KR20110025567A - A method for processing a digital content and a digital broadcast receiving system - Google Patents

Abstract

PURPOSE: A method for processing digital contents and a digital broadcast receiving system are provided to enhance the efficiency of a system by omitting a verification procedure for the contents downloaded from a host. CONSTITUTION: A reception unit receives contents, and a demodulation unit transfers the contents within a demodulated broadcasting signal to a module connected to a host. A content processing unit(308) receives the contents transferred from a security channel and releases a secure control operation. A demultiplexing unit(303) receives and demultiplexes the digital broadcasting signal for which the secure control operation is released. A decoder(304) decodes the contents within the demultiplexed digital broadcasting signal, and a display unit(305) displays the decoded contents.

Description

Digital content processing method and digital broadcasting reception system {A METHOD FOR PROCESSING A DIGITAL CONTENT AND A DIGITAL BROADCAST RECEIVING SYSTEM}

The present invention relates to a digital content processing method and a digital broadcast receiving system, and more particularly, to a method for securely downloading and processing arbitrary content from a host and a digital broadcast receiving system including the host.

With the advent of the digital broadcasting era, the amount of contents has explosively increased compared to the analog broadcasting era, and the interest in protecting such digital contents is also increasing.

Conventionally, digital watermarking technology has been mainly used as a method of protecting digital content. Digital watermarking, however, is mainly used for copyright protection, counterfeit or forgery, and illegal copy tracking of the contents.

However, in the related art, such a content is also transmitted through a general data channel which is not guaranteed to be secured, and thus the frequency of exposure to the outside is high and the target of the attack is high. Therefore, there was an inconvenience in that the receiving side should verify the content even if it is received.

In order to solve the above problems, in order to increase security functions such as authentication, it was necessary to support additional hardware such as a plug-in. However, this not only counters the trend of digital devices that are becoming smaller and simpler, but also causes cost burden and system efficiency.

In particular, in the case of Pay TV, when the content used is related to billing and requires original protection against copying or illegal use of the content, if the content is not properly protected, a copyright related issue, There is a problem of serious economic damage to broadcasting companies and receiver manufacturers, such as billing-related problems.

In order to solve the above problems, an object of the present invention is to provide a method for processing digital content and a digital broadcast receiving system.

Another object of the present invention is to enable secure download of content from a host through secure control.

Another object of the present invention is to increase the efficiency of the system by omitting the verification process for the content downloaded from the host by way of the security channel through the security control so that it can be safely downloaded from the host as described above.

Another object of the present invention is to provide a method for safely downloading content from a host by simply upgrading software without supporting additional hardware.

Another object of the present invention is to enable the sender to control billing and content by safely downloading content from a host.

The present invention relates to a digital content processing method and a digital broadcast receiving system. According to the present invention, an example of a method for downloading and processing arbitrary content from a module connected to a host includes: transmitting the received content to a module; Mutually authenticating with the module; Downloading content through a security channel formed through secure control in the authenticated module; And releasing the secure control of the downloaded content and processing the corresponding content.

In this case, downloading the content through the security channel formed through the security control in the authenticated module may include generating random numbers and extracting identifier information of the module and the host, respectively; Exchanging each of the generated random numbers and the extracted identifier information; And generating an encryption key according to a predefined encryption algorithm based on each of the exchanged random numbers and identifier information.

The downloading of content through a security channel formed through secure control in the authenticated module may include: receiving a synchronization signal from the module; The synchronization may be further performed according to the received synchronization signal.

The module may receive the arbitrary content from the host and encrypt the received arbitrary content using the generated encryption key.

The module may include a reception restriction module and a smart card operating as a pair.

In addition, the smart card may store a key value for the descrambling and the details that the user purchased from the providers of the arbitrary content.

The module may transmit whether the authentication of the host is successful to the host in the form of a message.

In addition, the host may synchronize with the received message when it is confirmed that the mutual authentication is successful based on the message transmitted from the module.

In another aspect of the present invention, an example of a digital broadcast receiving system includes transmitting content received through a secure channel to a module, and securely controlling the content in a module authenticated through mutual authentication with the module. A host for downloading the content, releasing secure control on the downloaded content, and processing the corresponding content; And a module for receiving arbitrary content from the host, mutually authenticating with the host, and controlling the content so that only the authorized host can process the content to form a security channel through which the content is delivered.

At this time, the host, the receiving unit for receiving the arbitrary content; A demodulator for demodulating the received broadcast signal and transmitting content in the demodulated broadcast signal to the module; A content processing unit which receives the content delivered through the security channel formed by the security control from the module and releases the security control; A demultiplexer configured to receive and demultiplex the secure control-released digital broadcast signal; A decoder for decoding content in the demultiplexed digital broadcast signal; And a display unit for displaying the decoded content.

The module may further include: a reception restriction module configured to receive arbitrary content from the host and descramble a scrambled digital broadcast signal; A smart card transferring a key value for the descramble; A user authentication unit generating an encryption key value for the secure control and authenticating a user; And a secure control unit configured to secure control of the descrambled content to the authenticated host.

In addition, the module and the host may generate random numbers, extract their identifier information, and exchange them with each other.

The module and the host may generate an encryption key value according to a predefined encryption algorithm based on the exchanged random number and identifier information.

The module and the host may exchange the generated encryption key values with each other, and determine whether the exchanged encryption key values coincide with each other.

When the exchanged encryption key values coincide with each other, the module may determine the host as a legitimate user and transmit a synchronization signal to the host in the form of a message.

The host may synchronize in response to the synchronization signal when the encryption key values received from the module coincide with the key values generated by the host.

According to the method and the digital broadcasting reception system for processing digital content according to the present invention,

First, secure control has the effect of downloading content securely from the host.

Second, it is possible to omit the verification process for the content downloaded from the host to increase the efficiency of the system.

Third, there is an effect that the content can be safely downloaded from the host by simple software upgrade without additional hardware support.

Fourth, there is an effect that the transmitter can control the charging and the content by safely downloading the content from the host.

The terms used in the present invention have been selected as general terms widely used as possible in consideration of the functions in the present invention, but may vary according to the intention or custom of a person skilled in the art or the emergence of a new technology. In addition, in certain cases, there is also a term arbitrarily selected by the applicant, in which case the meaning will be described in detail in the description of the invention. Therefore, the terms used in the present invention should be defined based on the meanings of the terms and the contents throughout the present invention, rather than the names of the simple terms.

Definition of terms used in this specification

As used herein, the term "security control" refers to a series of processes for securely transmitting and receiving content between an authenticated host and a security module, and a detailed description thereof will be described in detail in the relevant part. And omit it here.

In the present specification, the term "security channel" refers to a channel through which data is transmitted. In general, the term "security channel" adopts the concept of a channel, and does not mean a physical channel. It refers to the concept of software channels formed through secure control.

Hereinafter, a digital content processing method and a digital broadcast reception system according to the present invention will be described in detail with reference to the accompanying drawings.

In the present specification, a method of securely downloading and processing arbitrary contents from a host of a digital broadcasting reception system will be described.

Digital broadcasting system

1 is a conceptual diagram illustrating an example of a digital broadcasting system according to the present invention.

Referring to FIG. 1, the digital broadcasting system includes a contents provider 10, a service provider 20, a network provider 30, and a customer 40. .

The content provider 10 produces content and delivers the produced content to the service provider 20.

The service provider 20 provides an environment for service of content provided from the content provider 10. Here, the service provider 20 may be, for example, a TV station, a radio station, and the like.

The network provider 30 provides a network environment therefor as a medium for connecting the service provider 20 as a transmitting end for serving the content and the consumer 40 as a receiving end for consuming the content.

In the above, the service provider 20 may overlap with the content provider 10 by directly providing content, and may also overlap with the network provider 30 by providing a network environment.

The consumer 40 is an area for consuming serviced content. Such a consumer 40 may be, for example, a digital broadcast receiving system.

In the present specification, the digital broadcast reception system includes, for example, a set-top box and a host. In addition, the set-top box or host can be attached to a variety of modules to perform a specific function.

In the following specification, for convenience of description, the host will be described by using a digital television receiver as an example, and the module will be described by using a conditional access module (CAM) as an example.

The concept of a process in which arbitrary content is produced, serviced, and consumed is briefly explained.

As mentioned above, it has conventionally been the use of digital watermarking techniques to protect content. However, even with this method, if security is not ensured in a specific path through which the content is delivered, the frequency of exposure of the content becomes high, which may be an attack from the outside, which may affect the reliability of the content.

Although digital watermarking technology can be used to sanction afterwards, the protection of the original content itself is insufficient, and the creator's willingness to create content can be defeated, and there is much room for dispute regarding copyright. As a result, many problems caused by the contents production and consumption process may be inconvenient for both the transmitter and the receiver.

Therefore, the present invention is intended to solve the problem of content protection caused by the above problems. Hereinafter, the present invention will be described in more detail.

First, a digital broadcasting system constructed according to the present invention will be described.

2 is a block diagram illustrating a digital broadcast system constructed in accordance with an embodiment of the present invention.

Referring to FIG. 2, a digital broadcasting system is largely divided into a transmitter and a receiver. The transmitter 200 includes a content provider 210 and a service provider 220, and the receiver 250 includes a host 260 and a module 270.

Here, the transmitting end may serve content through various media such as terrestrial, cable, satellite, and Internet Protocol (IP). In addition, the receiving end may further include at least one other device 280 capable of receiving content output from the host in addition to the host and the module. However, hereinafter, the content is used to mean a digital broadcast signal including the content for convenience of description.

The headend 220 transmits the content provided from the content provider 210 to the host 260 of the receiving end. At this time, the headend 220 may be scrambling to the host 260 to restrict the reception of the content.

The host 260 delivers the received content to the detached module 170, and the module 270 securely controls the delivered content according to the present invention, and the secure controlled content is again hosted by the host. Is passed to 260. In this specification, the term security channel is used when secure control content is delivered to distinguish the case where the content that is not secure control is transmitted to the host through the general data channel. However, as described above, the security channel does not mean a physical data channel, but means a case where the corresponding content is secure controlled in the process of delivering the content as described above. However, a more detailed description of the secure control will be described later.

The host 260 processes the content delivered through the security channel and provides the same to a user.

2 has briefly described a digital broadcasting system. However, the present invention mainly relates to a process of delivering content between the host 260 and the module 270 constituting the receiving end. Hereinafter, a method for safely downloading any content from a module according to the present invention and a module; The digital broadcast reception system will be described.

Digital broadcast receiving system

3 is an example of a block diagram of a digital broadcast reception system constructed in accordance with the present invention.

In FIG. 3, only components necessary for the present invention are illustrated and other components are not shown, but may be further included with reference to a general configuration of a digital television receiver.

Referring to FIG. 3, the receiving system is largely divided into a host 260 and a security module 270.

The host 260 includes a tuner unit 301, a demodulator 302, a demultiplexer 303, an A / V decoder 304, and a display unit. display unit 305, storage unit 306, user interface (UI) processing unit 307, and content processing unit 308.

The security module 270 includes a smart card / CAM 311 and a smart card 312 operating as a pair, a user authentication unit 313, and a secure control unit ( 314 and a secure processing unit 315.

The tuner 301 tunes a specific channel and receives a digital broadcast signal including arbitrary content and signaling information thereof from the headend 220. In this case, the received digital broadcast signal may be, for example, scrambled to limit reception at the head end 220.

The demodulator 302 demodulates the digital broadcast signal received through the channel tuned by the tuner 301, and transmits the demodulated digital broadcast signal to the security module 270. Here, the demodulator 302 demodulates corresponding to the modulation scheme of the received digital broadcast signal. In addition, the demodulator 302 bypasses the demodulated digital broadcast signal without transmitting the demodulated digital broadcast signal to the security module in the case of a general broadcast signal, that is, when the processing of the security module 270 is not necessary. can be bypassed).

Next, a process of forming a security channel through the security control between the host 260 and the security module 270 will be described. In order to form the security channel, user authentication must first be performed between the host 260 and the security module 270. However, when the digital broadcast signal received from the host 260 is scrambled, the security module 270 may perform descrambling using the smart card 312 simultaneously or separately from the user authentication procedure. have.

The smart card 312 may store a key value for descrambling or details of a user purchasing content from a content provider.

When the CAM 311 determines that the digital broadcast signal received through the host 260 has been scrambled, for example, by the headend 220 to restrict reception, a key value for descrambling to the smart card 312 is performed. And request information for user authentication.

The smart card 312 extracts and transmits a key value for pre-stored descramble according to a request of the CAM 311, and the CAM 311 is based on a key value for descrambling transmitted from the smart card 312. And descrambles the received digital broadcast signal.

As described above, the user authentication procedure may be performed simultaneously with the descrambling procedure based on the information of the smart card 312. Alternatively, the user authentication procedure may be included in the secure control process for the content.

First, the host 260 and the CAM 270 generate random numbers and extract their identifier information (Host ID, Module ID), respectively. The generated random number and a message including identifier information (Host ID, Module ID) are exchanged with each other.

The host 260 and the module 270 generate encryption keys using predetermined encryption algorithms based on the random number and identifier information exchanged with each other. Here, the predetermined encryption algorithm may be, for example, a hash algorithm. However, the present invention is not limited thereto.

Host 260 and module 270 exchange the generated encryption keys with each other. The encryption keys thus exchanged can authenticate each other by comparing with the encryption key generated by each of them. For example, if the encryption key of the host 260 received through the exchange process and the encryption key generated based on the random number and identifier information received from the host match, the module 270 is a legitimate user. Judging by

Therefore, as described above, when the encryption key received from the host 260 and the encryption key generated by the module match as described above, the module 270 determines the host as a legitimate user and processes only the host to transmit content. Secure control to do so. In other words, the module 270 encrypts the descrambled digital broadcast signal using the generated encryption key and transmits the descrambled digital broadcast signal to the host.

If the host is determined to be a legitimate user as a result of performing the above-described authentication procedure, and the user authentication is successful, the module 270 transmits a synchronization signal for synchronization with the host, and the host 260 synchronizes the synchronization. Synchronize with each other by sending an ack signal to the signal.

As described above, after synchronizing between the host 260 and the module 270, a software security channel according to the present invention is formed.

This series of processes is referred to herein as the term secure control. In addition, as described above, the security channel does not mean a physical channel, but rather means a software process so that only the right user can process the content through secure control. The term channel is borrowed.

When the content processing unit 308 of the host 260 receives the content that is securely controlled and transmitted from the module 270 through the security channel as described above, the content processing unit 308 processes the content that is securely controlled using the encryption key provided by the host 260. You can do it.

The demultiplexer 303 receives and demultiplexes the broadcast signal released by the content processing unit 308. Here, the demultiplexed digital broadcast signal may include, for example, audio and video data related to arbitrary content and signaling information related to reproduction of the audio and video data. The demultiplexer 303 may process the control of the signaling information processing unit (not shown) for the processing of the signaling information and the control of the content processing unit 308 for the processing of the audio and video data. The demultiplexer 303 transmits the demultiplexed audio data and video data to the A / V decoder 304 or the storage 305 under the control of the content processor 308.

The signaling information processing unit (not shown) receives and decodes the demultiplexed signaling information. The signaling information processing unit (not shown) may temporarily store the decoded signaling information in the storage unit 306 and may be used when reproducing related audio data and video data.

The A / V decoder 304 receives and decodes the A / V signal in the demultiplexed broadcast signal by the demultiplexer 303, outputs the signal after being stored in the storage 306 or immediately displays the display 305. Can be output via

The UI processing unit 307 may receive an input of an external user or the like and communicate with the content processing unit 308 and other building blocks corresponding to a request of the input user.

The system decoder (not shown) not only controls each component in the system, such as the tuner 301, the A / V decoder 304, and the content processor 308, but also participates in the overall control of the system.

The display unit 305 outputs audio data and video data decoded and output by the A / V decoder 304 respectively or in sync.

Digital on host Content  How to deal

According to the present invention, a method of processing digital content in a host includes a descrambling step, a user authentication step, a security channel forming step, and a process of downloading and processing content through the generated secure channel at the host. However, the order in each step may be processed by changing the temporal aftermath in some cases, and the temporal aftermath relation is not necessarily fixed according to the above-described order.

4 is a flowchart illustrating a method of downloading and processing arbitrary content according to the present invention.

Referring to FIG. 4, in order to receive and process desired digital content from a host, the host must first receive user authentication from a module. In this case, when the received broadcast signal is scrambled, the module may perform descrambling using information of the smart card.

The module determines whether the host is a legitimate user to determine whether to perform secure control on the received content. To do this, the user authentication procedure for the host is performed. That is, the module requests information related to user authentication to the smart card to determine whether the host is a legitimate user (S401), and receives the requested information from the smart card to determine whether the host is a legitimate user (S402).

If the user authentication fails as a result of the step S402 determination, the information on the CAM and the smart card of the module is displayed through the UI, etc. together with the authentication failure result (S403). The host may perform the user authentication procedure by re-collecting information on user authentication based on the indication.

If the host determines that the host is legitimately qualified as a result of the step S402, and the user authentication is successful through the communication with the module, the module secure control process to secure the stability of the download path of the broadcast signal received from the host. Do this.

That is, the host and the module generate random numbers for secure control, respectively (S404), and interchange with each other along with the generated random numbers (S405).

The host and the module generate encryption keys for secure control, respectively, based on the interchanged random number and the identifier.

Thereafter, when the host verifies the encryption key generated and transmitted by the module and successfully verifies the encryption key generated and transmitted by the host in the module, the host checks the synchronization with respect to the synchronization signal for synchronization (S406). In this case, if the verification of the encryption key fails as a result of the determination, information for secure control may be displayed through the UI (S407).

The module controls the broadcast signal to be transmitted to the host according to the encryption key generated after step S405, thereby forming a secure channel. Thereafter, in step S406, if the verification of the encryption key transmitted from the module is successful, the synchronization signal is returned, and a broadcast signal transmitted through the secure channel is received according to the synchronization signal.

Thereafter, the host determines whether to release secure control with respect to the broadcast signal that has been securely controlled (S408).

If it is determined in step S408 that the security control is not released, whether or not the corresponding content is processed is displayed on the UI to inform the user (S409).

However, if it is determined in step S408 that the security control is released, the content processing unit 308 processes the content, performs AV processing, and processes the associated UI (S410), and outputs the processed content (S411).

As described above, the present invention has been described by way of limited embodiments and drawings, but the present invention is not limited to the above-described embodiments, which can be variously modified and modified by those skilled in the art to which the present invention pertains. Modifications are possible. Accordingly, the spirit of the present invention should be understood only by the claims set forth below, and all equivalent or equivalent modifications thereof will belong to the scope of the present invention.

1 is a conceptual diagram illustrating an example of a digital broadcasting system according to the present invention;

2 is a block diagram of a digital broadcast system constructed in accordance with an embodiment of the present invention;

3 is a block diagram of a digital broadcast reception system constructed in accordance with the present invention; and

4 is a flowchart illustrating a method of downloading and processing arbitrary content according to the present invention.

Claims (16)

In the method for downloading and processing arbitrary content from the module connected in the host, Transmitting the received content to the module; Mutually authenticating with the module; Downloading content through a security channel formed through secure control in the authenticated module; And And releasing secure control of the downloaded content and processing the corresponding content. The method of claim 1, The downloading of content through a security channel formed through secure control in the authenticated module may include: Generating random numbers in the module and the host and extracting their identifier information; Exchanging each of the generated random numbers and the extracted identifier information; And generating an encryption key according to a predefined encryption algorithm based on each of the exchanged random numbers and identifier information. The method of claim 2, The downloading of content through a security channel formed through secure control in the authenticated module may include: Receiving a synchronization signal from the module; And synchronizing according to the received sync signal. The method of claim 3, The module, Receive the arbitrary content from the host, And processing any content at the host encrypting the received arbitrary content using the generated encryption key. The method of claim 3, The module is a method for processing any content in a host including a smart card and a reception restriction module operating as a pair. The method of claim 5, The smart card, A method for processing arbitrary content at a host that stores a user's purchases from providers of the arbitrary content and key values for descrambling. The method of claim 3, The module, A method for downloading arbitrary content from a host that transmits a successful authentication of the host to the host in the form of a message. The method of claim 7, wherein The host, If the mutual authentication success is confirmed based on the message transmitted from the module, and downloads arbitrary content from the host that synchronizes in response to the received message. In a digital broadcast receiving system, Sends any received content to the module, downloads the content through a security channel formed by secure control in an authenticated module through mutual authentication with the module, and releases secure control on the downloaded content. A host for processing content; And a module configured to receive arbitrary content from the host, mutually authenticate with the host, and securely control the content so that only the authorized host can process the content to form a security channel through which the content is delivered. 10. The method of claim 9, The host, Receiving unit for receiving the arbitrary content; A demodulator for demodulating the received broadcast signal and transmitting content in the demodulated broadcast signal to the module; A content processing unit which receives the content delivered through the security channel formed by the security control from the module and releases the security control; A demultiplexer configured to receive and demultiplex the secure control-released digital broadcast signal; A decoder for decoding content in the demultiplexed digital broadcast signal; And And a display unit for displaying the decoded content. 10. The method of claim 9, The module, A reception restriction module for receiving arbitrary content from the host and descrambled scrambled digital broadcast signal; A smart card transferring a key value for the descramble; A user authentication unit generating an encryption key value for the secure control and authenticating a user; And And a secure controller configured to secure the descrambled content to the authenticated host. 10. The method of claim 9, The module and host, A digital broadcasting reception system for generating random numbers and exchanging their identifier information with each other. The method of claim 12, The module and host, And generating an encryption key value according to a predefined encryption algorithm based on the exchanged random number and identifier information. The method of claim 13, The module and host, And exchanging the generated encryption key values, and determining whether the exchanged encryption key values match each other. The method of claim 14, The module, And if the exchanged encryption key values coincide with each other, determining the host as a legitimate user and transmitting a synchronization signal to the host in the form of a message. The method of claim 15, The host, And if the encryption key value received from the module coincides with the key value generated by the module, synchronizing in response to the synchronization signal.

Images