JP2010239561A - Management program, management apparatus, and receiving system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make restoration of video recording content easy and to enhance security. <P>SOLUTION: Restoration sequence of seed information allows a faulty old management device 106 to be replaced with a new management device 106 in an installation place of an IPTV receiving device 103, and makes the seed information Si usable in the new management device 106. The old management device 106 is removed from the IPTV receiving device 103 (S1301), and the new management device 106 is connected to the IPTV receiving device 103 (S1302). The IPTV receiving device 103 obtains a device ID of the old management device 106 (S1303). When the device ID of the old management device 106 is obtained, the IPTV receiving device 103 transmits it to the new management device 106 (S1304), and when the device ID of the old management device 106 is received, the new management device 106 executes device ID write processing (S1305). <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present disclosure relates to a management program, a management device, and a reception system that manage a reception device that receives content.

  In recent years, with the development of the Internet network, the commercialization of receivers that receive Internet distribution contents has been active. In particular, in Japan, standardization related to transmission / reception of Internet distribution content called IPTV (Internet Protocol TeleVision) is performed in IPTV Forum Japan and the like.

  For example, Videoonet. CAS / DRM is a digital content copyright protection system that generates and distributes licenses in compliance with Marlin IPTV-ES (see Non-Patent Documents 1 to 3 below). Marlin IPTV-ES is a technical standard that protects the copyrights of digital content for which technical specifications are formulated by the Marlin Developer Community. Videoonet. CAS / DRM distributes a license by secure communication in response to a license issuance request from a receiver such as an Internet TV compatible with Marlin IPTV-ES.

  As described above, in IPTV, distribution of encrypted content is performed using a public key cryptosystem or the like. At this time, key information necessary for IPTV transmission / reception needs to be securely managed in the IPTV receiver. In recent years, IPTV receivers that have been commercialized are mainly STBs (set top boxes). STBs are dedicated machines that are relatively small and relatively easy to carry, so in the event of a failure, the entire STB is generally replaced.

  Conventionally, when an IPTV receiver fails, it is generally handled by replacing the IPTV receiver. This is because the IPTV receiver is often an STB, and is small in size and easy to carry. Then, the board (IPTV board) in the IPTV receiver corresponding to the STB or STB is replaced with a new one, and the normal setting is performed again to restore. The failed old STB or old IPTV board is reliably collected to prevent unauthorized use.

“Marlin compatible digital content copyright protection system“ Videoonet. CAS / DRM ”: Communication / Network: Hitachi”, URL: http: // www. hitachi. co. jp / products / it / network / solution / ngn / videoonet / CAS_DRM. html, 31 March 2009 search “Adopting TV distribution service“ Hikari TV ”and Hitachi's DRM system“ Videoonet. CAS / DRM ”: Enterprise: RBB TODAY (broadband information site) 2008/03/31”, URL: http: // www. rbbtoday. com / news / 20080331/49958. html, 31 March 2009 search "Copyright Management (DRM) Embedded Package for Marlin v1.0 | Component | Embedded Solution", URL: http: // www. necst. co. jp / product / emb / service / component_3. html, 31 March 2009 search

  However, the above-described prior art has a problem that it is difficult to recover the recorded content in the event of a failure. The recorded content is encrypted with a key that is unique to the IPTV receiver, and if the STB or IPTV board is replaced with a new one, the recorded content cannot be decrypted and played back.

  Even in the case where content is recorded on the backup hard disk for backup purposes in preparation for a hard disk failure, since the content is encrypted, it is not possible to recover a key that is out of the door unique to the IPTV receiver. Therefore, conventionally, there are only two methods of returning the IPTV receiver to the factory, dismantling the STB, and recovering the key not to go out of the gate or giving up.

  However, commercialization of IPTV-PC (computer that receives IPTV content) and the like is also conceivable in the future. At this time, the IPTV-PC is a software-type device, and is a composite device that realizes various functions by software. A PC equipped with software compatible with the IPTV function is considered an IPTV-PC. In the event of a large IPTV-PC failure, replacement is not practical.

  In the event of an IPTV-PC failure, it is desirable to make a business trip to the viewer's home and perform on-site repairs at the viewer's home. In other words, it is only necessary that a business trip repair person can replace the IPTV board having a size that can be carried locally and can make a business trip repair with only a few settings. An object of the disclosed technique is to more easily restore recorded content in consideration of viewer convenience.

  On the other hand, IPTV is charged. Another problem is that security is broken and viewers can easily watch illegally. In a system in which the IPTV board can be easily replaced, it is fully possible that security is broken. Another object of the disclosed technology is to improve safety that security is not easily broken.

  In order to solve the above-described problems and achieve the object, the disclosed technique includes a receiving device that securely receives content, and a first management device that is connectable to the receiving device and manages the receiving device. In the system, to the second management device exchangeable with the first management device, input identification information unique to the first management device that is a generation source of seed information used for management of the receiving device, It is a requirement that the input identification information is written in a storage area in the second management device so that it cannot be rewritten.

  According to the present disclosure technique, it is possible to easily restore the recorded content and to improve the security.

It is a system configuration | structure figure of the IPTV receiving system of this indication technique. It is a block diagram which shows the hardware constitutions of a computer (an authentication server, a delivery server, an IPTV receiver). It is a block diagram which shows the hardware constitutions of a management apparatus. It is explanatory drawing which shows the memory content of authentication information DB shown in FIG. It is explanatory drawing which shows the memory content of viewer information DB. It is a sequence diagram (the 1) which shows an initialization sequence. It is a flowchart which shows the detailed process sequence of a seed information acquisition process (step S604). It is a sequence diagram (the 2) which shows an initial setting sequence. It is a sequence diagram which shows the viewing-and-listening sequence of content. FIG. 10 is a sequence diagram (first half) showing a recording / viewing sequence of content. FIG. 10 is a sequence diagram (second half) showing a recording / viewing sequence of content. 11 is a flowchart illustrating a detailed processing procedure of the embedded key generation processing (step S1017) illustrated in FIG. It is a flowchart which shows the detailed process sequence of the seed information confirmation information generation process (step S1019) shown in FIG. It is a sequence diagram which shows a seed information recovery sequence. It is a flowchart which shows the detailed process sequence of apparatus ID write-in process (step S1305). It is a flowchart which shows the detailed process sequence of a seed information confirmation process (step S1320).

  Exemplary embodiments of the disclosed technique will be described below in detail with reference to the accompanying drawings.

<System configuration>
FIG. 1 is a system configuration diagram of an IPTV (Internet Protocol TeleVision) receiving system according to the disclosed technique. IPTV is a general term for services for distributing digital television broadcasts using IP (Internet Protocol), or broadcasting techniques thereof. In the IPTV receiving system 100, an authentication server 101, a distribution server 102, and a plurality of IPTV receiving apparatuses 103 (one unit in FIG. 1 as an example) are connected to be communicable via an IP network 104. The IPTV receiver 103 is connected to the monitor 105 and the management device 106.

  The authentication server 101 is a computer that authenticates a viewer who is a user of the IPTV receiving apparatus 103. The authentication server 101 has an authentication information database (DB) 400. Details of the authentication information DB 400 will be described later (FIG. 4). The distribution server 102 is a computer that distributes digital TV broadcast content to the IPTV receiver 103. The distribution server 102 has a viewer information DB 500. Details of the viewer information DB 500 will be described later (FIG. 5).

  The distribution server 102 receives digital broadcast waves broadcast from a digital broadcasting station and converts the digital broadcast waves into contents that can be distributed by the IP network 104. The converted content is distributed to an unspecified number of IPTV receivers 103 via the IP network 104. Further, the distribution server 102 may store the content in advance, such as VOD (Video On Demand), and immediately distribute the content requested by the viewer.

  In the IPTV receiving system 100, an existing encrypted communication method such as SSL (Secure Socket Layer) is adopted between the authentication server 101 and the IPTV receiving device 103 and between the distribution server 102 and the IPTV receiving device 103. In this example, for simplification, the IPTV receiver 103 is given a secret key SKai, and the authentication server 101 is given a public key PKai paired with the secret key SKai to perform encrypted communication. In this way, a path between the authentication server 101 and the IPTV receiving apparatus 103 that are encrypted and communicated is referred to as a “first secure communication path L1”.

  Similarly, a secret key SKbi is given to the IPTV receiver 103, and a public key PKbi paired with the secret key SKbi is given to the distribution server 102 to perform encrypted communication. In this way, the path between the distribution server 102 and the IPTV receiving apparatus 103 that are encrypted and communicated is referred to as a “second secure communication path L2”.

  The IPTV receiving apparatus 103 is a computer that receives content from the distribution server 102. For the IPTV receiver 103, for example, a general-purpose personal computer is used. The IPTV receiving apparatus 103 sends the content received from the distribution server 102 to the monitor 105. The monitor 105 displays the content as a video. Specifically, for example, a television (receiver) or a projector is used. A display of a personal computer may be substituted.

  The management device 106 is a computer that manages the IPTV receiving apparatus 103. The management device 106 is, for example, an IPTV board of a size that can be carried on site by a business trip repair person, and is connected to the IPTV reception device 103 by being inserted into a slot of the IPTV reception device 103. The management device 106 manages an embedded key that is out of the door. The embedded key is used for encrypting and decrypting the content recorded by the IPTV receiving apparatus 103. Since the management device 106 manages the embedded key, it has a tamper-resistant configuration (an LSI with a Tamper Resistant Module structure) that cannot be easily tampered with or peeped from the outside.

<Hardware configuration of computer>
FIG. 2 is a block diagram illustrating a hardware configuration of the computer (the authentication server 101, the distribution server 102, and the IPTV receiving apparatus 103). In FIG. 2, the computer includes a CPU (Central Processing Unit) 201, a ROM (Read-Only Memory) 202, a RAM (Random Access Memory) 203, a magnetic disk drive 204, a magnetic disk 205, and an optical disk drive 206. An optical disk 207, a display 208, an I / F (Interface) 209, a keyboard 210, a mouse 211, a scanner 212, and a printer 213. Each component is connected by a bus 200.

  Here, the CPU 201 controls the entire computer. The ROM 202 stores various programs. The RAM 203 is used as a work area for the CPU 201. The magnetic disk drive 204 controls reading / writing of data with respect to the magnetic disk 205 according to the control of the CPU 201. The magnetic disk 205 stores data written under the control of the magnetic disk drive 204.

  The optical disk drive 206 controls reading / writing of data with respect to the optical disk 207 according to the control of the CPU 201. The optical disk 207 stores data written under the control of the optical disk drive 206, or causes the computer to read data stored on the optical disk 207.

  The display 208 displays data such as a document, an image, and function information as well as a cursor, an icon, or a tool box. As the display 208, for example, a CRT, a TFT liquid crystal display, a plasma display, or the like can be adopted.

  An interface (hereinafter abbreviated as “I / F”) 209 is connected to a network 214 such as a LAN (Local Area Network), a WAN (Wide Area Network), and the Internet through a communication line. Connected to other devices. The I / F 209 controls an internal interface with the network 214 and controls data input / output from an external device. For example, a modem or a LAN adapter may be employed as the I / F 209.

  The keyboard 210 includes keys for inputting characters, numbers, various instructions, and the like, and inputs data. Moreover, a touch panel type input pad or a numeric keypad may be used. The mouse 211 performs cursor movement, range selection, window movement, size change, and the like. A trackball or a joystick may be used as long as they have the same function as a pointing device.

  The scanner 212 optically reads an image and takes in the image data into the computer. The scanner 212 may have an OCR (Optical Character Reader) function. The printer 213 prints image data and document data. As the printer 213, for example, a laser printer or an ink jet printer can be employed.

<Hardware Configuration of Management Device 106>
FIG. 3 is a block diagram illustrating a hardware configuration of the management device 106. In the management device 106, a CPU 301, a DRAM (Dynamic Random Access Memory) 302, a flash memory 303, and an I / F 304 are connected via a bus 305. The CPU 301 governs overall control of the management device 106. The DRAM 302 is used as a work area for the CPU 301. The flash memory 303 stores various programs and data. The I / F 304 controls communication with the IPTV receiving apparatus 103 that is a connection destination.

  Here, information stored in the flash memory 303 will be described. The flash memory 303 stores a management program P, a device ID, a device ID, random information Ra, seed information Si, and an embedded key Ki. The management program P causes the CPU 301 to execute processing such as management of the embedded key Ki, encryption of various information, and decryption. The device ID is identification information that uniquely identifies the management device 106.

  The device ID is written before the management device 106 is shipped. The device ID is set by the management program P so that once it is written to the flash memory 303, it is not rewritten. The device ID is identification information that uniquely identifies the IPTV receiving device 103 that is a connection partner. For example, the Ethernet number (MAC address) of the IPTV receiver 103 is used. The device ID is written at the time of initial setting when connected to the IPTV receiving device 103. When the device ID of another IPTV receiving apparatus 103 is read, the management program P is set so that the other IPTV receiving apparatus 103 does not operate.

  The random information Ra is data unique to the management device 106 set at random. For example, specific information generated by cooperation of the management device 106 alone or the management device 106 and the IPTV reception device 103 such as the shipment date and time of the management device 106, the production date and time, and the date and time when the connection with the IPTV reception device 103 is established. Use.

  The seed information Si is information unique to the management device 106 generated in the management device 106. The seed information Si is generated by a secret algorithm in the management program P. Specifically, for example, a hash value calculated by giving a hash function a character string connecting the end of the device ID and the beginning of the random information Ra is the seed information Si. Thereby, even if there is a person who knows the secret algorithm, the seed information Si cannot be estimated, and the security can be improved.

  The embedded key Ki is information that does not go out of the door used for encryption and decryption of content recorded by the IPTV receiver 103. The embedded key Ki is information generated based on the seed information Si. Specifically, for example, a hash value calculated by giving a hash function a character string that connects the end of the seed information Si and the content number of the target content (identification information that uniquely identifies the content) to the hash function. The embedded key Ki. The embedded key Ki is generated for each content. As a result, even if there is a person who knows the secret algorithm, the embedded key Ki cannot be estimated, and security can be improved.

<Storage contents of various DBs>
FIG. 4 is an explanatory diagram showing the contents stored in the authentication information DB 400 shown in FIG. The authentication information DB 400 stores information necessary for viewer authentication. The authentication information DB 400 has a viewer ID, a public key, a device ID, and seed information as field items, and is recorded for each viewer. The viewer ID item stores a viewer ID that is identification information for uniquely identifying the viewer. In the item of public key, the authentication server 101 stores the public key PKai for constructing the first secure communication path L1 with the IPTV receiver 103 of the viewer Vi.

  In the device ID item, device ID: Ai, which is identification information for uniquely specifying the management device 106 used by the viewer Vi, is stored. The seed information item stores the seed information Si generated in the management device 106 having the device ID: Ai. Although the seed information Si may be generated for each content, in order to simplify the description, one seed information Si is provided for each viewer in FIG. The authentication information DB 400 realizes its function by the ROM 202, RAM 203, or the magnetic disk drive 204 and the magnetic disk 205 shown in FIG.

  FIG. 5 is an explanatory diagram showing the contents stored in the viewer information DB 500. The viewer information DB 500 stores viewer information necessary for content distribution. The viewer information DB 500 has a viewer ID, a public key, personal information, payment information, and distribution destination information as field items, and is recorded for each viewer. The viewer ID item stores a viewer ID that is identification information for uniquely identifying the viewer. In the public key item, the distribution server 102 stores the public key PKbi for constructing the second secure communication path L2 with the IPTV receiver 103 of the viewer Vi.

  In the personal information item, information unique to the viewer such as the name, address, telephone number, and e-mail address of the viewer Vi is stored. Information necessary for online payment such as a credit card number of the viewer Vi is stored in the item of payment information. In the item of distribution destination information, information serving as a distribution destination of contents such as an IPTV IP address is stored. Note that the viewer information DB 500 realizes its function by the ROM 202, the RAM 203, or the magnetic disk drive 204 and the magnetic disk 205 shown in FIG.

  Next, a sequence and a flowchart of the disclosed technique will be described. The sequences and flowcharts to be described later realize the functions of the execution servers such as the authentication server 101, the distribution server 102, the IPTV receiver 103, and the management device 106 by executing programs for each execution entity. Hereinafter, the sequence will be described.

<Initial setting sequence>
FIG. 6 is a sequence diagram (part 1) illustrating an initial setting sequence. The initial setting sequence in FIG. 6 is a sequence for storing the device ID and seed information Si of the management device 106 in the authentication server 101 prior to using the content distribution service. First, the management device 106 is connected to the IPTV receiver 103 (step S601). When the management device 106 detects a connection with the IPTV receiving device 103, the management device 106 reads the device ID of the IPTV receiving device 103 (step S602).

  Then, the management device 106 associates the read device ID with the device ID stored in advance in the flash memory 303 of the management device 106 and stores it in the flash memory 303 (step S603). In this way, by associating with each other, it is possible to execute processing for prohibiting the operation when the device ID of the IPTV receiving device 103 of the connection partner and the associated device ID do not match.

  Thereafter, the management device 106 executes seed information acquisition processing (step S604). Details of the seed information acquisition process (step S604) will be described with reference to FIG. Since the seed information Si is obtained by the seed information acquisition process (step S604), the seed information Si is transmitted to the IPTV receiving apparatus 103 together with the device ID of the management device 106 (step S605).

  On the other hand, when receiving the device ID and seed information Si from the management device 106 in step S605, the IPTV receiving apparatus 103 encrypts the device ID and seed information Si with the secret key SKai (step S606). Then, the encrypted device ID and the encrypted seed information Si are transmitted to the authentication server 101 through the first secure communication path L1 (step S607).

  Upon receiving the encrypted device ID and the encrypted seed information Si, the authentication server 101 decrypts the encrypted device ID and the encrypted seed information Si with the public key PKai paired with the secret key SKai (step S608). Then, the decrypted device ID and seed information Si are registered, that is, the decrypted device ID and seed information Si are stored in the same record as the public key PKai of the authentication information DB 400 (step S609).

  FIG. 7 is a flowchart showing a detailed processing procedure of the seed information acquisition process (step S604). First, it is determined whether or not the seed information Si has been acquired (step S701). If it has been acquired (step S701: Yes), the seed information acquisition process ends. On the other hand, when it is not acquired (step S701: No), it waits until the random information Ra is prepared (step S702: No).

  When the random information Ra is received (step S702: Yes), the device ID is read (step S703). Then, seed information Si is generated using the device ID and the random information Ra by a secret algorithm, and stored in the flash memory 303 (step S704). Thereby, the seed information acquisition process is terminated.

  FIG. 8 is a sequence diagram (part 2) illustrating the initial setting sequence. The initial setting sequence in FIG. 8 is a sequence that is executed subsequent to the initial setting sequence shown in FIG. 6 and assigns the same viewer ID to the authentication server 101, the distribution server 102, and the IPTV receiving apparatus 103.

  First, the management apparatus 106 performs a connection confirmation process with the IPTV receiving apparatus 103 (step S801). In this connection confirmation process (step S801), it is determined whether or not the device ID of the connection partner IPTV receiver 103 is associated with the device ID of the management device 106. If it matches the associated device ID, it is connected to the legitimate IPTV receiving device 103 and the processing is continued. On the other hand, if the device ID is different from the associated device ID, an error is output and the process is terminated.

  When the continuation of the process is permitted in the connection confirmation process (step S801), the management apparatus 106 transmits the apparatus ID to the ITPV receiving apparatus 103 that is the connection destination (step S802). The IPTV receiving apparatus 103 encrypts the device ID with the secret key SKai (step S803), and transmits a viewer information registration request to the authentication server 101 (step S804). The viewer information registration request includes the encrypted device ID encrypted in step S803.

  Upon receiving the viewer information registration request, the authentication server 101 decrypts the encrypted device ID with the public key PKai paired with the private key SKai (step S805). Then, the authentication server 101 executes a device ID authentication process (step S806). Specifically, it is determined whether or not the device ID stored in the record of the public key PKai in the authentication information DB 400 matches the decrypted device ID. If they match, it is authentication, and if they do not match, authentication fails. If authenticated, the authentication result is transmitted to the distribution server 102 (step S807). The authentication result includes the public key PKai and the IP address of the IPTV receiver 103.

  Upon receiving the authentication result, the distribution server 102 newly generates a public key PKbi and a secret key SKbi (step S808). Then, the distribution server 102 encrypts the secret key SKbi newly generated with the public key PKai included in the authentication result (step S809). The distribution server 102 transmits the encrypted secret key SKbi to the IP address of the IPTV receiving device 103 included in the authentication result (step S810).

  When receiving the encrypted secret key SKbi, the IPTV receiving apparatus 103 decrypts the encrypted secret key SKbi with the secret key SKai (step S811). Then, the IPTV receiving apparatus 103 encrypts the viewer information with the decrypted secret key SKbi (step S812). The viewer information is information including the personal information of the viewer, payment information, and distribution destination information. The IPTV receiving apparatus 103 transmits the encrypted viewer information to the distribution server 102 (step S813).

  Upon receiving the encrypted viewer information, the distribution server 102 decrypts the encrypted viewer information with the public key PKbi that is paired with the secret key SKbi (step S814). Then, a new viewer ID is issued, and the decrypted viewer information and viewer ID are registered in the record of the public key PKbi of the viewer information DB 500 (step S815). Thereafter, the distribution server 102 encrypts the viewer ID with the public key PKbi (step S816), and transmits the encrypted viewer ID to the IPTV receiver 103 (step S817).

  When receiving the encrypted viewer ID, the IPTV receiving apparatus 103 decrypts and stores the encrypted viewer ID with the secret key SKbi (step S818). Thereby, in the IPTV receiving apparatus 103, the registration of the viewer information to the distribution server 102 and the acquisition of the viewer ID from the distribution server 102 are completed.

  The IPTV receiving apparatus 103 encrypts the device ID and the viewer ID with the secret key SKai (step S819), and transmits the encrypted device ID and the encrypted viewer ID to the authentication server 101 (step S820). . Upon receiving the encrypted device ID and the encrypted viewer ID, the authentication server 101 decrypts with the public key PKai (step S821). Thereafter, the viewer ID registration process, that is, the decrypted viewer ID is stored in the same record as the decrypted device ID (step S822). As a result, the viewer ID is also registered in the authentication server 101.

  As described above, a record in the viewer information DB 500 is created for the target viewer by the processes of FIGS. Moreover, the record of authentication information DB400 will be produced about the target viewer except seed information Si.

<Viewing sequence>
FIG. 9 is a sequence diagram showing a content viewing sequence. First, the IPTV receiving apparatus 103 receives a viewing request (step S901). The viewing request is the designation of content that the viewer wants to view or channel selection. In any case, the content number of the content to be viewed is specified by the viewing request. The viewer may input a viewing request directly to the IPTV receiving apparatus 103, or may indirectly input a viewing request to the IPTV receiving apparatus 103 (for example, a remote control operation) via the monitor 105.

  When receiving the viewing request, the IPTV receiving apparatus 103 reads the device ID from the management device 106 (step S902), and encrypts the read device ID and viewer ID with the secret key SKai (step S903). Then, the IPTV receiving apparatus 103 transmits the encrypted device ID and the encrypted viewer ID to the authentication server 101 (step S904).

  Further, the IPTV receiving apparatus 103 encrypts the viewer ID and the content number with the secret key SKbi (step S905). Then, the encrypted viewer ID and the encrypted content number are transmitted to the distribution server 102 (step S906).

  On the other hand, the authentication server 101 decrypts the received encrypted device ID and encrypted viewer ID with the public key PKai (step S907). Then, authentication processing of the decrypted device ID and viewer ID is executed (step S908). Specifically, it is determined whether or not there is a record in the authentication information DB 400 in which a combination of the decrypted device ID and viewer ID exists. If there is, it is authenticated, and if not, authentication fails. If authenticated, the authentication result is transmitted to the distribution server 102 (step S909).

  Upon receiving the encrypted viewer ID, the encrypted content number (step S906) and the authentication result (step S909), the distribution server 102 decrypts the encrypted viewer ID and the encrypted content number with the public key PKbi (step S910). ). Then, the content specified by the content number is encrypted with the content key (step S911). The content key is an encryption key for encrypting content. Thereafter, the distribution server 102 encrypts the content key with the public key PKbi (step S912). The content is encrypted with the content key.

  Then, the encrypted content key and the encrypted content are transmitted to the IPTV receiving apparatus 103 (step S913). When receiving the encrypted content key and the encrypted content, the IPTV receiving apparatus 103 decrypts the encrypted content key with the secret key SKbi (step S914).

  Then, the encrypted content is decrypted with the decrypted content key (step S915). Thereby, the IPTV receiving apparatus 103 can acquire content. The IPTV receiving apparatus 103 outputs the decrypted content to the monitor 105 (step S916), and the monitor 105 performs video processing and displays the output content (step S917). Thereby, the viewer can view the content.

<Recording viewing sequence>
FIG. 10A and FIG. 10B are sequence diagrams illustrating a recording / viewing sequence of content. First, in FIG. 10A, the IPTV receiving apparatus 103 receives a recording request (step S1001). The recording request is the designation of contents to be recorded by the viewer or channel selection (including time zone). In any case, the content number of the content to be recorded is specified by the recording request. The viewer may directly input a recording request to the IPTV receiving apparatus 103 or indirectly input a recording request to the IPTV receiving apparatus 103 via the monitor 105 (for example, a remote control operation).

  When receiving the recording request, the IPTV receiving apparatus 103 reads the device ID from the management device 106 (step S1002), and encrypts the read device ID and viewer ID with the secret key SKai (step S1003). Then, the IPTV receiving apparatus 103 transmits the encrypted device ID and the encrypted viewer ID to the authentication server 101 (step S1004).

  Further, the IPTV receiving apparatus 103 encrypts the viewer ID and the content number with the secret key SKbi (step S1005). Then, the encrypted viewer ID and the encrypted content number are transmitted to the distribution server 102 (step S1006).

  On the other hand, the authentication server 101 decrypts the received encrypted device ID and encrypted viewer ID with the public key PKai (step S1007). Then, authentication processing of the decrypted device ID and viewer ID is executed (step S1008). Specifically, it is determined whether or not there is a record in the authentication information DB 400 in which a combination of the decrypted device ID and viewer ID exists. If there is, it is authenticated, and if not, authentication fails. If authenticated, the authentication result is transmitted to the distribution server 102 (step S1009).

  Upon receiving the encrypted viewer ID, the encrypted content number (step S1006) and the authentication result (step S1009), the distribution server 102 decrypts the encrypted viewer ID and the encrypted content number with the public key PKbi (step S1010). ). Then, the content specified by the content number is encrypted with the content key (step S1011). The content key is an encryption key for encrypting content.

  Thereafter, the distribution server 102 encrypts the content key with the public key PKbi (step S1012). Then, the encrypted content key and the encrypted content are transmitted to the IPTV receiving apparatus 103 (step S1013).

  When receiving the encrypted content key and the encrypted content, the IPTV receiving apparatus 103 decrypts the encrypted content key with the secret key SKbi (step S1014).

  Then, the encrypted content is decrypted with the decrypted content key (step S1015). Thereby, the IPTV receiving apparatus 103 can acquire content. Further, the IPTV receiving apparatus 103 transmits the content specific information (for example, content number) of the decrypted content to the management device 106 (step S1016).

  Next, the process moves to FIG. In FIG. 10-2, upon receiving the content specific information, the management device 106 executes an embedded key generation process (step S1017). Details of the embedded key generation process (step S1017) will be described with reference to FIG. When the embedded key Ki is generated by the embedded key generation process (step S1017), the management device 106 transmits the embedded key Ki to the IPTV receiver 103 (step S1018).

  Then, a seed information confirmation information generation process is executed (step S1019). Details of the seed information confirmation information generation process (step S1019) will be described with reference to FIG. When the seed information confirmation information is generated by the seed information confirmation information generation process (step S1019), the seed information confirmation information is stored in the HDD and the backup HDD (step S1020).

  When receiving the embedded key Ki, the IPTV receiving apparatus 103 encrypts the content with the embedded key Ki (step S1021). Then, the encrypted content with the embedded key Ki is stored in the HDD and the backup HDD (step S1022). Thereafter, the IPTV receiving apparatus 103 receives a viewing request for the content requested to be recorded (step S1023). When the viewing request is received, the embedded key Ki is read from the management device 106 (step S1024), and the encrypted content is read from the HDD (step S1025).

  Then, the IPTV receiving apparatus 103 decrypts the encrypted content with the embedded key Ki (step S1026). The IPTV receiving apparatus 103 outputs the decrypted content to the monitor 105 (step S1027), and the monitor 105 performs video processing and displays the output content (step S1028). Thereby, the viewer can view the recorded content.

  FIG. 11 is a flowchart showing a detailed processing procedure of the embedded key generation process (step S1017) shown in FIG. 10-2. First, it waits for content to be decrypted (step S1101: No), and when decrypted (step S1101: Yes), content-specific information is extracted from the content (step S1102). Then, an embedded key Ki unique to the content is generated by using the secret information and the seed information Si and the content unique information (content number), and stored in the flash memory 303 (step S1103). Thus, the embedded key generation process (step S1017) is completed.

  FIG. 12 is a flowchart showing a detailed processing procedure of the seed information confirmation information generation process (step S1019) shown in FIG. 10-2. The seed information confirmation information is information for confirming the seed information Si. By holding the seed information confirmation information in a specific area such as an HDD, the recovery of the seed information Si can be confirmed when the management device 106 fails.

  First, it is determined whether or not the seed information Si has been acquired (step S1201). If it has not been acquired (step S1201: No), the seed information confirmation information generation process ends. On the other hand, if it has been acquired (step S1201: Yes), it waits for random information Rb (step S1202: No).

  The random information Rb is data unique to the management device 106 set at random like the random information Ra. For example, specific information generated by cooperation of the management device 106 alone or the management device 106 and the IPTV reception device 103 such as the shipment date and time of the management device 106, the production date and time, and the date and time when the connection with the IPTV reception device 103 is established. Use. However, it is preferable to use a value different from the random information Ra.

  When the random information Rb is received (step S1202: Yes), seed information confirmation information is generated from the seed information Si and the random information Rb (step S1203). For example, the hash value calculated by giving the hash function a character string connecting the end of the seed information Si and the start of the random information Rb is the seed information confirmation information. Thereby, even if there is a person who knows the secret algorithm, the seed information confirmation information cannot be estimated, and the security can be improved.

  Thereafter, the seed information confirmation information and the random information Rb are stored in a specific area such as an HDD (step S1204). Thereby, the random information Rb is given to the management device 106 after the failure repair. If the correct seed information Si is set in the management device 106, the same numerical value as the seed information confirmation information held in the specific area such as the HDD should be generated. By doing in this way, restoration of seed information Si can be checked.

<Species information recovery sequence>
FIG. 13 is a sequence diagram showing a seed information recovery sequence. In the seed information recovery sequence, the failed management device 106 (old management device 106) is replaced with a new management device 106 (new management device 106) at the installation location of the IPTV receiver 103, and the seed information Si is replaced with the new management device 106. This is a sequence for making it usable in The new management device 106 is a management device 106 for which no device ID is set.

  First, the old management device 106 is disconnected from the IPTV reception device 103 (step S1301), and the new management device 106 is connected to the IPTV reception device 103 (step S1302). The IPTV receiving apparatus 103 acquires the device ID of the old management device 106 (step S1303). The device ID of the old management device 106 is stored in the flash memory 303 of the old management device 106, but the old management device 106 is out of order and cannot be taken out. Here, it is assumed that the business trip repair person knows the device ID of the old management device 106.

  For example, if the device ID is the serial number displayed on the old management device 106, the serial number may be input. In the case of being associated with a serial number, the viewer can be notified in advance of the serial number, and the corresponding device ID can be specified by referring to a device ID / serial number correspondence table (not shown). Further, the device ID of the old management device 106 may be acquired by encrypted communication such as a public key encryption method with a server holding the correspondence table.

  Upon acquiring the device ID of the old management device 106, the IPTV reception device 103 transmits the device ID to the new management device 106 (step S1304). When the new management device 106 receives the device ID of the old management device 106, the new management device 106 executes device ID writing processing (step S1305). The device ID writing process (step S1305) will be described later with reference to FIG.

  The IPTV receiving apparatus 103 encrypts the device ID of the old management device 106 with the secret key SKai (step S1306), and transmits a key reissue request to the authentication server 101 (step S1307). The key reissue request includes the encryption device ID. Upon receiving the key reissue request, the authentication server 101 decrypts the encrypted device ID included in the key reissue request with the public key PKai (step S1308).

  Then, registration confirmation of the decrypted device ID is executed (step S1309). Specifically, it is determined whether or not the authentication information DB 400 has the same device ID as the decrypted device ID. If there is, it is confirmed that the old management device 106 has failed, and the processing is continued. If not, the failure is not confirmed and the process is terminated.

  When the registration of the device ID is confirmed, the authentication server 101 generates a public key PKai2 and a secret key SKai2 for the new management device 106 (step S1310). The authentication server 101 encrypts the secret key SKai2 newly generated with the public key PKai (step S1311), and transmits the encrypted secret key to the IPTV receiver 103 (step S1312).

  After that, the authentication server 101 overwrites the public key PKai and registers the newly generated public key PKai2 (step S1313). Then, the authentication server 101 encrypts the seed information Si in the same record as the public key PKai2 with the public key PKai2 (step S1314), and transmits the encrypted seed information Si to the IPTV receiver 103 (step S1315).

  On the other hand, when receiving the encrypted secret key from the authentication server 101, the IPTV receiving apparatus 103 decrypts the encrypted secret key with the secret key SKai (step S1316). Thereby, since the newly generated secret key SKai2 is obtained, the secret key SKai is deleted (step S1317). When the encrypted seed information Si is received, the encrypted seed information Si is decrypted with the new secret key SKai2 (step S1318). Then, the decrypted seed information Si is transmitted to the new management device 106 (step S1319).

  Thereafter, the new management device 106 reads the seed information confirmation information and the random information Rb from the HDD (step S1320), and the new management device 106 executes seed information confirmation processing (step S1320). The seed information confirmation process (step S1320) will be described later with reference to FIG. If the seed information confirmation process (step S1320) confirms that the seed information Si is valid, the new management device 106 stores the seed information Si in the flash memory 303 (step S1322).

  FIG. 14 is a flowchart showing a detailed processing procedure of the device ID writing process (step S1305). First, it waits for the device ID to be accepted (step S1401: No). If it is accepted (step S1401: Yes), it is determined whether the device ID has been written (step S1402). If it has been written (step S1402: Yes), a write failure output is performed (step S1403), and the device ID writing process is terminated. On the other hand, if it has not been written (step S1402: No), the device ID is written to the flash memory 303 of the new management device 106 (step S1404). Then, a successful writing output is performed (step S1405), and the device ID writing process is terminated.

  FIG. 15 is a flowchart showing a detailed processing procedure of the seed information confirmation processing (step S1320). First, it waits for seed information confirmation information and random information Rb (step S1501: No). When it is accepted (step S1501: Yes), new seed information confirmation information is obtained from the seed information Si and random information Rb decoded in step S1318. Is generated (step S1502). As the algorithm to be generated, the same algorithm as that used when generating the seed information confirmation information received in step S1501 is applied.

  Thereafter, it is determined whether or not both types of information confirmation information match (step S1503). If they match (step S1503: YES), a recovery success output is performed (step S1504). On the other hand, if they do not match (step S1503: No), a recovery failure output is performed (step S1505). In the case of a successful recovery output, the decrypted seed information Si is stored in the new management device 106 in step S1321.

  Further, since the viewer ID that has been used so far cannot be used due to the failure of the old management device 106, the viewer ID can be newly acquired by executing the initial setting sequence shown in FIG. When the seed information Si is stored in the new management device 106, the embedded key generation process (step S1017) shown in FIG. 11 can be executed. By executing the embedded key generation process (step S1017), the encrypted content recorded and stored in the HDD can be promptly decrypted even after the new management device 106 is replaced. Therefore, the recorded content can be restored.

  As described above, according to the disclosed technology, the repairer on a business trip replaces the IPTV board having a size that can be carried locally, and only a few settings are required, so that the old management device 106 that cannot be read from the old management device 106 that has failed. Can be transferred to the new management device 106. As a result, the new management device 106 can also generate the seed information Si that does not appear outside the gate generated by the old management device 106, and thus the embedded key Ki.

  Therefore, it is possible to improve the efficiency of the restoration work of the encrypted content, and there is an effect that convenience for the viewer is improved. Although it is easy to replace in this way, since the encryption process and the encrypted communication are performed at the time of recovery, the security can be improved. In addition, since the recovery is easy and the security is high as described above, the content can be safely distributed to an unspecified number of IPTV receivers 103.

  In the above-described example, the seed information Si is generated using the device ID. However, viewer identification information such as personal information or payment information that can identify the viewer can be used instead of the device ID. .

  The following additional notes are disclosed with respect to the embodiment described above.

(Supplementary Note 1) In a receiving system including a receiving device that securely receives content and a first management device that can be connected to the receiving device and manages the receiving device, the receiving system can be replaced with the first management device. 2 management devices
An input means for inputting identification information unique to the first management device, which is a generation source of seed information used for management of the reception device;
Writing means for writing the identification information input by the input means in a storage area in the second management device to make it unrewritable;
Management program characterized by functioning as

(Supplementary Note 2) The second management device is
The seed information is generated by securely transmitting the seed information generated from the identification information and the first random information unique to the first management apparatus from the first management apparatus via the receiving apparatus. A transmitting means for securely transmitting the acquisition request for the seed information to the registered server via the receiving device;
Receiving means for receiving the seed information from the receiving device when the seed information is securely received by the receiving device from the server as a result of the acquisition request being transmitted by the transmitting means;
Storage means for storing the seed information received by the receiving means in a storage area in the second management device;
The management program according to appendix 1, wherein the management program is made to function as:

(Supplementary Note 3) The second management device is
First generation means for generating first seed information confirmation information for confirming the seed information by a predetermined algorithm based on the seed information and second random information different from the first random information;
Second generation means for generating second seed information confirmation information for confirming the seed information by the predetermined algorithm based on the seed information and the second random information received by the reception means;
Causing the seed information confirmation information generated by the first generation means and the seed information confirmation information generated by the second generation means to function as a determination means,
The storage means includes
The management program according to appendix 2, wherein the seed information received by the receiving means is stored in a storage area in the second management device when it is determined by the determining means that they match.

(Appendix 4) The second management device is
The content is encrypted with an encryption key unique to the content generated based on the seed information and the unique information of the content, the encrypted content is stored in a predetermined storage area, and the encryption key is When stored in the first management device, the encryption key is generated based on the unique information of the content and the seed information stored in the storage area in the second management device by the storage means The management program according to appendix 3, wherein the management program is caused to function as an encryption key generation unit.

(Supplementary Note 5) In a reception system including a reception device that securely receives content and a first management device that is connectable to the reception device and manages the reception device, a first exchangeable device with the first management device 2 management devices,
An input means for inputting identification information unique to the first management apparatus, which is a generation source of seed information used for management of the reception apparatus;
Writing means for writing the identification information input by the input means into a storage area in the second management device and making it unrewritable;
A management apparatus comprising:

(Appendix 6) The second management device is:
The seed information is generated by securely transmitting the seed information generated from the identification information and the first random information unique to the first management apparatus from the first management apparatus via the receiving apparatus. A transmitting means for securely transmitting the acquisition request for the seed information to the registered server via the receiving device;
A reception unit that receives the seed information from the receiving device when the seed information is securely received by the receiving device from the server as a result of transmitting the acquisition request by the transmitting unit;
Storage means for storing the seed information received by the receiving means in a storage area in the second management device;
The management apparatus according to appendix 5, characterized by comprising:

(Appendix 7) The second management device is
First generation means for generating first seed information confirmation information for confirming the seed information by a predetermined algorithm based on the seed information and second random information different from the first random information;
Second generation means for generating second seed information confirmation information for confirming the seed information by the predetermined algorithm based on the seed information and the second random information received by the reception means;
Determining means for determining whether or not the seed information confirmation information generated by the first generation means and the seed information confirmation information generated by the second generation means match;
The storage means includes
The management apparatus according to appendix 6, wherein the seed information received by the reception means is stored in a storage area in the second management apparatus when it is determined by the determination means that they match.

(Appendix 8) The second management device is
The content is encrypted with an encryption key unique to the content generated based on the seed information and the unique information of the content, the encrypted content is stored in a predetermined storage area, and the encryption key is When stored in the first management device, the encryption key is generated based on the unique information of the content and the seed information stored in the storage area in the second management device by the storage means The management apparatus according to appendix 7, further comprising: an encryption key generation unit that performs the following.

(Supplementary note 9) A reception system including a reception device that securely receives information and a first management device that is connectable to the reception device and manages the reception device,
An input unit that is a generation source of seed information used for management of the receiving device and inputs identification information unique to the first management device to a second management device exchangeable with the first management device;
Writing means for writing the identification information input by the input means into a storage area in the second management device and making it unrewritable;
The seed information is registered by securely transmitting the seed information generated from the identification information and the first random information unique to the first management apparatus from the first management apparatus via the receiving apparatus. Transmitting means for securely transmitting the acquisition request for the seed information to the server that has been made;
A reception means for receiving the seed information when the seed information is securely received by the receiving device from the server as a result of the acquisition request being transmitted by the transmission means;
Storage means for storing the seed information received by the receiving means in a storage area in the second management device;
A receiving system comprising:

(Additional remark 10) The 1st production | generation which produces | generates the 1st seed information confirmation information which confirms the said seed information by a predetermined algorithm based on the 2nd random information different from the said seed information and said 1st random information Means,
Second generating means for generating second seed information confirmation information for confirming the seed information by the predetermined algorithm based on the seed information and the second random information received by the receiving means;
Determining means for determining whether or not the seed information confirmation information generated by the first generation means and the seed information confirmation information generated by the second generation means match;
The storage means includes
The receiving system according to appendix 9, wherein the seed information received by the receiving means is stored in a storage area in the second management device when it is determined by the determining means that they match.

(Supplementary Note 11) The content is encrypted with an encryption key unique to the content generated based on the seed information and the unique information of the content, and the encrypted content is stored in a predetermined storage area, and When the encryption key is stored in the first management device, based on the unique information of the content and the seed information stored in the storage area in the second management device by the storage means, An encryption key generating means for generating an encryption key;
Decryption means for decrypting the encrypted content with the encryption key generated by the encryption key generation means;
The receiving system according to claim 10, further comprising:

100 Receiving System 101 Authentication Server 102 Distribution Server 103 IPTV Receiving Device (Receiving Device)
105 Monitor 106 Management device (management device)
400 Authentication information DB
500 viewer information DB

Claims (10)

In a receiving system comprising a receiving device that securely receives content and a first management device that can be connected to the receiving device and manages the receiving device, a second management device that can be exchanged with the first management device The
An input means for inputting identification information unique to the first management device, which is a generation source of seed information used for management of the reception device;
Writing means for writing the identification information input by the input means into a storage area in the second management device to make it unrewritable;
Management program characterized by functioning as The second management device;
The seed information is generated by securely transmitting the seed information generated from the identification information and the first random information unique to the first management apparatus from the first management apparatus via the receiving apparatus. A transmission means for securely transmitting the acquisition request for the seed information to the registered server via the receiving device;
Receiving means for receiving the seed information from the receiving device when the seed information is securely received by the receiving device from the server as a result of the acquisition request being transmitted by the transmitting means;
Storage means for storing the seed information received by the receiving means in a storage area in the second management device;
The management program according to claim 1, wherein the management program is made to function as: The second management device;
First generation means for generating first seed information confirmation information for confirming the seed information by a predetermined algorithm based on the seed information and second random information different from the first random information;
Second generation means for generating second seed information confirmation information for confirming the seed information by the predetermined algorithm based on the seed information and the second random information received by the reception means;
Causing the seed information confirmation information generated by the first generation means and the seed information confirmation information generated by the second generation means to function as a determination means,
The storage means includes
3. The management program according to claim 2, wherein when the determination unit determines that they match, the seed information received by the reception unit is stored in a storage area in the second management apparatus. The second management device;
The content is encrypted with an encryption key unique to the content generated based on the seed information and the unique information of the content, the encrypted content is stored in a predetermined storage area, and the encryption key is When stored in the first management device, the encryption key is generated based on the unique information of the content and the seed information stored in the storage area in the second management device by the storage means The management program according to claim 3, wherein the management program is made to function as an encryption key generation unit. In a receiving system comprising a receiving device that securely receives content and a first management device that can be connected to the receiving device and manages the receiving device, a second management device that can be exchanged with the first management device Because
An input means for inputting identification information unique to the first management apparatus, which is a generation source of seed information used for management of the reception apparatus;
Writing means for writing the identification information input by the input means into a storage area in the second management device and making it unrewritable;
A management apparatus comprising: The second management device is:
The seed information is generated by securely transmitting the seed information generated from the identification information and the first random information unique to the first management apparatus from the first management apparatus via the receiving apparatus. A transmitting means for securely transmitting the acquisition request for the seed information to the registered server via the receiving device;
A reception unit that receives the seed information from the receiving device when the seed information is securely received by the receiving device from the server as a result of transmitting the acquisition request by the transmitting unit;
Storage means for storing the seed information received by the receiving means in a storage area in the second management device;
The management apparatus according to claim 5, further comprising: The second management device is:
First generation means for generating first seed information confirmation information for confirming the seed information by a predetermined algorithm based on the seed information and second random information different from the first random information;
Second generating means for generating second seed information confirmation information for confirming the seed information by the predetermined algorithm based on the seed information and the second random information received by the receiving means;
Determining means for determining whether or not the seed information confirmation information generated by the first generation means and the seed information confirmation information generated by the second generation means match;
The storage means includes
The management apparatus according to claim 6, wherein when the determination unit determines that they match, the seed information received by the reception unit is stored in a storage area in the second management apparatus. The second management device is:
The content is encrypted with an encryption key unique to the content generated based on the seed information and the unique information of the content, the encrypted content is stored in a predetermined storage area, and the encryption key is When stored in the first management device, the encryption key is generated based on the unique information of the content and the seed information stored in the storage area in the second management device by the storage means The management apparatus according to claim 7, further comprising: an encryption key generation unit that performs. A receiving system comprising: a receiving device that securely receives information; and a first management device that is connectable to the receiving device and manages the receiving device,
Input means for inputting identification information unique to the first management apparatus, which is a generation source of the seed information used for management of the reception apparatus, to a second management apparatus exchangeable with the first management apparatus;
Writing means for writing the identification information input by the input means in a storage area in the second management device and making the rewriting impossible;
The seed information is registered by securely transmitting the seed information generated from the identification information and the first random information unique to the first management apparatus from the first management apparatus via the receiving apparatus. Transmitting means for securely transmitting the acquisition request for the seed information to the server that has been made;
A reception means for receiving the seed information when the seed information is securely received by the receiving device from the server as a result of the acquisition request being transmitted by the transmission means;
Storage means for storing the seed information received by the receiving means in a storage area in the second management device;
A receiving system comprising: First generation means for generating first seed information confirmation information for confirming the seed information by a predetermined algorithm based on the seed information and second random information different from the first random information;
Second generating means for generating second seed information confirmation information for confirming the seed information by the predetermined algorithm based on the seed information and the second random information received by the receiving means;
Determining means for determining whether or not the seed information confirmation information generated by the first generation means and the seed information confirmation information generated by the second generation means match;
The storage means includes
The receiving system according to claim 9, wherein when it is determined by the determining means that the data match, the seed information received by the receiving means is stored in a storage area in the second management device.

Images