JP2001054092A - Receiver for limited audio visual broadcasting - Google Patents

Abstract

PROBLEM TO BE SOLVED: To attain the pay-per-view service of a prepaid system in an offline method for every program. SOLUTION: The broadcasting side broadcasts the scrambled contents, contract information and approval information by means of a common identifier and a common cipher key like a general system where the individual identifiers and individual cipher keys are used. When those received contents and information do not satisfy the contract conditions, a contract condition decision block 301 gives an instruction to a module function stop control block 302 to stop a scramble function.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a limited-view broadcast receiving apparatus which permits only a subscribed viewer to view a program.

[0002]

2. Description of the Related Art In paid broadcasting, contents such as video images and sounds, that is, contents of programs, are sometimes encrypted in order to prevent non-subscribers from viewing the programs. In particular, a process called scrambling is generally used in encryption.

FIG. 26 is a block diagram showing an example of the configuration, and FIG. 27 schematically shows broadcast contents. In this example, the part that interprets the viewing permission information and the viewing contract information is “a module used with the receiver”.
It is explained as being on the side.

[0004] The content 107 is scrambled by a scrambler 109 using a scramble key obtained from a scramble key database 108.

Usually, the scramble key used when scrambled is also a key for descrambling, and needs to be updated frequently to prevent decryption. Therefore, the scramble key is converted into a form 206 encrypted with an encryption key called an intermediate key, and is further broadcast as permission information 203 paired with an intermediate key designation code 205 for specifying the intermediate key used at that time.

The license information 203 is newly recreated and broadcast every time the scramble key is changed. Usually, the interval is on the order of a few seconds.

[0007] The intermediate key is distributed by receiving a database broadcast in the form of contract information 204, instead of being incorporated in each contracted receiving device in advance.

[0008] The contract information 204 is a set of an identifier 207 for each receiver and an intermediate key used for decryption of a scramble key used in a channel subscribed to by the receiver having the identifier. 208 encrypted with an individual encryption key and an intermediate key designating code 2 attached to the intermediate key.
05. For convenience, additional information 209 may be attached.

If there are a plurality of contracted channels and each channel uses a different intermediate key to encrypt the scramble key, the contract information 204 is encrypted with the intermediate key designation code 205 and the encryption key. Have a plurality of sets of intermediate keys 208. Since the broadcast of the contract information 204 is performed toward each contracted receiving device, every time the intermediate key is updated, the identifier database 114 and the encryption key database 115 are updated.
Is performed at least once for every set of encryption keys and identifiers in. The update interval of the contract information 204 is generally set to one month or more per one receiving device due to the above-mentioned restrictions.

[0010] The authorized viewer decrypts the encrypted intermediate key 208 from the contract information 204, and further decrypts the encrypted scramble key 206 using the intermediate key.
A module 105 used together with the receiver 104 and a receiver 104 that receives the broadcast, obtains the contract information 204, the license information 203, and the scrambled content 201, and descrambles using the decrypted scramble key are distributed.

Module 10 for Use with Receiver 104
In the identifier holding block 125 of No. 5, an identifier having a value that does not overlap with another module is allocated and held, and at the same time, an encryption key paired with this identifier in a one-to-one correspondence is stored in the encryption key holding block 127. Is held in. The encryption key of the encryption key holding block 127 is for decrypting the encrypted intermediate key 208.

On the receiving side, the broadcast wave is transmitted to the receiving antenna 103.
, And demodulated by the reception demodulation unit 121, and then the de-multiplexer 122 scrambles the content 201.
And the license information 203 and the contract information 204, and the scrambled content 201 is sent to the descrambler 134 to obtain the license information 203 and the contract information 204.
Is output from the receiver 104 to the module 105 used with the receiver 104 through the receiver 104 side interface 123 and the module side interface 124.

Module 10 for use with receiver 104
At 5, the contract information 204 is stored in the contract information selection block 126.
, And by looking at the identifier 207 included in the contract information 204, the contract information having an identifier that matches the identifier held by its own identifier holding block 125 is selected from a number of received contract information 204, and the intermediate information is selected therefrom. Key designation code 20
5 and the intermediate key 208 encrypted with the encryption key. The intermediate key 208 that has been encrypted with the encryption key is decrypted by the intermediate key decryption block 128 using the encryption key of the encryption key storage block 127 and stored in the intermediate key storage block 130.

The intermediate key designation code 205 is decrypted if it is encrypted, and is stored as it is in the intermediate key designation code holding block 129 if it is not encrypted.

The intermediate key and the intermediate key designating code have a long renewal period of one month, and if they are lost during this period, the scramble key cannot be decrypted. Therefore, the intermediate key holding block 130 and the intermediate key designating code holding block 129 It is composed of a non-volatile memory, for example, an EEPROM or the like.

After obtaining the intermediate key and the intermediate key designating code in this manner, the module 105 used together with the receiver 104 detects the license information 203 in the license information selection block 131 and outputs the intermediate key designating code included in the license information 203. 205
Is checked to see if there is an identical one in the intermediate key designation code holding block 129.

If there is a match, the intermediate key associated with the intermediate key designation code 205 is read from the intermediate key holding block 130, and the scramble key 206 already encrypted with the intermediate key is decrypted using the intermediate key. Decryption is performed in block 132 to obtain a scramble key, which is held in a scramble key holding block 133.

The obtained scramble key is supplied to a descrambler 134 through interfaces 124 and 123. The scramble key is kept used until the license information 203 comes again, but since the renewal period is extremely short, the scramble key holding block 133 is generally covered by a volatile storage element.

In the descrambler 134, the scrambled content 2 input from the demultiplexer 122
01 is descrambled using the scramble key input from the interface 123, and the content 107
Is restored, and this is viewed on the receiver 106.

The above method has a triple encoding step of scrambling content with a scramble key, encrypting the scramble key with an intermediate key, and encrypting the intermediate key with an encryption key.

Generally, this is called a "triple key method", and has an advantage that the frequency of sending contract contents can be reduced while improving security by frequently updating the scramble key in a short period.

[0022]

In this method, the identifier and the encryption key must always be in one-to-one correspondence, and it is required that each of them has a unique value. Further, since the identifier and the encryption key are directly related to security, they cannot be easily changed. Therefore, even though the content of the provided service is the same, it is necessary to prepare
Extra work was required to transmit the contract information individually by that number.

When rationalizing that the identifier and the encryption key are the same when the provided service is the same, the identifier and the encryption key cannot be easily changed by the above method. Is difficult to handle.

Further, if the prepaid viewing viewing contract method is to be implemented in the above-mentioned broadcasting mode, a large amount of identifiers and encryption keys must be thrown away, so that depletion of identifiers and encryption keys becomes a problem.

Further, if the identifier and the encryption key are stored in a modular component and operated in a disposable form, the information of the identifier and the encryption key remains in the disposable component even after use in the above-mentioned method. There were security concerns.

Also, in this method, when a new receiving device is purchased and viewing is started, it is necessary to make a contract procedure with the broadcasting station to recognize its own identifier and encryption key. could not.

In addition, the identifier and the encryption key are required to be unique values, and the receiver and the module used with the receiver are shipped with a
I had to write each value individually.

The configuration of the receiver and the module used together with the receiver used in this method is as shown in FIG. 17, for example. The processor 1901 also controls communication with the module 105 used together with the receiver 104, mainly focusing on the operation control of the receiver 104. Processor 1902
Controls the module 105 used with the receiver. The module 105 includes a volatile RAM 1903 and a ROM 190 together with the scramble key decryptor 132.
4, and a non-volatile RA composed of an EEPROM or the like
M1905.

Generally, the update period and broadcast frequency of an intermediate key and viewing contract information that are decrypted using an identifier and an encryption key are as long as several months and are small, so that even if the power is cut off by that time, the decrypted contents will be lost. Usually, it is stored in the non-volatile memory 1905 so that it does not exist. Therefore, there was security anxiety.

The present invention has been made in view of the above problems, and has been made in consideration of the above-described problem. It is an object of the present invention to provide a limited viewing broadcast receiving apparatus that enables a prepaid viewing contract for each offline service to coexist.

[0031] The present invention also provides a simple and quick start of provisional viewing on a channel in which a contract form for providing an individual identifier and an individual encryption key for each receiving apparatus is provided. It is an object of the present invention to provide a limited-view broadcast receiving apparatus capable of easily and safely changing a broadcast.

Further, the present invention makes it possible to increase the security and more flexibly operate a receiver used for an off-line prepaid viewing contract and a module used together with the receiver. It is an object of the present invention to provide a limited viewing broadcast receiving device that performs

[0033]

The present invention receives encrypted viewing contract information and viewing permission information transmitted from a broadcasting side,
In a conditional access receiving apparatus that performs decryption and interpretation, decrypts and scrambles (or encrypts) a broadcast content, and views the broadcast, a common identifier valid for one or more receiving apparatuses, A means for decrypting and interpreting the encrypted viewing contract information transmitted from the broadcast side using two associated common encryption keys, and a means for descrambling the scramble (or encryption) applied to the broadcast contents And means for stopping the operation of descrambling (encrypting) the broadcast content when a certain condition is satisfied.

[0034]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the limited viewing broadcast receiving apparatus according to the present invention will be described with reference to the drawings. However, portions that are the same as those described in the related art of FIG. 26 are denoted by the same reference numerals, and description thereof is omitted.

Further, in a series of embodiments described here, the explanation is made assuming that the part for interpreting the viewing permission information and the viewing contract information is on the “module used with the receiving device” side.

FIG. 1 is a block diagram showing the configuration of the first embodiment of the limited viewing broadcast receiving apparatus of the present invention.

In the first embodiment of the present invention, a broadcaster can use a common identifier and a common cipher associated with and associated with this identifier, as in a system using a general individual identifier and an individual encryption key. Broadcast the scrambled content, contract information, and license information using the key. The contents of the broadcast wave are as shown in FIG.

On the receiving side, there is a block 301 for monitoring and determining whether the current state satisfies the contract conditions. While the contract conditions are satisfied, the contract condition monitoring and determination block 301 does nothing, and the module 105 obtains the intermediate key and the intermediate key designating code assigned to the own identifier from the contract information 204 and uses them. Encrypted scramble key 2 included in license information 203
06 is decrypted to extract a scramble key, which is sent to a descrambler 134 in the receiver main body 104 to descramble the scrambled content 201 and restore the content 107.

When the contract condition is no longer satisfied, the condition is monitored by the contract condition monitoring and judgment block 301, and the module function stop control block 302
Instructs to stop the descrambling function.

Module function stop control block 302
Receives the descrambling stop command, acts on the intermediate key holding block 130 to invalidate the contents and disable the descrambling operation, and also invalidates the contents of the identifier holding block 125 and the encryption key holding block 127, Thereafter, contract information cannot be received and interpreted.

In this way, it is possible to view the scrambled broadcast only under designated conditions.

FIG. 2 is a block diagram showing a second embodiment of the limited viewing broadcast receiving apparatus of the present invention, and FIG. 3 schematically shows an example of the contents of the broadcast wave.

The intermediate key designation code holding block 402 and the intermediate key holding block 403 in the module 105 used together with the receiver 104 in FIG. 2 are different from the intermediate key designation code holding block 129 and the intermediate key holding block 130 in FIG. On the other hand, the contents are stored in a volatile storage medium that loses the stored contents when the power is turned off, and the stored contents are automatically deleted at regular intervals.

The procedure for creating the content included in the broadcast wave and the manner of broadcasting the license information are the same as in the conventional example, but the content of the contract information and the time and interval for broadcasting are different. Conventionally, the timing of sending the license information is irrelevant to the content of the program, and once the receipt of the license information is confirmed, it is not necessary to broadcast the same license information again unless the contract is changed.

In the present embodiment, the contract information is broadcast by the contents and method as described above for the identifier and the encryption key independent of each receiving device, and is set commonly to one or more receiving devices. The same identifier and the same encryption key corresponding to the same identifier are repeated at the start of the time of the target program, for each specified period during program broadcasting, and at a time that is specified by the specified period from the end of program broadcasting. Broadcast.

FIG. 3 shows this state. In this example, the part to which the identifier and the encryption key common to one or more receiving apparatuses are applied is the scrambled content 5.
02 to scrambled content 507, and the designated period for resending the contract information 509 is set to every time two packets of scrambled content are broadcast.

Therefore, the last contract information 509 is broadcast two packets before the end of the broadcast of the target program, that is, between the scrambled content 505 and the scrambled content 506, and thereafter, the contract information 509 is not broadcast.

The designated period for rebroadcasting the contract information 509 is
Instead of the scrambled content broadcast packet unit as in the present embodiment, the time may be simply designated. In this figure, as time progresses, the content is broadcast in order from the leftmost content.

Before the time of the target program, the contract information 5
09 has not been sent, so the receiving side cannot obtain the intermediate key and cannot decrypt the scramble key, so that the scrambled content 501 cannot be descrambled.

When the broadcast time of the target program comes, the contract information 509 is immediately broadcast to provide an intermediate key so that the scramble key can be decrypted. In this way, the receiving side can descramble the scrambled content 502 and the subsequent content transmitted next, and can view the broadcast.

Although it is necessary to broadcast the permission information having the structure shown in FIG. 27 in addition to the contract information, the permission information is omitted in FIG. 3 for simplification.

On the receiving side, after receiving contract information 509 for an identifier common to a plurality of modules for the first time, the contract information receiving interval monitoring block 401 monitors the interval at which the contract information 509 is received. When the contract information 509 cannot be received again after the specified interval, it is determined that the broadcast of the target program has ended and the contract has been terminated or expired, and the module function stop control block 302 is instructed to stop the descrambling function. I do.

In FIG. 3, the contract expiration condition is satisfied immediately after the scrambled content 507. At this point, the module function stop control block 302 operates to invalidate the intermediate key, so that the scramble key cannot be decrypted, and the scrambled contents 508 and thereafter cannot be descrambled again. Module function stop control block 3
02 acts not only on the intermediate key holding block 403 but also on the identifier holding block 125 and the encryption key holding block 127 to invalidate the module in order to prevent reuse of the used module on the receiving side. This is for reuse without disposable.

If power supply to the module is interrupted during broadcast reception, the contents of the intermediate key designation code holding block 402 and the intermediate key holding block 403 will be lost. After the power supply is resumed, the module 105 has received the contract information 509 in the past, so that the contract information 509 is infinite as in the first case.
Instead of waiting for a specified period, in this example, monitoring is started to determine whether only two packets of the scrambled content receive the contract information 509.

If contract information 509 is received within the designated period, the intermediate key is obtained and the descrambling operation is resumed. If not received, the contract key is regarded as expired and the identifier holding block 125 and the encryption key holding block 127 are considered together with the intermediate key. Is also disabled so that it cannot be descrambled again.

The reception interval is specified by the module 105
May be designated in advance in the contract information reception interval monitoring block 401 when manufacturing or distributing
01 contract information creation block 118
09 and additional information 209 is added and designated each time.
The contract information reception interval monitoring block 401 may interpret and apply the information.

FIG. 4 is a block diagram showing a configuration of a limited viewing broadcast receiving apparatus according to a third embodiment of the present invention. FIG. 3 shows an example of the content of the broadcast wave used in this embodiment.

Also in the third embodiment of the present invention, the contract information 509 is repeatedly broadcast at the start of the time of the target program and for each designated period during the broadcast of the program.

Until the contract information 509 is first received, the receiving side performs the same processing as in the second embodiment of the present invention.

After receiving the contract information 509 for the identifier for the first time, the receiving side monitors the number and interval of receiving contract information in the contract information receiving count / interval monitoring block 601. When the contract information 509 is received more than the number of times, it is determined that the contract has expired, and the module function stop control block 302 is instructed to stop the descrambling function.

In FIG. 3, if the number of times contract information is received that becomes a contract expiration condition is designated as “3”, if this program is viewed from the beginning, the contract broadcast between scrambled content 505 and scrambled content 506 will be described. Information 5
At the time of receiving 09, the contract expiration condition is satisfied, the module function stop control block 302 operates, and the descrambling cannot be performed again after the scrambled content 506.

When the contract information 509 cannot be received again within the designated period, the contract information reception count / interval monitoring block 601 determines whether the contract information 509 has been received the specified number of times or more. The module function stop control block 302 is instructed to invalidate only the contents of the key designation code holding block 402.

The designation of the number of times contract information is received is specified by the receiver 104.
May be specified in advance in the contract information reception count / interval monitoring block 601 when manufacturing or distributing the module 105 used together with the module 105, or the contract information creation block 118 of the broadcasting station 101 may add the additional information 209 to the contract information 509.
May be added and designated each time, and may be interpreted and applied by the contract information reception count / interval monitoring block 601 on the receiving side.

Further, in the present embodiment, the module function stop control block 302 operates immediately after receiving the contract information 509 for the identifier for the specified number of times or more.
The module function suspension control block 302 may be operated after a specified period of time after receiving the request for the specified number of times or more. This is for sure the contract information 509 over the specified number of times.
This is effective for receiving

FIG. 5 is a block diagram showing a configuration of a fourth embodiment of the limited viewing broadcast receiving apparatus according to the present invention. An example of the content of the broadcast wave used in this embodiment is shown in FIG.
And FIG.

In the fourth embodiment of the present invention, as shown in FIG. 6, the contents of the contract information take the form shown in FIG. 27 with an identification code 802 added. This is added in the contract information creation block 702 based on the contents of the identification code database 701 in the broadcast station 101 in FIG. 5 showing the fourth embodiment of the present invention. The contract information 801 further includes contract information 901 based on the content written in the identification code 802.
And contract information 902.

The contract information 901 and the contract information 902
Is broadcast at the start of the time of the target program, at specified intervals during program broadcast, and at the end of program broadcast. However,
The contract information 902 broadcast at the end of the program broadcast is different from the contract information 901 broadcast at other times.
The identification code 802 therein describes that this is contract information to be broadcast last in the target program.

FIG. 7 shows this situation. The target programs are scrambled contents 502 to scrambled contents 505.

It is necessary to broadcast permission information having the structure shown in FIG. 27 in addition to the contract information, but the permission information is omitted in FIGS. 6 and 7 for simplicity.

The receiving side performs the same processing as in the second embodiment of the present invention until the contract information 901 is first received.

On the receiving side, after first receiving the contract information 901 for the identifier, the ID code receiving and contract information receiving interval monitoring block 703 checks the ID code 802 included in the contract information received thereafter and the contract information 90
1 and 902 are monitored. When the last broadcasted contract information 902 is received and confirmed, it is determined that the contract has expired, and the module function stop control block 302
Instructs to stop the descrambling function.

In FIG. 7, since contract information 902 is broadcast immediately after scrambled content 505,
Upon receipt of this, the contract expiration condition is satisfied, the module function stop control block 302 operates, the identifier holding block 125, the encryption key holding block 127, and the intermediate key holding block 403 become invalid, and the scramble broadcast thereafter It becomes impossible to descramble after the completed content 506.

If the contract information 901 and 902 cannot be received again within the designated period, the identification code reception and contract information reception interval monitoring block 703 sets the contract information 90
Unless 2 has been received, the module function suspension control block 302 is instructed to invalidate the contents of the intermediate key holding block 403 or the intermediate key designating code block 402.

In the present embodiment, the module function stop control block 302 operates immediately after receiving the contract information 902. However, after receiving the contract information 902, the module function stop control block 302 transmits the module information stop control block 302 after a specified period. 302 may work. This is effective for surely receiving the contract information 902 broadcast last in the target program.

FIG. 8 is a block diagram showing a configuration of a fifth embodiment of the limited viewing broadcast receiving apparatus according to the present invention. An example of the content of the broadcast wave used in this embodiment is as shown in FIGS.

In FIG. 8, the intermediate key holding block 403 used in this embodiment invalidates the held intermediate key by the identification code reception and interval monitoring block 1001 and the module function stop control block 302 every designated period. Shall be destroyed.

In the fifth embodiment of the present invention, as shown in FIG. 6, the contents of the contract information take the form shown in FIG. 27 with an identification code 802 added. This is the broadcast station 10 in FIG.
1 is added in the contract information creation block 702 based on the contents of the identification code database 701 in the block 1.

The contract information 1101, 1102, 110
3 and 1104 are broadcast once for one or a designated number of scrambled contents from the start to the end of the time of the target program. Broadcast contract information 110
1, 1102, 1103, and 1104 are changed each time by describing non-overlapping contents in the identification code 802.

FIG. 9 shows this situation. In this example, the target program is the scrambled content 501.
To scrambled content 504, and the contract information to be broadcast during that time is from contract information 1101 to contract information 1
It is assumed that there are a total of four up to 104.

It is necessary to broadcast the permission information having the structure shown in FIG. 27 in addition to the contract information. However, the permission information is omitted in FIGS. 6 and 9 for simplicity.

The receiving side performs the same processing as in the second embodiment of the present invention until one of the contract information 1101 to the contract information 1104 is received.

On the receiving side, contract information 1101 for the identifier
After the first reception of any one of the contract information 1104 to the contract information 1104, the identification code reception and interval monitoring block 1001 monitors the identification code 802 included in the contract information received thereafter, and determines what identification code Identification code reception history holding block 1 to determine whether information has been received
002.

The list of identification codes to be received is also stored in the identification code reception history holding block 1 in advance.
002.

In this example, four pieces of information, from contract information 1101 to contract information 1104, become contract information having identification codes that will be received.

When all the contract information to be received has been received, the identification code receiving and interval monitoring block 1001 determines that the contract has expired, and instructs the module outage control block 302 to stop the descrambling function. I do.

In FIG. 9, since four pieces of contract information 1101 to contract information 1104 are all pieces of contract information having an identification code to be received, if the program has been received from the beginning of the program, the contract information 1104 is received. At this point, the contract expires, and after that, even if there is a rebroadcast with the same configuration as in FIG. 9, the scrambled content 501 to the scrambled content 504 cannot be descrambled again.

Assuming that the contract information initially received is the contract information 1103 in FIG. 9, for example, in the middle of the program, the scrambled content 503 is then descrambled, and then the contract information 1104 is received and the scrambled content is received. After descrambling 504, it waits for contract information 1101 and contract information 1102 that have not been received yet.

In this example, since the contents of the intermediate key holding block 403 are discarded each time it is applied to each packet of the scrambled content, the scrambled content 506 cannot be descrambled. At a later date, if there is a rebroadcast with the same configuration and the broadcast has been received, the descrambling operation is restarted according to the above operation again from the time when the contract information 1101 was broadcast.

However, since the contract information 1103 and the contract information 1104 already have a history of being received, the contract ends when the contract information 1103 is received.
Further, even if a rebroadcast is performed in the same configuration, the scrambled content 50
As for item 4, it cannot be descrambled again.

In this embodiment, as long as all the identification codes to be received are not received, when the program is broadcast in the same configuration by re-broadcasting or the like, the program can be partially viewed any number of times. To limit this, an upper limit may be set on the number of times each piece of contract information can be received, and the intermediate key may be invalidated when the same number of pieces of contract information are received more than that number of times, so that descrambling may be temporarily disabled.

Further, in this embodiment, if the user watches the program from the middle of the target program, he / she cannot view the rebroadcast at the time elapsed from the previous viewing. This may be alleviated so that descrambling cannot be performed only when the contract information that is to be received is received and the contract information that is to be received at the end of the target program is received. .

FIG. 10 is a block diagram showing a configuration of a sixth embodiment of the limited viewing broadcast receiving apparatus of the present invention, and FIG. 27 schematically shows a part of the contents of the broadcast wave. It is.

When the broadcast side 101 creates the contract information 204 as shown in FIG. 27, under what conditions, for example, how long the intermediate key designating code and the intermediate key included in the contract information can be used. The information is described in the additional information 209.

On the receiving side, the received additional information 209
Is interpreted in the contract condition reading and interpretation block 1201 and the result is transmitted to the contract condition monitoring block 1202. The contract condition monitoring block 1202 monitors whether the condition is satisfied, and instructs the module stop control block 302 to stop the descrambling function when the condition is satisfied.

Upon receiving the instruction, the module function stop control block 302 acts on the intermediate key holding block 403 to disable the decryption of the scramble key, thereby immediately stopping the descrambling function, and simultaneously holding the identifier holding block 1
25 and the contents of the encryption key holding block 127 are also invalidated, so that descrambling using this module 105 cannot be performed again.

FIG. 11 is a block diagram showing the configuration of a seventh embodiment of the limited viewing broadcast receiving apparatus according to the present invention.
FIG. 12 schematically shows a part of the content of the broadcast wave.

In this embodiment, the broadcasting side 101 transmits the contract information 1401 for the receiving device having a common identifier together with the license information 203 and the contract information 204, which are information for a general receiving device, to the license information. At the same frequency as 203,
Broadcast only during the target broadcast time.

The structure of the contract information 1401 is as shown in FIG.
A common identifier 207, a scramble key 208 already encrypted with an encryption key, and additional information 20
9 That is, the license information 203 for this identifier
Is not broadcast, and the role is played by the contract information 1401.

On the receiving side, the contract information 1401 is selected by looking at the identifier 207 included in the contract information 1401, the scramble key 1402 encrypted with the encryption key is extracted therefrom, and the scramble key decryption block 132 Decrypts using the encryption key in the encryption key holding block 127 to obtain a scramble key.

If the scramble key is further updated after the broadcast side stops sending the license information 1401, the receiving side cannot update the new scramble key and cannot descramble at that point.

FIG. 13 is a block diagram showing the configuration of the eighth embodiment of the present invention, and FIG. 14 schematically shows a part of the contents of the broadcast wave.

Module 10 for Use with Receiver 104
5 includes a plurality of areas for storing identifiers and encryption keys, respectively.
For example, in this example, two are prepared. Then, an identifier and an encryption key are written in advance in one of them, and invalid data in which nothing is written is left in the other.
In this example, the module 105 includes the old identifier holding block 1501 and the old encryption key holding block 150 before updating.
2 operates using the data written in advance.

The feature of the broadcast wave content in the eighth embodiment of the present invention is the contract update information 1601. This is because the old identifier 1602 before the update for distinguishing the module 105 used together with the receiver 104 in FIG. 13, the flag 1603 indicating the information for updating the contract, and the old encryption key before the update are used. And a new encryption key 1605 encrypted with the old encryption key before updating.

For reasons such as renewal or change of contract contents,
When it is desired to change the identifier and encryption key of a specific receiver, an operation command is issued from the contract update issuing block 1503 in the broadcasting station 101 to the new identifier and new encryption key creation block 1504 and the contract update information creation block 1507.

In response to the operation command, a new identifier and new encryption key creation block 1504 creates a new identifier, a new encryption key, and their correspondence information, and stores them in the identifier database 114 and the encryption key database 11 respectively.
5. Add to the identifier and encryption key association database 117.

In the contract renewal information creation block 1507,
The new identifier and the encryption key are encrypted with the old encryption key before update, and the old identifier 1602 and the contract update flag 1603 are added to the contract update information 1601.

The created contract update information 1601 is broadcast together with the scrambled content 201, other permission information 203, contract information 204, etc., as shown in FIG.

On the receiving side, whether the contract update information 1601 has been received is determined by the contract update information reception monitoring block 15.
At 08, it is monitored by looking at the contract update flag 1603. To determine if this contract renewal information is for you,
The previous block, a contract information selection block 126
Is performed by looking at the old identifier 1602.

Contract update information reception monitoring block 1508
Upon detecting the reception of the contract update information addressed to itself, the contract update information reception monitoring block 1508 first converts the new identifier 1604 encrypted with the old encryption key and the new encryption key 1605 encrypted with the old encryption key. The new identifier and the new encryption key are sent to the identifier and new encryption key decryption and write block 1509, and are written to the new identifier holding block 1505 and the new encryption key holding block 1506, respectively.

Thereafter, the identifier and encryption key switching control block 1510 is sent to the identifier switching switch 15.
11 and an encryption key changeover switch 1512 are switched to give an instruction to apply a new identifier and a new encryption key, and the identifier and the encryption key are updated.

FIG. 15 is a block diagram showing the configuration of the ninth embodiment of the present invention, and FIG. 16 schematically shows a part of the contents of the broadcast wave.

A plurality of areas for storing the identifier and the encryption key, for example, two in this example are prepared in the module 105 used together with the receiving apparatus. Then, a temporary identifier and a temporary encryption key are previously written into one of them for temporary viewing, and the other is left as invalid data in which nothing is written. This module 105 operates using the temporary identifier in the old identifier holding block 1501 and the temporary encryption key in the old encryption key holding block 1502 at the time of temporary viewing.

Therefore, if the viewer obtains the module 105 to be used together with the receiver 104 and connects to the receiver 104, temporary viewing can be started immediately.

After the viewer starts tentative viewing, the receiver 104
A temporary viewing condition monitoring block 1702 in the module 105 used together with the program 105 is provided with a certain condition, for example, when power is supplied for a specified time or more, a specified date and time is exceeded, a specified number of programs are viewed for a specified number of times or more, and the like. Monitor items cumulatively and continuously. When this condition is satisfied, it means the end of the provisional viewing contract.

When the provisional viewing condition monitoring block 1702 detects the end of the provisional viewing contract, this block issues an instruction to the identifier and encryption key switching control block 1510 and opens the scramble key decryption stop switch 1703 to stop updating the scramble key. , Make temporary viewing impossible.

In this example, the function suspension when the temporary viewing contract expires is performed by operating the scramble key decryption stop switch 1703. However, if the temporary viewing and listening using the temporary identifier and the temporary encryption key cannot be temporarily performed, the function is stopped. Any means may be used. However, if it is desired that the contract can be followed after the provisional viewing period, the provisional identifier and the provisional encryption key cannot be used for viewing, but must be retained.

What is characteristic of the ninth embodiment of the present invention in the content of the broadcast wave is the contract update information 1801.
It is. This has a common identifier, an old identifier 1602 which is also a temporary identifier before update, a flag 1603 indicating information for updating the contract, and a common identifier for distinguishing the module 105 used together with the receiver 104 in FIG. A second identifier 1802 of a second identifier holding block 1701 for distinguishing a module scheduled to be transferred to a formal contract among a large number of modules, a new identifier 1604 encrypted with an old encryption key which is also a temporary encryption key before updating, , And a new encryption key 1605 encrypted with the old encryption key that is also the temporary encryption key before the update.

When a viewer intends to shift to this contract,
The second identifier 1802 given to the second identifier holding block 1701 in the module 105 used together with the receiver 104 is stored in some means, for example, a telephone line,
The information is transmitted to the contract application reception desk 1704 in the broadcasting station 101 via mail or the like.

[0119] Formal contract application reception counter 1 of broadcasting station 101
Upon receiving the intention of the contract from the viewer and the second identifier 1802 from the second identifier holding block 1701, the 704 first stores the second identifier 1802 in the second identifier database 1705, and stores the new identifier and the new encryption key. An operation instruction is issued to the creation block 1504.

In response to the operation command, a new identifier and new encryption key creation block 1504 creates a new identifier, a new encryption key, and their correspondence information, and stores them in the identifier database 114 and the encryption key database 11 respectively.
5. Add to the identifier and encryption key association database 117.

Thereafter, this contract application reception desk 1704
Issues an instruction to the contract update information creation block 1507.
In the contract update information creation block 1507, the new identifier and the new encryption key are encrypted with the old encryption key before update, that is, the temporary encryption key, and the old identifier 1602, that is, the temporary identifier,
The contract renewal information 1801 is obtained by adding the contract renewal flag 1603 and the second identifier 1802.

The created contract update information 1801 is broadcast together with the scrambled content 201, other contract information 204, and the license information 203 as shown in FIG.

The receiving side monitors whether the contract update information 1801 has been received by looking at the contract update flag 1603 in the contract update information and second identifier reception monitoring block 1706. Whether the contract update information 1801 is addressed to itself is determined by checking the old identifier 1602 in the contract information selection block 126 which is the previous block,
Contract update information and second identifier reception monitoring block 170
The second step is to look at the second identifier 1802 at 6.

When the contract update information and second identifier reception monitoring block 1706 detects the reception of the contract update information 1801 addressed to itself, the contract update information and second identifier reception monitoring block 1706 first transmits the old encryption key, that is, the temporary encryption key. A new identifier and a new encryption key are decrypted and written by using the new identifier 1604, which is the agreement for this agreement, and the new encryption key 1605, ie, the encryption key for this agreement, which is encrypted with the old encryption key, ie, the temporary encryption key. The flow advances to block 1509 to cause the new identifier and the new encryption key to be decrypted and written into the new identifier holding block 1505 and the new encryption key holding block 1506, respectively.

Thereafter, the identifier and encryption key switching control block 1510 is sent to the identifier switching switch 15.
11 and the encryption key changeover switch 1512 are switched to the side of the new identifier holding block 1505 and the side of the new encryption key holding block 1506, respectively, and an instruction is issued to close the scramble key decryption stop switch 1703 if it is open.

Through a series of these operations, the application to the identifier and the encryption key for the contract is updated.

FIG. 17 is also a block diagram showing the configuration of the tenth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

In the tenth embodiment of the present invention, a scramble key or a scramble key obtained by decrypting and interpreting the viewing contract information included in the broadcast wave using the identifier and the encryption key of the module 105 used with the receiver 104 is used. The contract information and the like are stored not in the nonvolatile RAM 1905 but in the volatile RAM 1903.

When power supply to the module 105 is cut off,
Since all the decrypted results are lost, it is possible to guess the encryption algorithm and reduce the risk of being decrypted.

In this embodiment, in order to support viewing from the middle of a scrambled program, the viewing contract information needs to be broadcast at short intervals and frequencies of several seconds to several minutes.

FIGS. 18 and 19 are block diagrams showing the configuration of the eleventh embodiment of the limited viewing broadcast receiving apparatus of the present invention. FIGS. 20 and 21 are block diagrams showing the flow of signals. is there. In the present embodiment, the storage block of the identifier and the encryption key can be separated from the receiver 104.
It is assumed that it is in the module 105 used together.

In the conventional example, the identifier and the encryption key are written in the non-volatile RAM 1905 at the manufacturing stage, and there is a risk of tampering.

Therefore, once the storage destination of the identifier and the encryption key is written, the bit is changed to the One Time ROM 2001 which performs an irreversible write operation that cannot be restored. At the time of manufacture, nothing is written in the One Time ROM 2001.

Since the identifier and the encryption key are invalid in this state, there is no need to manage the identifier and the encryption key before use as in the related art.

To make the module 105 usable, a writer 2101 is used. Writing machine 210
1 includes data to be written in a data storage block 2102 to be written, a processor 2103 of the writer, and an interface 2104. One Time
A processor 1902 always intervenes between the ROM 2001 and the outside of the module 105, and restricts the flow of data here.

In FIG. 20, processor 2 of the writing machine
Reference numeral 103 denotes On data in the module 105 for writing data stored in the data storage block 2102 to be written.
An instruction and data are sent to the processor 1902 of the module to write the data into the eTime ROM 2001. In the figure, the instruction is indicated by a broken arrow, and the data itself is indicated by a solid arrow. Processor 1902 is One
Data is written to the Time ROM 2001 by permitting external writing.

As shown in FIG. 21, if the writer 2101
Time ROM20 from processor 2103
When the instruction to read the data from 01 is issued,
Processor 1902 does not allow this, and interface 1
No data is output to 24.

In this way, the analysis of the identifier and the encryption key from outside the module is prevented.

The write data stored in the write data storage block 2102 is composed of an identifier and an encryption key in this example. This can be written in any number of modules according to demand, There is no need to manage inventory.

FIG. 22 is a block diagram showing the configuration of a twelfth embodiment of the limited viewing broadcast receiving apparatus according to the present invention.
FIG. 23 is a block diagram showing a signal flow in this embodiment.

In this embodiment, the storage block of the identifier and the encryption key can be separated from the receiver 104 by the receiver 10.
It is assumed that the module is in the module 105 used together with the module 4.

In the eleventh embodiment of the present invention, the identifier and the encryption key written in the module 105 cannot be read, and the collation operation as to whether the identifier and the encryption key have been correctly written cannot be performed.

In the twelfth embodiment of the present invention, an access restriction bit 2401 that cannot be restored once it has been operated is provided in the module 105, and this is provided to the processor 2 of the writing machine.
One Time ROM until operation from 103
The data written in 2001 can be read.

FIG. 23 shows the signal flow at that time.
Then, from the processor 2103 to the OneTime ROM 20
Processor 190 instructed to read data of data 01
2 goes to the access restriction bit 2401 each time. If the bit 2401 is not operated, this read operation is permitted, and the processor 2103 of the writing machine
With respect to the ne Time ROM 2001, both the write operation and the read operation can be performed, and the collation of the written data can be performed.

After comparing the written data, that is, the identifier with the encryption key, the processor of the writer sets the interface 210
4. Manipulate the access restriction bit 2401 via the processor 1902 of the module used with the interface 124 and the receiving device.

After that, the processor 2103 again sets One
When an instruction to read data from the Time ROM 2001 is issued to the processor 1902, the processor 1902 refers to the access restriction bit 2401, detects that the operation has been performed, does not permit the operation, and does not permit the operation.
No data is output to 24.

In this way, the analysis of the identifier and the encryption key from outside the module is prevented.

FIG. 24 is a block diagram showing the configuration of the thirteenth embodiment of the limited viewing broadcast receiving apparatus according to the present invention.
In the present embodiment, it is assumed that the block for storing the identifier and the encryption key is in a module 105 that can be separated from the receiver 104 and used together with the receiver 104.

In the twelfth embodiment of the present invention,
The identifier and the encryption key written in the module 105 can be read from the outside until the access restriction bit 2401 is manipulated. It becomes a defect.

In the thirteenth embodiment of the present invention, an access restriction bit 2401 that cannot be restored once operated is provided in the module 105, and is provided to the processor 2 of the writing machine.
One Time ROM until operation from 103
The data written in 2001 can be read, and at the same time, the descramble operation cannot be performed unless this bit 2401 is operated.

In FIG. 24, access restriction bit 24
01 is operated, the switch 2601 between the wiring of the processor 1902 of the module 105 used together with the receiver 104 and the wiring of the scramble key decryptor 132 is open. Scramble operation cannot be performed.

When the access restriction bit 2401 is operated, the processor 1902 of the module 105 used together with the receiver 104 closes the switch 2601 between the wiring to the scramble key decryptor 132 and enables the descrambling operation.

In this way, it is possible to prevent the unauthorized module 105 from performing the descrambling operation and reading the identifier or the encryption key.

FIG. 25 is a block diagram showing the configuration of a fourteenth embodiment of the limited viewing broadcast receiving apparatus of the present invention. In the present embodiment, it is assumed that the block for storing the identifier and the encryption key is in a module 105 that can be separated from the receiver 104 and used together with the receiver 104.

In the prior-payment limit receiving apparatus in the conventional example, it is necessary to use an extra suppression device such as a switch in order to disable viewing after the expiration of the contract such as after the elapse of a designated period.

[0156] Even after the receiver 104 becomes unusable, the identifier and the encryption key remain inside the device, and there is a risk that the device is disassembled and physically read.

In the fourteenth embodiment of the present invention, the identifier and the encryption key written in the module 105 are overwritten and invalidated when the contract expires.

In FIG. 25, contract expiration monitoring block 2
When 701 detects the contract expiration status by any means,
Notify the processor 1902 in the module 105 for use with the receiver 104. When the processor 1902 is notified of the contract expiration, the processor 1902 stores the identifier and the encryption key in One Ti
Access the me ROM 2001 and overwrite all or randomly selected bits. As a result, the identifier and the encryption key become invalid, so that the descrambling operation cannot be performed.

In this way, the descrambling operation cannot be performed without providing an additional circuit, and the identifier and the encryption key are not analyzed after use.

(Supplementary Note) (1) A means for monitoring and recording all of the identification codes added to the received viewing contract information, and a method for viewing and receiving the viewing contract information when the viewing contract information cannot be re-received within the predetermined time. Invalidates the contents of the means for holding the broadcast, temporarily disables viewing, and disables the operation of releasing the scramble (or encryption) applied to the broadcast contents again when all the predetermined identification codes are received. 3. The limited viewing broadcast receiving apparatus according to claim 2, further comprising means.

(2) The received viewing permission information and viewing contract information or the decryption and interpretation results thereof are stored in a volatile storage element for power supply. The limited viewing broadcast receiving device according to any one of the above.

(3) A means having a read-only storage element that can be written only once, and storing the identifier and the encryption key in the read-only storage element that can be written only once. 9. A means for enabling only writing to a read-only storage element which can be written only once.
(1) The limited viewing broadcast receiving device according to any one of (1).

(4) A means for storing the identifier and the encryption key in the read-only storage element which can be written only once, and which has a read-only storage element which can be written only once, The apparatus according to claim 1, further comprising means for storing control information for restricting reading from a read-only storage element which can be written only once, and means for restricting reading of the identifier and the encryption key by the control information. The limited viewing broadcast receiving device according to any one of 1 to 8, (1).

(5) A means for storing the identifier and the encryption key in the read-only storage element, which has a one-time writable read-only storage element, and which stores the identifier and the encryption key. Means for storing control information that restricts reading from a read-only storage element that can be written only once, and by operating the control information, the identifier and the encryption key can be prevented from being read out to the outside, and at the same time, can be applied to broadcast contents. The limited viewing broadcast receiving apparatus according to any one of claims 1 to 8, further comprising means for enabling a function of decrypting encryption and scrambling.

(6) Means having a read-only storage element that can be written only once, and storing the identifier and the encryption key in the read-only storage element that can be written only once, at least when the contract expires. Means for overwriting and invalidating data in the area of said identifier and said encryption key, wherein said area is limited to said limited key and said encryption key. Broadcast receiver.

(7) At least an area for storing the identifier and the encryption key, and a part for interpreting and processing the viewing permission information and the viewing contract information are provided in a module separable from the receiving apparatus body. The conditional access broadcast receiving apparatus according to any one of claims 1 to 8, and (1) to (6).

[0167]

As described above, according to the present invention, an individual identifier is used for each of the conventional receivers or modules used with the receivers without adding significant changes and additions to the existing broadcasting equipment configuration. In addition, in a channel in which a contract for providing an individual encryption key is performed, an off-line prepaid pay-per-view service for each program can be provided side by side.

In addition, major changes to the existing broadcasting equipment configuration
The provisional viewing can be started easily and quickly without adding additional equipment, and individual identifiers and encryption keys can be changed easily and safely.

Further, the apparatus of the present invention can provide a safe and convenient provision of an off-line prepaid pay-per-view service.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a first embodiment of a limited viewing broadcast receiving apparatus of the present invention.

FIG. 2 is a block diagram showing a configuration of a limited viewing broadcast receiving apparatus according to a second embodiment of the present invention.

FIG. 3 is a diagram showing a broadcast schedule according to the second and third embodiments of the present invention.

FIG. 4 is a block diagram illustrating a configuration of a limited viewing broadcast receiving apparatus according to a third embodiment of the present invention.

FIG. 5 is a block diagram showing a configuration of a fourth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 6 is a diagram schematically showing contents of a broadcast wave used in a fourth embodiment and a fifth embodiment of the present invention.

FIG. 7 is a diagram showing a broadcast schedule according to a fourth embodiment of the present invention.

FIG. 8 is a block diagram showing a configuration of a fifth embodiment of the limited viewing broadcast receiving apparatus according to the present invention.

FIG. 9 is a diagram showing a broadcast schedule according to a fifth embodiment of the present invention.

FIG. 10 is a block diagram showing a configuration of a sixth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 11 is a block diagram illustrating a configuration of a seventh embodiment of a limited viewing broadcast receiving apparatus according to the present invention.

FIG. 12 is a diagram schematically illustrating contents of a broadcast wave according to a seventh embodiment of the present invention.

FIG. 13 is a block diagram showing a configuration of an eighth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 14 is a diagram schematically illustrating contents of a broadcast wave according to an eighth embodiment of the present invention.

FIG. 15 is a block diagram showing a configuration of a ninth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 16 is a diagram schematically illustrating contents of a broadcast wave according to a ninth embodiment of the present invention.

FIG. 17 is a block diagram illustrating a configuration example of a conventional example and a limited-view broadcast receiving apparatus according to a tenth embodiment of the present invention, and a module used together with the receiving apparatus.

FIG. 18 is a block diagram showing a configuration of an eleventh embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 19 is a block diagram showing a configuration when data is written in an eleventh embodiment of the present invention.

FIG. 20 is a block diagram showing an instruction and a signal flow at the time of data writing in the example of the eleventh embodiment of the present invention.

FIG. 21 illustrates an example of an eleventh embodiment of the present invention.
FIG. 4 is a block diagram showing an instruction and a signal flow at the time of data reading.

FIG. 22 is a block diagram illustrating a configuration of a twelfth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 23 is a block diagram showing an instruction and a signal flow at the time of reading and writing data in the example of the twelfth embodiment of the present invention.

FIG. 24 is a block diagram showing a configuration of a thirteenth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 25 is a block diagram showing a configuration of a fourteenth embodiment of the limited viewing broadcast receiving apparatus of the present invention.

FIG. 26 is a block diagram showing a configuration of a conventional limited viewing broadcast receiving apparatus.

FIG. 27 shows the contents of a broadcast wave used in a conventional limited-view broadcast receiving apparatus and a second embodiment of the present invention, a third embodiment of the present invention, and a sixth embodiment of the present invention. It is the figure which represented typically.

[Explanation of symbols]

101: broadcast station, 102: broadcast antenna, 10
3 ... receiving antenna, 104 ... receiving device, 105
... Module used with receiving device, 106 ...
Receiver 107, broadcast content 108, scramble key database 109, scrambler 110, intermediate key 111, scramble key encryption block 112, intermediate key related information Database, 113 ... permission information creation block, 114 ...
· Identifier database, 115 ··· encryption key database, 116 ··· intermediate key encryption block, 117 ···
Identifier and encryption key association database, 118...
· Contract information creation block, 119 ··· Contract information · Scrambled contents · Multiplexer, 120 ···
Modulation transmission unit, 121: reception demodulation unit, 122: license information / contract information, scrambled content / demultiplexer, 123: receiving device side interface,
124... Module side interface used with the receiving device 125... Identifier holding block 126.
..Contract information selection block, 127: encryption key holding block, 128: intermediate key decryption block, 129
An intermediate key designation code holding block using a non-volatile storage medium, 130 ... an intermediate key holding block using a non-volatile storage medium, 131 ... a license information selection block, 132
... Scramble key decryptor, 133 ... Scramble key holding block, 134 ... Descrambler (scrambler), 201 ... Scrambled content, 203 ... License information, 204 ... Contract information , 205 ... intermediate key designation code, 206 ... scramble key encrypted with the intermediate key, 207 ... identifier,
208... An intermediate key encrypted with an encryption key, 209.
Additional information, 301: Contract condition monitoring and determination block, 302: Module function stop control block, 4
01... Contract information reception interval monitoring block, 402.
An intermediate key designation code holding block using a volatile storage medium, 403: an intermediate key holding block using a volatile storage medium, 501: scrambled contents 1, 5
02 ... scrambled contents 2, 503 ...
Scrambled contents 3, 504: Scrambled contents 4, 505: Scrambled contents 5, 506: Scrambled contents 6, 5
07 ... scrambled contents 7, 508 ...
Scrambled contents 8, 509 ... contract information,
601: Contract information reception frequency / interval monitoring block, 7
01: identification code database, 702: contract information creation block (with identification code), 703: identification code reception and contract information reception interval monitoring block, 8
01 ... contract information (with identification code), 802 ... identification code, 901 ... contract information (with general identification code), 902 ... contract information (with end identification code),
1001... Identification code reception interval monitoring block, 10
02: identification code reception history holding block, 1101
... contract information 1, 1102 ... contract information 2, 110
3: Contract information 3, 1104: Contract information 4, 12
01 ... contract condition reading and interpretation block, 12
02 ... contract condition monitoring block, 1301 ... contract information creation block (including scramble key), 1401
..Contract information (including scramble key), 1402 ...
Scramble key encrypted with an encryption key, 1501 ... old identifier holding block before update, 1502 ... old encryption key holding block before update, 1503 ... contract renewal issue block, 1504 ... new identifier and New encryption key creation block, 1505 ... new identifier holding block after update, 1506 ... new encryption key holding block after update, 1507 ... contract update information creation block, 1508 ... contract update information reception monitoring Block, 1
509: new identifier and new encryption key decryption and writing block, 1510: identifier and encryption key switching control block, 1511: identifier switching switch, 1512: encryption key switching switch, 1601
... contract update information, 1602 ... old identifier before update, 1603 ... flag indicating information to update the contract, 1604 ... new identifier encrypted with the old encryption key before update .., 1605... A new encryption key encrypted with an old encryption key before update, 1701... A second identifier holding block, 1702... A temporary viewing condition monitoring block, 1703. 1704: Contact point for this contract application, 170
5 ... second identifier database, 1706 ... contract update information and second identifier reception monitoring block, 1801
... contract update information, 1802 ... second identifier, 19
01: Processor of the receiving device main body, 1902: Processor of a module used with the receiving device, 1903
..Volatile RAM of modules used with receiving device,
1904: RO of module used with receiving device
M, 1905: nonvolatile RAM of a module used together with the receiving device, 2001: irreversible writable ROM (One Time ROM), 2101
..Writer and device for writing data to One Time ROM 2001, 2102... Data storage block to be written, 2103.
2104... Interface of the writing machine 2401
... Access restriction bit, 2601 ... Wire switch between processor 1902 of the module used together with the receiving device and scramble key decryptor 132, 2701 ...
Contract expiry monitoring block.

Claims (8)

[Claims] 1. Receiving encrypted viewing contract information and viewing permission information transmitted from a broadcasting side, performing decryption and interpretation, and decrypting and viewing scrambled (or encrypted) broadcast contents. In the limited viewing receiving apparatus, an encrypted common information transmitted from the broadcasting side is used by using two of a common identifier valid for one or more receiving apparatuses and a common encryption key corresponding to the identifier. Means for decrypting and interpreting the viewing contract information, means for descrambling the scrambled (or encrypted) broadcast contents, and operation for descrambling the scrambled (or encrypted) broadcast contents when certain conditions are met. And a means for stopping the transmission. 2. A means for holding decrypted and interpreted viewing contract information, and monitors whether the viewing contract information is received again within a predetermined time after receiving the viewing contract information first. Means for scrambling (or encrypting) the broadcast contents by invalidating the contents of the means for holding the viewing contract information when the viewing contract information is not received within the predetermined time.
2. A limited viewing broadcast receiving apparatus according to claim 1, further comprising means for stopping an operation of canceling the broadcast. 3. A means for monitoring and recording the number of times the viewing contract information has been received, and invalidating the contents of the means for holding the viewing contract information when the viewing contract information cannot be received again within the predetermined time. Means for temporarily disabling viewing and, when receiving said viewing contract information a certain number of times, disabling the operation of descrambling (scrambling) the broadcast contents again. The limited viewing broadcast receiving device according to claim 2. 4. The contents of the means for monitoring reception of the viewing contract information to which code information is added, and the means for holding the viewing contract information when the viewing contract information cannot be received again within the predetermined time. Means for disabling and temporarily disabling viewing and, when receiving the viewing contract information to which the designated code information is added, disabling the operation of releasing the scramble (or encryption) applied to the broadcast content again. The limited viewing broadcast receiving device according to claim 2, wherein the receiving device is provided. 5. Means for interpreting the expiration date information added to the received viewing contract information, means for monitoring the expiration date, and scrambling (or encryption) applied to the broadcast contents when the expiration date has expired. 2. The limited viewing broadcast receiving apparatus according to claim 1, further comprising: means for making it impossible to cancel the operation again. 6. Detecting a common identifier included in the received viewing contract information, selecting the viewing contract information addressed to itself,
Obtain a scrambled key that has been encrypted with the encryption key in this viewing contract information and release the scramble applied to the broadcast contents,
2. The limited viewing broadcast receiving apparatus according to claim 1, wherein the transmission of the viewing contract information is stopped on the broadcasting side, and the scrambling key is updated on the broadcasting side so that the descrambling cannot be canceled. 7. An identifier and an encryption key each having at least two
Means for storing the key information over and over again, receiving the encryption key rewrite information transmitted from the broadcasting side using the old identifier, decrypting the new identifier and the new encryption key using the old encryption key, and Means for replacing an old encryption key with the new identifier and the new encryption key and newly applying the new encryption key. 8. A means for individually notifying the broadcasting side of a second identifier unique to the receiving device, receiving the encryption key rewriting information transmitted from the broadcasting side using the old identifier, and storing the second identifier held by the self. Means for comparing the second identifier included in the encryption key rewriting information transmitted from the broadcasting side; and, when the comparison results match, decrypt the new identifier and the new encryption key using the old encryption key, and 8. A means for replacing the old identifier and the old encryption key with the new identifier and the new encryption key and newly applying the old identifier and the old encryption key.
A limited viewing broadcast receiving device according to item 1.