JP4334537B2 - RADIO COMMUNICATION SYSTEM, TRANSMISSION DEVICE, TRANSMISSION DEVICE COMMUNICATION METHOD, RECEPTION DEVICE, AND RECEPTION DEVICE COMMUNICATION METHOD - Google Patents

Description

The present invention relates to a wireless communication system, a transmission device, and a reception device that transfer data that requires copyright protection via wireless.

In recent years, digital network technology has been rapidly developed. Advances in network technology, including mobile phones and the Internet, have never stopped, and applications have become more diverse than just voice calls. For example, music distribution over the Internet or music distribution via a wireless data network (i-mode (R), etc.) to a mobile phone is a typical example.

On the other hand, a new field called digital home appliances is also attracting attention. This is a new home appliance technology using digital technology, and in particular, the field of “digital AV home appliances” using digital AV technology such as the start of digital broadcasting and MD, DVD, etc. is expected to grow greatly.

What is thought to be a fusion of these fields is the field of “network home appliances”. IE
Digital AV data (such as MPEG2 video) can be exchanged via a network such as EE1394, and many new applications can be created.

In this situation, the issue of copyright protection must be taken into consideration. Digital data has advantages such as being easy to process and store, and no deterioration, but it has features such as “easy to copy”. Digital data that should be purchased by paying some value (for example, movies and music) However, it is possible to obtain an illegal copy or transfer it. Therefore, it is important to construct a mechanism for preventing illegal acts on digital data related to copyright. A typical example is DTCP (Digital Transmissi) in IEEE 1394.
on Contents Protection). This is because an encryption / decryption procedure is performed between an AV data transmission device and a reception device on IEEE 1394, and an encryption key for encrypting / decrypting AV data is shared. Thus, eavesdropping by a third party can be prevented by encrypting the AV data and transferring it on IEEE1394. In addition, the authentication / key exchange (more specifically, the certificate / Certifi
A mechanism is provided to prevent unauthorized copying by an unauthorized receiving device by devising not to perform (cate exchange).
JP 2000-174797 A

However, the above mechanism is based on a wired network such as IEEE1394 or USB. That is, when considering the transfer of AV data using a wireless network, AV data can be transferred between devices (there is no need to connect the devices with a cable, and transmission is simply performed via wireless communication). Because it is possible to send AV data just by instructing it), it becomes possible for a third party to intercept the content and prevent fraud. there were.

The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a wireless communication system, a transmitting apparatus, and a receiving apparatus that can realize safe copyright protection even in a wireless environment.

  A wireless communication system according to an embodiment of the present invention is a wireless communication in which a transmission device that transmits content data and a reception device that receives the content data transmitted from the transmission device are connected via a wireless communication path. In the system, input means for inputting a first identification code capable of identifying the user of the transmitting device and a second identification code capable of identifying the user of the receiving device, the first identification code, and the second identification code And a first authentication means for performing first authentication at a link layer for determining whether or not the receiving device and the transmitting device are devices permitted to communicate with each other, and Second authentication means for performing second authentication at the application layer for determining whether or not the transmitting device and the receiving device are devices having a copyright protection function, When the first authentication is successful between the transmission device and the reception device by the first authentication means, a first cipher commonly used between the transmission device and the reception device When the second authentication is successful between the transmission device and the reception device by the first key exchange procedure means for generating and sharing the key and the second authentication means, Second key exchange procedure means for generating and sharing a second encryption key used in common with the receiving device, and after the first authentication is successful, the first key A wireless encryption communication path using the first encryption key shared by the exchange procedure means is established, the second authentication is performed by the second authentication means, and the first authentication and the second authentication are performed. After successful authentication, using the wireless encrypted communication path, the transmitting device To serial receiving apparatus, and transmits the content data encrypted by the second encryption key.

  A transmission device according to an embodiment of the present invention includes: an input unit that inputs a first identification code capable of identifying a user of the transmission device in the transmission device that transmits content data to the reception device via a wireless communication path; A communication unit that receives a second identification code that can identify a user of the reception device, and a device that is permitted to communicate with the reception device using the first identification code and the second identification code. A first authenticating means for performing first authentication for determining whether or not there is a link layer; and a second authenticating means for determining whether or not the receiving device is a device having a copyright protection function. When the first authentication is successful between the second authentication unit that performs authentication at the application layer and the reception device by the first authentication unit, the second authentication unit is used in common with the reception device. First encryption key When the second authentication between the first key exchange procedure means to be generated and shared and the second authentication means is successful between the receiving apparatus and the transmitting apparatus and the receiving apparatus. And a second key exchange procedure means for generating and sharing a second encryption key used in common, and after the first authentication was successful, the second encryption key was shared by the first key exchange procedure means After establishing a wireless encryption communication path using the first encryption key, performing the second authentication by the second authentication means, and after the first authentication and the second authentication are successful, The communication means transmits the content data encrypted with the second encryption key to the receiving device using the wireless encryption communication path.

  A receiving apparatus according to an embodiment of the present invention includes: an input unit that inputs a second identification code capable of identifying a user of the receiving apparatus in the receiving apparatus that receives content data from the transmitting apparatus via a wireless communication path; A communication unit that receives a first identification code that can identify a user of the transmission device, and a device that is allowed to communicate with the transmission device using the first identification code and the second identification code. First authentication means for performing first authentication for determining whether or not there is a link layer, and second for determining whether or not the transmission device is a device having a copyright protection function. When the first authentication is successful between the second authentication unit that performs authentication at the application layer and the transmission device by the first authentication unit, it is used in common with the transmission device First cipher If the second authentication is successful between the first key exchange procedure means for generating and sharing and the second authentication means with the transmission apparatus, the transmission apparatus and the reception apparatus And a second key exchange procedure means for generating and sharing a second encryption key used in common, and shared by the first key exchange procedure means after the first authentication is successful A wireless encryption communication path is established using the first encryption key, the second authentication unit performs the second authentication, and the first authentication and the second authentication are successful. In addition, the communication unit receives the content data encrypted with the second encryption key from the transmission device using the wireless encryption communication path.

The present invention relating to the apparatus is also established as an invention relating to a method, and the present invention relating to a method is also established as an invention relating to an apparatus.

Further, the present invention relating to an apparatus or a method has a function for causing a computer to execute a procedure corresponding to the invention (or for causing a computer to function as a means corresponding to the invention, or for a computer to have a function corresponding to the invention. It can also be realized as a computer-readable recording medium on which a program (for realizing) is recorded.

In the present invention, the encryption key can be correctly shared only between legitimate devices that can succeed in the authentication procedure, and data transfer by encryption communication can be performed only between the devices that can share the encryption key correctly. It becomes possible.

  Hereinafter, embodiments of the invention will be described with reference to the drawings.

(First embodiment)
FIG. 1 shows a configuration example of a wireless communication system according to the present embodiment.

As shown in FIG. 1, a portable MPEG4 player 101 serving as a source device and a portable viewer 102 serving as a sink device are located within a range that can be connected via a local area wireless network (with portable MPEG4 player 101). (The portable viewers 102 each have a wireless interface of this local area wireless network)
.

Here, as shown in FIG. 1, a portable MPEG4 player 101 and a portable viewer 102.
In addition, the portable viewer 103 (which has the same basic configuration as the portable viewer 102) is also a portable MP.
Consider a case where the EG4 player 101 is located within a range that can be connected to the EG4 player 101 via a local area wireless network.

That is, these three portable terminals exist in the same wireless LAN (a single piconet in the case of Bluetooth (registered trademark, the same applies hereinafter)), and can be transmitted from the portable MPEG4 player to both portable viewers via Bluetooth. It is assumed that it exists within a range where MPEG4 video can be transferred. The portable MPEG4 player 101 and the portable viewer 102 are the same person ... Mr. A's portable item (that Mr. A is trying to use as a pair), and the portable viewer 103 is a person different from Mr. A. ... It is assumed that it is a portable article of Mr. B (that Mr. A is not trying to use). Here, for the sake of simplicity, the portable viewer 103 is considered. However, even if a portable viewer carried by a person other than Mr. A exists in the connection range, the portable viewer 103 is the same as the portable viewer 103.

Also, consider a case where the MPEG4 video to be transferred (MPEG4 data) is to be transferred after copyright protection.

Here, description will be made assuming that the local area wireless network is Bluetooth. Bluetooth is a wireless L characterized by low cost and low power consumption.
It is a type of AN and is expected to be installed in many mobile terminals and home appliances (for example,
http: // www. Bluetooth. com for details). The BT notation used below is an abbreviation for Bluetooth.

Hereinafter, in the situation shown in FIG. 1, the portable MPEG4 player 101 to the portable viewer 1
A configuration for enabling transfer of MPEG4 video only to 02 (reproduction and viewing only in the portable viewer 102) will be described.

  FIG. 2 shows an example of the internal structure of the portable MPEG4 player 101.

As shown in FIG. 2, the portable MPEG4 player 101 includes a Bluetooth interface (I / F) processing unit 11 that executes Bluetooth physical layer processing, and a Blu-ray.
A Bluetooth communication processing unit 12 is provided for executing the data link layer processing of the Ethernet.

Bluetooth is in its specifications "Bluetooth Security"
Authentication, key exchange, and data encryption methods are defined. In other words, Bluetooth
In the link layer system, data encryption and authentication / key exchange systems are defined. The portable MPEG4 player 101 includes this processing unit (BT authentication / key exchange processing unit 13 for performing BT authentication / key exchange procedure (data exchange), PI for inputting a PIN code.
The N-code input unit 14 has a BT layer encryption / decryption unit 15) for encrypting data to be transmitted and decrypting the received data. The authentication at the Bluetooth level is performed by collating a code called a PIN code (for example, several digits, a password, or physical information such as fingerprint information).

In addition, the portable MPEG4 player 101 is an MP that stores MPEG4AV data.
The EG4 storage 19 and a packetizing unit 18 for converting the EG4 storage 19 into a Bluetooth packet
Further, a copyright protection layer (application level) processing unit (DTCP authentication / key exchange unit 16 for performing DTCP authentication / key exchange procedure (data exchange), which transmits MPEG4 data after encryption is transmitted. It has a DTCP encryption unit 17) for encrypting power data.

Here, DTCP is Digital Transmission Contention.
An abbreviation for s Protection, which is a copyright protection method that is the de facto standard in IEEE 1394 and USB. AV data that requires copyright protection (for example, A
A mechanism for encrypting and transferring AV data by performing authentication and key exchange between the transmission device and the reception device for information on whether copyright protection is necessary for the V data) (For example, a detailed description is provided in a document disclosed to be obtained at http://www.dtla.com).

  FIG. 3 shows an example of the internal structure of the portable viewer 102 (103).

As shown in FIG. 3, the mobile viewer 102 has a Bluetooth interface (
I / F) processing unit 21 and Bluetooth communication processing unit 22, Bluetooth level authentication / key exchange and encryption processing unit (BT authentication / key exchange processing unit for performing BT authentication / key exchange procedure (data exchange)) 23, PIN code input unit 24 for inputting a PIN code, BT layer encryption / decryption unit 25 for encrypting data to be transmitted and decrypting received data, and authentication of AV data (application level) A processing unit that performs key exchange and encryption (DTCP authentication / key exchange unit 26 for performing a DTCP authentication / key exchange procedure (data exchange), and a DTCP decryption unit 27 for decrypting received data) I have.

The mobile viewer 102 also includes a packet reassembly unit 28 for reassembling Bluetooth packets into MPEG4 data, and MPEG4 for decoding MPEG4 data.
A decoder 29 and a display 30 for displaying MPEG4 data are provided.

FIG. 4 shows an outline of the authentication procedure of the Bluetooth layer.
In each device (mobile MPEG4 player, mobile viewer), a PIN code is input (step S1). There are a method of inputting the PIN code each time, a method of inputting and setting in advance.
Both devices perform the authentication procedure of the Bluetooth layer (by the BT authentication / key exchange processing units 13 and 23) (step S2).
If the PIN codes are exchanged between the two devices and the PIN codes match and the authentication is successful (step S3), the Bluetooth layer key exchange procedure is performed and the key sharing is successful (step S4).
After that, by using the shared Bluetooth layer key (by the BT layer encryption / decryption units 15 and 25), the DTCP authentication / destination (by the DTCP authentication / key exchange units 16 and 26)
Key exchange can be performed safely. As a result, the DTCP key is shared and encrypted communication of MPEG4 data becomes possible (the DTCP encryption unit 17 encrypts the DTCP decryption unit 27).
Can be decrypted with
On the other hand, if the PIN codes of both devices do not match and authentication fails (step S3), blue
A key exchange procedure in the root layer is performed, but key sharing fails (step S5).
In this case, since the Bluetooth layer key is not shared, (DT
Even if the DTCP authentication / key exchange (by the CP authentication / key exchange units 16 and 26) operates (the decryption is performed with the wrong Bluetooth layer key), the DTCP authentication / key exchange cannot be made successful. (DTCP keys cannot be shared). In addition, DTCP
If the authentication / key exchange is not successful, even if the encrypted MPEG4 data is received (using the DTCP key by the DTCP encryption unit 17), the correct DTCP key is received by the DTCP decryption unit 27. I don't know) I can't decrypt it.
Note that if the PIN codes of both devices do not match and authentication fails, Bluetooth
The layer key exchange procedure itself may not be performed.

In this embodiment, the authentication succeeds when the PIN code values of both devices match, but in addition, a certain relationship between the value of one PIN code and the value of the other PIN code (for example, If the user attribute information is part of the address information, etc., the authentication may be successful (the PIN code values of both devices are also consistent). Is one case).

  Here, variations of the PIN code will be described.

  First, there are various variations of PIN code input or setting methods.

For example, (1) a method for a user to input each time, (2) a method for a user to set in advance, (3) a method for a manufacturer or a seller to set in advance (in a form that cannot be changed by the user),
(4) A method of using all or part of the above (1) to (3) (for example, (1) code and (
Various methods are conceivable, such as connecting the cords of 3). In addition, for example, there is a method in which the user can appropriately select (1) or (2).

  There are also various variations in the contents of the PIN code.

In the case of the method (1) or (2), for example, there is a method in which the user determines the PIN code each time. Further, for example, a password is randomly generated in one device, for example, a portable MPEG4 player, stored as a PIN code on the one device side, presented to the user, and the user who has read the password has the same password There is also a method of inputting to the other device, for example, a portable viewer. There is also a method using fingerprint information, glottal information, corneal information, or the like (in this case, a device for collecting such information is built in the portable MPEG4 player or portable viewer, or external to the portable MPEG4 player or portable viewer). Must be connectable).

Also, in the case of method (2), if user attribute information is registered in the portable MPEG4 player or portable viewer, this information (for example, user name, address, age, school name, occupation, company name) You can also generate a PIN code based on the name of your department, family name, etc.
The information that is the basis for generating the PIN code needs to be a value that makes the PIN code the same in both devices (for example, the same value).

In the method (3), there is a method in which a manufacturer, a seller, or the like sets the same random number in one set of portable MPEG4 player or portable viewer at the time of manufacture or sale.
In addition, there is a method in which the seller collects the user's fingerprint information and the like and sets it in a set of portable MPEG4 player and portable viewer at the time of sale.

Now, the portable MPEG4 player and the portable viewer of the present embodiment are such that “the AV data transfer application operates normally between a valid player / viewer”, “AV data between a non-legal player / viewer. Transfer application does not work properly (A
V data cannot be reproduced normally)). For example, when a portable MPEG4 player and a portable viewer owned by the same person are paired as legitimate, data from the portable MPEG4 player owned by the same person is reproduced by the portable viewer owned by the same person. It is possible to realize an environment in which data from an MPEG4 player is not reproduced by a portable viewer owned by another person, and data from a portable MPEG4 player owned by another person is not reproduced by a portable viewer owned by oneself.

That is, in general, when the interface is wireless, the radio waves output from the player are naturally exposed to a state where they can be received by a viewer within a certain range. When viewed from the viewer side, each portable viewer May be able to access (instruct transmission) both a portable player as a legitimate pair and other portable players. Here, in the copyright protection layer, if both devices (the transmitting device and the receiving device) are DTCP compliant (DTCP compliant) devices, the authentication key exchange is established in both cases. Get. In other words, in the copyright protection layer, it is impossible to distinguish whether the counterpart device is a valid pair device or other device. Therefore, in order to distinguish whether the device on the other side is a valid device or another device,
In the present embodiment, Bluetooth level authentication is used.

That is, when authentication / key exchange at the Bluetooth level is established, it is determined that it is a “legitimate device”, and the process proceeds to authentication / key exchange at the application level (DTCP level). If authentication / key exchange at the Bluetooth level is not established,
Application level (DTCP level)
Refusal to shift to authentication / key exchange.

This is because, if authentication is established at the Bluetooth level authentication / key exchange level, it is possible to recognize that both devices (transmitting device and receiving device) are legitimate devices. That is, the authentication at the Bluetooth level is that “the same PIN code (for example, several digits, password, fingerprint information, etc.) can be input to both devices (transmitting device and receiving device)” or “both devices. Since the authentication procedure is performed using this value based on the fact that “the same PIN code is set in (transmitting device and receiving device)”, it is determined that both devices are a valid pair. This is because it is considered to be sufficient for estimation / recognition (the probability that the PIN codes input to devices that are not valid pairs coincide with each other by chance is very small).

For example, when a portable MPEG4 player and portable viewer owned by (or occupied by) the same person make a valid pair, Mr. A has the same PIN code (password) for his portable MPEG4 player and portable viewer. However, it is very difficult for Mr. B to guess the same PIN code (password) and input it to his mobile viewer, so the PIN entered with the MPEG4 player and mobile viewer If the codes are the same, it is determined that the pair is a legitimate pair owned by the same person, and if the PIN codes input by the MPEG4 player and the portable viewer are different, it is determined that the pair is not a legitimate pair owned by a different person. it can. In addition, when fingerprint information or the like is used for the PIN code, it is possible for Mr. B to input the same PIN code (fingerprint information or the like) as Mr. A into his portable viewer.
It is impossible unless his fingerprint information can be stolen.

Here, the exchange between the portable MPEG4 player 101 and the portable viewer 102 and the exchange between the portable MPEG4 player 101 and the portable viewer 103 in FIG. 1 will be described as examples.

FIG. 5 shows an example of a sequence performed between Mr. A's portable MPEG4 player 101 and portable viewer 102 which are legitimate pairs.

In FIG. 5, descriptions regarding encryption and decryption by the link layer are obvious and omitted.

In this case, first, both the portable MPEG4 player 101 and the portable viewer 102 include:
The PIN code is input by a predetermined method at a predetermined timing (for example, in advance or at the time of use) (steps S11 and S12). Here, mobile MPEG
It is assumed that the PIN code value input on the 4 player 101 side is x, and the same value x is input on the portable viewer 102 side as the PIN code value. If the PIN code values of both devices match, the subsequent Bluetooth layer / authentication procedure can be successfully terminated.

Subsequently, the Bluetooth layer / link key sharing procedure is performed (step S13).
The value of the link key Kl used for subsequent authentication / key exchange is shared (step S14).
, S15).

Subsequently, a Bluetooth layer authentication procedure is performed (step S16). In this case, authentication is established by sharing the PIN code.

Subsequently, the Bluetooth layer key exchange procedure is performed (step S17), and the blue layer is exchanged.
The value of the root layer encryption key Kbt is shared (steps S18 and S19).

As a result, in the Bluetooth layer, any data can be exchanged between the two apparatuses after encryption (so as not to allow eavesdropping or rewriting by others).

Next, both the portable MPEG4 player 101 and the portable viewer 102 proceed to a DTCP (copyright protection layer) authentication / key exchange phase. Here, it is preferable that both apparatuses perform the DTCP authentication / key exchange procedure in whole or in part after performing Bluetooth level encryption. In this way, DTCP authentication and key exchange can be performed by “(Bluetooth”.
It is now possible to guarantee that “only (successful authentication and key exchange at the th level)” will be performed (completed) between legitimate devices.
Eventually, “copyright protection layer (DTCP) authentication / key exchange is established only between devices that make a legitimate pair (for example, carried by the same person)”, “a legitimate pair (for example, the same person It is possible to share a copyright protection layer (DTCP) level encryption key only between (mobile) devices ”.

Now, both the portable MPEG4 player 101 and the portable viewer 102 perform DTCP authentication and key exchange using Bluetooth layer level encryption (step S2).
0) Sharing of the encryption key Kc of the DTCP layer (copyright protection layer) between both apparatuses is achieved (steps S21 and S22).

In response to this, the portable MPEG4 player 101 as the transmission side device encrypts the AV content (MPEG4 data) to be transmitted with the encryption key Kc (step S23) and transmits it to the portable viewer 102 as the reception side device (step S23). S24). The portable viewer 102 is a DT
Since the CP level encryption key Kc is shared, the encrypted content can be decrypted and the MPEG4 data can be extracted. That is, the mobile viewer 102
Decrypts the received encrypted content with the DTCP level encryption key Kc (step S2).
5) Display on the display.

On the other hand, another receiving device in the same Bluetooth piconet
Since the level authentication / key exchange is not performed, the encryption key Kc is not shared, and this data cannot be reproduced. This will be described below.

FIG. 6 shows an example of a sequence performed between Mr. A's portable MPEG4 player 101 and Mr. B's portable viewer 103, which are not legally paired.

First, in both the portable MPEG4 player 101 and the portable viewer 103, respectively,
At a predetermined timing (for example, in advance or at the time of use), a PIN code is input by a predetermined method (steps S31 and S32).

However, in this case, the PIN input on the portable MPEG4 player 101 side as described above.
When the code value is x, the PIN code value x ′ input on the portable viewer 103 side
Never matches x or is very low stochastically. That is, for example, when the user manually inputs a PIN code, both devices are devices carried by different persons.
It is very difficult to input the same PIN code to both devices. Also, in the case where a unique PIN code is written in advance in a valid paired device, in this example, Mr. A's mobile MPEG
Since both the 4-player 101 and Mr. B's mobile viewer 103 are not legitimate devices, the PIN codes of the two devices do not match.

Therefore, even if the Bluetooth layer / link key sharing procedure is performed (step S
33) Even if an attempt is made to share the value of the link key used for the subsequent authentication / key exchange (steps S34 and S35), the PIN code does not match, so the portable MPEG4 player 101 side generated based on this does not match the PIN code. The link key Kl does not match the link key Kl ′ on the portable viewer 103 side, and the sharing of the link key ends in failure.

Therefore, even if the following Bluetooth layer authentication procedure is performed (step S36), this will fail. As a result, the subsequent Bluetooth layer key exchange procedure is not performed.

Since Bluetooth encryption is not established, the DTCP authentication / key exchange procedure cannot be entered, and the DTCP authentication / key exchange cannot be performed successfully. That is, if the portable MPEG4 player 101 on the transmission side receives a DT from the portable viewer 103 on the reception side.
Even if a CP level authentication / key exchange request is received (step S37),
If it is transmitted without being encrypted at the oth level, it is rejected (step S38). Therefore, copyright protection level authentication / key exchange cannot be established between devices that are not legitimate pairs (for example, different owners), and AV data that should protect copyright cannot be transferred.

When notifying the other party of the rejection message in step S38, the reason for the rejection (because the link layer, that is, the Bluetooth layer is not encrypted, or B
The authentication of the Bluetooth layer may not be performed). This is because when the other party is legitimate (for example, the same owner)
It prompts execution of oth layer authentication and key exchange.

In the above, the MPEG4 data is stored in the portable MPEG4 player. However, the MPEG4 data may be acquired from the outside, or the source data before encoding is stored and the MPEG4 coder is stored. MPEG4 may be generated, or source data may be acquired from the outside and MPEG4 may be generated by an MPEG4 coder. Of course, the present invention can also be applied to transmission / reception of data other than MPEG4 video (MPEG4 data).

Further, the above description is based on the premise that communication is performed with one receiving device for one transmitting device. However, data transfer from the transmitting device to a plurality of receiving devices is also possible. In this case, for example, in the sequence of FIG. 5, the procedure up to sharing of the encryption key Kc is sequentially performed between the portable MPEG4 player and each portable viewer, and all the devices that have succeeded in authentication and key exchange. The encryption key Kc may be shared. As a result, if the portable MPEG4 player transmits the AV content encrypted with the encryption key Kc, a legitimate portable viewer who has successfully shared the encryption key Kc can decrypt and display the encrypted content. In this case, an upper limit of the number of receiving devices that can simultaneously transfer data from the transmitting device may be set for each transmitting device or for each content.

(Second Embodiment)
In the first embodiment, all or part of the copyright protection layer (DTCP) authentication / key exchange procedure is performed through the encryption / decryption unit of the Bluetooth layer. On the other hand, in the second embodiment, transfer of MPEG4 data (AV data) itself is also performed through the encryption / decryption unit of the Bluetooth layer.

  In the present embodiment, description will be made centering on portions that differ from the first embodiment.

FIG. 7 shows an example of the internal structure of the portable MPEG4 player 101 of the present embodiment corresponding to FIG. 2 in the first embodiment. FIG. 8 shows an example of the internal structure of the portable viewer 102 (103) of this embodiment corresponding to FIG. 3 in the first embodiment. In either case, the BT layer encryption / decryption unit is different from the first embodiment in that the Bluetooth communication processing unit and the DTC
The difference is that it is connected to the P encryption unit.

FIG. 9 shows an example of a sequence in the present embodiment corresponding to the sequence example in FIG. 5 in the first embodiment.

In FIG. 9, description regarding encryption and decryption by the link layer is obvious and omitted.

This is different from the first embodiment in that AV data is multiplexed and encrypted with a DTCP layer (copyright protection layer) encryption key Kc and a Bluetooth layer encryption key Kbt. In other words, the portable MPEG4 player is required to protect the copyright to be transmitted.
After the content is encrypted with the encryption key Kc, the content is encrypted with the encryption key Kbt. In addition, the mobile viewer 102 decrypts the received encrypted AV content with the encryption key Kbt,
Decrypt with the encryption key Kc.

Compared with the first embodiment, this embodiment performs Bluetooth encryption for both the DTCP authentication / key exchange procedure and data encryption / decryption, so the processing speed is slow, but the device configuration is (For example, when the DTCP processing is performed by a single LSI, all input / output is transferred to the Bluetooth layer cipher /
The configuration is simplified by passing through the decryption unit).

Also in this embodiment, between devices that are not valid pairs (for example, different people),
Since it is very difficult to input the same PIN code to both devices, Bluetooth
The layer authentication procedure fails. Therefore, the subsequent Bluetooth layer key exchange procedure is not performed. Therefore, since the Bluetooth encryption is not established thereafter, the DTCP authentication / key exchange procedure cannot be entered, and the DTCP authentication / key exchange cannot be performed successfully. Therefore, between devices that are not legitimate pairs (for example, different owners)
The transfer of AV data that should be protected for copyright cannot be performed as in the first embodiment.

In this embodiment, Bluetooth has been described as an example of a wireless LAN. However, authentication / key exchange, encryption, etc. at the link layer level, such as 802.11 wireless LAN, WECA method, HomeRF method wireless LAN, etc. Many wireless LANs have security functions. The present invention can be applied to these various wireless LANs.

  The above functions can also be realized as software.

Further, the present embodiment is a computer readable recording program for causing a computer to execute predetermined means (or for causing a computer to function as predetermined means or for causing a computer to realize predetermined functions). It can also be implemented as a recording medium.

Note that the configuration illustrated in each embodiment is an example, and is not intended to exclude other configurations, and a part of the illustrated configuration may be replaced with another, or a part of the illustrated configuration may be omitted. Other configurations obtained by adding other functions or elements to the illustrated configuration or combining them are also possible. Also, another configuration that is logically equivalent to the exemplified configuration, another configuration that includes a portion that is logically equivalent to the exemplified configuration, another configuration that is logically equivalent to the main part of the illustrated configuration, and the like are possible. is there. Further, another configuration that achieves the same or similar purpose as the illustrated configuration, another configuration that achieves the same or similar effect as the illustrated configuration, and the like are possible.
Various variations of various components can be implemented in appropriate combination.
In addition, each embodiment includes an invention as an individual device, an invention about two or more related devices, an invention as a whole system, an invention about components in an individual device, an invention of a method corresponding to them, etc. The invention includes various aspects, stages, concepts, or categories.

Therefore, the present invention can be extracted from the contents disclosed in the embodiments of the present invention without being limited to the exemplified configuration.

The present invention is not limited to the embodiment described above, and can be implemented with various modifications within the technical scope thereof.

The figure which shows the structural example of the radio | wireless communications system which concerns on one Embodiment of this invention. The figure which shows an example of the internal structure of the portable MPEG4 player which concerns on the same embodiment The figure which shows an example of the internal structure of the portable viewer concerning the embodiment Flowchart for explaining the outline of the authentication procedure of the Bluetooth layer The figure which shows an example of the sequence performed between the portable MPEG4 player and portable viewer which become a legitimate pair The figure which shows an example of the sequence performed between the portable MPEG4 player which does not become a right pair, and a portable viewer The figure which shows the other example of the internal structure of the portable MPEG4 player which concerns on the embodiment The figure which shows the other example of the internal structure of the portable viewer concerning the embodiment The figure which shows the other example of the sequence performed between the portable MPEG4 player and portable viewer which become a legitimate pair

Explanation of symbols

11, 21... Bluetooth interface processing unit 12, 22... Bluetooth communication processing unit 13, 23 BT authentication / key exchange processing unit 14, 24 PIN code input unit 15, 25 BT layer encryption / decryption unit 16, 26. DTCP authentication / key exchange unit 17 ... DTCP encryption unit 18 ... packetization unit 19 ... MPEG4 storage 27 ... DTCP decryption unit 28 ... packet reassembly unit 29 ... MPEG4 decoder 30 ... display 101 ... MPEG4 player 102,103 ... mobile viewer

Claims (11)

In a wireless communication system in which a transmission device that transmits content data and a reception device that receives the content data transmitted from the transmission device are connected via a wireless communication path.
Input means for inputting a first identification code capable of identifying the user of the transmitting device and a second identification code capable of identifying the user of the receiving device;
Using the first identification code and the second identification code , link a first authentication for determining whether the receiving apparatus and the transmitting apparatus are devices permitted to communicate with each other A first authentication means performed at the layer ;
Second authentication means for performing second authentication in an application layer for determining whether or not the transmitting device and the receiving device are devices having a copyright protection function,
When the first authentication is successful between the transmission device and the reception device by the first authentication means, a first cipher commonly used between the transmission device and the reception device First key exchange procedure means for generating and sharing a key;
When the second authentication is successful between the transmission device and the reception device by the second authentication means, a second cipher commonly used between the transmission device and the reception device A second key exchange procedure means for generating and sharing a key ;
After the first authentication is successful, a wireless encryption communication path using the first encryption key shared by the first key exchange procedure unit is established, and the second authentication unit performs the first authentication process. There line authentication of 2,
After the first authentication and the second authentication have succeeded, the transmitting device uses the wireless encrypted communication path to transmit the content encrypted with the second encryption key to the receiving device. A wireless communication system characterized by transmitting data.   The wireless communication system according to claim 1, wherein the second encryption key is generated based on a value generated by the transmission device. In a transmission device that transmits content data to a reception device via a wireless communication path,
Input means for inputting a first identification code capable of identifying the user of the transmission device;
Communication means for receiving a second identification code capable of identifying the user of the receiving device;
A first authentication is performed in the link layer for determining whether the receiving apparatus is a device permitted to communicate using the first identification code and the second identification code . Authentication means;
Second authentication means for performing second authentication at an application layer for determining whether or not the receiving device is a device having a copyright protection function;
When the first authentication is successful with the receiving device by the first authentication unit,
First key exchange procedure means for generating and sharing a first encryption key used in common with the receiving device;
When the second authentication is successful with the receiving device, the second authenticating unit generates a second encryption key that is used in common between the transmitting device and the receiving device. A second key exchange procedure means for sharing ,
After the first authentication is successful, a wireless encryption communication path is established using the first encryption key shared by the first key exchange procedure unit, and the second authentication unit performs the first authentication . There line authentication of 2,
After the first authentication and the second authentication are successful, the communication means uses the wireless encryption communication path to transmit the content encrypted with the second encryption key to the receiving device. A transmitting apparatus characterized by transmitting data. The transmission apparatus according to claim 3, wherein the first identification code is preset by the user of the transmission apparatus via the input unit. The transmission device according to claim 3, wherein the first identification code is input by the user of the transmission device via the input unit each time the first authentication is performed.   4. The transmission apparatus according to claim 3, wherein the second encryption key is generated based on a value generated by the second key exchange procedure means. In a receiving device that receives content data from a transmitting device via a wireless communication path,
Input means for inputting a second identification code capable of identifying the user of the receiving device;
Communication means for receiving a first identification code capable of identifying a user of the transmission device;
A first authentication for determining whether or not the transmission apparatus is a device permitted to communicate by using the first identification code and the second identification code is performed in a link layer. Authentication means;
Second authentication means for performing second authentication at an application layer for determining whether or not the transmission device is a device having a copyright protection function;
When the first authentication is successful with the transmission device by the first authentication unit,
First key exchange procedure means for generating and sharing a first encryption key used in common with the transmitting device ;
When the second authentication is successful with the transmitting device, the second authenticating unit generates a second encryption key used in common between the transmitting device and the receiving device. And a second key exchange procedure means for sharing ,
After the first authentication is successful, a wireless encryption communication path is established using the first encryption key shared by the first key exchange procedure unit, and the second authentication unit performs the first authentication . There line authentication of 2,
After the first authentication and the second authentication are successful, the communication means uses the wireless encryption communication path to transmit the content data encrypted with the second encryption key from the transmitting device. receiving apparatus characterized by receiving a. The receiving apparatus according to claim 7 , wherein the first identification code is preset by the user of the receiving apparatus via the input unit . The receiving apparatus according to claim 7 , wherein the first identification code is input by the user of the receiving apparatus via the input unit every time the first authentication is performed . In a communication method of a transmission device that transmits content data to a reception device via a wireless communication path,
  Enter a first identification code that can identify the user of the transmitting device;
  Receiving a second identification code capable of identifying the user of the receiving device;
  Using the first identification code and the second identification code, the link layer performs first authentication for determining whether the receiving apparatus is a device permitted to communicate,
  Second authentication for determining whether or not the receiving device is a device having a copyright protection function
At the application layer,
  When the first authentication is successful with the receiving device, a first encryption key used in common with the receiving device is generated and shared,
  When the second authentication is successful with the receiving device, a second encryption key used in common between the transmitting device and the receiving device is generated and shared,
  After the first authentication is successful, the second authentication is performed by establishing a wireless encryption communication path using the shared first encryption key,
  After the first authentication and the second authentication are successful, the content data encrypted with the second encryption key is transmitted to the receiving device using the wireless encryption communication path. A communication method of a transmission apparatus characterized by the above. In a communication method of a reception device that receives content data from a transmission device via a wireless communication path,
  Input a second identification code capable of identifying the user of the receiving device,
  Receiving a first identification code capable of identifying a user of the transmitting device;
  Using the first identification code and the second identification code, the link layer performs first authentication for determining whether or not the transmission apparatus is a device permitted to communicate,
  Second authentication for determining whether or not the transmission device is a device having a copyright protection function
At the application layer,
  When the first authentication is successful with the transmission device, a first encryption key used in common with the transmission device is generated and shared,
  When the second authentication is successful with the transmission device, a second encryption key used in common between the transmission device and the reception device is generated and shared,
  After the first authentication is successful, the second authentication is performed by establishing a wireless encryption communication path using the shared first encryption key,
  Receiving the content data encrypted with the second encryption key from the transmitting device using the wireless encrypted communication path after the first authentication and the second authentication are successful; A communication method of a receiving apparatus.

Images