JP4314986B2 - Recording / reproducing apparatus and recording / reproducing method - Google Patents

Description

The present invention relates to a recording / reproducing apparatus for recording / reproducing data, and a method thereof .

As a storage medium, a recording / reproducing apparatus that incorporates a large-capacity HDD (hard disk drive) and that can record / reproduce content data such as video data and audio data on the HDD has come to be known. Yes.
As described above, at present, the HDD is a storage device that can be easily and inexpensively increased in capacity as compared with others. For this reason, the HDD can store the content data corresponding to several or many pieces of removable media such as DVDs and CDs. Since a large amount of content data can be accumulated in this way, content data stored in one HDD can be stored without replacing the removable medium as before. There is an advantage that it is possible to provide a viewing style in which a desired content is selected and reproduced.

For example, from the viewpoint of copyright, in the recording / reproducing apparatus as described above, the content data recorded in the built-in HDD should be completely reproduced and output only by the recording / reproducing apparatus. I can say that.
In other words, for example, it is unavoidable that the content data recorded in the built-in HDD can be copied to another storage device or recording medium, and the content data copied from these storage device or recording medium can be reproduced. There must be. Alternatively, it must be avoided to take out the built-in HDD from the recording / reproducing apparatus and connect the taken-out HDD to a personal computer or another recording / reproducing apparatus for reproduction. In other words, for example, a situation where secondary reproduction (secondary use) is performed beyond the range (primary use) that should be completely reproduced and output only by the recording / reproduction apparatus originally incorporating the HDD can be avoided. It can be said that it should be.

  Therefore, when considering to prevent secondary playback from the HDD as described above, the content data may be encrypted and scrambled before being recorded on the HDD. Conceivable. At the time of reproduction, the data read from the HDD in the recording / reproducing apparatus is decrypted using an encryption key for decryption, and then demodulated as necessary to be reproduced and output. Is.

Techniques relating to encryption and scrambling of content data are described in the following documents.
JP-A-11-313282

  However, when content data is encrypted and recorded in the HDD, there is a problem of how to specifically encrypt the content data. For example, in a configuration in which a predetermined encryption key is simply used, it can be said that there is a high possibility that the encryption key is specified by a malicious user or the like. In other words, there is a demand for more effective prevention of fraudulent activities such as secondary use as described above.

In view of the above problems, the present invention is first configured as a recording / reproducing apparatus as follows.
That is, a recording means for recording data, at least information held by the recording means, recording means identification information given to each recording means as hardware, and a recording / reproducing apparatus those given hardware component that performs a specific function provided in the un-detachably held with respect to an information to be unique to each recording and reproducing apparatus itself, so as to be unique for each this hardware component hardware key generating means and the part identification information provided, by utilizing a generating a hardware key information, is capable connected externally to the recording and reproducing apparatus, in a state of being connected to the recording and reproducing apparatus, at least a recording and reproducing apparatus is used to perform a specific function corresponding to the user unit of the external connection device identification information given to a unique to each external connection device Is intended to hold a to the external device connected to the recording and reproducing apparatus, and key information transfer means for transferring said hardware key information, it is corresponding to the recording data, by the key information transfer means and transfer the above hardware key information, the generation of the pre-encryption key using the external connection device identification information in which the external connection device is held, and the spare cryptographic key information generation instruction means for instructing to said external connection device Encryption key information generating means for generating encryption key information using the backup encryption key acquired from the external connection device , encryption means for encrypting data using the encryption key information, and the encryption the encrypted data by means, recording control means for recording in the recording means, in response to the reproduction of the data, and the hardware key information transferred by the key information transfer means, the external The product of the pre-decryption key by using the external connection device identification information connection device is held, and Kagijo report generation instruction means for instructing to said external connection device, the pre-decryption key obtained from the external connection device Decryption key information generating means for generating decryption key information by using, reading means for reading out encrypted data which is data recorded in the recording means and is encrypted, from the recording means, and the reading I Ri read encrypted data to the means, it was decided to obtain Bei and decoding means for decoding by using the decoded key information.

The recording / reproducing method is configured as follows.
  In other words, it is information held by the recording unit where data is recorded, For the recording unit identification information given to each recording unit and the recording / reproducing apparatus A predetermined hardware component that is provided in a non-detachable manner and performs a specific function, This information is unique to each recording / reproducing device itself, and is unique to each hardware component. And hardware identification information generated using hardware identification information. The key generation procedure and the recording / reproducing apparatus can be connected from the outside, and the recording / reproducing apparatus is connected. In this state, at least the recording / playback apparatus executes a specific function corresponding to the user unit. The external connection device identification information given to be unique to each external connection device is stored. For the external connection device connected to the recording / reproducing device. Corresponding to the key information transfer procedure for transferring key information and the recording of data, The hardware key information transferred by the client and the external connection device identification held by the external connection device Information is used to instruct the external connection device to generate a spare encryption key. Encryption key information using the information generation instruction procedure and the backup encryption key acquired from the external connection device Encryption key information generation procedure for generating data and encryption for encrypting data using the encryption key information And a recording control procedure for recording the data encrypted by the encryption procedure in the recording unit. In order to correspond to the reproduction of data, the hardware transferred by the key information transfer procedure Preliminary decryption key using key information and external connection device identification information held by the external connection device Key information generation instruction procedure for instructing generation to the external connection device, and the external connection device Decryption key information generation procedure for generating decryption key information using the preliminary decryption key obtained from Encrypted data that is recorded in the recording unit and encrypted is stored in the recording unit. A read procedure for reading out the encrypted data read from the read procedure and the decryption key The decryption procedure for decrypting using the information is executed.

Depending on each configuration described above, at least recording means identification information that is identification information held by the recording means (recording unit) as hardware and information that is assumed to be internally held by the recording apparatus In addition, encryption key information is generated using device identification information, which is information that can be regarded as unique and corresponding to each recording device itself. The encryption key information is used to encrypt the data to be recorded in the recording device.
Also, decryption key information is generated using at least the recording means identification information and device identification information, and decryption of the encrypted data read from the recording means (recording unit) is performed using the decryption key information. To be done.
In the present invention having such a configuration, the recording means identification information and device identification information essential as the basis of the encryption key information / decryption key information are both identification information held in hardware units. I can say that. The encryption key information / decryption key information is generated by using two or more pieces of such hardware-dependent identification information.

  Therefore, in order to decode the data recorded in the recording means (recording section) according to the present invention, the recording means (recording section) in which the data to be decoded is recorded and the recording is performed when the data is recorded. This means that a regular recording apparatus or reproducing apparatus provided with the means is necessary. As a result, for example, the encrypted data recorded in the recording means (recording section) is properly decrypted and reproduced and output from the medium, or the recording means (recording section) is recorded in a non-regular form. Unauthorized use of data, such as reproduction or output by a device or a reproduction device, is prevented. In this case, the present invention generates encryption key information / decryption key information using at least a plurality of recording means identification information and device identification information as hardware-dependent identification information. Thus, for example, encryption data / encryption key information can be made stronger than when encryption key information / decryption key information is generated using identification information depending on one piece of hardware.

  Hereinafter, the best mode for carrying out the present invention (hereinafter simply referred to as an embodiment) will be described. As an embodiment, an example will be given in which the recording apparatus and reproducing apparatus according to the present invention are applied to a digital broadcast receiver capable of receiving and demodulating digital television broadcast.

The block diagram of FIG. 1 shows a configuration example of a digital broadcast receiver as an embodiment.
First, an antenna 20 is connected to the digital broadcast receiver 1. The antenna 20 receives a digital broadcast signal, converts it into a predetermined high-frequency signal by, for example, a built-in LNB (Low Noize Block Down Converter), and supplies the signal to the digital broadcast receiver 1.

  At present, digital television broadcasts are known as satellite broadcasts that send broadcast signals from communication satellites or broadcast satellites, and terrestrial waves that are sent from terrestrial antennas. As the machine 1, a configuration corresponding to any of the two may be adopted. The antenna 20 is a parabolic antenna adapted to the broadcasting system of the satellite to be received when it corresponds to satellite broadcasting as digital television broadcasting, and is a UHF antenna, for example, when it corresponds to terrestrial broadcasting. . However, in the following, for the sake of convenience and simplicity of explanation, the digital broadcast receiver 1 will be described as being compatible with digital television broadcast as satellite broadcast using a predetermined satellite.

In the digital satellite broadcast receiver 1, the reception signal received by the antenna 20 and converted into a predetermined frequency as described above is input by the front end unit 2.
The front end unit 2 receives a carrier (reception frequency) determined by the setting signal based on a setting signal in which transmission specifications and the like are set from the system controller 10, and for example, a Viterbi demodulation process or an error correction process To obtain TS (Transport Stream).

  As a TS in this case, taking digital satellite broadcasting as an example, MPEG2 (Moving Picture Experts Group Layer2) method is used to compress a plurality of programs (programs), compressed data obtained by compressing video signals and audio signals of channels, and various types of TS. Additional information is multiplexed. Data broadcasting data for a data broadcasting service is multiplexed as necessary.

The compressed data obtained by compressing the video signal and the audio signal and the data broadcasting data are multiplexed as an ES (Elementary Stream). As additional information inserted by the broadcasting side, PSI (Program Specific Information) for storing tables such as PAT (Program Association Table) and PMT (Program Map Table), SI (Service Information: Program Sequence Information) ) And the like.
The information is multiplexed by forming a TS with a 188-byte transport stream packet (TS packet) and storing the ES and various additional information in the TS packet. Is called.
The TS obtained at the front end unit 2 is supplied to the descrambler 3.

  Further, the front end unit 2 acquires a PSI (Program Specific Information) packet from the TS, updates the channel selection information, obtains a component PID (Program ID) of each channel in the TS, For example, it is transmitted to the system controller 10. The system controller 10 uses the acquired PID for received signal processing.

When the data input as TS from the front end unit 2 is scrambled (encrypted), the descrambler 3 (corresponding to the external data-corresponding decrypting means) executes a scramble process for solving this scramble. .
As is well known, the descrambling key for decrypting the scrambled data and the scrambled data are encrypted and sent from the sending side.
In the descrambler 3, for example, a descramble key decryption key prepared in advance on the digital broadcast receiver 1 side and used to decrypt the descramble key is received from the system controller 10 side, and a PID is received by the system controller 10. Is set. The descrambler 3 executes descrambling processing based on the descrambling key and PID obtained by decrypting the descrambling key decryption key.
In the present embodiment, the descrambling key decryption key is assumed to be stored in the IC card 14 to be described later, and the system controller 10 accesses the IC card 14 to execute the reading process, thereby A scramble key decryption key is obtained.
For confirmation, the TS output from the descrambler 3 may include multiple programs ES multiplexed, data broadcasting data, and PSI. This additional information is also multiplexed without being removed.

  The demultiplexer / decoder unit 4 is adapted to the demultiplexing process, that is, the process of separating and extracting necessary information from the multiplexed information and the information extracted by the demultiplexing process in accordance with the format, format, etc. of the information This is a part for executing demodulation and decoding processing.

  First, as the demultiplexing process, necessary TS packets are separated from the TS supplied from the descrambler 3 according to the filter condition set by the system controller 10, for example. Thus, for example, in the demultiplexer / decoder unit 4, as a TS packet for one target program, a TS packet of video data compressed by the MPEG2 system and a TS packet of audio data compressed by the MPEG2 system are used. Obtainable. It is also possible to separate the data broadcasting data for the required required data broadcasting.

The individual packets of compressed video / audio data separated by the demultiplexing process are each input to the decoder 5 in a format called PES (Packetized Elementary Stream).
The filter condition is set by extracting PAT, PMT, etc. included in the TS by the demultiplex processing function block in the demultiplexer / decoder unit 4 and transferring them to the system controller 10, for example. The system controller 10 sets filter conditions for the demultiplex processing function block of the demultiplexer / decoder unit 4 based on the information content described in the transferred PAT, PMT, etc. The

Further, as a demodulation (decoding) process in the demultiplexer / decoder unit 4 in the present embodiment, for example, the following process is executed.
First, as a decoding function, the demultiplexer / decoder unit 4 synchronizes the compressed video data with the video data output according to the MPEG2 format and the video decoder that decodes (decompresses) the compressed video data according to the MPEG2 format. And an audio decoder for performing decoding processing.
That is, in the demultiplexer / decoder unit 4, the compressed video / audio data obtained by the demultiplexing process is decoded by the video decoder and the audio decoder, respectively, and these decoded outputs are reproduced in the reproduction time. A digital video signal and a digital audio signal whose axes are synchronized are output.

  Further, the demultiplexer / decoder unit 4 includes a data broadcast decoder corresponding to the data broadcast data. This data broadcast decoder inputs data broadcast data obtained by demultiplex processing. The input data broadcasting data is packetized in, for example, a TS packet format. In view of this, the data broadcasting decoder performs processing for unpacking the input TS packet to generate data for data broadcasting. In this case, for example, in this case, the data broadcasting data generated in this way is written into a memory area provided in the demultiplexer / decoder unit 4 and held therein. . Note that a RAM or the like held internally by the system controller 10 for use as its own work area may be used as such a memory area.

  For example, when it is necessary to display and output a data broadcast, the system controller 10 causes the required data broadcast data to be read from the memory area in accordance with the timing at which the data broadcast should be displayed and output. Then, the data broadcasting data obtained by performing this reading is converted into image data. Then, the image data of the data broadcast is superimposed on an image as a digital video signal output by the MPEG decoding process and output.

In addition, the digital broadcast receiver 1 according to the present embodiment includes an encryption / decryption processing unit 5.
The encryption processing unit 6 in the encryption / decryption processing unit 5 is provided to encrypt content data to be recorded when recording and storing the content data in the HDD 8. The content data here is mainly data obtained by the demultiplexer / decoder unit 4, and therefore, one is video / audio data as a normal broadcast program (program). The other is data having content as data broadcasting, data for data broadcasting.
Further, for example, video / audio data obtained by downloading from the network via the network interface 9 described later may be included. Further, the present invention is not limited to video / audio data, but may be content data constructed using markup language technologies such as HTML (Hyper Text Markup Language) and XML (Extensible Markup Language). Good. That is, in the present embodiment, the type of data to be encrypted and recorded in the HDD 8 is not particularly limited.

When the content data to be recorded in the HDD 8 is video / audio data, the encryption processing unit 6 converts the compressed video data and the compressed audio data obtained by the demultiplexing process in the demultiplexer / decoder unit 4. To input. In other words, the video / audio data in the MPEG encoded format is input to the encryption processing unit 6, and the input data is subjected to encryption processing according to a predetermined encryption algorithm.
Further, when the content data to be recorded is data for data broadcasting, the decoding processing such as unpacketization is performed, and the data in a format to be held in the memory area is stored in the encryption processing unit 6. It is assumed that the encryption process is performed.

In this case, the data output of the encryption processing unit 6 is connected to the internal bus 15, whereby the content data encrypted by the encryption processing unit 6 is controlled by the system controller 10, for example, under the control of the internal bus 15. Can be transferred to a required functional circuit unit connected to the.
When the content encrypted by the encryption processing unit 6 is recorded on the HDD 8, the system controller 10 sends the encrypted content data output from the encryption processing unit 6 to the HDD 8 via the internal bus 15. The control is executed in such a way as to be transferred.

A hard disk drive (HDD) 8 is a storage device unit using a hard disk as a storage medium.
In the case of the present embodiment, the device unit as the HDD 8 is attached so that it cannot be removed by a general user in the digital broadcast receiver 1. Such an HDD 8 is a part of the digital broadcast receiver 1, but is handled as a single hardware device by itself.
Such a device is usually given a serial number at the time of manufacture. The serial number is unique to each device itself, and thus can be said to be identification information for identifying individual devices. The serial number is generally indicated as a combination of alphanumeric characters having a predetermined number of digits.

  The HDD 8 of this embodiment is also given a serial number as one hardware device. The HDD 8 holds the serial number information. That is, the HDD 8 has identification information (recording means (recording unit) identification information) for specifying each single hardware device. The HDD 8 can output data indicating the serial number in response to a command requesting serial number notification.

In the HDD 8 of the present embodiment, content data (audio data, video data) acquired by receiving digital broadcasting can be recorded and stored. In particular, in the case of the present embodiment, when content data is stored in the HDD 8, the content data can be encrypted and recorded by the encryption processing unit 6 described above.
The data recorded in the HDD 8 can be managed by executing a process related to data management by the system controller 10 based on a file system, for example, as is well known.

  Data stored in the HDD 8 can be read out under the control of the system controller 10. The read data is transferred to a predetermined functional circuit unit via the internal bus 15 in accordance with the use and purpose.

For example, when reproducing encrypted content data recorded on the HDD 8, first, the encrypted content data file to be reproduced is read from the HDD 8, transferred to the decryption processing unit 7 via the internal bus 15, and input. I will let you.
Note that the storage device to be attached to the digital broadcast receiver 1 in a non-removable state is not limited to the HDD 8 but is practically necessary for content data composed of video / audio, for example. It is only necessary to have a storage capacity capable of storing the quantity. For example, if a relatively large-capacity storage device using a memory element such as a flash memory has been realized in the future, such a storage device can also be adopted.

The decryption processing unit 7 decrypts the input data when the input data is encrypted by a conforming method as signal processing. In the present embodiment, the data to be input to the decryption processing unit 7 and to be decrypted is at least encrypted content data recorded in the HDD 8.
The content data obtained by decryption by the decryption processing unit 7 is, for example, mainly obtained by receiving a broadcast and stored in the HDD 8 as understood from the above description. , Compressed video data and compressed audio data. Alternatively, it is data broadcasting data. In order to reproduce and output these data, it is necessary to execute a decoding process, a reproduction process, etc. according to the format of the data. Therefore, the content data obtained by decryption by the decryption processing unit 7 is output to the demultiplexer / decoder unit 4 again.

The demultiplexer / decoder unit 4 executes a decoding process and a reproduction process suitable for the format of the input content data, and outputs the result. As an example, when the content data input from the decoding processing unit 7 is composed of compressed video data and compressed audio data, the decoding output is executed according to the MPEG2 format as described above, and the playback output time is synchronized. Output as a video / audio signal.
Further, when the content data is content data described in, for example, a markup language, the system controller 10 may read and interpret the markup language and execute a reproduction process.

  Note that it is not always necessary to encrypt all the content data recorded in the HDD 8. That is, for example, among the content data to be recorded on the HDD 8, the content data that needs to be encrypted is distinguished from the content data that is not necessary, and only the content data that needs to be encrypted is encrypted and recorded on the HDD 8. It is possible to do. For this purpose, for example, information indicating whether or not encryption recording is necessary is defined as additional information to be superimposed on digital broadcasting. When recording content data on the HDD 8, the system controller 10 refers to the content of the additional information to determine whether or not the content data should be encrypted.

The network interface 9 is provided, for example, for connecting a network such as the Internet or LAN and the digital broadcast receiver 1 to communicate with other devices and servers connected to the network.
The network interface 9 is mainly operated by the digital broadcast receiver 1 (viewer) for broadcasting operation, for example, transmitting billing information according to the user's viewing history or viewing contract content to the billing server or interactive broadcasting. It is provided for the purpose of transmitting information to the side. Further, for example, it is possible to configure so that content data uploaded on a network can be downloaded. The content data downloaded in this way can be recorded on the HDD 8, and at this time, it can be recorded on the HDD 8 after being encrypted as described above.

  The system controller 10 includes, for example, a CPU, a RAM, a ROM, and the like, and includes control for each functional circuit unit so that necessary operations as the digital broadcast receiver 1 are appropriately executed. The control process, the arithmetic process, etc. are executed.

  The IC card interface 11 is provided with a slot for inserting the IC card 14. When the IC card 14 is properly inserted into the IC card interface 11, communication between the IC card 14 and the system controller 10 becomes possible. For example, the system controller 10 writes information to the IC card 14. Reading is possible.

The IC card 14 can store channel contract information, purchase history information such as so-called pay-per-view programs, pay-per-view channels, and the like regarding the user who owns the IC card 14. . These pieces of information are used for billing. In addition, as described above, rewriting and updating of the information is performed by the system controller 10 based on the operation result of the digital broadcast receiver 1 according to the use of the user.
Also, the descramble key decryption, which is key information used for decrypting the encrypted descramble key transmitted from the transmission side when the descrambler 3 executes the descramble process, is stored in the IC card 14. Key information is also stored.
Furthermore, a card ID is recorded on the IC card 14. The card ID in this case is information that cannot be rewritten and is unique to each IC card 14. That is, identification information (external connection device identification information) for specifying an IC card.
In this way, the IC card 14 stores information that should be strictly restricted by third parties, such as descrambling key decryption keys and card IDs, in addition to information related to billing to the user. For this reason, the IC card 14 itself has very high information confidentiality and security. For example, it is very difficult for a person with appropriate knowledge to extract and analyze information from an IC card.

Here, the digital broadcast receiver 1 can be communicably connected to a billing server on the network via the network from the network interface 9 under the control of the system controller 10.
The system controller 10 reads out the contract information and purchase history information from the IC card 14 inserted in the IC card interface 11 at a predetermined opportunity and timing, and transmits them to the accounting server 5 connected to the network. To be done. The billing server 5 side charges the user by setting the amount according to the sent history information and charges the user.

  When the descrambler 3 executes descrambling processing, the system controller 10 reads the descrambling key decryption key stored in the IC card 14 and transfers it to the descrambler 3 via the internal bus 15. As described above, the descrambler 3 executes descrambling processing using the descrambling key data.

The secure IC 12 is physically an IC chip (that is, a hardware component) that is fixedly mounted in the digital broadcast receiver 1 by, for example, soldering, and the circuit is as illustrated. For example, it is connected to the data bus 15. As the secure IC 12 operates, a specific function in the digital broadcast receiver 1 is realized. In the present invention, the functions realized by the secure IC 12 are not particularly limited.
The secure IC 12 is also given a secure ID (component identification information), which is an ID unique to each hardware component as the secure IC 12 to be manufactured in the same manner as the hardware components as the HDD 8. The secure ID information is held. The secure IC 12 is configured to provide high information confidentiality and security by providing a firewall function at least for the secure ID.

  In the present embodiment, the secure IC 12 is an IC chip that is fixedly installed in the digital broadcast receiver 1, and therefore the digital broadcast receiver 1 operates normally when it is removed from the digital broadcast receiver 1. No longer. In this respect, it can be said that the secure IC 12 is inseparable from the digital broadcast receiver 1. Also, from this, the secure ID held by the secure IC 12 is unique to each digital broadcast receiver 1 and functions as identification information (device identification information) for specifying each digital broadcast receiver 1. It can be said that.

The user interface unit 13 is for various controls (including a remote controller and a command receiving function corresponding to the remote controller) for the user to perform operations on the digital broadcast receiver 1, and various displays according to the operation status. The display device, the display drive circuit, and the like for executing are collectively shown.
For example, when an operation is performed on a specific operator, the user interface unit 13 generates a command corresponding to the operation on the operator and outputs the command to the system controller 10. The system controller 10 executes necessary control processing so that the operation requested by this command is obtained.
Further, when executing display, the system controller 10 generates image data to be displayed and outputs it to the display drive circuit in the user interface unit 13. And a display drive circuit drives a display device according to the supplied image data, and an image is displayed on the display screen of this display device.

  In the digital broadcast receiver 1 according to the present embodiment having the above-described configuration, the encryption processing unit 6 encrypts the content data (audio / video data or data broadcast data) acquired by receiving the broadcast, and the encryption is performed. The content can be recorded and saved in the HDD 8. Also, the encrypted content data recorded in the HDD 8 can be decrypted and reproduced and output by the decryption processing unit.

As is well known, in order to perform encryption and decryption, key information for encryption / decryption is required. The basic procedure for generating key information for encryption / decryption by the encryption processing unit 6 and the decryption processing unit 7 in the present embodiment is schematically shown in FIG.
First, the HDD serial number 101 is acquired from the HDD 8, and the secure ID 102 is acquired from the secure IC. Then, arithmetic processing 103 is executed. The calculation process 103 generates a hardware key 104 that is the first key information by executing a calculation process according to a predetermined algorithm using the HDD serial number 101 and the secure ID 102.

  If the hardware key 104 is acquired as described above, the card ID 105 held by the IC card 14 assumed to be loaded in the IC card interface 11 and the hardware are subsequently calculated by the arithmetic processing 106. Using the wear key 104, a key generation process 106 according to a predetermined algorithm is executed. By this key generation process 106, the encryption key 107 is generated corresponding to the encryption process, and the decryption key 108 is generated corresponding to the decryption process.

  When recording the content data in the HDD 8, the encryption processing unit 6 executes the encryption process 109 for the content data using the encryption key generated by the above procedure. Similarly, when playing back the encrypted content data recorded on the HDD 8, the decryption processing unit 7 decrypts the encrypted content data read from the HDD 8 with the decryption key 108 generated by the above procedure. Will be executed.

  Here, according to FIG. 2, the hardware key 104 is generated by the HDD serial number 101 and the secure ID 102. Both the HDD serial number 101 and the secure ID 102 are information held by each hardware device of the HDD 8 and the secure IC 12 provided for the digital broadcast receiver 1 and are unique to each device. That is, it can be said that each of the HDD serial number 101 and the secure ID 102 is ID information unique to each digital broadcast receiver 1. Therefore, the hardware key 104 is key information unique to each digital broadcast receiver 1.

  In addition, as described with reference to FIG. 1, the HDD 8 is provided so that it cannot be removed from the digital broadcast receiver 1 under normal handling. The same applies to the secure IC 12 from which the secure ID 102 is acquired. In other words, it can be said that it is very difficult for a person who does not use regular manufacturing equipment and maintenance equipment to replace the HDD 8 and the secure IC 12.

  From this, it can be said that the above-described hardware key 104 is unique to each digital broadcast receiver 1, that is, the uniqueness is quite strong. Similarly, the encryption key 107 / decryption key 108 generated using 104 has a strong uniqueness with respect to each digital broadcast receiver 1.

In the case of the present embodiment, the hardware key 104 is created using ID information of two or more hardware devices that are unique as the digital broadcast receiver 1, and this generates a hardware key. However, for example, it can be said that it has higher security than the case of using ID information of a single hardware device in the following points.
That is, for example, if even one of the pieces of ID information of a plurality of hardware devices that are the basis of the hardware key 104 is replaced, the valid hardware key 104 cannot be generated. The encryption key 107 and the decryption key 109 cannot be generated.
The encryption key 107 and the decryption key 108 have a paired relationship in that they are generated from the same hardware key 104.

  Then, by using the encryption key 107 and the decryption key 108 having such properties to encrypt / decrypt the content data recorded / reproduced to / from the HDD 8, the following illegal acts are particularly effective. Can be prevented.

  As a digital broadcasting receiver 1 according to the present embodiment, one of the fraudulent acts that are considered to be most likely to be practically performed with respect to a device having an HDD as a storage device for storing content data. The HDD is removed and connected to a personal computer or the like, and the content data stored therein is used in some way.

  As described above, the HDD 8 as a hardware device provided in the digital broadcast receiver 1 of the present embodiment is attached so that it cannot be replaced by normal handling. However, the HDD itself is a single storage device and is originally mounted in such a way that it can be easily replaced because of extensibility considerations such as a personal computer. A new HDD is installed as a single component. For this reason, it is assumed that, for example, a person who intends to perform an illegal act has appropriate technology and knowledge. In this case, there is no guarantee that the difficulty of taking out the HDD 8 from the digital broadcast receiver 1 will be sufficiently maintained as compared with an IC-shaped component or the like attached on the substrate by soldering or the like.

Here, it is assumed that a malicious person succeeds in taking out the HDD 8 from the digital broadcast receiver 1 of the present embodiment as described above. Then, for example, it is assumed that the taken out HDD 8 is connected to a personal computer or the like to reproduce the content data stored therein.
As can be understood from the above description, the content data stored in the HDD 8 is recorded when the digital broadcast receiver 1 is mounted. Encryption according to the procedure shown in FIG. For this reason, when the content data recorded in the HDD is to be reproduced and output by a personal computer, it is necessary to decrypt this encryption. For decryption, as described above, it is necessary to obtain the decryption key 108 having a pair relationship with the encryption key 107 in that it is generated using the hardware key 104.

In order to obtain the decryption key 108, the hardware key 104 and the card ID 105 are required. First, in order to generate the hardware key 104, the HDD serial number 101 is read and acquired from the HDD 8, and the secure ID 102 is obtained from the secure IC 12. Needs to be read and acquired.
In this case, the HDD 8 has already been removed from the digital broadcast receiver 1, and for example, a malicious user can freely handle it. For this reason, for example, it is assumed that the HDD serial number 101 can be acquired from the HDD 8. In order to generate the hardware key 104, it is only necessary to obtain the secure ID 102.
However, in this case, the secure IC 12 remains attached to the digital broadcast receiver 1 from which the HDD 8 has been removed. As described above, since the secure IC 12 has the secure ID 102 with correspondingly high security, for example, when the secure IC 12 is attached to the digital broadcast receiver 1, the secure ID 102 is read from the outside. It is very difficult to get. Further, if the secure IC 12 is removed from the digital broadcast receiver 1 or separated from the circuit of the digital broadcast receiver 1 for analysis, the operation becomes very troublesome. Also, it is technically difficult to obtain the secure ID 102 by analysis.

  Therefore, even if the specific decryption process shown in FIG. 2 is known, the HDD serial number of the HDD 8 and the secure ID necessary for generating the hardware key 104 are obtained as described above. It is practically impossible to acquire both of them, and therefore, it is almost impossible for a malicious user to generate and obtain a regular hardware key 104. As a result, it is almost impossible to acquire the regular decryption key 108, and the encrypted content stored in the HDD 8 cannot be normally reproduced and output. That is, an illegal act represented by secondary use of content data stored in the HDD 8 is effectively prevented.

In addition, in this embodiment, the encryption key 107 / decryption key 108 are generated using not only the hardware key 104 but also the card ID 105 of the IC card 14.
As a result, when performing illegal secondary use of the content data stored in the HDD 8, the IC card used when the content data was properly recorded on the HDD 8 by the digital broadcast receiver 1 is illegally used. If the person who wants to do so does not own it, the card ID 105 necessary for generating the encryption key 107 / decryption key 108 cannot be known. That is, even if the same hardware key as the legitimate hardware key 104 can be illegally obtained, the card ID 105 cannot be obtained, and the normal decryption key 108 cannot be obtained.

In this way, in this embodiment, in order to generate the encryption key / decryption key, first, the ID (HDD serial number) unique to the storage device (HDD 8) that is provided in the digital broadcast receiver 1 and stores the content data. Number 101) and an ID (secure ID 102) unique to another hardware device (secure IC 12) different from this are used, so that the uniqueness of the product as the legitimate digital broadcast receiver 1 is strong. As a result, this ensures high security against illegal decryption of the cipher.
In addition, an ID (card ID) unique to an external component related to the digital broadcast receiver 1 such as the IC card 14 is also used, and in particular, a third party who does not have a regular ID card. It is intended to obtain higher security against fraud.

For confirmation, as will be understood from the above description, the hardware key 104 is indispensable for generating the encryption key 107 / decryption key 108 in the present embodiment. Is a plurality of ID information that the digital broadcast receiver 1 has to generate. And, among them, as described above, one is ID information specific to the storage device that is fixedly mounted on the digital broadcast receiver 1 and stores the encrypted content data. The other is ID information unique to a hardware device other than the storage device and fixedly mounted on the digital broadcast receiver 1.
According to the present invention, the encryption key 107 / decryption key 108 is generated based on at least ID information (recording unit identification information) unique to these storage devices and ID information (device identification information) unique to the hardware device. do it. In addition, as with the card ID 14 of the card IC 12, ID information (external connection device identification information) of a device connected from the outside is added to make the encryption stronger.

In the embodiment, the ID information (apparatus identification information) unique to the hardware device is only one secure ID 14 held by the specific secure IC 12, but the ID information corresponding to the apparatus identification information is as follows. May use a plurality. That is, for example, in the digital broadcast receiver 1, like the secure IC 12, hardware such as an IC chip that holds ID information with high security and is fixedly mounted in a non-removable form. If there are more components, the ID information of such components may be additionally used as a secure ID.
Further, as ID information (external connection device identification information) of a device connected from the outside, a card ID other than the card ID of the card IC 12 may be used. Also, a plurality of external connection device identification information may be used.

Next, with reference to the flowcharts of FIGS. 3 to 5, the processing operation for realizing the recording operation and the reproducing operation in the HDD 8 including the encryption processing / decryption processing described above in the digital broadcast receiver 1. explain.
First, processing when content data is recorded and stored in the HDD 8 will be described with reference to FIG. The process shown in this figure is obtained by the system controller 10 executing, for example, according to a program stored in advance.

  For example, it is assumed here that it is time to start recording the content data acquired by receiving the broadcast by the digital broadcast receiver 1 of the embodiment. Note that the timing at which recording of content data should be started is, for example, an operation for instructing recording of content data as an operation by the user, and the content data transmitted from the user interface unit 13 in response to this operation. An example is when the system controller 13 receives a command for instructing recording. Also, when the digital broadcast receiver 1 of the present embodiment has a recording reservation function (including an automatic recording reservation function corresponding to a viewing history etc.), a registered recording reservation start time is reached. Can be mentioned.

  When it is time to start recording the content data as described above, the system controller 10 first proceeds to step S101 and executes a process for generating the encryption key 107. The procedure for generating the encryption key as step S101 is schematically shown in FIG. 2, but here, a more detailed description will be given with reference to the flowchart of FIG.

  In order to generate the encryption key 107, first, a process for acquiring the HDD serial number 101 from the HDD 8 is executed as shown in step S301 of FIG. For this purpose, the system controller 10 transmits a command for requesting notification of the HDD serial number 101 to the HDD 8 via, for example, the internal bus 15. As a response to this command, the HDD 8 reads the HDD serial number 101 held by itself and transfers it to the system controller 10. By receiving and holding the transferred information, the system controller 10 can acquire the HDD serial number 101.

In the subsequent step S302, the secure ID 102 is acquired from the secure IC 12. For this purpose, as in the case of step S301, a command requesting notification of the secure ID 102 is transmitted to the secure IC 12, and the secure ID 102 returned as a response is received and acquired.
However, in order to increase the security, when acquiring the secure ID 102, authentication for communication between the system controller 10 and the secure IC 12 is performed so that the secure IC 12 authenticates that the system controller 10 is valid. It is conceivable to notify the secure ID 102 from the secure IC 12 only when the password is obtained (that is, when it is confirmed that the system controller is mounted on the same digital broadcast receiver 1 at the time of manufacture). . As communication for obtaining this authentication, the system controller 10 transmits, for example, information corresponding to its own ID to the secure IC 12, and whether or not the information corresponding to this ID is correct on the secure IC 12 side. What is necessary is just to comprise so that it may determine.

By executing the processes in steps S301 and S302, the system controller 10 acquires and holds the regular HDD serial number 101 and the secure ID 102.
Therefore, in the next step S303, the hardware key 104 is generated by executing the arithmetic processing 103 shown in FIG. 2 using the HDD serial number 101 and the secure ID 102 that are held. The arithmetic processing 103 for generating the hardware key 104 serving as the key information is not particularly limited. As long as the HDD serial number 101 and the secure ID 102 are used as the generation source information, the arithmetic processing 103 is known. What is appropriate may be adopted from the encryption key generation technology that is used or will be used in the future.

When the hardware key 104 is generated as described above, the system controller 10 transfers the hardware key 104 to the IC card 14 as a process of step S304. As a result, the hardware key 104 is acquired on the IC card 14 side.
The process from step S304 to the subsequent steps S305 to S307 is the key generation process 106 in FIG.

In subsequent step S305, the system controller 10 instructs the IC card 14 to generate a spare encryption key. That is, for example, a command for requesting generation of a spare encryption key is transmitted.
The IC card 14 according to the present embodiment includes, for example, a microcomputer (system controller) inside, and can execute control processing by itself. The IC card 14 according to the present embodiment is configured so as to be able to generate the preliminary encryption key. This is realized by the IC card 14 storing a program for the backup encryption key in, for example, the internal ROM, and the microcomputer executing processing according to this program.
The IC card 14 holds the hardware key 104 currently acquired in response to the request command for generating the spare encryption key received in response to the execution of the process of step S305. A spare encryption key is generated by executing a predetermined calculation process using the card ID 105. Then, as a response, the generated backup encryption key is transferred to the system controller 10.

The system controller 10 receives the backup encryption key transferred as described above by the processing in step S306.
In the next step S307, the encryption key 107 is generated by using the acquired backup encryption key.

According to the above description, the key generation processing 106 in FIG. 2 does not simply generate the encryption key 107 by using the hardware key 104 and the card ID 105, but first, the hardware is generated by the IC card 14. It can be seen that a preliminary encryption key is generated using the key 104 and the card ID 105, and that a final encryption key 107 is generated using the preliminary encryption key. That is, it can be said that the encryption key 107 is generated by a two-level key generation process.

As the encryption key generation process including the card ID, for example, as described above, a one-level key generation process in which the encryption key 107 is simply generated using the hardware key 104 and the card ID 105, You may take the structure which carried out. As such a key generation process, for example, a configuration in which the encryption key 107 is generated by the IC card 14 may be considered. That is, the key information treated as the backup encryption key in the process shown in FIG.
However, if the final encryption key 107 is generated only on the IC card 14 side as described above, the following problem may occur.

For example, in the future, it may be necessary to change the algorithm (that is, the program) of the encryption process / decryption process for the purpose of obtaining higher encryption security. At this time, the program for generating an encryption key or the like in the IC card 14 is also changed. However, the IC card 14 is, for example, an external device separate from the digital broadcast receiver 1 and has a configuration in which very high security is maintained because personal information of the user is stored. For example, it is very difficult to rewrite internal data such as program upgrades. In other words, there is a risk that future version upgrades cannot be supported and security is weakened.

On the other hand, it is easier than the IC card 14 to update the program to be executed by the system controller 10 side. Therefore, if the two-level encryption key generation process is performed as in the present embodiment, the encryption key generation process on the IC card 14 side is difficult even if it is difficult to upgrade the encryption key generation process on the IC card 14 side. By updating the program for generation, it is possible to cope with version upgrades for encryption processing and decryption processing.
In addition, the two-level encryption key generation process has the advantage that higher security can be obtained than the one-level encryption key generation process.

The process flow shown in FIG. 5 is the same for the process of generating the decryption key 108. In this case, depending on the processing in step S305, the system controller 10 requests the IC card 14 to generate the preliminary decryption key 107. Then, a preliminary decryption key is acquired in step S306, and the decryption key 108 is generated using the preliminary decryption key acquired in step S307.

Returning to FIG.
When the encryption key 107 is generated as described in FIG. 5 as the processing in step S101, the system controller 102 transfers the encryption key 107 to the encryption processing unit 6 by the processing in step S102. The encryption processing unit 6 inputs the transferred encryption key 107 and internally holds it as an encryption key to be used for encryption processing. Thereafter, the encryption processing unit 6 can execute encryption processing on the input content data using the stored encryption key 107.

  In the next step S103, a predetermined size of content data (recorded data) to be recorded in the HDD 8 is fetched from the demultiplexer / decoder unit 4 and transferred to the encryption processing unit 6. At the same time, by the processing in the next step S104, the required control processing is executed so that the recording processing data transferred to the encryption processing unit 6 is properly encrypted by the encryption processing unit 6. Then, a control process for writing the recording data encrypted by the encryption processing unit 6 into the HDD 8 is executed by the process in the next step S105. That is, the recording data encrypted and output by the encryption processing unit 6 is transferred to the HDD 8 via the internal bus 15. Then, the HDD 8 is instructed to write data. In response to this, the HDD 8 executes a process of writing the transferred data to the hard disk.

  In the present embodiment, the encryption key is updated at a predetermined timing that is a relatively short time as an encryption processing algorithm. In the present invention, for example, one encryption key may be used in a fixed manner. However, by updating the encryption key in a relatively short time in this way, the case of using only one encryption key can be used. Even high security can be obtained. There are various possible ways of updating the encryption key, but here, for the sake of simplicity, it is assumed that the encryption key is updated at regular intervals. Of course, it is possible to make the update cycle time non-constant by a more complicated algorithm.

  In step S106, it is determined whether or not the timing for updating the encryption key has been reached. This process may be performed, for example, by determining whether or not the cycle time corresponding to the encryption key update has elapsed since the encryption key generation process in the previous step S101.

If a negative result is obtained that the timing for updating the encryption key has not yet been reached in step S106, the recording of the content data in the HDD 8 is completed, and a positive determination result is obtained in the next step S107. The process returns to the process of step S103 until it is done.
If it is determined that the encryption key has been updated in step S106 and a positive result is obtained, the process returns to step S101.

That is, the digital broadcast receiver 1 transfers a predetermined amount of recording data from the demultiplexer / decoder unit 4 to the encryption processing unit 6 until the content data recording is completed, performs encryption, and stores it in the HDD 8. The operation of writing is repeated.
Then, when it is time to update the encryption key 107, the encryption key 107 is updated by returning to the process of step S101 again, and the next step S102 is executed to set the encryption key in the encryption processing unit 6. The encryption key to be updated is also updated. Then, by executing the processing after step S103, the recording data is encrypted by the updated encryption key 107 and written to the HDD 8.
As a result, the content data output from the demultiplexer / decoder unit 4 is encrypted and recorded so as to be accumulated in the HDD 8, and the encrypted content data recorded in the HDD 8 is recorded. For example, it is encrypted with a different encryption key 107 at regular time intervals.

  When it is determined in step S107 that the timing for ending the recording of the content data has been reached, for example, after actually executing a required recording end process such as updating the HDD 8 falsy system, etc. Then, the recording operation to the HDD 8 is stopped.

  Next, with reference to FIG. 4, a process for recording and storing content data recorded on the HDD 8 will be described. The processing shown in this figure is also obtained by the system controller 10 executing, for example, according to a program stored in advance.

  For example, the user performs an operation for selecting desired content data from the content data (encrypted content data) stored in the HDD 8 and causing it to be reproduced and output. In response to this operation, the user interface unit 13 It is assumed that a command for instructing start of reproduction output specifying content data is transmitted to the system controller 13. In response to receiving this command, the system controller 10 starts executing the process from step S201.

In step S201, a process for generating the decryption key 108 is executed.
As described above, the processing for generating the decryption key 108 is as shown in FIG.
For confirmation, it is natural that the decryption key 108 is generated to be paired with the encryption key 107 obtained by encrypting the content data to be reproduced. That is, as the processing of step S201 (that is, FIG. 5), the processing algorithm is constructed so as to generate the decryption key 108 that can decrypt and decrypt the content data to be reproduced. It is.

  When the decryption key 108 is generated by the process of step S201, the system controller 102 transfers the generated decryption key 108 to the decryption processing unit 7 as a process of step S202. The decryption processing unit 7 also inputs and holds the transferred decryption key 108. Thereafter, the decryption processing unit 7 can execute decryption processing of the input encrypted content data using the stored decryption key 108.

  In the next step S203, control is performed so that the encrypted content data designated for reproduction is read from the HDD 8 in a predetermined data reading unit (in this case, it should also be a decryption processing unit). And the encrypted content data that has been read out is transferred to the decryption processing unit 7 by the processing in the subsequent step S204. In step S205, control processing is executed such that the decryption processing unit 7 performs decryption processing on the encrypted content data thus transferred.

In this case, the execution of the decoding process in the demultiplexer / decoder unit 4 is controlled as a process in subsequent step S206. For this purpose, for example, the system controller 10 converts the content data that has been decrypted by the decryption processing unit 7 into plain content at a required timing in the demultiplexer / decoder unit 4. The control process is executed so as to be input to the decode signal processing system corresponding to the format.
In the demultiplexer / decoder unit 4, the input content data is subjected to a decoding process suitable for the format of the content data and output as reproduction data. As an example, if the input content data is video data / audio data compressed and encoded by the MPEG system, the demultiplexer / decoder unit 4 uses the video decoder / audio decoder corresponding to the MPEG system as the content data. The video data / audio data is demodulated and output as a video signal and an audio signal whose reproduction times are synchronized.

The encrypted content data read from the HDD 8 in a predetermined data unit shown in steps S203 to S206 is decrypted and decrypted (S203 → S204 → S205), and further decoded and reproduced and output (S206). The control process is repeated until it is determined in step S208 that the timing for ending reproduction of the content data that has been reproduced and output so far has been reached.
In this way, when the processes of steps S203 to S206 are repeatedly executed, content data to be reproduced and output without interruption, such as video data and audio data, is reproduced and output. If it is, the video signal and the audio signal reproduced and output from the demultiplexer / decoder unit 4 are guaranteed to be output continuously in time, and the data is read out from the HDD 8 and decoded. 7 is controlled, the timing of the decoding process, the timing of the decoding process, the data transfer timing to the demultiplexer / decoder unit 4, and the like.
For example, by repeating the above steps S203 to S206, the plain content data is input to the demultiplexer / decoder unit 4 at an intermittent timing. A buffer for buffering (accumulating) input content data is provided. This buffer may be configured to use a memory as a ring buffer, for example. In such a configuration, the system controller 10 controls the timings and the like in the process of steps S203 to S206 so that the ring buffer does not overflow and underflow.

  Further, as described in the content data recording process to the HDD 8 described with reference to FIG. 3, the encryption key 107 is updated and generated, for example, at a predetermined timing every predetermined period. ing. As described above, the encryption key 107 and the decryption key 108 form a pair, and the information encrypted by the encryption key 107 can be decrypted only by the decryption key 108 paired therewith. Therefore, in the reproduction process of the content data shown in FIG. 4, it is necessary to update the decryption key 108 so as to correspond to the update of the encryption key 107 at the time of recording.

  Therefore, in FIG. 4, it is determined whether or not the update timing of the decryption key 108 has been reached by the processing in step S <b> 207. Here, if a negative result is obtained that the update timing of the decryption key 108 has not been reached, the process returns to the process of step S203 after performing the process of step S207 during reproduction. That is, a control process for reproducing and outputting content data, including a decryption process using the decryption key 108 currently held by the decryption processing unit 7 is executed.

If it is determined that the timing for updating the decryption key 108 is reached, the process returns from step S207 to step S201. Then, through the processing in step S201, a decryption key 108 different from the one generated previously is regenerated. That is, the decryption key 108 is updated. For confirmation, the updated decryption key 108 is a pair with the encryption key 107 when the content data to be reproduced (steps S203 to S206) is encrypted. Thus, the content data to be reproduced can be decrypted.
In step S202, the decryption key 108 updated in step S201 is transferred to the decryption processing unit 7. The decryption processing unit 7 retains the newly transferred decryption key 108 in place of the decryption key 108 retained as key information to be used so far. As a result, in the subsequent step S205, the decryption process is executed with the newly updated decryption key 108. As a result, the content to be reproduced and output in response to the update of the encryption key 108 at the time of recording. The data will be decoded properly.

  In order to make the update of the composite key 108 correspond to the update timing of the encryption key 107 and the update value of the key at the time of recording, the existing encryption technology employed so far may be employed. For example, one is to use the same random number generator (or an algorithm (program) for generating random numbers) used to generate the encryption key 107 and the random number generator that generates the decryption key 108. To be. In this way, the encryption key 107 and the decryption key 108 that are paired with each other can always be generated at the same update timing when the encryption key 107 is generated and when the decryption key 108 is generated.

By the way, when recording content data (that is, broadcast content) obtained by receiving and acquiring a broadcast in the digital broadcast receiver 1 of the present embodiment on the HDD 8, first, encryption performed on the broadcast side (sending side). The so-called scramble is canceled, and the descrambled content data is recorded in the HDD 8.
In other words, in the present embodiment, the broadcast content that has been encrypted by scrambling is once decrypted, and then encrypted again and recorded in the HDD 8 as a local process in the digital broadcast receiver 1. It has a configuration.

In terms of recording the broadcast content encrypted on the HDD, it may be possible to record the broadcast content directly on the HDD 8 without releasing the scramble performed by the broadcast side.
However, when the broadcast content that has been scrambled on the broadcast side is recorded in the HDD 8, the following problems occur when playback is performed.

In order to cancel the scramble performed on the broadcast side, for example, as described above, it is necessary to use the descrambling key decryption key held by the IC card 14, and the IC card 14 is accessed and the descrambling key Communication with the IC card 14 is required, such as obtaining a decryption key.
In addition, the scramble performed on the broadcast side is scrambled with a scramble key updated at a cycle of, for example, several seconds for the purpose of improving security. Therefore, when executing the descrambling process, it is necessary to update the descrambling key according to the timing at which the scramble key is updated. To update the descrambling key, each time the IC card 14 is updated. It is necessary to access and communicate. For this reason, during the descrambling process, communication is performed by accessing the IC card 14 at a relatively high frequency with a cycle of several seconds corresponding to the update timing of the scramble key.

Thus, even if communication with the IC card 14 is performed at a high frequency, there is no particular problem when the broadcast signal received and acquired by the descrambler 3 is normally descrambled. This is because the communication speed with the IC card 14 and the descrambling processing speed in the descrambler 3 are originally set considering that the update timing of the scramble key is in time.
However, as described above, if the broadcast content that has not been descrambled is recorded in the HDD 8, a problem arises when the broadcast content is to be reproduced and output.

  For example, data playback such as video / audio is sometimes performed in addition to normal playback, in other words, a playback operation called so-called trick playback, represented by fast forward and fast reverse, is performed. At this time, for example, since the temporal continuity of reproduction output is lost, it becomes necessary to access the IC card 14 each time, for example. In this case, for example, although the access frequency is higher than when the normal reproduction operation is executed, the access timing may be delayed because the access speed to the IC card 14 is limited. it is conceivable that. If a delay occurs in the access timing to the IC card 14, the descrambling process is also delayed accordingly, so that the trick reproduction output also appears as unstable.

In order to avoid such a failure, the access frequency to the original IC card 14 should be low enough to ensure that there is no delay in the access timing to the IC card 14 even during trick playback. It can be said that it should be changed to. And changing the access frequency means changing the update frequency of the scramble key.
However, since the scramble applied to the broadcast content is applied on the broadcast side, it is not easily changed for the convenience of the receiving device side. That is, in reality, the scramble key update frequency cannot be changed, and therefore the access frequency to the IC card 14 corresponding to the scramble key update frequency cannot be arbitrarily changed. Become.

Also in the present embodiment, as shown in FIGS. 3 and 4, the encryption key 107 / decryption key 108 are updated at a predetermined timing in order to increase security. Further, since the card ID 105 is used to generate the encryption key 107 / decryption key 108 as an embodiment, in order to update the encryption key 107 / decryption key 108, as in the descrambling process, the IC Access to the card 14 is required.
However, encryption / decryption using the encryption key 107 / decryption key 108 is a process completed locally in the digital broadcast receiver 1, and is irrelevant to the broadcast side.
For this reason, the update timing for the encryption key 107 / decryption key 108 of the present embodiment can be arbitrarily set. That is, the update timing of the encryption key 107 / decryption key 108 can be set so that there is no delay in the access timing to the IC card 14 during trick playback of the content data to be played back and output from the HDD 8. It is possible easily. That is, in the present embodiment, it is possible to obtain a stable reproduction output even when trick reproduction or the like is performed by changing and setting the update timing for the encryption key 107 / decryption key 108. Is.

In the present invention, when the update frequency (the number of updates per unit time) is set to the lowest as the update timing of the encryption key 107 / decryption key 108, for example, the encryption key 107 / decryption key 108 only once at the beginning. Is configured to generate That is, the process of step S106 in FIG. 3 and the process of step S207 in FIG. 4 are omitted, and the first generated encryption key 107 / decryption key 108 is not updated until recording / reproduction is completed. To perform encryption / decryption.
However, the lower the update frequency, the lower the security. Therefore, in practice, the update frequency and update timing of the encryption key 107 / decryption key 108 are set in consideration of the fact that no trouble occurs during trick playback and that the necessary and sufficient security is obtained. Is most preferable.

Further, the present invention is not limited to the configuration as the embodiment described so far. For example, in the description so far, the encryption processing unit 6 and the decryption processing unit 7 have been described on the premise that they are hardware parts. Similar to the generation process of the key 108, the process to be executed by the system controller 10 may be performed according to an execution program as software. Conversely, it is also conceivable that the processing for generating the encryption key 107 and the decryption key 108 is executed as signal processing of the hardware device.
In addition, the actual configuration of the digital broadcast receiver 1 shown as the embodiment is not limited to that shown in FIG. 1 and may be changed as appropriate. In the above description, the recording apparatus and reproducing apparatus for executing encryption / decryption according to the present invention are applied to a digital broadcast receiver. However, the recording apparatus and reproducing apparatus capable of recording other information are used. It can be applied.

It is a block diagram which shows the structural example of the digital broadcast receiver as embodiment of this invention. It is explanatory drawing which shows typically the production | generation procedure of an encryption key and a decryption key in embodiment. 4 is a flowchart showing a processing operation for recording content data on an HDD. 4 is a flowchart showing a processing operation for reproducing content data from an HDD. It is a flowchart which shows the processing operation for producing | generating an encryption key and a decryption key.

Explanation of symbols

  1 digital broadcast receiver, 2 front end unit, 3 descrambler, 4 demultiplexer / decoder unit, 5 encryption / decryption processing unit, 6 encryption processing unit, 7 decryption processing unit, 8 HDD, 9 network interface, 10 system Controller, 11 IC card interface, 12 Secure IC, 13 User interface, 14 IC card, 102 HDD serial number, 103 Secure ID, 104 Hardware key, 105 Card ID, 106 Key generation process, 107 Encryption key, 108 Decryption key, 109 encryption processing, 110 decryption processing

Claims (5)

Recording means for recording data;
At least the information held by the recording means, the recording means identification information given to each recording means as hardware, and the recording means identification information provided in a detachable manner with respect to the recording / reproducing apparatus It is held by a predetermined hardware component that executes a function, and is information that is unique to each recording / reproducing apparatus itself , and uses component identification information that is given to be unique to each hardware component. Hardware key generation means for generating hardware key information ;
It is a connectable externally to the recording and reproducing apparatus, in a state of being connected to the recording and reproducing apparatus is utilized to perform the specific function of at least a recording and reproducing apparatus corresponding to the user units, each external connection device all SANYO to hold the external connection device identification information given as a specific, to the external device connected to the recording and reproducing apparatus, and key information transfer means to forward the hardware key information,
It is corresponding to the recording data, and the hardware Kagijo paper was transferred by the key information transfer means, the generation of the pre-encryption key using the external connection device identification information held the external connection device, the external Backup encryption key information generation instruction means for instructing the connection device;
Encryption key information generating means for generating encryption key information using the backup encryption key acquired from the external connection device ;
An encryption means for encrypting data using the encryption key information;
Recording control means for recording the data encrypted by the encryption means in the recording means;
Is in response to reproduction of the data, and the hardware Kagijo paper was transferred by the key information transfer means, the generation of the pre-decryption key by using the external connection device identification information in which the external connection device is held, the external Key information generation instruction means for instructing the connection device;
Decryption key information generating means for generating decryption key information using the preliminary decryption key acquired from the external connection device ;
The encrypted data encryption is data recorded in said recording means is applied, a reading means for reading from the top type recording means,
The encrypted data read out by said reading means, decoding means that turn into decoded by utilizing the decryption key information,
A recording / reproducing apparatus comprising: Receiving and acquiring means for receiving and acquiring external data transmitted in an encrypted state;
External data corresponding decoding means for decoding external data received and acquired by the reception acquisition means,
The encryption means encrypts the data obtained by decryption by the external data corresponding decryption means;
Recording and reproducing apparatus according to 請 Motomeko 1. The hardware key generating means, the key information transfer means, preliminary encryption key information generation instruction unit, and encryption key information generating means is arranged to change the frequency for updating the encryption key information,
The recording / reproducing apparatus according to claim 1 or 2 . The hardware key generating means, the key information transfer means, preliminary decoding key information generation instruction unit, and decrypt the key information generating means, timing corresponding to the updating of the encryption key information used when encrypting the encrypted data And configured to update the decryption key information.
The recording / reproducing apparatus according to claim 1 . Information held by the recording unit where data is recorded, and the above recording as hardware Recording unit identification information given unique to each unit and non-detachable to the recording / reproducing device Recorded / reproduced by a specific hardware component that performs a specific function. This information is unique to each device itself, and is given to be unique to each hardware component. Hardware key generation that generates hardware key information using component identification information Procedure and
  It is possible to connect to the recording / reproducing device from the outside, and in the state connected to the recording / reproducing device, At least the recording / playback device is used to execute a specific function corresponding to the user unit. It holds external connection device identification information that is unique to each connection device. The hardware key information is transferred to the external connection device connected to the recording / reproducing device. Key information transfer procedure,
  Corresponding to data recording, the hardware key information transferred by the key information transfer procedure is used. Information and the external connection device identification information held by the external connection device A backup encryption key information generation instruction procedure for instructing the external connection device,
  Encryption key that generates encryption key information using the backup encryption key acquired from the external connection device Information generation procedure;
  An encryption procedure for encrypting data using the encryption key information;
  A recording control procedure for recording the data encrypted by the encryption procedure in the recording unit;   For data reproduction, the hardware key information transferred by the key information transfer procedure is used. Information and the external connection device identification information held by the external connection device Key information generation instruction procedure for instructing the external connection device,
  A decryption key that generates decryption key information using the preliminary decryption key acquired from the external connection device Information generation procedure;
  The encrypted data which is the data recorded in the recording unit and has been encrypted, Read procedure to read from the recording unit,
  The encrypted data read by the reading procedure is decrypted using the decryption key information. Decryption procedure
  Recording / playback method to execute.

Images