JP2004194295A - Packet transmitting/receiving device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To install a DTCP system to an IP protocol which is a standard protocol of the Internet in a packet transmitting/receiving device. <P>SOLUTION: The packet transmitting/receiving device (401) comprises an authentication/key exchanging means (402), an encrypting means (406) for creating encrypted transmission data, a transmission condition setup managing means (404) for creating transmission condition setup information for setting the transmission condition of a transmission packet, a packeting means (403) for creating the transmission packet by using the encrypted transmission data, a reception condition setup managing means (408) for creating reception condition setup information for setting the reception condition of a reception packet, a packet receiving means (405) for receiving the reception packet, and a decoding means (407) for decoding the reception data by using a decoding key. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

  The present invention relates to a packet transmission / reception device. More specifically, the present invention generates a packet using encrypted data (for example, AV data) and converts the generated packet to an Ethernet (R) (wired LAN) conforming to the IEEE 802.3 standard or the like. Or a packet transmitting / receiving apparatus that transmits and receives data using a wireless LAN or the like that conforms to the IEEE 802.11 standard or the like.

  2. Description of the Related Art Conventionally, even in ordinary households, MPEG-TS has been encrypted and transmitted using the IEEE 1394 standard based on the method defined in IEC 61883-4. As an example of a system for encrypting and transmitting AV data such as MPEG-TS, a DTCP (Digital Transmission Content Protection) system is defined.

  The DTCP method is a method relating to content protection on transmission media such as the IEEE 1394 standard and USB. The DTCP method is standardized by DTLA (Digital Transmission Licensing Administrator). The DTCP method is described in more detail in, for example, Non-Patent Document 1, Non-Patent Document 2, Non-Patent Document 3, and Non-Patent Document 4.

  FIG. 38 is a schematic diagram showing that the MPEG-TS is transmitted via the transmission medium conforming to the IEEE 1394 standard using the DTCP method.

  In the DTCP method, a transmitting device is called a source 2001 and a receiving device is called a sink 2002, and encrypted data such as MPEG-TS is transmitted from the source 2001 to the sink 2002 via the network 2003.

  38, a source 2001 is, for example, a DVHS, a DVD recorder, a 1394-equipped STB (Set Top Box) or a 1394-equipped digital TV (Television), and a sink 2002 is, for example, a DVHS, a DVD recorder, a 1394-equipped STB (Set). Top Box) or 1394-equipped digital TV (Television).

As described above, it is known that AV data such as MPEG-TS is transmitted via a transmission medium conforming to the IEEE 1394 standard using the DTCP method.
"Digital Transmission Licensing Administrator", [online], [searched October 14, 2003], Internet <URL: http: // www. dtcp. com> Bill Pearson, "Digital Transmission Content Protection", [online], June 16, 1996, [searched October 14, 2003], Internet <URL: http: // www. dtcp. com / data / dtcp_tut. pdf> "5C Digital Transmission Content Protection White Paper", [online], July 14, 1998, [searched October 14, 2003], Internet <URL: http: // www. dtcp. com / data / wp_spec. pdf> Shinji Takada, "IEEE1394, Application to AV Equipment", Nikkan Kogyo Shimbun, "Chapter 8, Copy Protection", pp. 133-149

  However, the implementation of the DTCP method in the IP protocol which is a standard protocol of the Internet has not been known to date. Therefore, using the DTCP method, AV data can be transferred to the IEEE 802.3 standard that is an Ethernet standard, the IEEE 802.11 standard that is a wireless LAN standard, or other transmission media that can transmit IP packets. Could not be transmitted over. In other words, in the related art, a state in which data confidentiality and copyright are protected between a transmitting device and a receiving device logically connected via the IP protocol using encryption. Could not transmit AV data such as MPEG-TS.

  According to the present invention, there is provided a packet transmitting / receiving apparatus for transmitting a transmission packet and receiving a reception packet, wherein the authentication / key exchange means for generating an encryption key and a decryption key, and transmitting the transmission data using the encryption key. Setting a transmission condition of the transmission packet using at least one of an encryption unit that generates encrypted transmission data by encrypting the transmission condition-related information, transmission / reception management information, and reception condition setting information; Transmission condition setting management means for generating transmission condition setting information for performing transmission, packetizing means for generating the transmission packet using the encrypted transmission data, and at least one of reception condition related information and packet reception information. Receiving condition setting management means for generating receiving condition setting information for setting a receiving condition of the received packet; and receiving the received packet. Packet receiving means for extracting reception data included in the reception packet from the reception packet using the reception condition setting information, and generating the packet reception information from the reception packet; A packet receiving unit that outputs the received data to the authentication / key exchange unit or the reception condition setting management unit, and a decryption unit that decrypts the received data using the decryption key.

  The packetizing unit includes a packet additional information generating unit that generates packet additional information using at least one of the transmission condition setting information and authentication / key exchange related information related to the authentication / key exchange unit, The packetizing means generates the transmission packet by adding the packet additional information to the encrypted transmission data, and the packet receiving means extracts the packet additional information for extracting the packet additional information included in the transmission packet. Including means.

  The apparatus further includes framing means for generating a transmission frame using the transmission packet, and frame receiving means for receiving a reception frame and extracting the reception packet from the reception frame.

  First queue means for temporarily storing the first packet generated by the packetizing means, and second queue means for temporarily storing the second packet generated by the packetizing means And controlling which of the first packet stored in the first queue unit and the second packet stored in the second queue unit is to be transmitted, based on the transmission condition setting information. Transmission queue control means, and a framing means for generating a transmission frame by framing the first packet output from the first queue means and the second packet output from the second queue means. And a frame receiving means for extracting the received packet from the received frame.

  The transmission queue control means includes: information relating to a transmission path of the first packet or the second packet; information relating to a bandwidth required to transmit the first packet or the second packet; The information is stored in the first queue means using at least one of information on a delay from transmission of a transmission packet to arrival and information on a priority of the first packet or the second packet. It controls which of the first packet and the second packet stored in the second queue means is transmitted.

  The transmission queue control means includes an RSVP method described in IETF rfc2205, rfc2208, and rfc2209, an Intserv method described in IETF rfc2210, rfc2211, 2212, and rfc2215, and a method described in IETF rfc2474, rfc2475, and rfc2597 in rfc2597. Either control method is used.

  The transmission queue control unit selects and selects one of the first packet stored in the first queue unit and the second packet stored in the second queue unit. The first queue means and the second queue means are controlled so as to output packets preferentially.

  When the amount of the first packet stored in the second queue does not exceed a predetermined amount, the transmission queue control unit controls the first packet stored in the first queue. Is output with priority, and when the amount of the second packet stored in the second queue means exceeds a predetermined amount, the second packet stored in the second queue means is output. The first cue means and the second cue means are controlled so as to output preferentially.

  The transmission queue control unit may control the first packet so as to average an interval between the first packet transmitted from the first queue unit and the second packet transmitted from the second queue unit. And the second queue means.

  The transmission condition setting management unit and the reception condition setting management unit detect a maximum transmission packet size in a path from a transmission destination of the transmission packet to a reception destination during a period from transmission of the transmission frame to arrival of the transmission frame, The transmission condition setting information and the reception condition setting information are generated using maximum transmission packet size information.

  The framing unit adds an IEEE 802.3 standard frame header to the transmission packet generated by the packetizing unit.

  The framing unit adds an IEEE 802.1Q standard frame header to the transmission packet generated by the packetizing unit.

  The packetizing means converts the encrypted transmission data into a predetermined size, and adds an IP (Internet Protocol) header specified by the IETF as IPv4 or IPv6.

  The packetizing means adds information indicating that the packet is a priority packet to a service type field of an IPv4 header or a TOS (Type of Service) field in the service type field.

  The packetizing means adds information indicating that the packet is a priority packet to a priority field of an IPv6 header.

  The packetizer includes a first packetizer and a second packetizer, and the first packetizer includes at least one of the transmission condition setting information and the authentication / key exchange related information. The first packet is generated by using information, and the second packetizing unit transmits at least one of the transmission condition setting information, the authentication / key exchange related information, and the encrypted transmission data. To generate the second packet.

  The packetizing means converts the encrypted transmission data into a predetermined size, adds an IP header defined by the IETF as IPv4 or IPv6, and the first packetizing means is constituted by software; The second packetizing means is constituted by hardware.

  The apparatus further includes a data separation unit that separates the transmission data into priority data and general data, the encryption unit encrypts the priority data, and the first packetization unit performs a first packetization using the general data. Generate a packet.

  The first packetizing means adds at least one header of RTCP, RTSP, HTTP, TCP, UDP, and IP, which are data processing protocols defined in the IETF document.

  The second packetizer adds a sequence number to the data, or adds at least one header of RTP, UDP, HTTP, TCP, and IP, which are data processing protocols defined in the IETF document. I do.

  The priority data is an uncompressed SD signal defined by the SMPTE 259M standard, an uncompressed HD format defined by the SMPTE 292M standard, or a DV or MPEG-TS transmission by IEEE 1394 defined by the IEC 61883 standard. It is a stream format or at least one data stream format of the MPEG-TS format, MPEG-PS format, MPEG-ES format, and MPEG-PES format according to DVB-ASI defined by DVB standard A010.

  The second packetizing means includes an error correction code adding means.

  The error correction code used in the error correction code adding means is a Reed-Solomon method or a parity method.

  The information indicating the encryption key outputs decryption information of the encryption key from the framing unit before the framing unit outputs a transmission packet encrypted with the encryption key.

  The information indicating the encryption key is transmitted from the transmission frame to the reception frame corresponding to the transmission frame, when the transmission packet including the encrypted transmission data generated using the encryption key is transmitted. Sent before the time to receive.

  The authentication / key exchange means, when the position information of the packet transmitting / receiving apparatus and the position information of the destination of the transmission packet or the position information of the transmission source of the reception packet match predetermined conditions, perform authentication. Allow

  The transmission / reception management information includes at least one of location information of the packet transmission / reception device, location information of an arrival destination of the transmission packet, and location information of a transmission source of the reception packet.

  The position information is, for example, information in which a range is designated by a region code, an address, a postal code, or longitude and latitude.

  The authentication / key exchange means, between the packet transmission / reception device and the destination of the transmission packet or the transmission source of the reception packet, receives the destination of the transmission packet or the reception source of the reception packet from the packet transmission / reception device. Authentication is permitted if the one-way or round-trip propagation time to is less than a predetermined time limit.

  The authentication / key exchange means scrambles data in the wireless transmission section when a wireless transmission section exists in a transmission / reception section between the packet transmission / reception device and the destination of the transmission packet or the transmission source of the reception packet. If it is confirmed that the transmission mode is selected, the authentication is permitted.

  The authentication / key exchange means, when performing authentication between the packet transmitting / receiving device and the destination of the transmission packet or the source of the reception packet, transmits the destination of the transmission packet or transmission of the reception packet. The authentication is not established because the storage unit for temporarily storing information about the source, the packet transmitting / receiving device, and the destination of the transmission packet or the source of the reception packet do not match the predetermined condition. In this case, the information stored in the storage unit is compared with information on the destination of the transmission packet or information on the destination of the reception packet, and the packet transmission / reception device and the destination of the transmission packet or Verification means for performing authentication with the source of the received packet.

  The information on the destination of the transmission packet or the information on the destination of the reception packet includes at least one of a certificate, a MAC address, and biometric information.

  The authentication / key exchange means performs a predetermined authentication and key exchange, and updates an encryption key or a decryption key in a predetermined period.

  Timing information indicating the timing at which the authentication / key exchange means updates the decryption key is added to the transmission packet.

  The timing at which the authentication / key exchange means updates the decryption key is notified by changing the TCP port number or UDP port number of the transmission packet.

  The timing at which the authentication / key exchange unit updates the decryption key is updated for each HTTP request when the transmission packet uses HTTP.

  Further, the timing at which the authentication / key exchange means updates the decryption key is changed for each fixed data amount when the transmission packet uses HTTP.

  Alternatively, the timing at which the authentication / key exchange means updates the decryption key is updated within a predetermined period when the transmission packet uses RTP.

  The DTCP copy control information in the authentication / key exchange means is transmitted by adding encryption mode information to the transmission packet.

  The transmission queue control unit controls the first queue unit and the second queue unit so that the data rate of the priority data does not become smaller than a predetermined value.

  The transmission queue control unit may be configured to control the transmission queue control unit so that the time during which the priority data is stored in the second queue unit is always smaller than a predetermined value. Control the queuing means.

  The second packetizing means includes buffer means for temporarily storing data, counter means for counting the length of the data, packet header generating means for generating a packet header of the second packet, Packet combining means for combining a packet by combining a packet header and a payload output from the buffer, wherein the packet header generating means specifies a payload length of the second packet and is stored in the buffer means. The read data is read and input to the packet combining means.

  The second packetizing means includes buffer means for temporarily storing data extracted from the priority data, counter means for counting the length of the data, and a packet for generating a packet header using packetization information. The packet generator includes a header generator and a packet generator that generates a packet by combining the packet header and the payload. The counter outputs control data for reading data corresponding to a payload length from the buffer.

  The second packetizing means includes buffer means for temporarily storing data, counter means for counting the length of the data, packet header generating means for generating a packet header using packetization information, Error correction adding means for adding error correction to the data, and packet combining means for combining the packet header and the data with the error correction added thereto, wherein the counter means outputs data corresponding to a payload length from the buffer means. And outputs control data for reading the data.

  In the layer that processes the received frame of the lower layer than the layer in which the priority data and the general data are processed, the priority data and the general data are selected from a communication protocol header of a reception packet included in the reception frame, The processing of the priority data and the processing of the general data are performed independently.

  The second packetizing unit includes an encryption key switching unit, and switches the encryption key input to the encryption key switching unit at a specified timing and inputs the encryption key to the encryption unit, and performs encryption in the encryption unit. Switch keys at specified intervals.

  The timing used for the encryption key switching is a timing generated in synchronization with a predetermined sequence number in a packet header output from the packet header generating means.

  The timing at which the authentication / key exchange unit updates the decryption key is updated for each HTTP request when the transmission packet uses HTTP.

  Further, the timing at which the authentication / key exchange means updates the decryption key is changed for each fixed data amount when the transmission packet uses HTTP.

  Alternatively, the timing at which the authentication / key exchange means updates the decryption key is updated within a predetermined period when the transmission packet uses RTP.

  The timing used for the encryption key switching is a timing generated in synchronization with the end point or the start point of the error correction matrix.

  According to the present invention, in order to solve the above-mentioned problems, a packet transmission / reception device logically connected via a network is provided with an authentication for realizing confidentiality of transmission data such as MPEG-TS and protection of copyright. Key exchange means (AKE means), encryption means for encrypting transmission data, packetization means for generating a transmission packet using transmission data, decryption means for decrypting encrypted transmission data, and transmission The apparatus includes a transmission condition setting management unit that sets appropriate packet transmission conditions based on a packet reception status fed back from a packet transmission destination, a packet reception unit, and a reception condition setting management unit.

  Thereby, the DTCP method can be implemented in the IP protocol which is a standard protocol of the Internet.

  Also, AV data such as MPEG-TS is encrypted by a transmitting device to protect data confidentiality and copyright, and the like, and packets (eg, IP packets) are transmitted through a transmittable network. It is possible to decrypt the encrypted data.

  According to an embodiment of the present invention, the packetizing means classifies a transmission packet into a general packet and a priority packet having high real-time property and to be transmitted preferentially, and classifies the general packet into the first data. The priority packet is input to the queue means, and the priority packet is input to the second data queue means. Then, the transmission queue control means controls the transmission order of the packets temporarily stored in the first data queue means and the second data queue means. As a result, data with high real-time properties can be transmitted preferentially while protecting the confidentiality and copyright of the data.

  Further, when the input stream is a plurality of streams of two or more channels, signals related to each stream may be classified into priority data and general data.

  According to an embodiment of the present invention, the packetizing means includes a first packetizing means and a second packetizing means. General data including AKE-related information is input to the first packetizing means. The encrypted transmission data and AKE-related information generated by the encryption unit are input to the second packetization unit. In the second packetizing means, a packet is generated by hardware. The AKE related information is copy control information or encryption key update information.

  The packet generated by the first packetizer is input to the first data queue and temporarily stored therein, and the packet generated by the second packetizer is stored in the second data queue. Entered and temporarily stored.

  When the transmission condition setting management means instructs the transmission queue control means to preferentially output the packets temporarily stored in the second data queue means, the encrypted data is preferentially output. You. In this control, the second data queue means is controlled so as not to overflow, and if the receiving device has a buffer of an appropriate size, real-time transmission of content between the transmitting device and the receiving device can be realized.

  As described above, when data is encrypted and transmitted in real time between the transmitting device and the receiving device, since the second packetizing means is constituted by hardware, the transmission that occurs because software processing cannot be performed in time is performed. Problems such as unsent packets and missing received packets do not occur. Further, the first packetizing means having a small data amount can be constituted by an inexpensive microcomputer or the like, so that the cost can be reduced.

  According to an embodiment of the present invention, the AKE means for performing device authentication and exchanging the encryption key is a method based on the DTCP method, and includes an encryption key generation means, a DTCP information generation means, and an AKE command transmission. A processing unit, an AKE command reception processing unit, an exchange key generation unit, an encryption key change information generation unit, and a decryption key generation unit. The encryption key generation means generates an encryption key and inputs it to encryption to set an encryption operation. The DTCP information generating means generates AKE-related information using copy control information input from outside and key update information input from the encryption key generating means. The AKE command transmission processing means receives the encryption key from the encryption key generation means, the AKE parameter from the outside, and the AKE command information from the AKE command reception processing means, and generates and outputs an AKE transmission command. The AKE command reception processing means receives the AKE setting control information from the first packet receiving means, and outputs the setting control information to the AKE transmission processing means, the exchange key generation means, and the encryption key change information generation means, respectively. The encryption key change information generating means obtains information from the AKE command reception processing means and the first packet receiving means to generate encryption key change information. The decryption key generation means generates a decryption key using information from the exchange key generation means and the encryption key change information generation means, and outputs the decryption key to the decryption means.

  According to an embodiment of the present invention, the second packetization means to which the encrypted transmission data generated by the encryption means and AKE-related information such as copy control information and encryption key update information are input. Is provided with an error correction code adding means therein, adds an error correction code to the information, and is transmitted by the UDP / IP protocol. As a result, in the transmission of an IP packet, even when a packet loss or a bit error occurs in the network, the transmission data can be restored by error correction in the receiving device.

  According to an embodiment of the present invention, a priority packet to be transmitted with priority and a general packet having a lower transmission priority than the priority packet are multiplexed and transmitted on the time axis, and the priority packet to be transmitted is transmitted. Is controlled to transmit at a speed equal to or higher than the average input rate using dedicated hardware, for example.

  The general data is temporarily stored in the buffer means, and is transmitted intermittently while priority data transmission is performed with priority. Here, when the transmission rate of general data is 1 Mbps or less, transmission processing of general transmission can be performed using an inexpensive processor such as a CPU or a microcomputer.

  In the priority data input as a stream, an invalid data portion of the stream is removed, and a packet is generated based on packetization information using only valid data. Here, if UDP / IP is used as a communication protocol, an IP address is used as an address and a UDP port number is used as a subaddress as a header.

  According to an embodiment of the present invention, priority data format information is obtained from valid data and used to determine a packetization parameter together with externally input packetization information. Thereby, for example, when the priority data is of the DV type, automation of the packetization of the priority data can be performed in units of 80 bytes of the DIF block, and in the case of the MPEG type, 188 bytes of the TS packet. Can be simplified.

  According to an embodiment of the present invention, the priority data packetizing means in the transmission device adds an error correction code to the priority data, so that even when a packet loss occurs in the network, the priority data can be transmitted to the reception device. Can be restored.

  An embodiment of the present invention relates to a transmission error protection function in a priority data packetizing unit in a transmission device, and relates to a case where packet loss occurs in a network by adding an error correction code after encrypting priority data. In addition, the receiving device can restore the priority data, prevent data eavesdropping on the network, and realize highly secure data transmission. As a result, even when a public network such as the Internet is used for the transmission path, wiretapping and leakage of priority data (AV data) transmitted in real time can be prevented. Further, sales and billing of AV data transmitted via the Internet or the like can be performed, and highly secure BB and BC content sales and distribution can be performed.

  An embodiment of the present invention relates to a method of switching an encryption key for performing encryption, and it is possible to smoothly perform encryption key switching by using a phase of an error correction matrix as an encryption key switching phase. .

  One embodiment of the present invention relates to the setting of the port number of the packet header of the valid data packet, and the transmitting device and the receiving device provide a table for determining the format of the priority data or the combination of the channel number and the port number. Since the format can be detected only by detecting the port number, signal processing in the receiving device can be simplified.

  Further, even when two streams are simultaneously received by a receiver capable of processing two streams, it is possible to identify the format or the channel by the port number.

  In the following description of the present specification, a device capable of transmitting and receiving information including a packet is referred to as a transmitting / receiving device. The two transceivers communicate information with each other. Further, in the following description of the present specification, for convenience, a transmitting / receiving device that transmits data to be transmitted (for example, AV data) is referred to as a “transmitting device”, and a transmitting / receiving device that receives such data transmitted by the transmitting device is referred to as “transmitting device”. The device is called a “receiving device”.

  First, an outline of a system to which the present invention can be applied to clarify the present invention will be described.

  FIG. 1 is a diagram showing an example of a system to which the present invention can be applied.

  The transmitting apparatus 101 transmits data to the receiving apparatus 103 via the router 102.

  More specifically, transmission / reception condition-related information, authentication and key exchange (hereinafter, also referred to as AKE) setting information, and an input stream (data such as MPEG-TS) are input to the transmitting device 101. Communication is executed based on the procedures 1 to 3 of the above.

Procedure 1) Setting transmission / reception parameters:
(1-1) A MAC (Media Access Control) address, an IP (Internet Protocol) address, a TCP / UDP (Transmission Control Protocol / User Datagram Protocol) port number, and the like of the transmitting apparatus 101 and the receiving apparatus 103 are set.

  (1-2) Set the type and band of the transmission signal.

  The transmitting device 101 and the receiving device 103 function as a QoS (Quality of Service) agent, and the router 102 functions as a QoS manager. The setting relating to the network using the IEEE 802.1Q (VLAN) standard is performed between the QoS agent and the QoS manager.

  (1-3) The priority is set based on the IEEE 802.1Q / p standard.

Step 2) Authentication and key exchange:
(2-1) The transmitting device 101 and the transmitting device 103 authenticate each other and exchange keys with each other. In this case, for example, the DTCP method can be used.

Step 3) Data transmission:
(3-1) Encrypted data (for example, MPEG-TS) is transmitted from the transmitting device 101 to the receiving device 103.

  In FIG. 1, the MPEG-TS is input to the transmitting apparatus 101 as an input stream, but the present invention is not limited to this. As such an input stream, for example, an MPEG-TS stream such as MPEG1 / 2/4 (ISO / IEC 13818), DV (IEC 61834, IEC 61883), SMPTE 314M (DV-based), SMPTE 259M (SDI) , SMPTE 305M (SDTI), and SMPTE 292M (HD-SDI).

  Note that the data transmitted from the transmission device 101 may be general AV data. Further, the data of the present invention may be a file. When a file is transferred as data, the data transfer speed is set to the normal reproduction of the AV data from the relationship between the propagation delay time between the transmitting device 101 and the receiving device 103 and the respective processing capabilities of the transmitting device 101 and the receiving device 103. Under conditions such as being greater than the data rate, data can be transmitted faster than in real time.

  Next, with reference to FIG. 2, the authentication and key exchange of the above procedure 2 will be described in more detail.

  FIG. 2 is a diagram illustrating operations of the transmitting device and the receiving device when the DTCP method is applied to authentication and key exchange.

  Here, authentication and key exchange (Authentication and Key Exchange, hereinafter, also referred to as AKE) based on the DTCP method are performed. In that case, the transmitting device 101 is also called an AKE source, and the receiving device 103 is also called an AKE sink.

  The transmitting device 101 and the receiving device 103 are connected by an IP network.

  First, the transmission apparatus 101 transmits data protection mode information including data copy protection information to the reception apparatus 103. Here, the transmitting device 101 may transmit the encrypted data at the same time.

  The receiving device 103 analyzes the copy protection information of the data, determines an authentication method to be used, and sends an authentication request to the transmitting device 101. By performing these operations, the transmitting device 101 and the receiving device 103 share an authentication key.

  Next, the transmitting device 101 generates an encrypted exchange key by encrypting the exchange key using the authentication key, and the transmitting device 101 transmits the encrypted exchange key to the receiving device 103. The receiving device 103 uses the authentication key shared with the transmitting device 101 to decrypt the encrypted exchange key and generate an exchange key.

  Next, the transmitting apparatus 101 generates key change information that changes with time in order to change the encryption key with time. Here, this key change information is also called seed information. The transmitting device 101 transmits the key change information to the receiving device 103.

  The transmitting apparatus 101 generates an encryption key using the exchange key and the key change information, and encrypts data (for example, MPEG-TS) using the encryption key by an encryption unit. The encrypted data is generated, and the encrypted data is transmitted to the receiving device 103.

  The receiving device 103 generates an encryption key using the key change information and the exchange key. The receiving device 103 decrypts the encrypted data using the encryption key. In the receiving device 103, the encryption key is also called a decryption key.

  The transmitting apparatus 101 and the receiving apparatus 103 may confirm each other's key change information at an arbitrary time thereafter.

  FIG. 3 is a schematic diagram illustrating an example of a case where the DTCP method is applied to a two-story house using Ethernet (R).

  The network configuration 301 on the first floor includes a router 303, and the router 303 is installed on the first floor. The first-floor network configuration 301 is connected to the Internet via 100 Mbps Fiber to the Home (FTTH).

  The network configuration 302 on the second floor includes a switching hub 304, and the switching hub 304 is installed on the second floor.

  The router 303 is connected to the switching hub 304 via the network 305, so that the first floor network configuration 301 is connected to the second floor network configuration 302. Here, the network 305 is an Ethernet (R) network that connects the router 303 and the switching hub 304, and the router 303 also functions as a switching hub.

  The data rate of all Ethernet networks in a house is 100 Mbps.

  In the first-floor network configuration 301, a television (TV (Television)), a personal computer (PC (Personal Computer)), and a DVD (Digital Versatile Disc) recorder are connected to the router 303 via 100 Mbps Ethernet (R). Air conditioner and refrigerator are connected by ECHONET.

  In the network configuration 302 on the second floor, a television (TV), a personal computer (PC), and a DVD recorder are connected to the switching hub 304 via 100 Mbps Ethernet (R), and an air conditioner is connected via ECHONET. ECHONET is a transmission method developed by "Echo Net Consortium" (http://www.echonet.gr.jp/).

  In FIG. 3, a personal computer (PC), a DVD recorder, a router 303, and a switching hub 304 comply with the IEEE 802.1Q standard (VLAN). Therefore, the data rates of all ports are all the same (for example, 100 Mbps). In the router 303 and the switching hub 304, data input from an input port is transmitted to a router unless the sum of data rates output from a specific output port exceeds a standard value or an effective value of a transmission rate of an output port of the port. All are output from the output port without being lost inside the switching hub 303 or the switching hub 304.

  Even if data is simultaneously input to the switching hub 304 via, for example, eight input ports, if the output ports of the respective data are different, the respective data is provided inside the router 303 or the switching hub 304. The buffer is switched and output from the output port without conflict in the buffer. Therefore, all data input from the input port is output from the output port without dropping packets.

  In FIG. 3, the data rate of all Ethernet® in the house is 100 Mbps, and the data rate of the network 305 between the first floor and the second floor is also 100 Mbps. When a plurality of data flows between the equipment on the first floor and the equipment on the second floor, there is a possibility that the total of the data rates flowing on the network 305 exceeds 100 Mbps unless there is a restriction on the data rate for each data. A data stream that requires real-time transmission such as an MPEG-TS video application may be interrupted.

  In this case, it is necessary to perform priority control on the transmission data so that the data stream requiring real-time transmission is not interrupted. By introducing a speed limiting mechanism for stream transmission and file transfer, which will be described later, into the router 303 and the switching hub 304 as well as the terminal, it is possible to prevent interruption of a data stream that requires real-time transmission. .

  For example, if the transmission priority of MPEG-TS data requiring real-time transmission is higher than the transmission priority of file data, the file is transferred between the PC on the first floor and the PC on the second floor at the same time. MPEG-TS data can be encrypted and transmitted in real time between a DVD recorder, PC or TV on the first floor and a DVD recorder, PC or TV on the second floor.

  The transmission rate limiting mechanism in the router 303 or the switching hub 304 can be realized by data inflow control. More specifically, this can be realized by comparing high-priority data with low-priority data in the input data queue means of the router 303 or the switching hub 304 and outputting the high-priority data with priority. Buffer control rules used in the priority control scheme include a round robin scheme, a fluid fair scheduling scheme, a weighted fair scheduling scheme, a self-synchronous fair scheduling scheme, a WFFQ scheme, a virtual clock scheduling scheme, and a class-based scheduling scheme. Details of these scheduling methods are described in Iwao Toda, "Network QoS Technology", May 25, 2001 (first edition), Chapter 12 of Ohmsha, and the like.

(Embodiment 1)
FIG. 4 is a block diagram of the packet transmitting / receiving apparatus 401 according to Embodiment 1 of the present invention.

  The packet transmission / reception device 401 performs authentication and key exchange based on the DTCP method, and transmits and receives a packet. Here, it is assumed that the packet transmitting / receiving apparatus 401 transmits a packet to another packet transmitting / receiving apparatus having the same function as the packet transmitting / receiving apparatus 401 and receives a packet from such a packet transmitting / receiving apparatus. Therefore, the packet transmission / reception device 401 transmits the transmission packet to the destination of the transmission packet, and receives the reception packet from the transmission source of the reception packet.

  The packet transmitting / receiving apparatus 401 includes an authentication / key exchange unit (hereinafter, also referred to as an AKE unit) 402 that generates an encryption key and a decryption key, and encrypts the transmission data using the encryption key, thereby transmitting the encrypted transmission data. Using at least one of the generating means 406, transmission condition related information, transmission / reception management information, and reception condition setting information, transmission condition generation information for setting transmission condition of a transmission packet is generated. A condition setting management unit 404, a packetization unit 403 that generates a transmission packet using encrypted transmission data, and a reception condition of a reception packet using at least one of reception condition related information and packet reception information. Receiving condition setting management means 408 for generating receiving condition setting information of the same and packet receiving means 405 for receiving a received packet. Using the reception condition setting information, the reception data included in the reception packet is extracted from the reception packet, the packet reception information is generated from the reception packet, and the packet reception information is authenticated by the authentication / key exchange means 402 or the reception condition setting management means. And a decryption unit 407 for decrypting the received data using a decryption key.

  The packet transmitting / receiving apparatus 401 further includes framing means 409 for generating a transmission frame using a transmission packet, and frame receiving means 410 for receiving a reception frame. In addition to functioning as a transmission device that transmits a transmission frame including a received packet, it also functions as a reception device that receives a reception frame including a received packet.

  Hereinafter, a case where the packet transmitting / receiving apparatus 401 transmits a transmission frame using TCP / IP, UDP / IP, or the like will be described.

  The transmission condition setting management unit 404 receives transmission condition related information, transmission / reception management information, and reception condition setting information.

  The transmission condition related information includes, for example, the type of transmission data, information of a transmission destination address or a port number, path information (routing information) used for transmission, transmission data bandwidth, and transmission priority of transmission data. .

  The transmission / reception management information includes device management control data in the transmitting device (local) and the receiving device (remote).

  More specifically, the transmission management information includes device management control data such as a MAC (Media Access Control) address or position information at the transmitting device (local) and the receiving device (remote). The position information is, for example, information in which a range is specified in a region code, an address, a postal code, or longitude and latitude. Using the position information, it is possible to limit the range of the transmitting device and the receiving device that perform authentication. Further, when the one-way or round-trip propagation time of a packet transmitted and received between the transmitting device and the receiving device is shorter than a predetermined time limit, the authentication range may be limited by permitting authentication. It is possible. For example, the range of authentication can be limited by permitting authentication only when an RTT (Round Trip Time) is 1 msec or less in an Ethernet (R) IP connection. When a wireless system such as the 802.11a standard or the 802.11b standard is combined with a plurality of transmission media such as the Ethernet (R) standard, the RTT corresponding to the propagation delay characteristics of each transmission medium is set. Authentication can be allowed. The measurement of these times may be performed by, for example, a dedicated command of AKE, or may be realized by the packet additional information including a time stamp or position information as described below with reference to FIG. it can.

  Further, when a wireless transmission section exists in a transmission / reception section between the transmission apparatus and the reception apparatus, data is encrypted and scrambled in the wireless transmission section according to the WEP or WPA scheme which is a security scheme of the wireless LAN. By permitting the authentication after confirming that the mode is the transmission mode, it is possible to prevent a third party from decrypting data due to data leakage in the wireless transmission section.

  The reception condition setting information includes information for feeding back the reception status of the receiving device from the receiving device to the transmitting device. This information is input from the reception condition setting management unit 408 to the transmission condition setting management unit 404.

  The transmission condition setting management unit 404 generates transmission condition setting information using at least one of the transmission condition related information, the transmission / reception management information, and the reception condition related information. The transmission condition related information includes at least one of the position information of the packet transmitting / receiving device, the position information of the destination of the transmission packet, and the position information of the transmission source of the reception packet.

  Using the transmission condition setting information generated by the transmission condition setting management unit 404, the packetizing unit 403 and the framing unit 409 set a header and a payload. The transmission condition setting management unit 404 also outputs the transmission condition setting information to the packetization unit 403 and the packet additional information generation unit 411 included in the packetization unit 403.

  The AKE means 402 receives authentication / key exchange setting information (hereinafter, also referred to as AKE setting information). Authentication / key exchange related information (hereinafter also referred to as AKE related information) related to the AKE setting information is input from the AKE means 402 to the packet additional information generating means 411. The authentication / key exchange related information includes, for example, copy protection information indicating the encryption state of the encrypted transmission data during transmission, and encryption key change information.

  For example, MPEG-TS is input to the encryption unit 406 as an input stream. The encryption unit 406 generates encrypted transmission data by using a part of the MPEG-TS as transmission data and encrypting the transmission data using the encryption key generated by the AKE unit 402. The encrypted transmission data is output from the encryption unit 406 to the packetization unit 403.

  The packetizing unit 403 generates a transmission packet using the encrypted transmission data based on the transmission condition setting information generated by the transmission condition setting management unit 404.

  The packetizing means 403 includes a packet additional information generating means 411, and the packet additional information generating means 411 generates packet additional information using at least one of transmission condition setting information and authentication / key exchange related information.

  The packetizing means 403 may convert the encrypted transmission data into a predetermined size and add an IP (Internet Protocol) header specified by the IETF as IPv4 or IPv6, or a service type field of the IPv4 header or Alternatively, information indicating a priority packet may be added to a TOS (Type of Service) field in a service type field, or information indicating a priority packet may be added to a priority field of an IPv6 header. Good.

  The packet additional information generated by the packet additional information generating unit 411 is input to the packetizing unit 403 and is added to the encrypted transmission data. More specifically, the packet addition information is added to the encrypted transmission data as a part of the header of the TCP / IP or UDP / IP protocol to generate a transmission packet.

  To the transmission packet, encryption mode information is added as DTCP copy control information in the AKE unit 402.

  The transmission packet is further added with a MAC header in the framing unit 409 to generate an Ethernet (R) frame, and the Ethernet (R) frame is output from the framing unit 409 to the network as a transmission frame.

  The content copy control information is referred to as CGI (Copy Control Information), and the copy protection information indicating encryption in transmission is referred to as EMI (Encryption Mode Indicator). Generally, EMI uses a protection mode equivalent to or stronger than CGI.

  Next, a case where the packet transmitting / receiving apparatus 401 receives a reception frame will be described.

  The frame receiving means 410 receives a received frame via a network. The frame receiving unit 410 extracts a MAC header included in the received frame, performs filtering based on the extracted MAC header, and outputs an IP packet obtained by the filtering to the packet receiving unit 405.

  The packet receiving unit 405 performs filtering by identifying an IP packet header or the like of the IP packet, and generates packet reception information. AKE information obtained as packet reception information by filtering is input to the packet additional information extraction unit 412 included in the packet reception unit 405. The packet additional information extracting unit 412 extracts the packet additional information from the received packet, and outputs the extracted packet additional information to the AKE unit 402.

  As described above, since the AKE unit of the transmitting device and the AKE unit of the receiving device can be connected one-to-one via a network, messages can be exchanged with each other via a communication protocol.

  The AKE unit 402 permits authentication when the position information of the packet transmitting / receiving device 401 and the position information of the destination of the transmission packet or the position information of the source of the reception packet match predetermined conditions.

  The AKE means 402 is, for example, one-way or round-trip from the packet transmitting / receiving apparatus 401 to the destination of the transmitted packet or the source of the received packet between the packet transmitting / receiving apparatus 401 and the destination of the transmitted packet or the source of the received packet. If the propagation time is shorter than a predetermined time limit, authentication is permitted.

  Alternatively, if there is a wireless transmission section in a transmission / reception section between the packet transmission / reception device 401 and the destination of the transmission packet or the transmission source of the reception packet, the AKE section 402 scrambles and transmits the data in the wireless transmission section. When confirming the mode, authentication may be permitted.

  Therefore, authentication and key exchange can be executed according to the setting procedure of the two AKE units.

  After authentication and key exchange are established between the packet transmitting / receiving apparatus functioning as a transmitting apparatus and the packet transmitting / receiving apparatus functioning as a receiving apparatus, the transmitting apparatus transmits the encrypted AV data.

  As the transmission device, the MPEG-TS data is input to the encryption unit 406, and the encryption unit 406 generates encrypted MPEG-TS data obtained by encrypting the MPEG-TS. The encrypted MPEG-TS data is input to the packetizing unit 403, and the packetizing unit 403 adds a TCP / IP protocol header to generate a transmission packet.

  The framing unit 409 adds a MAC header to the transmission packet using the 802.1Q (VLAN) method, converts the packet into an Ethernet (R) frame, and generates a transmission frame. The transmission frame generated in this way is output to the network.

  Here, by setting a higher Priority (user priority) in TCI (Tag Control Information) in the MAC header, the priority of network transmission can be made higher than that of general data.

  In the receiving device, the signal input from the network is filtered by the frame receiving unit 410 based on the MAC header, and is input to the packet receiving unit 405 as an IP packet. The packet is filtered by the packet receiving unit 405 based on the identification of the packet header or the like, input to the decoding unit 407, and the decoded MPEG-TS is output.

  Note that information for feeding back the reception status to the transmitting device is input to the transmission condition setting management unit 404 from the reception condition setting management unit 408 as the reception condition setting information, and the transmission condition setting management unit 404 receives the information based on the information. Then, transmission condition setting information is generated, and a header and a payload generated by the packetizing means 403 and the framing means 409 are set based on the transmission condition setting information.

  FIG. 5 is a schematic diagram showing an example of a packet format when a packet and a frame are generated and transmitted using MPEG-TS. Here, MPEG-TS conforms to ISO / IBC 13818. The MPEG-TS may be a signal format based on the ARIB standard, ARIB TR-B14, ARIB TR-B15, or ARIB STD-B21.

  The MPEG-TS input as an input stream is divided into 188 bytes, and a 194-byte unit is formed by adding a 6-byte time code (TC (Time Code)) to the 188-byte MPEG-TS. Here, the TC includes a 42-bit time stamp and a 6-bit base clock ID (BCID (Base Clock ID)).

The BCID can represent time stamp frequency information.
For example,
(Case 1) When BCID is 0x00, there is no time stamp frequency information. (Case 2) When BCID is 0z01, the time stamp frequency information is 27 MHz (MPEG2 system clock frequency).
(Case 3) When the BCID is 0x02, the frequency information of the time stamp is 90 kHz (clock frequency used in MPEG1).
(Case 4) When the BCID is 0x03, the time stamp frequency information is 24.576 MHz (clock frequency used in IEEE 1394).
(Case 5) When the BCID is 0x04, the frequency information of the time stamp is 100 MHz (frequency used in Ethernet (R)).

  Two pieces of 194-byte data are encrypted together to generate encrypted data, and when 7-byte packet additional information is added to the encrypted data, a payload of the RTP protocol is formed.

  Here, the packet additional information includes 2-bit EMI (Encryption Mode Indicator), 1-bit O / E (Odd / Even), 13-bit Reserved Data, and 40-bit time stamp or position information. . EMI and O / E are defined by the DTCP system. Note that DTCP seed information (Nc) may be used instead of O / E.

  The packet additional information generation means 411 (see FIG. 4) generates EMI and O / E using the AKE related information.

  The time stamp or the position information is information generated by the packet additional information generating unit 411 (see FIG. 4) using the transmission condition setting information, and is arranged after Reserved Data. The time stamp or location information may also be located between O / E and Reserved Data.

  The position information is, for example, information in which a range is designated by a region code, an address, a postal code, or longitude and latitude.

  Here, the packet additional information is 7 bytes, but the packet additional information is not limited to 7 bytes.

  The packet additional information may not include a time stamp or location information. In that case, the packet additional information is 2 bytes.

  When 7-byte packet additional information is added to the encrypted data, a payload of the RTP protocol is formed. When an RTP header is added as a header, the RTP protocol is formed.

  The RTP protocol is a payload of a TCP packet or a UDP packet. When a TCP header or a UDP header is added as a header, a TCP packet or a UDP packet is formed.

  The TCP packet or the UDP packet is a payload of the IP packet. When the IP header is added as a header, the IP packet is generated. Here, the IP header is defined in the IETF as IPv4 or IPv6.

  Further, this IP packet is a payload of a MAC frame. When an Ethernet (R) header is added as a header, an Ethernet (R) packet is generated.

  As shown in FIG. 5, both a standard Ethernet (R) header and an Ethernet (R) header extended by IEEE 802.1Q (VLAN) can be applied as the Ethernet (R) header.

  A standard Ethernet header is 14 bytes and includes 6 bytes of DA (Destination Address), 6 bytes of SA (Source Address), and 2 bytes of information indicating length / type.

  The Ethernet header extended by 802.1Q has 18 bytes, and the Ethernet header extended by 802.1Q has a 4-byte 802.1q between SA and information indicating the length / type. It differs from the standard Ethernet header in that an extension is provided.

  The 802.1q extension unit includes a 2-byte Tag Control ID (TPID) and a 2-byte Tag Control Information (TCI) indicating VLAN priority.

  The TCI includes 3-bit Priority (User Priority), 1-bit CFI (Canonical Format Indicator), and 12-bit VID (VLAN Identifier).

  The usage of Priority is defined in ISO / IEC 15802-3, and the priority of the Ethernet (R) frame can be set using the Priority flag.

  Next, the above procedure will be described in more detail with reference to the protocol stack of FIG.

  FIG. 6 is a schematic diagram for explaining a protocol stack according to the first embodiment of the present invention.

  The hierarchy of the OSI (Open Systems Interconnection) model is shown at the left end of FIG. This layer is a link layer, a network layer, a transmission layer, and an application layer in order from the lower layer.

  First, encrypted data is transmitted from a transmitting device to a receiving device via a data port, and AKE-related information of the data is transmitted via an AKE port.

  The receiving device analyzes the copy protection information of the data, determines an authentication method, and sends an authentication request to the transmitting device.

  Next, the transmitting device generates a random number, inputs the random number to a predetermined function, and creates an exchange key. When the information of the exchange key is input to a predetermined function, an authentication key is generated.

  The receiving device also generates an authentication key by performing a predetermined process, whereby the transmitting device and the receiving device share the authentication key.

  Here, the information used to perform the encryption includes, for example, unique information of the transmission device (e.g., device ID, device authentication information, and Mac address), a secret key, a public key, and information given from outside. This is information generated by combining one or more types, and strong encryption is possible by using an encryption method with a high encryption strength such as the DES method or the AES method.

  Next, the transmitting device encrypts the exchange key using the authentication key to generate an encrypted exchange key, and transmits the encrypted exchange key to the receiving device. The receiving device decrypts the encrypted exchange key into an exchange key using the authentication key. In addition, the exchange key and the initial key update information are input to a predetermined function to generate an encryption key (decryption key).

  The transmitting device generates key update information that changes with time in order to change the encryption key with time, and transmits the key update information to the receiving device.

  In the transmitting device, the MPEG-TS, which is the content data, is encrypted using an encryption key to generate encrypted data. Then, the encrypted data becomes a payload of a TCP (or UDP) packet as AV data together with the above-described EMI and O / E, and a TCP (or UDP) packet is generated. Further, the TCP (or UDP) packet is used as a payload of the IP packet, and an IP packet is generated. Further, this IP packet is used as a payload of a MAC frame, and an Ethernet MAC frame is generated.

  The MAC can be applied not only to the IEEE 802.3 standard that is the Ethernet (R) standard, but also to the MAC of the IEEE 802.11 standard that is the wireless LAN standard.

  The Ethernet (R) MAC frame is transmitted from the transmitting device to the receiving device on the Ethernet (R). The receiving device generates an encryption key (decryption key) according to a predetermined procedure. Then, an IP packet is filtered from the received Ethernet MAC frame. Further, a TCP (or UDP) packet is extracted from the IP packet. Then, AV data is extracted from the TCP (or UDP) packet, and the data (MPEG-TS) is decrypted with an encryption key (decryption key) generated using the exchange key and the key change information.

  It is preferable that the timing information indicating the timing at which the AKE unit 402 updates the decryption key is added to the transmission packet. In this case, the timing at which the AKE unit 402 updates the decryption key may be notified by changing the TCP port number or the UDP port number of the transmission packet.

  When the transmission packet uses HTTP, the timing at which the AKE unit 402 updates the decryption key may be updated for each HTTP request, or may be changed for each fixed amount of data.

  Alternatively, when the transmission packet uses RTP, the timing at which the AKE unit 402 updates the decryption key may be updated within a predetermined period (for example, 60 seconds).

  As described above, data such as MPEG-TS is encrypted by the transmission device, and the IP packet is transmitted via the network by HTTP / TCP / IP or RTP / UDP / IP, and is converted to the original data by the reception device. It is possible to decrypt. The above-mentioned O / E or seed information (Nc) is transmitted in a certain rule, for example, every HTTP request, every certain amount of AV data (for example, every 1 MB), or within a predetermined time. Updating can further improve security.

  Here, with reference to FIG. 3 again, it will be described that the stream transmission and the file transfer can coexist by changing the network topology using the switching hub.

  For example, by extending the data rate of the network 305 between the first floor and the second floor from 100 Mbps to 1 Gbps, while performing file transfer between the first floor PC and the second floor PC, at the same time, the first floor MPEG-TS can be encrypted and transmitted in real time between a DVD recorder, PC or TV on the second floor and a DVD recorder, PC or TV on the second floor.

  For example, a commercially available switching hub having eight 100 Mbps ports and one 1 Gbps port is used, and a 1 Gbps network is connected to a network 305 connecting the first floor network configuration 301 and the second floor network configuration 302. The ports are connected, and AV devices such as TVs are connected to the remaining eight 100 Mbps ports. Since there are eight 100 Mbps ports, the total data rate of the input ports is 100 Mbps × 8 ch = 800 Mbps, even if data is input to each of the eight ports at a maximum of 100 Mbps and output from one port, and 1 Gbps Since it is smaller, the data input from the eight input ports are all output from the 1 Gbps output port without being lost inside the switching hub.

  Therefore, all of the data output from the AV equipment on the first floor can be transmitted to the second floor via the network 305. Conversely, all data output from the AV equipment on the second floor can be transmitted to the first floor via the network 305.

By using the switching hub as described above, real-time data transmission and file transfer can be performed simultaneously.
(Embodiment 2)
FIG. 7 is a block diagram of a packet transmitting / receiving apparatus 401A according to Embodiment 2 of the present invention.

  The packet transmitting / receiving apparatus 401A includes the transmission queue control unit 601, the first queue unit 602, and the second queue unit 603, except that the packet transmission / reception device 401A includes the packet described in the first embodiment with reference to FIG. It has the same configuration as the transmitting / receiving device 401. In the following description, the transmission queue control unit 601, the first queue unit 602, and the second queue unit 603 will be mainly described for the purpose of simplifying the description.

  The packetizing unit 403 performs a TCP / IP protocol process on the general data to generate a first packet, and outputs the first packet to the first queue unit 602. Here, the general data is, for example, transmission condition setting information and AKE related information.

  The first queue unit 602 temporarily stores the first packet.

  The packetizing unit 403 also performs TCP / IP protocol processing on the encrypted transmission data generated by the encrypting unit 406 to generate a second packet, and stores the second packet in the second queue unit 603. Output to

  The second queue unit 603 temporarily stores the second packet.

  Here, the packetizing means 403 generates the first packet using the general data, while generating the second packet using the encrypted transmission data which is the content data.

  When the packets are temporarily stored in the first queue means 602 and the second queue means 603, the transmission queue control means 602 outputs which packet has priority based on the transmission condition setting information. Control what to do.

  Specifically, the transmission queue control unit 601 includes information on a transmission path of the first packet or the second packet, information on a bandwidth required to transmit the first packet or the second packet, Using at least one of information on delay from transmission of a transmission packet to arrival and information on the priority of the first packet or the second packet, the first queue stored in the first queue unit is used. It controls which of the packet and the second packet stored in the second queue means is transmitted.

  In a normal state, the transmission queue control unit 602 controls the first queue unit 602 and the second queue unit 603 so that content data such as MPEG-TS is output with higher priority than general data. That is, the transmission queue control unit 602 treats the encrypted transmission data, which is the content data, as priority data that gives priority to general data.

  The priority data is, for example, an uncompressed SD signal defined by the MPTE 259M standard, an uncompressed HD format defined by the SMPTE 292M standard, or DV or MPEG-TS based on IEEE 1394 defined by the IEC 61883 standard. It is a transmission stream format or at least one data stream format of the MPEG-TS format, MPEG-PS format, MPEG-ES format, and MPEG-PES format according to DVB-ASI defined by DVB standard A010.

  The transmission queue control unit 601 uses the RSVP method described in IETF rfc2205, rfc2208, and rfc2209, the Intserv method described in IETF rfc2210, rfc2211, 2212, and rfc2215, and the method described in IETF rfc2474, rfc2475, and rfc2597 in fc25, and rfc25 in fc25. Any one of the control methods may be used.

  The framing unit 409 generates a transmission frame using the first packet or the second packet output from the first queue unit 602 or the second queue unit 603, respectively, and outputs the transmission frame to the network. .

  The transmission queue control unit 601 controls the first queue unit so as to average the interval between the first packet transmitted from the first queue unit 602 and the second packet transmitted from the second queue unit 603. And the second queue means may be controlled.

  Generally, when an MPEG-TS is transmitted from a transmitting device to a receiving device with low delay, an overflow is likely to occur because the buffer for the MPEG-TS is small.

  In the transmitting device, when the buffer for the MPEG-TS (for example, the buffer of the second queue means 603) is about to overflow, or the MPEG-TS of the receiving device is referred to by referring to the information fed back from the receiving device. If it is found that the buffer for the data is about to underflow, the priority of the second queue means 603 is further adaptively increased so that the MPEG-TS data is preferentially output. Such a buffer failure can be avoided.

  In the case where the transmitting device remotely controls the receiving device, the priority of the first queue means 602 in the transmitting device may be raised adaptively in order to make the control response such as reproduction and stop of the receiving device faster. However, in this case, the buffer for the MPEG-TS may overflow or underflow.

  Therefore, as a mode for the transmitting apparatus to remotely control the receiving apparatus so as to avoid overflow and underflow of the buffer and to speed up the control response such as reproduction and stop of the receiving apparatus, the receiving apparatus is remotely controlled. , The packet for packeting is output directly from the packetizing unit 403 to the framing unit 409 without passing through the queue unit, whereby a quick control response can be realized. Alternatively, a quick control response can be realized by newly providing a third queue means for a packet for remotely controlling the receiving device.

  The operation of the receiving device is the same as in the first embodiment.

It is preferable that the transmission queue control unit 601 controls the first queue unit 602 and the second queue unit 603 so that the data rate of the second packet does not become lower than a predetermined value. Further, the transmission queue control means 601 operates the transmission queue control means 601 and the second queue means 602 so that the time accumulated in the second queue means 603 is always smaller than a predetermined value. Preferably, 603 is controlled.
(Embodiment 3)
Embodiment 3 will be described.

  FIG. 8 is a block diagram of a packet transmitting / receiving apparatus 401B according to Embodiment 3 of the present invention.

  The packetizer 403 includes a first packetizer 701 and a second packetizer 702, and the packet receiver 405 includes a first packet receiver 703 and a second packet receiver 704. Except for this point, the packet transmitting / receiving apparatus 401B has the same configuration as the packet transmitting / receiving apparatus 401A described in Embodiment 2 with reference to FIG. In the following description, for the purpose of simplifying the description, mainly a first packetizing means 701, a second packetizing means 702, a first packet receiving means 703, and a second packet receiving means 704 Will be described.

  First, a case where the transmitting / receiving device 401B transmits a transmission frame will be described.

  The first packetizing unit 701 includes, for example, a processor, and the transmission condition setting information and the AKE related information generated by the transmission condition setting management unit 404 are input to the first packetizing unit 701. . The first packetizing means 701 generates a first packet by subjecting transmission condition setting information and AKE-related information to TCP / IP protocol processing by software processing using a processor. The first packetizing unit 701 outputs the first packet to the first queue unit 602.

  The first packetizing means 701 adds at least one header of RTCP, RTSP, HTTP, TCP, UDP, and IP, which are data processing protocols defined in the IETF document.

  Encrypted transmission data obtained by encrypting transmission data such as MPEG-TS by the encryption unit 406 is input to the second packetizing unit 702. AKE-related information may be input to the second packetizer 702. The AKE-related information is, for example, copy control information and encryption key update information.

  The second packetizing means 702 generates a second packet by processing the encrypted transmission data by a UDP / IP protocol by hardware processing. The second packetizing means 702 outputs the second packet to the second queue means 603.

  The second packetizing means 702 adds a sequence number to data or adds at least one header of RTP, UDP, HTTP, TCP, and IP which are data processing protocols specified in the IETF document. I do.

  When packets are temporarily stored in both the first queue unit 602 and the second queue unit 603, the transmission queue control unit 601 performs the same operation as the first queue unit in the second embodiment. It controls which of the packets 602 and 603 is output with priority.

  A case where the transmitting / receiving device 401B receives a reception frame will be described.

  The frame receiving means 410 receives a received frame via a network. The frame receiving unit 410 filters the IP packet from the received frame based on the MAC header.

  Here, when the IP packet is a packet similar to the first packet generated by the first packetizing unit 701, the IP packet is input to the first packet receiving unit 703, and the IP packet is If the packet is the same as the second packet generated by the second packetizer 702, the IP packet is input to the second packet receiver 704.

  The first packet receiving unit 703 performs TCP / IP protocol reception processing by software processing using a processor, and outputs the packet reception information generated by this processing to the AKE unit 402 or the reception condition setting management unit 408.

  Further, the second packet receiving unit 704 performs a receiving process of the UDP / IP protocol by hardware processing, and outputs the received data extracted by this process to the decoding unit 407. The decryption means 407 decrypts the encryption of the received data.

  Next, the above procedure will be described in more detail using the protocol stack of FIG.

  FIG. 9 is a schematic diagram for explaining a protocol stack according to the third embodiment of the present invention.

  The protocol stack shown in FIG. 9 has the same configuration as the protocol stack described with reference to FIG. 6 except that the transmission layer of AV data such as MPEG-TS is UDP. Therefore, in the following description, the point that the transmission layer is UDP is mainly described.

  In the transmitting device, encrypted transmission data is generated by encrypting the transmission data (for example, MPEG-TS) as the content using the encryption key Kc. The encrypted transmission data becomes the payload of the UDP packet by hardware as AV data together with the EMI and O / E described above, and the UDP packet is generated by adding a UDP header. Further, this UDP packet is used as a payload of the IP packet, and an IP packet is generated by adding an IP header.

  As a method of transmitting EMI and O / E from the transmitting device to the receiving device, for example, it is also possible to generate and transmit another dedicated packet. In that case, decryption of the encryption key becomes more difficult, and eavesdropping and leakage of the content can be made more difficult. Even in a public network such as the Internet, by changing the encryption parameter of AV data transmitted in real time or by sending it as a separate packet, eavesdropping and leakage of content can be made more difficult.

  As for the management control data, similarly to the example of FIG. 6, a TCP packet is generated by software processing, and an IP packet is generated.

  The Ethernet (R) MAC frame is transmitted from the transmitting device to the receiving device on the Ethernet (R). The receiving device generates an encryption key according to a predetermined procedure. Then, the IP packet is filtered from the received Ethernet MAC frame. Further, a UDP packet is extracted from the IP packet, reception data is extracted from the UDP packet, and the reception data (for example, MPEG-TS) is decrypted using the encryption key Kc.

  As described above, in the layer that processes the received frame in the lower layer than the layer in which the encrypted transmission data and the general data are processed, the priority data and the general data are selected from the communication protocol header of the received packet included in the received frame. The processing of priority data and the processing of general data can be performed independently.

  FIG. 10 is a schematic diagram illustrating an example of a packet format when a packet and a frame are generated and transmitted using MPEG-TS. Again, MPEG-TS is based on ISO / IBC 13818.

  The MPEG-TS input as an input stream is divided into 188 bytes, and a 194-byte unit is formed by adding a 6-byte time code (TC (Time Code)) to the 188-byte MPEG-TS. Here, the TC includes a 42-bit time stamp and a 6-bit base clock ID (BCID (Base Clock ID)).

The BCID can represent time stamp frequency information.
For example,
(Case 1) When BCID is 0x00, there is no time stamp frequency information. (Case 2) When BCID is 0z01, the time stamp frequency information is 27 MHz (MPEG2 system clock frequency).
(Case 3) When the BCID is 0x02, the frequency information of the time stamp is 90 kHz (clock frequency used in MPEG1).
(Case 4) When the BCID is 0x03, the time stamp frequency information is 24.576 MHz (clock frequency used in IEEE 1394).
(Case 5) When the BCID is 0x04, the frequency information of the time stamp is 100 MHz (frequency used in Ethernet (R)).

  Encrypted data is generated by encrypting two pieces of data in units of 194 bytes and further adding 2-byte packet additional information to the encrypted data, thereby forming a payload of the RTP protocol.

  Here, the packet additional information includes 2-bit EMI (Encryption Mode Indicator), 1-bit O / E (Odd / Even), 13-bit Reserved Data, and 40-bit time stamp or position information. . EMI and O / E are defined by the DTCP system. Note that DTCP seed information (Nc) may be used instead of O / E.

  The packet additional information generation means 411 (see FIG. 4) generates EMI and O / E using the AKE related information.

  The time stamp or the position information is information generated by the packet additional information generating unit 411 (see FIG. 4) using the transmission condition setting information, and is arranged after Reserved Data. The time stamp or location information may also be located between O / E and Reserved Data.

  The position information is, for example, information in which a range is designated by a region code, an address, a postal code, or longitude and latitude.

  Here, the packet additional information is 7 bytes, but the packet additional information is not limited to 7 bytes.

  The packet additional information may not include a time stamp or location information. In that case, the packet additional information is 2 bytes.

  When 7-byte packet additional information is added to the encrypted data, a payload of the RTP protocol is formed. When an RTP header is added as a header, the RTP protocol is formed.

  The RTP protocol is a payload of a TCP packet or a UDP packet. When a TCP header or a UDP header is added as a header, a TCP packet or a UDP packet is formed.

  The TCP packet or the UDP packet is a payload of the IP packet. When the IP header is added as a header, the IP packet is generated.

  Further, this IP packet is a payload of a MAC frame. When an Ethernet (R) header is added as a header, an Ethernet (R) packet is generated.

  As the Ethernet (R) header, as shown in FIG. 10, both a standard Ethernet (R) header and an Ethernet (R) header extended by IEEE 802.1Q (VLAN) are applicable.

  A standard Ethernet header is 14 bytes and includes a 6-byte DA (Destination Address), a 6-byte SA (Source Address), and information indicating a length / type indicated by 2 bytes.

  The Ethernet (R) header extended by 802.1Q has 18 bytes, and the Ethernet (R) header extended by 802.1Q is a standard Ethernet (R) header and information indicating SA and length / type. And a 4-byte 802.1q extension unit is provided between them.

  The 802.1q extension unit includes a 2-byte Tag Control ID (TPID) and a 2-byte Tag Control Information (TCI) indicating VLAN priority.

  The TCI includes 3-bit Priority (User Priority), 1-bit CFI (Canonical Format Indicator), and 12-bit VID (VLAN Identifier).

  The usage of Priority is defined in ISO / IEC 15802-3, and the priority of the Ethernet (R) frame can be set using the Priority flag.

  As described above, transmission data (for example, MPEG-TS) can be encrypted between the transmitting device and the receiving device and transmitted in real time. Further, since the second packetizing means is constituted by hardware, there is essentially no occurrence of unsent transmission packets or missing reception packets due to software processing. As a result, all the priority data packets are completely transmitted, and high-quality video transmission with real-time performance guaranteed.

  General data is temporarily stored in a buffer, and is intermittently transmitted while priority data is transmitted with priority. Further, the first packetizing means having a small amount of data to be processed may be constituted by an inexpensive processor such as a microcomputer.

  Further, even in the receiving process, the Ethernet (R) frame can be received by the hardware process, and the three-layer IP header and the fourth-layer UDP header can be simultaneously checked.

  Also, by separating the packet of the content data (for example, MPEG-TS), which is the priority data, from the packet of the general data and performing the processing of the packet of the content data by hardware, the reception frame is not lost. High-quality reception in which real-time performance is guaranteed can be performed.

  By controlling the timing of transmitting packets or the ratio of transmitting packets from the two queue units by hardware instead of software, it is possible to completely control transmission in clock units. As a result, all priority packets are completely transmitted, and high-quality transmission with real-time property guaranteed. Further, since the shaping of the output packet is also accurately performed in units of clocks, high-quality communication with a very low probability of packet discarding in the first stage router or switching hub can be performed.

(Embodiment 4)
FIG. 11 shows a block diagram of a packet transmitting / receiving apparatus 401C according to Embodiment 4 of the present invention.

  The AKE unit 402 includes a DTCP information generation unit 1001, an AKE command reception processing unit 1002, an AKE command transmission processing unit 1003, an exchange key generation unit 1004, an encryption key generation unit 1005, and an encryption key change information generation unit. The packet transmitting / receiving apparatus 401C has the same configuration as the packet transmitting / receiving apparatus 401B described in Embodiment 4 with reference to FIG. Therefore, in the following description, the DTCP information generating means 1001, the AKE command receiving processing means 1002, the AKE command transmitting processing means 1003, the exchange key generating means 1004, the encryption key generating means 1005, and the The key change information generating means 1006 and the decryption key generating means 1007 will be described.

  In the packet transmitting / receiving apparatus 401C, the encrypted transmission data is transmitted by the DTCP method according to the following steps. Here, both functions of a source for transmitting a packet and a sink for receiving a packet will be described with reference to the packet transmission / reception device 401C. However, this is for the sake of simplicity. It should be noted that transmission and reception of packets are performed in different packet transmission / reception devices.

  (Step 1) Copy protection information indicating the encryption state of encrypted transmission data at the time of transmission is input to the DTCP information generation unit 1001 as authentication / key exchange related information.

  (Step 2) First, a data transmission request is generated in the transmission device (source), the data protection mode information (EMI information) is output from the DTCP information generation unit 1001 to the first packetization unit 701, and the transmission packet is transmitted. The generated and transmitted packet is transmitted from the transmitting device.

  (Step 3) The transmission packet transmitted from the transmission device is received by the reception device (sink) as a reception packet, and the AKE command reception processing means 1002 performs copy protection information of the data received from the first packet reception means 703. To determine whether to use the full authentication method or the restricted authentication method, and sends an authentication request to the transmitting device via the AKE transmission processing unit 1003.

  (Step 4) A predetermined process of the DTCP method is performed between the transmitting device and the receiving device, and the authentication key is shared.

  (Step 5) Next, the transmitting device transmits the encrypted exchange key generated by encrypting the exchange key using the authentication key in the AKE transmission processing unit 1003 to the receiving device via the first packetizing unit 701. In the receiving apparatus, the encrypted exchange key is extracted by the AKE command reception processing means 1002 in the receiving apparatus, and is decoded into the exchange key by the exchange key generation means 1004.

(Step 6) In the transmitting device, in order to change the encryption key with time, the encryption key generation means 1005 generates seed information (O / E) that changes with time, and the seed information is generated by DTCP information generation. It is transmitted to the receiving device via the means 1001 and the first packetizing means 701.
(Step 7) In the transmitting device, the encryption key generation unit 1005 generates an encryption key using the exchange key and the seed information, and the encryption unit 406 uses the encryption key to transmit data (eg, , MPEG-TS) to generate encrypted transmission data, and the encryption unit 406 outputs the encrypted transmission data to the second packetizing unit 702.

  (Step 8) In the receiving device, the encryption key change information generation unit 1006 receives the seed information from the first packet reception unit 703, and the decryption key generation unit 1007 determines the seed information and the exchange key of the exchange key generation unit 1004. Is used to generate an encryption key (decryption key).

  (Step 9) In the receiving device, the decrypting means 407 decrypts the encrypted data using the encryption key (decryption key).

  FIG. 12 shows a first packetizing unit 701 and a second packetizing unit 702 included in the packetizing unit 403, and a first packet receiving unit 703 and a second packet receiving unit included in the packet receiving unit 405. 704 is a block diagram for describing packet processing in 704. FIG.

  In the first packetizing means 701, processing for forming the input data into the RTCP or RTSP protocol, the TCP or UDP protocol, and further the IP protocol is sequentially performed.

  When the RTCP protocol (rfc1889) is used, the communication state of the network such as the effective bandwidth and the delay time of the network is sent from the receiving apparatus to the transmitting apparatus, and the transmitting apparatus adjusts the communication state of the received network. It is also possible to adjust the quality of data transmitted by RTP and transmit the data.

  The RTSP protocol (rfc2326) can also send control commands such as playback, stop, and fast forward, and can play back data while downloading data from an AV file.

  In the second packetizing means 702, processing for forming input data into the RTP protocol, the UDP protocol, and the IP protocol is sequentially performed, and an IP packet is generated.

  In the first packet receiving unit 703, a receiving process of an IP protocol such as filtering, a receiving process of a TCP or a UDP protocol, and a receiving process of an RTCP or an RTSP protocol are sequentially performed. The received data is extracted.

  The second packet receiving means 704 sequentially performs receiving processing of the IP protocol such as filtering, receiving processing of the UDP protocol, and receiving processing of the RTP protocol, and extracts received data included in the received packet.

  As described above, data (for example, MPEG-TS) is encrypted between the transmitting device and the receiving device based on the DTCP method, and real-time transmission becomes possible. Further, since the second packetizing means is constituted by hardware, there is essentially no occurrence of untransmitted transmission packets and missing of received packets due to software processing. Further, the first packetizing means having a small data amount can be constituted by an inexpensive processor such as a microcomputer.

  Further, even if authentication between the receiving device and the receiving device cannot be established because the predetermined condition is not met for some reason, for example, a certificate or MAC address already stored in the transmitting device or the receiving device. Authentication of the transmitting device and the receiving device may be performed using at least one of information such as fingerprints and irises, and biometric information identifying an individual.

  Referring again to FIG. 11, when the AKE command reception processing unit 1002 of the authentication / key exchange unit 402 performs authentication between the packet transmitting / receiving device 401C and the destination of the transmission packet or the transmission source of the reception packet, Storage means for temporarily storing information on the destination of a transmitted packet or the source of a received packet, a packet transmitting / receiving apparatus, and the destination of a transmitted packet or the source of a received packet do not satisfy predetermined conditions Therefore, when the authentication is not established, the information stored in the storage unit is compared with the information about the destination of the transmission packet or the information about the destination of the reception packet, and the packet transmission / reception device and the destination or reception of the transmission packet are compared. It may function as a collation unit that performs authentication with the source of the packet.

  Thus, for example, two devices that have been mutually authenticated at home can be specified and authenticated between remote locations, and data content can be transmitted and data content can be remotely transmitted between home and a remote location such as a travel destination. It becomes.

(Embodiment 5)
FIG. 13 is a diagram showing a packet in the first packetizer 701 and the second packetizer 702A of the packetizer 403A, and a packet in the first packet receiver 703 and the second packet receiver 704A in the packet receiver 405A. It is a block diagram for explaining a process.

  The packetizing means 403A and the packet receiving means 405A are the same as the packetizing means 403 and the packet receiving means described with reference to FIG. 12 except that the second packetizing means 702 and the second packet receiving means 704A are different. It has the same configuration as the means 405. Accordingly, in the following description, the second packetizing means 702A and the second packet receiving means 704A will be mainly described.

  The second packetizing means 702A generates an IP packet by performing an error correction process on the input data and sequentially processing the data to form an RTP protocol, a UDP protocol, and an IP protocol. .

  The second packet receiving means 704A sequentially performs an IP protocol receiving process such as filtering, a UDP protocol receiving process, an RTP protocol receiving process, and an error correction code process, thereby performing error correction. Data is output.

  FIG. 14 is a schematic diagram for explaining a protocol stack according to the fifth embodiment of the present invention.

  In the transmission device, an error correction code is added to the AV data (ECC encoding), and the AV data is transferred to the UDP protocol. The receiving device receives the data from the UDP protocol processing, corrects the error, and turns the data into higher-layer AV data.

  An example of the error correction method will be described below with reference to FIGS.

  FIG. 15 is a schematic diagram for explaining a case where the error correction method is the Reed-Solomon method.

  FIG. 16 is a schematic diagram for explaining a case where the error correction method is a parity method.

  Here, two units of data (MPEG-TS) are input to an error correction interleave matrix. Each row uses a sequence number of 2 bytes.

  Next, for example, an Ethernet (R) frame is generated by adding an RTP header, a UDP header, an IP header, and an Ethernet (R) header using 2-byte packet additional information.

  As described above, data (for example, MPEG-TS) is encrypted between the transmitting device and the receiving device based on the DTCP method, and further, an error correction code is added, and the data can be transmitted in real time.

  Further, if the second packetizing means is constituted by hardware, the transmission packet is not left unsent and the received packet is not lost essentially due to the software processing. Further, the first packetizing means having a small data amount can be constituted by an inexpensive processor such as a microcomputer.

(Embodiment 6)
FIG. 17 is a block diagram of a packet transmitting / receiving apparatus 401D according to Embodiment 6 of the present invention.

  The packet transmitting / receiving apparatus 401D has a configuration similar to that of the packet transmitting / receiving apparatus 401C described with reference to FIG. 11 except that a function of receiving received data (for example, AV data such as MPEG-TS) is removed. I have.

  FIG. 18 is a block diagram of a packet transmitting / receiving apparatus 401E according to another mode of the sixth embodiment of the present invention.

  The packet transmitting / receiving apparatus 401E has a configuration similar to that of the packet transmitting / receiving apparatus 401C described with reference to FIG. 11 except that a transmission function of transmission data (for example, AV data such as MPEG-TS) is removed. I have.

  It should be noted that removing the data receiving function or the transmitting function as described above can be applied to all the packet transmitting / receiving apparatuses described in the first to fifth embodiments. Further, the present invention can be applied to a device that performs only transmission or reception, thereby achieving cost reduction.

  In the above-described first to sixth embodiments, when a packet is transmitted over a communication network such as a general IP network in which the order of packets is not guaranteed, a packet to which a sequence number is added is transmitted, and The order may be guaranteed using the sequence number added to the packet. This ordering can be guaranteed by the fourth layer or higher of the OSI model, that is, by the RTP protocol or the video signal processing.

  It should be noted that a packet of AV data that has been hardware-processed and transmitted in the transmission device can be prevented from being fragmented in the network. More specifically, the transmitting apparatus may check the maximum size (MTU) that is not fragmented in the communication network in advance by application-level processing, and transmit the packet with a smaller packet size.

  Specifically, the transmission condition setting management unit 404 and the reception condition setting management unit 408 detect the maximum transmission packet size in the path from the transmission destination of the transmission packet to the reception destination during the period from transmission of the transmission frame to arrival of the transmission frame. The transmission condition setting information or the reception condition setting management means may be generated using the maximum transmission packet size information.

  Alternatively, the RFC standard stipulates that all terminals must be able to handle 576-byte IP packets, so that many network devices such as routers will fragment IP packets below this size. Absent. Therefore, the packet size of the AV data that is hardware-processed in the transmitting device may be adjusted so that the size of the IP packet is 576 bytes or less. If fragmentation does not occur in a packet of AV data that is hardware-processed in the transmission device, all received packets may be processed as general packets if fragmented. When the maximum value of the Ethernet (R) IP packet is exceeded, it is necessary to fragment the packet in the transmitting device. Therefore, it is needless to say that in order not to cause fragmentation of the priority packet, it must be equal to or less than the maximum value of the IP packet.

  When the probability of fragmentation occurring in the communication network is extremely low, the router transmits the IP header of the AV data packet that has been hardware-processed and transmitted by the transmitting apparatus by transmitting a fragmentation-inhibited flag to the IP header. In a state in which fragmentation has to be performed, the IP packet may be discarded to reduce the fragmentation processing load on the receiving apparatus. In this case, a very small number of packets will be lost, but the communication quality can be compensated by performing error correction or error correction in the receiving device.

  Further, in the first to sixth embodiments, Ethernet (R) is described as a specific example of the communication network protocol, but the present invention is not limited to this.

  Further, as an example of the video signal processing, the MPEG-TS is used in Embodiments 1 to 6, but the present invention is not limited to this. The input stream of the present invention is an MPEG-TS stream such as MPEG1 / 2/4 (ISO / IEC 13818), DV (IEC 61834, IEC 61883), SMPTE 314M (DV-based), SMPTE 259M (SDI), SMPTE 305M ( SDTI), SMPTE 292M (HD-SDI) and the like can be applied to any video and audio streams including streams standardized.

  The video or audio data rate is not limited to CBR (constant bit rate). VBR (variable bit rate) may be used. Further, not only video or audio but also general real-time data or any data that is transmitted and received with priority should not be excluded from the present invention.

  Further, the data used in the present invention may be a file. When the data is a file, the data can be transmitted faster than real time under certain conditions, depending on the relationship between the propagation delay time between the transmitting device and the receiving device and the processing capability of the transmitting device and the receiving device. is there.

  Further, a content transmission method generally called streaming in the field of the Internet can be realized. In the case of streaming type content transmission, content data is transmitted from a transmission device to a buffer of a reception device via a network by TCP / IP or UDP / IP, and content data is read from the buffer of the reception device at a relatively constant rate. Thus, continuous data can be reproduced in the receiving device.

  The present invention is also applicable to the GXF file format (SMPTE 360M) standardized in SMPTE (www.smpte.org) and the encrypted transmission of files conforming to the MXF file format whose standardization is being promoted. It is possible.

(Embodiment 7)
Embodiment 7 will be described.

  FIG. 19 is a block diagram of a packet transmitting unit 1101 according to the seventh embodiment of the present invention.

  Here, the packet transmitting unit 1101 corresponds to the packetizing unit 403 and the framing unit 409 of the packet transmitting / receiving device 401 described with reference to FIG.

  The packet transmitting unit 1101 includes a general data input unit 1102, a packetization information input unit 1104, a general data packetization unit 1105, a buffer unit 11106, a valid data extraction unit 1107, a priority data packetization unit 1109, A transmission order control unit 1113 and a frame data transmission unit 1114 are provided.

  In the packet transmission unit 1101, priority data is input from the priority data input unit 1103 to the valid data extraction unit 1107. The valid data extracting unit 1107 removes an invalid data component from the input priority data, extracts a valid payload, and inputs the valid data 1108 to the priority data packetizing unit 1109.

  The priority data packetizing unit 1109 corresponds to the second packetizing unit 702 of the packet transmitting / receiving device 401B described with reference to FIG.

  The packet transmission order control unit 1113 corresponds to the transmission queue control unit 601 of the packet transmission / reception device 401B described with reference to FIG.

  The processing contents in the effective data extracting means 1107 include data buffering, data bit number conversion, clock frequency conversion, and the like.

  As a specific example, there is an SDTI stream of the SMPTE321M standard as a stream of priority data, and there is DIF data of a SMPTE314M standard as valid data.

  Alternatively, there is a DVB-ASI stream of the DVB / A10M standard as the stream of the priority data, and an MPEG-TS packet of the MPEG standard as the valid data.

  The priority data packetizing means 1109 generates a priority data packet using the packetization information and the valid data 1108.

  FIG. 20 is a schematic diagram for explaining the protocol stack of the priority data packet.

  The AV data shown in FIG. 20 is the priority data input from the priority data input unit 1103 in the present embodiment.

  By processing the AV data as shown in FIG. 20, an Ethernet (R) frame is generated.

  On the other hand, general data input means 1102 receives general data. General data is generally data that does not necessarily need to be sent in real time. Generalized data packetizing means 1105 generates a general data packet using general data, and outputs the general data packet. Note that the general data input unit 1102 performs data interface.

  The generalized data packetizing means 1105 corresponds to the first packetizing means 701 of the packet transmitting / receiving device 401B described with reference to FIG.

  Examples of the general data include the above-described information on the operation control of the device and management information such as SNMP and MIB, which are transmitted using TCP / IP or UDP / IP.

  The general data packet output from the general data packetizing unit 1105 is input to the buffer unit 1106, and the buffer unit 1106 temporarily stores the general data packet. Here, when the general data packet is accumulated in the buffer unit 1106, the buffer unit 1106 notifies (asserts) a transmission request signal 1110 to the packet transmission order control unit 1113 and makes a transmission request.

  Generally, in order to stream content data such as video data in real time, it is necessary to process video data with priority over data that does not require real-time processing.

  When the transmission request signal 1110 is asserted while giving priority to the transmission of the priority data packet, the packet transmission order control unit 1113 permits the transmission of the general data packet 1112 as long as the real-time property of the priority data packet is not impaired. . Transmission permission permits transmission of a general data packet from the buffer unit 1106 by asserting the transmission permission signal 1111 to the buffer unit 1106.

  The frame data transmission unit 1114 generates an Ethernet (R) frame using the transmission packet input from the packet transmission order control unit 1113, and outputs it to the network as a transmission frame.

  FIG. 21 is a schematic diagram for explaining a transmission timing chart according to the present embodiment. The method illustrated in the timing chart is a transmission control method of a priority data packet and a non-priority data packet (general data packet), which is one of the main points of the present embodiment.

  In FIG. 21, the transmission start timing 2101 of the transmission packet 2103, the pulse waveform 2102 of the transmission request signal 1110, and the transmission packet 2103 are shown in temporal correspondence.

  At the transmission start timing 2101, the timing at which a transmission frame including a priority data packet is transmitted is indicated by an upward arrow, and the timing at which a transmission frame including a non-priority data packet can be transmitted is indicated by a downward arrow.

  In the transmission packet 2103, the priority data packet is shown in white and the non-priority data packet is shown in black.

  In the present embodiment, a case where the following priority data is transmitted will be described as an example. When the priority data is DVCPRO25 (defined by SMPTE314M), 120,000 bytes of data are generated in one frame period in the NTSC mode, so that the data rate is constant at about 57.6 Mbit / s (about 57.6 Mbps). Rate (CBR). Here, the video payload length of the AV data is 1200 bytes, and the system clock is 27 MHz.

  The packet generation rate of the AV data that is the priority data is 120,000 / 1,200 = 100 packets / frame = 2997 packets / second.

  Therefore, when transmitting only the priority data packet, the packet may be transmitted once every 27000000/2997 = 9009.9 clocks. That is, 9009.9 clocks is the average transmission interval.

  According to the present embodiment, by transmitting priority data packets at intervals shorter than the average transmission interval, a timing margin (transmission margin period) for transmitting non-priority data packets is created.

  Specifically, the transmission interval of the priority data packet is set to 8100 clocks, and a transmission allowance period in which transmission of the non-priority data packet is permitted is created once every nine priority data packets. If nine priority packets are transmitted at 9009.9 clocks, 9009.9 * 9 = 81089.1 clocks are required. Here, for the sake of simplicity of discussion, the average value is considered. However, numerical values after the decimal point are also used.

  In this embodiment, transmission is performed at 8100 clocks shorter than 9009.9 clocks, so that 8100 * 9 = 72900 clocks are actually required.

  Therefore, the transmission allowance period for transmitting the non-priority data packet is 81089.1-72900 = 8189.1 clocks.

  At the transmission start timing 2001, the interval from the upward arrow indicating the timing for transmitting the priority data packet to the next arrow is 8100 clocks. The transmission timing of the non-priority packet appears once every nine priority packet transmission timings (2104, 2105, 2106). The interval from the downward arrow indicating the transmission timing of the non-priority packet to the next arrow is 8189 clocks.

  As shown in the pulse waveform 2102, the transmission request signal 1110 asserts the transmission request signal when general data to be transmitted is accumulated in the buffer unit 1106. In FIG. 21, the pulse waveform 2102 becomes High.

  In the pulse waveform 2102, the transmission request signal 1110 becomes High at the timing 2107. Next, at the transmission start timing 2101, the transmission permission signal 1111 is asserted at the timing (timing 2108) at which the transmission timing of the general data packet becomes possible. (Not shown in FIG. 21), a general data packet 2111 is transmitted. The transmission request signal 1110 is deasserted at the timing when the transmission of the general data packet is started (timing 2108 of the pulse waveform 2102).

  At timing 2105, since the transmission request signal 1110 is not asserted, there is no general data packet to be transmitted in the buffer means 106, and no general data packet is transmitted at timing 2105.

  Next, at timing 2109, the pulse waveform 2102 of the transmission request signal 1110 is asserted again, and at timing 2110 a general data packet 2112 is transmitted. The transmission request signal 1110 is deasserted when transmission of the general data packet 2112 is started (timing 2110 of the pulse waveform 2102).

  When a plurality of general data packets are stored in the buffer unit 1106, even if one general data packet is transmitted, the transmission request signal 1110 is not deasserted, and the remaining general data packets are replaced with the next general data packet. Are transmitted one packet at a time. In this way, the priority data packet is transmitted preferentially.

  The transmission packet is output from the packet transmission order control unit 1113 to the frame data transmission unit 1114 as described above. The frame data transmitting unit 1114 generates an Ethernet (R) frame capable of interfacing with the physical layer using the input transmission packet, and transfers the frame as a transmission frame. The Ethernet (R) at 10 Mbps and 100 Mbps defines the MII standard interface, and the Gigabit Ethernet (R) defines the GMII standard interface.

  In the present embodiment, the time for allocating the transmission control of the priority data packet and the general data packet to each packet in clock units is determined, but the present invention is not limited to this. According to the present invention, for example, a fixed amount of priority data packets are stored in a buffer of the priority data packetizing unit 1109, and the packet transmission order control unit 1113 preferentially transmits the packets at a time interval shorter than the average packet generation amount of the priority data packets. May be performed, and transmission may be assigned to general data packets when the storage amount of priority packets in the buffer falls below a certain threshold level.

  As described above, in the present embodiment, it is possible to extract valid data from priority data and transmit it as a priority data packet with priority over a general data packet.

  FIG. 22 is a block diagram showing a packet transmission unit 1101A according to a modification of the seventh embodiment of the present invention.

  The packet transmitting unit 1101A refers to FIG. 19 except that the valid data extracting unit 1107 outputs priority data format information indicating information on the format of the priority data to the outside via the priority data format information output unit 1201. It has the same configuration as the packet transmission unit 1101 described above. Therefore, in the following description, the priority data format information output unit 1201 will be mainly described.

  In the packet transmission unit 1101A, when the packetization information of the priority data is set by an external computer or the like using the format information of the output priority data, the packet can be transmitted efficiently.

(Embodiment 8)
Embodiment 8 will be described.

  FIG. 23 is a block diagram of a packet transmitting unit 1101B according to Embodiment 8 of the present invention.

  The packet transmitting unit 1101B includes a priority data packetization information generation block 1301 and outputs the priority data format information from the valid data extraction unit 1107 to the priority data packetization information generation block 1301 with reference to FIG. It has the same configuration as the packet transmission unit 1101 described above. Therefore, in the following description, the priority data packetization information generation block 1301 will be mainly described.

  The packetization information is input to the priority data packetization information generation block 1301, and the priority data packetization information generation block 1301 further optimizes the packetization information of the priority data using the packetization information and the priority data format information. Set again. Thereby, even when the packetized information is roughly generated outside, the optimal packetized information can be generated, so that the packet can be transmitted more efficiently.

  According to the present embodiment, priority data format information can be obtained from valid data extraction means 1107 and used for determining packetization parameters together with externally input packetization information. Thus, for example, when the priority data is of the DV type, the priority data can be automatically packetized in units of 80 bytes of the DIF block, and when the priority data is of the MPEG type, it can be automatically packetized in units of 188 bytes of the TS packet.

  FIG. 24 is a block diagram of a packet transmitting unit 1101C according to a modification of the eighth embodiment of the present invention.

  The packet transmitting unit 1101C has the same configuration as the packet transmitting unit 1101B described with reference to FIG. 23 except that an MTU (Maximum Transfer Unit) size input unit 1401 is provided. Therefore, in the following description, the MTU size input unit 1401 will be mainly described.

  In the packet transmitting unit 1101C, the MTU size (maximum transmission size) is input from the MTU size input unit 1401. The MTU size means the maximum transmission packet size of priority data on the transmission path. The priority data packetization information generation block 1301 generates the packetization information 1402 so that the size of the priority data packet generated by the priority data packetization unit 1109 is equal to or smaller than the input MTU size. As a result, fragmentation in priority data transmission can be prevented, and stable transmission of priority data can be realized.

(Embodiment 9)
Embodiment 9 will be described.

  FIG. 25 is a block diagram of priority data packetizing means 1109 according to Embodiment 9 of the present invention.

  The priority data packetizing means 1109 is included in the second packet means 702 described in the second embodiment with reference to FIG.

  The priority data packetizing means 1109 includes a buffer means 1501, a buffer means 1501, a packet header generating means 1503, and a packet combining means 1504.

  In the priority data packetizing unit 1109, the valid data 1108 is input to the buffer unit 1501 and the counter unit 1502. Valid data 1108 includes a clock signal, data, and a data valid flag.

  The buffer unit 1501 accumulates data only when the data valid flag of the valid data 1108 is asserted (valid).

  Similarly, the counter 1502 counts the data amount of the valid data 1108 and holds it in an internal register.

  On the other hand, the packetization information 1104 (1302, 1402) is input to the packet header generation means 1503, where the UDP / IP packet header is generated and input to the packet synthesis means 1504. Further, the payload length of the packet (for example, an IP packet) is output from the packet header generation unit 1503 to the counter 1502, and a control signal for reading out the priority data for the payload length is transmitted from the counter unit 1502 to the buffer unit 1501. .

  As a result, the buffer 1501 outputs the priority data of the payload length designated by the packet header generator 1503 to the packet synthesizer 1504. The packet synthesizing unit 1504 synthesizes the UDP / IP packet header generated by the packet header generating unit 1503 with the priority data having the designated payload length to generate a UDP / IP packet, and outputs it from the output unit 1505. .

  FIG. 26 is a block diagram of priority data packetizing means 1109A according to a modification of the ninth embodiment of the present invention.

  The priority data packetizing means 1109A will be described with reference to FIG. 25 except that a path 1601 for inputting information indicating the payload length of the priority data packet is provided from the counter means 1502 to the packet header generating means 1503. It has the same configuration as the priority data packetizing means 1109 described above. Therefore, in the following description, the path 1601 will be mainly described.

  In the priority data packetizing means 1109A, information indicating the payload length of the priority data packet is input from the counter means 1502 to the packet header generating means 1503 via this path 1601. The packet header generation / synthesis unit 1503 determines a packet header using the input packetization information 1104 (1302, 1402) and the packet payload length.

  FIG. 27 is a block diagram of priority data packetizing means 1109B according to another modification of Embodiment 9 of the present invention.

  The priority data packetizing means 1109B has the same configuration as the priority data packetizing means 1109A described with reference to FIG. 26, except that an error correction adding means 1701 is further provided. Therefore, in the following description, the error correction adding unit 1701 will be mainly described.

  In the priority data packetizing unit 1109B, the payload of the priority data packet is input from the buffer unit 1501 to the error correction adding unit 1701. The error correction adding means 1701 inputs a packet generated by adding an error correction code by a parity adding method or a Reed-Solomon method described later to the packet combining means 1504.

  As an example of the priority data packet, one-dimensional AV data may be used as shown in FIG. 20, but two-dimensional matrix data may be used as the AV data.

  FIG. 28 is a diagram illustrating a packet configuration when error correction is performed by the Reed-Solomon method.

  As shown in FIG. 28, a byte unit (8 bytes) is placed on a matrix of m rows in the vertical direction (m is an integer, for example, 48 rows in FIG. 28) and n columns in the horizontal direction (n is an integer, for example, 1200 bytes in FIG. 28). The error correction of the Reed-Solomon format is performed on the AV data matrix arranged in (bit units), and a data matrix (1200 bytes horizontally and 52 rows vertically) to which four rows of error correction data are added is generated. Data obtained by reading out each row and adding a sequence number or signal format information as header information may be used as a priority data packet.

  FIG. 29 is a diagram illustrating a packet configuration when the error correction is a parity processing method.

  The AV data is represented by a matrix of m rows (m is an integer, for example, 8 rows in FIG. 29) and n columns (n is an integer, for example, 1200 bytes in FIG. 29) in a byte unit (8-bit unit). ), A parity calculation is performed in the vertical column direction on the AV data matrix arranged in (1) to generate a data matrix in which parity data for one row is added, and each row of the data matrix is read, and a sequence number and a signal format are read. Data to which information or the like is added as header information may be used as a priority data packet.

  Further, as another example of a matrix unit for generating a priority data packet, a matrix of m rows (m is an integer, for example, 15) in the vertical direction and n columns (n is an integer, for example, 80) in the horizontal direction is k (k). Is an integer, for example, 5) performs a data interleaving process on a row-by-row basis in so-called k matrices in which data is first embedded in the same row of k matrices, one row at a time. When data is filled, parity calculation is performed on the matrix in the vertical column direction to generate a data matrix to which parity data for one row is added, and k data in the first row of the k data matrices are read. Then, in the order of reading k data of the second row of the k data matrices, the data of the m row of the k data matrices is read out. Reading the k, the data obtained by adding a sequence number, etc. and signal format information as header information thereto respectively may be the priority data packet.

  As described above, the priority data packetizing means in the transmission device can add the error correction code to the priority data so that the reception device can restore the priority data even when a packet loss occurs in the network. become.

(Embodiment 10)
Embodiment 10 will be described.

  FIG. 30 is a block diagram of a packet transmitting unit 1101D according to Embodiment 10 of the present invention.

  The packet transmission unit 1101D has the same configuration as the packet transmission unit 1101B described with reference to FIG. 23 except that the encryption information input unit 1011 in the encryption information input unit 1011 and the priority data packetization unit 1109C is provided. have.

  FIG. 31 is a block diagram of priority data packetizing means 1109C according to Embodiment 10 of the present invention.

  Priority data packetizing means 1109C has the same configuration as priority data packetizing means 1109B described with reference to FIG. 27, except that encryption information input means 1012 and encryption means 1122 are provided. I have.

  Therefore, in the following description, the encryption information input unit 1011 and the encryption information input unit 1012 and the encryption unit 1122 in the priority data packetizing unit 1109C will be mainly described.

  The encryption unit 1122 corresponds to the encryption unit 406 of the packet transmitting / receiving device 401 described with reference to FIG.

  In the packet transmission unit 1101D, the encryption information is input from the encryption information input unit 1011 to the encryption information input unit 1012 in the priority data packetization unit 1109C.

  In the priority data packetizing unit 1109C, the data output from the buffer unit 1501 is input to the encryption unit 1122, and is encrypted using the encryption information input from the encryption information input unit 1011. The data encrypted by the encryption unit 1122 is input to the error correction addition unit 1701.

  The information used to perform encryption is information generated using at least one of the unique information of the transmission device (e.g., device ID, device authentication information, and Mac address), a secret key, and a public key. In combination with an encryption method having a high encryption strength, it is possible to provide strong copyright protection for a priority data packet.

For the encryption method, for example, an encryption key Kc used in DTCP (Digital Transmission Content Protection) can be applied. In order to generate the encryption key Kc, the transmitting device and the receiving device may perform an authentication process based on the DTCP method. This processing is a well-known technique, for example, DTLA (Digital Transmission Licensing Administrator) (HYPERLINK "http://www.dtcp.com/" http://www.dtp.com/.www/dtp.com/ . .Com / data / dtcp_tut.pdf) and the book "IEEE1394, Application to AV Equipment", supervised by Shinji Takada, Nikkan Kogyo Shimbun, "Chapter 8, Copy Protection", pages 133 to 149. . Further, as the authentication information of the device, it is possible to use authentication information appropriately authenticated by a public or private authentication organization via a network or the like. For example, the government authentication infrastructure (HYPERLINK “http://www.gpki.go.jp/” http://www.gpki.go.jp/ ) can be referred to.

  As described above, upon transmission of the priority data in the UDP / IP packet in the transmission device, the priority data is encrypted and error correction is added, so that even when a packet loss occurs in the network, the priority data can be transmitted to the reception device. In addition to being recoverable, data eavesdropping and tampering on the network are prevented, and highly secure copyright-protected AV data transmission is realized.

(Embodiment 11)
Embodiment 11 will be described.

  FIG. 32 is a block diagram of priority data packetizing means 1109D according to the eleventh embodiment of the present invention.

  The priority data packetizing unit 1109D has the same configuration as the priority data packetizing unit 1109C described with reference to FIG. 31 except that the encryption information switching unit 1221 is provided. Therefore, in the following description, the encryption information switching unit 1221 will be mainly described.

  In the priority data packetizing unit 1109D, the encryption information that changes over time is input to the encryption switching unit 1221 via the encryption information input unit 1012, and the encryption switching unit 1221 is used by the encryption unit 1122. Switch encryption information.

  As an example of the switching timing of the encryption information, the switching timing obtained in the error correction matrix unit obtained from the error correction adding unit 1701 can be used. This makes it possible to steadily realize the decryption of the encryption while further increasing the encryption strength of the communication performed between the transmission device and the reception device.

  The buffer means 1501 and the encryption means 1122 of the priority data packetizing means 1109D correspond to the encryption means 406 of the packet transmitting / receiving device 401B described with reference to FIG. The counter unit 1502, the packet header generation unit 1203, and the encryption information switching unit 1221 of the priority data packetizing unit 1109D are a part of the AKE unit 402 of the packet transmitting / receiving apparatus 401B described with reference to FIG. 404. The packet header generating means 1203 and the error correction adding means 1701 of the priority data packetizing means 1109D include the transmission condition setting managing means 404, the second packetizing means 702, and the encryption of the packet transmitting / receiving apparatus 401B described with reference to FIG. It corresponds to a part of the means 406. In particular, the error correction adding unit 701 of the priority data packetizing unit 1109D corresponds to the error correcting code adding unit of the second packetizing unit 702A described with reference to FIG.

  FIG. 33 is a schematic diagram for explaining the switching timing of encryption.

  As shown in FIG. 33, the encryption information input to the encryption information switching means 1221 is switched when the error correction matrix is switched.

  The timing used for the encryption key switching is a timing generated in synchronization with the end point or the start point of the error correction matrix.

  As described above, by using the phase of the error correction matrix as the switching phase of the encryption key, it is possible to smoothly execute the decryption of the encryption while increasing the encryption strength.

  Note that a specific value of the sequence number defined in the packet header may be used as the encryption key switching phase. For example, when there is no error correction, the sequence number can be an integer from 0 to 63, and the timing at which the sequence number is updated from 63 to 0 can be used as the encryption key switching phase.

  Alternatively, the encryption key input to the encryption key switching unit 1221 may be input to the encryption unit 1122 while being switched at the specified timing, and the encryption key in the encryption unit 1122 may be switched at the specified interval.

  Also, when transmitting a packet using a protocol other than UDP / IP, for example, TCP / IP, the sequence number of the TCP segment included in the TCP header can be used. Note that the TCP protocol is specified in IETF and RFC793.

(Embodiment 12)
Embodiment 12 will be described.

  FIG. 34 is a block diagram of priority data packetizing means 1109E according to the twelfth embodiment of the present invention.

  The priority data packetizing unit 1109E has the same configuration as that of the priority data packetizing unit 1109D described with reference to FIG. 32 except that a correspondence table 1401 between the format and the port number is provided. . Therefore, the following description mainly describes the correspondence table 1401 between the format and the port number.

  In the priority data packetizing means 1109E, the packet header generating means 1203 further associates the priority data format information with the UDP port number in addition to the functions described above. Note that the priority data format information is included in the packetization information 1104.

  The format and port number correspondence table 1401 stores format information used by the priority data, and the UDP port number is determined from the format information in the input packetization information 1104. The packet header generating means 1203 generates a UDP / IP packet using the UDP port information.

  Thereby, format detection can be performed only by detecting the port number in the receiving device, so that signal processing in the receiving device can be simplified. Further, even when two streams are simultaneously received by a receiver capable of processing two streams, it is possible to identify the format or the channel by the port number.

(Embodiment 13)
Embodiment 13 will be described.

  FIG. 35 is a block diagram of a packet transmission system 2000 applied to IEEE 1394 stream transmission according to Embodiment 13 of the present invention. Packet transmitting system 2000 is included in packet transmitting / receiving apparatus 401 described with reference to FIG. 4 in the first embodiment.

  In the packet transmission system 2000, the separating unit 1552 separates general data and priority data from the IEEE 1394 stream. Here, the general data is an asynchronous signal such as an AV / C command, and the priority data is an isochronous signal.

  FIG. 36 is a block diagram showing a packet transmission system 2500 applied to transmission of an SDI / SDTI / DVB-ASI stream according to Embodiment 13 of the present invention.

  In the packet transmission system 2500, control and management signals input from the RS232C, RRS422, and the like are used as general data, and data separated from the SDI / SDTI / DVB-ASI stream is used as priority data.

  FIG. 37 is a block diagram of a packet transmitting / receiving apparatus 1101E according to Embodiment 13 of the present invention.

  The packet transmitting / receiving device 1101E according to the seventh embodiment described with reference to FIG. 19 is applied to the packet transmitting / receiving device 1101E.

  The transmission operation is the same as the operation described in the seventh to thirteenth embodiments. In the receiving process, a general data packet and a priority data packet are separated from a received frame, and general data and priority data are decoded and output from each.

  In the above-described seventh to thirteenth embodiments, when packets are transmitted over a communication network in which the order of the packets is not guaranteed, the order is assured using the sequence numbers added to the packets at the receiving device. May be. Alternatively, the order may be guaranteed in the subsequent video signal processing.

  If the receiving side does not want to perform the fragment processing of the priority packet, the transmitting side checks the maximum size (MTU) that is not fragmented in the communication network in advance by application-level processing, and transmits the packet with a smaller packet size. Just fine. Alternatively, since the RFC standard stipulates that all terminals must be able to handle an IP packet having a size of 576 bytes, many network devices such as routers do not cause fragments in IP packets smaller than this. Therefore, the priority packet may be generated such that the size of the IP packet is 576 bytes or less. If no fragmentation occurs in the priority packet as described above, if the received packet is fragmented, it may be processed as a general packet. When the maximum value of the IP packet of the Ethernet (R) is exceeded, the packet cannot be transmitted without fragmentation at the transmitting terminal. Needless to say.

  If the probability of fragmentation occurring in the communication network is extremely low, the sending side sets a fragmentation prohibition flag in the IP header of the IP packet of the priority packet and transmits the packet. By discarding the IP packet, the fragment processing load on the receiving terminal may be reduced. In this case, a very small number of priority packets are lost, but communication quality can be compensated by performing error correction or error correction on the receiving side.

  In the seventh to thirteenth embodiments, Ethernet (R) is used as an example of the communication network protocol, but the present invention is not limited to this.

  In addition, although image compression and decompression are performed as an example of video signal processing, the case of non-compression is not excluded from the scope of the present invention. Further, even when data compressed in advance by a method such as MPEG is input, it is not excluded from the scope of the present invention.

  In addition, the present invention does not exclude any video or other real-time data such as audio or data that is transmitted and received with priority.

  Further, in the seventh to thirteenth embodiments, a CBR (constant bit rate) video signal is described as an example, but the priority data is not limited to the CBR.

  Although the priority packet is processed by hardware and the general packet is processed by the CPU, the processing is not limited to this if the processing speed is sufficient.

  The above description is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles clarified herein may be applied to other embodiments without further use of the invention. Accordingly, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein. Things.

  According to the present invention, the packet transmitting / receiving apparatus includes: an AKE unit for securing security of transmission data; an encryption unit for transmission data; a packet addition unit for adding AKE information or transmission control information to the encrypted data. Information generating means, means for extracting additional information such as AKE information or transmission control information from a received packet, means for decrypting encrypted data, and an appropriate packet based on the packet reception status fed back from the destination of the transmitted packet A transmission condition setting management unit for setting a transmission condition, a packetizing unit, a packet receiving unit, and a reception condition setting management unit are provided.

  Thereby, the DTCP method can be implemented in the IP protocol which is a standard protocol of the Internet. In addition, packets (for example, IP packets) are transmitted via a network while encrypting an AV data stream such as MPEG-TS by a transmitting device to protect data confidentiality and copyright, and the like, and receive the original data by a receiving device. Can be decoded.

  According to an embodiment of the present invention, the packet transmitting / receiving means classifies the transmission packet into a general packet and a packet to be preferentially transmitted, and assigns the general packet to the first data queue means, Is input to the second data queue means. Then, the transmission queue controller controls the transmission order of the packets temporarily stored in the first data queue and the second data queue.

  As a result, data with high real-time properties can be transmitted preferentially while protecting the confidentiality and copyright of the data. Further, even when the input stream is a plurality of streams of two or more channels, it is possible to cope by classifying the signals related to each stream into priority data and general data.

  According to an embodiment of the present invention, the packetizing means includes a first packetizing means and a second packetizing means. Here, general data such as AKE-related information relating to the AKE setting is input to the first packetizing means. Further, the encrypted transmission data and the AKE-related information generated by the encryption unit are input to a second packetization unit that performs packetization by hardware. The AKE related information is copy control information and encryption key update information. The output of the first packetizer is input to the first data queue, and the output of the second packetizer is input to the second data queue. When a command for preferentially outputting a signal temporarily stored in the second data queue means is issued from the transmission condition setting management means to the transmission queue control means, the encrypted data is given priority. Is output.

  If the second queue means is controlled so as not to overflow as described above, since the receiving device has a buffer of an appropriate size, real-time transmission of data content can be realized between the transmitting device and the receiving device. . When encrypting data between the transmitting device and the receiving device and transmitting the data in real time, the transmission of a transmission packet generated because software processing cannot be performed in time because the second packetizing means is configured by hardware. Problems such as leaving and missing of received packets do not occur. Further, the first packetizing means having a small data amount can be constituted by an inexpensive microcomputer or the like, so that the cost can be reduced.

  According to one embodiment of the present invention, the packet transmitting / receiving means is such that the AKE means conforms to a processing procedure defined by the DTCP method, and the encryption key generating means, the DTCP information generating means, and the AKE command transmitting processing means AKE command reception processing means, exchange key generation means, encryption key change information generation means, and decryption key generation means. The encryption key generation means generates an encryption key, inputs the generated encryption key to the encryption means, and sets an encryption operation. The AKE information generating means generates AKE-related information using copy control information input from outside and key update information input from the encryption key generating means. The AKE command transmission processing means receives an encryption key from the encryption key generation means, an AKE parameter from the outside, and AKE command information from the AKE command reception processing means, generates and outputs an AKE transmission command. The AKE command reception processing means receives the AKE setting control information from the first packet receiving means, and outputs the setting control information to the AKE transmission processing means, the exchange key generation means, and the encryption key change information generation means, respectively. The encryption key change information generating means generates encryption key change information using information from the AKE command reception processing means and the first packet receiving means. The decryption key generation means generates a decryption key using information from the exchange key generation means and the encryption key change information generation means, and outputs the decryption key to the decryption means.

  This makes it possible to encrypt an AV data stream such as an MPEP-TS and transmit the data in real time using AKE means conforming to the DTCP method, thereby protecting data copyright.

  According to an embodiment of the present invention, the packet transmission / reception unit receives the encrypted transmission data and the AKE-related information (for example, copy control information and encryption key update information) generated by the encryption unit. The second packetizing means includes an error correction code adding means therein, whereby an error correction code is added.

  As a result, even when a packet loss or a bit error occurs in the IP network, it is possible to restore the transmission data by error correction in the receiving device. Further, it is easy to configure the second packetizing means and the second packet receiving means with hardware.

  Further, according to an embodiment of the present invention, regarding transmission of AV content using a network, data eavesdropping on the network is prevented, and highly secure data transmission is realized. As a result, even when a public network such as the Internet is used for the transmission path, wiretapping and leakage of priority data (AV data) transmitted in real time can be prevented. Further, sales and billing of AV data transmitted via the Internet or the like can be performed, and highly secure BB and BC content sales and distribution can be performed.

  Further, according to an embodiment of the present invention, even when transmitting AV content by hardware, general data packets are subjected to software processing using a CPU as before. Therefore, data such as management information and control information can be transmitted as general data by adding software. Since the amount of these data is much smaller than the amount of priority data, it can be realized by an inexpensive microprocessor such as a microcomputer, and a low-cost system can be realized. It should be noted that an expensive CPU and a large-scale memory are not required for protocol processing of a high-load, high-transmission-rate-priority packet, so that a low-cost and high-performance device can be provided from these points.

  In one embodiment of the present invention, a priority packet to be transmitted with priority and a general packet having a lower transmission priority than the priority packet are multiplexed on the time axis, transmitted, and transmitted. The average transmission data rate of the priority data in the priority packet is controlled to be transmitted at a speed higher than the average input rate by using dedicated hardware, for example. Since the hardware performs the protocol processing of data such as a video signal that requires real-time processing without relying on the software processing by the CPU, the problem that the processing generated by the software processing cannot be completed in time does not occur. As a result, all the priority data packets are completely transmitted, and high-quality video transmission with real-time performance guaranteed.

  The general data is temporarily stored in the buffer means, and is transmitted intermittently while priority data transmission is performed with priority. Here, when the transmission rate of general data is 1 Mbps or less, transmission processing of general data can be performed using an inexpensive processor such as a CPU or a microcomputer.

  In the priority data input as a stream, the invalid data portion of the stream is removed, and a packet is generated based on the packetization information using only the valid data. Here, if UDP / IP is used as a communication protocol, an IP address is used as an address and a UDP port number is used as a subaddress as a header.

  Furthermore, since the transmission timing (transmission ratio) of the priority packet and the general packet is controlled by hardware instead of software, it is possible to completely control the transmission timing in clock units. As a result, all priority packets are completely transmitted, and high-quality transmission with real-time property guaranteed. In addition, since the shaping is performed accurately in units of clocks, high-quality communication with a very low probability of occurrence of packet discard in the first-stage router is enabled. In the Ethernet (R) frame (layer 2) layer, the IP (layer 3) and UDP (layer 4) headers are simultaneously inspected, the priority packet and the general packet are separated, and the processing of the priority packet is performed by hardware. The reception frame is not missed, and high-quality communication in which real-time performance is guaranteed is possible.

  According to an embodiment of the present invention, in addition to transmitting priority data and general data, priority data format information is obtained from valid data, and packetization parameters are determined together with externally input packetization information. Used for Thereby, for example, when the priority data is of the DV type, automation of the packetization of the priority data can be performed in units of 80 bytes of the DIF block, and in the case of the MPEG type, 188 bytes of the TS packet. Can be simplified.

  According to an embodiment of the present invention, the priority data packetizing means in the transmission device adds an error correction code to the priority data, so that even when a packet loss occurs in the network, the priority data can be transmitted to the reception device. Can be restored.

  According to an embodiment of the present invention, the transmission error protection function in the priority data packetizing means in the transmitting device can be realized. Specifically, by adding the error correction code after encrypting the priority data, even if a packet loss occurs in the network, the reception device can restore the priority data, and To prevent data eavesdropping on the Internet and realize highly secure data transmission. As a result, even when a public network such as the Internet is used as a transmission path, it is possible to prevent wiretapping and leakage of priority data (AV data) transmitted in real time. Further, sales and billing of AV data transmitted via the Internet or the like can be performed, and highly secure BB and BC content sales and distribution can be performed.

  According to an embodiment of the present invention, it is possible to make it more difficult for wiretapping and leakage of priority data (AV data) transmitted in real time by switching an encryption key for encryption. By using the phase of the error correction matrix as the encryption key switching phase, the encryption key can be smoothly switched. In a public network such as the Internet, since the encryption parameter of AV data transmitted in real time changes, eavesdropping and leakage of contents can be strongly prevented.

  According to an embodiment of the present invention, it is possible to simplify signal processing in a receiving device. By providing a table for determining the format of the priority data and the combination of the channel number and the port number in the transmitting device and the receiving device, the format can be detected only by detecting the port number in the receiving device. It can be made simple. Further, even when two streams are simultaneously received by a receiver capable of processing two streams, it is possible to identify the format or the channel by the port number.

  Further, according to an embodiment of the present invention, since general packets are subjected to software processing using a CPU as in the past, data such as management information and control information can be transmitted as general data only by adding software. it can. Since the amount of these data is much smaller than the amount of priority data, it can be realized by an inexpensive microprocessor such as a microcomputer, and a low-cost system can be realized. It should be noted that an expensive CPU and a large-scale memory are not required for protocol processing of a high-load, high-transmission-rate-priority packet, so that a low-cost and high-performance device can be provided from these points.

FIG. 1 is a diagram showing an example of a system to which the present invention can be applied. FIG. 2 is a diagram illustrating operations of the transmitting device and the receiving device when the DTCP method is applied to authentication and key exchange. FIG. 3 is a schematic diagram showing an example in which the DTCP method is applied to a two-story house using Ethernet (R). FIG. 4 is a block diagram of the packet transmitting / receiving apparatus according to Embodiment 1 of the present invention. FIG. 5 is a schematic diagram showing an example of a packet format when a packet and a frame are generated and transmitted using MPEG-TS. FIG. 6 is a schematic diagram for explaining a protocol stack according to the first embodiment of the present invention. FIG. 7 is a block diagram of a packet transmitting / receiving apparatus according to Embodiment 2 of the present invention. FIG. 8 is a block diagram of a packet transmitting / receiving apparatus according to Embodiment 3 of the present invention. FIG. 9 is an explanatory diagram using a protocol stack according to the third embodiment of the present invention. FIG. 10 is a schematic diagram illustrating an example of a packet format when a packet and a frame are generated and transmitted using MPEG-TS. FIG. 11 is a block diagram of a packet transmitting / receiving apparatus according to Embodiment 4 of the present invention. FIG. 12 is a block diagram for explaining packetizing means and packet receiving means according to Embodiment 4 of the present invention. FIG. 13 is a block diagram illustrating a packetizing unit and a packet receiving unit according to the fifth embodiment of the present invention. FIG. 14 is a schematic diagram of a protocol stack according to the fifth embodiment of the present invention. FIG. 15 is a schematic diagram when the error correction method is the Reed-Solomon method. FIG. 16 is a schematic diagram when the error correction method is a parity method. FIG. 17 is a block diagram of a packet transmitting / receiving apparatus according to Embodiment 6 of the present invention. FIG. 18 is a block diagram of a packet transmitting / receiving apparatus according to another embodiment of the sixth embodiment of the present invention. FIG. 19 is a block diagram of a packet transmitting unit according to the seventh embodiment of the present invention. FIG. 20 is a schematic diagram of a protocol stack of a priority packet. FIG. 21 is a schematic diagram of transmission timing of a priority packet and a general packet. FIG. 22 is a block diagram of a packet transmitting unit according to a modification of the seventh embodiment of the present invention. FIG. 23 is a block diagram of a packet transmitting unit according to the eighth embodiment of the present invention. FIG. 24 is a block diagram of a packet transmitting unit according to a modification of the eighth embodiment of the present invention. FIG. 25 is a block diagram of a packet transmitting unit according to Embodiment 9 of the present invention. FIG. 26 is a block diagram of priority data packetizing means according to a modification of the ninth embodiment of the present invention. FIG. 27 is a block diagram of priority data packetizing means according to another modification of Embodiment 9 of the present invention. FIG. 28 is a diagram illustrating a packet configuration when the error correction is a parity processing method. FIG. 29 is a diagram illustrating a packet configuration when error correction is performed by the Reed-Solomon method. FIG. 30 is a block diagram of a packet transmitting unit according to the tenth embodiment of the present invention. FIG. 31 is a block diagram of priority data packetizing means according to the tenth embodiment of the present invention. FIG. 32 is a block diagram of priority data packet means according to the eleventh embodiment of the present invention. FIG. 33 is a schematic diagram for explaining the switching timing of encryption. FIG. 34 is a block diagram of priority data packet means according to the twelfth embodiment of the present invention. FIG. 35 is a block diagram of a packet transmission system applied to IEEE 1394 stream transmission according to Embodiment 13 of the present invention. FIG. 36 is a block diagram of a packet transmission system applied to transmission of an SDI / SDTI / DVB-ASI stream according to Embodiment 13 of the present invention. FIG. 37 is a block diagram of a packet transmitting / receiving apparatus according to Embodiment 13 of the present invention. FIG. 38 is a schematic diagram showing that an MPEG-TS is transmitted via a transmission medium conforming to the IEEE 1394 standard using the DTCP method.

Explanation of reference numerals

401 packet transmitting / receiving apparatus 402 authentication / key exchange means 403 packetizing means 404 transmission condition setting managing means 405 packet receiving means 406 encrypting means 407 decrypting means 408 receiving condition setting managing means 409 framing means 410 frame receiving means

Claims (51)

A packet transmitting / receiving device that transmits a transmission packet and receives a reception packet,
Authentication / key exchange means for generating an encryption key and a decryption key;
Encryption means for generating encrypted transmission data by encrypting the transmission data using the encryption key,
A transmission condition setting management unit that generates transmission condition setting information for setting a transmission condition of the transmission packet, using at least one of the transmission condition related information, transmission / reception management information, and reception condition setting information;
Packetizing means for generating the transmission packet using the encrypted transmission data;
Using at least one of reception condition related information and packet reception information, reception condition setting management means for generating reception condition setting information for setting a reception condition of the received packet,
A packet receiving unit for receiving the received packet, wherein the reception data included in the received packet is extracted from the received packet using the reception condition setting information, and the packet reception information is generated from the received packet. And outputting the packet reception information to the authentication / key exchange means or the reception condition setting management means,
A packet transmission / reception device comprising: a decryption unit that decrypts the received data using the decryption key. The packetizing means includes packet additional information generating means for generating packet additional information using at least one of the transmission condition setting information and authentication / key exchange related information related to the authentication / key exchange means,
The packetizing means generates the transmission packet by adding the packet additional information to the encrypted transmission data,
The packet transmitting / receiving apparatus according to claim 1, wherein the packet receiving unit includes a packet additional information extracting unit that extracts packet additional information included in the transmission packet. Framing means for generating a transmission frame using the transmission packet,
The packet transmitting / receiving apparatus according to claim 1, further comprising: a frame receiving unit that receives a received frame and extracts the received packet from the received frame. First queue means for temporarily storing the first packet generated by the packetizing means;
A second queue unit for temporarily storing the second packet generated by the packetizing unit;
Transmission for controlling which of the first packet stored in the first queue means and the second packet stored in the second queue means is transmitted based on the transmission condition setting information. Queue control means;
Framing means for generating a transmission frame by framing a first packet output from the first queue means and a second packet output from the second queue means;
The packet transmitting / receiving apparatus according to claim 1, further comprising: frame receiving means for extracting the received packet from a received frame.   The transmission queue control means includes: information relating to a transmission path of the first packet or the second packet; information relating to a bandwidth required to transmit the first packet or the second packet; The information is stored in the first queue means using at least one of information on a delay from transmission of a transmission packet to arrival and information on a priority of the first packet or the second packet. The packet transmission / reception device according to claim 4, wherein the packet transmission / reception device controls which of the first packet and the second packet stored in the second queue unit is transmitted.   The transmission queue control means includes an RSVP method described in IETF rfc2205, rfc2208, and rfc2209, an Intserv method described in IETF rfc2210, rfc2211, 2212, and rfc2215, and a method described in IETF rfc2474, rfc2475, and rfc2597 in rfc2597. The packet transmission / reception device according to claim 5, wherein one of the control methods is used.   The transmission queue control unit selects and selects one of the first packet stored in the first queue unit and the second packet stored in the second queue unit. The packet transmission / reception device according to claim 4, wherein the first queue unit and the second queue unit are controlled so as to output a packet preferentially.   When the amount of the first packet stored in the second queue does not exceed a predetermined amount, the transmission queue control unit controls the first packet stored in the first queue. Is output with priority, and when the amount of the second packet stored in the second queue means exceeds a predetermined amount, the second packet stored in the second queue means is output. The packet transmission / reception device according to claim 4, wherein the first queue unit and the second queue unit are controlled so as to output the packets with priority.   The transmission queue control unit may control the first packet so as to average an interval between the first packet transmitted from the first queue unit and the second packet transmitted from the second queue unit. The packet transmitting / receiving apparatus according to claim 4, wherein the packet transmitting / receiving apparatus controls the queue means and the second queue means.   The transmission condition setting management unit and the reception condition setting management unit detect a maximum transmission packet size in a path from a transmission destination of the transmission packet to a reception destination during a period from transmission of the transmission frame to arrival of the transmission frame, The packet transmission / reception device according to claim 1, wherein the transmission condition setting information and the reception condition setting information are generated using maximum transmission packet size information.   The packet transmitting / receiving apparatus according to claim 3, wherein the framing unit adds an IEEE 802.3 standard frame header to the transmission packet generated by the packetizing unit.   The packet transmitting / receiving apparatus according to claim 3, wherein the framing unit adds an IEEE 802.1Q standard frame header to the transmission packet generated by the packetizing unit.   2. The packet transmitting / receiving apparatus according to claim 1, wherein the packetizing unit converts the encrypted transmission data into a predetermined size, and adds an IP (Internet Protocol) header specified by the IETF as IPv4 or IPv6.   The packet transmitting / receiving apparatus according to claim 1, wherein the packetizing means adds information indicating that the packet is a priority packet to a service type field of an IPv4 header or a TOS (Type of Service) field in the service type field.   The packet transmitting / receiving apparatus according to claim 1, wherein the packetizing unit adds information indicating that the packet is a priority packet to a priority field of an IPv6 header. The packetizer includes a first packetizer and a second packetizer,
The first packetizing means generates the first packet using at least one of the transmission condition setting information and the authentication / key exchange related information;
The second packetizing means generates the second packet using at least one of the transmission condition setting information, the authentication / key exchange related information, and the encrypted transmission data. 5. The packet transmitting / receiving device according to 4. The packetizing means converts the encrypted transmission data into a predetermined size, and adds an IP header defined by the IETF as IPv4 or IPv6,
17. The packet transmitting / receiving apparatus according to claim 16, wherein said first packetizing means is constituted by software, and said second packetizing means is constituted by hardware. Further comprising a data separation unit for separating the transmission data into priority data and general data,
The encrypting means encrypts the priority data,
17. The packet transmission / reception device according to claim 16, wherein the first packetizing unit generates a first packet using the general data.   19. The packet according to claim 18, wherein the first packetizing unit adds at least one header of RTCP, RTSP, HTTP, TCP, UDP, and IP, which are data processing protocols defined in the IETF document. Transmitter / receiver.   The second packetizer adds a sequence number to the data, or adds at least one header of RTP, UDP, HTTP, TCP, and IP, which are data processing protocols defined in the IETF document. The packet transmission / reception device according to claim 18, which performs the operation.   The priority data is an uncompressed SD signal defined by the SMPTE 259M standard, an uncompressed HD format defined by the SMPTE 292M standard, or a DV or MPEG-TS transmission by IEEE 1394 defined by the IEC 61883 standard. 20. A stream format or a data stream format of at least one of an MPEG-TS format, an MPEG-PS format, an MPEG-ES format, and an MPEG-PES format according to DVB-ASI defined by DVB standard A010. A packet transmitting / receiving apparatus according to claim 1.   17. The packet transmitting / receiving apparatus according to claim 16, wherein said second packetizing means includes an error correction code adding means.   23. The packet transmission / reception device according to claim 22, wherein a system of the error correction code used in the error correction code adding unit is a Reed-Solomon system or a parity system.   The information indicating the encryption key outputs decryption information of the encryption key from the framing unit before outputting a transmission packet encrypted with the encryption key in the framing unit. 17. The packet transmission / reception device according to 16.   The information indicating the encryption key is transmitted from the transmission frame to the reception frame corresponding to the transmission frame, when the transmission packet including the encrypted transmission data generated using the encryption key is transmitted. The packet transmission / reception device according to claim 24, wherein the packet transmission / reception device is transmitted before the time until the reception of the packet.   The authentication / key exchange means, when the position information of the packet transmitting / receiving apparatus and the position information of the destination of the transmission packet or the position information of the transmission source of the reception packet match predetermined conditions, perform authentication. The packet transmission / reception device according to claim 1, wherein the packet transmission / reception device permits the packet transmission / reception.   The packet according to claim 26, wherein the transmission / reception management information includes at least one of location information of the packet transmission / reception device, location information of an arrival destination of the transmission packet, and location information of a transmission source of the reception packet. Transmitter / receiver.   28. The packet transmitting / receiving apparatus according to claim 27, wherein the position information is information in which a range is designated by a region code, an address, a postal code, or longitude and latitude.   The authentication / key exchange means, between the packet transmission / reception device and the destination of the transmission packet or the transmission source of the reception packet, receives the destination of the transmission packet or the reception source of the reception packet from the packet transmission / reception device. 27. The packet transmission / reception device according to claim 26, wherein the authentication is permitted when the one-way or round-trip propagation time to is shorter than a predetermined time limit.   The authentication / key exchange means scrambles data in the wireless transmission section when a wireless transmission section exists in a transmission / reception section between the packet transmission / reception device and the destination of the transmission packet or the transmission source of the reception packet. 27. The packet transmitting / receiving apparatus according to claim 26, wherein authentication is permitted when it is confirmed that the transmission mode is selected. The authentication / key exchange means,
When authentication is performed between the packet transmitting / receiving apparatus and the destination of the transmission packet or the source of the reception packet, information on the destination of the transmission packet or the source of the reception packet is temporarily stored. Storage means for performing
When the authentication is not established because the packet transmission / reception device and the destination of the transmission packet or the source of the reception packet do not match the predetermined condition, the information stored in the storage unit and Collating information on the destination of the transmission packet or information on the destination of the reception packet, and performing authentication between the packet transmitting / receiving device and the destination of the transmission packet or the source of the reception packet. 27. The packet transmitting / receiving apparatus according to claim 26, further comprising: a matching unit.   32. The packet transmitting / receiving apparatus according to claim 31, wherein the information on the destination of the transmission packet or the information on the destination of the reception packet includes at least one of a certificate, a MAC address, and biometric information.   The packet transmitting / receiving apparatus according to claim 1, wherein the authentication / key exchange unit performs a predetermined authentication and key exchange, and updates an encryption key or a decryption key in a predetermined period.   The packet transmission / reception device according to claim 33, wherein timing information indicating a timing at which the authentication / key exchange unit updates the decryption key is added to the transmission packet.   34. The packet transmitting / receiving apparatus according to claim 33, wherein the timing at which the authentication / key exchange unit updates the decryption key is notified by changing a TCP port number or a UDP port number of the transmission packet.   The packet transmitting / receiving apparatus according to claim 33, wherein the timing at which the authentication / key exchange unit updates the decryption key is updated for each HTTP request when the transmission packet uses HTTP. 34. The packet transmitting / receiving apparatus according to claim 33, wherein a timing at which the authentication / key exchange unit updates the decryption key is changed for each fixed data amount when the transmission packet uses HTTP.   The packet transmitting / receiving apparatus according to claim 33, wherein the timing at which the authentication / key exchange unit updates the decryption key is updated within a predetermined period when the transmission packet uses RTP.   34. The packet transmission / reception device according to claim 33, wherein the DTCP copy control information in the authentication / key exchange means is transmitted by adding encryption mode information to the transmission packet.   19. The packet transmitting / receiving apparatus according to claim 18, wherein the transmission queue control unit controls the first queue unit and the second queue unit so that the data rate of the priority data does not become smaller than a predetermined value.   The transmission queue control unit may be configured to control the transmission queue control unit so that the time during which the priority data is stored in the second queue unit is always smaller than a predetermined value. 41. The packet transmitting / receiving apparatus according to claim 40, wherein the packet transmitting / receiving apparatus controls the queue means. The second packetizing means includes buffer means for temporarily storing data, counter means for counting the length of the data, packet header generating means for generating a packet header of the second packet, Packet combining means for combining a packet by combining a packet header and a payload output from the buffer,
41. The packet transmitting / receiving apparatus according to claim 40, wherein the packet header generation unit specifies a payload length of the second packet, reads data stored in the buffer unit, and inputs the data to the packet combining unit. The second packetizing means includes buffer means for temporarily storing data extracted from the priority data, counter means for counting the length of the data, and a packet for generating a packet header using packetization information. Header generating means, and a packet generating means for generating a packet by combining the packet header and the payload,
41. The packet transmitting / receiving apparatus according to claim 40, wherein the counter outputs control data for reading data corresponding to a payload length from the buffer. The second packetizing means includes buffer means for temporarily storing data, counter means for counting the length of the data, packet header generating means for generating a packet header using packetization information, Error correction adding means for adding error correction to the data, including a packet combining means for combining the packet header and the data with the error correction added,
41. The packet transmitting / receiving apparatus according to claim 40, wherein the counter outputs control data for reading data corresponding to a payload length from the buffer.   In the layer that processes the received frame of the lower layer than the layer in which the priority data and the general data are processed, the priority data and the general data are selected from a communication protocol header of a reception packet included in the reception frame, 41. The packet transmitting / receiving apparatus according to claim 40, wherein the processing of the priority data and the processing of the general data are performed independently.   The second packetizing unit includes an encryption key switching unit, and switches the encryption key input to the encryption key switching unit at a specified timing and inputs the encryption key to the encryption unit, and performs encryption in the encryption unit. 2. The packet transmitting / receiving apparatus according to claim 1, wherein the key is switched at specified intervals.   47. The packet transmitting / receiving apparatus according to claim 46, wherein the timing used for the encryption key switching is a timing generated in synchronization with a predetermined sequence number in a packet header output from the packet header generating means.   47. The packet transmission / reception device according to claim 46, wherein the timing at which the authentication / key exchange unit updates the decryption key is updated for each HTTP request when the transmission packet uses HTTP.   47. The packet transmission / reception device according to claim 46, wherein a timing at which the authentication / key exchange unit updates the decryption key is changed for each fixed data amount when the transmission packet uses HTTP.   47. The packet transmitting / receiving apparatus according to claim 46, wherein the timing at which the authentication / key exchange unit updates the decryption key is updated within a predetermined period when the transmission packet uses RTP. 47. The packet transmitting / receiving apparatus according to claim 46, wherein the timing used for the encryption key switching is a timing generated in synchronization with an end point or a start point of an error correction matrix.

Images