JP2008015919A - Content reproduction device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a content reproduction device, attaining content management and content protection sufficient satisfactory for a content right ownder. <P>SOLUTION: A decoding means decodes a content transferred through a transfer medium. A management information generation means generates content management information containing use histories of the content decoded by the decoding means. An encryption output means encrypts and outputs the content decoded by the decoding means. An access control means allows reference and rewrite of the content management information by a first access through first secure transfer, and allows reference of the content management information by a second access through second secure transfer. The decoding means, the management information generation means, the encryption output means and the access control means are embodied by a single semiconductor device. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a content reproduction apparatus embodied by an STB (Set Top Box), a PC (Personal Computer), or the like.

  FIG. 5 shows an example of a conventional STB. The STB 500 includes an IP (Internet Protocol) transmission / reception unit 501, a decryption unit 502, an MPEG (Moving Picture Experts Group) decoder 503, a graphics processing unit 504, an HDMI (High-Definition Multimedia Interface) encryption unit 505, and a local encryption unit 506. CPRM (Content Protection for Recordable Media) encryption unit 507, CAS (Conditional Access System) card 508, nonvolatile memory 509, ROM (Read Only Memory) 510, RAM (Random Access Memory) 511, processor 512, bus 513, An HDD (Hard Disk Drive) 514 and a DVD (Digital Versatile Disk) drive 515 are provided. IP transmission / reception unit 501, decryption unit 502, MPEG decoder 503, graphics processing unit 504, HDMI encryption unit 505, local encryption unit 506, CPRM encryption unit 507, CAS card 508, nonvolatile memory 509, ROM 510, RAM 511 and The processors 512 are connected to each other via a bus 513.

  In STB 500, the content is encrypted and input via the IP network. The content is, for example, digital AV (Audio Video) information compressed according to the MPEG standard. This digital AV information is composed of a packet group in the MPEG-TS (Transport Stream) format. In a packet group in the MPEG-TS format, each packet can identify the data type (audio data, video data, etc.) by referring to the number at the head of the packet, and various data are time-division multiplexed using this. Yes. Each packet is composed of an unencrypted head portion (header) and an encrypted data portion (payload). Therefore, the content encryption here means the encryption of the payload of each packet in the MPEG-TS format packet group.

  Further, since the entire packet group in the MPEG-TS format is transmitted via the IP network, it is packetized in a packet format specific to the IP network and transmitted to the STB 500. Packets specific to the IP network are IP (Internet Protocol) packets, UDP (User Datagram Protocol) packets, TCP (Transmission Control Protocol) packets, and the like. Packets transmitted through the IP network are configured by overlapping packets of different packet formats, and the configuration itself is a convenient configuration according to the application at that time.

  Hereinafter, the operation of the STB 500 will be described. The series of operations shown below is realized by the processor 512 controlling each part of the STB 500. Further, the processor 512 executes various arithmetic processes according to programs stored in the ROM 510 and the RAM 511. The ROM 510 stores basic programs executed by the processor 512 and various data. The RAM 511 temporarily stores programs to be executed and various data when the processor 512 executes various arithmetic processes.

  In STB 500, when content is encrypted and input to IP transmission / reception section 501 via the IP network, it is converted into MPEG-TS format by IP transmission / reception section 501 and then decrypted by decryption section 502. The Note that the decryption unit 502 obtains a decryption key from the CAS card 508 and uses it when decrypting the content in the MPEG-TS format supplied from the IP transmission / reception unit 501. Thereafter, when the content is viewed (reproduced), the content decoded by the decoding unit 502 is subjected to expansion processing by the MPEG decoder 503 and further merged with the graphic image data by the graphic processing unit 504, and then HDMI. The encryption unit 505 performs HDMI encryption and outputs the result to the monitor 516.

  When content is stored in HDD 514, the content decrypted by decryption unit 502 is subjected to local encryption processing (encryption processing unique to STB 500) by local encryption unit 506 and stored in HDD 514. The key used for the encryption processing of the local encryption unit 506 is randomly generated for each content by the processor 512 and supplied to the local encryption unit 506, and is encrypted after being encrypted by the processor 512. Stored in the memory 509.

  When viewing the content stored in the HDD 514, first, the processor 512 reads the key used for the encryption process of the local encryption unit 506 from the nonvolatile memory 509, and then performs the decryption process. And supplied to the decoding unit 502. Note that the decryption processing of the key read from the nonvolatile memory 509 can be executed in real time by the processor 512 because the processing amount is small. Then, the decryption unit 502 decrypts the content read from the HDD 514 using the key supplied from the processor 512. Note that the content read from the HDD 514 cannot be executed in real time by the processor 512 because the amount of processing is very large. Thereafter, the content decrypted by the decrypting unit 502 is subjected to decompression processing by the MPEG decoder 503, further merged with the graphic image data by the graphic processing unit 504, and then HDMI-encrypted by the HDMI encrypting unit 505. To the monitor 516. When the content is recorded (stored) in the DVD drive 515, the content decrypted by the decryption unit 502 is subjected to CPRM encryption processing (DVD-specific encryption processing for preventing unauthorized duplication) by the CPRM encryption unit 507. And stored in the DVD drive 515.

Note that when the decryption key is extracted from the CAS card 508, the processor 512 rewrites the content usage fee table stored in the CAS card 508. The service provider (content distributor) charges the user of the STB 500 based on information obtained by referring to the content usage fee table via the IP network.
Further, technologies related to the content reproduction apparatus are disclosed in, for example, Patent Documents 1 and 2.
JP-A-10-269289 International Publication No. 00/07329 Pamphlet

In the STB 500 shown in FIG. 5, for example, the content provider (content right owner) cannot grasp the user's content usage status (whether the content is being viewed) or the service provider's business performance status (content content). There is a problem that it is not possible to grasp whether the fee is charged appropriately according to the usage amount.
When the content reproduction apparatus is configured as a PC, there is a possibility that a user creates and uses a program for peeking at the bus inside the PC. Further, when the content reproduction apparatus is configured as a PC, there is a program on the Internet for peeking at the bus inside the PC, and the possibility that the user downloads and uses the program cannot be denied. Therefore, when the content playback apparatus is configured as a PC, the risk of content leakage is very high. On the other hand, when the content playback device is configured as an STB, the user cannot look into the bus inside the STB unlike the bus inside the PC. The risk of spillage is low, but it is still very dangerous. In particular, in recent STBs, the number of cases where Linux is used as an OS (Operating System) is increasing, and there is a possibility that a user familiar with Linux will create a program for peeking at the bus.

  In the STB 500, the decryption unit 502, the MPEG decoder 503, the graphic processing unit 504, the HDMI encryption unit 505, the local encryption unit 506, the CPRM encryption unit 507, the CAS card 508, the nonvolatile memory 509, the ROM 510, and the RAM 511 In the meantime, unencrypted information is exchanged, and there is a sufficient possibility that such information will be wiretapped. Considering the recent spread of the Internet, leaked content can be easily disseminated via the Internet, and content leakage is a very big problem for content providers such as Hollywood (filmmakers). .

  The present invention has been made in view of the above problems, and an object of the present invention is to provide a content reproduction apparatus capable of realizing content management and content protection that is sufficiently satisfactory for a content right owner.

  In the first embodiment of the present invention, the content reproduction apparatus is configured to include a decryption unit, a management information generation unit, an encryption output unit, and an access control unit. The decrypting means decrypts the content transmitted via the transmission medium. The management information generating unit generates content management information including the usage history of the content decrypted by the decrypting unit. The encryption output means encrypts and outputs the content decrypted by the decryption means. The access control means enables reference and rewriting of the content management information by the first access via the first secure transmission, and enables reference of the content management information by the second access via the second secure transmission. The decryption unit, the management information generation unit, the encryption output unit, and the access control unit are implemented by a single semiconductor device. Alternatively, the decryption unit, the management information generation unit, the encryption output unit, and the access control unit are implemented by a plurality of semiconductor devices. In this case, the information exchanged between the semiconductor devices is information encrypted using a key that only each semiconductor device can know.

Preferably, the access control means permits rewriting of the content management information by the first access via the first secure transmission only when a predetermined condition is satisfied. Preferably, the content reproduction apparatus further includes notification means. The notifying means notifies the user of the occurrence of access to the content management information via the first or second secure transmission.
In the first embodiment as described above, the content management information can be referred to and rewritten by the first secure transmission by the first access, so the content management work (billing work etc.) is performed after confirming the user's content usage status. Can be implemented. In addition, since the content management information can be referred to by the second secure transmission by the second access, it is possible to accurately grasp the content usage status of the user and the business execution status of the content distributor.

  Further, the decryption means, the management information generation means, the encryption output means, and the access control means are secure areas that cannot be easily peeped or tampered with from the outside. For this reason, most of the processing related to the content is performed in the secure area. All information output from the semiconductor device is encrypted information. Accordingly, it is possible to reliably prevent content leakage. In this way, content management and content protection that are sufficiently satisfactory for the content right owner can be realized, and the problems for the content right owner can be comprehensively solved.

  In the second form of the present invention, the content reproduction apparatus comprises a software module, encryption / decryption means, key supply means, validity verification means, management information generation means, and access control means. The software module embodies decryption means for decrypting the encrypted content and encryption output means for encrypting and outputting the content decrypted by the decryption means. The encryption / decryption means decrypts the content transmitted via the transmission medium using a predetermined key, encrypts the content, and supplies it to the decryption means of the software module. The key supply means supplies a predetermined key to the encryption / decryption means. The validity verification means verifies the validity of the software module. The management information generating unit generates content management information including a usage history of the content decrypted by the encryption / decryption unit. The access control means enables reference and rewriting of the content management information by the first access via the first secure transmission, and enables reference of the content management information by the second access via the second secure transmission. The encryption / decryption means, key supply means, validity verification means, management information generation means, and access control means are implemented by a single semiconductor device.

  In the second form as described above, after the validity of the software module is confirmed by the validity verification means in the semiconductor device, the content transmitted via the transmission medium by the encryption / decryption means in the semiconductor device Is decrypted. For this reason, the effect similar to the 1st form mentioned above is acquired.

  According to the present invention, it is possible to realize content management and content protection that are sufficiently satisfactory for a content right owner.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 shows a first embodiment of the present invention. In the first embodiment, the content playback apparatus is configured as the STB 100. The STB 100 includes an LSI (Large Scale Integration) 101, a nonvolatile memory 115, a ROM 116, a RAM 117, an HDD 118, and a DVD drive 119. The LSI 101 includes an IP transmission / reception unit 102, a decryption unit 103, an MPEG decoder 104, a graphic processing unit 105, an HDMI encryption unit 106, a local encryption unit 107, a CPRM encryption unit 108, a CAS unit 109, and a nonvolatile memory encryption. Unit 110, ROM decryption unit 111, RAM encryption / decryption unit 112, processor 113, and bus 114. IP transmission / reception unit 102, decryption unit 103, MPEG decoder 104, graphic processing unit 105, HDMI encryption unit 106, local encryption unit 107, CPRM encryption unit 108, CAS unit 109, non-volatile memory encryption unit 110, The ROM decryption unit 111, the RAM encryption / decryption unit 112, and the processor 113 are connected to each other via a bus 114 inside the LSI 101.

  Hereinafter, the operation of the STB 100 will be described. Note that the following series of operations is realized by the processor 113 controlling each unit of the LSI 101. Further, the processor 113 executes various arithmetic processes according to programs stored in the ROM 116 and the RAM 117. The ROM 116 stores basic programs executed by the processor 113 and various data. The ROM 116 stores information subjected to encryption processing (simple scramble processing), and the information read from the ROM 116 is decrypted by the ROM decryption unit 111 (simple descrambling processing). ) Is supplied to the bus 114. The RAM 117 temporarily stores programs to be executed and various data when the processor 113 executes various arithmetic processes. The information stored in the RAM 117 is subjected to encryption processing (simple scramble processing) by the RAM encryption / decryption unit 112 and stored in the RAM 117. The information read from the RAM 117 is subjected to a decryption process (simple descrambling process) by the RAM encryption / decryption unit 112 and supplied to the bus 114. As a result, the program stored in the ROM 116 or the RAM 117 is prevented from being peeped or altered.

  In STB 100, when content is encrypted and input to IP transmission / reception section 101 via the IP network, it is converted into MPEG-TS packet format by IP transmission / reception section 102 and then decrypted by decryption section 103. Is done. Note that the decryption unit 103 acquires the decryption key from the CAS unit 109 and uses it when decrypting the content in the MPEG-TS format supplied from the IP transmission / reception unit 102. Thereafter, when viewing the content, the content decrypted by the decryption unit 103 is subjected to decompression processing by the MPEG decoder 104 and further fused with graphic image data by the graphic processing unit 105, and then the HDMI encryption unit. It is HDMI encrypted by 106 and output to the monitor 120.

  When content is stored in the HDD 118, the content decrypted by the decryption unit 103 is subjected to local encryption processing (encryption processing unique to the STB 100) by the local encryption unit 107 and stored in the HDD 118. The key used for the encryption processing of the local encryption unit 107 is randomly generated for each content by the processor 113 and supplied to the local encryption unit 107, and the nonvolatile memory encryption unit 110 or the processor 113 is used. Is encrypted and stored in the non-volatile memory 115.

  When viewing the content stored in the HDD 118, first, the processor 113 reads the key used for the encryption process of the local encryption unit 107 from the nonvolatile memory 115, and then performs the decryption process. And supplied to the decoding unit 103. The decryption unit 103 decrypts the content read from the HDD 118 using the key supplied from the processor 113. Thereafter, the content decrypted by the decryption unit 103 is subjected to decompression processing by the MPEG decoder 104, further merged with the graphic image data by the graphic processing unit 105, and then HDMI-encrypted by the HDMI encryption unit 106. Is output to the monitor 120.

  When recording content on the DVD drive 119, the content decrypted by the decryption unit 103 is subjected to CPRM encryption processing by the CPRM encryption unit 108 and stored in the DVD drive 119. Although not shown, the LSI 101 includes, for example, an SD (Secure Digital) memory card encryption unit and a Blu-Ray disk encryption in addition to the CPRM encryption unit 108 (DVD encryption unit). A conversion unit is also provided. When recording content on the SD memory card, the content decrypted by the decryption unit 103 is encrypted by the SD memory card encryption unit and stored in the SD memory card. Similarly, when recording content on a Blu-Ray disc, the content decrypted by the decryption unit 103 is subjected to encryption processing by the Blu-Ray disc encryption unit and stored in the Blu-Ray disc. .

  In the STB 100, when various operations as described above are performed, the processor 113 records the content usage history in the content management table. The content management table is stored in the nonvolatile memory 115 after being encrypted by the nonvolatile memory encryption unit 110. In STB 100, content is stored in HDD 118 in an encrypted state, and the key used for decrypting the content read from HDD 118 exists only in LSI 101, so the content is used (viewing, copying, etc.) When doing so, it is necessary to pass through the LSI 101 without fail. Therefore, an accurate content management table can be created.

  FIG. 2 shows an example of the content management table. In the content management table shown in FIG. 2, the decryption key (the key used for decrypting the content read from the HDD 118), the number of times of viewing (the number of times the content has been viewed), the recording medium, corresponding to the content name A number of times of recording (number of times content has been recorded on recording medium A), number of times of recording medium B (number of times content has been recorded on recording medium B), number of times of recording medium C (number of times content has been recorded on recording medium C), use Charges (billing amount incurred with the use of content) are recorded. For example, the recording medium A corresponds to a DVD, the recording medium B corresponds to an SD memory card, and the recording medium C corresponds to a Blu-Ray disc.

  Note that the content management table shown in FIG. 2 is an example, and various content management tables can be considered. For example, the items of the content management table include commercial skip enable / disable, trick play enable / disable, one-time viewing fee, one-time copy fee, number of replicas, number of replicable generations, number of replicas per recording media A to C, recording media A ~ The number of times of duplication for each C may be provided.

  In the STB 100, the content management table can be accessed via the IP network if it has either authority associated with the master key 1 or authority associated with the master key 2. With the authority attached to the master key 1, it is possible to both refer to and rewrite the content management table. On the other hand, the authority attached to the master key 2 can only refer to the content management table (whole or part). The master key 1 should be owned by, for example, a service provider in charge of content management work (billing work etc.). On the other hand, the master key 2 should be owned by, for example, a content provider who is a content right owner. Note that a plurality of master keys 2 may exist for each content provider, and information that can be referred to may differ for each key. For example, with the master key 2 for the content provider A, only information related to the content of the content provider A in the content management table can be referred to, and with the master key 2 for the content provider B, the content of the content provider B in the content management table can be referred to. Only relevant information may be referred to.

  Various methods for realizing the master keys 1 and 2 are conceivable. For example, the master key A is provided as a reference key for the content management table, and the master key B is provided as a key for rewriting the content management table. In this case, the master key 1 corresponds to both the master key A and the master key B. A service provider who owns both master keys A and B can both refer to and rewrite the content management table. On the other hand, the master key 2 corresponds to the master key A. A content provider who owns only the master key A can only refer to the content management table. In addition, in order to distinguish between the service provider and the content provider, a plurality of reference keys for the content management table may be provided like master keys A and C. In this case, the master key 1 owned by the service provider corresponds to the master keys A and B, and the master key 2 owned by the content provider corresponds to the master key C.

As a specific procedure for accessing the content management table from the outside via the IP network, for example, the following procedure can be considered. Although a very simple example is shown for convenience of explanation, the actual procedure is often more complicated than the procedure shown below.
(1) First, the center connects to the STB 100 via the IP network.
(2) Next, the center and the STB 100 perform mutual authentication. There are various authentication techniques. For example, a case where a method of confirming that the other party knows the master key is used will be described.
(2a) The center transmits, to the STB 100, information obtained by encrypting the calculation formula “6 + 3” using the master key.
(2b) The STB 100 decrypts the information transmitted from the center using the master key, and transmits the information obtained by encrypting the answer “9” using the master key to the center.
(2c) The center decrypts the information transmitted from the STB 100 using the master key, and authenticates the STB 100 if the decryption result indicates the answer “9”.
(2d) The STB 100 transmits information obtained by encrypting the calculation formula “8 × 9” using the master key to the center.
(2e) The center decrypts the information transmitted from the STB 100 using the master key, and transmits the information obtained by encrypting the answer “72” using the master key to the STB 100.
(2f) The STB 100 decrypts the information transmitted from the center using the master key, and authenticates the center if the decryption result indicates an answer “72”.
(3) After the mutual authentication is completed, the center and the STB 100 generate a session key (a key used only this time) using the master key.
(4) Thereafter, the center and the STB 100 exchange information such as a content management table using the session key. In STB 100, as access to the content management table via the IP network is recognized by processor 113, information for notifying the user of that fact is displayed on monitor 120.

  In addition, regarding the rewriting of the content management table, it is also important to set certain restrictions to prevent fraudulent acts of the service provider. Therefore, in STB 100, for example, there is a restriction that prevents the usage fee from being changed to 0 yen until a predetermined time limit comes. This means that the firmware (program) of the processor 113 that rewrites the content management table in accordance with the instruction of the service provider via the IP network allows an increase in the usage fee but does not allow a reduction in the usage fee until the predetermined period comes. It is realized with. In addition, there is a restriction that prevents the number of times of viewing, the number of recordings of the recording medium A, the number of recordings of the recording medium B, and the number of recordings of the recording medium C from being changed to 0 until the predetermined time limit has elapsed, or the amount of information stored in the content management table A restriction may be provided so that the contents of the content management table cannot be changed until the above is reached.

  In the STB 100 as described above, since the service provider can refer to and rewrite the content management table by secure transmission using the master key 1, the content management business (billing business etc.) after confirming the content usage status of the user. Can be implemented. Further, since the content provider can refer to the content management table by secure transmission using the master key 2, the content usage status of the user and the business performance status of the service provider can be accurately grasped.

  Further, in the conventional STB 500 shown in FIG. 5, the part responsible for processing related to the contents is composed of a plurality of LSIs and circuit blocks, and the information exchanged between them and the information in each circuit block can be looked into. There is a risk of being tampered with or tampered with. Therefore, there is a sufficient risk of content leakage. On the other hand, in the STB 100, the IP transmission / reception unit 102, the decryption unit 103, the MPEG decoder 104, the graphic processing unit 105, the HDMI encryption unit 106, the local encryption unit 107, the CPRM encryption unit 108, the CAS unit 109, the nonvolatile memory The internal memory encryption unit 110, the ROM decryption unit 111, the RAM encryption / decryption unit 112, the processor 113, and the bus 114 are formed inside the single LSI 101, and can be easily viewed from the outside. It is a secure area that cannot be tampered with. For this reason, most of the processing related to the content is performed in the secure area. Information input to the LSI 101 and information output from the LSI 101 are all encrypted information. Accordingly, it is possible to reliably prevent content leakage. Note that since the content input to the IP transmission / reception unit 102 and the content output from the IP transmission / reception unit 102 are all encrypted content, the IP transmission / reception unit 102 is not necessarily mounted on the LSI 101.

  As described above, in the first embodiment, content management and content protection that are sufficiently satisfactory for the content provider can be realized, and problems for the content provider can be comprehensively solved. In the content transmission system including the STB 100, the content provider only needs to provide the encrypted content when providing the content to the service provider. Since the content provider does not have to provide the original content (unencrypted content) to the service provider, the content provider can provide the content with relative ease.

  FIG. 3 shows a second embodiment of the present invention. In the second embodiment, the content reproduction apparatus is configured as a PC 200 (software type content reproduction apparatus). The PC 200 includes an IP transmission / reception unit 201, an LSI 202, a secure software area 209, a bus 210, an HDD 211, a CAS card 212, a monitor 213, a DVD drive 214, and a non-volatile memory 215. The LSI 202 includes a decryption unit 203, a CAS card interface unit (CAS card IF unit) 204, an HDD encryption unit 205, an HDD decryption unit 206, an encryption unit 207, and a processor 208. The decryption unit 203, CAS card interface unit 204, HDD encryption unit 205, HDD decryption unit 206, encryption unit 207, and processor 208 are mutually connected via a bus (not shown) inside the LSI 202. It is connected.

  In general, the software area of the PC is mounted on a main memory or HDD that can be accessed by anyone, so anyone with a little knowledge can peek and tamper with it. Therefore, when the content playback apparatus is configured as a PC, a mechanism for preventing peeping and falsification of the software area is necessary. Therefore, in the PC 200, an LSI 202 is provided as a trust point (a part that cannot be peeped or tampered from the outside), and the software area is secured by using the LSI 202. Specifically, the processor 208 in the LSI 202 detects hacking (peeping or tampering) of software operating on the main memory of the PC 200 in real time. When hacking is detected by the processor 208, the software (the decryption unit 209a, the MPEG decoding unit 209b, the HDMI encryption unit 209c, and the CPRM encryption unit 209d) in the secure software area 209 that performs processing related to the content is invalidated. The Means for creating a secure software area is disclosed in, for example, Japanese Patent Laid-Open Nos. 2003-198527 and 2004-129227.

  Hereinafter, the operation of the PC 200 will be described. The content (encrypted state) transmitted via the IP network is converted into the MPEG-TS format by the IP transmission / reception unit 201. Since all the content processed by the IP transmission / reception unit 201 is encrypted, the IP transmission / reception unit 201 may be implemented by dedicated hardware or may be implemented by software in a non-secure software area. Good. Thereafter, the process proceeds to a process of decrypting the content supplied from the IP transmission / reception unit 201. This process needs to be performed in an area secured by some means. In the PC 200, the process of decrypting the content supplied from the IP transmission / reception unit 201 is performed inside the LSI 202. In the PC 200, the trust point is realized by a single LSI 202, but it is not always necessary, and it may be realized so that tampering and peeping from outside cannot be performed.

  In the LSI 202, MPEG-TS format content supplied from the IP transmission / reception unit 201 via the bus 210 is decoded by the decoding unit 203. When decrypting the content supplied from the IP transmission / reception unit 201, the decryption unit 203 acquires the decryption key from the CAS card 212 via the CAS card interface unit 204 and uses it. At this time, since the LSI 202 and the CAS card 212 are directly exchanged in a state where they are isolated from the non-secure portion, the decryption key is prevented from being stolen.

  Thereafter, when viewing the content, the content decrypted by the decryption unit 203 is encrypted again by the encryption unit 207. Then, the content encrypted by the encryption unit 207 is supplied to the secure software area 209 via the bus 210, and is decrypted by the decryption unit 209a, decompressed by the MPEG decoding unit 209b, and the HDMI encryption unit 209c. The HDMI encryption process is sequentially performed and output to the monitor 213.

  When content is stored in the HDD 211, the content decrypted by the decryption unit 203 is subjected to local encryption processing (encryption processing unique to the LSI 202) by the HDD encryption unit 205, and then the HDD 211 via the bus 210. Stored in The key used for the encryption processing of the HDD encryption unit 205 is randomly generated for each content by the processor 208 and supplied to the HDD encryption unit 205, and is encrypted by the processor 208. Stored in the non-volatile memory 215.

  When viewing content stored in the HDD 211, first, the processor 208 reads the key used for the encryption processing of the HDD encryption unit 205 from the nonvolatile memory 215, and then decrypts it. And supplied to the HDD decryption unit 206. Then, the HDD decryption 206 decrypts the content read from the HDD 211 using the key supplied from the processor 208. Thereafter, the content decrypted by the HDD decryption unit 206 is encrypted again by the encryption unit 207. The content encrypted by the encryption unit 207 is supplied to the secure software area 209 via the bus 210, and decryption processing by the decryption unit 209a, decompression processing by the MPEG decoding unit 209b, and HDMI by the HDMI encryption unit 209c. Encryption processing is sequentially performed and output to the monitor 213.

  When recording (storing) content in the DVD drive 214, the content encrypted by the encryption unit 207 is supplied to the secure software area 209 via the bus 210, and decryption processing by the decryption unit 209a is performed. The CPRM encryption processing by the CPRM encryption unit 209 d is sequentially performed and stored in the DVD drive 214. Although not shown, the secure software area 209 includes, for example, an SD memory card encryption unit and a Blu-Ray disk encryption in addition to the CPRM encryption unit 209d (DVD encryption unit). A conversion unit is also provided. When recording content on the SD memory card, the content encrypted by the encryption unit 207 is supplied to the secure software area 209 via the bus 210, and decryption processing by the decryption unit 209a and encryption for the SD memory card are performed. Encryption processing by the conversion unit is sequentially performed and stored in the SD memory card. Similarly, when recording content on a Blu-Ray disc, the content encrypted by the encryption unit 207 is supplied to the secure software area 209 via the bus 210, and decryption processing and Blu-ray by the decryption unit 209a are performed. -Encryption processing by the Ray disk encryption unit is sequentially performed and stored in the Blu-Ray disk.

  In the PC 200, when various operations as described above are performed, the content usage history is recorded in the content management table (FIG. 2) by the processor 208, as in the STB 100 (first embodiment). The content management table is stored in the nonvolatile memory 215 after being encrypted by the processor 208. Further, the means for realizing access to the content management table via the IP network from the outside is the same as the means for realizing in STB 100 (secure transmission using a master key).

  Although the content management table is stored in the nonvolatile memory 215 in an encrypted state, it is not always necessary. For example, the content management table may be stored in an encrypted state in the HDD 211 in order to cope with a case where a large amount of content needs to be managed and the capacity of the nonvolatile memory 215 is insufficient. However, in this case, it is necessary to ensure that the content management table read from the HDD 211 is the latest. Since the HDD 211 is an area where information can be freely copied, it cannot be determined whether or not the content management table read from the HDD 211 is the latest. Therefore, the processor 208 in the LSI 202 holds the latest hash value of the content management table, updates the held hash value as the content management table is updated (rewritten), and reads the content management table from the HDD 211. In this case, it is determined whether or not the content management table read from the HDD 211 is the latest by verifying a match with the hash value held after calculating the hash value of the read content management table. Since the required memory capacity of the hash value is much smaller than that of the content management table, the capacity of the content management table can be increased almost infinitely. Such a method is disclosed in, for example, Japanese Patent Application Laid-Open No. 2005-12349.

Even in the second embodiment as described above (when the content reproduction apparatus is configured as a PC having a software configuration), the same effects as those in the first embodiment can be obtained.
FIG. 4 shows a third embodiment of the present invention. In describing the third embodiment (FIG. 4), the same elements as those described in the second embodiment (FIG. 3) are denoted by the same reference numerals, and detailed description thereof is omitted.

  In the third embodiment, the content reproduction apparatus is configured as a PC 300 (software type content reproduction apparatus). The PC 300 is configured by replacing the LSI 202 with an LSI 302 with respect to the PC 200. The LSI 302 is configured by removing the HDD encryption unit 205 and the HDD decryption unit 206 from the LSI 202. The operation of the PC 300 is that the content encrypted by the encryption unit 207 is stored in the HDD 211, and the content stored in the HDD 211 is directly supplied to the secure software area 209 without going through the LSI 302. Except for the above, the operation is the same as that of the PC 200. In the third embodiment as described above, the same effects as those in the first and second embodiments can be obtained.

  In the first embodiment, the decryption unit 103, the MPEG decoder 104, the graphic processing unit 105, the HDMI encryption unit 106, the local encryption unit 107, the CPRM encryption unit 108, the CAS unit 109, and the nonvolatile memory encryption Although the example in which the unit 110, the ROM decryption unit 111, the RAM encryption / decryption unit 112, and the processor 113 are implemented by a single LSI 101 has been described, the present invention is not limited to such an embodiment. For example, the same effect can be obtained even if these circuits are implemented by a plurality of LSIs and information exchanged between the LSIs is encrypted using a key that exists only in each LSI.

  In the second embodiment, an example in which the decryption unit 203, the CAS card interface unit 204, the HDD encryption unit 205, the HDD decryption unit 206, the encryption unit 207, and the processor 208 are implemented by a single LSI 202 will be described. However, the present invention is not limited to such an embodiment. For example, the same effect can be obtained even if these circuits are implemented by a plurality of LSIs and information exchanged between the LSIs is encrypted using a key that exists only in each LSI.

  In the third embodiment, an example in which the decryption unit 203, the CAS card interface unit 204, the encryption unit 207, and the processor 208 are implemented by a single LSI 302 has been described. However, the present invention is limited to such an embodiment. It is not something. For example, the same effect can be obtained even if these circuits are implemented by a plurality of LSIs and information exchanged between the LSIs is encrypted using a key that exists only in each LSI.

The invention described in the above embodiments is organized and disclosed as an additional note below.
(Appendix 1)
Decoding means for decoding the content transmitted via the transmission medium;
Management information generating means for generating content management information including a usage history of the content decrypted by the decrypting means;
Encrypted output means for encrypting and outputting the content decrypted by the decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The content reproduction apparatus, wherein the decryption unit, the management information generation unit, the encryption output unit, and the access control unit are implemented by a single semiconductor device.
(Appendix 2)
Decoding means for decoding the content transmitted via the transmission medium;
Management information generating means for generating content management information including a usage history of the content decrypted by the decrypting means;
Encrypted output means for encrypting and outputting the content decrypted by the decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The decryption means, the management information generation means, the encryption output means, and the access control means are implemented by a plurality of semiconductor devices,
The content reproducing apparatus, wherein the information exchanged between the semiconductor devices is information encrypted using a key that only each of the semiconductor devices can know.
(Appendix 3)
In the content playback apparatus according to Supplementary Note 1 or Supplementary Note 2,
The content playback apparatus according to claim 1, wherein the access control unit permits rewriting of the content management information by the first access via the first secure transmission only when a predetermined condition is satisfied.
(Appendix 4)
In the content reproduction apparatus according to any one of Supplementary Note 1 to Supplementary Note 3,
A content reproduction apparatus comprising: notification means for notifying a user of the occurrence of access to the content management information via the first or second secure transmission.
(Appendix 5)
A software module that embodies decryption means for decrypting encrypted content, and encryption output means for encrypting and outputting the content decrypted by the decryption means;
An encryption / decryption unit that encrypts the content transmitted through the transmission medium after decrypting the content using a predetermined key and supplies the encrypted content to the decryption unit of the software module;
Key supply means for supplying the predetermined key to the encryption / decryption means;
Legitimacy verification means for verifying the legitimacy of the software module;
Management information generating means for generating content management information including a usage history of the content decrypted by the encryption / decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The content reproduction apparatus, wherein the encryption / decryption means, the key supply means, the validity verification means, the management information generation means, and the access control means are implemented by a single semiconductor device.
(Appendix 6)
A software module that embodies decryption means for decrypting encrypted content, and encryption output means for encrypting and outputting the content decrypted by the decryption means;
An encryption / decryption unit that encrypts the content transmitted through the transmission medium after decrypting the content using a predetermined key and supplies the encrypted content to the decryption unit of the software module;
Key supply means for supplying the predetermined key to the encryption / decryption means;
Legitimacy verification means for verifying the legitimacy of the software module;
Management information generating means for generating content management information including a usage history of the content decrypted by the encryption / decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The encryption / decryption means, the key supply means, the validity verification means, the management information generation means, and the access control means are embodied by a plurality of semiconductor devices,
The content reproducing apparatus, wherein the information exchanged between the semiconductor devices is information encrypted using a key that only each of the semiconductor devices can know.
(Appendix 7)
In the content transmission system including the content reproduction device according to any one of supplementary notes 1 to 6,
The content transmission system, wherein the second access source provides content to the first access source in an encrypted state.

  As mentioned above, although this invention was demonstrated in detail, the above-mentioned embodiment and its modification are only examples of this invention, and this invention is not limited to these. Obviously, modifications can be made without departing from the scope of the present invention.

1 is a block diagram showing a first embodiment of the present invention. It is a part figure showing an example of a contents management table. It is a block diagram which shows 2nd Embodiment of this invention. It is a block diagram which shows 3rd Embodiment of this invention. It is a block diagram which shows an example of conventional STB.

Explanation of symbols

100 STB; 101 LSI; 102 IP transmission / reception unit; 103 encryption / decryption unit; 104 MPEG decoder; 105 graphic processing unit; 106 HDMI encryption unit; 107 local encryption unit; 109. CAS unit; 110. Non-volatile memory encryption unit; 111. ROM decryption unit; 112. RAM encryption / decryption unit; 113. Processor; 114. 116, ROM, 117, RAM, 118, HDD, 119, DVD drive, 120, monitor, 200, 300, PC, 201, IP transmission / reception unit, 202, 302, LSI, 203, decryption unit, 204, CAS card 205: HDD encryption unit; 206: HDD decryption unit; 207: Encryption unit; 208 209 ... Secure software domain; 209a ... Decryption part; 209b ... MPEG decoding part; 209c ... HDMI encryption part; 209d ... CPRM encryption part; 210 ... Bus; 211 ... HDD; 212 ... CAS card; Monitor: 214 DVD drive; 215 Nonvolatile memory

Claims (5)

Decoding means for decoding the content transmitted via the transmission medium;
Management information generating means for generating content management information including a usage history of the content decrypted by the decrypting means;
Encrypted output means for encrypting and outputting the content decrypted by the decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The content reproduction apparatus, wherein the decryption unit, the management information generation unit, the encryption output unit, and the access control unit are implemented by a single semiconductor device. Decoding means for decoding the content transmitted via the transmission medium;
Management information generating means for generating content management information including a usage history of the content decrypted by the decrypting means;
Encrypted output means for encrypting and outputting the content decrypted by the decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The decryption means, the management information generation means, the encryption output means, and the access control means are implemented by a plurality of semiconductor devices,
The content reproducing apparatus, wherein the information exchanged between the semiconductor devices is information encrypted using a key that only each of the semiconductor devices can know. The content playback apparatus according to claim 1 or 2,
The content playback apparatus according to claim 1, wherein the access control unit permits rewriting of the content management information by the first access via the first secure transmission only when a predetermined condition is satisfied. In the content reproduction apparatus in any one of Claims 1-3,
A content reproduction apparatus comprising: notification means for notifying a user of the occurrence of access to the content management information via the first or second secure transmission. A software module that embodies decryption means for decrypting encrypted content, and encryption output means for encrypting and outputting the content decrypted by the decryption means;
An encryption / decryption unit that encrypts the content transmitted through the transmission medium after decrypting the content using a predetermined key and supplies the encrypted content to the decryption unit of the software module;
Key supply means for supplying the predetermined key to the encryption / decryption means;
Legitimacy verification means for verifying the legitimacy of the software module;
Management information generating means for generating content management information including a usage history of the content decrypted by the encryption / decryption means;
Access control means for enabling reference and rewriting of the content management information by the first access via the first secure transmission and enabling reference of the content management information by the second access via the second secure transmission. ,
The content reproduction apparatus, wherein the encryption / decryption means, the key supply means, the validity verification means, the management information generation means, and the access control means are implemented by a single semiconductor device.

Images