JP2015073266A - Transmitter, receiver and conditional access system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a conditional access system which can protect an IP layer and an MMT layer when an IP-packetized content is distributed by using MMT.SOLUTION: In a conditional access system S, a transmitter 1 scrambles data of an IP layer or an MMT layer by a scramble system determined by a condition and adds scramble information to headers of the individual layers. A receiver 3 analyzes the headers of the individual layers to detect presence or absence of scramble and the scramble system, and performs descramble.

Description

  The present invention relates to a transmission apparatus, a reception apparatus, and a conditional access system for performing limited reception in a broadcast system using MMT (MPEG Media Transport).

  In current digital broadcasting, MPEG2-TS (MPEG-2 Transport Stream) is adopted as a media transport system that is a system for transmitting multimedia contents. This MPEG2-TS can encrypt the payload portion of the TS packet in order to protect the content safely (see Non-Patent Document 1).

  On the other hand, an MMT (MPEG Media Transport) / TLV (Type Length Value) method has been proposed as a new media transport method for advanced hybrid services of broadcasting and communication (see Non-Patent Document 2). This MMT is a method based on the premise of media transmission under various network environments, and is currently being standardized by ISO / IEC (International Organization for Standardization / International Electrotechnical Commission) (see Non-Patent Document 3). ).

  In order to construct a broadcasting system using MMT, video, audio, data, subtitles, and the like related to a broadcast program are placed on an MMTP (MMT Protocol) payload to form an MMTP packet. In order to realize high consistency with communication, this MMT has been proposed to be transmitted in IP packets (MMT over IP). As a result, it is possible to easily realize an advanced service combining contents from a plurality of transmission paths such as broadcast waves and communication lines.

On the other hand, data irrelevant to the broadcast program, files necessary for engineering services such as firmware update of the receiving device, and the like are transmitted by using a data transmission method on IP (see Non-Patent Document 4). High compatibility can be realized.
IPsec (see Non-Patent Document 5), which is a protocol having an encryption function and an authentication function, is widely used as a method for safely protecting data on IP in the network layer.

"Access control method standard for digital broadcasting (ARIB STD-B25)", 6.2 edition, Radio Industry Association of Japan, revised on September 25, 2012 Shuichi Aoki, “Media Transport Technology for Next Generation Broadcasting System”, NHK R & D, Japan Broadcasting Corporation, Broadcasting Technology Laboratory, No. 140, July 2013, p. 22-31 "Information Technology-High efficiency coding and media delivery in heterogeneous environment-Part1: MPEG media transport (MMT)", ISO / IEC DIS 23008-1, April.2013 "Downloading method for digital broadcasting (ARIB STD-B45)", 2.2 edition, Radio Industry Association, revised on July 3, 2012 "Security Architecture for the Internet Protocol", IETF RFC4301, Dec.2005

Conventionally, even though there is a method for protecting data transmitted in network layer IP packets, various components (main video, main audio, sub audio, subtitles, etc.) transmitted in MMTP packets in the MMT layer However, there is no method of protecting in component units, that is, in service units.
In this way, when only the IP packet of the network layer is to be protected, data can be protected but cannot be protected in component (equivalent to MMT asset) units, that is, in service units. There is a problem that it is not possible to provide a flexible charging function in units of (assets).
Further, in the conventional broadcasting system, since the scramble method (encryption method) at the time of scrambling is only MULTI2, a mechanism for selecting a plurality of scramble methods from the viewpoint of data protection has been desired.

  The present invention has been made in view of such problems. When a broadcast system is constructed using MMT, not only data protection in the network layer but also fine service protection in the MMT layer is realized. It is an object of the present invention to provide a transmission device, a reception device, and a conditional access system capable of selecting a scramble method.

In order to solve the above-described problems, the transmitting device and the receiving device that constitute the conditional access system of the present invention are configured as follows.
That is, the transmitting device is an MMT package table generating unit, a conditional access table generating unit, an MMTP packet configuring unit, an IP packet configuring unit, and a scramble unit in a transmitting device that transmits contents in IP packets using MMT. And a header setting means.

  In such a configuration, the transmitting apparatus uses the MMT package table generating means to create an MMT package table (MPT) which is table information designating position information specifying the location of common key information common to the receiving apparatus in which the scramble key is encrypted with the work key. ) Is generated. Further, the transmitting device uses table information specifying position information specifying the location of individual key information obtained by encrypting the work key with an individual encryption key for each management unit of the receiving device determined in advance by the limited reception table generating unit. A certain limited reception table (CAT) is generated.

Further, the transmission apparatus configures the content as an MMTP packet of the MMT layer by the MMTP packet configuration unit.
As a result, the content is encapsulated and transmitted as an MMTP packet.

Further, the transmission apparatus adds the headers of the transport layer and the network layer to the MMTP packet by the IP packet configuration unit, and configures it as an IP layer IP packet.
As a result, the MMTP packet is encapsulated as an IP packet.

In addition, the transmission apparatus uses the scramble means to determine the payload area of the IP packet or the payload area of the MMTP packet (more specifically, based on a policy indicating a predetermined scramble target and a scramble system or a control signal input from the outside. Scrambles the data portion of the area with the scramble key.
As a result, the scramble means can scramble two different layers of the IP layer and the MMT layer.

Further, the transmission apparatus sets scramble control information indicating the presence / absence of scramble in the header part of the scramble target layer by the header setting means.
Then, the transmitting apparatus embeds a scramble system identification indicating the scramble system in the header part of the scramble target layer by the header setting means, or a layer identification and scramble system indicating the scramble target layer by the MMT package table generation means The process of embedding control information including the scramble system identification indicating Ms in the MMT package table or the process of embedding control information including the scramble target layer identification and the scramble system identification in the limited reception table by the limited reception table generating means.
As a result, the transmission apparatus can notify the reception apparatus of which layer data is scrambled in the IP layer or the MMT layer.

  In addition, in the receiving device that receives the content that is IP packetized using the MMT, the receiving device includes an MMT package table processing unit, a limited reception table processing unit, a key information processing unit, a descrambling unit, and an IP packet. The configuration includes filtering means and MMTP packet filtering means.

In such a configuration, the receiving apparatus receives the MMT package table by the MMT package table processing means, and extracts the position information of the common key information. Further, the receiving device uses table information specifying position information for specifying the location of individual key information obtained by encrypting a work key with an individual encryption key for each management unit of the receiving device determined in advance by the limited reception table processing means. A certain limited reception table is received, and the position information of the individual key information is extracted.
Then, the receiving device extracts the scramble key from the common key information and the individual key information acquired based on the extracted position information by the key information processing means. That is, the key information processing means extracts the scramble key by decrypting the individual key information with the encryption key unique to the receiving device and extracting the work key, and decrypting the common key information with the work key.

Then, when the IP layer is scrambled by the IP packet filtering means, the receiving apparatus designates the scramble method, descrambles the payload area of the IP packet by the descramble means, and converts the IP packet to the MMTP packet. To extract.
In addition, when the MMT layer is scrambled by the MMTP packet filtering means, the receiving apparatus designates the scramble method and deciphers the payload area of the MMTP packet (more specifically, the data portion of the area). The contents are descrambled by the scramble means and the contents are extracted from the MMTP packet.

  At this time, the IP packet filtering means, when the conditional access table or the MMT package table includes control information including a layer identification indicating that the scramble target is an IP layer and a scramble system identification indicating the scramble system, or When the scramble control information and the scramble method identification indicating that the header (ESP header) immediately before the payload of the IP packet is scrambled are set, the scramble that identifies the payload area of the IP packet by the scramble method identification It is determined that it is scrambled by the method.

Further, the MMTP packet filtering means includes, when the conditional access table or the MMT package table includes control information including a layer identification indicating that the scramble target is an MMT layer and a scramble system identification indicating a scramble system, or When the scramble control information and the scramble method identification indicating that it is scrambled are set in the header of the MMTP packet, the payload area of the MMTP packet (more specifically, the data portion of the area) is identified by the scramble system identification. It is determined that it is scrambled by the specified scramble method.
As a result, the receiving apparatus can correctly recognize the scrambled IP layer or MMT layer and descramble the data of each layer using the designated scramble method.

The present invention has the following excellent effects.
According to the present invention, an MMT that constitutes a service (program) can be protected in a broadcasting system that uses MMT as a media transport system and transmits content regardless of a transmission path (broadcast / communication).
Further, according to the present invention, it is possible to scramble the data of two different layers of the IP layer and the MMT layer according to the scramble target.
As a result, the present invention can realize fine service protection in units of components, such as making it possible to charge only sub-audio transmitted by broadcasting, and data not related to programs. Data protection can also be realized.
Further, according to the present invention, since the scrambling method for scrambling can be selected by the policy, the data can be protected with a suitable scrambling method according to the type of data to be transmitted in advance and the security requirements. .

It is a system configuration figure showing the composition of the conditional access system concerning a 1st embodiment of the present invention. It is a reference structure figure for demonstrating the reference relationship of the package in MMT. It is explanatory drawing for demonstrating the relationship between an asset and MPU. It is a packet block diagram for demonstrating the structure of the IP packet using MMT. It is a block block diagram which shows the structure of the transmitter which concerns on 1st Embodiment of this invention. It is a figure which shows the content of the policy memorize | stored in the policy memory | storage means of FIG. It is a figure explaining the data embedded in the encryption range (scramble range) and header in the transmitter which concerns on 1st Embodiment of this invention, Comprising: (a) makes an IP layer scramble object, (b) is MMT. It is a figure which shows the case where a layer is made into the scramble object. FIG. 6 is a data structure diagram showing the structure of an MPT generated by the MPT generating means in FIG. 5, where (a) shows an example of specifying a conditional access method in units of assets, and (b) shows an example of specifying a conditional access method in units of programs. It is. It is a data structure figure which shows the structure of CAT which the CAT production | generation means of FIG. 5 produces | generates. It is a block block diagram which shows the structure of the key information generation means of FIG. It is a data structure figure which shows the structure of ECM which the ECM production | generation means of FIG. 10 produces | generates. It is a data structure figure which shows the structure of EMM which the EMM production | generation means of FIG. 10 produces | generates. It is a block block diagram which shows the structure of the receiver which concerns on 1st Embodiment of this invention. It is a block block diagram which shows the structure of the key information processing means of FIG. It is a flowchart which shows operation | movement of the transmitter which concerns on 1st Embodiment of this invention. It is a flowchart which shows operation | movement of the receiver which concerns on 1st Embodiment of this invention. FIG. 6 is a data structure diagram illustrating the structure of an MPT generated by the MPT generating unit in FIG. 5 in a modification of the first embodiment of the present invention, in which (a) is an example of designating a conditional access method in units of assets; ) Is an example in which the limited reception method is specified in units of programs. FIG. 6 is a data structure diagram showing a structure of a CAT generated by the CAT generation unit of FIG. 5 in a modification of the first embodiment of the present invention. It is explanatory drawing for demonstrating the CBC mode of encryption utilization mode. It is explanatory drawing for demonstrating the CFB mode of encryption utilization mode. It is explanatory drawing for demonstrating OFB mode of encryption utilization mode. It is explanatory drawing for demonstrating CTR of encryption utilization mode. It is a block block diagram which shows the structure of the transmitter which concerns on 2nd Embodiment of this invention. It is a figure explaining the data embedded in the encryption range (scramble range) and header in the transmitter which concerns on 2nd Embodiment of this invention, Comprising: (a) makes an IP layer scramble object, (b) is MMT. It is a figure which shows the case where a layer is made into the scramble object. It is a block block diagram which shows the structure of the receiver which concerns on 2nd Embodiment of this invention. FIG. 24 is a data structure diagram showing a structure of a scramble method descriptor set in each table by the MPT generation unit and the CAT generation unit of FIG. 23, wherein (a) shows an example of specifying initial value identification and scramble method identification; (b) FIG. 10 is a diagram illustrating an example of specifying initial value identification. It is a block block diagram which shows the structure of the transmitter which concerns on 3rd Embodiment of this invention. It is a figure which shows the content of the policy memorize | stored in the policy memory | storage means of FIG. It is a figure explaining the data embedded in the authentication range and header in the transmission apparatus which concerns on 3rd Embodiment of this invention, Comprising: (a) makes an IP layer an authentication object, (b) makes an MMT layer an authentication object. (C) is a figure which shows the case where IP layer and MMT layer are made into the authentication object. It is a block block diagram which shows the structure of the key information generation means of FIG. It is a block block diagram which shows the structure of the receiver which concerns on 3rd Embodiment of this invention. FIG. 28 is a data structure diagram showing a structure of a scramble method descriptor set in each table by the MPT generation unit and the CAT generation unit of FIG. 27, where (a) designates a message authentication method and a scramble method (encryption method). (B) is a figure which shows the case where a message authentication system is designated, (c) is a figure which shows the case where a message authentication system, a scrambling system (encryption system), and an initial value are designated. FIG. 28 is a data structure diagram illustrating a structure of a message authentication scheme descriptor set in each table by the MPT generation unit and the CAT generation unit of FIG. 27.

Embodiments of the present invention will be described below with reference to the drawings.
≪Overview of conditional access system≫
First, the outline of the conditional access system according to the first embodiment of the present invention will be described with reference to FIG.

The conditional access system (broadcast system) S uses MMT (MPEG Media Transport) as a media transport system, converts the contents into IP packets, and transmits them via a broadcast wave W or a communication line N.
The conditional access system S protects data and services (programs) by scrambling the two different layers of the network layer (IP layer) and the media transport layer (MMT layer), and performs conditional access. Is realized.
The limited reception system S includes a digital broadcast transmission device 1 (or a transmission device 1 that provides a communication network service) owned by a broadcaster, and digital broadcast reception devices 3, 3,... It consists of.

  The transmission device 1 converts video, audio, data, and other contents into MMTP packets, and then converts them into IP packets (MMT over IP), and scrambles the network layer and media transport layer as necessary. And transmitted via the broadcast wave W or the communication line N. Note that the transmission device 1 also performs IP packet TLV conversion when transmitting via the broadcast wave W.

  The receiving device 3 receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is.

(Outline of MMT)
Before describing the configurations of the transmission device 1 and the reception device 3, with reference to FIGS. 2 to 4, various data necessary for limited reception using the MMT in the limited reception system S will be described. The outline will be explained.
When a broadcasting system is constructed using MMT, as shown in FIG. 2, ECM, EMM, which is related information of a key for scrambling the contents, by PLT, MPT, and CAT, which are table information referring to various information, Is referred to.

  PLT (Package List Table) is table information describing packages (programs) constituting a service transmitted by an IP packet in an MPT list format. For example, it is possible to construct a multi organization by including a plurality of MPTs in a PLT. This PLT specifies an MPT by specifying an arrangement location (position information) for specifying the location of the MPT as information for specifying the MPT.

MPT (MMT Package Table) is table information in which information for identifying assets constituting one package (program) is described in a list format.
Here, an asset is a component unit having the same transmission characteristic information. The same transmission feature information is the same information indicating the transmission characteristics of the asset, and indicates the same presentation target, presentation timing, and the like. For example, asset A1 can be a unit of main audio received by broadcasting, and asset A2 can be a unit of sub audio received by communication.
By setting such a unit, the asset can be a unit that can control service protection. For example, only the asset A2 is charged, or the security requirement of the asset A3 is higher than that of the asset A1, and the encryption method is changed.

In this way, a plurality of data (MPU: Media Processing Unit) such as single media data (data specifying presentation time) such as video and audio, and files (data that does not require specification of presentation time) are stored in the same A unit managed by ID (asset ID) is an asset.
That is, an asset is a unit indicating data in which one or more MPUs are linked by the same asset ID (Aid1, Aid2, Aid3) as shown in FIG.

Further, as shown in FIG. 2, the MPT has a description in which an arrangement location of common key information (ECM: Entitlement Control Message) common to the receiving apparatuses 3, 3,... Is specified as key information for limited reception. A child access control descriptor (or conditional access method descriptor) is set. MPT designates one ECM (E0) for one package (program) specified by the MPT, and designates ECM (E2, E3) for each asset constituting the program. is there.
The specific structure of MPT and ECM will be described later.

The CAT (Conditional Access Table) is an access control description that is a descriptor that specifies an arrangement location of individual key information (EMM: Entitlement Management Message) for each receiving device 3 as key information for performing limited reception. This is table information describing a child (or conditional access system descriptor).
The specific structure of the CAT and EMM will be described later.

Next, referring to FIG. 4, a packet configuration when content is IP packetized using MMT will be described.
As shown in FIG. 4, in the MMT packet (MMTP packet), CAT, MPT, ECM, EMM, etc. are arranged as a control message or MPU is arranged in the MMTP payload. The MPU has an MFU (Media Fragment Unit) arranged in the MPU payload. This MFU is data obtained by fragmenting the MPU, and is media data (access unit, NAL [Network Abstraction Layer] unit, file) below the access unit that is the minimum unit of video and audio encoding and decoding. It is.

The MMTP packet is further configured as an IP packet by adding a TCP / UDP (Transmission Control Protocol / User Datagram Protocol) header as a transport layer and an IP header as a network layer.
In addition, when an IP packet is transmitted via a broadcast wave, a TLV header is further added.
As described above, in MMT, a program and information related thereto are put on an MMTP payload and converted into an MMTP packet, and then converted into an IP packet, thereby realizing high consistency with communication.
Hereinafter, each structure and operation | movement of the transmitter 1 and the receiver 3 which comprise the conditional access system S which concern on embodiment of this invention are demonstrated sequentially.

<Configuration of transmitter>
First, the configuration of the transmission apparatus 1 according to the first embodiment of the present invention will be described with reference to FIG. 5 (refer to FIG. 1 as appropriate).
The transmission device 1 performs processing to appropriately scramble the MMT layer and the IP layer when the content is converted into an MMTP packet and then transmitted as an IP packet.

  Here, the transmission apparatus 1 includes an encoding unit 10, an MPU generation unit 11, a control message generation unit 12, an MMTP packet configuration unit 13, an IP packet configuration unit 14, a policy storage unit 15, and a scramble unit 16. , A packet reconfiguration unit 17, a data transmission unit 18, a PLT generation unit 19, an MPT generation unit 20, a CAT generation unit 21, and a key information generation unit 22.

The encoding means 10 encodes (encodes) content (baseband signals such as video and audio). The encoding means 10 is, for example, H.264, which is one of the video compression standards, for video. It encodes with H.265 (HEVC: High Efficiency Video Coding). In addition, the encoding unit 10 encodes audio by, for example, MPEG4 AAC (Advanced Audio Coding).
The encoding unit 10 outputs the encoded data to the MPU generation unit 11 as media data below an access unit such as a NAL unit, for example.

  The MPU generation means 11 is a media processing unit that is a data processing unit in the MMT for media data encoded by the encoding means 10 and data (file) used in data broadcasting separately input (not shown) from the outside. (MPU).

As shown in FIG. 4, the MPU generation unit 11 subdivides (fragments) the data, and includes a header including sequence numbers (data order) in media data and files below the access unit such as a NAL unit. Is added to configure a media fragment unit (MFU). Further, the MPU generating unit 11 generates an MPU by adding a header including at least an asset identifier (asset ID) for identifying the MPU and a sequence number (the order of the MPUs in the asset) to the MFU. . As a result, the MPU is uniquely identified.
Note that the MPU generation unit 11 generates an MPU for each predetermined asset unit, for example, a single medium such as video, audio, or data.
The MPU generation unit 11 outputs the generated MPU to the MMTP packet configuration unit 13.

The control message generation unit 12 generates a control message including control information for notifying the reception device 3. Here, the control message generator 12 is generated by a PLT (package list table) generated by a PLT generator 19 described later, an MPT (MMT package table) generated by an MPT generator 20, and a CAT generator 21. A CAT (restricted reception table), an ECM (common key information) generated by the key information generation means 22 and an EMM (individual key information), etc. are input to identify PLT, MPT, CAT, ECM, EMM, etc. The control message including the identification information (table ID) is generated.
In this control message, for example, one table information or key information may be set, a plurality of table information may be set collectively, or a plurality of key information may be set collectively.
The control message generation unit 12 outputs the generated control message to the MMTP packet configuration unit 13. Note that the control message generation unit 12 may output the generated control message to the IP packet configuration unit 14.

The MMTP packet configuring unit 13 encapsulates the MPU generated by the MPU generating unit 11 and the control message generated by the control message generating unit 12 into an MMTP packet.
The MMTP packet composing means 13 composes the payload of the MMTP packet by dividing or concatenating the inputted MPU and control message. Then, the MMTP packet configuring unit 13 sets at least a packet ID (a different value for each asset and control message) and a payload type indicating the content type of the payload in the header of the MMTP packet. This payload type is, for example, identification information indicating whether an MPU is set or a control message is set.
The MMTP packet configuring unit 13 outputs the generated MMTP packet to the IP packet configuring unit 14.

The IP packet configuration unit 14 adds the headers of the transport layer and the network layer to the MMTP packet generated by the MMTP packet configuration unit 13 and configures it as an IP packet. When the control message is input from the control message generation unit 12, the IP packet configuration unit 14 converts the control message into an IP packet.
Specifically, the IP packet composing means 14 composes a transport layer protocol TCP or UDP payload with an MMTP packet, adds a TCP / UDP header, and further specifies a destination, a source address, and the like. An IP packet is generated by adding the included IP header.

In addition, the IP packet configuring unit 14 does not show data irrelevant to the program, files necessary for engineering services such as firmware update of the receiving device 3, etc. from the outside without going through the MMTP packet configuring unit 13. Enter directly by the method.
That is, the IP packet configuring unit 14 can not only encapsulate the MMTP packet but also configure data other than the MMTP packet by the IP packet.
It should be noted that the IP packet composing means 14 is a network layer such as transport layer header information such as whether to add a TCP header or a UDP header as a transport layer header, and destination information set in an IP packet. The header information is appropriately set from the outside or inside based on the setting information stored therein corresponding to the content input to the transmission device 1 or the like.
The IP packet construction unit 14 outputs the generated IP packet to the scramble unit 16.

The policy storage means 15 stores conditions (policy) for scrambling two different layers, that is, a network layer (IP layer) and a media transport layer (MMT layer). This policy storage means 15 can be constituted by a general storage medium such as a semiconductor memory, for example.
The policy stored in the policy storage unit 15 is referred to by the scramble unit 16, and the scramble target is determined.

Here, an example of the policy stored in the policy storage unit 15 will be described with reference to FIG.
In FIG. 6, the conditions (policy) for performing the scramble are “IP Ver”, “transmission destination address”, “transmission source address”, “transmission destination port”, “transmission source port”, “transport layer protocol”. , “Scramble target”, “MMT scramble condition”, and “scramble method (encryption method)” are set in a plurality.

“IP Ver” indicates the version of the IP protocol. For example, the types of IPv4 and IPv6 are shown.
“Destination address” and “Source address” indicate the IP address of the transmission destination that transmits the IP packet and the IP address of the transmission source that transmits the IP packet, respectively.
“Transmission destination port” and “transmission source port” indicate a transmission destination and a transmission source port number determined in advance for each type of TCP or UDP.
“Transport layer protocol” indicates the protocol type of the transport layer. For example, the type of TCP or UDP is shown.

  “Scramble target” indicates an area to be scrambled on an IP packet. Here, as a scramble target, whether to scramble at the network layer level (IP) or scramble at the media transport layer level (MMT) is shown.

  The “MMT scramble condition” indicates a detailed condition of which asset is scrambled when the scramble target is the media transport layer. That is, if this “MMT scramble condition” is set, the MMT becomes a scramble target in units of assets.

  The “scramble method” indicates an encryption method when performing scramble. For example, the type of scramble method (encryption method) to be used, such as encryption with AES (Advanced Encryption Standard) encryption with a key length of 256 bits and an operation mode of CBC (Cipher Block Chaining) (AES-256_CBC) Set.

For example, in FIG. 6, among IP packets transmitted by IPv4, a UDP IP packet transmitted by “3300” as a transmission destination port and “3000” as a transmission source port is scrambled with IP layer data. Is meant to do.
Also, for example, among IP packets transmitted by IPv4, UDP is transmitted with a transmission destination address of “239.192.0.1”, a transmission source port of “100”, and a transmission destination port of “100”. This means that MPUs with asset identifiers “00000001” and “00000011” are to be scrambled in the MMT layer.
Returning to FIG. 5, the description of the configuration of the transmission device 1 will be continued.

The scramble unit 16 refers to the policy stored in the policy storage unit 15 with respect to the IP packet generated by the IP packet configuration unit 14, determines the scramble target, and scrambles the target It is.
The scramble means 16 refers to the policy shown in FIG. 6 and identifies the scramble target according to the contents of the IP header, transport protocol header, and MMTP header included in the IP packet.
Then, the scramble means 16 applies the policy shown in FIG. 6 to the network layer payload area or the media transport layer payload area (more specifically, the data portion of the area) as a scramble target. The scramble key Ks generated by the key information generation means 22 is scrambled by the described scramble method (encryption method).
In this case, the scramble means 16 refers to the policy stored in the policy storage means 15, but the scramble target and the scramble method are separately input from the control signal as information set externally. Also good.

The packet reconstructing means (header setting means) 17 reconstructs an IP packet by adding information on the scrambling performed by the scramble means 16 to the header part of the scrambled layer.
When the scramble target is IP, the packet reconstructing means 17 expands an ESP (Encapsulated Security Payload) header used in general IPsec (Security Architecture for IP) and relates to scramble. Set various information.

Specifically, as shown in FIG. 7A, the packet reconstructing unit 17 inserts an ESP header between the IP header and the TCP / UDP header, and scramble control information, scramble ( Embed encryption) scheme identification.
“Scramble control information (scramble control bit)” indicates whether or not the IP is a scramble target, and further, a key used for scramble, such as an odd key (even key) or even key (even key) Indicates information that can uniquely identify the information.
“Scramble system identification (encryption system identification)” indicates information for identifying a scramble system when scrambling an IP.

In addition, when the scramble target is MMT, the packet reconfiguration unit 17 sets various information related to scramble in the header of the MMTP packet (MMTP header).
Specifically, as shown in FIG. 7B, the packet reconfiguration unit 17 embeds scramble control information and scramble method identification in the MMTP header.
Note that these embedded data are the same as the data described with reference to FIG. 7A, and only the scramble target is different.
The packet reconstruction unit 17 outputs the IP packet obtained by reconstructing the packet to the data transmission unit 18.

  The scramble control information and the scramble method identification may be embedded as individual information, respectively. When controlling together, the presence / absence of scramble, key information used for scramble, and the combination of scramble methods are linked to a unique identifier. It is also possible to manage the information and embed it as one piece of control information indicating the scrambled content using the identifier.

The data transmitting unit 18 transmits an IP packet to the receiving device 3. Here, the data transmission unit 18 transmits the IP packet reconstructed with the information embedded in the header by the packet reconstruction unit 17 to the reception device 3.
Here, the data transmission unit 18 includes a broadcast transmission unit 180 and a communication transmission unit 181.

  The broadcast transmission means 180 transmits an IP packet as broadcast data via the broadcast wave W. For example, the broadcast transmission means 180 encapsulates the IP packet with TLV (Type Length Value), MPEG2-TS, etc., modulates it, and outputs it as broadcast data. The medium for transmitting the broadcast wave W may be wired or wireless.

The communication transmission means 181 transmits an IP packet as communication data via the communication line N. For example, the communication transmission unit 181 transmits via a network interface such as Ethernet (registered trademark).
The data transmission means 18 is appropriately set from the outside as to whether the IP packet is transmitted by a broadcast wave or a communication line.

The PLT generation means (package list generation means) 19 generates a package list table (PLT) in which information for specifying the MPT is described in a list format.
The PLT generation means 19 describes location information indicating the MPT placement location as table information.
Note that the PLT generation unit 19 appropriately inputs various information to be set in the PLT from the outside.

The MPT generating means (MMT package table generating means) 20 generates an MMT package table (MPT) in which information for specifying elements (assets) constituting a package (program) is described in a list format.
The MPT generation means 20 describes what assets the program is composed of (location information indicating asset acquisition destinations) as table information.
Further, when the MPT generation means 20 performs limited reception of the program, the access control descriptor (or limited reception method descriptor) including an arrangement location (location information) for specifying the location of the key information (ECM) common to the receiving device. Is further described as table information.

Here, an example of the structure of the MPT generated by the MPT generating means 20 will be described with reference to FIG. FIG. 8A shows an example of MPT that designates a conditional access method in units of assets, and FIG. 8B shows an example of MPT that designates a conditional access method in units of programs.
As shown in FIG. 8A, the MPT generation unit 20 sets table identification indicating a unique value for identifying table information, version, data length, and various types of information according to the number of assets (N). Then, MPT is generated. Specifically, asset identification, asset location information, and an access control descriptor are set in the MPT for each asset.

“Asset identification” is a unique ID (asset ID) for individually identifying assets.
The “asset location information” is information indicating the location of the asset, and may be information including an acquisition destination address and a port, for example, according to the type (IPv4, IPv6, URL, etc.). It may be information indicating the previous packet ID.
The “access control descriptor” is a descriptor in which information specifying the conditional access method is set, and includes conditional access method identification, ECM location information, and the like.
Here, the “restricted reception system identification” refers to, for example, a plurality of conditional access systems such as CAS (Conditional Access System) for realizing pay broadcasting and RMP (Rights Management and Protection) for realizing broadcasting specialized for content protection. Information for identifying one of them.

The “ECM location information” is information indicating the location of the ECM, for example, the IP address and port (port number) of the placement destination, the packet ID, and the like.
When the ECM is arranged in a server or the like on the network, an IP address and a port (port number) are set in “ECM location information”. When the ECM is transmitted as an MMT control message, the packet ID of the MMT is set in “ECM location information”.
In this way, by specifying a limited reception method for each asset, it is possible to perform limited reception on an asset basis.

Further, as shown in FIG. 8 (b), by setting an access control descriptor for designating conditional access system identification above the asset information according to the number of assets (N), conditional reception is performed in units of programs. It can be performed.
The various types of information in FIG. 8B are the same as those in FIG.
Note that the MPT generating unit 20 generates various information set in the MPT from the outside as appropriate or based on the setting information stored in the inside.
Returning to FIG. 5, the description of the configuration of the transmission device 1 will be continued.

The CAT generation means (limited reception table generation means) 21 generates a limited reception table (CAT) in which information for performing limited reception is described.
The CAT generation unit 21 includes an access control descriptor (location information) that includes an arrangement location (location information) for specifying the location of individual key information (EMM) for each management unit of a predetermined receiving apparatus for limited reception of a program. Or the conditional access system descriptor) is described as table information.

Here, an example of the structure of the CAT generated by the CAT generation unit 21 will be described with reference to FIG.
As shown in FIG. 9, the CAT generating unit 21 sets a table identification indicating a unique value for identifying table information, a version, a data length, and an access control descriptor, and generates a CAT.
This access control descriptor is the same as that described with reference to FIG. 8 except that the location information indicates the location of the ECM or the location of the EMM.
Note that the CAT generation unit 21 generates various information to be set in the CAT appropriately from the outside or based on the setting information stored in the inside.
Returning to FIG. 5, the description of the configuration of the transmission device 1 will be continued.

  The key information generation unit 22 generates a scramble key for scrambling the content, and as common key information (ECM) common to the reception device and predetermined reception as key information for extracting the scramble key in the reception device 3. Individual key information (EMM) is generated for each management unit of the apparatus.

  Here, a configuration example of the key information generation unit 22 will be described with reference to FIG. 10 (refer to FIG. 5 as appropriate). As shown in FIG. 10, the key information generation unit 22 includes a scramble key generation unit 220, a work key generation unit 221, an ECM generation unit 222, a master key storage unit 223, and an EMM generation unit 224.

The scramble key generation means 220 generates a key (scramble key Ks) for scrambling the content.
The scramble key generation unit 220 generates a scramble key Ks by generating a random number at a predetermined time interval (for example, about once every several seconds). Then, the scramble key generation unit 220 outputs the generated scramble key Ks to the ECM generation unit 222.
Note that the scramble key generation means 220 generates a scramble key at the present time and a scramble key to be used next as a scramble key Ks as a pair of an odd key and an even key. As a result, when the transmission device 1 switches the scramble key, it is possible to eliminate a time interval in which the scramble key does not exist in the reception device 3.
Further, the scramble key generation means 220 outputs information for identifying an encryption key for identifying whether the scramble key Ks currently output to the scramble means 16 is an odd key or an even key to the packet reconstruction means 17. To do.

The work key generation unit 221 generates a key (work key Kw) for encrypting the scramble key Ks.
The work key generation unit 221 generates a work key Kw by generating a random number at a predetermined time interval (for example, about one month) with a longer update time than the scramble key Ks. The work key generation unit 221 then generates the generated work key Kw and key information (work key identification) such as an ID for identifying the generated work key Kw, the ECM generation unit 222, the EMM generation unit 224, Output to.
The work key generation unit 221 may generate a current work key and a work key to be used next as a work key Kw as a pair of an odd key and an even key.

The ECM generating means 222 encrypts the scramble key Ks with the work key Kw, and generates common key information (ECM) that is key information common to the receiving device 3 including the encrypted scramble key Ks.
The ECM generation unit 222 encrypts one or more scramble key Ks pairs (odd key, even key) generated by the scramble key generation unit 220 with the work key Kw and key information of the corresponding work key Kw. (Work key identification) is arranged, and an ECM is generated with a data structure as shown in FIG.
The other information “protocol number”, “business entity identification”, and “time information” shown in FIG. 11 are the same information as the ECM information defined in the STB-B25 of ARIB, Since there is no direct relationship with the present invention, the description is omitted here.
Then, the ECM generation unit 222 outputs the generated ECM to the control message generation unit 12.

  The master key storage unit 223 is an encryption key for encrypting the work key Kw generated by the work key generation unit 221 and stores a unique key (master key Km) previously assigned to each receiving device 3. To do. The master key storage unit 223 can be configured by a storage medium such as a general semiconductor memory.

The EMM generation unit 224 encrypts the work key Kw with the master key Km of the receiving device 3 and generates individual key information (EMM) that is key information of the receiving device 3 including the encrypted work key Kw. Is.
The EMM generation unit 224 encrypts the work key Kw pair (odd key, even key) generated by the work key generation unit 221 with the master key Km, and generates an EMM with a data structure as shown in FIG. .
The other information “device identification”, “byte length of related information”, “protocol number”, “business entity identification”, and “update number” shown in FIG. 12 are defined in ARIB STD-B25. The information is the same as the information of the EMM, and is not directly related to the present invention, so the description thereof is omitted here.
Then, the EMM generation unit 224 outputs the generated EMM to the control message generation unit 12.

  The encryption key for encrypting the work key Kw is an individual key for each management unit of the receiving apparatus 3 that is determined in advance. Here, the EMM generation unit 224 uses the management unit for each receiving device 3 and encrypts the work key Kw with the master key that is a key of each receiving device. When a device unit such as a machine manufacturer or a receiver model is used, the work key Kw is encrypted using the device key assigned to the receiving apparatus 3 in advance as the encryption key.

  By configuring the transmission apparatus 1 as described above, the transmission apparatus 1 converts the content into an MMTP packet and then converts it into an IP packet (MMT over IP), and at the network layer (IP layer) according to the policy In addition, the data of the media transport layer (MMT layer) can be scrambled and transmitted via the broadcast wave W or the communication line N.

As a result, the transmission apparatus 1 can realize service protection in units of programs and assets. For example, the transmission apparatus 1 can realize a process in which only the sub audio transmitted by broadcasting is charged and only the assets constituting the sub audio are encrypted. Furthermore, the transmission apparatus 1 can simultaneously realize data protection of various data not related to the program.
Further, since the transmission device 1 can select a scramble method (encryption method), the calculation load accompanying encryption is reduced or the security strength is increased according to the type of data to be transmitted and security requirements. The scramble can be performed by a scramble method suitable for the content of data to be transmitted.

<Configuration of receiving device>
Next, the configuration of the receiving device 3 according to the first embodiment of the present invention will be described with reference to FIG. 13 (see FIG. 1 as appropriate).
The receiving device 3 receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is.

  Here, the receiving device 3 includes data receiving means 30, IP packet filtering means 31, MMTP packet filtering means 32, descrambling means 33, control message separating means 34, PLT processing means 35, and CAT processing means. 36, MPT processing means 37, location solving means 38, key information processing means 39, MPU processing means 40, decoding means 41, and data processing means 42.

  The data receiving unit 30 receives broadcast data and communication data transmitted from the transmission device 1. Here, the data receiving unit 30 includes a broadcast receiving unit 300 and a communication receiving unit 301.

  The broadcast receiving means 300 receives broadcast data transmitted via the broadcast wave W. For example, the broadcast receiving means 300 demodulates the modulated broadcast data, extracts IP packets encapsulated in TLV, MPEG2-TS, etc., and outputs them to the IP packet filtering means 31.

  The communication receiving unit 301 receives an IP packet transmitted as communication data via the communication line N. The communication receiving unit 301 outputs the received IP packet to the IP packet filtering unit 31.

The IP packet filtering unit 31 analyzes the header of the IP packet received by the data receiving unit 30 and distributes the packet.
Specifically, the IP packet filtering unit 31 refers to an ESP header (see FIG. 7A) added to the IP header to determine whether or not the IP payload area is scrambled. At this time, if the IP payload area is scrambled, the IP packet filtering means 31 descrambles the scramble control information and scramble method identification included in the ESP header, and the IP payload data (scramble data). The data is output to 33 and descrambling is instructed.

The IP packet filtering unit 31 includes the MMTP packet in the IP payload that has not been scrambled and the IP payload that has been descrambled by the descrambling unit 33 depending on the presence or absence of the transport protocol header or MMTP header. It is determined whether or not.
Here, when the MMTP packet is included, the IP packet filtering unit 31 outputs the MMTP packet to the MMTP packet filtering unit 32. When the MMTP header is not included, the IP packet filtering unit 31 outputs the payload portion of the IP packet to the data processing unit 42.
The IP packet filtering unit 31 outputs the control message to the control message separation unit 34 when the IP payload includes a control message without being converted into an MMTP packet.

The MMTP packet filtering unit 32 analyzes the header of the MMTP packet filtered by the IP packet filtering unit 31 and performs packet distribution.
Specifically, the MMTP packet filtering unit 32 scrambles the MMT payload area (more specifically, the data portion of the area) with the scramble control information (see FIG. 7B) included in the MMTP header. It is determined whether or not it has been done. At this time, if the payload area of the MMT is scrambled, the MMTP packet filtering means 32 descrambles the scramble control information and the scramble method identification included in the MMTP header, and the MMT payload data (scramble data). The data is output to 33 and descrambling is instructed.

  Then, the MMTP packet filtering unit 32 uses the payload type (not shown) included in the MMTP header to control the unscrambled MMT payload and the MMT payload descrambled by the descrambling unit 33 as control messages. It is determined whether it is an MPU or not.

  Here, if the MMT payload is a control message, the MMTP packet filtering unit 32 outputs the MMT payload to the control message separation unit 34. If the MMT payload is an MPU, the MMTP packet filtering unit 32 outputs the MMT payload to the MPU processing unit 40.

Here, the MMTP packet filtering unit 32 is instructed to acquire the key information (ECM, EMM), MPT, and asset by the ID (packet ID) of the MMTP packet from the location solution unit 38, and the packet ID is assigned to the packet ID. It is assumed that the ECM, EMM and MPT control messages transmitted in the corresponding MMTP packet are extracted.
Further, the MMTP packet filtering unit 32 is transmitted in the MMTP packet corresponding to the packet ID by being instructed by the location solution unit 38 to acquire the MPU constituting the asset by the ID (packet ID) of the MMTP packet. MPU to be extracted.
The MMTP packet filtering unit 32 extracts a control message corresponding to a predetermined unique packet ID of the MMTP packet for the PLT and CAT control messages.

  The descrambling means 33 descrambles the scrambled data. Here, the descrambling means 33 uses the scramble key Ks corresponding to the scramble control information designated by the IP packet filtering means 31 among the scramble keys extracted by the key information processing means 39 to identify the scramble system. The scramble data of the IP packet is descrambled by a designated scramble method.

Further, the descrambling means 33 is designated by scrambling method identification using the scramble key Ks corresponding to the scramble control information designated by the MMTP packet filtering means 32 among the scramble keys extracted by the key information processing means 39. The scrambled data of the MMTP packet is descrambled by the scrambled method.
The descrambling means 33 outputs the descrambled data to the IP packet filtering means 31 or the MMTP packet filtering means 32 instructing descrambling, respectively.

The control message separation means 34 discriminates PLT, MPT, CAT, ECM, EMM, etc. based on the identification information (table ID) included in the control message extracted by the MMTP packet filtering means 32, and extracts them individually. (Separate).
The control message separation unit 34 outputs the extracted ECM and EMM to the key information processing unit 39. Further, the control message separation unit 34 outputs the extracted PLT to the PLT processing unit 35, outputs the extracted CAT to the CAT processing unit 36, and outputs the extracted MPT to the MPT processing unit 37.

The PLT processing means (package list processing means) 35 performs various processes based on the PLT separated by the control message separation means 34.
Here, the PLT processing unit 35 notifies the location resolution unit 38 of location information that is the acquisition destination of the MPT included in the PLT.

The CAT processing means (conditional reception table processing means) 36 refers to the access control descriptor (see FIG. 9) or the conditional access method descriptor included in the CAT separated by the control message separation means 34, and The EMM position (location information) to be acquired is notified to the location solution means 38.
In this CAT processing means 36, the conditional access system identification described in the access control descriptor (see FIG. 9) or the conditional access system descriptor and the receiving apparatus 3 stored in the storage means (not shown) are contracted in advance. The location solution means 38 is notified of the location information of the EMM described in the access control descriptor or the conditional access system descriptor that matches the conditional access system identification (CAS, RMP, etc.) set by

The MPT processing means (MMT package table processing means) 37 performs various processes based on the MPT separated by the control message separation means 34.
Here, the MPT processing unit 37 refers to the access control descriptor (see FIG. 8) or the conditional access method descriptor included in the MPT, and determines the ECM position (location information) from which the ECM is acquired as a location. The solution means 38 is notified.
This MPT processing means 37 is preliminarily contracted with the reception apparatus 3 stored in the storage means (not shown) and the conditional access system identification described in the access control descriptor (see FIG. 8) or the conditional access system descriptor. The location solution means 38 is notified of the location information of the ECM described in the access control descriptor or the conditional access system descriptor that matches the conditional access system identification (CAS, RMP, etc.) set by
Further, the MPT processing unit 37 notifies the location solution unit 38 of the asset position (location information) that is the acquisition destination of the asset included in the MPT.

The location solution unit 38 controls acquisition of control messages and MPUs based on the location information notified from the PLT processing unit 35, the CAT processing unit 36, and the MPT processing unit 37.
That is, the location resolution unit 38 corresponds to the MPT packet ID notified from the PLT processing unit 35, the EMM packet ID notified from the CAT processing unit 36, and the ECM or asset packet ID acquired from the MPT processing unit 37. The MMTP packet filtering means 32 is instructed to extract a packet to be extracted.
If the location information is location information on the network (transmission destination address, transmission destination port (port number)), the location resolution means 38 sends the designated MMTP packet via the communication control means (not shown). get. Then, the location solution unit 38 outputs the MMTP packet acquired through the communication control unit to the MMTP packet filtering unit 32.

The key information processing unit 39 extracts a scramble key for descrambling content from the ECM and EMM separated by the control message separation unit 34.
Here, the configuration of the key information processing means 39 will be described with reference to FIG. 14 (refer to FIG. 13 as appropriate). As shown in FIG. 14, the key information processing unit 39 includes a master key storage unit 390, an EMM processing unit 391, and an ECM processing unit 392.

  The master key storage unit 390 stores a unique encryption key (master key Km or device key) assigned to each receiving device 3 in advance. The master key storage unit 390 can be configured by a storage medium such as a general semiconductor memory.

  The EMM processing means 391 decrypts the EMM with the master key Km stored in the master key storage means 390 and acquires the work key Kw. The EMM processing means 391 outputs the decrypted work key Kw to the ECM processing means 392.

The ECM processing unit 392 decrypts the ECM with the work key Kw decrypted by the EMM processing unit 391 and acquires the scramble key Ks. The ECM processing unit 392 outputs the decrypted scramble key Ks to the descrambling unit 33.
Returning to FIG. 13, the description of the configuration of the receiving device 3 will be continued.

The MPU processing means 40 outputs to the decoding means 41 a set of MPUs having the same asset ID described in the MPU header extracted by the MMTP packet filtering means 32 as a unit.
That is, the MPU processing unit 40 outputs the MFU included in the MPU having the same asset ID to the decoding unit 41 in units of assets.

The decoding unit 41 decodes the asset unit MPU (MFU) output from the MPU processing unit 40 in units of MFU.
For example, if the MPU is video data, the decoding means 41 is H.264. If the MPU is audio data, decoding is performed using MPEG4 AAC.
The decoded data is output to the outside (display device, speaker, etc.) as reproduced content.

The data processing unit 42 acquires an IP packet that does not include the MMT from the IP packet filtering unit 31 and processes a predetermined IP packet.
The process performed by the data processing unit 42 is, for example, a process for obtaining a file necessary for the firmware update engineering service of the receiving device 3 using an IP packet and updating the firmware.

  By configuring the receiving device 3 as described above, the receiving device 3 receives the scrambled IP packet to the network layer (IP layer) or the media transport layer (MMT layer), and The layer data can be descrambled.

<< Operation of conditional access system >>
Next, with reference to FIGS. 15 and 16, the operation of the conditional access system according to the first embodiment of the present invention will be described.
In the following operations, in order to simplify the description, it is described that the control message and content are transmitted and received serially. However, the control message is transmitted and received at a sequentially generated timing. Not too long.

<Operation of transmitter>
First, the operation of the transmission apparatus 1 according to the first embodiment of the present invention will be described with reference to FIG. The policy storage means 15 stores conditions (policy) for scrambling in advance as shown in FIG.

  First, when realizing limited reception of content, the transmission device 1 generates MPT and CAT including the position information of the key information (ECM and EMM) by the MPT generation unit 20 and the CAT generation unit 21, and controls the control message. A control message is generated by the generation means 12 (step S10).

That is, the transmitting apparatus 1 uses the MPT generating means 20 to place the key information (ECM) common to the receiving apparatus together with the information for specifying the elements (assets) constituting the package (program) as shown in FIG. An MPT is generated by describing an access control descriptor or a conditional access system descriptor including.
Further, as shown in FIG. 9, the transmitting device 1 describes an access control descriptor or a conditional access method descriptor including an arrangement location of individual key information (EMM) of the receiving device by the CAT generating unit 21. , CAT is generated.
Then, the transmission apparatus 1 generates a control message by adding unique identification information by the control message generation unit 12 at the timing when the MPT or CAT is generated or at an arbitrarily specified timing.

  In addition, the transmission apparatus 1 generates common key information (ECM) and individual key information (EMM) as key information for extracting the scramble key in the reception apparatus 3 by the key information generation unit 22, and generates a control message. The control message is generated by adding unique identification information by means 12 (step S11).

  In addition, the transmitter 1 generates a PLT in which the list of MPTs is described by the PLT generation unit 19, and generates a control message by adding unique identification information by the control message generation unit 12 (step S12).

  Then, the transmission device 1 converts the input content and the control message generated in steps S10 to S12 into MMTP packets (step S13). That is, the transmission apparatus 1 encodes (encodes) the content by the encoding unit 10, and converts the data encoded by the encoding unit 10 by the MPU generation unit 11 into a media processing unit (MPU) that is a data processing unit in MMT. ). Then, the transmitting apparatus 1 encapsulates the MPU or the control message generated in steps S10 to S12 into the MMTP packet by the MMTP packet configuring unit 13.

Further, the transmission apparatus 1 adds the headers of the transport layer (TCP / UDP) and the network layer (IP) to the MMTP packet generated in step S13 by the IP packet composing unit 14 to form an IP packet ( Step S14).
Then, the transmitter 1 determines whether the contents of the TCP / UDP header and the IP header match the policy stored in the policy storage unit 15 by the scramble unit 16 (step S15).

If the contents of each header match the policy (Yes in step S15), the transmitting apparatus 1 further determines whether the scramble target specified by the policy is an IP by the scramble means 16 (step S16). .
Here, when the scramble target is IP (Yes in step S16), the transmitting apparatus 1 scrambles the IP payload by the scramble method defined by the policy by the scramble means 16 (step S17).

  Then, the transmission apparatus 1 adds the ESP header to the IP header by the packet reconstructing unit 17 and uses the scramble control information indicating the scramble control information and the scramble system identification for identifying the scramble system as the scramble information. The ESP header is set (step S18). At this time, the scramble control information and the scramble method identification may be combined and assigned to one identifier and set in the ESP header using the identifier.

On the other hand, when the scramble target is not IP (No in step S16), the transmitting apparatus 1 further determines whether or not the scramble target specified by the policy is MMT by the scramble means 16 (step S19).
When the scramble target is MMT (Yes in step S19), the transmitting apparatus 1 uses the scramble means 16 to scramble the MMTP payload area (more specifically, the data portion of the area) defined by the policy. The scramble method is used (step S20).

  Then, the transmitting apparatus 1 sets the scramble control information indicating the presence / absence of scramble and the scramble system identification for identifying the scramble system as scramble information in the MMTP header by the packet reconstruction unit 17 (step S21). .

Then, the transmission apparatus 1 uses the data transmission means 18 to change the IP packet scrambled in the IP layer in step S18, the IP packet scrambled in the MMT layer in step S21, or the contents of the header in steps S15 and S19. The IP packet that does not match and is not scrambled is transmitted to the receiving device 3 by broadcast or communication (step S22).
With the above operation, the transmission device 1 can perform individual scrambling on each data of the IP layer and the MMT layer.

<Operation of receiving apparatus>
Next, the operation of the receiving apparatus 3 according to the first embodiment of the present invention will be described with reference to FIG.

First, the receiving device 3 receives the data via the data receiving means 30, and separates the PLT from the extracted control message via the IP packet filtering means 31 and the MMTP packet filtering means 32 by the control message separating means 34. (Step S30).
Similarly, the receiving device 3 separates MPT and CAT by the control message separation unit 34 (step S31).

Then, the receiving device 3 extracts the position information (location information) of the key information (ECM, EMM) by the MPT processing unit 37 and the CAT processing unit 36 (step S32).
That is, the receiving apparatus 3 extracts ECM position information from the MPT by the MPT processing unit 37. Further, the receiving device 3 extracts the EMM position information from the CAT by the CAT processing means 36.

Further, the receiving device 3 filters the control message corresponding to the position information (packet ID) of the key information extracted in step S32 by the MMTP packet filtering unit 32 according to the instruction of the location solution unit 38, and the control message separation unit 34 separates ECM and EMM (step S33).
Then, the receiving device 3 extracts the scramble key for descrambling the content from the ECM and EMM separated in step S33 by the key information processing means 39 (step S34).

When receiving the IP packet via the data receiving means 30, the receiving device 3 is set by the IP packet filtering means 31 to the ESP header added to the IP header (see FIG. 7A). It is determined whether or not the IP payload area is scrambled based on the scramble control information (step S35).
Here, when the IP payload is scrambled (Yes in step S35), the receiving device 3 uses the scramble key Ks associated with the scramble control information by the descrambling means 33 to scramble the scramble set in the ESP header. The descrambling is performed by the method (step S36).
If the IP payload is not scrambled (No in step S35), the receiving device 3 advances the operation to step S37.

Further, the receiving device 3 uses the scramble control information set in the MMTP header (see FIG. 7B) by the MMTP packet filtering unit 32, and uses the MMT payload area (more specifically, the data portion of the area). Is scrambled (step S37).
Here, when the MMTP payload area is scrambled (Yes in step S37), the receiving apparatus 3 is set in the MMTP header by the descrambling means 33 with the scramble key Ks associated with the scramble control information. The descrambling is performed by the scramble method (step S38).
If the MMTP payload area is not scrambled (No in step S37), the reception device 3 advances the operation to step S39.

  Then, the receiving device 3 obtains the MPU constituting the asset for each asset from the MMTP packet filtering unit 32 by the MPU processing unit 40, and reproduces the content by decoding by the decoding unit 41 (step S39).

Through the above operation, the receiving apparatus 3 can descramble the individually scrambled data for the IP layer and the MMT layer.
The configuration and operation of the conditional access system S, the transmission device 1, and the reception device 3 according to the first embodiment of the present invention have been described above, but the present invention can be implemented with various modifications.

(Modification 1)
For example, here, an example has been described in which the transmission device 1 sets a scramble method in the policy storage unit 15 and selects one from a plurality of scramble methods.
However, this scrambling method may use one predetermined scrambling method.
In this case, the “scramble method” is omitted from the policy stored in the policy storage unit 15 of the transmission device 1.
The scramble means 16 scrambles with a predetermined scramble method. At this time, the packet reconfiguration unit 17 does not set “scramble method identification” in the information set in each header shown in FIG.

  In the receiving device 3, the descrambling means 33 performs descrambling in a predetermined scrambling method without referring to the “scramble method identification” of the header in the IP packet filtering means 31 or the MMTP packet filtering means 32. Good.

(Modification 2)
Also, here, the scrambling method identification is set in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header). It is good also as setting with a layer.
For example, a scramble scheme descriptor is added to MPT as shown in FIG. 17, or a scramble scheme descriptor is added to CAT as shown in FIG.

This “scramble system descriptor” is a descriptor in which information related to scramble is set, and includes, for example, layer identification, scramble system identification, and the like.
Here, “layer identification” is information indicating which layer of IP or MMT is to be scrambled.
The “scramble method identification” is information for identifying the scramble method (encryption method).
This scramble method descriptor may be set for each asset as shown in FIG. 17 (a), or as shown in FIG. 17 (b). It may be set for each package by setting it at the top of the information.
Further, the scramble method descriptor may be set in the CAT as shown in FIG.

In this way, in order to set the scramble method descriptor in MPT or CAT, MPT generation means 20 and CAT generation means 21 may be operated as follows in transmission apparatus 1 in FIG.
In other words, the MPT generation means 20 refers to the policy storage means 15, and if the network layer (IP) or the media transport layer (MMT) is a scramble target and the scramble system is set, the MPT scramble system Set the descriptor.

  If a scramble method is set for each asset ID in the policy storage unit 15, the MPT generation unit 20 sets a scramble method descriptor for each asset as shown in FIG. To do. If no scramble method is set for each asset ID in the policy storage unit 15, the MPT generation unit 20 sets a scramble method descriptor for each package as shown in FIG. .

  Further, when the specific MMT scramble condition is not set in the policy storage means 15 and the same scramble method is set, the CAT generation means 21 scramble method descriptor in the CAT as shown in FIG. Set.

In this case, in the receiving apparatus 3 of FIG. 13, when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the scramble method descriptor is set in the CAT or MPT, the reception device 3 is specified by the scramble method descriptor. The contents (scramble target layer identification, scramble system identification, etc.) may be notified to the IP packet filtering means 31 and the MMTP packet filtering means 32.
When the transmission device 1 and the reception device 3 are configured as the second modification, each configuration performs transmission / reception and reference of data according to a relationship indicated by a dotted line in FIGS. 5 and 13.

<< Restricted Reception System: Second Embodiment >>
Next, a conditional access system according to the second embodiment of the present invention will be described.
The conditional access system according to the second embodiment further has a function of updating the initial value used in the scrambled cipher usage mode with respect to the conditional access system S described in FIG. In the conditional access system according to the second embodiment, the transmission device 1 and the reception device 3 of the conditional access system S described in FIG. 1 are changed to the transmission device 1B (FIG. 23) and the reception device 3B (FIG. 25), respectively. Replace and configure.

(Overview of encryption usage mode)
First, before describing the configuration of the transmission device 1B and the reception device 3B, an outline of the encryption usage mode will be described with reference to FIGS.
The cipher usage mode (Block cipher modes of operation) is a method of encrypting data longer than the block length using a common key block cipher.
This cipher usage mode includes, for example, a CBC (Cipher Block Chaining) mode shown in FIG. 19, a CFB (Cipher Feed Back) mode shown in FIG. 20, an OFB (Output Feed Back) mode shown in FIG. 21, and a CTR ( Counter) mode.

In the CBC mode (see FIG. 19), the result of encrypting the previous plaintext block and the next plaintext block are subjected to an XOR (exclusive OR) operation, and the result is converted to the encryption key key (the scramble key of the present invention). The operation for generating the next cipher block is sequentially performed by the number of plaintext blocks.
In the CBC mode, an initial vector (IV: Initial Vector) given from the outside is used as a value to be XORed with the first plaintext block.

  In the CFB mode (see FIG. 20), the result of encrypting the encryption block corresponding to the previous plaintext block with the encryption key “key” and the next plaintext block are XORed to obtain the encryption corresponding to the next plaintext block. The operation of generating blocks is sequentially performed for the number of plaintext blocks. In the CFB mode, a result obtained by encrypting an initial vector given from the outside with the encryption key key is used as a value to be XORed with the first plaintext block.

  In the OFB mode (see FIG. 21), a cipher block is generated by XORing the result obtained by encrypting the initial vector given from the outside with the cipher key key and the plaintext block, and first encrypted with the cipher key key. The operation of generating the next cipher block by XORing the result and the next plaintext block is sequentially performed by the number of plaintext blocks.

  In the CTR mode (see FIG. 22), a cipher block is generated by performing an XOR operation on the result obtained by encrypting the counter initial value given from the outside with the cipher key key and the plaintext block. In the CTR mode, for subsequent plaintext blocks, an encrypted block is generated by performing an XOR operation with a result obtained by sequentially incrementing (+1) the initial counter value with the encryption key key.

  In general, the initial vector used in the CBC mode or the CFB mode is preferably unpredictable from the viewpoint of safety. In addition, it is preferable to use different values for the initial vector used in the OFB mode and the counter initial value used in the CTR mode when the same encryption key is used from the viewpoint of security. In the scramble means 16 (FIG. 5) and the descramble means 33 (FIG. 13) described in the first embodiment, when the encryption use mode is used as the scramble method (encryption method), the initial vector and the counter initial value are set. This is a predetermined fixed value.

Therefore, in the present invention, in addition to the function of the conditional access system of the first embodiment, an initial vector and a counter initial value (hereinafter referred to as an initial value) can be set at an arbitrary timing when an encryption usage mode is used to scramble content. It will be updated at.
Hereinafter, the transmitting device 1B and the receiving device 3B that can update the initial value of the encryption usage mode will be sequentially described.

<Configuration of transmitter>
First, with reference to FIG. 23, the structure of the transmitter 1B which concerns on 2nd Embodiment of this invention is demonstrated.

  The transmission apparatus 1B performs processing of appropriately scrambling the MMT layer and the IP layer when the content is converted into an MMTP packet and then transmitted as an IP packet. Further, the transmitter 1B has a function of updating the initial value used in the encryption usage mode at an arbitrary timing when scrambling is performed.

Here, the transmission apparatus 1B includes an encoding unit 10, an MPU generation unit 11, a control message generation unit 12, an MMTP packet configuration unit 13, an IP packet configuration unit 14, a policy storage unit 15, and a scramble unit 16B. A packet reconfiguration unit 17B, a data transmission unit 18, a PLT generation unit 19, an MPT generation unit 20, a CAT generation unit 21, a key information generation unit 22, and an initial value generation unit 23.
Since the configuration other than the scramble unit 16B, the packet reconfiguration unit 17B, and the initial value generation unit 23 is the same as that of the transmission apparatus 1 described with reference to FIG.

The scramble means 16B refers to the policy stored in the policy storage means 15 for the IP packet generated by the IP packet construction means 14, determines the scramble target, and scrambles the target. And it has the same function as the scramble means 16 described in FIG.
Here, the scrambler 16B uses the initial value generated by the initial value generator 23 as the initial value of the encryption usage mode when performing the scramble. Note that the scrambler 16B does not necessarily use all of the initial value, and may be a part of a predetermined initial value.
The scrambler 16B updates the initial value to be used at the timing when the initial value is notified from the initial value generator 23.

  The packet reconstruction unit (header setting unit) 17B adds a header to the payload area scrambled by the scramble unit 16B to reconstruct the IP packet, and is the same as the packet reconstruction unit 17 described with reference to FIG. It has a function.

Further, the packet reconstructing means 17B has a function of embedding initial value information notified from the initial value generating means 23 in the header of the payload area scrambled by the scramble means 16B.
Specifically, as shown in FIG. 24A, when the scramble target is IP, the packet reconstructing unit 17B inserts an ESP header between the IP header and the TCP / UDP header, and the ESP header Embedded with scramble control information, scramble method identification, and initial value information.
“Scramble control information” and “scramble method identification” are the same information as in FIG.
The “initial value information” may be information that identifies which initial value is used among the initial values themselves or some initial values prepared in advance. Moreover, it is good also as a seed required in order to produce | generate an initial value with a predetermined algorithm. When the initial value information is used as the initial value identification information or the seed for generating the initial value, information for associating the initial value with the initial value identification information and information for specifying the initial value generation algorithm are separately controlled. It shall be specified by a message.

Further, when the scramble target is MMT, the packet reconstructing unit 17B sets various information related to scramble in the MMTP header.
Specifically, as shown in FIG. 24B, the packet reconstruction unit 17B embeds scramble control information, scramble method identification, and initial value information in the MMTP header.
Note that these embedded data are the same as the data described with reference to FIG. 24A, and only the scramble target is different, and therefore description thereof is omitted.

The initial value generator 23 generates an initial value of a scrambled cipher use mode performed in the scrambler 16B.
The initial value generating means 23 generates an initial value at a constant period or at a timing instructed from the outside. For example, the initial value generating unit 23 generates an initial value using a random number.
Then, the initial value generator 23 outputs the generated initial value to the scrambler 16B, and outputs the initial value information to the packet reconstructor 17B. Further, when the initial value information is used as the initial value identification information, the initial value generation unit 23 outputs information in which the initial value and the initial value identification information are associated with each other to the control message generation unit 12, and the control message generation unit 12 generates a control message.

  By configuring the transmission apparatus 1B as described above, the transmission apparatus 1B can scramble the content and data to the network layer (IP layer) and the media transport layer (MMT layer) according to the policy. When applied, the initial value of the encryption usage mode can be updated as appropriate, so that the safety of data transmitted by broadcasting or communication can be improved.

<Configuration of receiving device>
Next, with reference to FIG. 25, the structure of the receiver 3B which concerns on 2nd Embodiment of this invention is demonstrated.

  The receiving device 3B receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is. The receiving device 3B has a function of performing descrambling in the encryption usage mode using the initial value (initial vector or counter initial value) updated by the transmitting device 1B.

Here, the receiving device 3B includes data receiving means 30, IP packet filtering means 31B, MMTP packet filtering means 32B, descrambling means 33B, control message separation means 34, PLT processing means 35, and CAT processing means. 36, MPT processing means 37, location solving means 38, key information processing means 39, MPU processing means 40, decoding means 41, and data processing means 42.
Since the configuration other than the IP packet filtering unit 31B, the MMTP packet filtering unit 32B, and the descrambling unit 33B is the same as that of the receiving apparatus 3 described with reference to FIG. 13, the same reference numerals are given and description thereof is omitted.

  The IP packet filtering unit 31B analyzes the header of the IP packet received by the data receiving unit 30 and distributes the packet, and has the same function as the IP packet filtering unit 31 described with reference to FIG.

Further, when the IP packet filtering unit 31B determines that the initial value of the encryption usage mode is set based on the initial value information (see FIG. 24A) of the ESP header added to the IP header, the EPS header Has a function of notifying the descrambling means 33B of the initial value information added to.
Thus, the IP packet filtering unit 31B can notify the descrambling unit 33B that the IP payload is scrambled using the initial value of the encryption usage mode specified by the initial value information.

  The MMTP packet filtering unit 32B analyzes the header of the MMTP packet filtered by the IP packet filtering unit 31 and sorts the packets, and has the same function as the MMTP packet filtering unit 32 described with reference to FIG.

Furthermore, when the MMTP packet filtering unit 32B determines that the initial value of the encryption usage mode is set based on the initial value information of the MMTP header (see FIG. 24B), the initial value added to the MMTP header. It has a function of notifying information to the descrambling means 33B.
As a result, the MMTP packet filtering means 32B uses the initial value of the encryption usage mode specified by the initial value information to confirm that the MMT payload area (more specifically, the data portion of the area) is scrambled. The descrambling means 33B can be notified.

The descrambling means 33B descrambles the scrambled data, and has the same function as the descrambling means 33 described with reference to FIG.
Further, when the initial value is notified as the initial value information from the IP packet filtering unit 31B or the MMTP packet filtering unit 32B, the descrambling unit 33B performs descrambling using the notified initial value.
Thereby, the descrambling means 33B can correctly perform descrambling using the same initial value as the initial value of the encryption usage mode used in the scramble means 16B (see FIG. 23) of the transmitting apparatus 1.

  In addition, when the information that associates the initial value with the identification information of the initial value, the initial value generation algorithm, and the like are notified by the control message, the descrambling unit 33B acquires the information from the control message separation unit 34, Descrambling is performed using a predetermined initial value corresponding to the identification information or an initial value generated by a predetermined generation algorithm. Further, the descrambling means 33B does not necessarily use all of the initial value, and may be a part of the predetermined initial value. In this case, which part of the initial value is used is known information with the scrambler.

  By configuring the receiving device 3B as described above, the receiving device 3B acquires the initial value as control information when the transmitting device 1B performs scrambling by updating the initial value of the encryption usage mode. Can be descrambled. As a result, the receiving device 3B can update the initial value of the encryption usage mode as appropriate, so that the safety of data transmitted by broadcasting or communication can be improved.

In the above, each structure of the transmitter 1B and the receiver 3B which comprise the conditional access system which concerns on 2nd Embodiment of this invention was demonstrated.
The basic operation of the conditional access system according to the second embodiment is the same as the operation of the conditional access system according to the first embodiment described with reference to FIGS. 15 and 16. In the conditional access system according to the second embodiment, the initial value of the encryption usage mode is transmitted, and information for identifying the initial value is set in the headers of the IP layer and the MMT layer. Since it is only different from the system, detailed description is omitted here.

Here, the initial value information is set in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header). This information will be described in (Modification 2) of the first embodiment. As described above, it may be set in a higher layer without setting in individual packets.
In this case, the MPT shown in FIG. 17 or the CAT scramble system descriptor shown in FIG. 18 may be replaced with the scramble system descriptor shown in FIG.
In FIG. 26A, initial value information is newly added to the scramble method descriptors of FIGS.

  The receiving device 3B, when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the scramble system descriptor is set in the CAT or MPT, the content specified by the scramble system descriptor (the scramble target) Scramble method identification, initial value information, etc.) may be notified to the IP packet filtering means 31B and the MMTP packet filtering means 32B.

  Furthermore, as described in (Modification 1) of the first embodiment, the transmission device 1B may use one predetermined scramble method. In that case, as shown in FIG. 26 (b), the scramble method descriptor may omit the scramble method identification from FIG. 26 (a).

<< Limited Reception System: Third Embodiment >>
Next, a conditional access system according to the third embodiment of the present invention will be described.
The conditional access system according to the third embodiment further has a falsification detection function for IP layer and MMT layer data in addition to the conditional access system S described in FIG. In the conditional access system according to the third embodiment, the transmission device 1 and the reception device 3 of the conditional access system S described in FIG. 1 are changed to the transmission device 1C (FIG. 27) and the reception device 3C (FIG. 31), respectively. Replace and configure.

<Configuration of transmitter>
First, the configuration of a transmission device 1C according to the third embodiment of the present invention will be described with reference to FIG.

  The transmission device 1C performs processing of appropriately scrambling the MMT layer and the IP layer when the content is converted into an MMTP packet and then transmitted as an IP packet. The transmitting apparatus 1C has a function of adding authentication data (message authentication data) to the MMT layer and the IP layer.

Here, the transmitting apparatus 1C includes an encoding unit 10, an MPU generation unit 11, a control message generation unit 12, an MMTP packet configuration unit 13, an IP packet configuration unit 14, a policy storage unit 15C, and a scramble unit 16. A packet reconfiguration unit 17C, a data transmission unit 18, a PLT generation unit 19, an MPT generation unit 20, a CAT generation unit 21, a key information generation unit 22C, and a message authentication data provision unit 24.
Since the configuration other than the policy storage unit 15C, the packet reconstruction unit 17C, the key information generation unit 22C, and the message authentication data addition unit 24 is the same as that of the transmission device 1 described in FIG. Description is omitted.

The policy storage unit 15C stores conditions (policy) for performing scrambling for two different layers of the IP layer and the MMT layer. The policy storage unit 15C stores the same information as the policy storage unit 15 described in FIG. Remember.
Further, the policy storage unit 15C stores an authentication method (message authentication method) in addition to the scramble condition. Among the policies stored in the policy storage unit 15C, the message authentication method is referred to by the packet reconfiguration unit 17C, and the object of the message authentication data and the message authentication method are determined.

Here, an example of the policy stored in the policy storage unit 15C will be described with reference to FIG.
In FIG. 28, as conditions (policy) for performing scramble and authentication (message authentication), “IP Ver”, “transmission destination address”, “transmission source address”, “transmission destination port”, “transmission source port”, In this example, a plurality of “transport layer protocol”, “scramble authentication target”, “MMT scramble authentication condition”, “scramble method (encryption method)”, and “message authentication method” are set. Information other than “scramble authentication target”, “MMT scramble authentication condition” and “message authentication method” is the same as the information described with reference to FIG.

  “Scramble authentication target” indicates an area to be scrambled / message authenticated on an IP packet. Here, as a scramble / message authentication target, whether scramble / message authentication is performed at the network layer level (IP) or scramble / message authentication is performed at the media transport layer level (MMT) is shown.

  The “MMT scramble authentication condition” indicates a detailed condition of which asset is scrambled / message authenticated when the scramble / message authentication target is a media transport layer. That is, if this “MMT scramble authentication condition” is set, the MMT becomes a scramble / message authentication target in units of assets.

“Message authentication method” indicates the type of message authentication method used when message authentication data is assigned to the IP layer or MMT layer.
As this “message authentication method”, a general message authentication method may be set. For example, HMAC-SHA-1 (Keyed Hashing for Message Authentication Code-SHA-1), HMAC-SHA-256, etc. that perform message authentication using a common key (authentication key).
In the example of FIG. 28, among the IP packets transmitted by IPv4, the UDP IP packet transmitted by “3300” as the transmission destination port and “3000” as the transmission source port includes the payload data of the IP layer as a message. This means that message authentication data is given by HMAC-SHA-1 as an authentication target.
Although the scramble target and the message authentication target are the same target here, they may be different targets. For example, the scramble target is set to the IP layer and the message authentication target is set to the MMT layer.

The packet reconstruction means (header setting means) 17C adds a header to the payload area scrambled by the scramble means 16 to reconstruct the IP packet.
Further, the packet reconfiguration unit 17C refers to the policy stored in the policy storage unit 15, and the IP version, transmission destination address, transmission source address, transmission destination port, transmission source port set in the IP packet. The message authentication target and the message authentication method are specified according to the transport layer protocol, and the information is set in the header.
That is, the packet reconstructing unit 17C extends the ESP (Encapsulated Security Payload) header used in general IPsec (Security Architecture for IP) when the scramble target or the authentication target is IP. Set information related to scramble and information related to message authentication.

  Specifically, as shown in FIG. 29A, the packet reconstruction unit 17C inserts an ESP header between the IP header and the TCP / UDP header, and scramble control information and a scramble system in the ESP header. Embedding identification, message authentication control information, and message authentication method identification.

“Scramble control information” and “scramble method identification” are the same information as in FIG.
“Message authentication control information (message authentication control bit)” indicates whether or not to add message authentication data. Moreover, you may point the information which identifies an authentication key.
“Message authentication method identification” indicates information for identifying a message authentication method for authenticating an IP.

In addition, when the message authentication target is MMT, the packet reconfiguration unit 17C sets various information related to message authentication in the MMTP header.
Specifically, as shown in FIG. 29B, the packet reconstructing unit 17C embeds scramble control information, scramble method identification, message authentication control information, and message authentication method identification in the MMTP header.
These embedded data are the same as the data described with reference to FIG. 29A, and only the scramble target is different.

If the message authentication target is both IP and MMT, as shown in FIG. 29 (c), the packet reconstructing means 17C displays both the ESP header and the MMTP header in FIGS. 29 (a) and 29 (b). Embed the same data as.
Here, the packet reconstructing unit 17C sets the information related to scramble and the information related to message authentication in the header, but the unique identifier that associates the information related to scramble and the information related to message authentication. The specific contents may be indicated by setting in the header.

The key information generation unit 22C generates a scramble key for scrambling the content, and as key information for extracting the scramble key in the reception device 3C, common key information (ECM) common to the reception device and individual reception device Individual key information (EMM) is generated. Furthermore, the key information generation unit 22C also manages an authentication key that is a key used when providing message authentication data by a predetermined message authentication method.
Here, the message authentication data is generated using the authentication key for the following reason.
That is, when authentication is performed using only the hash function (message digest), tampering cannot be detected when data is tampered in the middle of transmission and new authentication data is added using the same hash function. Therefore, in the present invention, message authentication data is generated using an authentication key in order to prevent an intermediate attack in consideration of transmission by communication.

Here, the configuration of the key information generation unit 22C will be described with reference to FIG. As shown in FIG. 30, the key information generation unit 22C includes a scramble key generation unit 220, a work key generation unit 221, an ECM generation unit 222, a master key storage unit 223, an EMM generation unit 224, and an authentication key management. Means 225.
Since the configuration other than the authentication key management unit 225 is the same as that of the key information generation unit 22 described with reference to FIG.

The authentication key management means 225 manages (stores) authentication keys in advance.
The authentication key management unit 225 notifies the message authentication data providing unit 24 of the authentication key Ka when requested by the message authentication data providing unit 24. Further, when managing a plurality of authentication keys, the authentication key management unit 225 responds with an authentication key Ka associated with the identification information when a request including the key identification information is received from the message authentication data providing unit 24. I decided to.
Returning to FIG. 27, the description of the configuration of the transmitting apparatus 1C will be continued.

The message authentication data giving means (authentication data giving means) 24 gives message authentication data to the IP layer and / or the MMT layer for the IP packet whose information is set in each header by the packet reconstruction means 17C. is there.
Here, the message authentication data giving means 24 refers to the message authentication control information set in the header of each layer (IP layer, MMT layer), and when information for adding message authentication data is set, Message authentication data is assigned to each layer.
At this time, the message authentication data adding unit 24 uses the authentication key Ka managed by the authentication key management unit 225 (see FIG. 30) of the key information generation unit 22C and uses the message authentication method set in the header of each layer. Generate message authentication data. When the message authentication control information set in the header of each layer includes key identification information, the message authentication data adding unit 24 uses the authentication key Ka corresponding to the identification information to authenticate the message. Generate data.

Further, when the IP layer is set as the authentication range, the message authentication data adding unit 24 applies message authentication data (IP) to data after the ESP header added after the IP header, as shown in FIG. Message authentication data).
Further, when the MMT layer is set as the authentication range, the message authentication data adding unit 24 adds message authentication data (MMT message authentication data) to data after the MMTP header, as shown in FIG.

In addition, when message authentication data is added to both the IP layer and the MMT layer, the message authentication data providing unit 24 first assigns message authentication data to the MMT layer as shown in FIG. 29 (c). The message authentication data for the IP layer is assigned.
Thus, it goes without saying that the message authentication data adding unit 24 updates the packet length in the IP header when the message authentication data is added.

  By configuring the transmission device 1C as described above, the transmission device 1C scrambles content and data to the network layer (IP layer) and the media transport layer (MMT layer) according to the policy. And message authentication data can be attached. As a result, the transmission device 1 </ b> C can detect falsification of content or data in the reception device.

<Configuration of receiving device>
Next, with reference to FIG. 31, the structure of the receiver 3C which concerns on 3rd Embodiment of this invention is demonstrated.

  The receiving device 3C receives the content obtained by converting the MMTP packet into an IP packet via the broadcast wave W or the communication line N, descrambles the protected scrambled data, and makes the content usable (video reproduction or the like). Is. The receiving device 3C has a function of detecting falsification of data for performing data authentication of the layer to which the message authentication data is given by the transmitting device 1C.

Here, the receiving apparatus 3C includes a data receiving unit 30, an IP packet filtering unit 31C, an MMTP packet filtering unit 32C, a descrambling unit 33, a control message separation unit 34, a PLT processing unit 35, and a CAT processing unit. 36, MPT processing means 37, location solving means 38, key information processing means 39, MPU processing means 40, decoding means 41, data processing means 42, and message authentication means 43.
The configuration other than the IP packet filtering unit 31C, the MMTP packet filtering unit 32C, and the message authentication unit 43 is the same as that of the receiving device 3 described with reference to FIG.

  The IP packet filtering unit 31C analyzes the header of the IP packet received by the data receiving unit 30 and distributes the packet, and has the same function as the IP packet filtering unit 31 described with reference to FIG.

Furthermore, when the IP packet filtering unit 31C determines that the message authentication data has been given by the message authentication control information (see FIG. 29A) of the ESP header added to the IP header, the message authentication data is The assigned IP packet is subjected to message authentication by the message authentication means 43.
At this time, the IP packet filtering unit 31C notifies the message authentication unit 43 of the message authentication method identification (see FIG. 29A) set in the ESP header, so that the same message authentication method as that of the transmission device 1C is used. Message authentication can be performed.
When tampering is detected by message authentication, the IP packet filtering unit 31C discards the IP packet.

  The MMTP packet filtering unit 32C analyzes the header of the MMTP packet filtered by the IP packet filtering unit 31C and sorts the packets, and has the same function as the MMTP packet filtering unit 32 described with reference to FIG.

Further, when the MMTP packet filtering unit 32C determines that the message authentication data has been assigned in the message authentication control information (see FIG. 29B) of the MMTP header, the MMTP packet filtering unit 32C The message authentication unit 43 authenticates the message.
At this time, the MMTP packet filtering unit 32C notifies the message authentication unit 43 of the message authentication method identification (see FIG. 29B) set in the MMTP header, so that the authentication is performed by the same authentication method as that of the transmission device 1C. Can be performed.
When falsification is detected by message authentication, the MMTP packet filtering unit 32C discards the IP packet including the MMTP packet.

The message authentication means 43 authenticates data to which message authentication data is attached.
When the message authentication unit 43 is instructed to perform message authentication from the IP packet filtering unit 31C or the MMTP packet filtering unit 32C, the message authentication unit 43 uses the authentication key Ka corresponding to the specified message authentication method identification in advance as the message authentication method identification. Is obtained from a storage means (not shown) that stores an authentication key corresponding to, and IP layer or MMT layer message authentication is performed by the instructed message authentication method.
The message authentication unit 43 notifies the authentication result to the IP packet filtering unit 31C or the MMTP packet filtering unit 32C that requested the authentication.

  By configuring the receiving device 3C as described above, when the message authentication data is added to the IP layer or the MMT layer in the transmitting device 1C, the receiving device 3C can perform data transmission using the same authentication method as the transmitting device 1C. Authentication can be performed. As a result, the receiving device 3C can detect falsification of data, and thus can improve the safety of data transmitted by broadcasting or communication.

Heretofore, the configurations of the transmission device 1C and the reception device 3C constituting the conditional access system according to the third embodiment of the present invention have been described.
The basic operation of the conditional access system according to the third embodiment is the same as the operation of the conditional access system according to the first embodiment described with reference to FIGS. 15 and 16. In the conditional access system according to the third embodiment, information related to message authentication (message authentication control information, message authentication method identification) is further set in step S18 and step S21 in FIG. Give data. Further, the receiving device 3C authenticates the message authentication data before step S35. Since other operations are basically the same as those of the first embodiment, detailed description thereof is omitted.

Here, information related to message authentication (message authentication control information, message authentication method identification) is set in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header). As described in (Modification 2) of the first embodiment, it may be set in a higher layer without setting in individual packets.
In this case, the MPT shown in FIG. 17 or the CAT scramble system descriptor shown in FIG. 18 may be replaced with the scramble system descriptor shown in FIG.
Note that FIG. 32A shows the presence / absence of message authentication, authentication key identification information (corresponding to message authentication control information), and message authentication method identification with respect to the scramble method descriptors of FIGS. Newly added.
Furthermore, as described in (Modification 1) of the first embodiment, the transmission device 1C may use one predetermined scrambling method. In that case, as shown in FIG. 32 (b), the scramble method descriptor may omit the scramble method identification from FIG. 32 (a).

In the conditional access system according to the third embodiment, a function of updating the initial value of the scramble method in the conditional access system of the second embodiment may be added. That is, the transmitting apparatus 1C of FIG. 27 includes the initial value generating means 23 described in FIG. 23, and the descrambling means 33 of the receiving apparatus 3C of FIG. 31 performs descrambling using the notified initial value. Good.
At that time, instead of setting information related to message authentication (message authentication control information, message authentication method identification) and initial value information in the header of the IP packet and the header of the MMTP packet (ESP header, MMTP header) It may be set in an upper layer.
For example, the scramble method descriptor of MPT shown in FIG. 17 or the CAT shown in FIG. 18 may be replaced with the scramble method descriptor shown in FIG.

  In this case, in the receiving apparatus 3C in FIG. 31, when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the scramble method descriptor is set in the CAT or MPT, the reception device 3C is specified by the scramble method descriptor. The contents (message authentication control information, message authentication method identification, etc.) may be notified to the IP packet filtering means 31C and the MMTP packet filtering means 32C.

  In the third embodiment, information related to message authentication may be set separately as a descriptor (message authentication method descriptor) different from the scramble method descriptor. This message authentication scheme descriptor can have, for example, the data structure of FIG. Since each data of the message authentication scheme descriptor is the same as the data of FIG. 32, the description is omitted.

In this case, the transmitting apparatus 1C of FIG. 27 may set the message authentication scheme descriptor shown in FIG. 33 in the MPT (for example, FIG. 17) in the MPT generation means 20. Further, the transmission apparatus 1C may set the message authentication scheme descriptor shown in FIG. 33 in the CAT (for example, FIG. 18) in the CAT generation unit 21.
31 is identified by the message authentication method descriptor when the CAT processing unit 36 or the MPT processing unit 37 recognizes that the message authentication method descriptor is set in the CAT or MPT. The contents (message authentication control information, message authentication method identification, etc.) may be notified to the IP packet filtering means 31C and the MMTP packet filtering means 32C.

S conditional access system 1 transmitter 10 encoding means 11 MPU generating means 12 control message generating means 13 MMTP packet configuring means 14 IP packet configuring means 15 policy storage means 16 scramble means 17 packet reconfiguring means (header setting means)
18 Data transmission means 19 PLT generation means (package list generation means)
20 MPT generation means (MMT package table generation means)
21 CAT generation means (limited reception table generation means)
22 Key information generating means 23 Initial value generating means 24 Message authentication data giving means (authentication data giving means)
3 receiving device 30 data receiving means 31 IP packet filtering means 32 MMTP packet filtering means 33 descrambling means 34 control message separating means 35 PLT processing means (package list processing means)
36 CAT processing means (conditional reception table processing means)
37 MPT processing means (MMT package table processing means)
38 Location analysis means 39 Key information processing means 40 MPU processing means 41 Decoding means 42 Data processing means 43 Message authentication means (authentication means)

Claims (3)

In a transmission apparatus that transmits contents in IP packets using MMT (MPEG Media Transport),
MMT package table generating means for generating an MMT package table which is table information specifying location information for specifying the location of common key information common to a receiving device in which a scramble key is encrypted with a work key;
A limited reception table generating means for generating a limited reception table, which is table information designating position information for specifying the location of individual key information obtained by encrypting the work key with an individual encryption key for each management unit of the receiving device. When,
MMTP packet configuration means for configuring the content as an MMTP packet of the MMT layer;
IP packet configuring means for adding transport layer and network layer headers to the MMTP packet to configure as an IP layer IP packet;
A scrambling means for scrambling the payload area of the IP packet or the payload area of the MMTP packet with the scramble key based on a policy indicating a predetermined scramble target and a scramble method or a control signal input from the outside,
Header setting means for setting scramble control information indicating the presence / absence of scramble in the header part of the layer to be scrambled,
The header setting unit embeds a scramble method identification indicating the scramble method in a header portion of the scramble target layer, or the MMT package table generation unit includes a layer identification indicating the scramble target layer and the scramble method. A transmission apparatus characterized in that processing for embedding control information including identification in the MMT package table or processing for embedding the control information in the limited reception table is performed by the limited reception table generating means. In a receiving apparatus that receives content that is IP packetized using MMT (MPEG Media Transport),
The MMT package table, which is table information specifying the location information specifying the location of the common key information common to the receiving apparatus obtained by encrypting the scramble key that scrambled the content with the work key, is received, and the location information of the common key information is received. MMT package table processing means for extracting;
Receiving a limited reception table, which is table information specifying position information for specifying the location of individual key information obtained by encrypting the work key with a predetermined encryption key for each management unit of the receiving device, and the individual key information Limited reception table processing means for extracting the position information of
Key information processing means for extracting the scramble key from the common key information and the individual key information acquired based on each extracted position information;
Descrambling means for descrambling the scrambled data with the scramble key using a designated scramble method;
IP packet filtering means for specifying the scramble method when the IP layer is scrambled, descrambling the payload area of the IP packet with the descramble means, and extracting the MMTP packet;
MMTP packet filtering means for specifying the scramble method when the MMT layer is scrambled, descrambling the payload area of the MMTP packet with the descrambling means, and extracting the content;
When the IP packet filtering means includes control information including a layer identification indicating that a scramble target is an IP layer and a scramble scheme identification indicating a scramble scheme in the conditional access table or the MMT package table, or When the scramble control information indicating that the header is immediately scrambled in the header of the IP packet and the scramble method identification are set, the payload area of the IP packet is a scramble method specified by the scramble method identification. Determines that it is scrambled,
When the MMTP packet filtering means includes control information including a layer identification indicating that a scramble target is an MMT layer and the scramble method identification in the conditional access table or the MMT package table, or an MMTP packet When the scramble control information indicating that the header is scrambled and the scramble method identification are set, it is determined that the payload area of the MMTP packet is scrambled by the scramble method specified by the scramble method identification And a receiving device. A conditional access system comprising: a transmitter that transmits an IP packet of content using MMT (MPEG Media Transport); and a receiver that receives the IP packetized content.
The transmitter is
MMT package table generating means for generating an MMT package table which is table information specifying location information for specifying the location of common key information common to a receiving device in which a scramble key is encrypted with a work key;
A limited reception table generating means for generating a limited reception table, which is table information designating position information for specifying the location of individual key information obtained by encrypting the work key with an individual encryption key for each management unit of the receiving device. When,
MMTP packet configuration means for configuring the content as an MMTP packet of the MMT layer;
IP packet configuring means for adding transport layer and network layer headers to the MMTP packet to configure as an IP layer IP packet;
A scrambling means for scrambling the payload area of the IP packet or the payload area of the MMTP packet with the scramble key based on a policy indicating a predetermined scramble target and a scramble method or a control signal input from the outside,
Header setting means for setting scramble control information indicating the presence / absence of scramble in the header part of the layer to be scrambled,
The header setting unit embeds a scramble method identification indicating the scramble method in a header portion of the scramble target layer, or the MMT package table generation unit includes a layer identification indicating the scramble target layer and the scramble method. A process of embedding control information including identification in the MMT package table, or a process of embedding the control information in the limited reception table by the limited reception table generating means;
The receiving device is:
MMT package table processing means for receiving the MMT package table and extracting location information of the common key information;
Limited reception table processing means for receiving the limited reception table and extracting position information of the individual key information;
Key information processing means for extracting the scramble key from the common key information and the individual key information acquired based on each extracted position information;
Descrambling means for descrambling the scrambled data with the scramble key using a designated scramble method;
IP packet filtering means for specifying the scramble method when the IP layer is scrambled, descrambling the payload area of the IP packet with the descramble means, and extracting the MMTP packet;
MMTP packet filtering means for specifying the scramble method when the MMT layer is scrambled, descrambling the payload area of the MMTP packet with the descrambling means, and extracting the content;
When the IP packet filtering means includes control information including a layer identification indicating that a scramble target is an IP layer and a scramble scheme identification indicating a scramble scheme in the conditional access table or the MMT package table, or When the scramble control information indicating that the header is immediately scrambled in the header of the IP packet and the scramble method identification are set, the payload area of the IP packet is a scramble method specified by the scramble method identification. Determines that it is scrambled,
When the MMTP packet filtering means includes control information including a layer identification indicating that a scramble target is an MMT layer and the scramble method identification in the conditional access table or the MMT package table, or an MMTP packet When the scramble control information indicating that the header is scrambled and the scramble method identification are set, it is determined that the payload area of the MMTP packet is scrambled by the scramble method specified by the scramble method identification A conditional access system characterized by:

Images