JP2004357284A - Transmission/reception system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a transmission/reception system which restricts the distribution of contents to apparatuses other than an AD (Authorized Domain), and is hardly altered. <P>SOLUTION: A server 10 and a client 20 hold common secret information in respective secret information holding units 13 and 23. A server CRC unit 14 in the server 10 generates a CRC code after adding the secret information to communication data, and transmits the communication data with the CRC code attached. A client CRC unit 24 of the client 20 generates a CRC code after adding the secret information to communication data, and checks whether an error has occurred in the communication data on the communication path. Since the client 20 holds the secret information, the client 20 determines that an error has not occurred, and obtains the communication data. On the other hand, a router 30, which does not hold the secret information, cannot obtain the communication data. This prevents the communication data from being transferred to devices outside an authorized domain. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a transmission / reception system, and more particularly to a technique for preventing unauthorized use of content in content distribution.

  2. Description of the Related Art In recent years, a home network that connects home devices via a network and shares various contents has been realized. As one of the realization forms of the home network, a form in which each device such as a server, a television, an audio device, and the like is connected in a star configuration around a hub in the home is considered. Further, the hub is connected to a router which is the only one in the home connected to a network outside the home. Servers share various contents by acquiring and temporarily storing various contents from networks outside the home via hubs and routers, and distributing contents in response to requests from each device. Can be.

  On the other hand, unlimited sharing of contents is not allowed from the viewpoint of copyright protection. Therefore, contents that are permitted to be used only by devices in the home must be restricted from being distributed to devices outside the home. (Hereinafter, in this specification, a limited range in which content sharing is permitted is referred to as “AD: Authorized Domain”.) Therefore, when there is a request for distribution of content from each device, the server transmits the content. Must be delivered after confirming that the device is a device in the AD.

Therefore, Patent Document 1 focuses on a network address in IP (Internet Protocol), and determines whether or not the network address of a device that requests distribution of content by the server is the same as the network address of the server itself. It discloses a method of confirming that a device is a device in AD when they are the same.
JP 2001-285284 A

  However, since the setting of the network address can be easily changed by the user interface, a malicious user can register the network address in the AD to a device outside the AD. When there is a content distribution request from such a device outside the AD, the server recognizes the device as a device within the AD based on the network address and distributes the content, thereby restricting the content distribution to the device outside the AD. Can not do it.

  Therefore, an object of the present invention is to provide a transmission / reception system which can restrict content distribution to a device outside the AD and in which the above-described setting change is not easy.

(1) A transmission / reception system according to the present invention is a transmission / reception system including a transmission device and a reception device, wherein the transmission device obtains communication data, and a second secret held by the reception device. Transmitting side holding means for holding the first secret information which is the same as the information; converting the communication data obtained by the obtaining means by the secret information to generate conversion data; and performing predetermined code conversion on the conversion data. And a transmission unit for attaching the check code generated by the transmission side generation unit to the communication data before conversion and transmitting the same.

  The receiving device includes a receiving side holding unit that holds second secret information that is the same as the first secret information held by the transmitting device, and a communication data to which the check code transmitted by the transmitting unit is attached. A receiving side receiving means for receiving, and a receiving means for converting the communication data received by the receiving side receiving means with the secret information to generate conversion data, and performing the predetermined code conversion on the conversion data to generate a check code. Side generating means, and a check for checking whether an error has occurred in the communication data by comparing the check code generated by the receiving side generating means with the check code received by the receiving side receiving means. Means.

  According to the above configuration, the transmitting apparatus and the receiving apparatus mutually hold the common secret information, and can generate a check code by performing predetermined code conversion using the secret information on the communication data. As a result, the check code attached to the communication data transmitted from the transmission device and the check code generated in the reception device should match unless an error occurs in the communication data on the communication path. .

  When the transmitting device transmits the content data as the communication data, the receiving device acquires the content data if the check code attached to the content data matches the check code generated from the content data. If they do not match, it means that an error has occurred in the content data on the communication path, and therefore, even if the content data has been acquired, the receiving device determines that the content data cannot be used properly and discards it. Then, a retransmission request is made to the transmitting device, and finally, content data in which no error has occurred is obtained.

  On the other hand, a receiving device other than the above-described receiving device that does not hold common secret information with the transmitting device does not match the check code attached to the content data with the check code generated by itself from the content data. Even if data is acquired, it is determined that it cannot be used properly and discarded. Thereafter, even if a retransmission request is made to the transmitting apparatus, the check codes do not match.

As described above, the transmission device and the reception device hold the common secret information with each other, and use the check code generated by performing the predetermined code conversion using the secret information, thereby restricting the unrestricted distribution of the content data. be able to.
Even if the transmitting device transmits the authentication data as the communication data before the distribution of the content, the transmitting device also holds the common secret information and performs predetermined code conversion using the secret information. Only the receiving device capable of acquiring the authentication data can acquire the authentication data, and can return response data in response to the authentication data to the transmitting device.
(2) Further, in addition to the first mode in which the transmission-side generating means converts the communication data with the secret information to generate conversion data and performs predetermined code conversion on the conversion data to generate a check code, A second mode for performing a predetermined code conversion on the communication data to generate a check code, generating the check code in a mode determined for each communication data, Performing a predetermined code conversion on the communication data in addition to a first mode in which the communication data is converted by the secret information to generate conversion data, and the conversion data is subjected to a predetermined code conversion to generate a check code. It is also possible to switch to a second mode for generating a check code by using a mode determined for each communication data.

  According to the configuration, the check code generation method includes the first mode and the second mode, and the transmitting device and the receiving device select a mode predetermined for each communication data and generate the check code. be able to. The check codes generated in the first mode in the transmitting device do not match each other unless the check codes are generated in the first mode in the receiving device. That is, only a specific receiving device that holds the secret information common to the transmitting device can acquire the communication data.

On the other hand, since the check code generated in the second mode does not use secret information, there is no possibility that only specific receiving devices can acquire communication data.
Therefore, if the communication data is content data for which unrestricted distribution is to be restricted, the check code is generated in the first mode. If the communication data is content data that does not need to be restricted, the check code is generated in the second mode. If it is determined in advance that the content data is generated, it is possible to restrict the distribution of only the content data for which unrestricted distribution is to be restricted.
(3) Further, the transmission / reception system further includes a transfer device for transferring communication data from the transmission device, to which the check code is attached, to an external device, wherein the transfer device transmits the communication data from the transmission device to the external device. Transfer-side receiving means for receiving the communication data attached with the check code transmitted thereto, and transfer-side generating means for performing the predetermined code conversion on the communication data received by the transfer-side receiving means to generate a check code And determining whether or not the check code generated by the transfer-side generating means and the check code received by the transfer-side receiving means are the same, and transferring the communication data if it is determined that the check codes are the same. An inspection means for discarding the communication data when it is determined that they are not the same may be provided.

  According to the above configuration, when receiving the communication data addressed to the external device, the transfer device transfers and checks if the check code attached to the communication data matches the check code generated by the communication data by itself. If not, do not forward. Here, since the transfer device has only the second mode for performing predetermined code conversion on the communication data, the transfer device does not transfer the communication data to which the check code generated in the first mode is attached.

Therefore, it is possible to prevent transfer of content data that is determined to generate a check code in the first mode to an external device.
(4) A transmitting device according to the present invention is a transmitting device that transmits communication data to a receiving device, wherein the obtaining device obtains the communication data, the holding device holds secret information common to the receiving device, Code generating means for converting the communication data obtained by the obtaining means with the secret information to generate converted data, performing predetermined code conversion on the converted data to generate a check code, and code code generated by the code generating means. Transmitting means for attaching a check code to the communication data before conversion and transmitting the check code to the receiving device.

  According to the above configuration, the transmitting device holds the common secret information common to the receiving device, and can generate a check code by performing predetermined code conversion using the secret information on the communication data. Here, similarly, if the receiving device performs a predetermined code conversion using the secret information on the communication data to generate a check code, the check code attached to the communication data transmitted from the transmitting device is used. And the check code generated by the receiving device should match unless an error occurs in the communication data on the communication path.

  When the transmitting device transmits the content data as the communication data, the receiving device acquires the content data if the check code attached to the content data matches the check code generated from the content data. If they do not match, it means that an error has occurred in the content data on the communication path, and therefore, even if the content data is acquired, the receiving device determines that the content data cannot be used properly and discards it. Then, a retransmission request is made to the transmitting device, and finally, content data in which no error has occurred is obtained.

  On the other hand, a receiving device other than the above-described receiving device that does not hold common secret information with the transmitting device does not match the check code attached to the content data with the check code generated by itself from the content data. Even if data is acquired, it is determined that it cannot be used properly and discarded. Even if a retransmission request is made to the transmitting device, the check codes do not match.

As described above, the transmission device holds the secret information common to the reception device, and uses the check code generated by performing the predetermined code conversion using the secret information, thereby restricting the unrestricted distribution of the content data. Can be.
Note that, even if the transmitting device transmits the authentication data as the above-described communication data before the distribution of the content, it is the same as the case where the above-described content data is transmitted as the communication data.
(5) In addition to the first mode in which the code generation means converts the communication data using the secret information to generate conversion data and performs a predetermined code conversion on the conversion data to generate a check code, The communication data may be switched to a second mode in which a predetermined code conversion is performed to generate a check code, and any one of the modes may be selected based on a predetermined selection criterion to generate the check code.

  According to the configuration, the check code generation method includes the first mode and the second mode, and the transmitting apparatus can select the mode based on a predetermined selection criterion and generate the check code. The check codes generated in the first mode in the transmitting device do not match each other unless the check codes are generated in the first mode in the receiving device. That is, only a specific receiving device that holds the secret information common to the transmitting device can acquire the communication data.

On the other hand, since the check code generated in the second mode does not use secret information, there is no possibility that only specific receiving devices can acquire communication data.
(6) Further, the code generation means may select a mode predetermined for each communication data as the predetermined selection criterion.
According to the above configuration, whether to select the first mode or the second mode is determined for each communication data.

Therefore, if the communication data is content data for which unrestricted distribution is to be restricted, the check code is generated in the first mode. If the communication data is content data that does not need to be restricted, the check code is generated in the second mode. If it is determined in advance that the content data is generated, it is possible to restrict the distribution of only the content data for which unrestricted distribution is to be restricted.
(7) Further, the predetermined code conversion may be code conversion using any one of a CRC (Cyclic Redundancy Check), a hash function, and a checksum.

Since these code conversions can be realized by hardware, it is difficult for a malicious user to modify the code.
(8) An integrated circuit according to the present invention is an integrated circuit that transmits communication data to a receiving device, wherein the obtaining unit obtains the communication data, the holding unit holds secret information common to the receiving device, Code generating means for converting the communication data obtained by the obtaining means with the secret information to generate converted data, performing predetermined code conversion on the converted data to generate a check code, and code code generated by the code generating means. Transmitting means for attaching a check code to the communication data before conversion and transmitting the check code to the receiving device.

  According to the above configuration, the integrated circuit holds the secret information common to the receiving device, and can perform a predetermined code conversion using the secret information on the communication data to generate the check code. Here, similarly, if the receiving device performs the predetermined code conversion using the secret information on the communication data to generate the check code, the check code attached to the communication data transmitted from the integrated circuit is used. And the check code generated by the receiving device should match unless an error occurs in the communication data on the communication path.

  When the integrated circuit transmits the content data as the communication data, the receiving device acquires the content data if the check code attached to the content data matches the check code generated from the content data. If they do not match, it means that an error has occurred in the content data on the communication path, and therefore, even if the content data is acquired, the receiving device determines that the content data cannot be used properly and discards it. Then, a retransmission request is made to the integrated circuit, and finally, content data in which no error has occurred is obtained.

  On the other hand, a receiving device other than the above-described receiving device that does not hold the common secret information with the integrated circuit does not match the check code attached to the content data with the check code generated by itself from the content data. Even if data is acquired, it is determined that it cannot be used properly and discarded. Even if a retransmission request is made to the integrated circuit, the check codes do not match.

As described above, the unlimited distribution of the content data is restricted by the integrated circuit holding the secret information common to the receiving device and using the check code generated by performing the predetermined code conversion using the secret information. Can be.
(9) A receiving device according to the present invention is a receiving device that receives communication data from a transmitting device, a holding unit that holds secret information common to the transmitting device, and a check code transmitted by the transmitting device. Receiving means for receiving communication data attached thereto, and converting the communication data received by the receiving means with the secret information to generate conversion data, and performing predetermined code conversion on the conversion data to generate a check code And checking whether or not an error has occurred in the communication data by comparing the check code generated by the code generation unit with the check code received by the reception-side receiving unit. Inspection means.

  According to the above configuration, the receiving device holds the secret information common to the transmitting device, and can perform a predetermined code conversion using the secret information on the communication data to generate the check code. Here, similarly, if the transmitting device performs a predetermined code conversion using the secret information on the communication data to generate a check code, the check code attached to the communication data transmitted from the transmitting device. And the check code generated by the receiving device should match unless an error occurs in the communication data on the communication path.

  When the transmitting device transmits the content data as the communication data, the receiving device acquires the content data if the check code attached to the content data matches the check code generated from the content data. If they do not match, it means that an error has occurred in the content data on the communication path, and therefore, even if the content data is acquired, the receiving device determines that the content data cannot be used properly and discards it. Then, a retransmission request is made to the transmitting device, and finally, content data in which no error has occurred is obtained.

  On the other hand, a receiving device other than the above-described receiving device that does not hold common secret information with the transmitting device does not match the check code attached to the content data with the check code generated by itself from the content data. Even if data is acquired, it is determined that it cannot be used properly and discarded. Even if a retransmission request is made to the transmitting device, the check codes do not match.

As described above, the receiving apparatus holds the common secret information common to the transmitting apparatus, and uses the check code generated by performing the predetermined code conversion using the secret information, thereby restricting the unlimited distribution of the content data. Can be.
Note that, even if the transmitting device transmits the authentication data as the above-described communication data before the distribution of the content, it is the same as the case where the above-described content data is transmitted as the communication data.
(10) In addition to the first mode in which the code generation unit converts the communication data with the secret information to generate conversion data and performs a predetermined code conversion on the conversion data to generate a check code, The communication data may be switched to a second mode in which a predetermined code conversion is performed to generate a check code, and any one of the modes may be selected based on a predetermined selection criterion to generate the check code.

  According to the above configuration, the check code generation method includes the first mode and the second mode, and the receiving apparatus can select the mode based on a predetermined selection criterion and generate the check code. Check codes generated in the first mode in the receiving device do not match each other unless the check codes are generated in the transmitting device in the first mode. That is, only a specific receiving device that holds the secret information common to the transmitting device can acquire the communication data.

On the other hand, since the check code generated in the second mode does not use secret information, there is no possibility that only specific receiving devices can acquire communication data.
(11) Further, the code generation means may select a mode predetermined for each communication data as the predetermined selection criterion.
According to the above configuration, whether to select the first mode or the second mode is determined for each communication data.

Therefore, if the communication data is content data for which unrestricted distribution is to be restricted, the check code is generated in the first mode. If the communication data is content data that does not need to be restricted, the check code is generated in the second mode. If it is determined in advance that the content data is generated, it is possible to restrict the distribution of only the content data for which unrestricted distribution is to be restricted.
(12) Further, the predetermined code conversion may be code conversion using any one of a CRC (Cyclic Redundancy Check), a hash function, and a checksum.

Since these code conversions can be realized by hardware, it is difficult for a malicious user to modify the code.
(13) An integrated circuit according to the present invention is an integrated circuit that receives communication data from a transmitting device, a holding unit that holds secret information common to the transmitting device, and a check code transmitted by the transmitting device. Receiving means for receiving communication data attached thereto, and converting the communication data received by the receiving means with the secret information to generate conversion data, and performing predetermined code conversion on the conversion data to generate a check code And checking whether or not an error has occurred in the communication data by comparing the check code generated by the code generation unit with the check code received by the reception-side receiving unit. Inspection means.

  According to the above configuration, the integrated circuit holds secret information common to the transmitting device, and can perform a predetermined code conversion using the secret information on communication data to generate a check code. Here, similarly, if the transmitting device performs a predetermined code conversion using the secret information on the communication data to generate a check code, the check code attached to the communication data transmitted from the transmitting device. And the check code generated in the integrated circuit should match unless an error occurs in the communication data on the communication path.

  When the transmitting device transmits the content data as the communication data, the integrated circuit acquires the content data if the check code attached to the content data matches the check code generated from the content data. If they do not match, it means that an error has occurred in the content data on the communication path, so the integrated circuit determines that even if the content data is acquired, it cannot be used properly and discards it. Then, a retransmission request is made to the transmitting device, and finally, content data in which no error has occurred is obtained.

  On the other hand, for the integrated circuits other than the above-described integrated circuits, which do not hold the common secret information with the transmitting device, the check code attached to the content data does not match the check code generated by itself from the content data. Even if data is acquired, it is determined that it cannot be used properly and discarded. Even if a retransmission request is made to the transmitting device, the check codes do not match.

As described above, the unlimited distribution of the content data is restricted by using the check code generated by performing the predetermined code conversion using the secret information by the integrated circuit holding the secret information common to the transmitting device. Can be.
(14) A transfer device according to the present invention is a transfer device for transferring communication data to which a check code is attached, and includes a storage unit that stores identification information of a predetermined receiving device in advance, Receiving means for receiving communication data to which a check code is attached, transmitted to the receiver, and for communication data received by the receiving means, determining whether or not an error check is required based on the identification information; If necessary, an error check is performed by the check code, and if there is no error in the communication data, the communication data is transferred to the receiving device.If the error check is unnecessary, the communication data is received without performing an error check. Transfer means for transferring the data to the device.

According to the above configuration, the transfer device can receive the communication data transmitted from the transmission device to the reception device, and transfer the communication data to the predetermined reception device without performing the error check.
Accordingly, even if the transmitting apparatus attaches a special check code to the communication data and recognizes that only the predetermined receiving apparatus has no error in the communication data, and transmits the communication data, When data is received, it is possible to avoid a situation in which it is recognized that an error has occurred and is not transferred.
(15) In addition, the transfer unit performs a predetermined code conversion on the communication data when an error check is required to generate a check code, and a check code generated by the code generation unit. Checking means for judging whether the check code received by the receiving means is the same or not, transferring the communication data when it is judged to be the same, and discarding the communication data when it is judged not to be the same May be included.

According to the above configuration, the transmitting device holds the secret information common to the receiving device, performs predetermined code conversion using the secret information on the communication data to generate a check code, and converts the check code into the communication data. Even when the transmission data is attached to the transmission data, it is possible to avoid a situation in which the transmission device recognizes that an error has occurred and does not transmit the data when receiving the communication data.
(16) An integrated circuit according to the present invention is an integrated circuit for transferring communication data to which a check code is attached, and includes a storage unit for storing identification information of a predetermined receiving device in advance, and a transmitting device to a receiving device. Receiving means for receiving communication data to which a check code is attached, transmitted to the receiver, and for communication data received by the receiving means, determining whether or not an error check is required based on the identification information; If necessary, an error check is performed using the check code, and if there is no error in the communication data, the communication data is transferred to the receiving device.If no error check is required, the communication data is transmitted without performing an error check. Transfer means for transferring the data to the receiving device.

According to the above configuration, the integrated circuit can receive communication data transmitted from the transmitting device to the receiving device, and transfer the communication data addressed to the predetermined receiving device without performing an error check.
Accordingly, even when the transmitting device transmits a special check code attached to the communication data that only the predetermined receiving device recognizes as having no error in the communication data, the integrated circuit performs the communication. When data is received, it is possible to avoid a situation in which it is recognized that an error has occurred and is not transferred.
(17) A transfer device according to the present invention is a transfer device for transferring communication data to which a check code is attached, a holding unit for holding secret information common to a transmission device, and identification information of a predetermined reception device in advance. Storage means for storing the communication data transmitted from the transmission apparatus to the reception apparatus and having the check code attached thereto, and the communication data received by the reception means is converted by the secret information. Code generating means for generating conversion data, performing predetermined code conversion on the converted data to generate a check code, a check code generated by the code generation means, and a check code received by the receiving side receiving means. Checking means for checking whether or not an error has occurred in the communication data, and for the communication data received by the receiving means, Transfer determining means for determining whether transfer is possible based on the identification information, and determining that no error has occurred, and determining that the transfer is permitted by the transfer determining means. Transfer means for transferring the communication data.

  According to the above configuration, the transfer device holds the secret information common to the transmission device, and can perform a predetermined code conversion using the secret information on the communication data to generate the check code. Here, similarly, if the transmitting device performs a predetermined code conversion using the secret information on the communication data to generate a check code, the check code attached to the communication data transmitted from the transmitting device. And the check code generated in the transfer device should match unless an error occurs in the communication data on the communication path.

Further, if the check codes match each other, the transfer device transfers only communication data addressed to a predetermined receiving device.
Thus, the transfer device can perform error detection on communication data from the transmission device, and can transfer the communication data only to a predetermined reception device.
(18) Further, the holding unit further holds secret information common to the receiving device, and the transfer unit converts the communication data with the secret information to generate conversion data, and A predetermined code conversion may be performed to generate a check code, and the generated check code may be attached to the communication data and transferred to the receiving device.

  According to the above configuration, the transfer device holds the secret information common to the receiving device, and can perform a predetermined code conversion using the secret information on the communication data to generate the check code. Here, similarly, if the receiving device performs a predetermined code conversion using the secret information on the communication data to generate a check code, the check code attached to the communication data transmitted from the transmitting device is used. And the check code generated by the receiving device should match unless an error occurs in the communication data on the communication path.

Accordingly, the transfer device can attach, to the communication data to the predetermined receiving device, a check code that only the predetermined receiving device recognizes as having no error.
(19) An integrated circuit according to the present invention is an integrated circuit for transferring communication data to which a check code is attached, a holding unit for holding secret information common to a transmitting device, and identification information of a predetermined receiving device in advance. Storage means for storing the communication data transmitted from the transmission apparatus to the reception apparatus and having the check code attached thereto, and the communication data received by the reception means is converted by the secret information. Code generation means for generating conversion data, performing predetermined code conversion on the conversion data to generate a check code, a check code generated by the code generation means, and a check received by the reception side reception means. Checking means for checking whether an error has occurred in the communication data by collating with a code; and identifying the communication information received by the receiving means with the identification information. Transfer determination means for determining whether or not transfer is possible based on the identification information based on the identification information, and the inspection means determines that no error has occurred, and the transfer determination means determines that the transfer is permitted. Transfer means for transferring the communication data.

  According to the above configuration, the integrated circuit holds secret information common to the transmitting device, and can perform a predetermined code conversion using the secret information on communication data to generate a check code. Here, similarly, if the transmitting device performs a predetermined code conversion using the secret information on the communication data to generate a check code, the check code attached to the communication data transmitted from the transmitting device. And the check code generated in the transfer device should match unless an error occurs in the communication data on the communication path.

When the check codes match, the integrated circuit transfers only communication data addressed to a predetermined receiving device.
Thus, the integrated circuit can perform error detection on communication data from the transmitting device, and can transfer the communication data only to a predetermined receiving device.
(20) A content distribution system according to the present invention is a content distribution system including a content distribution device and a content use device, wherein the content distribution device is the same as the second secret information held by the content use device. Distribution side holding means for holding certain first secret information; and request data for requesting return of reply data to the content use device, are converted by the secret information into conversion data, and a predetermined code is added to the conversion data. The transmitting side generating means for performing the conversion to generate the check code, the transmitting means for attaching the check code generated by the transmitting side generating means to the request data before the conversion and transmitting the same, and the transmitting means When the reply data is received from the content use device that has received the request data, the content is used for the content use device. And a delivery means for delivering the tool.

  The content use device includes a use-side holding unit that holds the second secret information that is the same as the first secret information held by the content distribution device, and a request attached with the check code transmitted by the transmission unit. Receiving means for receiving data, and use-side generating means for converting request data received by the receiving means into converted data by using the secret information and performing predetermined code conversion on the converted data to generate a check code Checking means for checking whether an error has occurred in the request data by comparing the check code generated by the use-side generating means with the check code received by the receiving means; Reply means for decrypting the request data and returning the reply data to the content distribution device when the checking means determines that no error has occurred. Equipped with a.

According to the above configuration, the content distribution device holds secret information common to the content using device, and can perform a predetermined code conversion using the secret information on the request data to generate a check code.
Further, the content using apparatus holds secret information common to the content distribution apparatus, and can perform a predetermined code conversion using the secret information on the request data to generate a check code.

With this, the check code attached to the request data transmitted from the content distribution device and the check code generated from the request data in the content use device can be used if there is no error in the request data on the communication path. Should match.
If it is determined that no error has occurred in the request data, the content use device decrypts the request data and returns reply data to the content distribution device. Upon receiving the reply data, the content distribution device distributes the content to the content using device. As described above, the content using device can receive the distribution of the content from the content distribution device.

  On the other hand, in the content use devices other than the above content use devices that do not hold common secret information with the content distribution device, the check code attached to the request data does not match the check code generated from the request data. Therefore, the request data is discarded as having an error on the communication path. Even if a retransmission request is made to the content distribution device, the check codes do not match.

As described above, the content distribution device and the content use device mutually hold the common secret information, and perform the authentication process using the check code generated by performing the predetermined code conversion using the secret information, thereby enabling the content to be authenticated. Unlimited distribution can be restricted.
(21) A content distribution device according to the present invention is a content distribution device that distributes content to a content utilization device, wherein a holding unit that retains secret information common to the content utilization device, and reply data to the content utilization device Request data for requesting to send back the data, converting the converted data into the converted data using the secret information, performing predetermined code conversion on the converted data to generate a check code, and generating the check code. Transmitting means for transmitting the check code attached to the request data before conversion and transmitting the request data transmitted by the transmitting means, and determining that no error has occurred in the request data by the check code. When receiving the reply data from the content using device, the content is delivered to the content using device. And a stage.

  According to the above configuration, the content distribution device holds common secret information common to the content use device, and can generate a check code by performing predetermined code conversion using the secret information on the request data. . Here, similarly, if the specification is such that the content use device performs a predetermined code conversion using the secret information on the request data to generate a check code, the content use device is attached to the request data transmitted from the content distribution device. The check code and the check code generated in the content using device should match if no error occurs in the communication data on the communication path. Then, the content use device should acquire the request data, decode it, and return the reply data.

Upon receiving the reply data, the content distribution device distributes the content to the content using device.
On the other hand, in the content use devices other than the above content use devices that do not hold common secret information with the content distribution device, the check code attached to the request data does not match the check code generated from the request data. Therefore, the request data is discarded as having an error on the communication path. That is, no reply data is sent back. Therefore, the content distribution device does not receive the reply data and does not distribute the content.

As described above, the content distribution device and the content use device mutually hold the common secret information, and perform the authentication process using the check code generated by performing the predetermined code conversion using the secret information, thereby enabling the content to be authenticated. Unlimited distribution can be restricted.
(22) The return data is converted into the converted data by converting the return data with the secret information in the content use device, and a check code generated by performing the predetermined code conversion on the converted data is attached. The distribution means receives the return data, converts the secret data into converted data, performs the predetermined code conversion on the converted data to generate a check code, and generates the check code. Checking the return data for an error by comparing the code with the attached check code, and distributing the content when it is determined that no error has occurred. It may be.

According to the above configuration, the check code subjected to the same code conversion as that of the request data is also attached to the reply data, and the content distribution device generates the check code attached to the reply data and the reply data itself. It is determined whether the check code matches.
As described above, the reliability of the authentication process can be improved by using the check code generated using the secret information twice for the request data and the return data.
(23) A content use device according to the present invention is a content use device that receives content distribution from a content distribution device, and a holding unit that holds secret information common to the content use device, and a content transmission device that transmits the secret information. Receiving means for requesting to return reply data, receiving request data to which a check code is attached, and converting the request data received by the receiving means with the secret information into converted data, Code generation means for performing a predetermined code conversion on the data to generate a check code; and checking the check code generated by the code generation means with the check code received by the reception means, thereby obtaining the request data. Inspection means for inspecting whether or not an error has occurred, and the inspection means determines that no error has occurred. When, it decodes the request data, and a reply unit which returns the reply data to the content delivery apparatus.

  According to the above configuration, the content use device holds the secret information common to the content distribution device, and can generate the check code by performing predetermined code conversion using the secret information on the request data. . Here, similarly, if the content distribution device is configured to perform a predetermined code conversion using secret information on the request data to generate a check code, the specification code is attached to the request data transmitted from the content distribution device. The check code and the check code generated in the content using device should match if no error occurs in the communication data on the communication path.

If they match, the content use device acquires the request data, decrypts the request data, and returns the reply data to the content distribution device.
On the other hand, in the content use devices other than the above content use devices that do not hold common secret information with the content distribution device, the check code attached to the request data does not match the check code generated from the request data. So I will destroy it. Even if a retransmission request is made to the content distribution device, the check codes do not match.

As described above, the content distribution apparatus holds the secret information common to the content use apparatus, and uses the check code generated by performing predetermined code conversion using the secret information, thereby restricting the unrestricted distribution of the content. be able to.
(24) Further, the reply means converts the reply data into converted data by using the secret information, generates the check code by performing the predetermined code conversion on the converted data, and converts the check code into the converted code. The reply may be attached to the previous reply data.

According to the above configuration, the content use device returns the reply data with the check code subjected to the same code conversion as that of the request data attached thereto.
As described above, the reliability of the authentication process can be improved by using the check code generated using the secret information twice for the request data and the return data.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
(Embodiment 1)
[Overview]
FIG. 1 is a diagram illustrating an outline of an AD according to the first embodiment.
The AD includes a server 10, a client 20, a router 30, and a hub 40, and the server 10 and the client 20 are connected in a star shape around the hub 40. Note that another client different from the client 20 is also connected to the hub 40, but is omitted in the drawing. It is assumed that the hub 40 does not perform error detection using a CRC code like a repeater hub.

The router 30 is only connected to a network outside the AD in the AD.
The server 10 acquires various contents from a network outside the AD via the router 30 and accumulates them in the content accumulation / distribution unit 11. Then, when there is a content distribution request from the client 20, the content is distributed to the client 20 after confirming that the client 20 is a device in the AD by an authentication process. The delivered content is provided to the user by the content providing unit 21 of the client 20.

  The present embodiment is characterized in that a CRC (Cyclic Redundancy Check) code is used in the above authentication processing. The CRC code is located at the end of a data link layer packet (hereinafter, referred to as “frame”) in order to detect that an error has occurred in communication target data on a communication path between two adjacent terminals. Information. That is, the frame is obtained by attaching the CRC code to the communication target data. An error check using a normal CRC code is performed as follows.

(1) The transmitting terminal divides communication target data to be subjected to error detection by a generator polynomial, and uses the remainder as a CRC code. The calculated CRC code is attached to the communication target data and transmitted to the receiving terminal.
(2) The receiving terminal divides the communication target data to which the CRC code is attached by a generator polynomial, and obtains the remainder value. The remainder value has a property of being 0 if no error occurs in a frame composed of the communication target data and the CRC code on the communication path, and has a property of being other than 0 if an error has occurred.

(3) If the remainder value is 0, the receiving terminal determines that no error has occurred on the communication path and obtains communication target data. If the remainder value is other than 0, the receiving terminal determines that an error has occurred on the communication path. Judge that it has occurred and discard the communication target data.
In this embodiment, the transmitting terminal and the receiving terminal share secret information in advance in the above (1), and when the transmitting terminal calculates the CRC code in (1), the secret information is added to the target data. In addition, when the receiving terminal calculates the remainder value in (2), the calculation is performed by inserting secret information.

In FIG. 1, a specific example of the authentication process is as follows.
The server 10 and the client 20 share the secret information Ks in the secret information holding unit 13 and the secret information holding unit 23 in advance. The server 10 calculates the CRC code after adding the secret information Ks to the authentication data in the server CRC unit 14. The calculated CRC code is attached to the end of the authentication data and transmitted to the client 20.

The client 20 receives the authentication data to which the CRC code is attached, inserts the secret information Ks into the authentication data, and calculates a remainder value. The residue value calculated in this manner becomes 0 if no error occurs on the communication path, so that the client 20 can receive the authentication data.
The client 20 that has received the authentication data returns response data indicating that the authentication data has been properly received to the server 10.

The server 10 that has received the response data confirms that the client 20 is a device in the AD, and ends the authentication processing.
As described above, since both the communication interface 12 of the server 10 and the communication interface 22 of the client 20 calculate the CRC code by the special CRC processing for adding the secret information Ks, it is possible to transmit and receive the authentication data.

On the other hand, the router 30 does not have a function of sharing secret information with the communication interfaces 31 and 32 and performing a special CRC process. Therefore, even if the authentication data to which the special CRC code is attached is received, the remainder value is other than 0 because the normal CRC processing is performed, and the authentication data is discarded as an error has occurred on the communication path. You.
This means that clients outside the AD will not be authenticated by the server 10. This is because the authentication data transmitted from the server 10 is discarded when relayed by the router 30.

The CRC code is calculated by an encoding circuit including an exclusive OR element and a shift register. Since this encoding circuit is usually provided inside the integrated circuit of the communication interface, it is not easy for the user to modify it.
Therefore, the present embodiment can prevent a situation in which a malicious user modifies the server 10 or the router 30 and distributes the content to a client outside the AD.

[Constitution]
Hereinafter, configurations of the server and the client according to the present embodiment will be described.
FIG. 2 is a diagram illustrating a configuration of a server when performing an authentication process.
FIG. 3 is a diagram illustrating a configuration of a client when performing an authentication process.
The server 10 includes a server authentication processing unit 15 and a communication interface 12. The communication interface 12 includes a secret information storage unit 13, a data buffer 121, a transmission CRC unit 122, a transmission unit 123, a reception unit 124, a reception CRC unit 125, and a setting reception unit 126.

  The client 20 includes a client authentication processing unit 25 and a communication interface 22. The internal configuration of the communication interface 22 is the same as that of the communication interface 12 of the server 10. The transmission CRC unit 122 and the reception CRC unit 125 correspond to the server CRC unit 14 in FIG. 1, and the transmission CRC unit 222 and the reception CRC unit 225 correspond to the client CRC unit 24 in FIG.

  When transmitting the communication target data, the communication interface 12 is set to one of a special CRC mode and a normal CRC mode. The special CRC mode is a mode in which the transmission CRC section 122 or the reception CRC section 125 adds the secret information Ks to the communication target data and then performs a CRC process. It is assumed that the mode is a mode in which CRC processing is performed without adding information Ks. Switching between these modes is performed when the setting receiving unit 126 receives an instruction from the server authentication processing unit 15. The instruction is, specifically, a special CRC command for setting a special CRC mode or a normal CRC command for setting a normal CRC mode.

At the time of content distribution processing, the content storage / distribution unit 11 in FIG. 1 instructs switching to a mode predetermined for each content.
Hereinafter, simple examples of the normal CRC mode and the special CRC mode will be described.
<Assumption>
The bit string notation of the communication target data (5 bits) subjected to the CRC processing is (10110).

The generator polynomial used in this example is G (X) = XＸ3 + X ＾ 2 + 1. In this case, the bit string representation of the generator polynomial is (1101). If this generator polynomial is used, the CRC code will be 3 bits.
The bit string notation of the secret information (3 bits) is (110).
<Normal CRC mode transmission processing>
(1) The calculated data (101110,000) is generated by adding the same 3-bit 0 data (000) as the CRC code to the end of the communication target data (10110).

(2) Divide the calculation data (10110000) by the generator polynomial (1101) to obtain a remainder value. This remainder value (101) is used as a CRC code.
Here, the division uses a modulo 2 operation equivalent to an exclusive OR for each bit.
(3) The transmission data (10110101) is generated by adding a CRC code to the end of the communication target data (10110).

<Reception processing in normal CRC mode>
(1) Divide the transmission data (10110101) by the generator polynomial (1101) to obtain a remainder value, and confirm that the remainder value is 0. The division uses the modulo 2 operation described above.
(2) If the remainder value is 0, it is determined that no error has occurred on the communication path, and the communication target data (10110) obtained by separating the CRC code from the transmission data (10110101) is obtained.

(3) If the remainder value is not 0, it is determined that an error has occurred on the communication path, and the transmission data (10110101) is discarded.
Next, the case of the special CRC mode will be described.
<Transmission processing in special CRC mode>
(1) Secret information (110) is added to the end of the communication target data (10110), and 3-bit 0 data (000), which is the same as the CRC code, is added to the end of the secret data (10110) to calculate the calculation data (10110110000) Generate.

(2) Divide the calculation data (1011110000) by the generator polynomial (1101) to obtain a remainder value. This remainder value (010) is used as a CRC code.
(3) A CRC code is added to the end of the communication target data (10110) to generate transmission data (10110010).
<Reception processing in special CRC mode>
(1) Divide the transmission data (10110010) by the generator polynomial (1101) to obtain a remainder value, and confirm that the remainder value is 0.

(2) If the remainder value is 0, it is determined that no error has occurred on the communication path, and the communication target data (10110) obtained by separating the CRC code from the transmission data (10110010) is obtained.
(3) If the remainder value is not 0, it is determined that an error has occurred on the communication path, and the transmission data (10110010) is discarded.

  If the communication interface on the receiving side does not support the special CRC mode, the transmission data (10110010) transmitted in the special CRC mode is processed in the normal CRC mode. In this case, the remainder value becomes (111) and does not become 0. Therefore, assuming that an error has occurred on the communication path, the transmission data (10110010) is discarded.

Here, for simplicity, the communication target data is 5 bits and the secret information is 3 bits. However, in actuality, the communication target data is about 60 bytes to 1500 bytes (in the case of IEEE802.3), The information is, for example, 16 bytes. The generator polynomial uses a 33-bit CRC-32 defined by ITU-T.
The server authentication processing unit 15 communicates with the client 20 through the communication interface 12 and performs an authentication process for authenticating the client 20.

The authentication processing performed by the server authentication processing unit 15 in FIG. 2 includes (1) sharing of secret information Ks with the client authentication processing unit 25, (2) transmission of an authentication frame to the client authentication processing unit 25, and (3) client It is determined from the response frame from the authentication processing unit 25 whether the client 20 is a device in the AD or not.
The sharing of the secret information Ks is performed, for example, by performing challenge-response type authentication between the server authentication processing unit 15 and the client authentication processing unit 25, and using the resulting session key as the secret information Ks. . At this time, the communication interfaces 12 and 22 are in the normal CRC mode.

  After sharing the secret information Ks, the server authentication processing unit 15 gives the setting receiving unit 126 an instruction to switch to the special CRC mode, and inputs the authentication data to the data buffer 121. The transmission CRC unit 122 receives the authentication data from the data buffer 121, and generates a CRC code in the special CRC mode. Then, an authentication frame in which the CRC code is attached to the authentication data is transmitted to the transmission unit 123. The transmission unit 123 transmits the authentication frame to the client 20.

  When the client 20 receives the authentication frame, the reception CRC unit 225 calculates a remainder value in the special CRC mode. Since the client 20 shares the secret information Ks with the server 10 in advance, if there is no error on the communication path, the remainder value becomes 0. Therefore, the authentication data is obtained by the client authentication processing unit 25 through the data buffer 221 without being discarded. If the client authentication processing unit 25 properly acquires the authentication data, the client authentication processing unit 25 inputs the response data to the data buffer 221. The transmission CRC unit 222 receives the response data from the data buffer 221, and generates a CRC code in the special CRC mode. Then, a response frame in which the CRC code is attached to the response data is transmitted to the transmission unit 223. The transmission unit 223 transmits the response frame to the server 10.

When receiving the response frame, the server authentication processing unit 15 determines that the client 20 is a device in the AD. Since the response frame is also generated in the special CRC mode, the reception CRC unit 125 of the server 10 calculates the remainder value in the special CRC mode, and confirms that the remainder value is zero.
Next, the configurations of the transmission CRC section and the reception CRC section for realizing the special CRC mode as described above will be described. Since the configuration of the transmission CRC section 122 of the server 10 and the configuration of the transmission CRC section 222 of the client 20 are the same, only the transmission CRC section 122 of the server 10 will be described. Similarly, only the reception CRC unit 125 of the server 10 will be described.

FIG. 4 is a diagram illustrating the configuration of the transmission CRC unit.
The transmission CRC section 122 includes a mode switching circuit 131, a transmission CRC control circuit 132, and an encoding circuit 133.
The mode switching circuit 131 switches between the special CRC mode and the normal CRC mode in accordance with an instruction from the setting receiving unit 126 and specifies the transmission CRC control circuit 132.

The transmission CRC control circuit 132 controls MUX1, MUX2 and MUX3 according to the mode designation from the mode switching circuit 131. Here, the MUX has two input units (0 side and 1 side) and one output unit, and outputs an “0 side” input signal when the control signal from the transmission CRC control circuit 132 is 0; When the control signal is 1, the input signal of "1 side" is output.
The encoding circuit 133 divides the input calculation data by the generator polynomial CRC-32, and outputs a 32-bit CRC code that is a remainder value. In the drawing, x0, x1 and the like are exclusive OR elements, and r0, r1 and the like are shift registers that shift bits to the next every clock.

  In the special CRC mode, the transmission CRC unit 122 generates intermediate data (c) by adding secret information (b) to the end of the communication target data (a) output from the data buffer 121 in the MUX1. Furthermore, 32-bit 0 data (000... 0) is added to the end of the intermediate data (c) output from MUX1 in MUX2 to generate calculation data (d). The encoding circuit 133 receives the calculation data (d) and outputs a CRC code (e) that is a remainder value obtained by dividing the calculation data (d) by the generator polynomial CRC-32. The transmission CRC unit 122 generates transmission data (f) by attaching a CRC code (e) to the communication target data (a) in the MUX 3 and transmits the transmission data (f) to the transmission unit 123 as a communication target frame.

In the normal CRC mode, the transmission CRC unit 122 does not add the secret information (b) to the target data (a) output from the data buffer 121 in the MUX1. Other processes are the same as those in the special CRC mode.
FIG. 5 is a diagram showing a data structure from (a) to (f) in FIG.
(A) shows communication target data. The communication target data includes a destination address area, a source address area, a type area, and a payload area. A 6-byte MAC (Media Access Control) address is set in each of the destination address area and the source address area. In the type area, the type of data included in the payload area is set. Data to be transmitted is set in the payload area.

For example, when the server 10 transmits authentication data to the client 20, the MAC address of the client 20 is set in the destination address area, the MAC address of the server 10 is set in the source address area, and the payload is set. Authentication data is set in the area.
When the client 20 transmits response data to the server 10, the MAC address of the server 10 is set in the destination address area, the MAC address of the client 20 is set in the source address area, and the payload is set. Response data is set in the area.

(B) shows 16-byte secret information Ks.
(C) shows intermediate data. The intermediate data is obtained by adding secret information to the end of the communication target data (a).
(D) shows the calculated data. The calculation data is obtained by adding 32-bit 0 data (000... 0) to the end of the intermediate data (c).

(E) shows a 32-bit CRC code calculated by the encoding circuit 133.
(F) shows transmission data. The transmission data is obtained by adding a CRC code (e) to the end of the communication target data (a).
FIG. 6 is a diagram illustrating a configuration of the reception CRC unit.
The reception CRC unit 125 includes a mode switching circuit 131, a reception CRC control circuit 136 and an encoding circuit 133, a remainder value determination unit 134, and a separation unit 135.

The reception CRC unit 125 has substantially the same configuration as the above-described transmission CRC unit 122, and therefore only different parts will be described.
In the special CRC mode, the reception CRC unit 125 inserts the secret information (h) into the transmission data (g) input from the reception unit 124 by the MUX 4, and generates calculation data (i). The encoding circuit 133 receives the calculation data (i) and outputs a remainder value (j) obtained by dividing the calculation data (i) by the generator polynomial CRC-32. The remainder value (j) is input to the remainder value determination unit 134.

The remainder value determination unit 134 determines whether the remainder value calculated by the encoding circuit 133 is 0. The determination result is notified to the separation unit 135.
If the determination result of the remainder value determination unit 134 is 0, the separation unit 135 separates the CRC code attached to the transmission data (g) and transmits only the communication target data to the data buffer 121. If the result of the determination by the remainder value determining unit 134 is other than 0, the transmission data (g) is discarded.

In the normal CRC mode, the reception CRC unit 125 does not add the secret information (h) to the transmission data (g) input from the reception unit 124 in MUX4. Other processes are the same as those in the special CRC mode.
FIG. 7 is a diagram showing a data structure from (g) to (j) in FIG.
(G) shows transmission data and is the same as (f) of FIG.

(H) shows 16-byte secret information Ks, which is the same as (b) in FIG.
(I) shows calculation data. The calculation data is obtained by inserting secret information (h) between the payload area and the CRC code area of the transmission data (g).
(J) indicates a 32-bit remainder value calculated by the encoding circuit 133.
As described above, the transmission CRC section 122 and the reception CRC section 125 are set to either the special CRC mode or the normal CRC mode by the server authentication processing section 15. As the operation, a method in which the normal CRC mode is set at the normal time and the special CRC mode is set only during the authentication process is considered.

  In such a case, since the server authentication processing unit 15 recognizes the timing of transmitting the authentication data as a protocol specification, when the CRC process in the special CRC mode becomes necessary, the server It can be set to CRC mode. Further, when the CRC processing in the special CRC mode becomes unnecessary, such as when ending the authentication processing, the server authentication processing unit 15 can set the transmission CRC unit 122 to the normal CRC mode.

  However, the reception CRC unit 125 does not necessarily receive only the frame transmitted in the special CRC mode just because the authentication process is being performed. For example, the server 10 is in the process of authenticating the client 20 and waits for a response frame from the client 20. At this time, a content distribution request may be received from a client other than the client 20.

Therefore, even when the server 10 is set to the special CRC mode, the server 10 needs to properly receive the frame transmitted in the normal CRC mode.
Therefore, when the CRC mode is set to the special CRC mode, the reception CRC unit 125 calculates the remainder value of the received frame in the special CRC mode. The value may be calculated, and if the remainder value is still other than 0, it may be determined that an error has occurred on the communication path.

Alternatively, a CRC section dedicated to the special CRC mode and a CRC section dedicated to the normal CRC mode may be prepared and processed in parallel.
[motion]
Hereinafter, operations of the server and the client according to the present embodiment will be described.
FIG. 8 is a diagram illustrating operations of the server and the client in the authentication processing.

Upon receiving the content distribution request from the client 20, the server 10 starts an authentication process for confirming whether or not the client 20 is a device in the AD (S11).
First, the server 10 and the client 20 share the secret information Ks (S12). The sharing of the secret information Ks is performed, for example, by performing challenge-response type authentication between the server authentication processing unit 15 and the client authentication processing unit 25, and using the resulting session key as the secret information Ks. . At this time, the communication interfaces 12 and 22 are in the normal CRC mode.

Specifically, it is as follows.
It is assumed that the server 10 and the client 20 hold a key pair (public key and private key) of public key encryption and a certificate, respectively. The server 10 generates a random number An and transmits the generated random number An to the client 20 as challenge data, and the client 20 receives response data and a certificate generated by the client 20 using the secret key of the client 20 to generate a signature.

The server 10 confirms the validity of the public key of the client 20 with the certificate, and then verifies the response data using the public key. The client 20 also performs the same operation, and verifies the response data transmitted from the server 10.
Further, the session key is shared as secret information Ks between the server 10 and the client 20 by using a Diffie-Hellman (Diffie-Hellman: DH) key sharing method.

After the secret information Ks is shared as described above, the server 10 generates authentication data (S13), performs a CRC process in the special CRC mode (S14), and transmits the authentication frame to the client 20 (S13). S15).
The client 20 receives the authentication frame, performs a CRC process in the special CRC mode, and calculates a remainder value (S16).

Thereafter, the client 20 determines whether or not the remainder value is 0 (S17). Here, since the client 20 shares the secret information Ks with the server 10, if no error occurs on the communication path, the remainder value becomes 0.
If the remainder value is 0, the client 20 generates response data (S18), performs CRC processing in the special CRC mode (S19), and transmits a response frame to the server 10 (S20).

If the remainder value is other than 0, the client 20 discards the authentication data on the assumption that an error has occurred on the communication path.
The server 10 receives the response frame, performs a CRC process in the special CRC mode, and calculates a remainder value (S21).
Thereafter, the server 10 determines whether or not the remainder value is 0 (S22). Here, since the server 10 shares the secret information Ks with the client 20, if no error occurs on the communication path, the remainder value becomes 0.

If the remainder value is 0, the server 10 authenticates that the client 20 is a device in the AD, and ends the authentication processing (S23).
If the remainder value is other than 0, the server 10 determines that an error has occurred on the communication path and discards the response data.
Next, the operation of the server 10 and the client outside the AD when a client outside the AD makes a content distribution request to the server 10 will be described.

FIG. 9 is a diagram illustrating operations of the server and the client outside the AD in the authentication processing.
Upon receiving a content distribution request from a client outside the AD, the server 10 starts an authentication process for checking whether or not the client is a device inside the AD (S31).
First, the secret information Ks is shared between the server 10 and the client (S32). Since the communication at this time is usually performed in the CRC mode, the transmitted frame passes through the router 30.

After the secret information Ks is shared, the server 10 generates authentication data (S33), performs CRC processing in the special CRC mode (S34), and transmits the authentication frame to a client outside the AD (S35). .
However, since the router 30 does not support the special CRC mode, even if the authentication frame is received, it is discarded because an error has occurred on the communication path.

The client is in a waiting state for receiving the authentication frame, but since the authentication frame is discarded by the router 30, the client cannot receive the frame and times out. On the other hand, after transmitting the authentication frame, the server 10 is in a state of waiting for a response frame from the client, but the response frame has not arrived and a timeout has occurred, and the authentication process ends (S36).
In addition, when the router 30 discards the authentication frame, a specification for requesting the server 10 to retransmit the authentication frame may be considered. In this case, the server 10 repeats the operation of retransmitting the authentication frame but discarding it again by the router 30. Therefore, the server 10 may count the number of retransmissions, and forcibly terminate the authentication process when the number of retransmissions exceeds a certain number.

  As described above, in the present embodiment, since the server 10 and the client 20 support the special CRC mode, the server 10 can authenticate the client 20 as a device in the AD. On the other hand, since the router 30 does not support the special CRC mode, even if the authentication frame is received from the server 10, it is discarded. As a result, the client outside the AD does not receive the authentication frame from the server 10 and cannot be authenticated.

Since the server 10 distributes the content after the above-described authentication processing, the client in the AD can receive the distribution of the content, but the client outside the AD cannot receive the distribution of the content. Therefore, unlimited sharing of content can be prevented.
The first embodiment has been described above.

The functional blocks of the server authentication processing unit 15, the secret information storage unit 13, the data buffer 121, the transmission CRC unit 122, the transmission unit 123, the reception unit 124, the reception CRC unit 125, and the setting reception unit 126 held by the server 10 are as follows. Typically, it is realized as an LSI which is an integrated circuit.
Similarly, each functional block of the client authentication processing unit 25, the secret information holding unit 23, the data buffer 221, the transmission CRC unit 222, the transmission unit 223, the reception unit 224, the reception CRC unit 225, and the setting reception unit 226 possessed by the client 20. Is typically implemented as an LSI which is an integrated circuit.

The name used here is LSI, but it may also be called IC, system LSI, super LSI, or ultra LSI depending on the degree of integration.
Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. An FPGA (Field Programmable Gate Array) that can be programmed after manufacturing the LSI, or a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.

Furthermore, if an integrated circuit technology that replaces the LSI appears due to the progress of the semiconductor technology or another technology derived therefrom, the functional blocks may be naturally integrated using the technology. Application of biotechnology and the like are possible.
(Embodiment 2)
[Overview]
In the first embodiment, in the authentication process, the authentication frame is prevented from reaching the other network beyond the router 30. This means that the content stored in the server 10 is shared only by one subnet under the router 30. From another viewpoint, it can be said that the range of the AD is limited to one subnet.

However, when the range of the AD is limited to one subnet as described above, for example, a user who operates as a different subnet between the first floor and the second floor of the home can transfer the content stored in the server on the first floor to two. A problem arises that it cannot be used with floor equipment.
Therefore, in the present embodiment, the MAC addresses of the server and the client are registered in the router in advance, and when a frame to the registered MAC address is received, the frame is transferred without performing an error check by the CRC code. . Thus, the authentication frame transmitted from the server to the client via the router is not discarded by the router, and authentication beyond the router can be performed.

FIG. 10 is a diagram illustrating an outline of an AD according to the second embodiment.
The AD includes a server 10, a client 20, a router 50, and hubs 40 and 41.
The server 10 and the client 20 are connected via the router 50 and belong to different network addresses, which is different from the first embodiment, but the internal configuration of each is the same as the first embodiment.

Therefore, also in the present embodiment, the server 10 and the client 20 share the secret information Ks in advance, as in the first embodiment, and the server 10 It performs CRC processing according to the mode, generates an authentication frame, and transmits it to the client 20.
When the client 20 receives the authentication frame, the client 20 performs a CRC process in the special CRC mode, calculates a remainder value, and determines whether the remainder value is zero. The same applies to the subsequent processing of returning a response frame.

The router 50 according to the present embodiment registers in advance the MAC address of the device permitted to distribute the content in the external distribution permission list, and the destination address included in the received frame is registered in the external distribution permission list. In this case, the transfer is performed without performing the error check. Accordingly, if the MAC address of the server 10 and the MAC address of the client 20 are registered, the authentication frame from the server 10 to the client 20 or the response frame from the client 20 to the server 10 is based on the CRC code. Transferred without error detection. The same applies to a content frame in which content is stored, not limited to an authentication frame and a response frame.
[Constitution]
FIG. 11 is a diagram showing a configuration of the router 50 when transferring a frame from the server 10 to the client 20.

  The router 50 includes two communication interfaces 51 and 52, an external distribution permission list storage unit 55, a routing processing unit 58, and a registration unit 59. Note that, for simplicity, the communication interface 51 shows only a reception function, and the communication interface 52 shows only a transmission function. I have. Although the number of communication interfaces is two for simplicity, it is not limited to this.

The receiving unit 56 receives the frame from the server 10 and inputs the frame to the address detecting unit 511.
The address detection unit 511 detects the MAC address of the destination and the MAC address of the transmission source included in the frame, and determines whether the MAC address and the corresponding communication interface are registered in the external distribution permission list. I do. If it is registered in the external distribution permission list, the frame is transferred to the transmission unit of the communication interface. (In FIG. 11, the frame is transferred to the transmission unit 57 of the communication interface 52.) If the frame is not registered in the external distribution permission list, the frame is input to the CRC unit 53.

  The CRC unit 53 performs error detection on the frame using a CRC code, and determines whether the remainder value is zero. If the remainder value is 0, it is determined that no error has occurred on the communication path, and the communication target data included in the frame is acquired. If the remainder value is other than 0, it is determined that an error has occurred on the communication path. Discard the frame. Note that the CRC unit 53 supports only the normal CRC mode.

The routing processing unit 58 has a routing table therein, and transfers the acquired communication target data to the communication interface corresponding to the destination network address. (In FIG. 11, the data is transferred to the communication interface 52.)
The CRC unit 54 performs a CRC process on the communication target data transferred by the routing processing unit 58 and inputs the data to the transmission unit 57. Note that the CRC unit 54 supports only the normal CRC mode.

  If the received frame is an address registration frame, the registration unit 59 receives the device network address, the device MAC address, the device name, and the address registration frame set in the address registration frame. The registered communication interface is registered in the network address column 550, the MAC address column 551, the device column 552, and the port column 553 of the external distribution permission list.

Thus, the server 10 can register the network address, the MAC address, the device name, and the communication interface of the router 50 to which the server 10 is connected in the external distribution permission list by using the address registration frame. The same applies to the client 20.
FIG. 12 is a diagram illustrating an example of the external distribution permission list.
According to this, the server having the MAC address (08-00-16-21-5A-63) exists on the network address (133.1.144.0), and the communication interface that has received the address registration frame is a port. 1 is shown. The router 50 recognizes the network in which the server is located in the AD and the other networks outside the AD.

That is, the television or the game machine on the network address (133.1.145.0) is a device outside the AD. Normally, a device outside the AD cannot be authenticated from the server, but if it is registered in the external distribution permission list in this way, it can be authenticated from the server.
Further, since registration of the network address can be changed by a malicious user, it is possible to set a device outside the AD as a device inside the AD. For example, the HDD recorder is illegally registered as being on the network address (133.1.144.0).

However, since the router 50 registers the communication interface that has received the address registration frame in the port column 553, it detects that there is an improper registration due to a mismatch between the set of the network address column 550 and the port column 553. be able to.
Therefore, the router 50 can prohibit the frame transfer to the outside of the AD when there is an unauthorized registration.

The release of the prohibition of the frame transfer to the outside of the AD may be performed when the pair of the network address and the port in the external distribution permission list is corrected normally, or may be performed even if the pair is corrected normally. You don't have to.
As a result, even if the router 50 receives the frame to which the special CRC code is attached, if the destination network address indicated by the frame is registered in the external distribution permission list, the router 50 does not perform the error check in the CRC unit. Can be transferred.
[motion]
Hereinafter, the operation of the router 50 will be described. Note that the authentication processing between the server 10 and the client 20 is the same as in the first embodiment, and a description thereof will be omitted.

FIG. 13 is a diagram illustrating an operation when the router 50 receives a frame.
The router 50 receives the frame (S31).
When the frame is received, the destination MAC address included in the frame is detected (S32).
If the detected MAC address is registered in the external communication registration list (S33: Yes), the received frame is transferred via the communication interface corresponding to the registered MAC address (S39).

If the detected MAC address is not registered in the external communication registration list (S33: No), an error check using a CRC code is performed (S34).
If the remainder value is other than 0 (S35: No), the received frame is discarded because an error has occurred on the communication path (S36).
If the remainder value is 0 (S35: Yes), the routing process is performed assuming that no error has occurred on the communication path (S37).

The router 50 specifies a transfer destination communication interface by a routing process, calculates a CRC code, attaches the CRC code to the frame (S38), and transfers the frame (S39).
As described above, in the present embodiment, the MAC address of the server 10 and the MAC address of the client 20 are registered in advance in the external distribution permission list of the router 50, and the frame from the server 10 to the client 20 or the client 20 is registered. From the server to the server 10 are transferred without error detection by the CRC code. Thereby, even if the client 20 belongs to a network different from the server 10, the content can be distributed.

The second embodiment has been described above.
Each functional block of the CRC units 53 and 54, the external distribution permission list storage unit 55, the receiving unit 56, the transmitting unit 57, the routing processing unit 58, the registration unit 59, and the address detection unit 511 is typically an integrated circuit. It is realized as an LSI.
The name used here is LSI, but it may also be called IC, system LSI, super LSI, or ultra LSI depending on the degree of integration.

Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. An FPGA (Field Programmable Gate Array) that can be programmed after manufacturing the LSI, or a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.
Furthermore, if an integrated circuit technology that replaces the LSI appears due to the progress of the semiconductor technology or another technology derived therefrom, the functional blocks may be naturally integrated using the technology. Application of biotechnology and the like are possible.
(Embodiment 3)
[Overview]
In the second embodiment, the router registers MAC addresses of the server and the client in advance, and when a frame to the registered MAC address is received, the frame is transferred without performing an error check using a CRC code. As a result, frames transmitted from the server to the client via the router are not discarded by the router even if the communication interface of the router does not support the special CRC mode.

However, according to the above method, even when an error occurs in the frame on the communication path from the server to the router, the router transfers the frame without performing error checking. This becomes a problem especially in an environment where the network is easily congested.
Therefore, in the present embodiment, the router is provided with a communication interface that supports the special CRC mode, thereby enabling the router to detect errors in the special CRC mode. As a result, it is possible to prevent a situation in which a router transfers a frame despite an occurrence of an error. Further, in the present embodiment, similarly to the first embodiment, the communication interface connected to the network outside the AD is a communication interface that supports only the normal CRC mode. Thus, unlimited sharing of the content can be prevented.

FIG. 14 is a diagram illustrating an outline of an AD according to the third embodiment.
The AD includes a server 10, a client 20, a router 60, and hubs 40 and 41.
As in the second embodiment, the server 10 and the client 20 are connected via the router 60 and belong to different network addresses.
The router 60 includes communication interfaces 61, 62, 63 and an authenticated device list 69. The communication interfaces 61 and 62 support CRC processing in a special CRC mode. The communication interface 63 supports only the CRC processing in the normal CRC mode.

The server 10 and the client 20 are connected to communication interfaces 61 and 62, respectively, and the Internet 70, which is a network outside the AD, is connected to the communication interface 63.
In the present embodiment, the procedure of content distribution is as follows.
(1) The server 10 performs an authentication process with the router 60 to confirm that the device is an AD device before the content distribution. This authentication processing can be performed in the same manner as the authentication processing of the first embodiment.

(2) Similarly, the client 20 performs an authentication process with the router 60 to confirm that the client 20 is a device in the AD before content distribution.
(3) When the authentication process with the server 10 and the client 20 is completed normally, the router 60 registers the MAC addresses of the server 10 and the client 20 in the authenticated device list.

(4) When receiving the content frame in which the content addressed to the client 20 is stored from the server 10, the router 60 performs an error check in the special CRC mode and determines whether an error has occurred.
(5) When it is determined that no error has occurred, the CRC processing is performed on the content frame in the special CRC mode only when the server 10 and the client 20 are registered with reference to the authenticated device list. And transfer it to the client 20.

As described above, in the present embodiment, when the router 60 relays the frame, the error check is performed, so that the transfer of the frame in which the error has occurred can be prevented. Therefore, network resources can be effectively used.
Since the communication interface connected to the Internet 70, which is a network outside the AD, normally supports only the CRC mode, a client outside the AD cannot perform authentication processing with the router 60. Therefore, a client outside the AD is not registered in the authenticated device list and cannot receive content distribution from the server 10. This can prevent unlimited use of the content.

[Constitution]
FIG. 15 is a diagram showing a configuration of the router 60 when a content frame is transferred from the server 10 to the client 20.
The router 60 includes communication interfaces 61 and 62 and a routing processing unit 80. The communication interfaces 61 and 62 are the same as the communication interface 12 in FIG. 2, but here, only the reception function is displayed for the communication interface 61, and only the transmission function is displayed for the communication interface 62.

The routing processing unit 80 includes a routing table 81, an authenticated device list 69, and a setting unit 82.
In the routing table 81, each communication interface of the router 60 and the network address connected thereto are registered in association with each other.
In the authenticated device list 69, each device that has been authenticated as an AD device in the authentication process with the router 60 and their MAC addresses are registered in association with each other.

  When a frame subjected to the CRC processing in the normal CRC mode is received, the routing processing unit 80 refers to the routing table 81, transfers the received frame to the corresponding communication interface, and receives the frame subjected to the CRC processing in the special CRC mode. In this case, the received frame is transferred to the corresponding communication interface with reference to the authenticated device list 69.

The setting unit 82 receives the notification from the reception CRC unit 84 whether the CRC processing of the received frame is in the special CRC mode or the normal CRC mode, and sets the same mode in the transmission CRC unit 85.
That is, the frame subjected to the CRC processing in the special CRC mode in the server 10 is also subjected to the CRC processing in the special CRC mode in the router 60 and transferred. A frame that has been subjected to the CRC processing in the normal CRC mode is transferred after being subjected to the CRC processing in the normal CRC mode.

  According to this, even if the server 10 erroneously attempts to deliver a content frame that has been CRC-processed in the special CRC mode to a client outside the AD, the communication interface 63 does not support the special CRC mode, so that the content can be transferred. Can not. Therefore, it is possible to prevent the content from being delivered to the client outside the AD.

FIG. 16 is a diagram illustrating an example of the authenticated device list.
According to this, for example, a server with a MAC address (08-00-16-21-5A-63) exists on a network address (133.3.144.0) and a communication interface connected to the network address Is port 1.
In the network address column 690, the MAC address column 691, the device column 692, and the port column 693 of the authenticated device list, when the authentication process is normally completed by the router 60, information included in the authentication data is classified. be registered. That is, since the authenticated registration list is not registered by the user, there is no need to provide a user interface or the like, and it is difficult for the user to change the settings.

[motion]
Hereinafter, the operation of the router 60 will be described. Note that the authentication process between the router 60 and the server 10 and the authentication process between the router 60 and the client 20 are the same as those in the first embodiment, and thus description thereof is omitted.
FIG. 17 is a diagram illustrating the operation of the routing process of the router 60.

The router 60 starts the routing process if the received frame is not addressed to itself but should be transferred.
The routing processing unit 80 receives a notification from the communication interface that has received the frame whether it is determined that there is no error in the special CRC mode or the normal CRC mode. If the notification is in the normal CRC mode (S71, Yes), the communication interface corresponding to the destination network address of the communication target data is specified by referring to the routing table (S72), and the transmission CRC part of the specified communication interface is sent to the transmission CRC unit. Then, an instruction to set the normal CRC mode is issued (S73), and the communication target data is transmitted (S74).

If the special CRC mode has been notified in step S71 (S71, No), it refers to the authenticated device list (S75) and determines whether or not there is a registration (S76).
If there is a registration (S76, Yes), the communication interface corresponding to the destination MAC address of the communication target data is specified, and the transmission CRC section of the specified communication interface is instructed to set the special CRC mode (S77). Is transmitted (S74).

If there is no registration in step S76 (S76, No), the data is discarded (S78).
As described above, in the present embodiment, when the router 60 relays a frame, an error check is performed, so that a frame in which an error has occurred can be prevented from being transferred. Therefore, network resources can be effectively used. This is particularly effective for a wireless LAN in which an error easily occurs on a communication system and a network is easily congested.

  Since the communication interface connected to the Internet 70, which is a network outside the AD, normally supports only the CRC mode, a client outside the AD cannot perform authentication processing with the router 60. Therefore, a client outside the AD is not registered in the authenticated device list and cannot receive content distribution from the server 10. This can prevent unlimited use of the content.

The third embodiment has been described above.
Each functional block of the routing processing unit 80 and its internal routing table 81, the authenticated device list 69 and the setting unit 82, the secret information holding units 64 and 66, the transmission CRC units 84 and 85, and the transmission units 83 and 86 Is typically implemented as an LSI which is an integrated circuit.

The name used here is LSI, but it may also be called IC, system LSI, super LSI, or ultra LSI depending on the degree of integration.
Further, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. An FPGA (Field Programmable Gate Array) that can be programmed after manufacturing the LSI, or a reconfigurable processor that can reconfigure the connection and setting of circuit cells inside the LSI may be used.

Furthermore, if an integrated circuit technology that replaces the LSI appears due to the progress of the semiconductor technology or another technology derived therefrom, the functional blocks may be naturally integrated using the technology. Application of biotechnology and the like are possible.
(Modification)
Although all the embodiments have been described on the assumption that the CRC code in the special CRC mode and the CRC code in the normal CRC mode are different, even when they are equal, it can occur with a certain probability. If these are equal, even a client or router that supports only the normal CRC mode will properly acquire communication target data to which a CRC code in the special CRC mode is attached.

Therefore, even if the CRC code in the special CRC mode is equal to the CRC code in the normal CRC mode, the following is performed so that a client or router that only supports the normal CRC mode cannot acquire the communication target data. You may.
<Transmission processing>
(1) Calculate both the CRC code when the secret information is added to the target data and the normal CRC code.

(2) Compare whether the CRC code added with the secret information is equal to the normal CRC code.
(3) When the CRC code to which the secret information is added is equal to the normal CRC code, the CRC code to which the secret information is added is bit-inverted, and the inverted CRC code is attached to the target data. For example, when the CRC code to which the secret information is added is (101), the inverted CRC code obtained by bit inversion is (010).

(4) When the CRC code to which the secret information is added is different from the normal CRC code, the CRC code to which the secret information is added is attached to the target data.
<Reception processing>
(1) Calculate both a CRC code obtained by adding secret information to target data and a normal CRC code.

(2) Compare whether the CRC code added with the secret information is equal to the normal CRC code.
(3) If the CRC code added with the secret information is equal to the normal CRC code, the CRC code attached to the target data is bit-inverted, and the inverted CRC code and the CRC code added with the secret information are converted. Compare. If they are equal, the target data is acquired.
(4) When the CRC code added with the secret information is equal to the normal CRC code, the CRC code attached to the target data is bit-inverted, and the inverted CRC code and the CRC code added with the secret information are converted. Compare. If this is different, the target data is discarded.

(5) If the CRC code added with the secret information is different from the normal CRC code, the CRC code attached to the target data is compared with the CRC code added with the secret information. If they are equal, the target data is acquired.
(6) When the CRC code added with the secret information is different from the normal CRC code, the CRC code attached to the target data is compared with the CRC code added with the secret information. If this is different, the target data is discarded.

According to the above method, even if the CRC code calculated after adding the secret information to the target data is equal to the CRC code calculated without adding the secret information, after the secret information is added, It can be seen that the calculation has been made.
Note that the authentication method according to the present invention can also be used in authentication processing other than content distribution.

Further, the authentication method is applicable to any data link layer specification such as Ethernet (registered trademark), wireless LAN, and Bluetooth.
To make it difficult to decipher the secret information, the CRC code may be a cryptographic hash value (32 bits) instead of a checksum.
In order to further improve security, an encryption hash value of, for example, 160 bits instead of 32 bits may be used.

In addition, the payload may be encrypted to improve security.
In all the embodiments, there is a step of sharing secret information in the authentication process. However, in order to reduce the time of the authentication process, fixed secret information built in the device in advance may be used.
In the first embodiment, a method of sharing secret information is described. However, the method is not limited to this method as long as the secret information can be shared between the server and the client.

In all of the embodiments, since an error may actually occur on the communication path, the authentication processing may be performed a plurality of times. Further, when performing the authentication process a plurality of times, the secret information may be changed each time to improve security.
In order to ensure anonymity from third parties, when sharing confidential information, the sending and receiving terminals notify each other of an address different from the actual one, and in the subsequent authentication process, the sending and receiving terminals are identified by using the addresses. It may be difficult.

Note that, in order to prevent distribution of the content to the unauthorized device, it may be confirmed in the authentication process whether or not the authentication target device is a device that has been previously invalidated by performing an illegal act.
In order to prevent impersonation by a fraudulent device, at least one of the payload of the initiator or the responder may include information about itself (certificate, IP address, device ID, etc.).

In addition, in order to prevent tampering of information by a hacker, at least one of the payload of the initiator or the responder includes a hash value of a destination address portion, a source address portion, a type portion, a payload portion, or a hash value of a combination thereof. Is also good. Further, an electronic signature may be given to the hash value.
Note that, in order to enable authentication according to the rank of the copy control information, information (port number, content information, content attribute, etc.) necessary for communication after authentication may be included in at least one of the payload of the initiator or the responder. Good.

Note that in order to notify in advance information of content distribution to be started after authentication, at least one of the payload of the initiator or the responder may include information (decoder, encoder, communication interface, and the like) regarding its own processing capability.
In order to ensure that the transmitting / receiving terminal is in the same router, at least one of the payloads of the initiator and the responder may include information (IP address, MAC address, etc.) regarding the router to which the transmitting / receiving terminal is connected. Good.

In all the embodiments, the device connecting different networks is a “router” that performs processing from the first layer (physical layer) to the third layer (network layer) of the OSI reference model. The "bridge" that performs the processing from the first layer (physical layer) to the second layer (data link layer) is not limited to this as long as the processing is performed.
In the special CRC mode, a CRC code is calculated by adding confidential information to the end of communication target data in order to always erroneously recognize that an error has occurred when an error check is performed in the normal CRC mode. However, if it can be misidentified, it is not limited to “added to the end”. For example, it may be added to the head of the communication target data, or may be inserted at a predetermined bit from the head of the communication target data. Also, instead of calculating the CRC code after adding the secret information to the communication target data, the same effect can be obtained by calculating the CRC code in the normal mode from the communication target data and converting using the secret information. Is obtained.

  INDUSTRIAL APPLICATION This invention can be utilized for the transmission / reception system of the content in a home network.

FIG. 3 is a diagram illustrating an outline of an AD according to the first embodiment. FIG. 4 is a diagram illustrating a configuration of a server when performing an authentication process. FIG. 3 is a diagram illustrating a configuration of a client when performing an authentication process. It is a figure showing the composition of a transmission CRC part. FIG. 5 is a diagram illustrating a data structure from (a) to (f) in FIG. 4. It is a figure showing the composition of a receiving CRC part. FIG. 7 is a diagram illustrating a data structure from (g) to (j) in FIG. 6. FIG. 7 is a diagram illustrating operations of a server and a client in an authentication process. FIG. 7 is a diagram illustrating operations of a server and a client outside the AD in an authentication process. FIG. 10 is a diagram illustrating an outline of an AD according to the second embodiment. FIG. 3 is a diagram showing a configuration of a router 50 when transferring a frame from a server 10 to a client 20. It is a figure showing an example of an external distribution permission list. FIG. 6 is a diagram illustrating an operation when the router 50 receives a frame. FIG. 14 is a diagram illustrating an outline of an AD according to the third embodiment. FIG. 2 is a diagram illustrating a configuration of a router 60 when a content frame is transferred from a server 10 to a client 20. It is a figure showing an example of an attested equipment list. FIG. 4 is a diagram illustrating an operation of a routing process of a router 60.

Explanation of reference numerals

Reference Signs List 10 server 11 content storage / distribution unit 12 communication interface 13 secret information holding unit 14 server CRC unit 15 server authentication processing unit 20 client 21 content providing unit 22 communication interface 23 secret information holding unit 25 client authentication processing unit 30 router 31 communication interface 121 data Buffer 122 transmission CRC section 123 transmission section 124 reception section 125 reception CRC section 126 setting reception section 131 mode switching circuit 132 transmission CRC control circuit 133 encoding circuit 134 remainder value determination section 135 separation section 136 reception CRC control circuit

Claims (24)

A transmission / reception system including a transmission device and a reception device,
The transmitting device,
Means for obtaining communication data;
Transmitting-side holding means for holding first secret information that is the same as the second secret information held by the receiving device;
A transmitting-side generating unit that converts the communication data obtained by the obtaining unit with the first secret information to generate conversion data, and performs a predetermined first code conversion on the conversion data to generate a check code;
Transmitting means for attaching the check code generated by the transmitting side generating means to the communication data before the conversion and transmitting the same,
The receiving device,
Receiving side holding means for holding second secret information identical to the first secret information held by the transmitting device;
Receiving side receiving means for receiving communication data to which the check code transmitted by the transmitting means is attached,
The communication data received by the receiving side receiving means is converted by the second secret information to generate conversion data, and the converted data is subjected to the same predetermined second code conversion as the predetermined first code conversion. Receiving side generating means for generating a check code;
Checking means for checking whether an error has occurred in the communication data by comparing the check code generated by the receiving side generating means with the check code received by the receiving side receiving means. A transmission / reception system, characterized in that: The transmitting side generating means,
In addition to the first mode in which the communication data is converted by the first secret information to generate conversion data, and the conversion data is subjected to a predetermined first code conversion to generate a check code, a predetermined mode is generated in the communication data. It is possible to switch to a second mode in which a first code conversion is performed to generate a check code, and the check code is generated in a mode determined for each communication data,
The receiving-side generating means,
In addition to the first mode in which the communication data is converted by the second secret information to generate conversion data, and the conversion data is subjected to a predetermined second code conversion to generate a check code, a predetermined mode is generated in the communication data. The check code is generated in a second mode in which a second code conversion is performed to generate a check code, and the check code is generated in a mode determined for each communication data. Transmission / reception system. The transmission / reception system further includes a transfer device that transfers communication data to which the check code from the transmission device is attached to an external device,
The transfer device,
A transfer-side receiving unit that receives communication data attached with a check code, transmitted from the transmitting device to the external device,
A transfer-side generating unit that performs a predetermined third code conversion identical to the predetermined first code conversion on communication data received by the transfer-side receiving unit to generate a check code;
Determine whether the check code generated by the transfer-side generating means and the check code received by the transfer-side receiving means are the same, transfer the communication data if it is determined that the same, The transmission / reception system according to claim 2, further comprising an inspection unit that discards communication data when it is determined that the communication data is not the same. A transmitting device for transmitting communication data to a receiving device,
Means for obtaining communication data;
Holding means for holding secret information common to the receiving device;
Code generation means for converting the communication data obtained by the obtaining means with the secret information to generate conversion data, performing predetermined code conversion on the conversion data to generate a check code,
A transmitting unit that attaches the check code generated by the code generating unit to the communication data before conversion and transmits the check code to the receiving device. The code generation means includes:
The communication data is converted by the secret information to generate conversion data, and in addition to the first mode in which the conversion data is subjected to a predetermined code conversion to generate a check code, the communication data is subjected to a predetermined code conversion. 5. The transmission apparatus according to claim 4, wherein the transmission apparatus is capable of switching to a second mode for generating a check code, and selecting one of the modes based on a predetermined selection criterion to generate the check code. 6. The code generation means includes:
The transmission device according to claim 5, wherein a mode predetermined for each of the communication data is selected as the predetermined selection criterion. The predetermined code conversion,
The transmitting apparatus according to claim 6, wherein code conversion is performed by using any one of a CRC (Cyclic Redundancy Check), a hash function, and a checksum. An integrated circuit for transmitting communication data to a receiving device,
Means for obtaining communication data;
Holding means for holding secret information common to the receiving device;
Code generation means for converting the communication data obtained by the obtaining means with the secret information to generate conversion data, performing predetermined code conversion on the conversion data to generate a check code,
Transmitting means for attaching the check code generated by the code generating means to the communication data before the conversion and transmitting the check data to the receiving device. A receiving device for receiving communication data from a transmitting device,
Holding means for holding secret information common to the transmitting device;
A receiving unit that receives the communication data transmitted with the check code, which is transmitted by the transmitting device,
Code generation means for converting the communication data received by the receiving means with the secret information to generate conversion data, and performing a predetermined code conversion on the conversion data to generate a check code;
Checking means for checking whether an error has occurred in the communication data by comparing the check code generated by the code generating means with the check code received by the receiving side receiving means. A receiving device characterized by the above-mentioned. The code generation means includes:
The communication data is converted by the secret information to generate conversion data, and in addition to the first mode in which the conversion data is subjected to a predetermined code conversion to generate a check code, the communication data is subjected to a predetermined code conversion. The receiving apparatus according to claim 9, wherein the mode can be switched to a second mode for generating a check code, and the mode is selected based on a predetermined selection criterion to generate the check code. The code generation means includes:
The receiving apparatus according to claim 10, wherein a mode predetermined for each of the communication data is selected as the predetermined selection criterion. The predetermined code conversion,
The receiving apparatus according to claim 11, wherein the code conversion is performed by any one of a CRC (Cyclic Redundancy Check), a hash function, and a checksum. An integrated circuit for receiving communication data from a transmitting device,
Holding means for holding secret information common to the transmitting device;
A receiving unit that receives the communication data transmitted with the check code, which is transmitted by the transmitting device,
Code generation means for converting the communication data received by the receiving means with the secret information to generate conversion data, and performing a predetermined code conversion on the conversion data to generate a check code;
Checking means for checking whether an error has occurred in the communication data by comparing the check code generated by the code generating means with the check code received by the receiving side receiving means. An integrated circuit characterized by the above. A transfer device for transferring communication data to which a check code is attached,
Storage means for storing identification information of a predetermined receiving device in advance,
Receiving means for receiving communication data attached with a check code, transmitted from the transmitting device to the receiving device,
For the communication data received by the receiving means, the necessity of an error check is determined based on the identification information.If an error check is necessary, an error check is performed using the check code, and if the communication data has no error, A transfer unit for transferring the communication data to the receiving device, and transferring the communication data to the receiving device without performing an error check when an error check is unnecessary. The transfer means,
When an error check is required, code generation means for performing a predetermined code conversion on the communication data to generate a check code,
It is determined whether or not the check code generated by the code generation means and the check code received by the reception means are the same, and when it is determined that the check codes are the same, the communication data is transferred. The transfer device according to claim 14, further comprising: an inspection unit that discards communication data when the determination is made. An integrated circuit for transferring communication data to which a check code is attached,
Storage means for storing identification information of a predetermined receiving device in advance,
Receiving means for receiving communication data attached with a check code, transmitted from the transmitting device to the receiving device,
For the communication data received by the receiving means, the necessity of an error check is determined based on the identification information.If an error check is necessary, an error check is performed using the check code, and if the communication data has no error, Transfer means for transferring the communication data to the receiving device, and transferring the communication data to the receiving device without performing error checking when error checking is unnecessary. A transfer device for transferring communication data to which a check code is attached,
Holding means for holding secret information common to the transmitting device;
Storage means for storing identification information of a predetermined receiving device in advance,
Receiving means for receiving communication data attached with a check code, transmitted from the transmitting device to the receiving device,
Code generation means for converting the communication data received by the receiving means with the secret information to generate conversion data, and performing a predetermined code conversion on the conversion data to generate a check code;
Checking means for checking whether an error has occurred in the communication data by comparing the check code generated by the code generating means with the check code received by the receiving-side receiving means,
For communication data received by the receiving unit, a transfer determination unit that determines whether transfer is possible based on the identification information based on the identification information,
A transfer unit that transfers the communication data when the check unit determines that no error has occurred and the transfer determination unit determines that transfer is permitted. Transfer device. The holding means further comprises:
Holding a common secret information with the receiving device,
The transfer means,
The communication device converts the communication data with the secret information to generate conversion data, performs a predetermined code conversion on the conversion data to generate a check code, attaches the generated check code to the communication data, and adds the check code to the communication data. 18. The transfer device according to claim 17, wherein the transfer is performed. An integrated circuit for transferring communication data to which a check code is attached,
Holding means for holding secret information common to the transmitting device;
Storage means for storing identification information of a predetermined receiving device in advance,
Receiving means for receiving communication data attached with a check code, transmitted from the transmitting device to the receiving device,
Code generation means for converting the communication data received by the receiving means with the secret information to generate conversion data, and performing a predetermined code conversion on the conversion data to generate a check code;
Checking means for checking whether an error has occurred in the communication data by comparing the check code generated by the code generating means with the check code received by the receiving-side receiving means,
For communication data received by the receiving unit, a transfer determination unit that determines whether transfer is possible based on the identification information based on the identification information,
A transfer unit that transfers the communication data when the check unit determines that no error has occurred and the transfer determination unit determines that transfer is permitted. Integrated circuit. A content distribution system including a content distribution device and a content use device,
The content distribution device,
Distribution-side holding means for holding first secret information that is the same as the second secret information held by the content use device;
Request data for requesting return of reply data to the content using device, converting the request data into converted data by using the first secret information, and performing a predetermined first code conversion on the converted data to generate a check code Side generation means;
Transmission means for attaching the check code generated by the delivery-side generation means to the request data before conversion and transmitting the request data,
From the content use device that has received the request data transmitted by the transmission unit, when the return data is received, a distribution unit that distributes the content to the content use device,
The content use device is
User-side holding means for holding second secret information that is the same as the first secret information held by the content distribution device;
Reception means for receiving the request data attached with the check code, transmitted by the transmission means,
The request data received by the receiving means is converted by the second secret information into converted data, and the converted data is subjected to the same predetermined second code conversion as that of the predetermined first code conversion, thereby forming a check code. User-side generating means for generating;
Checking means for checking whether an error has occurred in the request data by comparing the check code generated by the use-side generating means with the check code received by the receiving means,
A content distribution system, comprising: a response unit that decrypts the request data and returns the return data to the content distribution device when the inspection unit determines that no error has occurred. A content distribution device that distributes content to a content use device,
Holding means for holding secret information common to the content use device;
Code generation means for converting request data requesting to return reply data to the content using device with the secret information to be converted data, performing predetermined code conversion on the converted data to generate a check code,
Transmission means for transmitting the check code generated by the code generation means attached to the request data before the conversion, and
Upon receiving the request data transmitted by the transmitting unit and receiving the reply data from the content use device that has determined that no error has occurred in the request data by the check code, the content is transmitted to the content use device. And a distribution means for distributing the content. The reply data is converted into the converted data by converting the reply data with the secret information in the content using device, and a check code generated by performing the predetermined code conversion on the converted data is attached,
The distribution means,
The return data is received, and converted by the secret information into conversion data, the conversion data is subjected to the predetermined code conversion to generate a check code, and the generated check code and the attached check code are generated. And checking whether an error has occurred in the return data by comparing the reply data, and distributing the content when it is determined that no error has occurred. Content distribution device according to the above. A content use device that receives content distribution from the content distribution device,
Holding means for holding secret information common to the content use device;
A receiving unit that receives request data to which a check code is attached, which is transmitted from the content distribution device and requests to return the return data,
Code generation means for converting the request data received by the reception means with the secret information into conversion data, performing a predetermined code conversion on the conversion data to generate a check code,
Checking means for checking whether an error has occurred in the request data by comparing the check code generated by the code generating means with the check code received by the receiving means,
And a reply unit for decoding the request data and returning the reply data to the content distribution device when the checking unit determines that no error has occurred. The reply means,
The return data is converted by the secret information into converted data, the predetermined code conversion is performed on the converted data to generate a check code, and the check code is attached to the return data before conversion and returned. The content utilization device according to claim 23, wherein:

Images