JP2006033114A - Metadata transmitter and metadata receiver - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a mechanism for granting signature such that verification of a distributed signature succeeds, when metadata are distributed while being appended. <P>SOLUTION: The transmitter has a function for creating initial distribution metadata 18a, having initial metadata 5 made for a content 3 and an initial signature 6 for the initial metadata 5 put on the initial metadata 5 and distributing the initial distribution metadata 18a, and a function for creating partial metadata 16 having a partially updated part 9 of the initial metadata 5 and a partial signture 10 for the partially updated part 9 put on the partially updated part 9, on occurrence of partial update for the initial metadata 5, forming entire metadata by merging the partially updated part 9 into the initial metadata 5 and the entire signature 11 with respect to the entire metadata, forming automatic update metadata 18a by adding the entire signature 11 to the partial metadata 16 and delivering it. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a metadata transmission device and a metadata reception device used in server-type broadcasting.

  Server type broadcasting (also called storage type broadcasting) realizes program viewing that is not restricted by broadcasting time by providing a receiver with a communication connection function with a program storage device. Furthermore, the server type broadcasting provides a new broadcasting service such as viewing not only the entire program from the beginning of the program but also viewing only an important scene of the program using program-related information called metadata. Metadata is generally broadcast along with a program. In a live broadcast program, it is assumed that the same metadata is not repeatedly sent as needed during program broadcast, but metadata corresponding to the progress of the program is sent. For example, in a baseball broadcast program, only player information is sent as initial metadata at the start of the program, and the player's information is added as an additional portion of the batter's batting results at that time, once or twice as the game progresses. In addition to this, it is transmitted as update metadata.

  At this time, the entire metadata document with the additional portion added is repeatedly transmitted.

  Similarly, when a part of the metadata is changed and the part is used as the changed part, all the metadata documents having the changed part are repeatedly transmitted.

  Non-Patent Document 1 describes the outline of the standard ARIB (Association of Radio Industries and Businesses) STD-B38 (encoding, transmission and storage control system in server type broadcasting), and in particular, illustrates the concept of server type broadcasting. Has been.

  The ARIB STD-B38 standard defines a metadata description method for programs in XML (Extensible Markup Language) format. In the ARIB STD-B38 standard, additional information for content is described not only in metadata and displayed on the playback terminal, but also in information that enables playback control such as partial playback of content according to the content described in the metadata. Defined so that it can. When a playback device having a function of playing back content from metadata is used, a digest version of the content can be defined and played back without partial playback of the content or editing of the content itself. Here, in order to realize the prevention of metadata tampering (that is, the integrity of metadata) and the certification of the metadata producer (that is, the authentication of the metadata producer), the metadata of the metadata creator It has been proposed to provide an electronic signature in XML format (W3C XML-Signature Syntax and Processing) (see 2004 Patent Application No. 60085).

  Here, the electronic signature will be described.

  The electronic signature is typically a digital signature.

  The digital signature is a technology that realizes document and message integrity and counterpart authentication based on public key cryptography technology (Public Key Infrastructure (PKI) technology). Here, the completeness of the message can generally be said to be “the target document or message has not been altered by a third party”. On the other hand, partner authentication refers to identifying and guaranteeing that the person who signed the document, that is, the creator of the document or message, is the principal. Hereinafter, the public key cryptosystem and the one-way hash function, which are elemental technologies of digital signature, will be described, and digital signature will be described.

Public key encryption technology (Public Key Infrastructure (PKI) technology):
As shown in FIG. 16 (A), the encryption technique is defined by an encryption key (encryption algorithm) in an encryption algorithm (function) implemented as software when encrypting plaintext as data to be encrypted. This is a technique for converting plaintext into encrypted data (ciphertext) so that it cannot be read by a third party by passing the plaintext (data before encryption) and the plaintext (data before encryption). Here, the plaintext is unencrypted data and is an antonym of the ciphertext.

  Further, when decrypting the ciphertext, as shown in FIG. 16B, the decryption key and the ciphertext (FIG. 16A) are changed to an encryption algorithm (function) equivalent to the case of encryption. The ciphertext is decrypted into plaintext by passing (cipher data).

  At this time, the case of encryption key = decryption key is called a common key encryption method, and the case of encryption key ≠ decryption key is called a public key encryption method.

  That is, the public key cryptosystem has a characteristic that data encrypted with the key A can be decrypted only with the key B, and data encrypted with the key B can be decrypted only with the key A, as shown in FIG. Also, the longer the key, the stronger the encryption strength, and the key length can be selected from several lengths depending on the purpose and conditions.

  Several algorithms have been proposed for public key cryptosystems, but the most famous is the RSA (Rivest, Shamir, Adleman) algorithm. Currently, in the RSA algorithm, a key having a key length of 1024 bits, which is shown as a reference at the bottom of FIG. 17, is often used.

One-way hash function:
The one-way hash function is an algorithm that compresses data having an arbitrary length (original data) into data having a specific length. The compressed data represents the calculated hash value and is also called a digest. In the example shown in the upper part of FIG. 18, the original data represents “Today's dish”, and in the example shown in the lower part of FIG. 18, the original data represents “Today's dish”. The one-way hash function has the first feature that the original data cannot be inferred from the compressed data, and the second feature that the calculated value (hash value) of the hash function is different if the original data is slightly different. It has features. Commonly used hash functions are SHA-1 and MD5.

Digital signature:
Digital signature is a technology that provides a function of guaranteeing the integrity of a document or message and authenticating the creator of the document or message, which is realized by combining a public key encryption mechanism and a one-way hash function. FIG. 19 shows an outline of the digital signature mechanism.

  19, in the signature (the left block in FIG. 19), the hash value of the signature target document is calculated using the hash function 1, and the hash value is encrypted with the signer's private key to obtain the signature value ( Encryption step 2). Here, the signer securely manages and uses one of the encryption keys used in the public key cryptosystem as a secret key that cannot be used by anyone other than himself. The other key is disclosed to others as a public key for use in signature verification. Since the original document cannot be inferred from the hash value, if the signer appropriately manages the secret key, it can be said that only the signer can create this signature value, and has an effect as a signature. The document having the signature value is sent to the verification block (the right block in FIG. 19).

  In the verification (the right block in FIG. 19), it is confirmed whether the signature signed on the document is really correct. In the confirmation method, the hash value of the document is calculated using the hash function 1 described above. Next, the verifier obtains the signer's public key (usually present in the public key certificate added to the signature value when signing by the signer), and the signature value is disclosed to the signer. Decrypt with the key to obtain the hash value (see decryption step 2 '). Thus, since the signature hash value can be obtained by decrypting the signature value, the signature value is verified by matching the signature hash value with the hash value calculated from the document (see comparison step 3 '). it can. In this comparison step 3 ′, if the hash values do not match, it can be seen that the body (that is, the document having the signature value) has been falsified. Further, since this signature value can be created only by the signer himself, it is possible to authenticate the principal.

  As described above, even in server type broadcasting (storage type broadcasting), there is considered a metadata distribution method in which distribution is performed while adding or changing metadata according to the elapsed time of content reproduction as in real time broadcasting. Yes. When such a distribution method is taken, simply adding the signature of the addition or change for each additional part or change part to the metadata, when adding or changing the metadata, The hash value of the entire metadata obtained by adding the added portion or the changed portion to the initial metadata changes, and the update is performed such that the signature verification of the entire metadata fails. Furthermore, for each piece of metadata (fragment: the above-mentioned added part or changed part), an XML signature of what has been added or changed as shown in FIG. 20 is added to the metadata and managed. Is inefficient.

  In the XML signature in FIG. 20, the signature data of the signer (added or changed) is expressed in XML format, and the signature target is in a tag <Reference URI =…>… </ Reference> It is specified by URI (Uniform Resource Identifier), the digest is described in the tag <DigestValue>… </ DigestValue>, and the signature value of the signer is in the tag <SignatureValue>… </ SignatureValue> It is described in.

  In general, an XML signature includes a public key certificate (not shown in FIG. 20) representing a signer's public key. In this case, the public key certificate is added after the tag </ SignatureValue> in the XML signature of FIG.

Outline of standards (broadcasting field) Standard number: ARIB STD-B38 Standard name: Coding, transmission and storage control method in server-type broadcasting, [online], Japan Radio Industry Association, [Search January 29, 2004] , Internet <URL: http://www.arib.or.jp/tyosakenkyu/kikaku_hoso/hoso_std-b038.html>

  As described above, in server-type broadcasting (storage-type broadcasting), a mechanism for preventing tampering and preventing abuse of metadata by giving an electronic signature to the metadata to protect the rights of the metadata has been proposed. (Refer to the above-mentioned 2004 Patent Application No. 60085) However, if a signature is simply added, it is added or changed to metadata or distributed over time as in real-time broadcasting. In this case, the signature verification on the receiving side will fail if the signature handling is not devised.

  Also, as described above, if all metadata documents with added or changed portions are repeatedly sent, almost the same data is repeatedly sent, which is inefficient.

  Therefore, in consideration of the efficiency of the broadcast band, a method of sending only the added or changed portion of the metadata can be considered. In this case, the receiver side stores and saves the received initial metadata, and sequentially adds additional portions sent sequentially to the stored metadata to update the metadata. Alternatively, on the receiver side, the metadata is updated by replacing the sequentially sent changed portion with the corresponding portion of the stored metadata.

  Even in the method of sending only the additional part (or only the changed part) of such metadata, the tampering of the metadata (that is, the integrity of the metadata) and the proof of the creator of the metadata (ie, the metadata) Metadata protection means that can realize (authentication of metadata producers).

  An object of the present invention is to provide a mechanism for efficiently applying a signature (metadata transmitting apparatus) such that when a metadata is distributed after being added or changed over time, the verification of the signature after the distribution is also successful. And a metadata receiving device).

  Another object of the present invention is to prevent metadata tampering (ie, metadata integrity) and to provide metadata producer certification (ie, even when only additional or changed portions of metadata are delivered). And providing metadata protection means capable of realizing (authentication of metadata producers).

  The metadata transmission device according to the present invention and the metadata reception device according to the present invention are as follows.

[Claim 1]
For initial distribution having initial metadata (5) produced for the content (3) and an initial signature (6) for the initial metadata (5) added to the initial metadata (5) A metadata transmission device having a first functional unit for creating metadata (4) and a second functional unit for delivering the initial delivery metadata (4) to the metadata receiving device,
A third functional unit for creating partial metadata (16) having a partially updated part (9 or 15) of the initial metadata (5) when a partial update to the initial metadata (5) occurs; ,
A fourth functional unit for creating overall metadata formed by merging the partially updated part (9 or 15) with the initial metadata (5), and an overall signature (11) for the overall metadata;
A fifth functional unit for creating automatic update metadata (18a) obtained by adding the whole signature (11) to the partial metadata (16);
And a sixth function unit for delivering the automatic update metadata (18a) to the metadata receiving device.

[Claim 2]
The metadata transmission device according to claim 1,
When the partial update for the initial metadata (5) occurs, the third functional unit updates the partial updated portion (9 or 15) as the partial metadata (16). A metadata transmission apparatus for creating a partial signature (10) added to a partial portion (9 or 15) and a partial signature (10) for the partial updated portion (9 or 15).

[Claim 3]
The metadata transmission device according to claim 2,
The initial signature, the partial signature, and the overall signature are the initial metadata, the partially updated portion, and an electronic signature of a producer who created the overall metadata. .

[Claim 4]
The metadata transmission device according to claim 3,
The metadata transmission apparatus according to claim 1, wherein the electronic signature can identify a signer as the producer based on a public key infrastructure (PKI) technology.

[Claim 5]
The metadata transmission device according to claim 1,
The partial update is an addition to the initial metadata or a partial change of the initial metadata,
The metadata transmission device according to claim 1, wherein the partially updated portion is a portion added to the initial metadata or a changed portion of a part of the initial metadata.

[Claim 6]
The metadata transmission device according to claim 1,
The third functional unit creates another partial metadata having another updated part of the initial metadata when another partial update occurs to the initial metadata;
The fourth functional unit creates another whole metadata obtained by merging the other part updated part with the initial metadata, and another whole signature for the other whole metadata,
The fifth functional unit creates another automatic update metadata obtained by adding the other whole signature to the other partial metadata,
The sixth function unit delivers the another automatic update metadata to the metadata receiving device.

[Claim 7]
The metadata transmission device according to claim 6,
When the other partial update for the initial metadata occurs, the third functional unit may include the other partial updated portion and the other partial updated portion as the other partial metadata. A metadata transmitting apparatus for creating a part having another partial signature for the part that has been added and updated.

[Claim 8]
For initial distribution having initial metadata (5) produced for the content (3) and an initial signature (6) for the initial metadata (5) added to the initial metadata (5) A first functional unit for creating metadata (4), a second functional unit for delivering the initial delivery metadata (4) to the metadata receiving device (47), and the initial metadata (5). When a partial update occurs, a third functional unit for creating partial metadata (16) having a partially updated part (9 or 15) of the initial metadata (5), and the partially updated part ( 9 or 15) is merged with the initial metadata (5), a fourth functional unit for creating a whole signature (11) for the whole metadata, and the partial metadata (16). To the whole A fifth functional unit for creating automatic update metadata (18a) to which a name (11) is added, and a sixth function for delivering the automatic update metadata (18a) to the metadata receiving device (47) A metadata receiving device (47) used in combination with a metadata transmitting device (40) having a functional unit of:
The initial delivery metadata (4) delivered from the metadata transmission device (40) is acquired, and then the automatic update metadata (18a) delivered from the metadata transmission device (40) is obtained. A functional part to be acquired;
The partially updated part (9 or 15) and the whole signature (11) are extracted from the acquired automatic update metadata (18b), and the initial distribution metadata (4) already acquired is extracted. The partially updated portion (9 or 15) is added to a predetermined position of the initial metadata (5) to obtain the entire latest version metadata (14), and the second update for the entire latest version metadata (14). A functional unit that performs verification of the electronic signature using the whole signature (11) extracted from the automatic update metadata (18b);
When this verification is successful, a functional unit that replaces the overall signature (11) extracted from the automatic update metadata (18b) as the overall signature (11) of the overall latest version metadata (14); And having
As a result, the metadata update device is characterized in that the overall latest version metadata (14) of the metadata reception device (47) matches the overall metadata of the metadata transmission device (40).

[Claim 9]
The metadata receiving device according to claim 8,
When the metadata transmission apparatus delivers another automatic update metadata to the metadata reception apparatus following the automatic update metadata, the metadata reception apparatus uses the other automatic update metadata. And automatically updating the entire latest version metadata in response to the received other automatic update metadata as in the case of the automatic update metadata. apparatus.

[Claim 10]
For initial distribution having initial metadata (5) produced for the content (3) and an initial signature (6) for the initial metadata (5) added to the initial metadata (5) A first functional unit for creating metadata (4), a second functional unit for delivering the initial delivery metadata (4) to the metadata receiving device (47), and the initial metadata (5). When a partial update occurs, the partially updated portion (9 or 15) of the initial metadata (5) and the partially updated portion (9 or 15) added to the partially updated portion (9 or 15) 9 or 15) with the partial signature (10), a third functional unit for creating partial metadata (16), and the partially updated portion (9 or 15) as the initial metadata (5). All merged A fourth function unit for creating metadata and a whole signature (11) for the whole metadata, and automatic update metadata (a part for adding the whole signature (11) to the partial metadata (16)) A metadata transmitting device (40) having a fifth functional unit for creating 18a) and a sixth functional unit for delivering the automatic update metadata (18a) to the metadata receiving device (47); A metadata receiving device (47) used in combination,
The initial delivery metadata (4) delivered from the metadata transmission device (40) is acquired, and then the automatic update metadata (18a) delivered from the metadata transmission device (40) is obtained. A functional part to be acquired;
The partially updated portion (9 or 15) of the partial metadata (16) in the acquired automatic update metadata (18b) and the partial signature (10) for the partially updated portion (9 or 15) Based on the above, a functional unit that performs first verification only on the partial signature (10) for the partially updated part (9 or 15),
When it is confirmed by the first verification that the partial signature (10) for the partially updated part (9 or 15) has not been tampered with, the automatic update metadata (18b) The updated part (9 or 15) and the whole signature (11) are extracted, and the partial update is performed at a predetermined position of the initial metadata (5) of the already acquired initial delivery metadata (4). The added portion (9 or 15) is added to obtain the overall latest version metadata (14), and the second verification for the overall latest version metadata (14) is performed from the automatic update metadata (18b). A functional unit that uses the extracted overall signature (11);
When the second verification is successful, the whole signature (11) extracted from the automatic update metadata (18b) is replaced with the whole signature (11) of the whole latest version metadata (14). Having a functional part,
As a result, the overall latest version metadata (14) possessed by the metadata receiving device (47) matches the overall metadata possessed by the metadata transmitting device (40) and is automatically updated without breaking the relationship between the signature and the verification. A metadata receiving apparatus that is updated.

[Claim 11]
The metadata receiving device according to claim 10,
When the metadata transmission apparatus delivers another automatic update metadata to the metadata reception apparatus following the automatic update metadata, the metadata reception apparatus uses the other automatic update metadata. And automatically updating the entire latest version metadata in response to the received other automatic update metadata as in the case of the automatic update metadata. apparatus.

[Claim 12]
The metadata receiving device according to claim 10,
The initial signature, the partial signature, and the overall signature are the initial metadata, the partially updated portion, and an electronic signature of a producer who created the overall metadata. .

[Claim 13]
The metadata receiving device according to claim 12,
The metadata receiving apparatus according to claim 1, wherein the electronic signature can identify a signer as the producer based on a public key infrastructure (PKI) technology.

[Claim 14]
The metadata receiving device according to claim 8 or 10,
The partial update is an addition to the initial metadata or a partial change of the initial metadata,
The metadata receiving apparatus according to claim 1, wherein the partially updated portion is a portion added to the initial metadata or a changed portion of a part of the initial metadata.

  According to the present invention, a mechanism for efficiently applying a signature (metadata transmitting apparatus) that, when time-lapsed, is added and changed to metadata and distributed after the distribution is successfully verified. And a metadata receiving device).

  Furthermore, according to the present invention, even when only the added or changed portion of the metadata is distributed, the tampering of the metadata (that is, the integrity of the metadata) and the proof of the creator of the metadata (that is, the metadata) Metadata protection means that can realize authentication of data producers).

  That is, according to the present invention, even if the metadata is partially updated and the partially updated portion is distributed as partial metadata, signature verification for the entire metadata does not fail.

In an embodiment of the present invention described below, a producer (producer terminal) delivers initial metadata together with content to a user (user terminal). Thereafter, when a partial update of metadata (typically, addition of metadata or a change of a part of metadata) occurs, the creator (producer's terminal) can update the part of the metadata. In other words, a signature for only (added portion or changed portion) and a signature for the entire metadata at that time (entirely subjected to partial update) are created. At this time, the update data distributed to the user (user terminal)
1) Partially updated portion of metadata (ie, added or changed portion),
2) An XML signature that is a partial signature for only the partially updated part (ie, the added part or changed part), and 3) The entire metadata including the part updated part (ie, the added part or changed part) (partial update) XML signature for the whole metadata)
Are collectively.

  On the user (user terminal) side, the user (user terminal) decomposes the delivered data into the above three data 1), 2), and 3). Then, the user (user terminal) merges (combines) the partially updated portion (that is, the added portion or the changed portion) of the metadata with the initial metadata. In addition, the user (user terminal) uses the XML signature, which is a partial signature, for history management, and the XML signature for the entire metadata including the partially updated part (that is, the added part or the changed part) Replace with the signature of the latest version of the entire merged (combined) metadata on the (user terminal) side. As a result, even when a partially updated part (that is, an added part or a changed part) is post-delivered, it is partially updated on the user (user terminal) side (client side) without breaking the signature verification of the metadata. Portions (ie, added or changed portions) can be merged.

  Embodiments of the present invention will be described below with reference to the drawings.

  Referring to FIG. 1, a delivery system according to an embodiment of the present invention (this delivery system includes a metadata transmission device (later shown as a metadata creator 40 (FIG. 4)) and a metadata reception device (later metadata). A controller 47 (illustrated as FIG. 4)). In FIG. 1, a metadata producer (producer terminal) 1 creates initial metadata 5 for a content 3 created in advance, adds a signature 6 of the producer 1 to the initial metadata 5, and is signed. Initial metadata (initial distribution metadata) 4 is created.

  Specifically, the metadata creator (producer terminal) 1 uses the metadata creator (illustrated later) to display initial metadata 5 (shown as initial metadata 5 to be signed in FIG. 2) for the content 3. create. The producer (producer terminal) 1 gives an electronic signature in XML format (the XML signature 6 for the entire initial metadata in FIG. 3) to the created initial metadata 5 to be signed, as shown in FIG. The signed initial metadata 4 is created. In the signed initial metadata 4 of FIG. 3, the signature target is the range indicated by the signature target 8 (the portion sandwiched between <TVAMain> and </ TVAMain> of the initial metadata 5 of FIG. 2).

  In FIG. 1, a metadata producer (producer terminal) 1 delivers signed initial metadata (initial delivery metadata) 4 to a user 2 together with content 3.

  Referring to FIG. 4, a transmission system device and a reception system device that implement the delivery system of FIG. 1 are shown. A metadata producer (producer) 1 includes a content creator 60 that creates content 3, and a metadata creator (metadata transmitter) 40 that creates metadata (signed initial metadata) 4 for the content 3. Is held as a transmission system device (producer terminal). That is, the metadata producer 1 holding the metadata creator 40 creates metadata (signed initial metadata) 4 for the content 3 already created on the metadata creator 40.

  In FIG. 4, content 3 is distributed to users 2 using a broadcast network 110 that is a communication means for broadcasting, and metadata (signed initial metadata) 4 is stored in a network (communication network such as the Internet) 100. It is distributed to user 2 using it. A user 2 is connected to the network 100, and a metadata controller (metadata receiving device) 47 that acquires the metadata (signed initial metadata) 4 distributed from the metadata creator (metadata transmitting device) 40. And a content receiver 70 that acquires the content 3 from the broadcast network 110 are held as a receiving system device (user terminal). The content receiver 70 also has a content reproduction function. The user 2 uses the metadata controller (metadata receiving apparatus) 47 to access the delivered metadata (signed initial metadata) 4, and from the metadata (signed initial metadata) 4. When access to the content 3 is possible, the video of the content 3 based on the metadata (signed initial metadata) 4 can be viewed.

  In the above description, the method of distributing the content 3 to the user using the broadcast network 110 and the metadata 4 using the network 100 has been described. However, the content 3 may be distributed to the user and the metadata 4 may be distributed to the user. Further, both the content 3 and the metadata 4 may be distributed over a broadcasting network, or both the content 3 and the metadata 4 may be distributed over a network.

  At this time, when the metadata controller (metadata receiving device) 47 accesses the content 3 from the metadata (signed initial metadata) 4, first, it is given to the metadata (signed initial metadata) 4. The signature 6 of the current metadata producer is verified to confirm that the metadata (signed initial metadata) 4 has not been tampered with. Next, the value of the subject area in which the information of the owner of the public key certificate described in the public key certificate of the metadata producer 1 is stored is obtained, and the metadata (signed) By identifying the creator of the initial metadata 4, the content 4 can be accessed from the metadata 4.

  Thereby, the video of the content 3 based on the metadata 4 can be viewed.

  In FIG. 1, when it becomes necessary for creator 1 to create additional metadata, producer 1 creates additional metadata 9 in metadata creator (metadata transmission device) 40 (FIG. 4). . The producer 1 adds metadata (the signature of the producer 1) 10 for the additional metadata 9 to the additional metadata (partially updated portion) 9 in the metadata creator 40 (FIG. 4). 16 is created.

  For example, the additional metadata 9 is a partially updated portion 15 that includes a partially updated fragment, as shown in FIG. An additional part to the initial metadata 5 is put in the part updated part 15.

  The following mainly describes the case where the partially updated portion 15 is an added portion to the initial metadata 5, but the partially updated portion 15 is a partial change portion of the initial metadata 5. Of course.

  In this case, the metadata 16 obtained by adding the signature value (signature 10 for the additional metadata) to the partially updated part includes the partially updated part 15 and the partial update as shown in FIG. The XML signature document 19 for the portion 15 is included, and the other portion functions only as a delivery container.

  In FIG. 1, next, the producer 1 is partially updated by adding additional metadata (partially updated part) 9 to the above-described initial metadata in the metadata creator 40 (FIG. 4). Create whole metadata with part added. Then, the producer 1 uses the metadata creator 40 (FIG. 4) to sign the entire metadata obtained by adding the partially updated portion to the entire metadata obtained by adding the partially updated portion (producer 1). The metadata 17 to which the signature (11) is added is created.

  For example, the metadata 17 formed by adding the signature 11 to the entire metadata to which the partially updated part is added is the entire metadata after the partially updated part 15 is merged as shown in FIG. It includes the data and the XML signature document 20 for the entire metadata after merging the partially updated portion 15 (which corresponds to the signature 11 of the metadata 17 of FIG. 1).

  In FIG. 1, next, the producer 1 adds the signature value (signature 10 for the additional metadata) to the partially updated portion in the metadata creator 40 (FIG. 4). The automatic update metadata 18a is created by adding only the signature 11 to the entire metadata. That is, the automatic update metadata 18a includes a partially updated portion (additional metadata 9), a signature 10 for the partially updated portion (additional metadata 9), and a partially updated portion (additional metadata 9). And the signature (the signature of the producer 1) 11 for the whole metadata including. The producer 1 delivers the automatic update metadata 18 a to the user 2.

  For example, the distributed automatic update metadata 18a includes a partially updated portion 15 and an XML signature document 19 for the partially updated portion 15 as shown in FIG. The XML signature document 20 (corresponding to the signature 11 of the metadata 17 in FIG. 1) is added to the metadata 16 shown in FIG. 1 to the whole metadata after the partially updated portion 15 is merged. .

  In FIG. 1, the user 2 holds a metadata controller 47 (FIG. 4) that acquires the automatic update metadata 18a delivered from the producer 1 as the automatic update metadata 18b. Like the automatic update metadata 18a, the acquired automatic update metadata 18b includes a partially updated portion (additional metadata 9), a signature 10 for the partially updated portion (additional metadata 9), And a signature 11 for the whole metadata including the part updated part (additional metadata 9). The user 2 uses the metadata controller 47 (FIG. 4) to sign the partially updated part (additional metadata 9) and the partially updated part (additional metadata 9) in the automatic update metadata 18b. 10, the signature value and the public key certificate are verified only for the signature 10 with respect to the partially updated part (additional metadata 9), similarly to the description using the right block of FIG. 19. . If it is confirmed by this verification that the signature 10 for the partially updated portion (additional metadata 9) has not been tampered with, the partially updated portion (additional metadata 9) is identified from the automatic update metadata 18b. The signature 11 for the entire metadata including the partially updated part (additional metadata 9) is retrieved in the metadata controller 47 (FIG. 4), and the entire latest version metadata 14 that the user 2 has at the present time is extracted. (At this point, it is the signed initial metadata 4) The part (additional metadata 9) partially updated at an appropriate position is added in the metadata controller 47 (FIG. 4) and the partly updated. In the metadata controller 47 (FIG. 4), the signature verification for the entire latest version metadata 14 to which the portion (additional metadata 9) has been added is performed. It performed using the signature 11 fetched from over data 18b. If this verification is successful, the signature 11 extracted from the automatic update metadata 18b is used as the signature of the overall latest version metadata 14 to which the partially updated part (additional metadata 9) is added. In 47 (FIG. 4), the substitution is made.

  As a result, the entire latest version metadata 14 that the user 2 currently has in the metadata controller 47 (FIG. 4) matches the entire latest version metadata (17 in FIG. 1) that the creator 1 has. Automatic update can be realized without breaking the relationship between the signature and verification of the XML signature.

  With reference to FIG. 9, the above-described operation (handling of automatic update metadata (first time)) in the metadata controller 47 by the user 2 will be described again.

  In FIG. 9, the metadata controller 47 (FIG. 4) of the user 2 stores signed initial metadata (initial distribution metadata) 4 having initial metadata 5 and a signature 6 for the initial metadata 5. Have already acquired.

  In this state, it is assumed that the user 2 acquires the automatic update metadata 18 b delivered from the producer 1 in the metadata controller 47. The acquired automatic update metadata 18b includes a partially updated portion (additional metadata 9), a signature 10 for the partially updated portion (additional metadata 9), and a partially updated portion (additional metadata). And a signature 11 for the entire metadata including 9).

  The user 2 uses the metadata controller 47 based on the partially updated part (additional metadata 9) and the signature 10 for the partly updated part (additional metadata 9) in the automatic update metadata 18b. In addition, the signature value and the public key certificate are verified only for the signature 10 for the partially updated part (additional metadata 9). If it is confirmed by this verification that the signature 10 for the partially updated portion (additional metadata 9) has not been tampered with, the partially updated portion (additional metadata 9) is identified from the automatic update metadata 18b. The signature 11 for the entire metadata including the partially updated part (additional metadata 9) is taken out by the metadata controller 47, and the entire latest version metadata (at this time, the user 2 has) In the metadata controller 47, a partially updated portion (additional metadata 9) is added to an appropriate position of the signed initial metadata (initial delivery metadata) 4) (addition of FIG. 9), The metadata controller 47 automatically updates the signature verification for the entire latest version metadata to which the partially updated part (additional metadata 9) is added. It performed using the signature 11 fetched from the metadata 18b. If the verification is successful, the signature 11 extracted from the automatic update metadata 18b is used as the signature of the overall latest version metadata to which the partially updated part (additional metadata 9) is added. In FIG. 9 (replacement in FIG. 9). By the above addition and the above substitution, the one shown in the lower right part of FIG. 9 is obtained.

  The user 2 uses the metadata controller 47 to obtain the partially updated part (additional metadata 9) and the signature 10 for the partly updated part (additional metadata 9) in the automatic update metadata 18b. The history is stored and saved in the database DB of the metadata controller 47 (which corresponds to the partial update metadata history management unit 36 shown in FIG. 12 later) and saved (save in FIG. 9).

  In FIG. 1, the user 2 subsequently receives the next automatic update metadata (second automatic update metadata) 18a delivered from the producer 1 as the next automatic update metadata 18b. The overall latest version metadata 14 possessed by the user 2 is automatically updated in the same manner as described above in response to the received automatic update metadata 18b.

  FIG. 10 shows an example of handling of automatic update metadata (Nth) by the user 2 in the metadata controller 47. In FIG. 10, additional metadata 9 (first time), additional metadata 9 (second time),..., Additional metadata 9 (N−1th time), and additional metadata 9 (Nth time) are illustrated separately. Thus, N is an example of an integer of 4 or more. However, the present invention is not limited to this, and N may be an integer of 1 or more.

  Next, each part of FIG. 4 will be described.

(Metadata creator (metadata transmitter) 40)
Referring to FIG. 11, the metadata creator 40 is an information processing apparatus such as a personal computer to which an IC (Integrated Circuit) card reader / writer 45 is connected. The metadata creator 40 creates the initial metadata 4 (FIG. 4) corresponding to the content 3 (FIG. 4) created by the content creator 60 (FIG. 4). The IC card reader / writer 45 has a function of giving a digital signature, a function of accessing a public key certificate used for the digital signature, and an IC card 46 storing a private key. The metadata creator 40 includes a metadata creator 41 and a metadata transmitter 42 realized by software, for example.

  The metadata creation unit 41 has a function of creating the initial metadata 4 corresponding to the content 3, and is configured by software having a signature generation unit 43 as a function of adding a digital signature to the created metadata 4. The In addition, the content reproduction control unit 44 for reproducing the content 3 using the created metadata 4 is provided.

  The metadata transmission unit 42 transfers the metadata 4 and other metadata created by the metadata creation unit 41 to the metadata controller 47 (FIG. 4) via the communication network 100 (FIG. 4) such as the Internet. Has the function of

  The signature generation unit 43 has a function of giving a digital signature to the created metadata 4. Create a signature document in the XML-Signature format, which is a W3C standard, for the signature target document, generate a hash value for signature, and generate a signature value using the IC card 46 via the IC card reader / writer 45 The signature is executed by embedding the signed signature value in the XML signature document. It also has a function of embedding the signer's public key certificate stored in the IC card 46 in the document to be signed.

  The IC card 46 can store a secret key and a public key certificate, and has a function that can execute cryptographic calculation internally. When the hash value of the document to be signed is passed via the IC card reader / writer 45, a signature value is generated by encrypting it and returned to the signature generation unit 43 via the IC card reader / writer 45.

  The IC card reader / writer 45 is a function for reading information in the IC card 46 by a command from an information processing apparatus such as a personal computer, and for digital signature using a key stored in the IC card 46 in the IC card 46 It has a function to instruct execution of cryptographic calculation.

  The content reproduction control unit 44 has a function of instructing the content creator 60 (FIG. 4) to partially reproduce the content according to the content of the metadata 4.

  The metadata creating unit 41 has a function of creating a partially updated part 15 (FIG. 5) including a partially updated fragment such as additional metadata 9 (FIG. 1), and additional metadata 9 (partially updated part 15). Added the function to create metadata 16 with the signature 10 added (metadata 16 with the signature value added to the partially updated part in FIG. 6) and additional metadata 9 (partially updated part 15). A function for generating metadata 17 (FIG. 7) in which the signature 11 is added to the whole metadata obtained by adding the additional metadata 9 (partially updated part 15) to the whole metadata, the additional metadata 9 (partial Automatic update meta data obtained by adding only the signature 11 for the whole metadata described above to the meta data 16 (FIG. 6) obtained by adding the signature 10 for the updated portion 15). The ability to create over data 18a (FIGS. 1 and 8), further comprising.

  The metadata creation unit 41 includes an automatic update metadata management unit 39 and an automatic update metadata distribution control unit 38. For each piece of metadata corresponding to each content, the automatic update metadata management unit 39 sets the automatic update metadata 18a and the entire metadata at the time when the additional metadata 9 (partially updated portion 15) is added. Has a function of managing history.

  Further, the automatic update metadata distribution control unit 38 has a function of extracting the automatic update metadata 18a from the automatic update metadata management unit 39, to which user the automatic distribution is performed, and to what extent the user is automatically updated. It has a function of managing whether or not the metadata 18a has been distributed.

(Metadata controller (metadata receiver) 47)
Referring to FIG. 12 together with FIG. 4, the metadata controller 47 is an information processing apparatus such as a personal computer to which the IC card reader / writer 52 is connected. The metadata controller 47 includes a metadata editing unit 48 including a signature generation / verification function unit 49 and a content reproduction control unit 50 realized by a software program, and a metadata transmission / reception unit 51.

  The IC card reader / writer 52 and the IC card 53 are equivalent to those connected to the metadata creator 40.

  The metadata editing unit 48 edits the signed initial metadata 4 created by the metadata creator 40, and for the edited part, the signature generation / verification function unit 49, the IC card reader / writer 52, and the IC card. 53, a function for assigning a digital signature, a function for verifying a signature and certificate assigned to the metadata 4 using a signature generation / verification function unit 49, and playback control of the content 3 are performed. A content reproduction control unit 50 is included.

  The signature generation / verification function unit 49 has a signature generation function similar to that of the metadata creator 40, a function of verifying a signature value of the given metadata, and a certificate verification function.

  The content reproduction control unit 50 has a function of instructing the content receiver 70 to partially reproduce the content 3 according to the content of the metadata 4. In addition, the content reproduction control unit 50 acquires the metadata creator's public key certificate from the metadata creator signature embedded in the metadata 4 and identifies the signer from the owner of the public key certificate. Has the function of

  The automatic update metadata history management unit 36 has a function of managing the history in a time series of the received automatic update metadata 18b from which the all-to-signature 11 has been deleted.

  In addition, the automatic update metadata reception control unit 37 has a function of extracting the automatic update metadata 18b from the automatic update metadata history management unit 36, to which other user the automatic distribution is being performed, to the other user. Has a function of managing how far the automatic update metadata 18b has been distributed.

  The metadata transmission / reception unit 51 has a function of transferring the metadata 4 edited by the metadata editing 48 and other metadata to another user via a communication network such as the Internet.

(Transmitter in content creator 60)
Referring to FIG. 13 together with FIG. 4, the transmitter in the content creator 60 includes a content generation unit 57 having a content storage unit 54, an encoding unit 55, and a scramble unit 56 that store the content, Content key generation unit 59 for key Kc generation, ECM / EMM for Kc transmission that generates license information (ECM (Entitlement Control Message) / EMM (Entitlement Management Control Message) for Kc transmission) necessary for reproducing content A key generation unit 58 having a generation unit 61, an encrypted content generated by the content generation unit 57, and a multiplexing unit 63 that multiplexes the key generated by the key generation unit 58.

  The content storage unit 54 includes a storage device such as a hard disk that stores video, audio, or data as the content 4.

  The encoding unit 55 includes an encoding device that encodes video, audio, or data into MPEG (Motion Picture Experts Group) -2 TS (Transport Stream).

  The content key generation unit 59 generates an encryption key (content key Kc) for encrypting content using a common key encryption method for each content, assigns content identification for identifying the content, and assigns content for each content identification. Manage keys.

  The scramble unit 56 encrypts the encoded content with the content key generated by the content key generation unit 59 to generate encrypted content.

  The ECM / EMM generation unit 61 for Kc transmission includes an ECM or Kc transmission for Kc transmission in the section format defined in ARIB-STDB25 “Access Control Method in Digital Broadcasting” including the content key Kc and the work key or the master key 62. For EMM. The ECM for Kc transmission is encrypted with the work key 62, and the EMM for Kc transmission is encrypted with the master key 62. The master key 62 is an encryption key of a common key encryption method assigned to each receiver. The work key 62 is an encryption key of a common key encryption method that is assigned in units such as for each provider, and is an encryption key that is shared in advance with a receiver that wants to receive the ECM for Kc transmission. It is an encryption key for grouping receivers. In other words, when it is desired to simultaneously distribute Kc to receivers that share a work key in advance, the ECM for Kc transmission is used, and when Kc is to be distributed individually to each receiver, the EMM for Kc transmission is used.

  When sending ECM / EMM (license information) for Kc transmission by broadcasting, the multiplexing unit 64 of the multiplexing unit 63 multiplexes the ECM / EMM for Kc transmission encrypted with the encrypted content of the content generation unit 57 and the work key. Then modulate it and send it out as a broadcast.

  Here, when distributing Kc individually to each receiver, EMM (license information) for Kc transmission is individually distributed using a communication network using TCP / IP (Transmission Control Protocol / Internet Protocol).

(Content receiver 70)
Referring to FIG. 14 together with FIG. 4, the content receiver 70 includes a content decryption unit having a descramble unit 67 and a decryption unit 69, an ECM / EMM decryption unit 75 for Kc transmission, and a content key storage unit 72. Security module 74 and separation means for separating encrypted content 66 and key information.

  The security module 74 is a tamper-resistant module that cannot illegally extract information from the outside, and is configured by an IC card or the like. This security module 74 is issued and managed strictly by a third party organization.

  The separation unit 65 demodulates the received broadcast and separates the encrypted content 66 and the ECM / EMM 76 for Kc transmission at the MPEG-2 TS level.

  The ECM / EMM decrypting unit 75 for Kc transmission decrypts the received ECM for Kc transmission with the work key 71 and the EMM for Kc transmission with the master key 71, takes out the content key (Kc) 68, and takes out the content key storage unit 72. To remember. Thus, the content key (Kc) 68 is securely stored by the security module 74.

  At this time, the content key storage unit 72 stores the content key 68 for each content identification.

  The descrambling unit 67 encrypts and decrypts the encrypted content with the content key 68 obtained from the security module 74.

  The decoding unit 69 decodes the content encoded by the received MPEG-2 TS, and extracts video / audio information or digital data as the content 3.

  Finally, referring to FIG. 15, the operations on the metadata creator 40 (FIG. 4) side are summarized.

  On the metadata creation machine side, the initial delivery metadata 4 and the automatic update metadata 18a (first to fifth times) are created by the following procedure.

1. Content is acquired from the metadata creator 60 (FIG. 4), and initial metadata 5 for the acquired content is created.
2. A signature 6 is assigned to the created initial metadata 5 to create initial delivery metadata 4.
3. The created initial delivery metadata 4 is delivered.
4). Next, additional metadata (partially updated part) 9 (first time) is created.
5. Additional metadata (partially updated part) 9 (first time) is included in the automatic update metadata 18a (first time).
6). An XML signature 10 for the additional metadata (partially updated portion) 9 (first time) is created, and the created XML signature 10 is embedded in the automatic update metadata 18a (first time).
7). The additional metadata (partially updated part) 9 (first time) is embedded at an appropriate position in the initial metadata 5 to create the entire metadata (first time) (no signature).
8). The creator's signature 11 is assigned to the entire metadata (first time) (no signature).
9. The signature 11 is embedded in the automatic update metadata 18a (first time). Thereby, the creation of the automatic update metadata 18a (first time) is completed.
10. The created automatic update metadata 18a (first time) is delivered.
11. Next, additional metadata (partially updated part) 9 (second time) is created.
12 The same processing as described above is performed on the created additional metadata (partially updated part) 9 (second time) to create automatic update metadata 18a (second time).
13. The created automatic update metadata 18a (second time) is delivered.
14 Hereinafter, in the illustrated case, the creation and delivery of the automatic update metadata 18a (third time) to the automatic update metadata 18a (fifth time) are repeated as many times as necessary. Each metadata at that time is managed in time series as shown in FIG.
15. In the case shown in the figure, each time automatic update metadata 18a (first time) to automatic update metadata 18a (fifth time) is generated, the automatic update metadata 18a (first time) to automatic is updated. If the update metadata 18a (fifth) is properly delivered so as not to break the time series, the automatic update metadata 18a (first) to the automatic update metadata 18a (fifth) are delivered together. You may do it.

  As described above, according to the present embodiment, even if the metadata is partially updated and the partially updated portion is distributed as partial metadata, signature verification for the entire metadata does not fail.

  Furthermore, according to the present embodiment, since the partial metadata is added with the partial signature of the partial metadata and delivered to the receiving side, the receiving side uses the partial signature to detect falsification of the partial metadata. Can be done.

  Although the embodiments of the present invention have been described above, the present invention is not limited thereto. For example, in the above embodiment, a partial signature of the partial metadata and a whole signature of the whole metadata are added to the partial metadata and delivered to the receiving side. However, it is not always necessary to deliver the partial signature. That is, the entire metadata may be added to the partial metadata and delivered to the receiving side.

  Embodiments of the present invention are listed below.

X1. In a delivery system comprising a metadata transmission device (40) and a metadata reception device (47),
The metadata transmission device (40)
For initial distribution having initial metadata (5) produced for the content (3) and an initial signature (6) for the initial metadata (5) added to the initial metadata (5) A first functional unit for creating metadata (4);
A second functional unit for delivering the initial delivery metadata (4) to the metadata receiving device (47);
A third functional unit for creating partial metadata (16) having a partially updated part (9 or 15) of the initial metadata (5) when a partial update to the initial metadata (5) occurs; ,
A fourth functional unit for creating overall metadata formed by merging the partially updated part (9 or 15) with the initial metadata (5), and an overall signature (11) for the overall metadata;
A fifth functional unit for creating automatic update metadata (18a) obtained by adding the whole signature (11) to the partial metadata (16);
A sixth function unit for delivering the automatic update metadata (18a) to the metadata reception device (47);
The metadata receiving device (47)
The initial delivery metadata (4) delivered from the metadata transmission device (40) is acquired, and then the automatic update metadata (18a) delivered from the metadata transmission device (40) is obtained. A functional part to be acquired;
The partially updated part (9 or 15) and the whole signature (11) are extracted from the acquired automatic update metadata (18b), and the initial distribution metadata (4) already acquired is extracted. The partially updated portion (9 or 15) is added to a predetermined position of the initial metadata (5) to obtain the overall latest version metadata (14), and verification of the overall latest version metadata (14) is performed. A function unit that performs the whole signature (11) extracted from the automatic update metadata (18b);
When this verification is successful, a functional unit that replaces the overall signature (11) extracted from the automatic update metadata (18b) as the overall signature (11) of the overall latest version metadata (14); And having
As a result, the overall latest version metadata (14) possessed by the metadata receiving device (47) matches the overall metadata possessed by the metadata transmitting device (40).

X2. In the delivery system according to X1,
When the metadata transmission apparatus delivers another automatic update metadata to the metadata reception apparatus following the automatic update metadata, the metadata reception apparatus uses the other automatic update metadata. , And automatically updates the entire latest version metadata in response to the received other automatic update metadata as in the case of the automatic update metadata.

X3. In a delivery system comprising a metadata transmission device (40) and a metadata reception device (47),
The metadata transmission device (40)
For initial distribution having initial metadata (5) produced for the content (3) and an initial signature (6) for the initial metadata (5) added to the initial metadata (5) A first functional unit for creating metadata (4);
A second functional unit for delivering the initial delivery metadata (4) to the metadata receiving device (47);
When a partial update to the initial metadata (5) occurs, it is added to the partially updated part (9 or 15) of the initial metadata (5) and the partially updated part (9 or 15). A third functional unit for creating partial metadata (16) having a partial signature (10) for the partially updated part (9 or 15);
A fourth functional unit for creating overall metadata formed by merging the partially updated part (9 or 15) with the initial metadata (5), and an overall signature (11) for the overall metadata;
A fifth functional unit for creating automatic update metadata (18a) obtained by adding the whole signature (11) to the partial metadata (16);
A sixth function unit for delivering the automatic update metadata (18a) to the metadata reception device (47);
The metadata receiving device (47)
The initial delivery metadata (4) delivered from the metadata transmission device (40) is acquired, and then the automatic update metadata (18a) delivered from the metadata transmission device (40) is obtained. A functional part to be acquired;
The partially updated portion (9 or 15) of the partial metadata (16) in the acquired automatic update metadata (18b) and the partial signature (10) for the partially updated portion (9 or 15) Based on the above, a functional unit that performs first verification only on the partial signature (10) for the partially updated part (9 or 15),
When it is confirmed by the first verification that the partial signature (10) for the partially updated part (9 or 15) has not been tampered with, the automatic update metadata (18b) The updated part (9 or 15) and the whole signature (11) are extracted, and the partial update is performed at a predetermined position of the initial metadata (5) of the already acquired initial delivery metadata (4). The added portion (9 or 15) is added to obtain the overall latest version metadata (14), and the second verification for the overall latest version metadata (14) is performed from the automatic update metadata (18b). A functional unit that uses the extracted overall signature (11);
When the second verification is successful, the whole signature (11) extracted from the automatic update metadata (18b) is replaced with the whole signature (11) of the whole latest version metadata (14). Having a functional part,
As a result, the overall latest version metadata (14) possessed by the metadata receiving device (47) matches the overall metadata possessed by the metadata transmitting device (40).

X4. In the delivery system described in X3 above,
When the metadata transmission apparatus delivers another automatic update metadata to the metadata reception apparatus following the automatic update metadata, the metadata reception apparatus uses the other automatic update metadata. , And automatically updates the entire latest version metadata in response to the received other automatic update metadata as in the case of the automatic update metadata.

X5. In the delivery system described in X3 above,
The delivery system, wherein the initial signature, the partial signature, and the overall signature are an electronic signature of a creator who created the initial metadata, the partially updated portion, and the overall metadata.

X6. In the delivery system according to X5,
The delivery system according to claim 1, wherein the electronic signature is capable of specifying a signer as the producer based on a public key infrastructure (PKI) technology.

X7. In the delivery system according to X1 or X3,
The partial update is an addition to the initial metadata or a partial change of the initial metadata,
The delivery system characterized in that the part-updated part is an added part to the initial metadata or a part of the initial metadata that is changed.

It is a figure for demonstrating the delivery system by one Example of this invention. It is the figure which showed the initial metadata used as a signature object used in the delivery system of FIG. It is the figure which showed the signed initial metadata (metadata for initial delivery) used in the delivery system of FIG. It is the figure which showed the transmission system apparatus and reception system apparatus which implement | achieve the delivery system of FIG. It is the figure which showed the additional metadata (part updated) used in the delivery system of FIG. FIG. 3 is a diagram showing metadata used in the delivery system of FIG. 1 with a signature value (signature for additional metadata) added to a partially updated part. It is the figure which showed the metadata which adds the signature with respect to the whole metadata which added the part updated partially used in the delivery system of FIG. It is the figure which showed the metadata for automatic updates used in the delivery system of FIG. In the delivery system of FIG. 1, it is a figure for demonstrating handling of the metadata for automatic update (1st time) in the metadata control machine by a user. FIG. 3 is a diagram for explaining handling of automatic update metadata (Nth) in a metadata controller by a user in the delivery system of FIG. 1. It is a block diagram of the metadata preparation machine (metadata transmission apparatus) used in the apparatus of FIG. FIG. 5 is a block diagram of a metadata controller (metadata receiving apparatus) used in the apparatus of FIG. 4. It is a block diagram of the content creation machine used in the apparatus of FIG. It is a block diagram of the content receiver used in the apparatus of FIG. FIG. 5 is a diagram for explaining an operation of a metadata creator (metadata transmission device) of the apparatus of FIG. 4. It is a figure for demonstrating the public key encryption technique used for implementation | achievement of a digital signature. It is another figure for demonstrating the public key encryption technique used for implementation | achievement of a digital signature. It is a figure for demonstrating the one way hash function used for implementation | achievement of a digital signature. It is a figure for demonstrating the structure of a digital signature. It is the figure which showed the XML signature.

Explanation of symbols

1 Producer (Metadata Producer)
2 User 3 Content 4 Initial signed metadata (initial delivery metadata)
5 Initial metadata 6 Signature 9 Additional metadata (partially updated part)
10 Signature for additional metadata 14 Overall latest version metadata 15 Partially updated portion 18a Automatic update metadata 18b Automatic update metadata 40 Metadata creator (metadata transmission device)
47 Metadata controller (metadata receiver)
60 content creator 70 content receiver 100 network 110 broadcast network

Claims (14)

A first functional unit that creates initial delivery metadata having initial metadata produced for content and an initial signature for the initial metadata added to the initial metadata; and the initial delivery A metadata transmission device having a second functional unit for delivering the metadata for use to the metadata reception device,
A third functional unit for creating partial metadata having a partially updated part of the initial metadata when a partial update to the initial metadata occurs;
A fourth functional unit that creates overall metadata formed by merging the partially updated part with the initial metadata, and an overall signature for the overall metadata;
A fifth functional unit for creating automatic update metadata by adding the entire signature to the partial metadata;
And a sixth function unit for delivering the automatic update metadata to the metadata receiving device. The metadata transmission device according to claim 1,
When the partial update for the initial metadata occurs, the third functional unit performs the partial update as the partial metadata added to the partially updated part and the partially updated part. A metadata transmission apparatus for creating a part having a partial signature for each part. The metadata transmission device according to claim 2,
The initial signature, the partial signature, and the overall signature are the initial metadata, the partially updated portion, and an electronic signature of a producer who created the overall metadata. . The metadata transmission device according to claim 3,
The metadata transmission apparatus according to claim 1, wherein the electronic signature can identify a signer as the producer based on a public key infrastructure (PKI) technology. The metadata transmission device according to claim 1,
The partial update is an addition to the initial metadata or a partial change of the initial metadata,
The metadata transmission device according to claim 1, wherein the partially updated portion is a portion added to the initial metadata or a changed portion of a part of the initial metadata. The metadata transmission device according to claim 1,
The third functional unit creates another partial metadata having another updated part of the initial metadata when another partial update occurs to the initial metadata;
The fourth functional unit includes not only the part updated part but also the another part updated part, another whole metadata obtained by merging the initial part metadata, and the other whole metadata. Create another overall signature for the data,
The fifth functional unit creates another automatic update metadata obtained by adding the other whole signature to the other partial metadata,
The sixth function unit delivers the another automatic update metadata to the metadata receiving device. The metadata transmission device according to claim 6,
When the other partial update for the initial metadata occurs, the third functional unit may include the other partial updated portion and the other partial updated portion as the other partial metadata. A metadata transmitting apparatus for creating a part having another partial signature for the part that has been added and updated. A first functional unit that creates initial delivery metadata having initial metadata produced for content and an initial signature for the initial metadata added to the initial metadata; and the initial delivery A second functional unit for delivering the metadata for metadata to the metadata receiving device; and a third metadata for creating a partial metadata having a partially updated part of the initial metadata when a partial update to the initial metadata occurs A fourth functional unit that creates overall metadata formed by merging the partially updated part with the initial metadata, and an overall signature for the overall metadata, and the partial metadata A fifth functional unit for creating automatic update metadata to which an entire signature is added; and a fifth functional unit for delivering the automatic update metadata to the metadata receiving device. The functional units and metadata transmission apparatus having, a metadata receiving apparatus used is Union,
A function unit for acquiring the initial delivery metadata delivered from the metadata transmission device, and subsequently obtaining the automatic update metadata delivered from the metadata transmission device;
The partially updated portion and the entire signature are extracted from the acquired automatic update metadata, and the partially updated portion of the initial distribution metadata that has already been acquired is updated at a predetermined position in the initial metadata. Is added to the overall latest version metadata, and the verification for the overall latest version metadata is performed using the overall signature extracted from the automatic update metadata,
A function unit that replaces the overall signature extracted from the automatic update metadata as the overall signature of the overall latest version metadata when the verification is successful;
As a result, the overall latest version metadata possessed by the metadata receiving apparatus matches the entire metadata possessed by the metadata transmitting apparatus. The metadata receiving device according to claim 8,
When the metadata transmission apparatus delivers another automatic update metadata to the metadata reception apparatus following the automatic update metadata, the metadata reception apparatus uses the other automatic update metadata. And automatically updating the entire latest version metadata in response to the received other automatic update metadata as in the case of the automatic update metadata. apparatus. A first functional unit that creates initial delivery metadata having initial metadata produced for content and an initial signature for the initial metadata added to the initial metadata; and the initial delivery A second functional unit for delivering the metadata for metadata to the metadata receiving device, and when the partial update to the initial metadata occurs, the partially updated part of the initial metadata and the part updated A third functional unit for creating partial metadata having a partial signature for the partially updated part, and overall metadata formed by merging the partially updated part with the initial metadata; A fourth functional unit that creates a whole signature for the whole metadata, and automatic update metadata formed by adding the whole signature to the partial metadata. A metadata receiving device used in combination with a metadata transmitting device having a fifth functional unit that performs and a sixth functional unit that delivers the automatic update metadata to the metadata receiving device. ,
A function unit for acquiring the initial delivery metadata delivered from the metadata transmission device, and subsequently obtaining the automatic update metadata delivered from the metadata transmission device;
Only for the partial signature for the partially updated portion based on the partially updated portion of the partial metadata in the acquired automatic update metadata and the partial signature for the partially updated portion A functional unit for performing the first verification;
If it is confirmed by the first verification that the partial signature for the partially updated part has not been tampered with, the partially updated part and the entire signature are extracted from the automatic update metadata. The partially updated part is added to a predetermined position of the initial metadata of the initial delivery metadata that has already been acquired to obtain the overall latest version metadata, and a second for the entire latest version metadata A functional unit that performs the verification using the overall signature extracted from the automatic update metadata;
A function unit that replaces the overall signature extracted from the automatic update metadata as the overall signature of the overall latest version metadata when the second verification is successful;
As a result, the overall latest version metadata possessed by the metadata receiving apparatus matches the entire metadata possessed by the metadata transmitting apparatus. The metadata receiving device according to claim 10,
When the metadata transmission apparatus delivers another automatic update metadata to the metadata reception apparatus following the automatic update metadata, the metadata reception apparatus uses the other automatic update metadata. 18 and automatically updating the entire latest version metadata in response to the received other automatic update metadata in the same manner as in the case of the automatic update metadata. Receiver device. The metadata receiving device according to claim 10,
The initial signature, the partial signature, and the overall signature are the initial metadata, the partially updated portion, and an electronic signature of a producer who created the overall metadata. . The metadata receiving device according to claim 12,
The metadata receiving apparatus according to claim 1, wherein the electronic signature can identify a signer as the producer based on a public key infrastructure (PKI) technology. The metadata receiving device according to claim 8 or 10,
The partial update is an addition to the initial metadata or a partial change of the initial metadata,
The metadata receiving apparatus according to claim 1, wherein the partially updated portion is a portion added to the initial metadata or a changed portion of a part of the initial metadata.

Images