JP2007184873A - Transmission system, transmitter and receiver - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To construct an internet broadcasting system capable of limiting an audio-visual area by a slight alteration while maintaining an infrastructure for an existing digital broadcasting. <P>SOLUTION: A transmitter 20 is contained in a data stream comprising a broadcasting-content data 11 receiving a scrambling processing. The transmitter 20 has an encrypting section 22 encrypting a key information 13 required for the de-scrambling of the broadcasting-content data 11 and a transmitting section 23 transmitting the data stream contained in the key information 13 encrypted by the encrypting section 22 to an IP network 30 in place of the key information 13. A receiver 40 has a receiving section 41 receiving the data stream transmitted from the transmitter 20 from the IP network 30 and a decoding section 43 being contained in the data stream received by the receiving section 41 and decoding the key information 13 encrypted by the encrypting section 22. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technology for protecting digital content, and more particularly, to a technology for providing digital content transmitted via the Internet limited to a specific area.

  Recently, digital broadcasting has begun to spread. Unlike analog content, digital content distributed by digital broadcasting does not suffer quality degradation due to copying. In addition, it is technically possible to distribute digital contents over a wide range on the Internet.

  FIG. 5 will be described. FIG. 1 shows an example of a distribution system that distributes digital contents over the Internet. This example is a system for a service in which an ISP (Internet Service Provider) that provides a user with a connection to the Internet distributes digital content obtained by receiving digital broadcast radio waves to the user. is there.

  In the broadcasting station 110, the digital content 110 is encrypted (scrambled) by the scrambler 111. Then, the modulation device 112 modulates the high-frequency signal with the encrypted digital content 110, and the obtained modulation signal is transmitted as the broadcast radio wave 113.

  The broadcast radio wave 113 transmitted from the broadcast station 110 is received by the tuner 121 installed in the ISP 120, and the digital content 110 is output while being encrypted. The IP packetizing device 122 places the digital content 110 that is a data stream on the IP packet. The IP packet output from the IP packetizing device 122 is transmitted to the circuit provider 130 via the dedicated line 124 by the provider server 23 together with other IP packets arriving from the IP network 101.

  In the line carrier 130, the IP packet sent from the ISP 120 is distributed by the router 131 for each destination. The distributed IP packet is sent to the media converter 132, and the transmission medium is converted from an electric signal to an optical signal. The optical signal output from the media converter 132 is sent via the optical fiber 133 to the user's home 140 that is the provider of the digital content 100.

  In the user's home 140, the optical signal sent from the line operator 130 is converted into an electric signal by the media converter 141. The IP packet expressed by this electric signal is sent to the digital broadcast receiver 143 via a LAN cable 142 such as Ethernet (registered trademark). The digital broadcast receiver 143 reproduces the digital content 110 encrypted from the received IP packet, decrypts the digital content 110 (descrambles), and reproduces the content on the output device 144 such as a display device or an audio device. I do.

Next, a general configuration of a current digital broadcast transmission system will be described.
FIG. 6 shows a conventional example of the configuration of a digital content transmission system.
In the broadcasting station 210, first, the MPEG compression apparatus 211 performs compression processing on the video content 200 by the MPEG (Moving Picture Expert Group) method and packetization of the compressed MPEG data. This packet is input to the multiplexing device 213 after being subjected to the MULTI2 encryption method in the MULTI2 encryption device 212. The multiplexing device 213 performs time division multiplexing of the encrypted MPEG packet and an information packet carrying various information such as an encryption key and content user's contract details, and sends the information packet to the modulation device 214. The modulation device 214 modulates the high-frequency signal with the transmitted packet data, and transmits the obtained modulation signal as a broadcast radio wave.

  The content user uses the video content 200 using the receiver 220. The receiver 220 includes a tuner + demodulation LSI 221, an encryption / decryption LSI 222, an MPEG decompression LSI 223, a display device 224, a B-CAS card 225, a memory RAM 226, a memory ROM 227, and a processor 228. The general-purpose bus 229 is a bus connecting the encryption / decryption LSI 222, the B-CAS card 225, the RAM 226, the ROM 227, and the processor 228, and these constituent elements store various data under the management of the processor 228. You can give and receive each other.

The tuner + demodulation LSI 221 selectively receives and demodulates the broadcast radio wave transmitted from the broadcast station 210, takes out the multiplexed packet, and passes it to the encryption / decryption LSI 222.
In the encryption / decryption LSI 221 including the packet separation function, an information packet is extracted from the multiplexed packet and passed to the processor 228. In the processor 228, a processing program 230 for an ECM packet and an EMM packet (described later) is being executed. Thereby, a decryption key for decrypting the encrypted video packet is extracted. Since the decryption key itself is also encrypted, the processor 228 sends a part of the packet to a B-CAS card (BS-Conditional Access Systems Card) 225 to decrypt the encrypted decryption key. To obtain a decryption key. The decrypted decryption key is sent to the encryption / decryption LSI 221. The encryption / decryption LSI 221 decodes the MPEG packet, which is extracted from the multiplexed packet and encrypted by the MULTI2 method, with this decryption key, reproduces the MPEG data, and sends it to the MPEG decompression LSI 223.

  The RAM 226 is a work memory used as necessary in the above decoding process. The ROM 227 stores in advance various software that is executed by the processor 228 and includes the processing program 230 described above.

  The MPEG decompression LSI 223 performs decompression processing on the MPEG data sent from the encryption / decryption LSI 221 and outputs a video signal (YCbCr signal). The output video signal is sent to the display device 224, where it is displayed as a video. Thus, the video content 200 is provided to the content user.

Next, a digital content protection method using the B-CAS method, which is also used in the digital content transmission system shown in FIG. 6, will be described.
FIG. 7 is a diagram for explaining the process of scrambling the digital content performed at the broadcast station 210.

  In the figure, MPEG data 301 is scrambled by a MULTI2 encryption device 212. The MULTI2 encryption device 212 uses the scramble key 303 as an encryption key in this scramble process.

  The scramble key 303 itself is encrypted by an encryption process 311 performed using the work key 304 as an encryption key. The encrypted scramble key 303 is put on an ECM (common information: Entitlement Control Message) packet.

  The work key 304 is encrypted by an encryption process 312 that is performed using the master key 305 as an encryption key. The master key 305 is individually assigned to each B-CAS card 225 inserted into the receiver 220, and each B-CAS card 225 stores the master key 305 assigned to itself. Yes. The work key 304 encrypted using the master key 305 is put on an EMM (Individual Information: Entitlement Management Message) packet.

  The ECM packet and EMM packet obtained as described above are multiplexed with the encrypted MPEG data 301 by the multiplexing device 213 to generate a multiplexed packet 302.

A schematic structure of the multiplexed packet 302 is shown in FIG.
A multiplexed packet 302 shown in FIG. 8A includes an ECM packet 321, a video packet 322, and an audio packet 323. Here, the ECM packet 321 is inserted at intervals of about several seconds into the packet sequence for the MPEG data 301 composed of the video packet 322 and the audio packet 323. In the figure, the EMM packet is not shown. This is because the frequency that the EMM packet is included in the multiplexed packet 302 is less than that of other packets (for example, in the case of a regular subscription for content viewing, an update interval of about one month). This is because it is not represented.

The ECM packet 321, the video packet 322, the audio packet 323, and the EMM packet are all 188-byte fixed-length packets.
An outline of the data structure of the ECM packet 321 is shown in FIG. 8B, and an outline of the data structure of the video packet 322 is shown in FIG. FIG. 9 shows an outline of the data structure of the EMM packet. As can be seen from these drawings, each packet constituting the multiplexed packet 302 is composed of a header portion in which information about the packet is shown and a payload in which data to be transmitted is placed. As information shown in the header part, for example, there is PID (Packet Identification) which is a number for individually identifying a packet, and the type of the packet can be identified by this.

As shown in FIG. 8B, an encrypted scramble key 303 or the like is placed on the payload of the ECM packet 321.
Further, as shown in FIG. 8C, video data in the MPEG data 301 is encrypted and placed in the payload of the video packet 322. Although the audio packet 323 is not illustrated, the data structure is the same as that of the video packet 322 except that the audio data in the MPEG data 301 is encrypted and placed in the payload.

  Further, as shown in FIG. 9, a card number for identifying the B-CAS card, an encrypted work key 304, and the like are placed on the payload of the EMM packet 324. The card number is not encrypted.

Next, FIG. 10 will be described. This figure is a diagram for explaining the descrambling process for the digital content that has been subjected to the scramble process performed in the receiver 220.
As described above, the multiplexed packet 302 includes the ECM packet 321 and the EMM packet 324 multiplexed in a packet carrying the encrypted MPEG data 301. The encryption / decryption LSI 222 including the packet separation function classifies each packet based on the PID of each packet constituting the multiplexed packet 302. Then, the ECM packet 321 and the EMM packet 324 are sent to the processor 228.

As described above, in the processor 228, the processing program 230 for the ECM packet 321 and the EMM packet 324 is being executed, and thereby the following processing is performed.
The processor 228 refers to the card number carried in the payload of the EMM packet 324 and determines whether this card number matches that for the B-CAS card 225 installed in the receiver 220. If the two match, a part of the payload is transmitted to the B-CAS card 225. The B-CAS card 225 uses the master key 305 stored in the B-CAS card 225 as a decryption key for the encrypted work key 304 carried in the payload of the EMM packet 324. Apply. Since the arrival frequency of the EMM packet 324 is low, the work key 304 obtained in this way is held in a non-volatile memory (not shown) in the B-CAS card.

  Further, the processor 228 performs a decryption process on the encrypted scramble key 303 carried on the payload of the ECM packet 321 using the work key 304 obtained as described above as a decryption key. The scramble key 303 obtained in this way is sent to the encryption / decryption LSI 222.

  The encryption / decryption LSI 222 subjects the encrypted MPEG data 301 extracted from the multiplexed packet 302 to a MULTI2 decryption process using the scramble key 303 obtained as described above as a decryption key. Thus, the original MPEG data 301 is obtained in the receiver 220.

Note that the digital content protection method described above is also disclosed in, for example, Patent Document 1.
In addition, as a technique related to the present invention, for example, Patent Document 2 discloses a work key in which a transmission apparatus provided by a broadcaster that performs scramble processing on program content and transmits the program content is encrypted with a master key. Is re-encrypted with a key (cable TV operator key) unique to the re-transmission device, and the re-transmission device provided by the cable TV operator that receives and re-transmits the program content is re-encrypted. A technique of decrypting a converted work key with the unique key and retransmitting the decrypted work key (still encrypted with the master key) to the cable television subscriber's home receiver It is disclosed. In this technology, only the work key that can be decrypted by the master key in the IC card (B-CAS card) of the receiving device of the subscriber who has a formal contract with the cable television company is provided for the broadcasting company. Re-encrypted by the sending device. Even if the IC card of the receiving device that has received the program content directly from the satellite is diverted for cable television reception by the cooperation between the broadcaster and the cable television carrier, the diverting destination receiving device Thus, the program content retransmitted by the cable television operator cannot be viewed, and the retransmitted program content can be viewed only by the receiving device of the official contractor.
JP 2004-336158 A JP 2002-281477 A

  As described above, digital content distributed by digital broadcasting is encrypted by the scramble process performed using the master key 305 stored in the B-CAS card 225. Accordingly, only when a subscriber who is within the reach of the broadcast radio wave transmitted from the broadcasting station 210 has the B-CAS card 225, the digital content can be viewed using the receiver 220. it can.

  However, for example, as shown in FIG. 5, if the digital content 110 is placed on the IP packet 120 as it is and sent from the provider server 123 to the IP network 101, if the B-CAS card 225 is possessed, the world It becomes possible to view the digital content 110 anywhere. In this case, it is not possible to protect broadcasting in “regional limitation” which is the basis for broadcasting license.

  In FIG. 5, in addition to the above case, the digital content 110 carried on the IP packet 120 is sent to the IP network 101, for example, before the router 131, between the router 131 and the media converter 132, There is a possibility that the processing is performed between the converter 132 and the media converter 141, between the media converter 141 and the digital broadcast receiver 143, and the like. As for the technique, for example, “retransmission”, that is, the digital content 110 that has been scrambled at the input side of the digital broadcast receiver 143 is temporarily stored in a storage device such as a hard disk. A method of transmitting to the IP network 101 after that is also conceivable.

  The present invention has been made in view of the above-mentioned problems, and the problem to be solved is a slight change while maintaining the existing digital broadcasting infrastructure (broadcasting station equipment and receiving terminal on the receiving side) The goal is to build an Internet broadcasting system that allows viewing areas to be limited.

  A transmission system according to one aspect of the present invention includes a transmission device and a reception device, and transmits a data stream that is digital data including broadcast content via an Internet network. Is the key information included in the data stream, the encryption means for encrypting the key information necessary for descrambling the broadcast content that has been subjected to the scramble process, and the key information Instead, a transmission unit that transmits the data stream including the key information encrypted by the encryption unit to the Internet network, and the reception device transmits data transmitted from the transmission device. A receiving means for receiving the stream from the Internet network, and a data stream received by the receiving means. It is a decoding means for decoding the key information is encrypted by which the encrypted means which is characterized in that it has, to solve the problems described above by this feature.

  According to this configuration, since the key information included in the data stream transmitted from the transmission device to the reception device is uniquely encrypted by the encryption unit, the data stream is transmitted on the Internet network. Even if it is obtained illegally, the key information cannot be decrypted, and therefore, the descrambling of the broadcast content cannot be performed. On the other hand, in the receiving apparatus, since the decryption means decrypts the key information uniquely encrypted by the encryption means, the broadcast content can be descrambled and the broadcast content data can be used. Therefore, by managing the geographical location of the receiving device, it is possible to manage the viewing area of the broadcast.

  In the transmission system according to the present invention described above, the key information may be a key directly used for descrambling processing for the broadcast content, and more specifically, is included in the common information (ECM). The information may include at least a scrambled key.

  According to this configuration, the key directly used for the descrambling process for the broadcast content is uniquely encrypted by the encryption means. Therefore, the data stream including the broadcast content is illegally transmitted on the Internet network. However, the key cannot be decrypted, and therefore, the descrambling of the broadcast content cannot be performed. On the other hand, in the receiving apparatus, since the decryption means decrypts the key that is uniquely encrypted by the encryption means, the broadcast content can be descrambled and the broadcast content data can be used.

  In the transmission system according to the present invention described above, the key directly used for the descrambling process for the broadcast content is encrypted, and the key information is the key used directly for the descrambling process for the broadcast content. The key information may be information that includes at least the work key included in the individual information (EMM).

  According to this configuration, since a key necessary for decrypting a key directly used for descrambling processing for broadcast content is uniquely encrypted by the encryption means, a data stream including the broadcast content Even if it is illegally obtained on the Internet network, the key cannot be decrypted, and therefore, the descrambling of the broadcast content cannot be performed. On the other hand, in the receiving apparatus, since the decryption means decrypts the key that is uniquely encrypted by the encryption means, the broadcast content can be descrambled and the broadcast content data can be used.

  In the transmission system according to the present invention, the transmission unit transmits the data stream excluding both the key information and the key information encrypted by the encryption unit to the Internet network. At the same time, the key information encrypted by the encryption means is transmitted to the receiving device separately from the data stream, and the reception means encrypts the data stream by the encryption means in addition to receiving the data stream. The decrypted key information may be received, and the decryption unit may decrypt the encrypted key information received by the reception unit.

  Even with this configuration, the key information included in the data stream transmitted from the transmission device to the reception device is uniquely encrypted by the encryption means, so that the data stream is transmitted on the Internet network. Even if it is obtained illegally, the key information cannot be decrypted. On the other hand, in the receiving apparatus, since the decryption means decrypts the key information that is uniquely encrypted by the encryption means, the broadcast content can be descrambled. In addition, in this configuration, the key information uniquely encrypted by the encryption means is transmitted to the receiving device separately from the data stream, so that the data stream is illegally acquired on the Internet network. However, since the difficulty of acquiring the key information itself increases, the protection of the broadcast content is further strengthened.

In the transmission system according to the present invention described above, the decryption unit may be configured to require a decryption key to decrypt the key information.
According to this configuration, by distributing the decryption key in units of regions, it becomes possible to easily manage broadcast viewing area limitation.

  Further, in the transmission system according to the present invention described above, either or both of the transmission device and the reception device are connected to a server on the Internet network through which the data stream is received by the reception unit. You may comprise so that it may further have a test | inspection means which test | inspects an IP address.

  According to this configuration, it is possible to specify a server that is logically closest to the receiving device on the Internet network, thereby estimating the approximate geographical position of the receiving device. It can be estimated with a certain degree of accuracy whether or not local restrictions are observed.

  Note that the transmission device or the reception device constituting the transmission system according to the present invention described above also relates to the present invention, and these also provide the same operations and effects as those of the transmission system described above.

  According to the present invention, it is possible to construct an Internet broadcasting system that can limit the viewing area with a slight change while maintaining the existing digital broadcasting infrastructure by configuring as described above.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
First, FIG. 1 will be described. FIG. 1 shows the principle configuration of a content transmission system that implements the present invention. The present invention is implemented in a system including the transmission device 20 and the reception device 40 shown in FIG.

  In the broadcast station 10, the scramble device 12 performs scramble processing on the broadcast content data 11. Here, the broadcast content data 11 is, for example, data of the video content 200 compressed by the MPEG method output from the MPEG compression device 211 in FIG. The scrambler 12 is, for example, the MULTI2 encryption device 212 in FIG. 6 and performs scramble processing on the broadcast content data 11 using the key information 13.

  The multiplexing device 14 multiplexes the broadcast content data 11 subjected to the scramble processing and the key information 13 necessary for descrambling the broadcast content data 11. The data stream obtained by this multiplexing is sent to the modulation device 15. The key information 13 to be multiplexed may be, for example, a key directly used for descrambling processing on the broadcast content data 11, more specifically, a scramble key that is information included in the ECM. Alternatively, the key information 13 may be, for example, a key necessary for decrypting a key directly used for descrambling processing on the broadcast content data 11, more specifically, a work key that is information included in the EMM. Good.

  The modulation device 15 modulates the high-frequency signal with the data stream sent from the multiplexing device 14, and transmits the obtained modulation signal as the broadcast radio wave 16. The multiplexer 14 and the modulator 15 may be the same as the multiplexer 213 and the modulator 214 shown in FIG. Therefore, the configuration of the broadcasting station 10 is not different from the broadcasting station 210 in the conventional configuration shown in FIG.

The transmission device 20 includes a tuner + demodulation unit 21, an encryption unit 22, a transmission unit 23, and an inspection unit 24.
The tuner + demodulation unit 21 selectively receives and demodulates the broadcast radio wave 16 transmitted from the broadcast station 10 and extracts a data stream including the broadcast content data 11 and the key information 13.

The encryption unit 22 encrypts the key information 13 included in the data stream extracted from the broadcast radio wave 16.
The transmission unit 23 replaces the key information 16 included in the data stream extracted from the broadcast radio wave 16 with the data stream including the key information 13 encrypted by the encryption unit 22 in the IP network (Internet network). ) Send to 30. The transmitted data stream is transmitted to the receiving device 40 via the IP network 30.

  The inspection unit 24 is provided in the transmission device 20 as necessary. The inspection unit 24 acquires the IP address of the server on the IP network 30 through which the data stream transmitted from the transmission device 20 is received by the reception device 40. By acquiring this IP address, it is possible to specify a server that is logically closest to the receiving device 40 on the IP network 30.

  Even if the communication path on the IP network 30 changes due to fluctuations in the communication traffic on the IP network 30, the server that is logically closest to the receiving device 40 is generally fixed. Therefore, when the geographical position of this server is known, the rough geographical position of the receiving device 40 cannot be determined but can be estimated. Thereby, it is possible for the installer of the transmission device 20 to estimate with a certain degree of accuracy whether or not the broadcast viewing area limitation is observed.

The receiving device 40 includes a receiving unit 41, an inspection unit 42, a decoding unit 43, a descrambling unit 45, and an output device 46.
The receiving unit 41 receives the data stream transmitted from the transmitting device 20 from the IP network 30.

  The inspection unit 42 is provided in the receiving device 40 as necessary. The inspection unit 42 inspects the IP address of the server on the IP network 30 through which the data stream transmitted from the transmission device 20 is received by the reception device 40, similarly to the inspection unit 24 of the transmission device 20. is there. By returning the inspection result to the transmission device 20 via the IP network 30, the rough geographical position of the reception device 40 can be estimated on the transmission device 20 side (the distribution side of the broadcast content data 11 to the IP network 30). Therefore, it can be estimated with a certain degree of accuracy whether or not the broadcast viewing area limitation is observed.

  In addition, you may make it provide the test | inspection parts 24 and 42 in both the transmitter 20 and the receiver 40, respectively. By doing so, it is possible to improve the accuracy of estimation of the rough geographical position of the receiving device 40.

  The decryption unit 43 decrypts the key information 13 included in the data stream received by the reception unit 41 and encrypted by the encryption unit 22 of the transmission device 20. The decryption unit 43 uses the decryption key 44 when necessary for decryption of the key information 13. For example, the encryption process by the encryption unit 22 is fixed to the data string constituting the key information 13. In the case of a scramble process of the order of rearrangement, the key information 13 can be made unnecessary. However, when the decryption key 44 is required to decrypt the key information 13, the distribution of the decryption key 44 is performed in units of regions, thereby making it easy to manage the broadcast viewing area.

  The descrambling processing unit 45 performs descrambling processing on the scrambled broadcast content data 11 included in the data stream received by the receiving unit 41. Note that the key information 13 decrypted by the decrypting unit 43 is used for the descrambling process.

  The output device 46 outputs the broadcast content data 11 descrambled by the descrambling processing unit 45. The output device 46 is, for example, the MPEG decompression LSI 223 and the display device 224 in FIG. 6, performs decompression processing on the MPEG data that is the broadcast content data 11, and displays the obtained video signal as a video. Thus, the broadcast content data 11 is provided to the content user.

  In the configuration illustrated in FIG. 1, unique encryption by the encryption unit 22 is performed on the key information 13 included in the data stream transmitted from the transmission device 20 to the reception device 20. Therefore, when the data stream is illegally acquired on the IP network 30, the key information 13 included therein cannot be decrypted, so that the broadcast content data 11 cannot be descrambled. That is, even if the data stream is acquired from the IP network 30 outside the broadcast viewing area, the broadcast content data 11 cannot be used.

  On the other hand, in the receiving device 20, since the decryption unit 43 decrypts the key information 13 uniquely encrypted by the encryption unit 22, the broadcast content data 11 can be descrambled. Is available. Therefore, by managing the geographical installation position of the receiving device 20, it is possible to manage the broadcast viewing area.

  In the above description, the transmission unit 23 of the transmission device 20 replaces the key information 16 included in the data stream extracted from the broadcast radio wave 16 with the key information 13 encrypted by the encryption unit 22. Is transmitted to the IP network 30. Instead, the transmission unit 23 transmits the data stream excluding both the key information 13 and the key information 13 encrypted by the encryption unit 22 to the Internet network 30 and encrypts the data stream by the encryption unit 22. The key information 13 can also be configured to be transmitted to the receiving device 40 separately from the data stream. In this case, the receiving unit 41 configures the receiving device 40 to receive the key information 13 encrypted by the encrypting unit 22 in addition to receiving the data stream, and further, the decrypting unit 43 However, the receiving device 40 is configured to decrypt the encrypted key information 13 received by the receiving unit 41. Even in this configuration, in the receiving device 20, since the decryption unit 43 decrypts the key information 13 uniquely encrypted by the encryption unit 22, the broadcast content data 11 can be descrambled. Data 11 can be used.

Next, FIG. 2 will be described. This figure shows a first example of a specific configuration of a transmission system that implements the present invention.
In FIG. 2, the transmission apparatus 20 is installed in the ISP 120 in FIG. 5, for example. The transmission device 20 includes a tuner + demodulation LSI 51, an encryption device 52-1, and a server device 53.

  The transmission radio wave 16 is obtained by transmitting a modulated signal obtained by modulating a high-frequency signal with packet data that is the multiplexed packet shown in FIG. 8 from the broadcasting station 10 shown in FIG. Therefore, in this packet data, an MPEG packet encrypted with the MULTI2 method using the scramble key 303, an ECM packet carrying the scramble key 303 encrypted with the work key 304 on the payload, and An EMM packet in which a work key 304 encrypted using the master key 305 is placed on the payload is included. Therefore, this packet data corresponds to a data stream including the broadcast content data 11 and the key information 13 in FIG.

The tuner + demodulation LSI 51 corresponds to the tuner + demodulation unit 21 in FIG. 1, selectively receives and demodulates the broadcast radio wave 16 from the broadcast station, and extracts a multiplexed packet.
The encryption device 52-1 corresponds to the encryption unit 22 in FIG. The encryption device 52-1 performs further encryption processing on the scramble key 303 placed on the payload of the ECM packet 321 shown in FIG. 8B from the extracted multiplexed packet. As the encryption method, for example, a DES (Data Encryption Standard) method that is a common key encryption method or an AES (Advanced Encryption Standard) encryption method that is a public key encryption method may be used. If reduction of the processing load of the decryption process on the receiving device 40 side is more important than the encryption strength, for example, the data sequence that is the scramble key 303 is rearranged in a predetermined order as the encryption method. It is also possible to adopt a simple scramble process.

The server device 53 corresponds to the transmission unit 23 and the inspection unit 24 in FIG.
First, the server device 53 places the scramble key 303, which has been further encrypted by the encryption device 52-1, on the payload of the ECM packet, instead of the scramble key 303 placed on the payload of the ECM packet. Then, the multiplexed packet obtained in this way is placed on the IP packet, and the obtained IP packet is transmitted to the receiving apparatus 40 to the IP network 30.

  FIG. 3 shows a schematic structure of a multiplexed packet in which a scramble key 303 further encrypted by the encryption device 52-1 is placed on the payload of the ECM packet. In FIG. 8, the overall structure of the multiplexed packet shown in (A) and the data structure of the video packet 322 shown in (C) are the original multiplexing shown in (A) and (C) of FIG. Is the same as in the packet. On the other hand, in the ECM packet 321 shown in FIG. 8B, the single-encrypted scramble key 303 is put on the payload, whereas in the ECM packet 321 shown in FIG. The difference is that a scramble key 303 subjected to further encryption is placed on the payload.

Furthermore, the server device 30 checks the IP address of the server on the IP network 30 through which the transmitted IP packet is received by the receiving device 40.
As a method for the server device 30 to acquire this IP address, for example, a “Traceroute” command can be used.

  “Traceroute” is a well-known command that is provided as a standard in various operating systems that operate on the computer system constituting the server device 30. “Traceroute” basically sends a certain Internet message and acquires the IP address of each via server.

  For example, there is information called TTL (Time to live) in an IP packet. This value decreases every time it passes through each server on the IP network 30. Here, when the TTL becomes “0”, the server that has received this packet may return a message “The packet has not been delivered to the destination. The IP address of the receiving server is XXX” to the transmission side. It has been decided. If this function is used, it is possible to specify which server the IP packet passes through.

  That is, first, by deliberately transmitting a packet with TTL = 1, the IP address of the server that first passes through is specified. Next, the IP address of the second server is specified by transmitting a packet with TTL = 2. Furthermore, this time, by transmitting a packet with TTL = 3, the IP address of the third server is acquired. If this operation is repeated, the IP addresses of all the servers that finally pass through can be acquired. This is “Traceroute”.

  However, the server on the IP network 30 through which the IP packet passes changes dynamically. This is because the Internet protocol has a function that automatically avoids passing through a crowded server to some extent automatically. Therefore, the route server may differ from day to day.

Note that the method of inspecting the IP address of the server on the IP network 30 through which the IP packet passes is not limited to the method using “Traceroute” described above.
The server device 53 creates and holds a list of IP addresses of the servers on the IP network 30 through which the IP packet is acquired, acquired as described above. And the consistency of this list is checked regularly. By doing so, it is possible to confirm to some extent the state of compliance of the receiving device 40 limited to the region.

  Note that, in the form of using the receiving device 40 in a general home, the network configuration may be such that the nearest server on the receiving device 40 side is always specified. In such a case, the server device 53 may manage only the IP address of the server nearest to the receiving device 40.

  Next, the configuration of the receiving device 40 will be described. The receiving device 40 is, for example, installed at the user's home 140 in FIG. The receiving device 40 includes a LAN circuit 61, an encryption / decryption LSI 62, an MPEG decompression LSI 63, a display device 64, a B-CAS card 65, a memory RAM 66, a memory ROM 67, and a processor 68. The general-purpose bus 69 is a bus that connects the encryption / decryption LSI 62, the B-CAS card 65, the RAM 66, the ROM 67, and the processor 68, and these components store various data under the management of the processor 68. You can give and receive each other.

  The LAN circuit 61 corresponds to the receiving unit 41 in FIG. The LAN circuit 61 receives the IP packet transmitted from the transmission device 20 from the IP network 30 and extracts a multiplexed packet carried on the received IP packet.

The encryption / decryption LSI 62 extracts the ECM packet and the EMM packet from the multiplexed packet sent from the LAN circuit 61 and passes them to the processor 68.
In the processor 68, a decoding program 70-1 and an ECM packet and EMM packet processing program 71 are being executed.

  The decryption program 70-1 causes the processor 68 to decrypt the encryption performed by the encryption device 52-1 on the scramble key 303 placed on the payload of the ECM packet. Note that the scramble key 303 is still encrypted using the work key 304 even after the decryption.

Here, when a common key encryption method or the like is adopted as the encryption method by the encryption device 52-1, a decryption key is required for decryption of encryption performed by the encryption device 52-1. . As a method for assigning the decryption key to the receiving device 40, for example, the following can be employed.
Use a secure communication path (eg, IPsec, public key cryptosystem, etc.) normally used on the Internet, such as IPSEC, and transmit the decryption key from the transmission device 20 to the reception device 40 separately from the multiplexed packet. .
A decryption key is set and stored in the receiving device 40 in advance.
A special packet is prepared for the MPEG packet, and the decryption key is transmitted using the packet.

The decryption key given to the receiving device 40 in this way corresponds to the decryption key 44 in FIG.
On the other hand, the processor 68 executing the processing program 71 refers to the card number carried in the payload of the EMM packet, and determines whether or not this card number matches that for the B-CAS card 65. If the two match, the payload of the EMM packet is transmitted to the B-CAS card 65, and the encrypted work key 304 loaded on the EMM is transferred to the B-CAS card 65. Decryption processing is performed using the stored master key 305 as a decryption key. The work key 304 obtained in this way is held by the B-CAS card 65.

  Further, the processor 68 transmits the scramble key 303 and the like after decryption by the decryption program 70-1 to the B-CAS card 65, and uses the work key 304 obtained as described above as the decryption key. Is decrypted. The scramble key 303 obtained in this way is sent to the encryption / decryption LSI 62.

The processor 68 and the B-CAS card 65 that perform the above processing correspond to the decryption unit 43 in FIG.
The encryption / decryption LSI 62 performs MULTI2 decryption processing (decoding using the scramble key 303 decrypted as described above as a decryption key for the encrypted MPEG packet extracted from the multiplexed packet from the LAN circuit 61. Scramble processing). Thus, original MPEG data is obtained. The obtained MPEG data is sent to the MPEG decompression LSI 63. The encryption / decryption LSI 62 corresponds to the descrambling processing unit 45 in FIG.

  The RAM 66 is a work memory used as necessary in the above decoding process. The ROM 67 stores in advance various types of software including the above-described decryption program 70-1 and processing program 71, which are executed by the processor 68.

  The MPEG decompression LSI 63 decompresses the MPEG data sent from the encryption / decryption LSI 62 and outputs a video signal (YCbCr signal). The output video signal is sent to the display device 64 where it is displayed as a video. The MPEG decompression LSI 63 and the display device 64 correspond to the output device 46 in FIG.

  The transmission system shown in FIG. 2 is configured as described above, and the transmission apparatus 20 that receives the broadcast radio wave 16 performs further encryption on the scramble key 303 in the ECM packet, and then performs the IP network. 30. Therefore, the broadcast content data can be used only by the receiving device 40 that can perform this decryption. For example, even if transmission data is temporarily stored in a storage device on the IP network 30 and retransmitted overseas, and the transmission data is received overseas using a B-CAS card, the broadcast content data cannot be used. It is.

  Here, in order to implement the present invention, the processor 68 needs to newly execute the decryption program 70-1, but as shown in FIG. 3A, the scramble key to be decrypted. Since the ECM packet carrying 303 is only arrived at a frequency of about every few seconds, the increase in new processing load on the processor 68 is negligible. Therefore, in order to configure the receiving device 40 shown in FIG. 2, it is possible to cope with the current device only by adding the decoding program 70-1, and to increase the processing capability such as replacement of the processor 68. Most hardware changes are unnecessary.

  In the above-described embodiment, from the viewpoint of reducing the processing load on the processor 68 of the reception device 40, the encryption device 52-1 of the transmission device 20 uses the scramble key 303 placed on the payload of the ECM packet. Only the encryption process was performed. Instead, the encryption device 52-1 encrypts the scramble key 303 carried on the payload of the ECM packet and other data carried on the payload, and the processor 68 decrypts the data. The encrypted data may be decrypted by executing the program 70-1.

  By the way, in the above-described embodiment, the server device 53 in the transmission device 20 checks the IP address of the server on the IP network 30 through which the IP packet transmitted from the transmission device 20 is received by the reception device 40. Had to do. Alternatively, this check may be performed by the processor 68 in the receiving device 40.

  For example, when the above-described “Traceroute” method is employed, first, the processor 68 executes a predetermined inspection program. Then, “Traceroute” is performed on the receiving device 40 side, and an IP address list of servers (especially the nearest server) on the IP network 30 through which the IP packet transmitted from the transmitting device 20 is received by the receiving device 40 Obtain, manage and save. Here, when the server through which the IP packet passes changes, it is determined that the location on the receiving side may have changed, and this is notified from the receiving device 40 to the transmitting device 20 via the IP network 30. ,contact. By doing so, the server device 50 of the transmission device 20 does not need to manage the IP address group of the relay server.

  It should be noted that, for example, a server through which an IP packet is routed in consideration of cases in which an unauthorized receiving device 40 is distributed in the market, such as a configuration in which a notification to that effect is not made even if the server through which an IP packet is routed changes. It is also possible to configure so that both the server device 50 of the transmission device 20 and the processor 68 of the reception device 40 perform the IP address inspection. In such a case, the server device 50 of the transmission device 20 may reduce the frequency of the inspection, and the processor 68 of the reception device 40 may frequently perform the inspection. The processing load on the device 50 can be reduced.

Next, FIG. 4 will be described. This figure shows a second example of a specific configuration of a transmission system that implements the present invention.
In the configuration shown in FIG. 4, the same components as those in the first example shown in FIG. 2 are denoted by the same reference numerals, and detailed description thereof is omitted.

In the configuration shown in FIG. 4, the encryption device 52-2 and the decryption program 70-2 are different from the encryption device 52-1 and the decryption program 70-1 in the configuration shown in FIG.
The encryption device 52-2 provided in the transmission device 20 corresponds to the encryption unit 22 in FIG. The encryption device 52-2 performs further encryption processing on the work key 304 carried on the payload of the EMM packet 324 shown in FIG. 9 from the extracted multiplexed packet. As the encryption method, for example, a DES (Data Encryption Standard) method that is a common key encryption method or an AES (Advanced Encryption Standard) encryption method that is a public key encryption method may be used. If reduction of the processing load of the decryption processing on the receiving device 40 side is more important than encryption strength, for example, rearrangement of a data string, which is the work key 304, in a predetermined order, as the encryption method. It is also possible to adopt a simple scramble process.

  First, the server device 53 places the work key 304, which has been further encrypted by the encryption device 52-2, on the payload of the EMM packet instead of the work key 304 carried on the payload of the EMM packet. Then, the multiplexed packet obtained in this way is placed on the IP packet, and the obtained IP packet is transmitted to the receiving apparatus 40 to the IP network 30.

  On the other hand, the decryption program 70-2 stored in advance in the ROM 67 of the receiving device 40 applies the encryption device 52 to the work key 304 carried on the payload of the EMM packet sent from the encryption / decryption LSI 62 to the processor 68. -2 is executed by the processor 68 to decrypt the encryption performed by -2. Note that the work key 304 is still encrypted using the master key 305 even after the decryption.

  Here, when a common key encryption method, a public key encryption method, or the like is adopted as an encryption method by the encryption device 52-2, decryption is performed for decryption performed by the encryption device 52-2. I need a key. As a technique for assigning the decryption key to the receiving device 40, for example, the technique described in the first example whose configuration is shown in FIG. 2 can be employed. The decryption key given to the receiving device 40 in this way corresponds to the decryption key 44 in FIG.

  On the other hand, the processor 68 executing the processing program 71 refers to the card number carried in the payload of the EMM packet, and determines whether or not this card number matches that for the B-CAS card 65. If the two match, the master key 305 stored in the B-CAS card 65 is used as the decryption key for the work key 304 after decryption by the decryption program 70-2. Decryption processing is performed. The work key 304 obtained in this way is held by the B-CAS 65.

  Further, the processor 68 performs a decryption process on the encrypted scramble key 303 carried on the payload of the ECM packet, using the work key 304 obtained as described above as a decryption key. The scramble key 303 obtained in this way is sent to the encryption / decryption LSI 62.

The processor 68 and the B-CAS card 65 that perform the above processing correspond to the decryption unit 43 in FIG.
The encryption / decryption LSI 62 performs MULTI2 decryption processing (decoding using the scramble key 303 decrypted as described above as a decryption key for the encrypted MPEG packet extracted from the multiplexed packet from the LAN circuit 61. Scramble processing). Thus, original MPEG data is obtained. The obtained MPEG data is sent to the MPEG decompression LSI 63.

  Subsequent operations of the MPEG decompression LSI 63 and the display device 64 are the same as those in the first example shown in FIG. 2, thereby displaying a video represented by MPEG data. The MPEG decompression LSI 63 and the display device 64 correspond to the output device 46 in FIG.

  The transmission system shown in FIG. 4 is configured as described above. The transmission apparatus 20 that receives the broadcast radio wave 16 performs further encryption on the work key 304 in the EMM packet, and then transmits the IP network. 30. Therefore, the broadcast content data can be used only by the receiving device 40 that can perform this decryption. For example, even if transmission data is temporarily stored in a storage device on the IP network 30 and retransmitted overseas, and the transmission data is received overseas using a B-CAS card, the broadcast content data cannot be used. It is.

  Here, in order to implement the present invention, the processor 68 needs to newly execute the decryption program 70-2. However, the EMM packet addressed to itself carrying the work key 304 to be decrypted is one month apart. Since it arrives only at a certain frequency, the increase in the new processing burden on the processor 68 is negligible. Therefore, in order to configure the receiving device 40 shown in FIG. 2, it is possible to cope with the current device only by adding the decoding program 70-2, and to increase the processing capability such as replacement of the processor 68. Most hardware changes are unnecessary.

  In the second example shown in FIG. 4 as well, as in the first example shown in FIG. 2, the IP network through which the IP packet transmitted from the transmitting device 20 is received by the receiving device 40 The IP address of the server on the server 30 can be inspected by either or both of the server device 53 of the transmission device 20 and the processor 68 of the reception device 40.

As mentioned above, although embodiment of this invention was described, this invention is not limited to each embodiment mentioned above, A various improvement and change are possible within the range which does not deviate from the summary of this invention.
The technical idea of the following configuration is derived from the above-described embodiment.

(Supplementary Note 1) A system that includes a transmitting device and a receiving device, and transmits a data stream, which is digital data including broadcast content, via an Internet network,
The transmitter is
Encryption means for encrypting the key information included in the data stream, which is necessary for descrambling the broadcast content that has been scrambled;
Instead of the key information, transmission means for transmitting the data stream including the key information encrypted by the encryption means to the Internet network;
Have
The receiving device is:
Receiving means for receiving a data stream transmitted from the transmitting device from the Internet network;
Decryption means for decrypting the key information included in the data stream received by the reception means and encrypted by the encryption means;
A content transmission system comprising:

(Supplementary note 2) The content transmission system according to supplementary note 1, wherein the key information is a key directly used for descrambling processing on the broadcast content.
(Supplementary note 3) The content transmission system according to supplementary note 2, wherein the key information is information including at least a scramble key included in common information (ECM).

(Supplementary note 4) The key used directly for descrambling the broadcast content is encrypted,
The key information is a key necessary for decryption of a key used directly for descrambling processing on the broadcast content.
The content transmission system according to supplementary note 1, wherein:

(Supplementary note 5) The content transmission system according to supplementary note 4, wherein the key information is information including at least a work key included in individual information (EMM).
(Supplementary note 6) The transmission means transmits the data stream excluding both the key information and the key information encrypted by the encryption means to the Internet network and encrypts the data stream by the encryption means. The key information is transmitted to the receiving device separately from the data stream,
In addition to receiving the data stream, the receiving unit receives the key information encrypted by the encryption unit,
The decrypting means decrypts the encrypted key information received by the receiving means;
The content transmission system according to supplementary note 1, wherein:

(Supplementary note 7) The content transmission system according to supplementary note 1, wherein the decryption means requires a decryption key to decrypt the key information.
(Supplementary Note 8) Either or both of the transmission device and the reception device may include an inspection unit that inspects an IP address of a server on the Internet network through which the data stream is received by the reception unit. The content transmission system according to appendix 1, further comprising:

(Supplementary Note 9) A transmission device in a system that includes a transmission device and a reception device and transmits a data stream that is digital data including broadcast content via an Internet network,
Encryption means for encrypting the key information included in the data stream, which is necessary for descrambling the broadcast content that has been scrambled;
Instead of the key information, transmission means for transmitting the data stream including the key information encrypted by the encryption means to the Internet network;
A transmission device comprising:

(Supplementary note 10) The transmission apparatus according to supplementary note 9, wherein the key information is a key directly used for descrambling processing on the broadcast content.
(Supplementary note 11) The transmission apparatus according to supplementary note 10, wherein the key information is information including at least a scramble key included in common information (ECM).

(Additional remark 12) The key used directly for the descrambling process with respect to the broadcast content is encrypted,
The key information is a key necessary for decryption of a key used directly for descrambling processing on the broadcast content.
Item 9. The transmission device according to appendix 9, wherein

(Supplementary note 13) The transmitting apparatus according to supplementary note 12, wherein the key information is information including at least a work key included in individual information (EMM).
(Supplementary note 14) The transmission means transmits the data stream from which the key information and the key information encrypted by the encryption means are removed to the Internet network and is encrypted by the encryption means. The transmitting apparatus according to appendix 9, wherein the key information is transmitted to the receiving apparatus separately from the data stream.

  (Supplementary note 15) The transmitting apparatus according to supplementary note 9, further comprising inspection means for inspecting an IP address of a server on the Internet network through which the data stream is received by the reception device.

(Supplementary Note 16) A receiving device in a system that includes a transmitting device and a receiving device, and transmits a data stream that is digital data including broadcast content via an Internet network,
Instead of the key information included in the data stream and necessary for descrambling the broadcast content that has been scrambled, the key information encrypted in the transmission device Receiving means for receiving from the Internet network the data stream including
Decryption means for decrypting the encrypted key information included in the data stream received by the reception means;
A receiving apparatus comprising:

(Supplementary note 17) The receiving apparatus according to supplementary note 16, wherein the key information is a key directly used for descrambling processing on the broadcast content.
(Supplementary note 18) The receiving apparatus according to supplementary note 17, wherein the key information is information including at least a scramble key included in common information (ECM).

(Supplementary note 19) The key directly used for the descrambling process for the broadcast content is encrypted,
The key information is a key necessary for decryption of a key used directly for descrambling processing on the broadcast content.
Item 17. The receiving device according to appendix 16, wherein

(Supplementary note 20) The receiving device according to supplementary note 19, wherein the key information is information including at least a work key included in the individual information (EMM).
(Supplementary note 21) In addition to receiving the data stream from the transmission device to the Internet network, the key information and the key information encrypted by the transmission device are removed. Receiving the key information encrypted by the transmitting device and transmitted to the receiving device separately from the data stream;
The decrypting means decrypts the encrypted key information received by the receiving means;
Item 17. The receiving device according to appendix 16, wherein

  (Supplementary note 22) The receiving apparatus according to supplementary note 16, further comprising: an inspection unit that inspects an IP address of a server on the Internet network through which the data stream is received by the reception unit.

  (Supplementary note 23) The receiving apparatus according to supplementary note 16, wherein the decryption means requires a decryption key to decrypt the key information.

It is a figure which shows the principle structure of the content transmission system which implements this invention. It is a figure which shows the 1st example of the specific structure of the transmission system which implements this invention. It is a figure which shows schematic structure of the multiplexed packet which put the scramble key in which the further encryption was performed on the payload of the ECM packet. It is a figure which shows the 2nd example of the specific structure of the transmission system which implements this invention. It is a figure which shows an example of the delivery system which delivers a digital content on the internet. It is a figure which shows the prior art example of a structure of the transmission system of a digital content. It is a figure explaining the process of the scramble with respect to digital content. It is a figure which shows schematic structure of a multiplexed packet. It is a figure which shows the outline | summary of the data structure of an EMM packet. It is a figure explaining the process of the descrambling with respect to the digital content in which the scramble process is performed.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Broadcasting station 11 Broadcast content data 12 Scrambler 13 Key information 14 Multiplexer 15 Modulator 16 Broadcasting radio wave 20 Transmitter 21 Tuner + demodulator 22 Encryptor 23 Transmitter 24 Inspection unit 30 IP network 40 Receiver 41 Receiver 42 Inspection Unit 43 Demodulation Unit 44 Decryption Key 45 Descramble Processing Unit 46 Output Device 51 Tuner + Demodulation LSI
52-1, 52-2 Encryption device 53 Server device 61 LAN circuit 62 Encryption / decryption LSI
63 MPEG decompression LSI
64 Display device 65 B-CAS card 66 RAM
67 ROM
68 Processor 69 General-purpose bus 70-1, 70-2 Decoding program 71 ECM / EMM packet processing program

Claims (5)

A system consisting of a transmission device and a reception device, which transmits a data stream, which is digital data including broadcast content, via an Internet network,
The transmitter is
Encryption means for encrypting the key information included in the data stream, which is necessary for descrambling the broadcast content that has been scrambled;
Instead of the key information, transmission means for transmitting the data stream including the key information encrypted by the encryption means to the Internet network;
Have
The receiving device is:
Receiving means for receiving a data stream transmitted from the transmitting device from the Internet network;
Decryption means for decrypting the key information included in the data stream received by the reception means and encrypted by the encryption means;
A content transmission system comprising: A transmission device in a system that includes a transmission device and a reception device and transmits a data stream that is digital data including broadcast content via an Internet network,
Encryption means for encrypting the key information included in the data stream, which is necessary for descrambling the broadcast content that has been scrambled;
Instead of the key information, transmission means for transmitting the data stream including the key information encrypted by the encryption means to the Internet network;
A transmission device comprising: A receiving device in a system that includes a transmitting device and a receiving device, and transmits a data stream that is digital data including broadcast content via an Internet network,
Instead of the key information included in the data stream and necessary for descrambling the broadcast content that has been scrambled, the key information encrypted in the transmission device Receiving means for receiving from the Internet network the data stream including
Decryption means for decrypting the encrypted key information included in the data stream received by the reception means;
A receiving apparatus comprising:   The receiving apparatus according to claim 3, wherein the key information is a key used directly for descrambling processing on the broadcast content. The key used directly in the descrambling process for the broadcast content is encrypted,
The key information is a key necessary for decryption of a key used directly for descrambling processing on the broadcast content.
The receiving apparatus according to claim 3.