JPH0550172B2 - - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION Field of Industrial Application The present invention relates to an encrypted digital broadcast receiving device that can be used in a paid CATV (cable television system) or a paid satellite broadcasting system.

Conventional technology Some conventional paid broadcasting systems use a specific format that is not disclosed to the public, or use confidential data to prevent unauthorized viewing. Analog data privacy involves processing the baseband signal using a conversion means, and then using an inverse conversion circuit in the receiving equipment to restore the original signal. For example, there is a method of inverting the video synchronization signal from time to time.

Problems to be Solved by the Invention In such conventional techniques, the secret algorithm was easily stolen, and eavesdropping was relatively easy. Additionally, there are problems such as signal deterioration due to confidential information. Moreover, it has been difficult to realize a function of transmitting a specific signal from the transmitting side to remotely control the operation of individual receivers.

In view of this problem, the present invention performs highly stable polarization and encryption without signal deterioration in paid digital broadcasting, and transmits the functional operation of a specific channel or specific receiving device according to the contract details. An object of the present invention is to provide an encrypted digital broadcast receiving device for use in a system that can be remotely controlled from the side.

Means for Solving the Problems In order to solve the above conventional problems, the encrypted digital broadcast receiving device of the present invention includes means for receiving data broadcast through a transmission path, and an individual identification code given to the receiving device in advance. Identification code to accumulate
a ROM, a match detection means for extracting data corresponding to the identification code from received data and comparing it with data in the identification code ROM, and a second key or a group of keys to be updated at a low speed from the received data in the identification code ROM. a second decryption means for decoding using data to obtain a decryption key or a group of decryption keys; a storage means for storing the decryption key or a group of decryption keys obtained by the second decryption means; decryption key regeneration means for extracting a first key or key group to be updated and regenerating an actual decryption key from this and the decryption key or decryption key group; It is provided with a first decryption means for decrypting the received cipher text.

Effects According to the above configuration, the present invention is an encrypted digital broadcasting device that transmits a slowly updated encryption key or a group of encryption keys used for encryption of plain text to a receiving device identified by an identification code, respectively, using an identification code. When a broadcast signal is received via a transmission path, the signal is encrypted and then transmitted, and the broadcast signal is encrypted and broadcast using an encryption key that is updated at high speed or a second encryption key that is updated at low speed. The composite digital broadcast receiving device of the present invention extracts an identification code from data received through a transmission path, and compares it with data in an identification code ROM that is individually assigned to the receiving device in advance. If the match results, the identification code
The 24th decryption means decrypts the received low-speed transmission key or transmission key group using the data in the ROM. The composite key or decryption key group output from the second decryption means is stored in the decryption key storage means. On the other hand, if the comparison results in a mismatch, the received transmission key data is discarded and not taken into the storage means, as the data is destined for another receiving device.

A first key or key group to be updated at high speed is extracted from the received data, decrypted with data in the decryption key storage means, and output as an actual decryption key. It decrypts the received ciphertext using the actual decryption key and outputs the plaintext.

If the decryption key or the decryption key group is not correctly stored in the decryption key storage means, the received ciphertext will be illegally decrypted or not decrypted, so that it will operate to output something different from the plaintext.

Embodiment An embodiment of the present invention will be described below with reference to the drawings. The figure shows a block diagram of an encrypted digital broadcasting device and an encrypted digital broadcasting receiving device according to an embodiment of the present invention.

In the figure, 1 is a plaintext input terminal, 2 is an encryption key reproducing means, 20 is an encryption key selection means, 3 is a first identification code storage means, 4 is a second identification code storage means,
5 is a second encryption means, 6 is a first encryption means,
7 is a data sending means, 8 is the plain text input terminal 1 mentioned above.
to the data sending means 8 and the encryption key selection means 20
This is an encrypted digital broadcasting device that combines

Further, 9 is a transmission cable, 11 is a data receiving means, 12 is a coincidence detection means, 13 is a first identification code ROM, 14 is a second identification code ROM, 15
16 is a second decryption means, 16 is a decryption key storage means,
21 is a decryption key selection means, 17 is a first decryption means, 18 is a plain text output end, and 19 is an encrypted digital broadcast that combines the decryption key selection means 21 from the data receiving means 11 to the plain text output end 18. It is a receiving device.

The operations of the encrypted digital broadcasting device and the encrypted digital broadcasting receiving device of this embodiment configured as described above will be described below in order from the outline of the system.

The encrypted digital broadcasting device 8 is connected to a plurality of encrypted digital broadcasting receiving devices via a transmission cable 9. Encrypted digital broadcast receiving device 1 shown in the figure
9 is one of them. An individual identification code is set in the encrypted digital broadcast receiving device 19 at the time of manufacturing and shipping the device. First identification code ROM13 and second identification code ROM14
corresponds to this. The identification code is created by the organization that manages the system. When a contract is signed between a device user or contractor and a system administrator, the new contract details are written to the data file and updated. The encrypted digital broadcasting device 8 stores the latest contract content data of all subscribers in the first identification code storage means 3 and the second identification code storage means 4 so that the data can be accessed. Plaintext input terminal 1
The input program is encrypted by the first encryption means 6 and sent out and broadcast from the data sending means 7.

Instead of broadcasting the encryption key used by the first encryption means 6, the index number of the encryption key selected by the encryption key selection means 20 is broadcast from the data sending means 7 along with the program. A key table representing the correspondence between all index numbers and encryption keys is created by the encryption key generation means 2. The key table created by the encryption key generation means 2 is supplied to the encryption key selection means 20 and the second encryption means 5. When the encryption key selection means 20 selects one index number from the key table and supplies this index number to the data transmission means 7, the key table is referred to and the encryption key of the index number is selected from among the keys. A key is selected and output to the first encryption means 6. Using this encryption key, the first encryption means 6 encrypts the plaintext input from the plaintext input terminal 1 to create a ciphertext and supplies it to the data sending means 7. Note that the index number and encryption key selected by the encryption key selection means 20, that is, the first
The key or key group is updated every moment, approximately several times per second, using random numbers to prevent unauthorized viewing. With this update, even if the encryption key is illegally obtained by decoding the ciphertext, the encryption key changes from time to time, making it possible to prevent continuous eavesdropping. Furthermore, the key table (second key or key group) created by the encryption key generation means 2 is also updated at a low speed. As a result, even if the entire key table is stolen, the key table becomes meaningless after being updated after a certain period of time, making it possible to prevent unauthorized viewing.

In the encrypted digital broadcast receiving device 19, it is necessary to prepare a key table before broadcasting a program. The key table is delivered only to the contracted parties and devices. Since it is uneconomical to use a separate route, carrier wave, and channel for this delivery, the same channel as the program is time-resolved multiplexed and delivered. Furthermore, if the key table is known to a third party, there is a risk of illegal eavesdropping, so security must be ensured during delivery. Furthermore, in order to securely deliver a table of keys that differ depending on each device's different contracts to only the target device, different encryption is performed for each device. below,
This encryption will be explained.

The identification code for each encrypted digital broadcast receiving device is set to include a first identification code for identifying the device and a second identification code used as an encryption key. Note that the second identification code is uniquely determined by the system administrator in association with the first identification code, but is created in such a way that the first identification code is not necessarily determined from the second identification code. . The first identification code and the second identification code are stored in the first identification code storage means 3 and the second identification code storage means 4, respectively, as data of all subscribers.

Encryption of the key table for each individual device for safe delivery is performed in the second encryption means 5 using the second identification code retrieved from the second identification code storage means 4 as the encryption key. The table created in this way is called a transmission key table. Therefore,
Even if the key tables are the same, if the second identification code is different, the transmission key table encrypted by this will be different for each individual device. The transmission key table is created sequentially for all contracted devices. Using these data, the key table is delivered to one contracted device by packing the first identification code and the transmission key table and sending it out from the data sending means 7 along with other data. When the delivery of the key table to one contracted device is completed or to the next contracted device, the delivery is performed serially and the key table is distributed to all the contracted devices. Since the second key or key group is updated slowly, it is not updated at least until delivery to all contracted devices is completed. Deliveries are repeated taking into account transmission errors and receiving equipment that is not powered on.

The cipher text, index number, first identification code, and transmission key table described above are inputted to the data sending means 7 in relation to each other chronologically or in a data format. The data sending means 7 converts these data into a format suitable for modulation, and outputs the data to the transmission cable 9 on a PSK-modulated VHF band carrier wave. Depending on the scale of the system, the transmission cable 9 is connected to the end user's encrypted digital broadcast receiving device through linking, relaying, and distribution. The encrypted digital broadcast receiving device 19 is one of them.

The operation of an embodiment of the encrypted digital broadcast receiving apparatus of the present invention in a broadcasting system configured with the above system will be described.

In the encrypted digital broadcast receiving device 19, the data receiving means 11 receives multiplexed data through the transmission cable 9. The received multiplexed data is outputted from the data receiving means 11 according to its contents. A first identification code extracted from multiplexed data and a first identification code individually assigned to the receiving device in advance.
The data in the ROM 13 is compared with the data in the ROM 13 by the matching detection means 12. If the results match, the transmission key table extracted from the data received by the data receiving means 11 is decrypted by the second decrypting means 15 using the data of the second identification code ROM 14 as a decrypting key, and the decrypted key is extracted. Table decryption key storage means 16
Store in. In this way, the reception of the delivered key table is completed. The stored decrypted key table is supplied to the decryption key selection means 21.

The first identification code extracted from the multiplexed data and the data in the first identification code ROM 13 are
As a result of the comparison by the match detection means 12, if there is a mismatch, the data in the received key table is discarded as the pack data is data for another receiving device, and the data is not stored in the decryption key storage means 16. prohibit. In this case, reception of the key table is incomplete, but since the key table is delivered repeatedly in sequence, the first identification code of the device itself will be sent next.

On the other hand, the index number of the encryption key extracted from the received multiplexed data is supplied to the decryption key selection means 21, and the index number is decrypted from therein by referring to the decrypted key table inputted from the decryption key storage means 16. The key, that is, the actual decryption key is selected and output to the first decryption means 17.

Further, the ciphertext extracted from the received multiplexed data is supplied to the first decryption means 17, and is decrypted by the first decryption means 17 using the actual decryption key inputted from the decryption key selection means 21. , operates to output plaintext to the plaintext output terminal 18. In this way, the decryption of the receiving device with which the contract is valid is performed, the program is correctly decrypted, and the service is provided.

If the reception of the key table to be delivered has not yet been completed, it waits for its first identification code to be sent, and then, when the reception of the key table is completed,
Regular service is performed through the above-described operations.

Even at the time of broadcasting the program, if the delivered key table has not yet been received, the index number may be received but the corresponding decryption key is unknown, so the first decryption means 17 Since the received encrypted text is illegally decrypted or not decrypted at all, the output of the output terminal 18 is different from the plain text, and the program operates in such a way that the user cannot receive the program service. In such cases, mute the output.

Therefore, there are various cases in which the program service cannot be received, including the following: (a) In the case of uncontracted equipment, the receiving equipment does not operate because its first identification code is not broadcast.

(b) If it is a contracted device and the program or channel is not subscribed to, the part of the key table used for the program has not been delivered, so it will not work only for that program or channel.

(c) If the contract period has expired and the contract has not been renewed, the broadcasting of the first identification code will be stopped or incorrect data will be delivered to the key table, causing the receiving device to stop operating.

Although different from the embodiment of the present invention, the operation in the case of a spying device will be explained.

(d) In the case of unauthorized eavesdropping equipment, it is impossible to steal the key table from the broadcast data (transmission key table), so eavesdropping cannot be performed.

(E) If the key table is obtained illegally using an unauthorized eavesdropping device, the key table will be updated after a predetermined period of time, and the eavesdropping operation will stop after that.

(f) If the first identification code ROM and the second identification code ROM are illegally copied from a legitimate contracted device in an illegal eavesdropping device, the eavesdropping device becomes a clone of the contracted device; If you perform maintenance such as replacing the second identification code ROM during periodic inspections, the eavesdropping operation will stop from then on.

Note that in the above embodiment, the first identification code
Although the ROM and the second identification code ROM are described as independent configuration means, it goes without saying that they may be integrated into an equivalent identification code ROM.

Furthermore, the key table may have one key, and in this case, the data corresponding to the index number may be used for further encryption/decryption.
It is clear from the drawings and the above description. That is, the key table described in the embodiment is equivalent to a key or a group of keys.

Effects of the Invention As is clear from the above description, the present invention provides for sharing an identification code between an encrypted digital broadcasting device and an encrypted digital broadcasting receiving device, identifying the receiving device using the identification code, and remotely controlling the receiving device individually.
Since the configuration is configured to encrypt and decrypt information such as the key table (second key or key group) required to decrypt individual contracted programs, these individual information separately,
Can be delivered safely.

In addition, since the encryption key (first key or key group) can be updated at high speed (switched randomly and frequently), even if the transmission text is intercepted and temporary data is illegally decrypted, the encryption key (first key or key group) can be updated at high speed (randomly and frequently switched). Since the first key or key group) changes from moment to moment, it is almost impossible to decipher it continuously; in other words, the secret ability of the ciphertext is extremely high.

Further, the key table required for decrypting the authorized contracted equipment is encrypted with a different identification code for each individual equipment and delivered as a transmission key table, so the transmission key table is different for each individual equipment. Therefore, even if someone steals someone else's transmission key table, it is almost impossible to decrypt it. Also, this key table (second key or key group) is updated slowly, so even if the entire key table is stolen, it will be updated after a certain period of time, and the stolen key table is meaningless. As a result, it is possible to prevent eavesdropping. in this way,
It is possible to deliver the key table to each individual encrypted digital broadcast receiving device, and there is an effect that the key table can be delivered and received extremely safely.

Note that since the encryption is performed digitally, it goes without saying that there is no deterioration in the characteristics of the decrypted signal.

As described above, the present invention can realize an excellent encrypted digital broadcast receiving apparatus that can be used for, for example, CATV pay digital broadcasting, satellite pay broadcasting, and pay broadcasting that utilizes vacant terrestrial channels.

[Brief explanation of the drawing]

The drawing is a block diagram of an encrypted digital broadcasting device and an encrypted digital broadcasting receiving device according to an embodiment of the present invention. 1...Plaintext input terminal, 2...Encryption key generation means, 2
0... Encryption key selection means, 3... First identification code storage means, 4... Second identification code storage means, 5
... second encryption means, 6 ... first encryption means, 7 ... data transmission means, 8 ... encrypted digital broadcasting device, 9 ... transmission cable, 11 ... data reception means, 12 ... Match detection means, 13...first
Identification code ROM, 14...Second identification code
ROM, 15... second decryption means, 16... decryption key storage means, 21... decryption key selection means, 17...
...First decryption means, 18... Plaintext output end, 1
9... Encrypted digital broadcast receiving device.

Claims (1)

[Scope of Claims] 1. A means for individually encrypting and delivering a second key or group of keys that is updated slowly using an identification code unique to the receiving device, and a first key or group of keys that is updated at a high speed. encrypted digital broadcasting comprising: means for encrypting the encrypted data using the second key or key group and broadcasting the encrypted data to a plurality of receivers in common; and means for encrypting the plaintext using the first key or key group and broadcasting the encrypted data. A receiving device that receives a broadcast signal of the device, the device comprising: means for receiving data broadcast through a transmission path; an identification code ROM that stores an individual identification code given in advance to the receiving device; and an identification code ROM that stores the identification code from received data. a second key or a group of keys that is updated at a low speed from the received data, and a decryption key that is decoded using the data in the identification code ROM. or a second decryption means for obtaining a decryption key group, a storage means for storing the decryption key or decryption key group obtained by the second decryption means, and a first key or key that is updated at high speed from received data. decryption key reproducing means for extracting the group and regenerating the actual decryption key from this and the decryption key or the decryption key group;
An encrypted digital broadcast receiving apparatus comprising a first decryption means for decrypting a received encrypted text using an actual decryption key output from the decryption key reproduction means.