JP4938409B2 - Digital broadcast content distribution apparatus, digital broadcast content authentication system, digital broadcast content authentication method and program - Google Patents

Description

  The present invention relates to a digital broadcast content distribution apparatus, a digital broadcast content authentication system, a digital broadcast content authentication method, and a program.

  Currently, the mainstream of television broadcasting is based on analog signals. At the end of 2003, so-called terrestrial digital broadcasting based on digital signals started in some areas, and in 2006 it was expanded nationwide. Has been decided to be. Under such circumstances, users' interest in terrestrial digital broadcasting is increasing. At present, terrestrial digital broadcasting for mobile terminals called so-called one-segment broadcasting in mobile terminals is also in practical use.

In this way, the broadcasting industry is rapidly progressing in the direction of digitalization, and the standards are being prepared (see, for example, Non-Patent Documents 1 to 3). In response to this situation, small-scale broadcasting services such as regional broadcasting stations are also being considered.
Data broadcasting encoding and transmission system for digital broadcasting, standard ARIB STD-B24 4.0 edition, Japan Radio Industry Association, revised on February 5, 2004 Access control method and standard for digital broadcasting ARIB STD-B25 4.1 Edition The Japan Radio Industry Association, revised on June 5, 2003 Design Manual for FM Broadcast Evaluation Receiver Technical Data ARIB TR-B11 1.0 Edition The Japan Radio Industry Association, February 2, 1999

  However, instead of the conventional analog system, when television broadcasting becomes a digital system, a third party that is not the original broadcast station impersonates the original broadcast station and distributes illegal content using inexpensive equipment. There is also a high risk of However, the standard mentioned above mentions the functions related to error correction by codes, and does not mention anything about the distribution of illegal contents mentioned above, and secure message authentication in terrestrial digital broadcasting. There is a problem that it is not secured at all.

  Therefore, the present invention has been made in view of the above-described problems, and a digital broadcast content distribution apparatus, a digital broadcast content authentication system, and a digital broadcast content authentication that can realize secure message authentication in terrestrial digital broadcasting. An object is to provide a method and a program.

The present invention proposes the following items in order to solve the above-described problems.
(1) The present invention is a digital broadcast content distribution device that distributes digital broadcast content to a receiving terminal in a packet generation unit that generates a public key and a secret key (for example, the public key / secret of FIG. 2). Corresponding to the key generation unit 11), public key transmission means for transmitting the public key generated by the key generation unit to the receiving terminal (for example, corresponding to the verification information distribution unit 13 in FIG. 2), and digital broadcasting for distribution Hash value calculation means (for example, equivalent to the hash value calculation 14 in FIG. 2), and signature generation means for generating a signature for the hash value calculated by the hash value calculation means (E.g., corresponding to the signature generation unit 15 in FIG. 2) and the hash value calculated by the hash value calculation unit or generated by the signature generation unit A verification packet generating means for generating a verification packet storing at least one of the names (for example, corresponding to the verification packet generation unit 16 in FIG. 2), and the verification packet between the digital broadcast content packets at arbitrary intervals Distribution packet generation means (for example, corresponding to the packet insertion unit 17 in FIG. 2) and distribution packet transmission means (for example, in FIG. 2) for transmitting the generated distribution packet to the receiving terminal. The content distribution apparatus for digital broadcasting is provided, which corresponds to the packet distribution unit 18).

  According to this invention, the key generation unit generates a public key and a secret key, and the public key transmission unit transmits the generated public key to the receiving terminal. On the other hand, the hash value calculation means calculates the hash value of the packet corresponding to the digital broadcast content to be distributed, the signature generation means generates a signature for the calculated hash value, and the verification packet generation means calculates A verification packet that stores at least one of the hash value and the generated signature is generated. Then, the distribution packet generation unit inserts the verification packet between the digital broadcast content packets at arbitrary intervals, generates a distribution packet, and transmits the distribution packet generated by the distribution packet transmission unit to the receiving terminal.

  Therefore, when the receiving terminal has a function of detecting falsification of a packet corresponding to digital broadcast content distributed and a function of verifying the validity of a hash value, secure message authentication can be realized. On the other hand, even when the receiving terminal does not have the above functions, verification packets are defined independently of existing packets, and these verification packets are inserted so as not to affect the existing packets. Therefore, conventional terrestrial digital broadcasting can be received while maintaining compatibility of specifications.

  (2) The present invention relates to the digital broadcast content distribution apparatus of (1), wherein the hash value calculation means (for example, equivalent to the hash value calculation 14 in FIG. 2) distributes packets corresponding to the digital broadcast content. Accordingly, a digital broadcast content distribution apparatus is proposed in which the number of packets for calculating a hash value is varied.

  According to this invention, the hash value calculation means varies the number of packets for calculating the hash value in accordance with the distribution interval of the packets corresponding to the digital broadcast content. That is, since the number of packets for calculating the hash value can be varied according to the availability of existing packets, a verification packet can be generated while taking control within the transmission bandwidth rate into consideration. Moreover, since a plurality of existing packets are collected and one verification packet is generated, it is possible to prevent an unnecessary increase in data capacity.

  (3) According to the present invention, in the digital broadcast content distribution apparatus of (1) or (2), the hash value calculation means (for example, equivalent to the hash value calculation 14 in FIG. 2) corresponds to the digital broadcast content. The packet is divided into an arbitrary number of packet groups, the hash value of the preceding packet group and the hash value of the subsequent packet group are sequentially multiplexed, and the hash value of the entire arbitrary number of packet groups is calculated. The digital broadcast content distribution apparatus is characterized in that the verification packet generation means (for example, corresponding to the verification packet generation unit 16 in FIG. 2) stores a hash value of the entire arbitrary number of packets. ing.

  According to this invention, the hash value calculation means divides the packet corresponding to the digital broadcast content into an arbitrary number of packet groups, and sequentially multiplexes the hash value of the preceding packet group and the hash value of the subsequent packet group. The hash value of the entire arbitrary number of packet groups is calculated, and the verification packet generating means stores the hash value of the entire arbitrary number of packet groups.

  That is, in the case of conventional broadcast distribution, unlike other data distribution, packet re-transmission cannot be performed when packet loss occurs. However, in the present invention, for the divided packet group, the hash value of the preceding packet group and the hash value of the subsequent packet group are sequentially multiplexed, and the hash value of the entire divided packet group is calculated and stored. Thus, loss tolerance against packet loss can be increased.

  (4) The present invention relates to the content distribution device for digital broadcasting of (3), wherein the hash value calculation means (for example, equivalent to the hash value calculation 14 of FIG. 2) is divided into the arbitrary number of divided packet groups, respectively. A digital broadcast content distribution apparatus is proposed in which a hash value of each packet group is calculated for an arbitrarily sampled packet among the included packets.

  According to the present invention, since the hash value calculation means calculates the hash value of each packet group for each arbitrarily sampled packet out of each packet included in the divided arbitrary number of packet groups, the processing load is reduced. Can be reduced.

  (5) In the content distribution device for digital broadcasting of (3), the present invention provides the verification packet generation means (for example, corresponding to the verification packet generation unit 16 in FIG. 2) to the arbitrary number of divided packet groups. There has been proposed a digital broadcast content distribution apparatus that stores a plurality of corresponding hash values according to a predetermined redundancy.

  According to the present invention, since the verification packet generation unit stores a plurality of hash values corresponding to an arbitrary number of divided packet groups according to the predetermined redundancy, resistance to packet loss can be enhanced.

  (6) In the digital broadcast content distribution apparatus according to (1), the signature generation unit (for example, equivalent to the signature generation unit 15 in FIG. 2) combines all hash values stored in the verification packet. A digital signature is performed with a secret key generated by the key generation means (e.g., corresponding to the public key / secret key generation unit 11 in FIG. 2), and the digital signature is encoded with an error correction code. And the verification packet generation means (e.g., corresponding to the verification packet generation unit 16 in FIG. 2) encodes the digital signature divided into an arbitrary number for the preceding packet group. 2. The digital broadcast content distribution apparatus according to claim 1, wherein digital signatures are stored one by one in the verification packet.

  According to this invention, the signature generation means combines all the hash values stored in the verification packet, performs a digital signature with the generated secret key, encodes the digital signature with the error correction code, The digitized digital signature is divided into an arbitrary number, and the verification packet generation means stores the encoded digital signature divided into an arbitrary number of the preceding packet group one by one in the verification packet.

  Therefore, since the encoded digital signature is divided into an arbitrary number and stored one by one in the verification packet, it is possible to prevent falsification of data and reduce the number of buffers. In addition, since the digital signature is encoded by an error correction code and further divided, it is possible to obtain sufficient resistance against a burst error.

  (7) The present invention is a digital broadcast content authentication system comprising a broadcast station provided with the digital broadcast content distribution device of (1) to (6) and a receiving terminal that receives the distributed digital broadcast content. The receiving terminal receives a public key receiving means (for example, equivalent to the verification information receiving unit 25 in FIG. 3) and a distribution packet receiving means (for example, in FIG. 3) that receives the distribution packet. A packet receiving unit 21), a hash value of a packet corresponding to the received digital broadcast content of any number, and the calculated hash value and the hash value stored in the received verification packet; Hash value verification means (for example, equivalent to the hash value verification unit 22 in FIG. 3), and a signature stored and encoded in the received verification packet Are combined, and the signature is restored by decoding the error correction code (for example, equivalent to the signature restoration unit 23 in FIG. 3), and the public key receiving means receives the restored signature. Digital broadcast content authentication comprising: signature verification means (for example, equivalent to signature verification unit 24 in FIG. 3) that verifies with a key and collates with a hash value calculated from the received verification packet A system is proposed.

  According to the present invention, with respect to the digital broadcast content distribution apparatuses (1) to (6), the public key receiving means at the receiving terminal receives the public key, and the distribution packet receiving means receives the distribution packet. Then, the hash value verification means calculates the hash value of the packet corresponding to the received arbitrary number of contents for digital broadcasting, collates the calculated hash value with the hash value stored in the received verification packet, The signature restoring means combines the signatures stored and encoded in the received verification packet and decodes the error correction code to restore the signature. Then, the signature restored by the signature verification unit is verified by the public key received by the public key reception unit, and verified with the hash value calculated from the received verification packet.

  Accordingly, since the packet tampering detection is executed by the hash value verification unit and the validity of the packet can be verified by the signature verification unit, safe message authentication can be realized.

  (8) The present invention is a digital broadcast content authentication method in a digital broadcast content authentication system comprising a broadcast station that distributes digital broadcast content in packets and a receiving terminal that receives the distributed digital broadcast content. The broadcasting station generates a public key and a secret key (for example, corresponding to step S301 in FIG. 10), and a second step of transmitting the generated public key to the receiving terminal ( For example, corresponding to step S302 in FIG. 10), a third step of calculating a hash value of a packet corresponding to the digital broadcast content to be distributed, a fourth step of generating a signature for the hash value, and the calculation Generating a verification packet storing at least one of the generated hash value and the generated signature Step (for example, equivalent to step S303 in FIG. 10) and a sixth step (for example, step in FIG. 10) for inserting the verification packet between the digital broadcast content packets at an arbitrary interval to generate a distribution packet (Equivalent to S304), a seventh step (for example, equivalent to step S305 in FIG. 10) of transmitting the generated distribution packet to the receiving terminal, and an eighth step of receiving the public key by the receiving terminal And a ninth step of receiving the distribution packet, and calculating a hash value of the packet corresponding to the received arbitrary number of contents for digital broadcasting, and storing the calculated hash value and the received verification packet A tenth step (for example, corresponding to step S306 in FIG. 10) for comparing the received hash value and the received verification. An eleventh step (for example, corresponding to step S307 in FIG. 10) of restoring the signature by combining the signature stored and encoded in the packet and decoding the error correction code; and the restored signature And a twelfth step (for example, corresponding to step S309 in FIG. 10) for verifying with the received public key and collating with a hash value calculated from the received verification packet. A content authentication method for broadcasting is proposed.

  According to the present invention, the broadcasting station generates a public key and a secret key, and transmits the generated public key to the receiving terminal. In addition, a hash value of a packet corresponding to the content for digital broadcasting to be distributed is calculated, a signature for the hash value is generated, and a verification packet storing at least one of the calculated hash value and the generated signature is stored. Generate. Then, verification packets are inserted between the digital broadcast content packets at arbitrary intervals, a distribution packet is generated, and the generated distribution packet is transmitted to the receiving terminal. On the other hand, the receiving terminal receives the public key and the distribution packet, calculates the hash value of the packet corresponding to the arbitrary number of digital broadcast contents received, and calculates the calculated hash value and the received verification packet. The hash value stored in is checked. Then, the signed signature stored in the received verification packet is combined, the error correction code is decoded, the signature is restored, the restored signature is verified with the received public key, and the received verification Check against the hash value calculated from the packet.

  Therefore, secure message authentication in terrestrial digital broadcasting can be realized by verifying the alteration of the packet and the validity of the hash value.

  (9) According to the present invention, authentication of digital broadcast content in a digital broadcast content authentication system comprising a broadcasting station that distributes digital broadcast content in packets and a receiving terminal that receives the distributed digital broadcast content is performed on a computer. A program for execution, wherein the broadcasting station generates a public key and a secret key (for example, corresponding to step S301 in FIG. 10), and the generated public key is used as the receiving terminal. A second step (for example, corresponding to step S302 of FIG. 10), a third step of calculating a hash value of a packet corresponding to the digital broadcast content to be distributed, and generating a signature for the hash value Fourth step and at least one of the calculated hash value and the generated signature A fifth step (for example, equivalent to step S303 in FIG. 10) for generating a verification packet for storing the method, and inserting the verification packet between the digital broadcast content packets at arbitrary intervals to generate a distribution packet A sixth step (for example, corresponding to step S304 in FIG. 10), a seventh step for transmitting the generated distribution packet to the receiving terminal (for example, corresponding to step S305 in FIG. 10), and the receiving terminal Calculating the hash value of the packet corresponding to the received digital broadcast content, the eighth step of receiving the public key, the ninth step of receiving the distribution packet, and the calculation A tenth step (for example, the step of FIG. 10) for comparing the hash value stored in the received verification packet with the hash value stored in the received verification packet. And an eleventh step for restoring the signature by combining the encoded signature stored in the received verification packet and decoding the error correction code (for example, FIG. 10). And a twelfth step (for example, equivalent to step S309 in FIG. 10) that verifies the restored signature with the received public key and collates with a hash value calculated from the received verification packet. ) And a program for causing a computer to execute.

  According to the present invention, the broadcasting station generates a public key and a secret key, and transmits the generated public key to the receiving terminal. In addition, a hash value of a packet corresponding to the content for digital broadcasting to be distributed is calculated, a signature for the hash value is generated, and a verification packet storing at least one of the calculated hash value and the generated signature is stored. Generate. Then, verification packets are inserted between the digital broadcast content packets at arbitrary intervals, a distribution packet is generated, and the generated distribution packet is transmitted to the receiving terminal. On the other hand, the receiving terminal receives the public key and the distribution packet, calculates the hash value of the packet corresponding to the arbitrary number of digital broadcast contents received, and calculates the calculated hash value and the received verification packet. The hash value stored in is checked. Then, the signed signature stored in the received verification packet is combined, the error correction code is decoded, the signature is restored, the restored signature is verified with the received public key, and the received verification Check against the hash value calculated from the packet.

  Therefore, secure message authentication in terrestrial digital broadcasting can be realized by detecting packet tampering and validating the hash packet.

  According to the present invention, since it is possible to verify the alteration of a packet and the validity of a hash value, there is an effect that an unauthorized third party impersonation in terrestrial digital broadcasting can be detected and secure message authentication can be realized.

  According to the present invention, for the divided packet group, the hash value of the preceding packet group and the hash value of the subsequent packet group are sequentially multiplexed, and the hash value of the entire divided packet group is calculated and stored. Thus, there is an effect that it is possible to increase the loss tolerance against the packet loss.

  Furthermore, according to the present invention, since the verification packet is defined independently of the existing transmission packet in the terrestrial digital broadcasting, and the verification packet is inserted in the gap between the existing transmission packets, regardless of the function of the receiving terminal, There is an effect that compatibility of specifications can be maintained.

  In addition, since the encoded digital signature is divided into an arbitrary number and stored in the verification packet one by one, it is possible to prevent data tampering and to reduce the number of buffers. effective. In addition, since the digital signature is encoded by an error correction code and further divided, there is an effect that sufficient resistance against burst errors can be obtained.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

  In addition, the present invention is a feature of terrestrial digital broadcasting. 1) Packet loss cannot be detected explicitly. 2) Data is transmitted and received in packet units. 3) A one-way data distribution service from a broadcasting station to a receiving terminal. 4) The same content is distributed simultaneously to all users. 5) Since real-time processing is premised on both the transmission and reception sides, secure message authentication in digital broadcasting is realized while considering various characteristics such as the need to minimize the data size to be buffered.

<Configuration of distribution packet>
With reference to FIG. 1, the configuration of a distribution packet in conventional digital broadcasting and the configuration of a distribution packet in the present embodiment will be described.
As shown in FIG. 1A, the distribution packets in the conventional digital broadcasting are TS (Transport Stream) packets (indicated as TSP in the figure) are randomly arranged in time series according to the distribution timing. .

  On the other hand, as shown in FIG. 1B, the delivery packet in the present embodiment has a configuration in which a verification packet (indicated as VP in the figure) is inserted in a gap between TS packets in conventional digital broadcasting.

  Here, the verification packet is a packet that stores a hash value of the TS packet and a signature for the hash value. In this embodiment, for each TS packet, a hash value is calculated by an after-mentioned method for an arbitrary number of TS packets, and the calculated hash value is stored in the verification packet.

  Also, a signature is performed for a combination of a plurality of hash values. This signature is encoded with an error correction code, and then divided and stored in a plurality of verification packets. The receiving terminal can verify whether the content has been distributed from the correct broadcasting station by restoring the signature and verifying it with the hash value.

<Configuration of digital broadcast content distribution device>
The configuration of the digital broadcast content distribution apparatus will be described with reference to FIG.
As shown in FIG. 2, the digital broadcast content distribution apparatus includes a public key / private key generation unit 11, a public key certificate reception unit 12, a verification information distribution unit 13, a hash value calculation unit 14, and a signature generation. The unit 15 includes a verification packet generation unit 16, a packet insertion unit 17, and a packet distribution unit 18.

  The public key / private key generation unit 11 generates a public key for the receiving terminal to verify the validity of the signature and a secret key used to generate a signature value in the signature packet. The public key certificate receiving unit 12 receives a public key certificate issued from a certificate authority, and the receiving terminal can verify the validity of the public key using the public key certificate. The verification information distribution unit 13 distributes the public key generated by the public key / private key generation unit 11 and the public key certificate received by the public key certificate reception unit 12 from the certificate authority to a plurality of receiving terminals.

  The hash value calculation unit 14 calculates the hash value of the packet corresponding to the digital broadcast content to be distributed. The hash value calculation unit 14 can vary the number of packets for calculating the hash value according to the distribution interval of the packets corresponding to the digital broadcast content. Also, the packet corresponding to the content for digital broadcasting is divided into an arbitrary number of packet groups, and the hash value of the preceding packet group and the hash value of the subsequent packet group are sequentially multiplexed, so that the entire arbitrary number of packet groups Calculate the hash value of. Further, a hash value of each packet group is calculated for an arbitrarily sampled packet among the packets included in the divided packet group.

  The signature generation unit 15 generates a signature for the hash value calculated by the hash value calculation unit 14. The verification packet generation unit 16 generates a verification packet that stores at least one of the hash value calculated by the hash value calculation unit 14 and the signature generated by the signature generation unit 15. Note that the verification packet generation unit 16 stores a plurality of hash values corresponding to the divided packet groups according to a predetermined redundancy.

  The packet insertion unit 17 inserts the verification packet generated by the verification packet generation unit 16 into the existing TS packet distribution gap, and generates a distribution packet to be distributed to the receiving terminal. The packet distribution unit 18 distributes the distribution packet generated by the packet insertion unit 16 to the receiving terminal.

<Configuration of receiving terminal>
Next, the configuration of the receiving terminal will be described with reference to FIG.
As shown in FIG. 3, the receiving terminal includes a packet receiving unit 21, a hash value verification unit 22, a signature restoration unit 23, a signature verification unit 24, and a verification information reception unit 25.

  The packet receiving unit 21 receives the distribution packet distributed from the packet distribution unit 18 of the digital broadcast content distribution apparatus, and outputs it to the subsequent hash value verification unit 22. The hash value verification unit 22 calculates a hash value of a packet corresponding to an arbitrary number of digital broadcasting contents in the received distribution packet, and calculates the calculated hash value and the hash value stored in the received verification packet. Verify by collating.

  The signature restoration unit 23 combines the signatures stored and encoded in the received verification packet, and restores the signature by decoding the error correction code. The signature verification unit 24 verifies the restored signature using the public key received from the verification information reception unit 25 described later, and compares it with the hash value calculated from the received verification packet. The verification information receiving unit 25 receives a public key used for confirming the validity of the signature and a public key certificate for verifying the validity of the public key from the content distribution apparatus for digital broadcasting.

<Verification Packet Placement and Hash Value Derivation Method from TS Packet>
Next, the arrangement of the verification packet (VP) and a method for deriving the hash value from the TS packet will be described with reference to FIG.
Here, in the figure, “TS” indicates TS packets, which are arranged in m × (n1 + n2 +... + Nm) time series according to the transmission order, That is, the verification packet (VP) is arranged in the gap between the TS packets to be transmitted. In the figure, m × (n1 + n2 +... + Nm) consecutive TS packets are hereinafter referred to as “lower blocks”.

  As shown in FIGS. 4 and 5, the method for deriving the hash value from the TS packet is to first divide the TS packet into blocks for each arbitrary number, and within the first block (consisting of n1 TS packets). The 1 to n1 TS packets arbitrarily sampled in step 1 are collected and a hash value HV1 is calculated (step S101). Here, the processing load can be reduced by performing sampling in calculating the hash value.

  The next hash value HV2 combines 1 to n2 TS packets arbitrarily sampled in the subsequent next block (consisting of n2 TS packets) and the previous hash value HV1 obtained previously, This is the hash value obtained by inputting to the hash function (step S102).

  Then, the above processing is repeatedly executed to calculate the hash value HVm for the m-th block. Here, this HVm is stored in a verification packet (VP) immediately after this block as a packet hash value of a lower block composed of m × (n1 + n2 +... + Nm) continuous TS packets (step S103).

  Therefore, according to the above method, there is an advantage that the calculation load of the packet hash value HVm can be reduced by hierarchizing the derivation of the hash value. In addition, by using the above-described method, there is an advantage that the buffer on the broadcasting station side, which is a condition for transmitting data in real time, can be zero.

<Packet hash value chaining>
The packet hash value chaining process will be described with reference to FIGS. 6 and 7.
In FIG. 6, a block of u verification packets (VP) is referred to as “upper block”. Here, a signature is generated for each hash value in u verification packets (VP).

  As shown in FIG. 6, when focusing on one verification packet (VP), a packet hash value generated from k blocks before the verification packet (VP) is copied to the verification packet (VP). Is multiplexed. More specifically, as shown in FIG. 7, when the packet hash values are represented by 1 to 8, all packet hash values are multiplexed with a redundancy of 6 across the upper block where the packet hash values are continuous.

  As described above, by multiplexing all packet hash values with the same redundancy, it is possible to improve resistance to packet loss.

<Signature generation, encoding and storage processing>
Next, signature generation, encoding, and storage processing will be described with reference to FIGS.
First, as shown in FIG. 6, u packet hash values from PHV1 to PHVu are generated in the i-th upper block (step S201), and the generated u packet hash values are combined and made public. A digital signature is generated using the secret key generated by the key / secret key generation unit 11 as a signature key (step S202).

  Next, the generated digital signature is encoded by an error correction code such as a repetitive code or a Reed-Solomon code (step S203). Then, the generated codeword is divided into u pieces, and stored as Sig (i, 1)... Sig (i, u) one by one in the verification packet (VP) in the (i + 1) th upper block (step S204). ).

  FIG. 7 shows a specific example of the above. According to this figure, after the digital signature is signed and encoded, it is divided into four, and the four codewords a and b are divided. , C, d are stored one by one in the verification packet (VP) in the subsequent i-th upper block.

  In this way, by generating a digital signature, encoding it with an error correction code, dividing it, and storing the divided codewords one by one in a verification packet (VP) in the subsequent upper block, The amount of data to be buffered can be reduced, and sufficient tolerance can be obtained against burst errors. In addition, it is possible to prevent falsification of data by applying a digital signature.

<Specific example of decoding and division by repetition code>
FIG. 9 shows a specific example of decoding and division using repetitive codes.
According to this figure, when the digital signature of the i-th upper block is “1010011011... 10101”, encoding with a repetitive code (FIG. 9 shows a case of double repetition) is performed. , “1010011011... 10101” and “1010011011... 10101” are generated.

  Next, the generated code word is divided into u pieces, and Sig (i, 1), Sig (i, 2), Sig (i, 3),... Sig (i, u-2), Sig (I, u-1) and Sig (i, u) are obtained and stored one by one in the verification packet (VP) of the (i + 1) -th upper block. The above processing is the same for other error correction codes.

<Processing in digital broadcasting content authentication system>
Next, processing in the digital broadcast content authentication system will be described with reference to FIG.
First, a broadcast station (digital broadcast content distribution apparatus) generates a public key and a private key for generating a signature in the public key / private key generation unit 11 (step S301). The broadcast station (digital broadcast content distribution apparatus) transmits the public key generated by the public key / private key generation unit 11 and the public key certificate issued by the certificate authority to the receiving terminal (step S302).

  Next, the broadcast station (digital broadcast content distribution device) calculates the hash value of the packet corresponding to the digital broadcast content to be distributed in the hash value calculation unit 14 and the signature generation unit 15 applies the calculated hash value to the hash value. In addition to generating a signature, the verification packet generator 16 generates a verification packet storing the calculated hash value and the generated signature in the manner shown in FIGS. 5 and 8 (step S303).

  The broadcast station (digital broadcast content distribution apparatus) that generated the verification packet generates a digital broadcast content distribution packet by inserting the generated verification packet into the gap between the TS packets at a predetermined interval (step S304). The distribution packet is distributed to the receiving terminal (step S305).

  On the other hand, the receiving terminal receives the distribution packet at the packet receiving unit 21, calculates the hash value of the packet corresponding to the digital broadcast content in the received distribution packet at the hash value verification unit 22, and calculates the calculated hash value And the hash value stored in the received verification packet are verified (step S306).

  Further, the coded signatures received in division are combined to obtain a code word, and the signature is restored by decoding the error correction code (step S307). Further, the restored signature is verified with the public key received from the broadcast station (digital broadcast content distribution apparatus) and collated with u packet hash values of the upper block collected from the received verification packet (step S308).

  Therefore, according to the present embodiment, by performing the processing as described above, it is possible to prevent content distribution of unauthorized persons due to impersonation or the like, and to realize a safe broadcasting service.

  Even if the receiving terminal does not have the above functions, verification packets are defined independently from existing packets, and these packets are inserted so as not to affect existing packets. The conventional terrestrial digital broadcasting can be received while maintaining the compatibility of the specifications.

  In addition, in the calculation of the hash value, the number of packets for calculating the hash value can be varied according to the free state of the existing packet, so that the verification packet can be generated while considering the control within the transmission bandwidth rate. it can. Moreover, since a plurality of existing packets are collected and one verification packet is generated, it is possible to prevent an unnecessary increase in data capacity.

  Furthermore, considering the characteristics of broadcast distribution, for the divided packet group, the hash value of the preceding packet group and the hash value of the subsequent packet group are sequentially multiplexed to calculate the hash value of the entire divided packet group. By storing them, loss tolerance against packet loss can be increased.

  Further, since the hash value of each packet group is calculated for the arbitrarily sampled packet among the packets included in the divided packet group, the processing load can be reduced. In addition, since a plurality of hash values corresponding to the divided packet groups are stored according to a predetermined redundancy, resistance to packet loss can be increased.

  Furthermore, since the encoded digital signature is divided into an arbitrary number and stored one by one in the verification packet, it is possible to prevent falsification of the data and reduce the number of buffers. In addition, since the digital signature is encoded by an error correction code and further divided, it is possible to obtain sufficient resistance against a burst error.

  Each process of the digital broadcast content distribution apparatus and the reception terminal is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read by the digital broadcast content distribution apparatus and the reception terminal and executed. As a result, the digital broadcast content distribution apparatus and digital broadcast content authentication system of the present invention can be realized. The computer system here includes an OS and hardware such as peripheral devices.

  Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention. For example, in FIG. 4, the example in which the verification packet is provided after the series of TS packets has been described. However, the configuration is not limited thereto, and the configuration may be such that the verification packet is arranged in front of the series of TS packets. In this case, when the first series of packets has been transmitted to the receiving terminal, it is possible to expect the effect that the falsification detection process can be executed on these series of packets first. In addition, since the signature can be verified, an effect of shortening the processing time can be expected.

  In this embodiment, the case where both the hash value and the signature are stored in the verification packet has been described. However, the present invention is not limited to this, and only the hash value is stored in the verification packet or only the signature is stored. There may be.

  The present invention can realize a safe digital terrestrial broadcasting service. For example, the purpose of use of a one-seg compatible mobile terminal that has been attracting attention in recent years has been expanded, and an added value such as provision of a broadcasting service in a region. We can expect to provide services including

It is a figure which shows the structure of the delivery packet in the conventional terrestrial digital broadcasting, and the structure of the delivery packet in this embodiment. It is a figure which shows the structure of the content delivery apparatus for terrestrial digital broadcasting which concerns on this embodiment. It is a figure which shows the structure of the receiving terminal which concerns on this embodiment. It is a figure which shows the arrangement | positioning method of the verification packet which concerns on this embodiment, and the derivation method of the hash value from TS packet. It is a flowchart which shows the derivation method of the hash value from TS packet which concerns on this embodiment. It is a figure which shows the division | segmentation arrangement | positioning of the multiplexing of the packet hash value in the verification packet which concerns on this embodiment, and a signature. It is a figure which shows typically the multiplexing of the packet hash value in the verification packet which concerns on this embodiment, and the division | segmentation arrangement | positioning of a signature. It is a flowchart which shows the production | generation of a signature concerning this embodiment, an encoding, and a storage process. It is a figure which shows the specific example of the encoding and division | segmentation process of the signature which concerns on this embodiment. It is a flowchart which shows the process in the content authentication system for digital broadcasting which concerns on this embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 11 ... Public key / private key generation unit 12 ... Public key certificate reception unit 13 ... Verification information distribution unit 14 ... Hash value calculation unit 15 ... Signature generation unit 16 ... Verification packet Generation unit 17 ... packet insertion unit 18 ... packet distribution unit 21 ... packet reception unit 22 ... hash value verification unit 23 ... signature restoration unit 24 ... signature verification unit 25 ... verification Information receiver

Claims (9)

A digital broadcast content distribution apparatus for distributing digital broadcast content to a receiving terminal,
Key generation means for generating a public key and a private key;
Public key transmitting means for transmitting the public key generated by the key generating means to the receiving terminal;
Hash value calculation means for calculating a hash value of a packet block consisting of at least one packet corresponding to the content for digital broadcasting to be distributed;
Signature generating means for generating a signature for the combined data of at least one hash value calculated by the hash value calculating means;
The hash value calculated by the hash value calculation means and the divided data of the signature generated by the signature generation means for the packet block group preceding the packet block group corresponding to the combined data including the hash value are 1 Verification packet generation means for generating verification packets to be stored one by one ;
A delivery packet generator for inserting the verification packet between the digital broadcast content packets at an arbitrary interval to generate a delivery packet;
Distribution packet transmitting means for transmitting the generated distribution packet to the receiving terminal;
A content distribution apparatus for digital broadcasting, comprising:   2. The digital broadcast content distribution according to claim 1, wherein the hash value calculation unit varies the number of packets for calculating a hash value according to a distribution interval of packets corresponding to the digital broadcast content. apparatus. The hash value calculation unit, wherein the packet block corresponding to the digital broadcasting content is divided into packets of an arbitrary number, the hash value of the preceding packet group and sequentially multiplexes the subsequent packets, before Kipa While calculating the hash value of the ket block ,
The verification packet generating means, before the digital broadcast content delivery apparatus according to claim 1 or claim 2, characterized in that storing a hash value of Kipa socket block. The hash value calculation means, among the packets included in each of divided the arbitrary number of packets, with packets sampled optionally, claim 3, characterized in that to calculate the hash value of the packet block The content distribution apparatus for digital broadcasting as described in 2. The verification packet generation means, any one of claims 1, wherein the storing a plurality of hash values corresponding to the packet block multiple to one of said verification packets according to a predetermined redundancy claim 4 The content distribution apparatus for digital broadcasting as described in 2. The signature generation unit combines hash values of a plurality of packet blocks , performs a digital signature with the secret key generated by the key generation unit, encodes the digital signature with an error correction code, and performs the encoded digital While dividing the signature into an arbitrary number,
6. The verification packet generation unit stores the encoded digital signatures divided into an arbitrary number of preceding packet block groups one by one in the verification packet . A digital broadcast content distribution apparatus according to any one of the above. A digital broadcast content authentication system comprising: a broadcast station comprising the digital broadcast content distribution device according to any one of claims 1 to 6 ; and a receiving terminal that receives the distributed digital broadcast content. ,
The receiving terminal is
Public key receiving means for receiving the public key;
A delivery packet receiving means for receiving the delivery packet;
A hash value verification means for calculating a hash value of a packet block corresponding to the received arbitrary number of contents for digital broadcasting, and comparing the calculated hash value with a hash value stored in the received verification packet; ,
And signature restoration means for combining the divided data stored in the received the verification packet, to restore the signature,
A signature verification unit that verifies the restored signature with the public key received by the public key reception unit, and collates with combined data of hash values calculated from the received verification packet;
A content authentication system for digital broadcasting, comprising: A digital broadcast content authentication method in a digital broadcast content authentication system comprising a broadcast station that distributes digital broadcast content in packets and a receiving terminal that receives the distributed digital broadcast content,
The broadcasting station
A first step of generating a public key and a private key;
A second step of transmitting the generated public key to the receiving terminal;
A third step of calculating a hash value of a packet block composed of at least one packet corresponding to digital broadcast content to be distributed;
A fourth step of generating a signature for binding data of at least one hash value the calculated,
A verification packet is generated for storing the calculated hash value and the divided data of the signature generated one by one for the packet block group preceding the packet block group corresponding to the combined data including the hash value . 5 steps,
A sixth step of inserting the verification packet between the digital broadcast content packets at an arbitrary interval to generate a distribution packet;
A seventh step of transmitting the generated distribution packet to the receiving terminal;
The receiving terminal is
An eighth step of receiving the public key;
A ninth step of receiving the delivery packet;
A tenth step of calculating a hash value of a packet block corresponding to the received arbitrary number of contents for digital broadcasting and comparing the calculated hash value with a hash value stored in the received verification packet; ,
Combining the divided data stored in the received the verification packet, the eleventh step of restoring the signature,
A twelfth step of verifying the restored signature with the received public key and verifying with the combined data of hash values calculated from the received verification packet;
A content authentication method for digital broadcasting, comprising: A broadcast station that the packet distributing digital broadcast contents, a program for causing perform authentication of the receiving terminal and have contact to the digital broadcasting content authentication system digital broadcast contents consisting of receiving the distributed digital broadcast contents were There,
The broadcasting station
A first step of generating a public key and a private key;
A second step of transmitting the generated public key to the receiving terminal;
A third step of calculating a hash value of a packet block composed of at least one packet corresponding to digital broadcast content to be distributed;
A fourth step of generating a signature for binding data of at least one hash value the calculated,
A verification packet is generated for storing the calculated hash value and the divided data of the signature generated one by one for the packet block group preceding the packet block group corresponding to the combined data including the hash value . 5 steps,
A sixth step of inserting the verification packet between the digital broadcast content packets at an arbitrary interval to generate a distribution packet;
A seventh step of transmitting the generated distribution packet to the receiving terminal;
The receiving terminal is
An eighth step of receiving the public key;
A ninth step of receiving the delivery packet;
A tenth step of calculating a hash value of a packet block corresponding to the received arbitrary number of contents for digital broadcasting and comparing the calculated hash value with a hash value stored in the received verification packet; ,
Combining the divided data stored in the received the verification packet, the eleventh step of restoring the signature,
A twelfth step of verifying the restored signature with the received public key and verifying with the combined data of hash values calculated from the received verification packet;
A program to be run.

Images