JP2002118547A - Data viewing service method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To protect a copyright at the time of storing contents in a storage medium by preventing the contents from being illegally viewed or rewritten. SOLUTION: Respective contents are enciphered for copyright protection, the contents are stored in a storage medium in the enciphered state, and the contents or metadata are processed in a secured area so that the copywrite can be protected. The enciphered contents stored by a receiving terminal are copied when viewed by a user, the enciphered meta data are copied in the same way, the copied metadata are decoded, and then the decoded metadata are used so that the copied contents can be decoded and reproduced. Thus, the ciphered contents data can be always stored, and the similar service can be received by another module anytime.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a data viewing service method such as a point service in a comprehensive data distribution service. In particular, the present invention defines a content with encrypted content and metadata which is content-related information necessary for viewing the content, encrypts the content and metadata on a transmission side, and stores the content and the encrypted content. Is a data viewing service in a comprehensive data distribution service that realizes content protection.

[0002]

2. Description of the Related Art In the conventional digital broadcasting, there is only a contract form of viewing / non-viewing for each service channel, or a contract form of a program contract for each time within the same channel. As a result, all service information within the contract period can be obtained, but it is difficult to view only the service information selected by the user or obtain only the content. Also, in the BS digital broadcasting that will start in the future, since the number of encryption keys that can be used in the network is fixed, the upper layer determines whether or not to encrypt. In the existing digital broadcasting or the like, in order to make purchases in units of each content, the user determines the desired content after selecting the service, and communicates with the center simultaneously with the determination. The user purchases each content by confirming the purchase of each content by real-time communication with the center side and transmitting purchase permission data to the contractor after the confirmation. Sales are performed in content units by such an interactive real-time purchase method.

In the current transmission system, the content encrypted on the center side is decrypted immediately after reception in the receiving terminal and then recorded in a storage device or the like. As described above, the encryption of the content at the time of transmission is performed only by the primary encryption. In the case of storage without encryption and development in a work area or the like, there is a possibility that illegal viewing and rewriting of contents may be performed. The current receiving terminal cannot perform encryption again in the receiving terminal after decryption. From this, it is not necessary to decrypt the stored content existing in the receiving terminal etc. once and then encrypt it again and store it. There are many issues. In addition, when receiving digital broadcasts, information that deals with contracts such as viewing / non-viewing is provided only for each receiving terminal. There is a problem that the form cannot be recognized.

[0004]

As described above, in digital broadcasting services such as CS / BS, the contract form is to view / do not view a channel or view / do not view a program on the same channel. It is mainly providing contracts. This means that the number of keys that can be used for encryption in digital broadcasting is extremely small, and the use of multiple keys not only complicates key management, but also encrypts content with multiple keys. It is necessary to constantly send the information necessary to decrypt the data, and transmit it with a larger amount of information. This is difficult and impractical in small transmission areas. Also, by locking each content, the number of keys becomes almost infinite, which is also very difficult to manage. Further, since information necessary for real-time decryption is always transmitted, the receiving terminal must always have a security module such as an IC card required for decryption at the time of reception. Than these things,
Encrypt with multiple keys at the same time of the same program on the same channel, which means encrypting for each content in the service, which is currently nearly impossible for the reasons mentioned earlier. Furthermore, when content is stored in a storage medium or developed in a work area or the like, unauthorized viewing and rewriting may be performed, and since the data is digital, there is no deterioration of the data. It becomes a problem with the concept of protection.

[0005]

In the present invention, in order to perform encryption for each content, metadata including information such as an encrypted content and a viewing contract form for the content is separated. First, the transmitting side encrypts the content and the metadata, stores the encrypted content key in the key metadata, and transmits the content, the metadata, and the key metadata at the same time. The receiving terminal on the receiving side that has received this information stores the encrypted content, performs processing for decrypting the encrypted metadata and processing for the metadata as required, and then stores the encrypted content. When viewing the stored encrypted content, the metadata encrypted with the content key is decrypted, and a viewing contract or billing process is performed based on the metadata information. The necessary information such as information for decrypting the decrypted content is written to a user specific storage medium such as a security module.

[0006] Since the data to be distributed is digital,
Copying is possible without deterioration of information. Therefore, when performing the above-mentioned processing, some kind of right protection system is required. Therefore, in the present invention, information that needs to be protected, such as content, metadata, and key metadata, which needs to be protected, is encrypted and distributed, and is stored in the storage medium while being encrypted. Only when some processing is performed on content, metadata, key metadata, and the like, decryption processing is performed in a secure area and processing is performed.

Further, the keys are different for each content, but all the keys of the content stored in the storage medium are written in a key table or the like. Then, the key of the viewing contracted content is stored in the security module. Playback of encrypted content is performed using the written key information. However, since a security module is required only during playback, there is no need to always install it in the receiving terminal, just purchase the content at home. Instead, the content viewing contract can be made outside the home, such as outside. Thus, a contract outside the receiving terminal by carrying the security module or the like becomes possible. Therefore, the user's personal identification storage medium such as a security module can be carried.
In addition, the encrypted content stored in the receiving terminal is a copy of the encrypted content at the time of viewing by the user, similarly, the encrypted metadata is also copied, and the copied metadata is decrypted and then decrypted. To decrypt and reproduce the copied content. Thus, the encrypted content data is always stored, and the same service can be enjoyed by another security module at any time.

[0008] One of the features of the present invention is to provide a system that can enjoy both broadcasting services of existing type and storage type broadcasting, further clarify the separation from the system of existing type broadcasting, and provide services of storage type broadcasting. It is an object of the present invention to provide a storage-type broadcasting service system capable of performing the same conditional access system as the existing type. In addition, the present invention makes it possible to realize the same billing system and contract system as the existing broadcasting service, and also enables billing and contract for each content. According to the present invention, necessary information can be stored in the security module so that the service of the stored broadcast can be similarly enjoyed in another environment by carrying the security module. Further, according to the present invention, the function of the existing broadcasting can be similarly enjoyed in another environment by storing the function of the conditional access system of the existing broadcasting in the security module.

Further, according to the present invention, a security module can be used as a means for constructing a personal environment by associating security modules for each individual, and a security module can be used as a storage medium for personal information. For free contents, the contents can be searched and displayed without a security module.

In the service system according to the present invention, information about insufficient information in the construction of a personal environment can be transmitted using a satellite broadcast wave or a satellite communication wave, a terrestrial line, or the like. Further, in the present service system, a service for individuals can be provided by a combination of a service for unspecified majority by combining satellite broadcasting waves and communication broadcasting and a service for specific individuals.

According to the first solution of the present invention, a step of receiving storage metadata and key distribution metadata in response to a content reception request, and determining whether the broadcast is free broadcast or pay broadcast based on the received storage metadata And decrypting the received key distribution metadata with the system key (Ksm) in the key table if it is a free broadcast,
Obtaining the content key (Kk) stored in the key distribution metadata, decrypting the encrypted part of the received storage metadata with the obtained content key (Kk), and storing the storage metadata. Determining whether to receive or store the content using the contents and / or the user's request. If it is determined that the storage is to be performed, the storage metadata that has been encrypted and the storage metadata that has been encrypted Storing the content in the storage medium, copying the storage metadata when the user's viewing request is issued, decoding the copied storage content, and performing the user operation based on the decrypted content of the storage metadata. Determining whether or not there is a restriction, and when there is no user restriction or within the restriction range, the permission information for viewing the content is Generating from the storage metadata and the content key (Kk) and storing it in the personal authentication device or profile.

[0012] According to a second solution of the present invention, a step of receiving storage metadata and key distribution metadata in response to a content reception request, and determining whether the received storage metadata is free broadcast or pay broadcast. And, if the service is a pay broadcast, a step of comparing the entity identifier and the contract code stored in the profile in the receiving terminal with those stored in the profile in the receiving terminal, and a user using the receiving terminal. Does not receive the content if it does not have a contract, and if it has a contract, it is a business that is an encryption key applied to key distribution metadata based on the business entity identifier from the key table in the receiving terminal Deriving the body key (Kw), decrypting the key distribution metadata with the business entity key (Kw), and obtaining the content key (Kk) embedded in the key distribution metadata That the step, the encrypted portion of the storage metadata received, acquired content key (Kk)
Decrypting, using the contents of the storage metadata and the user request to determine whether to receive or store the content, and if it is determined that the storage is to be performed, the storage metadata that remains encrypted And storing the encrypted content in a storage medium, copying the storage metadata when a user's viewing request is issued, and decrypting the copied storage content. A step of determining whether there is a user restriction based on the contents of the storage metadata and, if there is no user restriction or within the restriction range, the permission information for viewing the content is stored in the storage metadata and the content key (Kk). And storing the data in a personal authentication device or profile.

[0013]

DESCRIPTION OF THE PREFERRED EMBODIMENTS (Outline of Service) The comprehensive data distribution service according to the present invention is an information (data) distribution service that can be viewed at a desired location when a desired content is viewed, and is a conventional real-time (broadcasting) service. This service provides not only real-time broadcasting but also storage-based information distribution, compared to digital broadcasting. As a result, a near-on-demand (NVOD) -like service is provided in which the viewer can select and view his / her favorite content from the stored content at any time. In addition, the content is directly stored in a removable medium or an external device connected to a receiving terminal that receives the service, or the content is copied and provided so that the user can view the content at a desired location. Furthermore, in the conventional digital broadcasting service, the content usage contract form is limited to a narrow range such as a contract on a terminal basis. However, this service provides a wide range of content usage contract forms capable of contracting on an individual user basis. .

FIG. 1 shows a service configuration diagram of the comprehensive data distribution service. As an overview of the present comprehensive data distribution service, a storage-type television broadcast will be described. In the case of the storage type television broadcast, the content 1 (program) transmitted from the broadcast side (broadcasting station) is transmitted via the antenna 2 (distribution by cable or package) in the same manner as the conventional television broadcast. ) In addition to the case where viewing is performed from the moment when it is received by the receiving terminal 3 and distributed by a monitor device such as the television 9 (here, referred to as real-time viewing 6),
Like the conventional VCR, once distributed content is stored in a storage medium 4 (a large-capacity storage medium such as a hard disk) and then viewed. Is sometimes used as a storage medium), and an information distribution service that enables services such as real-time type + storage type viewing 7 for viewing the stored content and the real-time viewing type content being distributed together.

(Services that can be Enjoyed by Carrying Contents and Various Information) Services that can be enjoyed by carrying contents and various information are described below. The distribution center performs normal content distribution using broadcast waves. The content is received at the receiving terminal installation location such as each home or hotel on the receiving side.
This content must be a terminal with a function that can receive both broadcast waves and communication waves (communication services) via satellite,
A receiving terminal equipped with either of the functions can also receive.

By distributing content using satellite broadcast waves, and by storing the content license information and home use environment information at home in a personal authentication device provided in the receive terminal by purchasing the content, etc. In this way, the entire content usage environment at home can be reproduced at the destination. For example, storing all the permission information of the content used by the receiving terminal at home in the personal authentication device is mainly based on the content and music owned by one's own, and all music CDs or travel. It means that it is the same as carrying a music CD selected for use when moving. Furthermore, to carry information that can reproduce the environment using this music CD,
For example, it is also possible to carry information on the reproduction order and personal use environment, such as when a favorite music CD is always played first. Thus, it can be used in the same state as at home. To use the content in the destination environment using the receiving terminal or the playback device, the information in the personal authentication device is inserted into the destination device, and the same environment is constructed based on this information. However, if the content does not exist at the destination, the content acquisition request is notified to the distribution side using a notification means such as a terrestrial line or a telephone, and the content distribution based on this request is distributed using satellite communication waves. . Specifically, a receiving device is installed in each room such as a hotel, and when a personal authentication device is inserted into this receiving device, the content request information is notified to the front desk or the like,
The information is further notified to the distribution side. Based on this request, it is distributed via satellite communication waves to devices equipped with large-capacity storage devices such as reception terminals at hotel front desks and reception servers,
After that, the content is distributed to the receiving terminal in the room.

As described above, by combining the satellite broadcast wave and the satellite communication wave, it is possible to provide services that make use of the respective distribution characteristics. In addition, the present invention is a service that enables nationwide broadcast content distribution using satellite broadcast waves and content distribution for specific persons using satellite communication waves. If the receiving terminal has a function of receiving both satellite broadcast waves and satellite communication waves, the request information regarding the content is transmitted by the broadcast waves, and the requesting receiving terminal is transmitted by the satellite communication waves based on this information. Deliver directly to. Thus, it is possible to receive the detailed service using the satellite communication wave while receiving the satellite broadcast wave. A satellite communication wave can deliver contents quickly in response to a request, and the combined service can be switched from an unspecified multiple target service to a service for a specific individual.

(Necessity of Rights Protection Regarding Content Protection and Personal Information Protection) As described above, this comprehensive data distribution service directly distributes contents to homes and the like, and stores / copies / reproduces digitally in homes and the like. It is a service that aims to perform As a result, there arises a problem relating to rights such as falsification of data and copyrights such as copying and reproduction exceeding personal use. Therefore, it is necessary to protect and manage the rights of copyright holders, broadcasters, and viewers of the content. Conventional digital broadcasting is mainly for real-time viewing, so it is content encryption on the transmission path by conditional access that limits the terminals that can receive the broadcast, and content protection such as copy control for external devices. Since the key related to encryption on the transmission path is switched in a fixed time, if the encrypted contents of the transmission path are to be stored, it is necessary to store all keys, tables of PSI / SI, etc. Then, there arises a problem concerning security for the content.

In order to solve these problems, the present comprehensive data distribution service provides a method of presenting content to a viewer on the broadcast side, usage conditions, storing content in an encrypted state, conditional access to a terminal, conditional access to an individual, and the like. Is provided, and a service capable of protecting the rights of contents such as copyrights is provided by performing viewing control, storage control, copy control, encryption / decryption control, and the like of a viewer based on these definitions. In addition, the relationship among the unit of charging, right, and encryption in the comprehensive data distribution service is basically “charging ≧
Right = encryption unit ". (It is also conceivable that the right unit exceeds the billing unit.) In the present invention, data defined on the broadcast side in the comprehensive data distribution service as described above is used. In the present invention, this data is referred to as metadata.

(System Overview) As a system for performing the present comprehensive data distribution service, in addition to infrastructure using radio waves such as satellite broadcasting and terrestrial broadcasting, services using infrastructure using communication lines such as cable television and the Internet are possible. . In addition, it is possible to provide a hybrid service using not only broadcasting but also communication as a communication and using these two satellite infrastructures.

FIG. 2 shows an overall configuration diagram of the integrated data distribution service system. In the present invention, a case will be mainly described in which digital satellite broadcasting using a satellite as shown is used as an infrastructure. An outline of a system in which a comprehensive data distribution service is provided will be described with reference to FIG. The present system is broadly divided into a center side 10 which is a broadcast side for producing and distributing contents, and a receiving terminal 3 which is a receiving side for receiving contents. The receiving terminal referred to here is not limited to a terminal installed at home, but may be a public terminal, an in-vehicle terminal, or the like. On the center side 10, as described above, the production of the content 1 and the PSI / SI (Pr
In addition to generating and distributing the program specific information / service information 50, the metadata 100, and the like, encryption in consideration of copyright, viewing control, charging, and the like, and the key of the key used for the encryption. Management, content 1, PSI / SI 50, management of metadata 100, user request acceptance, user (customer) management, and the like are also performed. The center side 10 produces, generates,
PSI / SI, metadata, and the like are assembled into data that can be distributed to the receiving terminal 3 via the satellite 12 and distributed to the user via the satellite 12 by the transmission antenna 11. In addition, the method of generating metadata generated after completion of the content on the center side in the comprehensive data distribution service is as follows.
For example, when a file is generated by inputting necessary items according to a guide of a metadata generating apparatus, or when a file is directly created by a PC (personal computer) or the like, information such as a memo is generated and generated during content production. There may be a case where metadata is automatically generated based on information. The receiving terminal 3 on the receiving side receives information such as the content 1, PSI / SI 50, and metadata 100 via the satellite 12 by the antenna 2 and outputs the information to the monitor device such as the TV 9 or stores the information in the storage medium 4. The output allows the user to view. The receiving terminal 3 is a TV 9
May be built in a monitor device such as this, but here, as an example, a separate device will be described.

The major features of the receiving terminal 3 for the comprehensive data distribution service include the content 1 and the metadata 10
In addition to having a storage medium 4 for storing information such as 0, decryption of encrypted and distributed data and reception terminal 3
Uses the RMP14 (Rights Management & Protection: rights protection) system that encrypts important data in the system, and processes and controls the rights such as copyright protection, authentication, and billing, and uses this receiving terminal. It has a personal authentication device 200 that performs personal authentication of the user and authentication of a group such as a family to which the user belongs. RM
P14 has a security-protected configuration as a security measure against pirates and cryptanalysis, and has a physically secure memory, etc., and is used in profiles and reception terminals that manage user contract information. A key table or the like for managing keys to be executed is stored. Further, the RMP 14 may be configured so that the module can be replaced for each module due to deterioration of security strength or the like. In addition, the personal authentication device 200 here refers to a module that is a medium whose security is protected, and includes a memory card using a memory medium, BS digital broadcasting,
IC cards used in CS digital broadcasting and the like may be used. The personal authentication device 200 can be broadly divided into two functions: a function of authenticating a group (terminal) and decrypting a transmission layer encryption, and a function of performing personal authentication and decrypting the encryption of the content itself. Since the function related to group authentication needs to be always fixed to the receiving terminal from the function, the function may be built in the receiving terminal. The device relating to the personal authentication takes a portable form, and the stored content 1 is transferred to the external device 15.
When the content is played back on the external device 15 or when the content contract is made with the external device 15, the external device 1 and the removable medium 5 are used together.
5 and may be used. The external devices in the present system refer to devices such as an in-vehicle terminal, a mobile phone, a mobile terminal, and a receiving terminal other than the receiving terminal owned by the user. A ground line 13 connecting the center side 10 and the receiving terminal 3 performs a charging process for the content, a user viewing history, a charging history,
In addition to obtaining requests and the like, it is also used for transmitting information for encrypting contents, metadata, contents, and decrypting other metadata, and transmitting a key.

(Concept of Metadata) Next, the definition of the above-described metadata will be described. The metadata in the present comprehensive data distribution service basically refers to data describing the contents of the definition for the content defined in the unit intended on the broadcast side. Therefore, by reading the data with the receiving terminal, it is possible to cause the receiving side to perform presentation, reception, accumulation, billing processing, encryption / decryption processing, viewing contract processing, and the like of the content. However, in this comprehensive data distribution service, the metadata itself may be regarded as content.

FIG. 3 is an explanatory diagram of the function of the metadata. The major role of metadata will be described. The metadata 100 is a content 1 that is encrypted to protect a copyright or the like (a case where the content is not required to be protected by copyright, viewing control by pay broadcast, or the like, and may be distributed without being encrypted). ) Is distributed to the receiving terminal 3. The receiving terminal 3 controls the storage in the storage medium 4 by the metadata 100 distributed together with the content 1,
Copy control for the external device 15 and the like, authentication control for the application 300 and the like that uses the content in the receiving terminal, decryption of the encrypted content by the scrambler / descrambler 401, permission information for the content generated from the metadata, etc. Scrambler / descrambler 401 for data that needs protection and is used at the receiving terminal
It performs encryption / decryption control, authentication control for the user, and the like. In other words, metadata is information that controls the use of content by the user, in addition to the content description of the content itself, and metadata is generated by defining the content on the broadcast side. It is possible to control the content use range, use conditions, and the like. As another role of the metadata, when searching for the content stored in the receiving terminal 3, an EPG that presents information on the content to be distributed now and in the future will be described.
(Electronic program guide) is also used.

Next, FIG. 4 shows an explanatory diagram of the classification of metadata. A description will be given of the contents included and the metadata classified by the information requested from the receiving terminal. (Classification of Metadata) In the present comprehensive data distribution service, the metadata 100 is data attached when the content 1 is generated as described above, and the metadata for storage 101, the metadata for EPG 102, The key distribution metadata 103 is roughly classified. The storage metadata 101 is the content 1 when the content is distributed.
The receiving terminal controls the reception, storage, viewing contract, various authentications, and the like of the content 1 using the storage metadata 101, and receives the content 1.
Is stored, the storage metadata 101 is also stored. Therefore, when searching for the stored content 1, the content 1 is searched using the storage metadata 101. The storage metadata 101 exists one-to-one with respect to the content due to the above-described properties.

The EPG metadata 102 is not directly related to the control of the content 1 being distributed, and is mainly used when displaying the EPG in the receiving terminal. It is stored in the receiving terminal irrespective of the storage, and is also used for searching for the content 1 scheduled to be distributed in the future (may also include the present), reservation for viewing and listening to the content 1, reservation for storage, and the like. Therefore, the EPG metadata 102 does not necessarily have a one-to-one relationship with the contents when the functions of the EPG, for example, when the functions such as the display and the reservation are limited by the program unit without performing the display or the reservation in the unit of the content. is not. However, in the case where a function of the EPG, such as a viewing contract or charging for each content at the time of reservation, is performed, the storage metadata 101
Content similar to that described above is required, and there is a case where the content 1 exists one-to-one. In this case, EPG metadata 10
2, the metadata for the currently distributed content 1 can be the storage metadata 101.

The key distribution metadata 103 is metadata for distributing information relating to encryption of an encryption key or the like (referred to as a content key Kk in the present invention) at the time of encrypting the content. . Key distribution metadata 103
Is possible only when the content 1 is distributed according to the operation conditions of the service, or when the content 1 is distributed before distribution of the content 1 or after distribution of the content 1 (after obtaining the content 1). An example will be described in which distribution is performed at the time of distribution. Due to the nature described above, the key distribution metadata 103 always exists on a one-to-one basis for the content 1 encrypted by the content key Kk, and does not exist for the content 1 not encrypted. In some cases. Although it can be embedded in the storage metadata 101 distributed at the time of content distribution, it is assumed in this embodiment that the content is distributed separately from the storage metadata 101. The above is the classification of the metadata in the present service. In addition to the above-described metadata, the mapping information of the content and the metadata, the contract information with the paying entity, and the like on the stream being distributed may be referred to as metadata. .

(Service Flow) FIG. 5 is a diagram for explaining the flow of the comprehensive data distribution service. Next, a service flow in the comprehensive data distribution service will be described. In this service, the service flow is roughly divided into five blocks. In the first block, a receiving terminal for receiving this service is obtained and installed 20; in the second block, an initial contract 500 for mainly receiving a paid service is made; The storage 21 is performed. In the fourth block, a viewing contract 500, which is a contract for viewing the received and stored content, is performed. In the fifth block, the content can be reproduced 22 for the first time. Here, the initial contract 500, the content reception / storage 21, and the viewing contract 600, which are the second, third, and fourth blocks, will be mainly described.

First, the initial contract 500 will be described.
In this service, there are a free service that can be received immediately after a receiving terminal is obtained, and a paid service that requires contract processing such as an initial contract. Also, when viewing content with user restrictions such as age restrictions even within free services, personal information may be required, and an initial contract may be required. The difference between free services without user restrictions, free services with user restrictions, and paid services is that free services with user restrictions and paid services require an initial contract before receiving / accumulating content. It is. In some cases, free services with user restrictions can be received and stored by directly registering personal information such as age in the receiving terminal without making an initial contract by operating this service. Initial contract 500
Means the information of the receiving terminal owned by the user on the center side,
It is to register user's personal information. The information of the receiving terminal includes the terminal ID, a service contracted for each terminal (that is, a contract for each group such as a family), a settlement method thereof, and the like. The user's personal information is the name, address, age, contracted service (channel), event (program), information on the payment method for pay broadcast viewing, such as the bank account and credit card to be specified , Settlement ability, etc. As a method of registering such information, a postcard obtained at the same time when the terminal is obtained, registration by telephone, registration on the Internet, and the like can be considered. In this service, a contract before receiving content with the center is passed by the information of the receiving terminal and the personal information as described above, and the center forms basic information for performing customer management based on the information. At the same time, the center distributes the personal authentication device generated from the information to the user, distributes the contract information to the receiving terminal owned by the user, and the receiving terminal receives the contract information, and the user receives the contract information. Restricted free services and paid services can be received. The contract information in the present service refers to information such as an encryption key necessary for receiving the content, a contracted company, a channel, a program, and the like. The distribution method can be various means such as a communication line such as a telephone line, a memory medium, and a radio wave such as a broadcast wave.
In the present embodiment, a case where distribution is performed using broadcast waves will be described as an example.

Next, the content reception / storage 21 will be described. In the present service, the content reception / storage 21 is a user who has completed the initial contract 500 in the case of a free service or a pay service with user restrictions as described above, and obtains / receives a reception terminal in the case of a free service without user restrictions. The user who has completed the installation 20 receives the requested content from the time when the user actually issues the request for receiving the content, and further stores the content that can be stored. Refers to the stage up to the point of accumulation. In the content reception / storage 21, the receiving terminal performs content acquisition processing, storage processing, and the like based on the storage metadata described above. Next, the viewing contract 600 in this service is
This is a contract for viewing the received / stored content, and license information for obtaining content reproduction permission is generated in the case of a free service or a paid service. Since the license information generated by the viewing contract is basically stored in the personal authentication device, the user who receives only the free service without user restrictions may not have the personal authentication device. The information may be stored in the receiving terminal. At 22:00 of reproduction of the content, it is determined whether or not the content can be reproduced based on the permission information or the like generated by the viewing contract, and if the reproduction is possible, the encrypted content is decrypted and reproduced, so that the user can reproduce the content. Watching becomes possible. In addition, regarding the charging for the paid service in this service, a pre-charging 700 that can be charged at the end of the initial contract and a PPV charging (PV) that charges each time the content is viewed at the time of the viewing contract or the like.
ay Per View) 701 and the like. The case of charging in advance is the case of a fixed amount billing in which a fixed fee is paid for a fixed period every month or the like from a bank account or the like registered when the initial contract is made, and the case of PPV charging is when a viewing contract is made. As in the case of pre-charging, this is a case of pay-as-you-go charging in which a fee is paid only for viewing from the bank account with which the initial contract was made.
The above is the major flow of this service.

Next, details of each block will be described. (Information Owned When Obtaining Terminal) FIG. 6 is an explanatory diagram of information owned by the center side and the receiving side before the initial contract. First,
The information owned by the center 10 and the receiving terminal 3 at the time of terminal acquisition / installation 20 which is the first block will be described.
In this service, the center side 10 corresponds to a terminal ID 503 unique to each terminal allocated at the time of manufacturing the receiving terminal 3, a terminal key Kmc 504 corresponding to the terminal ID 503, a business entity ID 505 unique to a business entity providing a pay service, and the like. A business entity key Kw 506, a system ID 501 unique to the system, and a corresponding system key Ksm 502 are managed, and the terminal ID, terminal key Kmc, system ID, and system key Ksm managed by the center 10 are embedded. Receiving terminal 3
Hand to the user. Therefore, when the user
The information owned at the time of installation and installation is a terminal ID and a terminal key Kmc that are different for each receiving terminal 3 managed by the center 10, and a system ID and a system key Ksm common to all the receiving terminals 3.
Therefore, the reception of the free service without the user restriction without performing the initial contract is performed based on such information. Also, an initial contract for receiving a free service and a paid service with user restrictions is similarly made based on these information.
In addition to the above information, the center side 10 has a unique content ID assigned to the content when the content is completed, a content key Kk used as a key for encrypting the content, and metadata attached to the content. It also manages the metadata ID and so on.

(Encryption form of each data) FIG. 7 is an explanatory diagram of the encryption form of each data. Next, an encryption form of content and metadata encrypted by information managed by the center side will be described. Content in this service is encrypted by a content key Kk 509 similarly managed on the center side regardless of whether or not there is a fee-free and user restriction. Therefore, the free content 507 and the pay content 508 are similarly encrypted with the content key Kk509. However, basically, the value of the content key Kk509 differs depending on the content, but the same key can be used depending on the operation. Similarly, the storage metadata 101 existing one-to-one with respect to the content is also stored in the content key Kk50.
9 encrypted. Content key Kk5 used at this time
The value of 09 is a content key Kk for encrypting the content.
The same value as 509 is used (although a different second content key Kk may be used, this embodiment describes the same value).

Next, encryption of the key distribution metadata 103 for storing and distributing the content and the content key Kk used for encrypting the storage metadata and the key information will be described. In this service, the key distribution metadata 103 has different information depending on whether an initial contract is made on the receiving terminal side and when the initial contract is not made. In the case of a paid service that can be viewed only by a user who has contracted with the body, the key used for encryption is different. The key distribution metadata for distributing the content key Kk used when encrypting the free content, which is a free service, was used when encrypting the free content key distribution metadata 104 and the paid content. The key distribution metadata for distributing the content key Kk is converted to the pay content key distribution metadata 1
05 is explained. The free content key distribution metadata 104 is a system common to all terminals because of the property that anyone who owns the receiving terminal can receive, store, and view the content unless there is a user restriction. The encryption is performed by the key Ksm 502, while the paid content key distribution metadata 105 is received and stored only by the user who has contracted with the business entity. Do. The EPG may also have some restrictions on the detailed information of programs with age restrictions for the user who owns the receiving terminal, but in general, because anyone can view, the EPG metadata 102 The receiving terminal performs encryption using the common system key Ksm502. The above is the metadata and content encryption form in this service.

(Decoding Process of EPG Metadata in Receiving Terminal) FIG. 8 is an explanatory diagram of the decoding process of EPG metadata. Next, an EP from which the user makes a viewing request for viewing the content, and makes a reservation for receiving and storing the content.
The decoding process of the receiving terminal when receiving the EPG metadata 102 for generating G will be described. As described above, since the EPG metadata 102 is encrypted with the system key Ksm 502 common to all the receiving terminals, the EPG metadata 102 is previously held in the key table even in the receiving terminal of the user who does not make an initial contract. It is possible to decrypt the data by using the information of the system key Ksm502. On the receiving terminal 3 side, first, the received EPG metadata 102 is copied, one is stored in the storage medium 4 without decrypting, and the other is stored in the key table 4.
The EPG application 301 for generating the EPG and the EPG application 301 for generating the EPG and the processing in the receiving terminal for sequentially decoding the EPG metadata 106 and generating the EPG are performed by the system key Ksm 502 stored in the EPG 02. It is used in the EPG table 302 for speeding up, the schedule management 303 for managing a schedule for actually performing reception / storage reservation from the EPG, and the like. Decrypted in this service
Since the EPG metadata 106 is discarded after use, the EPG metadata is not re-encrypted in the receiving terminal. When reusing it, it is copied from the stored EPG metadata and used similarly.

(Receive / accumulate sequence of free service)
FIG. 9 shows an explanatory diagram of the free sequence. Next, the third, fourth, and fifth blocks in the service flow, ie, reception / storage of content, a viewing contract, and reproduction of content will be described as an example of a free service. The reception / storage of contents in this service basically occurs according to the user's reception / storage request. Therefore, content reception and storage operations are performed by directly selecting a channel with a remote controller, selecting content to be viewed or reserved from the above-described EPG or the like, and registering the content in a receiving terminal. When the receiving terminal receives the content reception request, the receiving terminal first receives the storage metadata and then the key distribution metadata 23, and receives the content according to the content.
Controls the accumulation operation. The receiving terminal that has received the storage metadata determines whether the broadcast is a free broadcast or a pay broadcast based on the content thereof, and changes the process to the pay sequence 31 if the broadcast is a pay broadcast. In the case of a free broadcast, the received key distribution metadata is decrypted by the system key Ksm 502 in the key table 25, and the content key Kk stored in the key distribution metadata is obtained. The table is stored 26 together with the content ID and the like. Next, the received storage metadata is copied in the same manner as the EPG metadata, and the encrypted part of the copied storage metadata is decrypted with the stored content key Kk 27, and the contents of the storage metadata and the user request Then, the content reception / storage determination is performed using the above-mentioned method 28. When performing storage, the encrypted storage metadata and the encrypted content are stored in a storage medium 32, and then, when a user's viewing request occurs, the storage metadata is copied again. Then, the copied storage content is decrypted and the viewing contract process 29 is performed. When performing real-time viewing, the viewing contract processing 29 is performed using the decrypted storage metadata. In the viewing contract process, it is first determined whether or not there is a user restriction 35 such as an age restriction based on the contents of the decrypted storage metadata. Here, if there is a user restriction, it is determined whether the data is within the restricted range or out of the restricted range based on the personal information in the personal authentication device or the personal information in the profile or the like. If there is no user restriction or if it is within the restriction range, permission information for viewing (using) the content is generated from the storage metadata and the corresponding content key Kk in the key table and stored in the personal authentication device 34. . In the case of a user who does not have a personal authentication device, this permission information may be stored in a profile or the like in the receiving terminal. When playing content,
Based on the permission information, it is determined whether or not the content can be reproduced, and the encrypted content is decrypted using the content key Kk and the content is reproduced. Through the above processing, the user can view the free content.

(Registration Information on Center Side at Initial Contract) FIG. 10 is an explanatory diagram of information owned by the center side based on the initial contract registration information. Next, information to be registered on the center side when an initial contract such as a pay broadcast is required (this service is referred to as initial contract registration information in this service) will be described. The information owned by the center 10 and the receiving terminal 3 before the initial contract is as described above. If the user does not register anything in the center 10, the center 10 has the terminal ID 503 and the terminal key Kmc which user is owned. It is not possible to judge whether or not it is distributed to the customer, so customer management is not possible. Thus, the initial contract registration information 601 registered by the user at the time of the initial contract is information for enabling customer management on the center side. The specific initial contract registration information 601 includes the terminal ID 503 owned by the user, the name, address, telephone number of the group using the terminal, a bank account as a payment destination when pay broadcasting is used, and group information 602 such as a payment method. , The personal name, age (birth date),
Address, telephone number, personal information 603 such as bank account, settlement method, settlement ability, etc. at the time of use of pay broadcasting, initial contract information 604, 605, etc. for business entities, channels, programs, etc. contracted by groups and individuals It is. The group information may represent a user of the terminal.

On the center side 10, based on these initial contract registration information 601, which terminal ID 503 is owned by which group (family), which user uses the terminal, and which business entity (business) Body ID 50
It is possible to determine whether or not to subscribe to the service 5), so that customer management can be performed. As a result, the center side 10 generates a personal ID 201 and a personal key Km202 for each user, and owns the terminal ID 503 and the terminal key Kmc 504 that have been owned before the initial contract.
Is associated with the group information 602 obtained from the initial contract registration information 601, the initial contract information 604 of the group, and the generated personal ID 201, the personal key Km202, the personal information 603, and the initial contract information 605 for each user. In addition, personal ID 20 assigned to each user
1. Personal authentication device 200 storing personal key Km202
Generate and pass to each user. When transferring the personal authentication device 200 to the user, the initial contract information 60
4, 605 contract information (contracted entity ID, contracted entity key Kw, tier /
Although a contract code such as a flat code is referred to as contract information) can be stored in advance, a case where the personal authentication device 200 is delivered to the user and then delivered by radio waves will be described in consideration of a case where the contract is updated.

(Distribution of Contract Information from Center) FIG. 11
FIG. 3 shows an explanatory diagram of the contract information distributed by the center side. Next, the contract information 630 generated from the initial contract registration information 601 from the user will be described. The contract information 630 includes a business entity ID 505, a business entity key Kw 506, a contract code such as a tier / flat, etc. of the business entity with which the user has contracted. Perform necessary content reception. Therefore, since the contract information 630 differs for each contracted user and for each group, there are two types of information for the group and information for the user. In this service, the terminal I is included in the contract information 630 distributed on the center side.
When only D503 is specified, the contract information is for the group. When the personal ID 201 is specified in addition to the terminal ID, the contract information is for each user. for that reason,
The receiving terminal 3 selects information based on the terminal ID and the personal ID, receives only the corresponding contract information 630, stores it in a necessary part in the receiving terminal 3, and stores the personal authentication device 200 in the receiving terminal 3. To update the corresponding part of the personal authentication device 200.

FIG. 12 is a diagram for explaining the process of decrypting the contract information in the receiving terminal, and FIG.
FIG. 2 shows a detailed explanatory view of a personal authentication device. Next, processing in the receiver when acquiring the contract information and details of the contract information will be described. In this service, the terminal ID 50
When only the terminal ID 503 and the personal ID 201 are specified, the contract information for the individual is designated.
Numeral 30 encrypts information such as a contracted entity ID 505, an entity key Kw506, and a contract code that need to be encrypted with a terminal key Kmc504, which is basically different for each terminal without distinction between information for a group and information for an individual, on the center side. To deliver. The receiving terminal 3 determines whether the contract information is addressed to itself based on the terminal ID 503, the personal ID 201, etc. as described above, and receives the contract information if addressed to itself. The received contract information is decrypted by the terminal key Kmc 504 stored in the key table 402 in advance, and necessary information is stored in the key table 402, the profile 403, and the like. In this service, the business entity key Kw 506 and the like are stored in the key table 402 together with the business entity ID, and the profile 403 is described in the description area for the terminal ID if the information is for a group, and the personal ID 201 if the information is for an individual. The contract information 606 such as the business entity ID and the contract code is stored in the description area for. When the personal authentication device 200 is inserted into the receiving terminal, the key table 40
2 and the contract information 606 such as the contract ID and contract code from the profile 403 are copied to the personal authentication device 200.

The center side also changes or cancels the contracted service based on the contract information.
Similarly, when Kw 506 is updated, it is distributed based on the contract information. When the EPG metadata is encrypted with the entity key Kw unique to the entity by operating this service, two types of contract information are generated, and one is used for all entity IDs and entity keys Kw. Store and encrypt necessary parts with the system key Ksm and distribute it to all receiving terminals, and store the actual contracted entity ID and contract code etc. in the other contract information and store it for each terminal and each user By encrypting and distributing with the key Kmc, it is possible to perform limited reception by using a contracted company ID, contract code, and the like.

(Information Owned by Receiving Terminal After Initial Contract) FIG. 13 shows contract information and a detailed explanatory diagram of the personal authentication device, and FIG. 14 shows contract information and a detailed explanatory diagram of the personal authentication device. Next, information owned by the receiving terminal when the contract information is received and the initial contract is completed will be described. First, as information in the personal authentication device 200,
The personal key Km202, personal ID 201,
Personal data 607 such as an individual's name and age, contract information 606 for each individual, and the like are stored, and data that needs to be protected, such as an individual ID, personal data, and contract information, are encrypted with a personal key Km. Next, information in the receiving terminal will be described with reference to FIG. In the profile 403 in the receiving terminal, the group contract information 604,
The personal ID 201 read from the personal authentication device is associated with the contract ID 605 of the individual. On the other hand, in the key table 402, in addition to the system ID 501, the system key Ksm 502, the terminal ID 503, and the terminal key Kmc 504 which are embedded in advance, the ID 505 and the business entity key Kw 506 of the contracted entity are added. Also, information such as a content key Kk 509 for the content ID 510 when the viewing contract for the free content has already been made, and a gift ID 530 corresponding to the gift key Kg 531 when the content is presented to a third party by this service. Also have. In this service, a paid service is received based on the above information.

(Pay service reception / storage sequence)
FIG. 15 shows an explanatory diagram of the pay sequence. Next, the above-mentioned free service content reception / storage, viewing contract,
A sequence in a paid service for content reproduction, here, a sequence after an initial contract will be described. As with the free sequence, the paid sequence starts with a user's request to receive content. Upon receiving a content reception request, the receiving terminal first receives storage metadata and then key distribution metadata 23, and controls the content reception and storage operations based on the content. The receiving terminal that has received the storage metadata determines whether the broadcast is a free broadcast or a pay broadcast based on the content of the metadata 24. In the case of a pay broadcast, the conditional access determination 38 is performed using the storage metadata and the key distribution metadata. In the conditional access determination, the business entity ID and contract code stored in the metadata are compared with the business entity ID and contract code stored in the profile in the receiving terminal. Here, if the user of the receiving terminal does not have a contract, the content is not received 39, and if the user has a contract, the key distribution is performed based on the business entity ID from the key table in the receiving terminal. A business key Kw 506, which is an encryption key applied to the metadata for use, is derived, the metadata for key distribution is decrypted 25, and the content key Kk 509 embedded in the metadata for key distribution is stored in the key table together with the ID of the content 26. . Next, the received storage metadata is duplicated in the same manner as the EPG metadata, and the encrypted part of the duplicated storage metadata is decrypted with the acquired content key Kk 27, and the contents of the storage metadata and the user request Then, the content reception / storage determination is performed using the above (28). When performing storage, the encrypted storage metadata and the encrypted content are stored in a storage medium 32, and then, when a user's viewing request is issued, the storage metadata is copied again. Then, the copied storage content is decrypted and the viewing contract process 29 is performed. In the case of real-time viewing, the viewing contract processing 29 is performed using the decrypted storage metadata.
I do. In the viewing contract processing 29, first, it is determined whether or not there is a user restriction 35 such as an age restriction based on the contents of the decrypted storage metadata. If so, the determination is made based on personal information in the personal authentication device or personal information in the profile. If it is outside the limit range, the reproduction is rejected 37. If there is no user restriction or if it is within the restriction range, permission information for viewing (using) the content is generated from the storage metadata and the corresponding content key Kk in the key table and stored in the personal authentication device 34. When reproducing the content, it is determined whether or not the content can be reproduced based on the permission information, and the encrypted content is decrypted using the content key Kk, and the content is reproduced. Through the above processing, the user can also view paid contents.

(Viewing Contract Process) FIG. 16 is an explanatory diagram of the viewing contract process. Next, the details of the viewing contract process will be described. The viewing contract process is performed when the user determines the content to be viewed from a screen such as search or EPG. The same applies to the case where a channel is directly specified by a remote controller or the like. When the user decides the content to be viewed, if the user needs to do the contract for the paid content, the receiving terminal presents the information on the contract on the TV screen etc. from the corresponding storage metadata and confirms the user's intention to contract I do. If the user's will is not required for a contract such as a free broadcast, or if the user's will is determined at the time of the initial contract even for paid broadcasting, it is processed in the receiving terminal without presenting it on the screen Although there are cases, a case of pay broadcasting in which a user's will is required for a contract will be described as an example. The receiving terminal displays the purchase type contract 10 on the contract screen 40.
8. If there are a plurality of contract forms such as the rental type contract 109, the plurality of contract forms are presented from the storage metadata 101, and the user selects a contract form. If the user determines the contract form, the receiving terminal generates license information 608 for the content. The license information 608 in the present service includes information on contracts in the metadata for storage, content information 107 such as titles and contents of contents used for searching for contract contents in the personal authentication device, and corresponding information in the key table. Content key
It is generated from Kk509 or the like. At this time, if there is a user restriction such as an age restriction in the storage metadata, the personal authentication device or the personal information 609 registered in the profile in the receiving terminal determines whether a contract is possible. Will be Here, as an example, since it is assumed that the user has selected the rental type of contract form, the corresponding contract pattern 2_109 portion and the content information 107 are extracted from the information on the contract in the storage metadata 101, and The license information 608 is generated from the content ID 510 of the corresponding content in the key table and the content key Kk509. The generated permission information 603 is basically stored in the personal authentication device 200. However, in the case of a free service receiving user who does not make an initial contract, it may be stored in a profile in the receiving terminal. Also, in the case of a free service receiving user who does not make an initial contract due to operation, this license information 608 is not needed and is discarded, and the license information 608 is generated every time the content is viewed and temporarily stored in the memory of the receiving terminal. It is also conceivable to save. When the license information 608 generated in the receiving terminal is stored in the personal authentication device 200, the license information is stored by a secure transmission path. At this time, the license information 608 is encrypted by a personal key Km which is a key different for each individual. Be transformed into When reproducing the content, the receiving terminal determines from the permission information 608 whether the viewing right (use right) for the user's content is valid, and decrypts and reproduces the content using the stored content key Kk.

(Charging) Next, charging in this service will be described. As described above, there are roughly two types of charging: advance charging and PPV charging. Advance billing basically pays a fixed fee for a certain period of time, such as monthly, so it has nothing to do with content viewing.On the other hand, in the case of PPV billing, it is a pay-as-you-go billing that depends on the number of viewing content, the number of views, etc. is there. Therefore, in advance billing, regardless of the viewing amount, the fee can be paid from the bank account etc. registered at the time of the initial contract, but the PPV billing, which is a pay-as-you-go system, is generally information on how much you watched to the center side. Therefore, a return path using a ground line or the like is required from the receiving terminal to the center side. However, in the present comprehensive data distribution service, in consideration of a case where a return path such as a ground line is not connected to the receiving terminal, a charging method when the ground line is not connected and a charging method when the ground line is connected can be selected.

FIG. 17 is a diagram for explaining a charging method when there is no return path. First, a charging method when there is no return path will be described. An initial contract is made at the time of obtaining the terminal, and the contract is made using information such as a bank account and credit card information registered at the center. In this service, as a contract method, as shown in the contract information 517 at the time of the initial contract, paying 3000 yen for a certain period such as a monthly contract, the pay broadcast of the business (business A in this example) In addition to a contract for pre-charging that allows viewing of paid broadcasts for which contracts such as tiers / flats or the like have been made available, or a pay-per-view contract for which a program has been contracted, as well as business entity B and business entity C 2 for a certain period such as a monthly contract
It is possible to purchase a certain number of points by paying 000 yen and 4000 yen, and to enable a contract method for viewing and listening within the range of the points. The former contract method is a contract method for advance charging, and the latter contract method is a PPV charging method when a return path such as a terrestrial line is not used.
In the case of advance billing, the contracted entity ID, entity key Kw, contract code, etc. may be delivered as the contract information described above,
In the case of the PPV charging method, the point information 512 is added to the contract information described above and distributed. As with the contract information, the point information 512 includes a group contract point 515 and an individual contract point 516. If the group information is a group contract point, the point information 512 is stored in the group (terminal) information 514 portion of the profile in the receiving terminal. 516
If it is, it is stored in the personal information 609 of the personal authentication device 200 via the profile of the receiving terminal. The point reduction by the viewing contract for each content such as viewing and storage of the content is performed by the information in the metadata 100 (in this example,
"-1 point" for rental and "-" for purchase
Point control 513 in the receiving terminal by “3 points”)
It is performed by In this service, if the number of points purchased due to a monthly contract or the like is left, etc., it can be carried over to the next month and added to the number of points distributed again in that month. In addition, there is a case where all points are deleted at the time of renewal by the service and are set again as points in the contract unit.
This makes it possible to define services that do not carry over points. When the points are carried over, the upper limit of the number of points that can be carried over can be set. On the other hand, if all points are used up and additional points are requested, the point information will be distributed again via satellite by making an additional contract by making inquiries by telephone to the center, applying via the Internet, applying through mobile phones, etc. Is also possible. As described above, the present integrated data distribution service implements PPV charging, which is a metered charging that does not use a return path.

(Charging Method with Return Path) FIG. 18 is a view for explaining a charging method with a return path. Next, a charging method when there is a return path will be described. If you have a return pass,
In addition to the charging method when there is no return pass, the following is performed. The number of points is added on the TV monitor, and the contract information is recognized by the center-side customer management 511 via the terrestrial line.
4 is the group billing history 521, if it is a point related to an individual contract, the license information 60 in the personal authentication device 200
8 or personal information 609, and is temporarily stored as a personal billing history 522, and the history is collected in the receiving terminal by the call information 518 sent from the center every fixed period, and 520,
By using the terrestrial line 13 or the like by the calling control 519 function and transferring it to the customer management on the center side, it becomes possible to pay from a bank account or the like registered in the initial contract. It is also possible to provide a service that combines PPV billing, which is a charge for each time a content viewing contract is made, with advance billing, which is a payment only for the basic contract. A service is also possible in which viewing contract information is sent to the user and the content is viewed after the contract is confirmed. It is also possible to perform PPV charging for each viewing without any pre-charging, or to perform charging processing by connecting a personal authentication device to a public terminal that has a communication path with a center installed in a convenience store or the like. It is.
Further, when the personal authentication device 200 is equipped with a function such as electronic money, it is possible to settle the above points as a fee.

(Method of Updating System Key) FIG. 19 is a diagram for explaining a method of updating the system key. Next, a key updating method when the system key Ksm 502 previously embedded in the key table in the receiving terminal in this service needs to be updated periodically or due to security degeneration or the like will be described. In this service, two types of system keys Ksm1_523 and Ksm2_524 are stored in a key table in the receiving terminal in advance, and only one key is used at all times during operation, and a change request is issued when a system key change request 526 occurs. Key, that is, the key used in operation, in this example, Ksm1_5
Change 23. When changing, the change information 110 for changing the system key is generated from the center 10 and distributed to all the receiving terminals. In the change information 110, the ID of the system key Ksm1_523 which is the ID of the system key to be changed, the ID of the system key to be newly changed and the system key Ksm3_525 which is the key itself, the ID of the key actually used for operation, and the operation start Date and time, ID of key to encrypt change information 110
Etc. are stored. Since the change information 110 is distributed to all the receiving terminals, the encryption is encrypted and distributed by the system key Ksm2_524 which is not operated at the time of the change owned by all the receiving terminals. The receiving terminal 3 transmits the encrypted change information 1
10 is received and decrypted with the system key Ksm2_524 in the key table so that the change information can be understood and the system key Ksm1_523 requested to be changed is replaced with the new system key Ks.
This can be changed to m3_525. However, there may be three types of system key Ksm depending on the change timing. The above is the method of updating the system key Ksm in the present service.

(When contents are taken out to an external device)
FIG. 20 is an explanatory diagram of a method of reproducing content on an external device. Next, a case where the content 1 which is one of the features of this service is reproduced by the external device 15 will be described. When the content is reproduced on the external device 15 in the present service, basically, the removable medium 5 and the personal authentication device 200 are set as described above.
In the case of copying, the encrypted content 1 and the corresponding storage metadata 101 are copied to the removable medium 5 while being encrypted, and in the case of transfer, the encrypted content 1 and the corresponding storage metadata 101 are copied. It is extracted from the storage medium in the receiving terminal and stored in the removable medium 5. When the reproduction is performed by the external device 15 irrespective of copying or moving, once the viewing contract is made in the receiving terminal, the license information 608 is generated for the personal authentication device 200. The viewing right of the removable medium 5 is determined based on the permission information 608, and the storage metadata 501 and the encrypted content 1 are decrypted using the content key Kk 509 stored in the permission information 608, thereby enabling reproduction of the content. In addition, if the operation of this service restricts the number of copies, etc., of the content, it is possible to store the information about the number of copies after decrypting the storage metadata during the viewing contract processing and encrypt the storage metadata. Make it possible. Also, the storage metadata does not store information such as the number of copies, the copy validity period, and the target user, but instead defines new removable media information and encrypts the removable media information with a content key or the like. Operation without re-encryption of data is also possible.

(Transfer of Viewing Rights) FIG. 21 is an explanatory diagram in the case of moving the viewing rights to another receiving terminal. Next, a case will be described in which only the personal authentication device 200 is taken out to another receiving terminal 3 to view the service of a business entity that has a contract. When viewing the service of the contracted entity at another receiving terminal 3, the profile 403 and the key table in the other receiving terminal 3 may not include the information of the contracted entity in some cases. It is necessary to insert the personal authentication device 200 in which the contract information is stored and to build an environment used by the user on the other receiving terminal 3. The destination of the contract information is called a guest profile 421. On the other hand, the destination of the information in the personal authentication device on the owning receiving terminal is called a personal profile 420. The guest profile 421 is configured to be able to download information of the multiple personal authentication device 200. Guest profile 421 contains personal authentication device 20
By downloading the contract information in 0, the contract operator ID,
The receiving terminal can recognize the operator key Kw, the contract code, and the like, and the service of the contracted entity can be received.

When the personal authentication device 200 is further inserted into another receiving terminal while the contract information is being downloaded to the guest profile 421 of the other receiving terminal 3, the viewing right is invalidated, and the contract information for the guest profile is deleted. In the personal authentication device 200, information 620 for determining the state of the contract information is defined (this information is referred to as an activation flag 620 in this service), and the contract information is downloaded to the guest profile or the like. In the state, the contract information in the personal authentication device 200 can be invalidated. In this case, when validating the contract information, the personal authentication device 200 is inserted again into the receiving terminal that has collected the contract information in the guest profile, and the information on the guest profile is invalidated. Re-enable. The activation flag 620 of the contract information in the personal authentication device 200 can be specified for each business entity and for all contract information. As a result, the service enables flexible movement of the rights-protected viewing right.

(Structure in Receiving Terminal) FIG. 22 is a diagram showing the structure in the receiving terminal. Hereinafter, a configuration in the receiving terminal for receiving the service will be described. The receiving terminal of this service receives an RMP module that reproduces content by the copyright protection system in order to receive BS digital broadcasts, etc. in addition to broadcasting by the copyright protection system, and a conditional access system that reproduces contents such as BS digital broadcasts Function (CAS)
Divided into modules 408. In this example, the RMP module is a module 1_411 that further analyzes metadata and the like.
And a module 2_412 for reproducing the encrypted content. However, both the RMP module and the CAS module receive the radio wave by the antenna 2, extract the signal by the tuner 405, pass through the descrambler 407, and in the demux (DEMUX, separation unit) 406, either the RMP type content or the CAS type content And determine if
TS (Transport stream), which is a necessary data group
The same processing is performed until is extracted. In Demax 406, it is determined from the PSI / SI or the like whether it is an RMP type or a CAS type.

In the case of the CAS type, data is transferred to the CAS module 408. At this time, if the content is CAS-type encrypted, the key used for encryption is passed from the CAS module to the CAS-type descrambler 407 to decrypt the content, and the module 408
Hand over to In the module 2_412 of the RMP module, the content is reproduced by the function of the decoder 417, and the NTSC
The data is converted into a data format that can be actually passed to the TV 9 or the like by an encoder function such as an encoder and output. In this example, the decoding function of the module 2_412 is used, but a configuration in which a decoder is separately prepared is also possible. Meanwhile RMP
If the broadcast is of the type, the demux 407 passes data to the RMP module. Demax 40 is used for the first module of the RMP module, module 1_411.
6 has a function of performing metadata analysis processing 414 associated with the metadata in the data received from 6 and passing license information to the personal authentication device 200. Also, in the module 2 _ 412, which is the second module of the RMP module, a function of actually reproducing as a TV format using the content key information passed from the module 1 _ 411, the storage medium, or the encrypted content passed directly from the demux 406. have.

First, the function of the module 1_411 will be described. A module 1_411 temporarily stores and copies encrypted metadata, a key table for storing content keys, terminal keys, and the like, a profile memory for storing contract information and the like, and a desk for decrypting the copied metadata. A rambler (metadata decoding) 413, a metadata analysis function 414 for analyzing the decoded metadata,
Security I / F, metadata, etc. for generating a secure transmission path for transmitting and receiving data required for generating the license information between the personal authentication devices 200 and transferring the content key to the module 2 It has a plurality of functions such as a scrambler (encryption of permission information and the like) 415 for encrypting permission information and the like generated from the storage medium I / F 416 for passing encrypted metadata and the like to the storage medium 4. The module 2_412 has a security I / F for generating a secure transmission path together with the security I / F of the module 1_411 when receiving the content key from the module 1_411, and a storage medium I for receiving the encrypted content from the storage medium. / F, a descrambler (content decryption) 418 for decrypting the received encrypted content, a secure memory for temporarily storing the decrypted content, a key passed from the module 1_411, and a playback memory for reproducing the decrypted content A plurality of functions such as a decoder 417 and a graphic function 419 are provided. Module 2 descrambler, decoder,
Since the digital contents after decoding move between the graphic functions, the signal lines for transferring the contents between the functions are not touched from the outside, that is, the configuration is physically protected in order to maintain security. A memory for temporarily storing the decrypted content key and the like in the module 2; a key table in the module 1_411;
A memory for storing a profile or the like is also a secure memory that is physically protected for the same reason. In this example, module 1_411, module 2_
A group of security-protected functions such as 412 is called a tamper resist module 422. In addition, the receiving terminal stores encrypted metadata, encrypted content, and the like, and stores a storage medium, a personal authentication device, and a removable medium for transferring encrypted metadata, encrypted content, and the like between the module 1_411 and the module 2_412. It has a CPU, a work memory, etc. related to each processing in the receiving terminal. The personal authentication device has a memory for storing security I / F, permission information, personal information, personal keys, and the like for transferring data requiring protection between the modules 1. The memory for storing the personal key is a secure memory with physically protected security. With the receiving terminal having the above-described configuration, the present comprehensive data distribution service can reproduce a content protected by copyright or the like.

(Functional Block in Receiving Terminal) Next, a functional block in the receiving terminal will be described as an example of a processing procedure. FIG. 23 is a functional block diagram of the receiving terminal, and FIG.
FIG. 4 is a functional block diagram showing the inside of the receiving terminal in two dimensions. FIG. 46 shows the description of each function in the functional blocks shown in these figures. The abbreviations are shown in parentheses in the item columns in the figure. The position resolution function (LR) indicates a function of reading locator information. Locator information is information necessary to obtain various types of information, and air (wireless communication)
And information for obtaining data stored in a storage medium such as an HDD. Hereinafter, the locator distribution, relative,
Shows absolute meaning. The locator (distribution) is information for receiving data to be distributed on the air. A locator (relative) is information created by a broadcasting organization to classify data such as the name of the broadcasting organization and the broadcast date and time.
Or when storing on removable media.
The locator (absolute) is information indicating a storage location of data actually stored on the HDD or the removable medium using information such as a locator (relative).

The processing conditions in the functional blocks of FIGS. 23 and 24 are shown below.・ Encryption and decryption of contents and metadata are performed by the content protection function (SCP). ・ Exception is to encrypt and decrypt information by using the privacy protection function (SPP) only when storing viewing contract information and stored information in security modules and removable media. Perform decryption-Only the content protection function (SCP) can perform processing such as opening the metadata file and extract and process the stored information.-The content protection function (SCP) is a secure area. -The decoder is equipped with the content protection function (SCP) and conditional access system function (CAS).-The content presentation function (CP) is a display function such as a browser. SCP) ・ Content protection function (SCP) has the function of search application such as fuzzy search Do not have

FIG. 25 shows a three-dimensional representation of the functional block diagram of FIG. The conditions at that time are shown below. -Content protection function (SCP) Equipped with content presentation function (CP) such as browser on chip-Conditional access method function (CAS) and content protection function (SC)
P) is physically separated (this makes it possible to delete the conditional access system function (CAS)) ・ The content protection function (SCP) and privacy protection function (SPP) are physically one chip (content protection function) (SC
(P) and the privacy protection function (SPP) transmission path are secure) ・ Privacy protection function (SPP) and security module (Security Module) transmission path are secure ・ Content protection function (SCP) (Decoder) and content presentation function (CP) is the same chip (content protection function (SC
(P) and the content presentation function (CP) are secure. ・ Conditional reception method function (CAS) and content presentation function (C)
P) is a separate chip (the transmission path of conditional access system function (CAS) and content presentation function (CP) is not secure) ・ Search function (SN) (application) is local storage (Local Storage) (limited to HDD) Storage ・ There is an area in the HDD that can be touched directly without going through the content protection function (SCP).

(Processing Procedure) In the functional block diagrams of the receiving terminal shown in FIGS. 23, 24 and 25, a specific processing example will be described below. In particular, the following describes the storage viewing by EPG reservation, real-time viewing, storage of the content once stored in the HDD in the removable medium, and acquisition of the content from the removable medium. FIGS. 26 to 45 show examples of processing procedures in each case.
CR which is ID of contents, metadata, key metadata, etc.
The locator information indicating the ID and its position is shown in FIGS.
4 and the process description is shown in FIGS. The CRID is an ID that is unique for each content. The meaning described in the processing of the table of the CRID and the locator in FIG. 47 to FIG.
, Requesting locator information registered with the Location Resolution Function (LR),
“(Delivery)” is to transfer various information, and “(Response)” is to return the information of the requested CRID. In the correspondence between the figure and the table, the numbers in the U-mark in the figure correspond to the table of the CRID and the locator, and the numbers correspond to the table of the processing explanation. "(E)" in the text or in the figure indicates that it is encrypted.

(Storage Viewing by EPG Reservation) An example of a processing procedure of storage viewing by EPG reservation will be described below. The processing procedure is roughly divided into EPG reservation, reception accumulation, search, and viewing contract.

(EPG Reservation) FIGS. 26 to 29 show explanatory diagrams of EPG reservation processes 1 to 4 for storage and viewing in the copyright protection system. FIG. 47 shows an explanatory view (1) of the locator. First, EPG metadata (E) is delivered from the CC / broadcaster (CSP). The receiving function (DR) receives all the distributed EPG metadata (E). EP received
All G metadata (E) is passed to the content protection function (SCP). The EPG metadata (E) is a content protection function (SCP) 801 which performs a copy process, a process of decoding the copied EPG metadata, and a process of extracting information from the EPG metadata and storing the information in the EPG table 801. Then decrypted
Register the CRIDs and locators (relative) of all EPG metadata and locators (distribution) of all metadata lists written in the EPG metadata in the location resolution function (LR). Then, the CRI of EPG metadata is added to the location resolution function (LR).
Deliver D to get a locator (relative). Content Protection Function (SCP) is EP to Storage Medium Control Function (LSM)
The G table is transferred, and the storage medium control function (LSM) stores the EPG table in an area determined by the receiving terminal in the storage medium (LS). After that, the EPG metadata CRID, locator (relative), and EPG metadata (E) are passed to the storage medium control function (LSM), and the storage medium control function (LSM)
The EPG metadata is stored in the storage medium (LS) by referring to the locator information of the metadata. After storing, the storage medium control function (LSM) passes the locator (absolute) and the CRID storing the EPG metadata to the content protection function (SCP),
The content protection function (SCP) registers with the location resolution function (LR).

When the user presses the EPG button or the like when the user wants to view the EPG or wants to make a scheduled recording by the EPG, the information that the EPG button is pressed from the user interface function (UI) to the search function (SN) is displayed. Is passed, and the EPG application starts up (802). When the EPG application starts up, the search function (SN) requests the content protection function (SCP) for the EPG table,
Content protection function (SCP) is storage medium control function (LSM)
Requests the EPG table. The EPG table stored in the area defined for each receiving terminal is copied by the storage medium control function (LSM) and passed to the content protection function (SCP), and the search function (SN) is used for the content protection function (SCP). ) Requests personal information, and the content protection function (SCP) requests personal information from the privacy protection function (SPP). The privacy protection function (SPP) requested for the personal information transfers the personal information (E) to the content protection function (SCP). The content protection function (SCP) that has received the personal information decrypts the information, filters the previously received EPG table for the individual using the personal information 803, and passes it to the search function (SN). Then, the filtered search table is further subjected to filtering processing such as not being able to accumulate in the accumulation schedule information in a time zone already reserved for accumulation, etc. 804. Thereafter, the search function (SN) passes the filtered EPG table to the content protection function (SCP), and the content protection function (SCP) passes it to the content presentation function (CP). The content presentation function (CP) uses the information in the filtered EPG table to provide the user with an EPG of radio / TV column images.
805 to be displayed.

When the user who has viewed the EPG of the radio / TV column image receives a request for detailed information from a user who requests detailed information of a certain content group, the user interface function (UI) sends a detailed request to the search function (SN). An information request instruction is passed. The search function (SN) obtains, from the EPG table, the CRID of the EPG metadata in which information of the content group for which the user has requested detailed information is entered, and instructs the content protection function (SCP) to request the EPG metadata. Put out. Content protection function (SCP) is requested E
Pass the CRID of the PG metadata to the location resolution function (LR),
The position resolution function (LR) returns a locator (absolute). The content protection function (SCP), which has received the locator (absolute) of the EPG metadata requested from the search function (SN) from the position resolution function (LR), provides the storage medium control function (L
Passes the EPG metadata CRID and locator (absolute) to the SM) and issues a request instruction for the EPG metadata. Upon receiving the request instruction, the storage medium control function (LSM) retrieves the requested EPG metadata from the LS based on the CRID and the locator (absolute) information, copies it, and provides the content protection function (SCP)
Hand over to Then, the content protection function (SCP) that has received the EPG metadata (E) performs decryption processing.
06. Thereafter, the search function (SN) issues a detailed EPG display request instruction to the content protection function (SCP), and the detailed EPG is displayed.
Upon receiving the display request instruction, the content protection function (SCP) extracts necessary information from the decrypted EPG meta and passes it to the content presentation function (CP). The content presentation function (CP) displays the detailed information of the content group designated by the user based on the received detailed EPG information 807. Upon receiving the detailed information, the user selects the stored content, and upon receiving the information, the stored content determination instruction is passed from the user interface function (UI) to the search function (SN).
Search function (SN) that received the instruction to determine the stored content
Sends a confirmation request as to whether the content group can be stored in the content protection function (SCP) or whether this user has a storage right for this content group.

The content protection function (SCP) performs a check operation 808 on the basis of the information of the previously acquired EPG metadata whether or not storage is possible. If the storage is possible, register the metadata CRID and locator (distribution) of the storage reservation content group entered in the EPG metadata in the location resolution function (LR), pass the metadata CRID, and transfer the metadata. Get the locator (distribution) of the metadata list and the locator (distribution) of the metadata list. The content protection function (SCP) passes the locator (distribution) of the metadata list and the CRID and locator (distribution) of the metadata of the reserved content group to the search function (SN). The search function (SN) creates an accumulation schedule table 809 based on the information.

(Receiving and Accumulating) FIGS. 30 to 33 are explanatory diagrams of receiving and accumulating processes 1 to 4 for accumulating and viewing in the copyright protection system. 48 and 49 are explanatory diagrams of the locator. The search function (SN) is a content protection function (SC
P) requests time information frequently and obtains time information. Then, by comparing the schedule table with the time information, when the storage reservation time comes, the CRID of the metadata of the storage reservation content group and the locator (distribution) of the metadata list are transferred to the content protection function (SCP) 810. The content protection function (SCP) passes the locator (delivery) of the metadata list of the storage reservation content group to the reception function (DR), and the reception function (DR) transfers the distributed metadata list based on the locator (delivery) information. Receive and pass to Content Protection Function (SCP). Content Protection Function (SCP)
Obtains the CRID and locator (distribution) of the metadata of the content selected by the EPG entered in the metadata list 811. The content protection function (SCP) registers the metadata reserved CRID and locator (distribution) in the location resolution function (LR), passes the CRID, and obtains the locator (distribution). The content protection function (SCP) passes the metadata CRID and locator (distribution) to the reception function (DR), and the reception function (DR) receives the metadata (E) based on the information, and the content protection function (DR) SCP). Content Protection Function (SCP)
Obtain the key metadata CRID and locator (distribution) entered in the unencrypted location of the metadata 8
12. Content protection function (SCP) is a location resolution function (L
Register the key metadata CRID and locator (distribution) in R), pass the key metadata CRID, obtain the locator (distribution), and receive the key metadata CRID and locator (distribution) in the receiving function (DR). Hand over. The receiving function (DR) receives the key metadata (E) based on the information and passes it to the content protection function (SCP). Therefore, the content protection function (SCP) decrypts the received key metadata,
Obtaining the content key stored in the key metadata,
A storage process of the content key in the key table, a metadata process such as a copy of the metadata, a decryption of the copy metadata, an information extraction, and a judgment are performed, and a process of storing the information extracted from the metadata in the search table is performed 813. afterwards,
Content protection function (SCP) is the CRID and locator (delivery) of the content written in the decrypted metadata
814, the content protection function (SCP) uses the location resolution function (LR) for the metadata CRID and locator (relative).
Register the content CID, the locator (relative), and the locator (distribution), and transfer the content CRID to obtain the locator (distribution).

The content protection function (SCP) has a reception function (D
R) passes the content's CRID and locator (delivery) to the receiver (DR).
And pass it to the content protection function (SCP). Thereafter, the content protection function (SCP) passes the search table created earlier to the storage medium control function (LSM), and the storage medium control function (LSM) stores the search table in a predetermined area of the receiving terminal. Then, the content protection function (SCP) uses the location resolution function (L
R), obtain the locator (relative), pass the stored metadata's CRID, locator (relative) and metadata (E) to the storage medium control function (LSM), and the storage medium control function (LSM) The storage locator is determined based on the (relative) information and stored in the LS. The storage locator (absolute) and the CRID of the metadata determined by the receiving terminal are transferred to the content protection function (SCP), and the content protection function (SCP) is registered in the location resolution function (LR). The content protection function (SCP) passes the stored content CRID to the location resolution function (LR), obtains a locator (relative), and stores the stored content CRID and locator (relative).
And the metadata (E) are transferred to the storage medium control function (LSM). The storage medium control function (LSM) determines the storage locator with reference to the information of the locator (relative), and stores it in the LS.
After storage, the storage medium control function (LSM) passes the storage locator (absolute) and CRID of the content determined by the receiving terminal to the content protection function (SCP), and the content protection function (SCP) is registered in the location resolution function (LR) I do.

(Search) FIG. 34 to FIG. 35 are explanatory diagrams of the receiving and storing process of storing and viewing in the copyright protection system.
2 is shown. FIG. 50 is an explanatory diagram of the locator. In order for the user to search the storage medium, the user performs an action (such as pressing a search button) for a search request.
In response to a user request for a search request,
Search function (SN) from user interface function (UI)
The search request instruction is delivered to the user and the search application starts up (815). Then, a search table request is issued from the search function (SN) to the content protection function (SCP), a search table request is issued from the content protection function (SCP) to the storage medium control function (LSM), and the storage medium control function (LSM) is output. ) Is L
A search table stored in a predetermined area of the receiver terminal in S is transferred to a content protection function (SCP). Then, the search function (SN) is replaced with the content protection function (SC
A personal information request instruction is sent to P), the content protection function (SCP) sends a personal information request instruction to the privacy protection function (SPP), and receives the personal information (E). The content protection function (SCP) decrypts the received personal information, filters the information in the search table using the personal information,
Pick up the viewable content 816. Then, the search table filtered by the personal information is transferred to the search function (SN). When the user uses the remote control to input search conditions from a pull-down menu or the like, the user inputs the search conditions to the user interface function (UI) to the search function (SN), and uses the search table to input the search conditions input by the user. Perform search processing based on 81
7.

After the search processing by the search function (SN), a list of contents that hit the search condition input by the user is transferred to the content protection function (SCP). The content protection function (SCP) displays the list as a content presentation function (C
P), the content presentation function (CP) displays a list of hit content to the user. The user selects a content for which detailed information is desired from the hit content list, and indicates a request intention. User interface function (U
I) sends a detailed information request to the search function (SN). The search function (SN) passes the metadata's CRID and locator (absolute) to the content protection function (SCP), and the content protection function (SCP) is passed from the search function (SN) Pass the metadata CRID to the location resolution function (LR) to obtain a locator.
Content protection function (SC) that obtained a locator (absolute)
P) passes the metadata CRID and locator (absolute) to the storage medium control function (LSM),
M) retrieves the requested metadata from the LS, copies it, and passes the metadata (E) to the content protection function (SCP). Upon receiving the metadata (E), the content protection function (SCP) decrypts the metadata and extracts the detailed display information 818. The search function (SN) issues a request for displaying detailed information to the content protection function (SCP), and the content protection function (SCP) passes the detailed display information extracted first from the metadata to the content presentation function (CP). The content presentation function (CP) displays the received detailed display information to the user as detailed information of the search result content. Then, the user determines the viewing content based on the detailed information, and the user interface function (UI) having received the intention transfers the viewing content determination information to the search function (SN).

(Viewing Contract) FIG. 36 is an explanatory diagram of a viewing contract process 1 for stored viewing in the copyright protection system.
FIG. 51 is an explanatory view of a locator. The search function (SN) requests the viewing protection processing from the content protection function (SCP). The content protection function (SCP) issues a personal information request instruction to the privacy protection function (SPP), obtains the personal information (E), and determines the user access restriction from the metadata and the personal information obtained earlier. A viewing contract process and a billing process are performed based on the data information and the user's intention 820. The content protection function (SCP) creates viewing contract information from the results of the viewing contract processing and billing processing, passes it to the privacy protection function (SPP), and the privacy protection function (SPP) encrypts the information and sends it to the Security Module. Store. When all processes up to that point are completed, the content protection function (SCP) passes the CRID of the viewing content to the location resolution function (LR) and obtains a locator (absolute). Content protection function (SC
P) passes the content CRID and locator (absolute) to the storage medium control function (LSM),
M) searches the LS based on the information, makes a copy,
Transfer the content (E) to the content protection function (SCP). Upon receiving the content (E), the content protection function (SCP) decrypts the content and transfers it to the content presentation function (CP) 821. Upon receiving the content, the content presentation function (CP) displays 822 the content to the user.

(Real-time viewing) Next, an example of a processing procedure for real-time viewing will be described. The processing procedure is roughly divided into reception, viewing contract / viewing. (Reception) FIGS. 37 to 39 are explanatory diagrams of the real-time viewing reception processes 1 to 3 in the copyright protection system. FIG. 52 is an explanatory view of a locator. The user selects a channel with a remote control to watch a real-time program. The user interface function (UI) that has received the channel selection by the remote controller sends an instruction to receive the channel requested by the search function (SN).
The search function (SN) receiving the reception instruction transfers the locator (distribution) of the metadata list of the received content to the content protection function (SCP). Content protection function (SC
P) registers the locator (distribution) of the metadata list in the location resolution function (LR), obtains the locator (distribution),
The receiving function (DR) receives the metadata list of the received content based on the locator,
Transfer to Content Protection Function (SCP). Content protection function (SCP) is entered in the metadata list,
The CRID and locator of the metadata of the content at the beginning of the event or the currently displayed content are obtained (823). After that, the content protection function (SCP) uses the location
R), register the metadata CRID and locator (distribution), transfer the CRID, obtain the locator (distribution), pass the metadata CRID and locator (distribution) to the receiving function (DR), and receive the function (DR) receives the metadata (E) based on the information and passes it to the content protection function (SCP). The content protection function (SCP) obtains the key metadata CRID and locator (distribution) entered in the unencrypted location of the metadata 824, and the location resolution function (LR) obtains the key metadata CRID and Locator (delivery)
Is registered, the key metadata CRID is passed, and the locator (delivery) is obtained. And the content protection function (SC
P) passes the key metadata CRID and locator (distribution) to the receiving function (DR), and the receiving function (DR) receives the key metadata (E) based on the information and performs the content protection function (S
Decryption of the key metadata received by the Content Protection Function (SCP), obtaining the content key stored in the key metadata, storing the content key in the key table, copying the metadata, copying the copy metadata 825 performs metadata processing such as decryption, information extraction, and determination, and stores information extracted from the metadata in a search table.
Thereafter, the content protection function (SCP) obtains the content CRID and locator (distribution) written in the decrypted metadata 826, and sends the metadata CRID, locator (relative) and content to the location resolution function (LR). Register the CRID, locator (relative) and locator (distribution), transfer the content CRID, obtain the locator (distribution), pass the content CRID and locator (distribution) to the receiving function (DR), receive function (DR) receives the content (E) based on the information and the content protection function (SCP)
Hand over to

(Viewing Contract / Viewing) FIG. 40 is an explanatory diagram of a viewing contract process for real-time viewing in the copyright protection system. When the user indicates the intention to view, the user interface function (UI) passes the information of intention to view to the search function (SN), and the search function (SN) sends a viewing contract processing request to the content protection function (SCP). The content protection function (SCP) issues a personal information request instruction to the privacy protection function (SPP), obtains the personal information (E), and determines the user access restriction based on the previously acquired metadata and personal information 827. Next, the content protection function (SC
P) performs the viewing contract process and the billing process based on the metadata information and the user's intention display 828, the viewing contract process,
The viewing contract information is created from the result of the billing process and passed to the privacy protection function (SPP). The privacy protection function (SPP) encrypts the information and stores it in the Security Module. Thereafter, the content protection function (SCP) decrypts the content (E) 829, and the content presentation function (CP)
Hand over to Upon receiving the content, the content presentation function (CP) displays the content to the user 83
0.

(Removable Media Storage) FIGS. 41 to 42 are explanatory diagrams of removable media storage processes 1 and 2 in the copyright protection system. FIG. 53 is an explanatory view of a locator. These figures show an example of a processing procedure for temporarily storing content in a storage medium such as an HDD and then storing the content in a removable medium. The processing procedure can be roughly divided into reception storage, search, and removable media storage, but the reception storage and search processing are the same as the storage viewing described above, and thus are omitted here, and only the removable media storage processing is performed. It is shown below.

First, when the user requests the storage of removable media for the content hit in the search processing, the search function (SN) sends the removable media storage processing request of the content requested by the user to the content protection function (SCP). To send to. Content protection function (SC
P) issues a personal information request instruction to the privacy protection function (SPP), obtains the personal information (E), and the content protection function (SCP) judges the user access restriction from the metadata and the personal information obtained earlier, and 831 The content protection function (SCP) performs viewing contract processing and charging processing based on the metadata information and the user's intention 832. Then, the content protection function (SCP) creates viewing contract information from the result of the viewing contract processing and billing processing, passes it to the privacy protection function (SPP), and the privacy protection function (SPP) encrypts the information to encrypt the security module ( Security
Module). When all the processing up to that point is completed, the content protection function (SCP)
Pass the content and metadata CRID stored in removable media to R) and obtain a locator (absolute). The content protection function (SCP) passes the content and metadata CRID and locator (absolute) to the storage medium control function (LSM), and the storage medium control function (LSM) searches the LS based on the information and copies it Content (E) and metadata (E) to protect content (SCP)
Hand over to The content protection function (SCP) that received the content (E) and metadata (E)
R) to transfer the content and metadata CRID, obtain the locator (relative), and to the storage medium control function (LSM) to transfer the content, CRID and locator (relative) and metadata, CRID and locator (relative) and store The medium control function (LSM) accumulates 833 the contents and the metadata on the removable medium based on the information. And
The storage medium control function (LSM) passes the locator (absolute) and the CRID where the content and metadata are stored to the content protection function (SCP). ), The stored information is created, and the stored information is encrypted.
34, transfer to storage medium control function (LSM). afterwards,
Storage medium control function (LSM) stores storage information (E) on removable media

(Acquisition of Contents from Removable Media) Next, an example of a processing procedure for acquiring contents from a removable medium instead of acquiring contents from a line such as a satellite line will be described. The processing procedure is broadly divided into viewing content determination and viewing. (Determining Viewing Content) FIG. 43 is an explanatory diagram of a viewing content determining process for obtaining a content from a removable medium in the copyright protection system. First, the user inserts an IC card 835 and further inserts a removable medium 836. Then, the user indicates intention of the removable media search. In response to the user's intention, the user interface function (UI) issues a removable media search request instruction to the search function (SN), and the search function (SN) receives the instruction and requests the stored information from the content protection function (SCP). (Content protection function SC
P) sends a storage information request instruction to the storage medium control function (LSM). The storage medium control function (LSM) that has received the storage information request instruction searches all the storage information existing in the removable medium and transfers the storage information (E) to the content protection function (SCP). Upon receiving the stored information (E), the content protection function (SCP) performs a decryption process, extracts necessary information, and retrieves a search table (for removable media).
837. And the content protection function (SC
P) passes the search table to the search function (SN), the search function (SN) requests the content protection function (SCP) to present the search table, and the content protection function (SCP) sends the search table to the content presentation function (CP). The delivery and content presentation function (CP) displays search results based on the information. The user determines the viewing content based on the search result, and the user interface function (UI) transfers the viewing content determination information to the search function (SN).

(Viewing) FIGS. 44 to 45 are explanatory diagrams of viewing processes 1 and 2 for obtaining contents from removable media in the copyright protection system. FIG.
To FIG. 56 are explanatory diagrams of the locator. The search function (SN) passes the user-determined content CRID and locator (absolute) to the content protection function (SCP), and the search function (SN) provides the content protection function (SC).
The personal information and the viewing contract information request instruction are sent to P). Content Protection Function (SCP) is Privacy Protection Function (SP
The personal information and the viewing contract information request instruction are sent to P). The privacy protection function (SPP) transfers personal information and the viewing contract information (E) of the content selected by the user to the content protection function (SCP), and the content protection function (SCP)
Registers the metadata's CRID and locator (absolute) for the content selected by the user in the location resolution function (LR),
The ID is transferred, the locator (absolute) is obtained, the CRID of the metadata of the content selected by the user and the locator (absolute) are transferred to the storage medium control function (LSM), and a metadata request instruction is transmitted. Storage media control function (LS
M) retrieves metadata from the removable medium according to the information and passes the metadata (E) to the content protection function (SCP). Content Protection Function (SCP)
Decrypts the metadata 838, and judges whether or not the user can view the content selected from the information of the stored information, personal information, viewing contract information, and metadata 839. If the content can be viewed, the content protection function (SCP) registers the CRID and locator (absolute) of the content selected by the user in the location resolution function (LR), passes the CRID, obtains the locator (absolute), and stores it Transfers the content CRID and locator (absolute) to the medium control function (LSM) and sends a content request instruction. The storage medium control function (LSM) searches the LS from the information and transfers the content (E) to the content protection function (SCP). Then, the content protection function (SCP) performs a decryption process of the content 840,
Transfers content to the content presentation function (CP). The content presentation function (CP) that has received the content displays the content 841 to the user.

[0074]

According to the present invention, the encrypted content stored in the receiving terminal is a copy of the encrypted content at the time of viewing by the user.
Similarly, the encrypted metadata is copied, the copied metadata is decrypted, and the copied content is decrypted and reproduced by using the decrypted metadata. Thus, the encrypted content data is always stored, and the same service can be enjoyed by another security module at any time.

[Brief description of the drawings]

FIG. 1 is a service configuration diagram of a comprehensive data distribution service.

FIG. 2 is an overall configuration diagram of a comprehensive data distribution service system.

FIG. 3 is an explanatory diagram of a function of metadata.

FIG. 4 is an explanatory diagram of classification of metadata.

FIG. 5 is a view for explaining the flow of the present comprehensive data distribution service.

FIG. 6 is an explanatory diagram of information owned by a center side and a receiving side before an initial contract.

FIG. 7 is an explanatory diagram of an encryption mode of each data.

FIG. 8 is an explanatory diagram of a decoding process of EPG metadata.

FIG. 9 is an explanatory diagram of a free sequence.

FIG. 10 is an explanatory diagram of information owned by the center side based on initial contract registration information.

FIG. 11 is an explanatory diagram of contract information distributed by a center side.

FIG. 12 is an exemplary view for explaining a process of decoding contract information in a receiving terminal.

FIG. 13 is a detailed explanatory diagram of contract information and a personal authentication device.

FIG. 14 is a detailed explanatory diagram of a profile and a key table.

FIG. 15 is an explanatory diagram of a pay sequence.

FIG. 16 is an explanatory diagram of a viewing contract process.

FIG. 17 is a diagram illustrating a billing method when there is no return path.

FIG. 18 is a view for explaining a billing method when there is a return path.

FIG. 19 is a diagram illustrating a method of updating a system key.

FIG. 20 is an explanatory diagram of a method of reproducing content on an external device.

FIG. 21 is an explanatory diagram in the case of moving a viewing right to another receiving terminal.

FIG. 22 is a configuration diagram in a receiving terminal.

FIG. 23 is a functional block diagram in the receiving terminal.

FIG. 24 is a functional block diagram showing the inside of a receiving terminal in two dimensions.

FIG. 25 is a functional block diagram showing the inside of a receiving terminal in three dimensions.

FIG. 26 EPG of stored viewing in a copyright protection system
FIG. 4 is an explanatory diagram of a reservation process 1.

FIG. 27 EPG of stored viewing in the copyright protection system
FIG. 4 is an explanatory diagram of a reservation process 2.

FIG. 28 EPG of stored viewing in a copyright protection system
FIG. 7 is an explanatory diagram of a reservation process 3.

FIG. 29 EPG of stored viewing in the copyright protection system
FIG. 9 is an explanatory diagram of a reservation process 4.

FIG. 30 is an explanatory diagram of reception / storage processing 1 for storage / viewing in the copyright protection system.

FIG. 31 is an explanatory diagram of reception / storage processing 2 for storage / viewing in the copyright protection system.

FIG. 32 is an explanatory diagram of reception / storage processing 3 for storage / viewing in the copyright protection system.

FIG. 33 is an explanatory diagram of reception / storage processing 4 for storage / viewing in the copyright protection system.

FIG. 34 is an explanatory diagram of search processing 1 for stored viewing in the copyright protection system.

FIG. 35 is an explanatory diagram of search processing 2 for stored viewing in the copyright protection system.

FIG. 36 is an explanatory diagram of a viewing contract process 1 for stored viewing in the copyright protection system.

FIG. 37 is an explanatory diagram of reception processing 1 for real-time viewing in the copyright protection system.

FIG. 38 is an explanatory diagram of a real-time viewing reception process 2 in the copyright protection system.

FIG. 39 is an explanatory diagram of a real-time viewing reception process 3 in the copyright protection system.

FIG. 40 is an explanatory diagram of a viewing contract process for real-time viewing in the copyright protection system.

FIG. 41 is an explanatory diagram of a removable media storage process 1 in the copyright protection system.

FIG. 42 is an explanatory diagram of removable media storage processing 2 in the copyright protection system.

FIG. 43 is an explanatory diagram of a viewing content determination process for obtaining content from a removable medium in the copyright protection system.

FIG. 44 is an explanatory diagram of a viewing process 1 for obtaining content from a removable medium in the copyright protection system.

FIG. 45 is an explanatory diagram of a viewing process 2 for obtaining a content from a removable medium in the copyright protection system.

FIG. 46 is an explanatory diagram of each function in a functional block.

FIG. 47 is an explanatory view (1) of a locator.

FIG. 48 is an explanatory view (2) of a locator.

FIG. 49 is an explanatory view (3) of a locator.

FIG. 50 is an explanatory view (4) of a locator.

FIG. 51 is an explanatory view (5) of a locator.

FIG. 52 is an explanatory view (6) of a locator.

FIG. 53 is an explanatory view (7) of a locator.

FIG. 54 is an explanatory view (8) of a locator.

FIG. 55 is an explanatory view (9) of a locator.

FIG. 56 is an explanatory view (10) of a locator.

[Explanation of symbols]

1 content, 2 reception antenna, 3 reception terminal, 4
... storage medium, 5: removable media, 6 ... real-time viewing, 7 ... real-time + storage viewing, 8 ... storage viewing, 9 ... TV, 10 ... center side, 11 ... transmitting antenna, 12 ... satellite, 13 ... Ground line, 14 ... RMP, 15 ...
External device, 20: Terminal acquisition / installation, 21: Content reception / storage, 22: Playback, 23: Metadata reception, 24:
Free / paid service determination, 25: Key distribution metadata decryption, 26: Content key Kk storage, 27: Storage metadata decryption, 28: Content reception / storage determination, 29: Viewing contract processing, 30: Content reproduction ( Decryption), 31: paid sequence, 32: storage, 33: free sequence, 3
4: generation of permission information, 35: presence or absence of user restriction, 36: determination of personal information, 37: reproduction disabled, 38: determination of limited reception, 3
9: Not available, 40: Contract screen, 50: PSI / SI, 100
... Metadata, 101 ... Metadata for storage, 102 ... EP
G metadata, 103... Key distribution metadata, 104
... Metadata for key distribution for free contents, 105 ... Metadata for key distribution for paid contents, 106 ... EPG after decryption
Metadata for 107, content information, 108 contract pattern 1, 109 contract pattern 2, 200 personal authentication device, 201 personal ID, 202 private key Km, 30
0: application, 301: EPG application, 302: EPG table, 303: schedule management, 401: scramble / descramble, 402:
Key table, 403: Profile, 404: Overall profile, 405: Tuner, 406: Demax,
407 ... descrambler, 408 ... conditional access system function (CAS), 409 ... security I / F, 410 ... secure memory, 411 ... module 1, 412 ... module 2, 413 ... metadata decoding, 414 ... metadata analysis, 415 ... Encryption of license information etc. 416 ... Storage medium I / F,
417: Content decoder, 418: Content decoding, 419: Graphic, 420: Personal profile, 421: Guest profile, 422: Tamper resist module, 500: Initial contract, 501: System
ID, 502: System key Ksm, 503: Terminal ID, 504
… Terminal key Kmc, 505… entity ID, 506… entity key K
w, 507: free content, 508: paid content, 509: content key Kk, 510: content ID,
511 customer management, 512 point information, 513 point control, 514 group information, 515 group contract point, 516 individual contract point, 517 contract method, 518 call information, 519 call control, 520
… History collection, 521 group charging history, 522 individual charging history, 523 system key Ksm1, 524 system key Ksm2, 525 system key Ksm3, 526 change request,
530: gift ID, 531: gift key Kg, 600: viewing contract, 601: initial contract registration information, 602: group information, 603: personal information, 604: group contract information, 6
05: Individual contract information, 606: Initial contract information after decryption, 6
07 ... personal data, 608 ... permission information, 609 ... personal information, 620 ... activation flag, 630 ... contract information, 700
... Advance billing, 701... PPV billing, 801... EPG metadata processing, 802...
… Processing by personal information, 804: Filtering by storage schedule, 805: EPG presentation, 806: EPG metadata decoding, 807: Detailed information presentation, 808: Accumulation permission / inhibition, 809: Schedule table creation, 810 ...
Storage reservation time monitoring, 811: Acquisition of metadata CRID and locator, 812: Acquisition of key metadata CRID and locator, 813: Key metadata and metadata processing, 814 ...
Acquisition of content CRID and locator, 815: Launch of search application, 816: Filtering by personal information, 817: Search process, 818: Metadata process, 819: User access restriction judgment, 820: Viewing contract and billing process, 821: Content Decryption, 822
... Content display, 823 ... Metadata CRID and locator acquisition, 824 ... Key metadata CRID and locator acquisition, 825 ... Key metadata and metadata processing, 826 ...
Content CRID and locator acquisition, 827: User access restriction judgment, 828: Viewing contract and billing information,
829: content decryption, 830: content display, 8
31: User access restriction judgment, 832: Viewing contract and billing process, 833: Removable media storage, 8
34 ... stored information processing, 835 ... IC card insertion, 836 ...
Insert removable media, 837 ... Stored information processing, 8
38: Metadata decryption, 839: Viewable / unavailable judgment, 84
0: Content decryption, 841: Content display

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 7/173 640 H04L 9/00 601B (72) Inventor Iori Yamazaki 4-6 Kanda Surugadai, Chiyoda-ku, Tokyo F-term in the Broadcasting and Communication Systems Division, Hitachi, Ltd. (Reference) 5B017 AA03 BA07 CA16 5C064 BA01 BB02 BC06 BC17 BC23 BC25 BD03 BD08 BD09 CB05 5J104 AA01 AA16 BA03 EA04 EA17 NA02 PA05

Claims (12)

[Claims] A step of receiving storage metadata and key distribution metadata in response to a content reception request; a step of determining whether the broadcast is a free broadcast or a pay broadcast based on the received storage metadata; For example, the received key distribution metadata is decrypted by the system key (Ksm) in the key table, and the content key (Kk) stored in the key distribution metadata is decrypted.
Acquiring the content, and decrypting the encrypted portion of the received storage metadata with the obtained content key (Kk); and receiving or storing the content using the content of the storage metadata and / or a user request. A step of making a determination, and if it is determined that the storage is to be performed, a step of storing the encrypted storage metadata and the encrypted content in a storage medium. In this case, the step of copying the storage metadata and decrypting the copied storage content; the step of determining whether or not there is a user restriction based on the content of the decrypted storage metadata; Or within the limits,
Generating permission information for viewing the content from the storage metadata and the content key (Kk) and storing the generated information in a personal authentication device or profile. 2. A step of receiving storage metadata and key distribution metadata in response to a content reception request; a step of determining whether the broadcast is a free broadcast or a pay broadcast based on the received storage metadata; For example, the step of comparing the entity identifier and contract code stored in the profile in the receiving terminal with those stored in the profile in the receiving terminal.If the user using the receiving terminal does not have a contract, If the content is not received and a contract is made, the entity key (Kw), which is an encryption key applied to the key distribution metadata based on the entity identifier from the key table in the receiving terminal
And decrypting the key distribution metadata with the business entity key (Kw) to obtain the content key (Kk) embedded in the key distribution metadata. Decrypting with the acquired content key (Kk), using the content of the storage metadata and the user request to determine whether to receive or store the content, and encrypting the content if it is determined to be stored. Storing the stored metadata and the encrypted content in a storage medium, and, when a user's viewing request occurs, copying the stored metadata and copying the stored content. Decrypting, and determining whether there is a user restriction based on the contents of the decrypted storage metadata. If it is, the permission information for the viewing of the content, generated from storage metadata and the content key (Kk), data viewing service method comprising the steps of storing the personal identification device or profile. 3. The method according to claim 1, further comprising, upon reproducing the content, determining whether the content can be reproduced based on the permission information, decrypting the encrypted content with a content key (Kk), and reproducing the content. Data viewing service method described in 1. 4. The viewing contract process according to claim 1, wherein in the step of judging whether to receive or store the content, when real-time viewing is performed, a viewing contract process is performed using the decoded storage metadata. Data viewing service method. 5. The free content and the pay content are encrypted with a content key (Kk), and the storage metadata existing on a one-to-one basis with respect to the content is also encrypted with the content key (Kk). Regarding the content key (Kk) used for data encryption and the key distribution metadata for storing and distributing information related to the key, the content key (Kk) used when encrypting free content, which is a free service, is used. The metadata for free content key distribution for distribution is encrypted using a system key (Ksm) common to all terminals, while the metadata for paid content key distribution is different for each business entity. 5. The data viewing service method according to claim 1, wherein encryption is performed using a key (Kw). 6. When the user determines the content to be viewed, in the case of paid content, the contract screen of the receiving terminal includes:
A step of presenting a contract type of a purchase type contract, a rental type contract, or a plurality of contracts based on the metadata for storage; and, if the user determines the contract type, the receiving terminal transmits the contract type of the storage metadata. The relevant contract pattern part and the content information are extracted from the information on the contract, the content identifier of the relevant content in the key table and the content key (Kk) are extracted, and if necessary, the user restriction is included, and the license information is included. And encrypting the generated permission information with a personal key (Km), which is a key different for each individual, and storing it in a personal authentication device via a secure transmission path. The terminal determines whether or not the user's right to view the content is valid based on the permission information when the content is reproduced, and the stored information is stored. The data viewing service method according to any one of claims 2 to 5, wherein the content is decrypted by using the content key (Kk) and reproduced. 7. A point is given to a user in advance, the point is subtracted every time the content is purchased, and a point is newly obtained by notifying the center when the point is exhausted. 7. The data viewing / listening service method according to claim 1, wherein the points are carried over and new points are added. 8. When the contract is renewed, the previous points are erased,
The data viewing service method according to claim 7, wherein points are newly registered or additionally registered. 9. The system according to claim 7, wherein the new portion is broadcasted via a satellite communication line or a broadcast line.
Data viewing service method described in 1. 10. A content protection function for protecting / managing all information to be protected existing in a receiver, encrypts / decrypts content and metadata, and places the content and metadata outside the area where the content protection function is secured. 10. The data viewing / listening service method according to claim 1, wherein the information to be protected by the output data is transferred by encrypting the data. 11. A content protection function (SCP) which is a protection / management function in a receiver, and a privacy protection function for protecting personal information, which protect contents, rights, and personal information. The data viewing service method according to claim 10, wherein: 12. The data viewing service method according to claim 11, wherein the encryption and decryption are performed only by the privacy protection function only when the viewing information and / or the stored information are stored in the security module or the removable medium. .