encryption, while the storage area 317 is protected.
Is information that needs to be protected, but cannot be stored in an encrypted state in the IC card. Information stored in the security-protected storage area 317 includes a personal ID 27 assigned to each user.
0 and a corresponding private key Km265 as the corresponding encryption key. On the other hand, the data stored in the normal storage area 318 is the personal contract information 274 encrypted on the RMP 16 side.
The license information 314 corresponds to this. When the personal ID 270 and the personal key 265 stored in the secure storage area 317 are transferred to the RMP 16, the data is transferred using the transmission line that is similarly protected. The transmission path with security is realized by using a public key method or the like.

(Information Generated on Receiving Terminal) Next, a description will be given of a process of generating each information generated in the receiving terminal in the comprehensive data distribution service.

(Profile Generation) FIG. 44 is an explanatory diagram of profile generation processing. First, a profile generated from the pre-contract metadata will be described with reference to FIG. The profile 310 is information generated inside the RMP based on the pre-contract metadata 262.
The profile 310 is generated by first decoding the pre-contract metadata 263 received from the sending side by the meta data decoding function, and then, by the RMP controller 306, the terminal ID in the user identification information 275 of the pre-contract metadata 263, The personal ID is used to determine whether the contract information is for the entire terminal or contract information for each user. Only the necessary information is extracted from the personal information 277 and the contract information 278 decrypted by the metadata decryption function, and Generate.
Further, by storing the personal contract information 274 in each of the overall profile 315 and the personal profile 316 in the security area 317 identified by the user identification information 275, the profile 310 is stored.
Is generated.

(Key Management Table) FIG. 45 is an explanatory diagram of a key management table generation process. Next, a process at the time of generating the key management table will be described with reference to FIG. The key management table 311 includes an ID and key information stored in advance when the user purchases the receiving terminal, and an ID and key information generated when the user receives the service. The information stored in advance includes a terminal ID 249, a terminal key Kmc43, a system ID 247, and a system key Ksy264. The system key Ksy is a general term for system keys such as system keys Ksy1 to Ksy3. In this example, there are two types of system ID and key: an ID used for operation and key information Ksy1, and a spare ID and key information Ksy2 used when updating the system key. The part generated or updated on the receiving side corresponds to the system ID 247, the system key Ksy 264, the provider ID 248, the provider key Kw44, the content ID 246, and the content key Kk33 at the time of updating the system key. The generated ID and key information are the system key update metadata 289 and the pre-contract metadata 26 received by the receiving terminal.
3. Since it is stored in the encrypted part in the key distribution metadata 256, after being decrypted by the metadata decryption in the RMP 16, it is extracted from each metadata by the RMP controller and stored in the storage area 317 where security is secured. By doing so, a key management table 311 is generated.

(Search / EPG Table) FIG.
FIG. 4 shows an explanatory diagram of a table generation process. The search / EPG table will be described with reference to FIG. Search / EPG table 3
12, a copy is created inside the RMP from the received EPG metadata 254 and the storage / playback metadata 255, and after each metadata is decoded by the metadata decoding function, the RMP
This is generated by extracting necessary items by the controller and storing them in a predetermined position in the storage medium 4. The search / EPG table 312 is a set of simple information of EPG metadata 254 and storage / playback metadata 255 that exist in a plurality of storage media. In addition, since the search / EPG table 312 is information stored in the storage medium without encryption, it can be directly accessed from the search application and the EPG application on the receiving terminal, thereby improving the searching speed of the receiving terminal and the EPG display speed. Becomes possible.

(Reservation Information) FIG. 47 is an explanatory diagram of the reservation information generation processing. Next, the reservation information will be described with reference to FIG. The reservation information 313 is information generated from the EPG metadata 254 and the profile 310 inside the RMP 16 in response to a user's viewing / storage request, and is information that is stored in the storage medium 4 without being encrypted. When a viewing / storing request is issued from the user, the RMP controller 306
A copy of the EPG metadata 254 for the content to be viewed is generated in the RMP, and the copied EPG
Metadata is decrypted by the metadata decryption function. The RMP controller 306 determines whether the content itself can be reserved based on the decrypted use restriction information of the EPG metadata and the personal contract information of the user who made the reservation request in the profile, and determines whether the user's contract form is the requested content. Then, it is determined whether or not a reservation is possible. Thereafter, it is determined whether or not there is a registered reservation based on the other reservation information 313 in the storage medium 4 and whether or not a reservation can be made in a schedule. Here, if a reservation is possible, the RMP controller 306 determines the personal ID of the user who made the reservation and the EPG metadata 2 from the personal contract information.
From 54, the type of reservation is extracted from the user's request, such as the content ID, the content size, the scheduled broadcast date and time, and the reservation information 313 is generated and stored at a predetermined position in the storage medium 4 to make a reservation. In a case where the automatic accumulation using the user's preference is performed, the reservation information is generated similarly.

(Individual Contract Information in IC Card) FIG.
FIG. 4 shows an explanatory diagram of processing for generating personal contract information. Next, an encryption process when the personal contract information in the profile is stored in the IC card will be described with reference to FIG. The personal contract information in the IC card 15 is basically obtained by encrypting the personal contract information 274 stored in a profile on a storage area in the RMP 16 where security is secured.
When the RMP controller 306 recognizes that the IC card 15 has been inserted, the RMP controller 306 reads the personal ID 270 on the security area in the IC card 15 through a secure transmission path, and identifies the corresponding personal contract information in the profile. Next, the RMP controller 306 controls the IC card 1
If the personal contract information exists in 5, it is read and decrypted by the metadata decryption function, and the version number stored in the non-encrypted part of each personal contract information is confirmed. If it is new, the personal contract information encrypted on the IC card side is copied into the RMP, and the personal contract information is decrypted by metadata using the personal key Km 265 acquired from the IC card 15 through a secure transmission path. Decrypt and update the personal contract information in the corresponding profile. Conversely, when the version of the personal contract information 274 on the profile side is newer, the RMP controller 306 uses the personal key Km 265 acquired from the IC card 15 through a secure transmission path, and uses the metadata encryption function 309 to perform the personal contract. After the necessary part of the information is encrypted, the personal contract information is updated by storing it at a predetermined position in the IC card 15.

(License Information) FIG. 49 is a diagram illustrating a process of generating license information. Next, the permission information will be described with reference to FIG. The permission information 314 is right information for viewing the content, and is generated from the copy of the personal contract information 274 in the IC card 15 and the storage / reproduction metadata 255 in the storage medium 4 in the RMP 16. . When a user's viewing request for content occurs, the RMP controller 306 generates a copy of the storage / playback metadata 255 for the corresponding content inside the RPM 16 and decodes the copied storage / playback metadata 255 by the metadata decoding function. I do. After decrypting the storage / playback metadata, the RMP controller 306 obtains the encrypted personal contract information 274 from the IC card 15 and the personal key Km 265 through the secure transmission path,
The personal contract information 274 is decoded by decoding the metadata.
After decrypting the personal contract information, the RMP controller 306
Determines whether the content is viewable by the user based on the usage restriction information in the storage / reproduction metadata 255 and the personal contract information, and determines the contract information in the storage / reproduction metadata according to the viewing contract type selected by the user. Then, necessary items are extracted from the billing information, etc., and the license information 314 is generated. The license information 314 is encrypted by the metadata encryption function 309 using the personal key Km obtained from the IC card 15, and then encrypted at a predetermined position in the IC card. Stored permission information. Also, in the case of performing processing such as automatic storage reservation according to the user's preference in the receiving terminal, change of screen display, etc., the user's preference is determined by counting information such as genre in the permission information, Processing becomes possible. The above is the processing for information generated in the receiving terminal in the comprehensive data distribution service. The comprehensive data distribution service uses the metadata distributed from the sending side and the metadata distributed in the receiving terminal, which is the receiving side, to generate and use each piece of information. Enables the protection of business and user rights.

[0083]

As described above, according to the present invention, it is possible to provide a data delivery service method for adding a control information capable of protecting content in a storage-type broadcast.

[Brief description of the drawings]

FIG. 1 is a configuration diagram of a receiving side of a comprehensive data distribution service.

FIG. 2 is an overall system configuration diagram of a comprehensive data distribution service.

FIG. 3 is an explanatory diagram of a right protection method in an integrated data distribution service.

FIG. 4 is an explanatory diagram of an encryption method comparison between a comprehensive data distribution service and an existing service.

FIG. 5 is an explanatory diagram of a content encryption method.

FIG. 6 is an explanatory diagram of a metadata encryption method.

FIG. 7 is an explanatory diagram of a conditional access system in the comprehensive data distribution service.

FIG. 8 is an explanatory diagram of a billing method based on a prior contract.

FIG. 9 is an explanatory diagram of a charging method for a viewing contract that does not require an uplink.

FIG. 10 is an explanatory diagram of an online charging system using an uplink.

FIG. 11 is an explanatory diagram of a service flow in the comprehensive data distribution service.

FIG. 12 is an explanatory diagram of a service flow in a prior contract.

FIG. 13 is an explanatory diagram of a service flow on the transmission side.

FIG. 14 is an explanatory diagram of a service flow on the receiving side.

FIG. 15 is a configuration diagram of the entire transmission side system.

FIG. 16 is a configuration diagram in a distribution center.

FIG. 17 is a configuration diagram in the authoring system.

FIG. 18 is a configuration diagram in a program configuration management system.

FIG. 19 is an explanatory diagram of a PSI / SI generation device.

FIG. 20 is an explanatory diagram of a metadata generation device.

FIG. 21 is an explanatory diagram of a content encryption device.

FIG. 22 is an explanatory diagram of a metadata encryption device.

FIG. 23 is a configuration diagram in a transmission system.

FIG. 24 is a configuration diagram in a key management center.

FIG. 25 is an explanatory diagram of a key generation device.

FIG. 26 is an explanatory diagram of a key management server.

FIG. 27 is a configuration diagram in a customer management center.

FIG. 28 is a configuration diagram in a customer information generation system.

FIG. 29 is a configuration diagram in a customer information management system.

FIG. 30 is an explanatory diagram of the configuration of pre-contract metadata and information stored therein.

FIG. 31 is an explanatory diagram of the structure of EPG metadata and stored information.

FIG. 32 is an explanatory diagram of the configuration of storage / reproduction metadata and information stored.

FIG. 33 is an explanatory diagram of a configuration of key distribution metadata and information stored.

FIG. 34 is an explanatory diagram of a configuration of a metadata list and information stored.

FIG. 35 is an explanatory diagram of a configuration of system key updating metadata and information stored therein.

FIG. 36 is a configuration diagram in a receiving terminal.

FIG. 37 is an explanatory diagram of a metadata decoding function.

FIG. 38 is an explanatory diagram of a content decryption function.

FIG. 39 is a configuration diagram of a profile.

FIG. 40 is a configuration diagram of a key management table.

FIG. 41 is an explanatory diagram of a metadata encryption function.

FIG. 42 is an explanatory diagram of a storage state of information stored in a storage medium.

FIG. 43 is an explanatory diagram of a configuration inside an IC card.

FIG. 44 is an explanatory diagram of a profile generation process.

FIG. 45 is an explanatory diagram of a key management table generation process.

FIG. 46 is an explanatory diagram of a search / EPG table generation process.

FIG. 47 is an explanatory diagram of processing for generating reservation information.

FIG. 48 is an explanatory diagram of processing for generating personal contract information.

FIG. 49 is an explanatory diagram of generation processing of permission information.

FIG. 50 is an explanatory diagram of data constituting video-based and data-based content.

FIG. 51 is an explanatory diagram of contents, an encryption key used for encrypting each of the above-described metadata, and an encryption key in the comprehensive data distribution service.

FIG. 52 is an explanatory diagram of main control processing performed by the RMP controller 306.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Content, 2 ... Antenna, 3 ... Receiving terminal, 4 ... Storage medium, 5 ... Removable media, 6 ... Real-time type viewing, 7 ... Real-time type + storage type viewing, 8 ... Storage type viewing, 9 ... TV, 10 ... Satellite, 11 ground line, 12 distribution network, 13 mobile phone network, 14 external equipment, 15 IC card, 16 RMP, 17 encrypted content, 18 encrypted metadata, 19 PSI / SI , 20: Content generation, 21: TSP conversion, 22: Payload, 23: Part of content, 24: Encryption of payload part, 25: Content encryption, 26: Part of encrypted content, 27 ...
Video contents, 28 ... Data contents, 29 ...
MPEG2-Video (PES), 30 ... MPEG2-AAC (PES), 31 ... Encrypted MPEG2-Video (PES), 32 ... Encrypted MPEG2-AAC (PE
S), 33 ... Kk1, 34 ... Kk2, 35 ... Encryption required part, 3
6: Encrypted data capacity, 37: Encrypted data, 38: Unencrypted metadata, 39: Contract request, 40: Pre-contract metadata, 41: Key distribution metadata, 42: Storage /
Metadata for playback, 43: Terminal key Kmc, 44: Business key K
w, 45: distribution for each user, 46: content request,
47 ... User registration, 48 ... Designated account, 49 ... Point request, 50 ... Charging information, 51 ... PPV registration, 100 ... Sending side, 101 ... Sending side flow, 102 ... Content generation,
103: metadata generation, 104: encryption / distribution, 10
5: prior contract flow, 106: user, 107: customer management, 150: user information, 200: receiving side, 201
... Home, 202 ... Vending machine, 203 ... Shop, 204
... onboard terminal, 205 ... portable terminal, 206 ... portable telephone, 2
08: programming, 209: content encryption, 210 ...
PSI / SI generation, 211: Metadata encryption, 212: Distribution formatting, 213: Distribution management center, 214: Ground line management center, 220: Distribution center, 221: Authoring system, 222: Program configuration management system, 2
23 ... Metadata generation device, 224 ... PSI / SI generation device,
225: Content encryption device, 226: Metadata encryption device, 227: Transmission system, 228: Video authoring system, 229: Audio authoring tool
230 data authoring tool, 231 content construction device, 232 content management server, 233
Related files, 234: material, 235: program construction device,
236: Program operation schedule generation device, 237: Program management server, 238: Operation schedule, 239: Carousel generation device, 240: Key management center, 241: Packetizer, 242: MUX, 243: Contract broadcasting equipment, 244
... key generation device, 245 ... key management server, 246 ... content ID, 247 ... system ID, 248 ... operator ID, 24
9: terminal ID, 250: metadata list, 251: EPG
Metadata for storage, 252 ... metadata for storage / playback, 25
3: Metadata for key distribution, 254: Metadata for encrypted EPG, 255: Metadata for encrypted storage / playback, 256
... Metadata for encryption key distribution, 257 ... Metadata for key distribution (free), 258 ... Metadata for key distribution (paid),
259: Pre-contract metadata, 260: Customer management center, 261: Encryption key distribution metadata (free), 26
2 ... Encryption key distribution metadata (paid), 263 ... Encryption prior contract metadata, 264 ... System key Ksy, 2
65: Private key Km, 266: Customer information generation system, 26
7: customer information management server, 268: user I / F, 26
9 Customer information generation device, 270 Personal ID, 271 Customer information management system, 272 IC card generation device, 273
... Metadata generating device for prior contract, 274 ... Personal contract information, 275 ... User identification information, 276 ... Encryption information,
277 personal information, 278 contract information, 279 metadata information, 280 program information, 281 content information, 282 usage restriction information, 283 content encryption information, 284 contract information, 285 charging information, 286
... Content key information, 287 ... Metadata list attribute information, 288 ... List information, 289 ... System key update metadata, 290 ... System key information, 300 ... Home service, 301 ... Vending machine / store service,
302: Service for mobile object, 303: Package delivery service, 304: Service for mobile phone, 306
... RMP controller, 307 ... Metadata decoding, 308
... Content decryption, 309 ... Metadata encryption, 310 ...
Profile, 311 ... Key management table, 312 ... Search
/ EPG table, 313: reservation information, 314: permission information,
315: Overall profile, 316: Personal profile, 317: Secure memory, 318: Normal memory, 3
31: receiving side flow, 332: reservation, 333: content reception / storage, 334: viewing contract, 335: reproduction

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (reference) H04N 5/76 H04N 7/173 640A 5/91 H04L 9/00 601B 7/167 H04N 7/167 Z 7/173 640 5 / 91 P (72) Inventor Iori Yamazaki 4-6 Kanda Surugadai, Chiyoda-ku, Tokyo F-term (reference) 5C052 AB02 CC01 DD04 DD06 5C053 FA20 FA28 GB05 JA21 LA11 LA15 5C064 BB01 BB02 BC04 BC17 BC22 BC23 BC25 BD08 BD09 5J104 EA10 EA17 NA02 PA05 PA11

Claims (17)

[Claims] In a data distribution service method for distributing content using a communication line such as a satellite or a terrestrial line or a media medium such as a removable medium, the transmitting device encrypts the content after generating the content, Encrypted content is divided into blocks, each element of the encrypted content is divided into blocks in the payload part of the distribution stream, stored in a distribution data format, the content is distributed, the content presentation method, usage conditions, and content Generating and distributing metadata storing information related to the content including the encryption key of the above, the receiving terminal assembles the content without decrypting the payload portion when assembling the content, Stores metadata and uses the content Data distribution service method to perform charging control, rights protection for the content by the decision. 2. The data distribution service method according to claim 1, wherein the content is encrypted by encrypting the entire data of each element constituting the content, and the metadata is encrypted only in a predetermined necessary portion. A data distribution service method characterized by performing. 3. A data distribution service method for distributing contents using a communication line such as a satellite or a terrestrial line or a media medium such as a removable medium.
Notifying the sending device of a contract request including an ID, an individual ID, a channel or a program or content to be contracted, and the sending device generates metadata for pre-contract from the notified contract request, The ID is unencrypted and the contract information including the paying carrier ID, the unique company key Kw for each company, and the contract code including the contract code is encrypted with the unique terminal key Kmc for each receiving terminal, and distributed to the receiving terminal. Step, the receiving terminal determines whether or not the information is directed to the user using the terminal, based on the terminal ID and the personal ID stored in the non-encrypted portion of the metadata for the pre-contract, and is determined to be the intended user. The terminal key stored in the receiving terminal in advance.
Decrypts the pre-contract metadata with Kmc and provides the operator key Kw
Receiving the contract information including the step of: receiving a request for the content broadcasted by the contracted carrier based on the obtained contract information; and Includes the provider ID as unencrypted, the necessary part including the encryption key Kk of the content required when viewing the content is key distribution metadata encrypted with the provider key Kw, and the position of the content distribution device A step of distributing storage / reproduction metadata in which a necessary portion including the usage restriction information for the included content is encrypted with the content key Kk, and a receiving terminal that distributes the key distribution meta data synchronized with the encrypted content. Receives the data, determines whether the broadcast is performed by the contracted carrier based on the paid carrier ID stored in the non-encrypted part, and checks the broadcasted content by the contracted carrier. If it is determined that the metadata is key distribution metadata, the encrypted part is decrypted with the business key Kw distributed by the preliminary contract metadata, and is distributed by the decrypted target contract code and the preliminary contract metadata. The content code Kk is stored in the receiving terminal if the content can be used within the user's contract form based on the contract code.If the content is available, the encrypted part of the storage / playback metadata received at the same time is used as the content key. Decrypting with Kk, checking the usage restriction information for the content, and if the user can use the content, receiving the encrypted content based on the information on the distribution location of the encrypted content stored in the storage / playback metadata And a data distribution service method including: 4. A data distribution service method according to claim 1, wherein the user is provided with various content-based, channel-based, program-based, or file-based services on a personal computer. The sending device specifies a unit indicating the physical quantity of the content, and distributes the specified physical quantity by including the specified physical quantity in the metadata.
A data distribution service method characterized in that a receiving terminal can provide a service in units of specified contents. 5. The data distribution service method according to claim 1, wherein the metadata includes information including a title or content of the content, a method of presenting the content to the viewer defined on the transmitting side, and usage conditions, The sending device prevents the metadata itself from being tampered with,
After encrypting the necessary parts to maintain confidentiality and distributing, the receiving terminal stores the metadata in the encrypted state and controls the receiving terminal with an encryption key to protect the rights when using it. Characteristic data distribution service method. 6. The data distribution service method according to claim 1, wherein the pre-contract metadata is a business key K of a pay broadcast business.
w, including the contents of the contract code corresponding to the contract type, is metadata that is distributed when purchasing a terminal, renewing a contract, or renewing the operator key Kw. The metadata for storage / playback is content reception, storage,
Metadata including information necessary for playback. Key distribution metadata is metadata for distributing information related to the content encryption key. Metadata list obtains the distribution position of each metadata in the distribution stream. The metadata for updating the system key is metadata for updating the system key Ksy common to all the receiving terminals. The transmitting device determines the purpose of use on the receiving terminal, The metadata is divided into pre-contract metadata, EPG metadata, storage / playback metadata, key distribution metadata, system key update metadata, and metadata list according to the distribution timing and description contents of A data delivery service method characterized by delivering. 7. The data distribution service method according to claim 6, wherein the pre-contract metadata individually distributed to the user stores contract information of each user, and is shared by all users. Key distribution metadata and storage / playback metadata for each content to be distributed store necessary contract information, usage conditions, etc., and the user's individual contract information distributed by the pre-contract metadata and other A system for performing limited reception on a content-by-content basis for each user by judging a user's use of the content by comparing it with contract information included in metadata. 8. The data distribution service method according to claim 6, wherein the pre-contract metadata stores contract information for each user and information requiring rights protection including a business key Kw for each business, A data distribution service method, wherein the transmitting device encrypts the information with a terminal key Kmc or a personal key Km for each terminal owned by each user to protect the information and distribute the information. 9. The data distribution service method according to claim 6, wherein the EPG metadata confirms or reserves the content to be distributed, and stores information that requires rights protection including usage restriction information. The transmitting device encrypts this information with a common key Ksy at all receiving terminals, and distributes the information to all users without discrimination between users while maintaining the confidentiality of necessary information in metadata. Data distribution service method to be. 10. The data distribution service method according to claim 6, wherein key distribution metadata storing information including an encryption key for the content, and storage / reproduction metadata storing information including content copy control information. The sending device encrypts and distributes the key distribution metadata with the business key Kw and the storage / playback metadata with the content key Kk for each content, and makes a contract with the business. A data distribution service method characterized by realizing protection of content rights by enabling only a user who has received a user key to obtain a content key Kk. 11. The data distribution service method according to claim 6, wherein the key distribution metadata is for distributing information relating to an encryption key of the content. The information is encrypted with a company key Kw unique to each company, and in the case of metadata for free content that can be viewed by users other than the contractor, a system key Ks common to all receiving terminals
Encrypt with y. 12. The data distribution service method according to claim 6, wherein the system key updating metadata is for updating information common to the entire system including a system key common to all receiving terminals in the system. Information is stored metadata, and the transmitting apparatus encrypts a portion requiring protection including a new system key Ksy3 using a spare system key Ksy2 prepared in advance in all receiving terminals in common. A data distribution service method characterized in that distribution can be performed while maintaining confidentiality of a necessary portion in metadata without discrimination between users. 13. The data distribution service method according to claim 6, wherein the metadata list stores a distribution position of each of the metadata lists being distributed on a transmission path, and the receiving terminal uses the metadata list to store the metadata. A data distribution service method characterized by acquiring data. 14. The data distribution service method according to claim 6, wherein the metadata list is updated by storing information for identifying an update of EPG metadata, storage / playback metadata, and the like. 3. The data distribution service method according to claim 1, wherein the data distribution service is capable of performing only reception. 15. The data delivery service method according to claim 1, wherein the encrypted metadata is embedded again in the unencrypted metadata and delivered, or delivered as a separate file. To be delivered by 16. The data delivery service method according to claim 1 or 3, wherein the sending side device determines whether a user who has purchased the receiving terminal has a terminal ID,
Generates and manages customer information based on information including personal ID, business operator who wants to contract, and the number of points for using content,
The information on the number of points to be licensed is stored in the pre-contract metadata and distributed to the receiving terminal of the contract user, and the transmitting device synchronizes the content when distributing it and stores the content in the storage / playback metadata to be distributed. Stores and distributes information on the number of points required for use, and the receiving terminal stores the information in the storage / playback metadata from the number of points distributed by the pre-contract metadata when using the content. Subtract the required number of points
A data distribution service method characterized by viewing content within the range of the number of points distributed in the metadata for pre-contract by reproducing the content. 17. The data delivery service method according to claim 1 or 3, wherein the sending device determines whether a user who has purchased the receiving terminal has a terminal ID,
Generates and manages customer information based on information including personal ID, business operator who wants to contract, and the number of points for using content,
As the online pay-per-view permission, the information of the transmission destination at the time of transmitting the billing information is stored in the metadata for pre-contract, distributed to the receiving terminal of the contract user, and the transmitting side device synchronizes when distributing the content and stores it for distribution. The receiving terminal that stores and distributes the information that is the basis for generating the charging information when using the content in the metadata for reproduction / reproduction uses the charging information stored in the storage / reproduction metadata when using the content. Add information including the ID of the user to the information to be generated,
A data distribution service method, wherein the data is transmitted to a destination specified by the metadata for a prior contract using a ground line.