JPH11331803A - Encryption method, encryption device, digital contents reproduction device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the encryption system that easily extracts a PES(packetized elementary stream) packet from a TS(transport stream) packet without decoding encrypted information. SOLUTION: A packet selection circuit 102 classifies TS packets into TS packets that are encryption objects and TS packets that are not encryption objects. The encryption object packet is a TS packet that has a head of a PES packet, which is dividedly set in each payload of plural TS packets. An encryption circuit 103 encrypts only a data part except the header of the PES packet in the payload of the TS packet. A computer 200 easily extracts the PES packet from the TS packet without decoding encrypted data by encrypting only the data a head of the PES packet and sending the TS packet.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an encryption method and an encryption device for copy protection of digital content, and a digital content reproducing device such as a personal computer for reproducing the encrypted digital content.

[0002]

2. Description of the Related Art In digital satellite broadcasting, digital cable television, and the like, an encoded stream such as an image or audio is packetized into a variable length and packetized elementary stream (PES) defined by MPEG. After being converted to a packet, the PES packet is
A mechanism is used in which a plurality of fixed-length transport stream packet (TS) packets defined by G are divided into payloads and transmitted. Information such as images and sounds transmitted by TS packets is received and decoded by a dedicated tuner or set-top box, and output to a TV or the like.

In order to make such digital broadcast information available to devices such as a computer, a tuner or set-top box having a digital broadcast receiving function and a computer must be transmitted over an IEEE 1394 serial bus or the like. It is necessary to connect using a route and send a TS packet to a computer. The computer can reproduce the digital broadcast by extracting the PES packet from the received TS packet.

[0004]

However, if a TS packet without encryption is sent to a computer as it is, there is a risk that digital contents will be copied illegally. It is also conceivable to prevent the illegal copy by encrypting the entire TS packet transmitted via the IEEE 1394 serial bus. In this case, the encryption of the TS packet must be all once released at the interface with the IEEE 1394 serial bus. This is because it is difficult to extract the PES packet from the TS packet if the entire TS packet remains encrypted. However, in a computer, if the encryption is released at the interface with the IEEE 1394 serial bus,
The decrypted contents will flow on the internal bus of the computer, and the problem that the contents will be easily copied illegally occurs.

[0005] The present invention has been made in view of such circumstances, and an encryption and encryption apparatus capable of extracting a PES packet from a TS packet without decrypting the encryption, and an encryption method using the encryption apparatus. It is an object of the present invention to provide a digital content reproducing device for reproducing digitalized contents.

[0006]

SUMMARY OF THE INVENTION In order to solve the above-mentioned problems, according to the present invention, encoded video and audio streams are packetized into variable length packets, and the variable length packets are divided into fixed length packets. By arranging the encoded video and audio streams into one packet stream composed of the fixed-length transmission packets by arranging them in the payload of a plurality of transmission packets. An encryption method according to claim 1, wherein the data arranged in the payload of the transmission packet is referred to as the fixed-length transmission packet by referring to the header of each transmission packet in the packet stream to be transmitted. Identify whether or not it is the head of a variable-length packet accommodated in a divided manner. The remaining data portion excluding the header included in the variable length packet is encrypted, and for each transmission packet in which the beginning of the variable length packet is located, the data portion in the variable length packet included in the transmission packet is encrypted. It is characterized by transmitting.

In this encryption method, only the data at the head of the variable length packet is encrypted, not the entire transmission packet. Therefore, by referring to the header of the transmission packet and the header of the variable length packet, the variable length packet can be extracted from the transmission packet without decrypting the data. Also, information such as a time stamp included in the header of the variable-length packet can be referred to, and various control processes for content reproduction can be easily performed without decrypting the data.

Also, since only the data at the head of the variable length packet transmitted by being divided into a plurality of payloads of the transmission packet is encrypted, the variable length packet is reconstructed from the transmission packet. At this time, it is possible to easily determine where the reconstructed variable-length packet is encrypted.

That is, since encryption is generally performed in units of a fixed length determined by an encryption algorithm to be used, depending on the length of a data portion in a variable-length packet included in a payload of a transmission packet, encryption is performed. Some parts are not processed. The length of the payload of the transmission packet changes depending on the presence or absence of the adaptation field and its length. For this reason, if the data portions of all the divided variable-length packets are encrypted, the distribution between the encrypted portion and the non-encrypted portion differs for each reconstructed variable-length packet, and the data is reconstructed. It is difficult to determine where the variable-length packet is encrypted.

[0010] In particular, by encrypting data of a fixed length from the fixed position at the head of the variable length packet, the positions of the encryption units are completely matched between the reconstructed variable length packets. It becomes possible.

[0011] Further, the present invention, when the data arranged in the payload of the transmission packet is the head of the variable length packet divided and arranged in the plurality of transmission packet payloads, The type of the coded stream to which the variable-length packet belongs is determined by referring to the stream ID of the header included in the packet, and only the data part in the variable-length packet belonging to the specific coded stream is encrypted. And This allows for videos,
Even when various information such as a private stream and control data is transmitted by a transmission packet in addition to audio, only a specific encoded stream such as video and audio can be encrypted.

When the data portion of the variable-length packet is encrypted, the scramble control information included in the header portion of the variable-length packet is updated to indicate that the data portion is encrypted. Is preferred. Thus, encryption or non-encryption can be performed for each variable-length packet in one stream. Further, the decryption device can easily identify whether or not the variable-length packet is encrypted by referring to the scramble control information.

The packet stream further includes:
Table information indicating a relationship between a program transmitted by the packet stream and an encoded stream constituting the program is multiplexed as one of information transmitted by being divided into payloads of the plurality of transmission packets. In this case, too, in this case, the header part of the transmission packet and the first three bytes of the payload are checked to determine whether the data arranged in the payload of the transmission packet is the first part of the variable-length packet. Can be determined.

[0014] The present invention also relates to the present invention, wherein the data arranged in the payload of the transmission packet is the head of a variable length packet divided and arranged in the payload of the plurality of transmission packets. It is characterized in that whether or not the adaptation field is present in the packet is identified, and a transmission packet in which the adaptation field is present is excluded from encryption. As described above, by excluding the transmission packet having the adaptation field from the encryption target, the payload start position of the transmission packet is uniquely determined. Therefore, it is not necessary to calculate the payload start position of the transmission packet in consideration of the adaptation field length, and it is possible to easily check the first three bytes of the payload of the transmission packet.

[0015] Further, the present invention provides a method as described above, wherein the data arranged in the payload of the transmission packet is a head of a variable-length packet divided and arranged in the payload of the plurality of transmission packets. And encrypting data after a predetermined data length from the head of the payload of the use packet.

A variable-length packet such as video or audio is added with a header option including type stamp information in addition to a fixed-length header. Exists within 19 bytes from Therefore, by encrypting the data after the 19th byte of the header of the variable length packet, that is, the data after the 19th byte from the head of the payload of the transmission packet, the header of the transmission packet and the header size of the variable length packet are taken into consideration. Thus, only the necessary data part can be easily encrypted without calculating the data start position of the variable length packet.

[0017]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 shows the overall configuration of a digital content transmission system to which the encryption method of the present invention is applied. This encryption method uses a consumer electronic device (C, such as a set-top box, tuner, or VCR).
E) It is applied to digital contents such as video and audio handled by 100 and the personal computer 200. For example, when digital content is transmitted from the consumer electronic device (CE) 100 to the personal computer 200 via a transmission medium such as an IEEE 1394 serial bus, the digital content is encrypted in the consumer electronic device (CE) 100. Implemented and personal computer 200
The encryption is released with. Conversely, even when digital content is transmitted from the personal computer 200 to the consumer electronic device (CE) 100 via a transmission medium such as an IEEE 1394 serial bus, the digital content is encrypted in the personal computer 200. You.

Here, consumer electronic equipment (CE)
The encryption procedure will be described on the assumption that digital broadcast content such as digital satellite broadcast or digital cable television is transmitted from 100 to the personal computer 200.

First, a packet used for transmitting contents will be described. As described above, in digital satellite broadcasting, digital cable television, and the like, an encoded stream such as an image or audio is packetized into a variable length and packetized elementary stream (PES) defined by MPEG. After being converted into packets,
As shown in FIG.
A mechanism is used in which a plurality of fixed-length transport stream packet (TS) packets defined by G are divided into payloads and transmitted.

The transport stream (TS) is a packet stream for multiplexing and transmitting a program for a plurality of channels composed of a plurality of videos, audios, and data, and transmitting the program. It is used for transmission in the environment where the error occurs.
The main features of this transport stream (TS) are:
1) using a fixed-length TS packet of 188 bytes, 2) dividing a PES packet into a payload of the TS packet, and 3) providing a plurality of reference times. is there.

As shown in FIG. 3, the TS packet is a fixed-length packet of 188 bytes, a 4-byte fixed-length packet header (header field), and a variable-length adaptation field (adaptation).
_Field), and a payload. The presence or absence of the adaptation field and the payload is determined by adaptation control information (adaptati) in the header.
on_field_control). In addition, the adaptation field length is indicated by adaptation field size information in the adaptation field. The adaptation field is used for stuffing and the like. The PID is a packet ID for identifying a packet, and indicates a packet type such as video and audio for each channel, and indicates a type of various table information. The table information is a kind of program table showing a relationship between a program transmitted by a transport stream (TS) and a packet type of an encoded stream constituting the program. This is called program specific information (PSI). This PSI is also transmitted as a PES packet for control data divided into a plurality of TS packet payloads. Regardless of the type of PES packet, one PES packet is divided into a plurality of TS packet payloads having the same PID number.

Payload_unit_start_
The indicator bit becomes “1” when the beginning of a video or audio PES packet or the beginning of a PSI is arranged in the payload of the TS packet.

A PES packet is an encoded video and audio stream standardized by MPEG or an MPEG stream.
4A is a packetized data stream of a variable length other than the data stream other than the data stream standardized in FIG.
As shown in (b), in each of the control PES packet, video and audio PES packets, prefix information, stream ID (SI
D) information and packet size information (SID) follow. As for the control PES packet, the payload (actual data DATA) is added after the packet size information (SID).
Section), but for PES packets of video, audio, or other data streams, a scrambling_cont
rol bits, header size, time stamp information (D
TS, PTS) and the like. In the present embodiment, as shown in FIG. 4C, what is to be encrypted is a fixed length of a fixed position from the beginning of the payload (actual data DATA part) of the video and audio PES packets. Data. The data to be encrypted is a PE divided into payloads of a plurality of TS packets and arranged.
The head of the S packet exists in the payload of the TS packet in which it is located.

Next, the flow of data in the system shown in FIG. 1 will be described. First, the contents of digital broadcasting are transmitted by consumer electronics (CE) using TS packets.
100. Consumer electronics (CE) 1
At 00, the TS packet extraction circuit 101 extracts a TS packet from the received broadcast data. Next, the TS sorting is performed by the packet sorting circuit 102. This packet selection is performed to classify each TS packet into an encryption target packet and a non-encryption target packet. The packet to be encrypted is a plurality of T
This is a TS packet in which the head of a PES packet divided and arranged in an S packet payload is arranged. If the received TS packet is a packet not to be encrypted, the TS packet is sent to the transmission control circuit 104 as it is. On the other hand, in the case of a packet to be encrypted, its T
The S packet is sent to the encryption circuit 103, where it is encrypted and then sent to the transmission control circuit 104. The encryption by the encryption circuit 103 is performed only on the data part of the PES packet arranged in the payload of the TS packet to be encrypted.

The transmission control circuit 104 uses a transmission medium such as IEEE 1394 to transmit data to the personal computer 200.
To transmit the TS packet. Personal computer 2
00 receives a TS packet from the transmission control circuit 201. In the personal computer 200, the PES packet extracting unit 203 separates each TS packet from the divided PEs.
The S packets are retrieved and reconstructed into PES packets by combining them. The reconstructed PES packet is sent to the MPEG decoder circuit 203.

The MPEG decoder circuit 203 has a PES
A decryption circuit 204 for decrypting a packet is provided. After the PES packet is decrypted by the decryption circuit 204, the PES packet reproduction circuit 2
05. The PES packet reproduction circuit 205 is for decoding encoded video and audio, and decodes and reproduces PES packets to output images and audio.

Next, the packet selection circuit 102, the encryption circuit 103, and the decryption circuit 204 will be described in detail. (Packet Sorting Circuit) FIG. 5 shows a procedure of a packet sorting process by the packet sorting circuit 102.

To select whether the packet is to be encrypted or not, the header and Payload of the TS packet are checked and selected according to the following procedure. First, payload_unit_start_indic in the TS packet header
The attor bit is checked, and if it is "0", it is excluded from encryption (steps S101 and S102). payload
_Unit_start_indicator bit =
The following processing is performed on “1”, that is, the TS packet in which the head of the video or audio PES packet or the head of the PSI is arranged.

"Adaptat" in the header of the TS packet
Look at ion_field_control and adapt
It is checked whether or not there is an ation_field, and if there is, the head position of the payload is recognized by referring to the adaptation field length (step S103).

Next, the first three bytes of the payload of the TS packet are checked. If the first three bytes are not "000001 (H)", they are excluded from encryption (steps S104 and S105). T
The first three bytes of the payload of the S packet are PES
Equivalent to the prefix of the packet. The prefix of a video or audio PES packet is “000001”.
(H) ", and the prefix of the PSI is any other value. Therefore, a TS packet including the head of a PES packet such as video or audio is selected here.

Thereafter, St in the header of the PES packet is used.
Check the stream_Id (SID) and program_s
stream_map, padding_stream,
private_stream_2, ECM, EMM,
If it is "program_stream_directory", it is excluded from the target (steps S106 and S10).
7). As a result, only TS packets including the head of PES packets such as video, audio, and private_stream_1 of the MPEG standard are selected as encryption targets and sent to the encryption circuit 103 (step S).
108).

On the other hand, the TS packets excluded from the target are sent to the transmission control circuit 104 as they are (step S10).
9). (Encryption Circuit) FIG. 6 shows the procedure of the encryption processing by the encryption circuit 103.

First, a TS packet to be encrypted, that is, a TS packet containing the head of a PES packet is passed by the packet selection circuit 102 (step S11).
1). Next, among the PES packets in the TS packet, the head position of the data portion excluding the PES packet header is calculated in consideration of the header length and the like, and only the fixed length of the data portion from the fixed position is encrypted. (Step S
113). Then, scra of the header of the PES packet
The mbling_control bit is modified to a value indicating that it is encrypted (step S114).

As described above, what is encrypted is a plurality of T
Since only the data at the head of the PES packet transmitted by being divided into the payload of the S packet, when reconstructing the PES packet from the TS packet, it is easy to determine which part of the reconstructed PES packet is encrypted. Can be determined. This is shown in FIG. In FIG. 7, the header of the TS packet is indicated by H, the adaptation field is indicated by A, the payload is indicated by P, and the encrypted data portion of the reconstructed PES packet is indicated by oblique lines.

That is, since encryption is generally performed in units of a fixed length block determined by an encryption algorithm to be used, the P included in the payload of the TS packet is
Depending on the length of the data portion in the ES packet, even if an attempt is made to encrypt the entire data portion, a portion that is not encrypted occurs. The length of the payload of the TS packet changes depending on the presence or absence of the adaptation field (A) and its length. For this reason, if the data portions of all the divided PES packets are encrypted, the distribution of the encrypted portion and the non-encrypted portion is different for each reconstructed PES packet, and the reconstructed PES packet is different. It is difficult to determine where the packet is encrypted.

In the present embodiment, the data of a fixed length is encrypted from the fixed position at the head of the PES packet, so that the positions of the encryption units are completely matched between the reconstructed PES packets. Becomes possible.

(PES Packet Extraction Unit) FIG. 8 shows the procedure of the PES packet extraction processing by the PES packet extraction unit 203.

The PES packet extractor 203 extracts a PES packet from each TS packet (step S12).
1) A PES packet is reconstructed by connecting the PES packet parts (S122). In the present embodiment, not the entire TS packet but only the data at the head of the PES packet is encrypted.
By referring to the header of the packet or the header of the PES packet, the TS
A PES packet can be extracted from the packet to reconstruct the PES packet. As shown in FIG. 9, the PES packet extraction unit 203 can be realized as a function of an AV reproduction control program that is software executed by the CPU of the personal computer 200. In this case, the set-top box (ST
Digital content transmitted from the electronic device 100 such as B) is transmitted as a transport stream (TS) packet on a PCI bus by a 1394 bridge connecting the IEEE 1394 serial bus and the PCI bus, and passed to an AV playback control program. It is. The AV playback control program uses the transport stream (T
S), the PES packet extracting unit 203 extracts a PES packet from a TS packet of the transport stream (TS) and reconstructs the PES packet. Although the reconstructed PES packet remains encrypted, the header of the TS packet and the header of the PES packet are not encrypted. Therefore, the AV playback control program performs processing such as rewriting the time stamp included in the header of the PES packet as necessary and reconfigures without reminding that the PES packet is encrypted. Various processing for reproduction control, such as classifying PES packets according to the type of the packets, can be performed. Then, the AV reproduction control program converts the contents in units of the reconstructed PES packets into the MPEG decoder 203 via the PCI bus.
Pass to. The PES packet sent to the MPEG decoder 203 via the PCI bus remains encrypted, so that illegal copying can be prevented.

If the MPEG decoder 203 decodes only the video and decodes the audio by another hardware or software, the PES packet is divided into video and audio by the AV reproduction control program. And sent to the corresponding decoder.

(Decryption Circuit) FIG. 10 shows a procedure of decryption processing for decryption by the decryption circuit 204. First, scrambling in the header of the PES packet
Referring to the _control bit, it is determined whether or not encryption has been performed (steps S131 and S132). If it is not encrypted, the PES packet is
The packet is sent to the packet reproducing unit 205 (step S134). On the other hand, if the PES packet has been encrypted, it is decrypted (step S133), and then the PES packet is sent to the PES packet reproducing unit 205 (step S134).

Next, a second example of the packet selection processing will be described with reference to the flowchart of FIG. Here, instead of the TS packet payload start position detection processing in step S103 of FIG.
Steps 201 and S202 are performed. That is, T
Adaptation_fie in the header of the S packet
Adaptation_f by looking at ld_control
It is determined whether or not there is an idle (step S201,
S202), a TS packet having an adaptation_field is excluded from encryption.

By excluding the one with the adaptation field from encryption, the position of the payload in the TS packet is uniquely determined. In the processing of FIG. 5, the pay
compared to having to calculate the position of load,
The circuit configuration can be simplified.

Further, as shown in FIG. 11, the sorting process according to the stream ID in steps S106 and S107 can be omitted. That is, the stream_id of the PES packet is the program_stream
m_map, padding_stream, priv
ate_stream_2, ECM, EMM, prog
The stream that is ram_stream_directory is not always transmitted, and in such a case, the encryption target may be determined without checking the stream_id. Thereby, simplification of the circuit configuration can be realized.

Next, a second example of the encryption processing will be described with reference to the flowchart of FIG. That is, first, the TS to be encrypted is
T, which contains the beginning of the packet, ie the PES packet
The S packet is passed (step S211). Then
From the header of the PES packet in this TS packet, 19
The fixed-length data after the byte is encrypted (step S2
12). Then, the scr of the header of the PES packet
The bling_control bit is modified to a value indicating that it has been encrypted (step S213).

As shown in FIG. 4, a header option including type stamp information is added to a PES packet such as video and audio in addition to a fixed-length header. In most cases, it is within 19 bytes of the fixed length header. Therefore, after the 19th byte of the header of the PES packet, that is, 19 bytes from the beginning of the payload of the TS packet.
By encrypting the data after the byte, only the data part below the header information can be easily calculated without calculating the data start position of the PES packet in consideration of the header size of the TS packet and the header size of the variable length packet. Can be encrypted.

Next, the personal computer 20 shown in FIG.
An example of a specific configuration of 0 will be described. FIG. 13 shows a system configuration of a personal computer (hereinafter, referred to as a PC). The PC 11 is equivalent to the personal computer 200 shown in FIG.
External consumer electronics (CE), such as a set-top box (STB) 12, a digital video camera or DV camcorder (DVC) 13, and a digital video cassette recorder (D-VCR) 14 via a 394 serial bus, as shown. It is configured to be able to communicate with.

A set-top box (STB) 12, a digital video camera (DVC) 13, and a digital video cassette recorder (D-VCR) 14 interface with the IEEE 1394 serial bus 200 to support the IEEE 1394 copy protection technology. An authentication processing unit (Authenticator) 12 for performing device authentication, key exchange, etc.
1, 131, 141. Set-top box (STB) 12 and digital video cassette recorder (D-VCR) 1 for transmitting and receiving digital contents
For No. 4, encryption / decryption units (De- / Cipher) 122 and 142 having both encryption and decryption functions are provided. The digital video camera (DVC) 13 that only transmits digital contents is provided with only an encryption unit (Cipher) 132. The encryption unit (Cipher) includes the above-described packet selection function and encryption function.

PC 11, set-top box (ST
B) 12, a digital video camera (DVC) 13, and a digital video cassette recorder (D-VCR) 14
Digital contents exchanged between them are transferred on the IEEE 1394 serial bus in a state of being encrypted by the method of the present invention.

The PC 11 is connected to the PCI bus 1 as shown in FIG.
00 and a plurality of functional modules connected thereto. Among these functional modules, functional modules for handling digital contents, that is, a CPU module 111, a tuner 113 for satellite or digital TV, an MPEG2 decoder 115, a DVD-R
As for the AM drive 116, an authentication processing unit (Authenticator) 111 for performing device authentication and key exchange is provided in an interface unit with the PCI bus 100.
1, 1131, 1151, 1161 are provided.
Each of these authentication processing units (Authenticator) 1
Basically, the functions of 111, 1131, 1151, and 1161 are basically the same as the set-top box (STB) 12 and the digital video camera (DVC) 1 which are 1394 devices.
3, and a digital video cassette recorder (D-VC
R) It is the same as that of 14, and performs authentication and key exchange necessary for encrypting and transmitting digital contents.

The interfaces of the CPU module 111, tuner 113, and MPEG2 decoder 115 are further provided with encrypted content (en
A decryption unit (De-ciphe) that performs decryption processing for decrypting encrypted content (Decrypted content).
r) or an encryption unit (Cipher). Whether to have an encryption unit, a decryption unit, or both depends on the function of each functional module. Here, for the tuner 113, the encryption unit (C
ipher) 1132 is provided, and the CPU module 1
11 and the MPEG2 decoder 115 are provided with decoding units (De-cipher) 1112 and 1152. The function of each encryption unit and decryption unit is the same as that described with reference to FIG. Also,
The MPEG2 decoder 115 corresponds to the MPEG decoder circuit 203 in FIG.

The CPU module 111 includes a microprocessor, a memory controller, a PCI bus bridge, and the like. The authentication unit 1111 and the decryption unit 1112 can be incorporated as a part of a PCI bus bridge, for example. Also, the CPU module 111
Authentication unit 1111, decryption unit 1112, MPEG2
The decoder unit 1113 may be realized by software.

The DVD-RAM drive 116 is a PC 11
And is connected to the PCI bus 100 via an IDE interface or an ATAPI interface or the like. DVD-RAM
The drive 116 has only an authentication processing unit 1161, and includes a decryption unit (De-cipher) and an encryption unit (Ciphe).
r) is not provided. DVD-RAM1 with the encrypted digital contents encrypted
16 for recording.

The PC 11 further includes a PCI bus and an IE.
139 for bidirectional connection between EE1394 serial buses
Four bridges 117 are provided. The 1394 bridge 117 is not provided with any authentication processing section, encryption section, and decryption section, and the encrypted digital content is transmitted from the PCI bus to the IEEE 139 in an encrypted state.
4 to the serial bus and from the IEEE 1394 serial bus to the PCI bus. As described above, the 1394 bridge 117 is connected to the functional module in the PC 11 and the 139 bridge.
Transparent connection between 4 devices.

As described above, the authentication processing unit and the encryption / decryption unit are provided in the interface unit of each of the plurality of function modules that handle digital contents, and copy protection is performed between the function modules or between the function module and the 1394 device. A process of performing authentication processing between these devices when transferring digital content, and confirming that the devices are mutually valid, encrypting and transmitting the digital content, and decrypting and reproducing the digital content. IEEE13
In both the 94 bus and the PCI bus, the key for decryption and the digital content are transferred while being encrypted, so that illegal copying of the digital content can be prevented.

FIG. 14 shows the relationship between software and hardware in the system shown in FIG. In FIG. 14, software is above the one-dot chain line and hardware is below. Blocks with thick frames, which are hierarchically arranged in the vertical direction, are hardware modules such as functional modules in the PC 11 or 1394 devices.

The Authenticator handler is:
In response to a request from an application program such as digital content reproduction software, control for authentication processing and key exchange with necessary hardware devices is performed. As described above, the 1394 bridge 117 is a PC
Since each functional module in the PC 11 is transparently connected to the 1394 device, one functional module in the PC 11 is connected to the 1394 device.
By implementing the same authentication and encryption / decryption protocols as the 394 device, as shown by the dotted line, the application program can equalize each functional module in the PC 11 and the 1394 device without distinguishing them. Can be handled.

Note that, for each TS packet in which the head of the PES packet is located, the PE included in the TS packet is included.
Digital content is created in advance by a transport stream obtained by the encryption method of the present invention in which the data portion in the S packet is encrypted and transmitted.
It can be stored in a computer-readable recording medium and distributed.

[0058]

As described above, according to the present invention,
PES packets can be extracted from TS packets without decrypting them, and digital contents can be transmitted in encrypted form not only on the 1394 bus connecting computers and electronic devices, but also on the computer bus. It is possible to do. Furthermore, since only the data at the head of the PES packet, not the entire TS packet, is encrypted, information such as the time stamp included in the header of the PES packet can be referred to, and the content can be reproduced without decrypting it. Various control processes can be easily performed.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an entire digital content transmission system according to an embodiment of the present invention.

FIG. 2 is a view showing a relationship between a PES packet and a TS packet used in the system of FIG. 1;

FIG. 3 is a view showing the structure of a TS packet used in the system of FIG. 1;

FIG. 4 is a view showing the structure of a PES packet used in the system of FIG. 1;

FIG. 5 is an exemplary flowchart illustrating the procedure of a packet selection process applied to the system of the embodiment.

FIG. 6 is an exemplary flowchart illustrating the procedure of a packet encryption process applied to the system of the embodiment.

FIG. 7 is an exemplary view showing how a PES packet is reconfigured in the system according to the embodiment;

FIG. 8 is an exemplary flowchart showing the procedure of PES packet extraction processing applied to the system of the embodiment.

FIG. 9 is an exemplary view showing a state of a PES packet extracting operation in the system of the embodiment.

FIG. 10 is an exemplary flowchart showing the procedure of a decoding process applied to the system of the embodiment.

FIG. 11 is an exemplary flowchart illustrating a second example of a packet selection process applied to the system of the embodiment.

FIG. 12 is an exemplary flowchart illustrating a second example of encryption processing applied to the system of the embodiment.

FIG. 13 is an exemplary view showing an example of a specific configuration of a personal computer used in the embodiment.

FIG. 14 is a view showing the relationship between software and hardware in the system shown in FIG. 13;

[Explanation of symbols]

 REFERENCE SIGNS LIST 100 CE (set-top box, tuner, etc.) 101 TS packet extraction circuit 102 packet selection circuit 103 encryption circuit 104 transmission control circuit 200 personal computer 201 transmission control circuit 202 PES packet extraction unit 203 MPEG Decoder circuit 204 ... Decoding circuit 205 ... PES packet reproduction circuit

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁶ Identification code FI H04L 12/56 H04L 11/20 102A

Claims (11)

[Claims] 1. A video and audio encoded stream is packetized with a variable length, the variable length packets are divided and arranged in a payload of a plurality of fixed-length transmission packets. And an encoded audio stream used in a system for multiplexing and transmitting a coded stream of audio into a single packet stream composed of the fixed-length transmission packets, the encoding method comprising: With reference to the header of each transmission packet, whether or not the data arranged in the payload of the transmission packet is the head of the variable length packet divided and accommodated in the fixed length transmission packet. If it is the first part of the variable length packet, the remaining data part except the header included in the variable length packet is identified. Encrypts, the head portion for each disposed transmission packet of variable-length packets, encryption method and transmits encrypted data portion in the variable-length packet included in the transmission packet. 2. The variable length packet is an MPEG PES.
The transmission packet is an MPEG TS.
2. The encryption method according to claim 1, wherein the encryption method is a packet. 3. When the data arranged in the payload of the transmission packet is the head of a variable length packet divided and arranged in the payload of the plurality of transmission packets, 3. The encryption method according to claim 1, wherein data of a fixed length is encrypted from a fixed position. 4. A header of the variable-length packet includes a stream ID indicating a type of an encoded stream to which the variable-length packet belongs, and the data arranged in a payload of the transmission packet includes: When the header is a variable length packet that is divided into a plurality of transmission packet payloads, the stream ID of the header included in the variable length packet is referred to to determine the encoded stream to which the variable length packet belongs. 3. The method according to claim 1, wherein a type is determined, and only a data part in a variable length packet belonging to a specific encoded stream is encrypted.
Or the encryption method according to 3. 5. The variable-length packet header includes scramble control information indicating whether or not the data portion of the variable-length packet is encrypted, and encrypts the data portion of the variable-length packet. 4. The encryption method according to claim 1, wherein the scramble control information of the variable length packet is updated when the encryption is performed. 6. The packet stream further includes table information indicating a relationship between a program transmitted by the packet stream and a coded stream constituting the program. It is multiplexed as one of the information that is divided into payloads and transmitted. The header of each transmission packet in the packet stream to be transmitted includes the payload of the transmission packet,
An identifier indicating that any one of a head portion of the variable length packet arranged in the payload of the plurality of transmission packets and the head portion of the table information is arranged; When a transmission packet having
The first three bytes of the payload in the transmission packet are checked, and the first three bytes of the payload in the transmission packet are arranged in the payload of the transmission packet based on whether or not the first three bytes have a predetermined bit pattern. 2. The method according to claim 1, wherein the data is a header of a variable-length packet divided into payloads of the plurality of transmission packets and a header of the table information. 4. The encryption method according to 2 or 3. 7. The transmission packet may include a variable-length adaptation field in addition to a header and a payload, and data arranged in the transmission packet payload may be included in the plurality of transmission packet payloads. When it is the head of the variable length packet that is divided and arranged, it is determined whether the adaptation field is present in the transmission packet, and the transmission packet having the adaptation field is excluded from the encryption target. The encryption method according to claim 1, 2 or 3, wherein 8. When the data arranged in the payload of the transmission packet is a head of a variable length packet divided and arranged in the payloads of the plurality of transmission packets, the payload of the transmission packet is 4. The encryption method according to claim 1, wherein data after a predetermined data length predetermined from the beginning is encrypted. 9. The video and audio encoded streams are packetized into variable-length packets, and the variable-length packets are divided and placed in payloads of a plurality of fixed-length transmission packets. And a multiplexed audio coded stream into a single packet stream composed of the fixed-length transmission packets, and transmitting the multiplexed audio stream. With reference to the header of each transmission packet, whether or not the data arranged in the payload of the transmission packet is the head of the variable length packet divided and accommodated in the fixed length transmission packet. Means for identifying whether or not the header of the variable-length packet is the remaining portion excluding the header included in the variable-length packet. Means for encrypting the data part, and for each transmission packet in which the head of the variable length packet is arranged, encrypting and transmitting the data part in the variable length packet included in the transmission packet. Encryption device. 10. A video and audio coded stream is packetized with a variable length, and the variable length packets are divided and arranged in the payload of a plurality of fixed length transmission packets. A recording medium on which a packet stream is recorded, wherein the packet stream includes, for each transmission packet in which a head of a variable length packet is arranged, a data portion in the variable length packet included in the transmission packet. A recording medium characterized by being encrypted. 11. A video and audio encoded stream is packetized with a variable length, and the variable length packets are divided and arranged in the payload of a plurality of fixed length transmission packets. In a digital content reproducing apparatus for reproducing digital content transmitted by a packet stream, the packet stream is, for each transmission packet in which a head of the variable length packet is arranged, a variable length packet included in the transmission packet. Wherein the data portion within is encrypted, an internal bus, means for receiving the packet stream transmitted from the outside via an external bus, and outputting the packet stream on the internal bus; and A digital device for receiving and decoding the variable length packet and reproducing the digital content. Digital content decoding means having means for decoding encrypted variable-length packet data and decrypting the data, and a CPU connected to the internal bus, The digital content reproduction control program executed by the CPU reconstructs a variable-length packet from a packet for transmission of a packet stream received via the internal bus, thereby converting the digital content into variable-length packet units. A digital content reproducing apparatus for transmitting the digital content to the digital content decoding means via a bus.