JP2013009360A - Broadcasting transmission device, broadcasting communication cooperation reception device, and program therefor, and broadcasting communication cooperation system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make it possible to perform start-up control of an application depending on a result of verifying authenticity of the application described in APL start-up information on an application-by-application basis, by cooperation between a broadcasting transmission device and broadcasting communication cooperation reception device.SOLUTION: A broadcasting communication cooperation system S comprises: a broadcasting transmission device 100 which calculates an authenticator Tagof a selected A application by using an authenticator calculation key Kand adds it to APL start-up information, and encrypts the authenticator calculation key Kand transmits it by a broadcasting wave; and a broadcasting communication cooperation reception device 400 which acquires an application described in APL start-up information corresponding to the A application selected by the broadcasting transmission device 100, calculates an authenticator Tagof the acquired application by using the authenticator calculation key K, verifies authenticity of the application by comparing the authenticator Tagand authenticator Tagwhich are included in the APL start-up information, and controls start-up of the application on the basis of the verification result.

Description

  The present invention verifies the authenticity of an application designated by application activation information and controls the activation of the application in accordance with the authenticity, a broadcast communication cooperative reception apparatus and program thereof, and a broadcast communication cooperative system About.

2. Description of the Related Art Conventionally, a technique for controlling the activation of an application by a broadcast wave transmitted by digital broadcasting is known (Patent Document 1, Non-Patent Document 1).
For example, in the technique described in Non-Patent Document 1, an application information table (AIT) is broadcast as an elementary stream (ES) constituting a broadcast program in a section format (TS: Transport Stream). Multiplexed to the receiver. Here, the AIT is data including additional information for specifying an application and controlling the application.

  On the other hand, the receiving device separates and extracts the AIT from the received broadcast wave, and based on control information such as start (AUTOSTART) and end (KILL) described in the AIT for the application described in the AIT. And control the life cycle of the application (the process from when the application is loaded and executed until it ends).

JP 2010-166335 A

The Japan Radio Industry Association, “Application Execution Environment in Digital Broadcasting Standard ARIB STD-B23 1.2 Edition”, July 29, 2009, p. 39-54

  By the way, a broadcaster or a third party authorized by a broadcaster selects an application in accordance with the content of the broadcast program from a number of applications created in advance by various service providers. In some cases, the application is operated as an authorized application (hereinafter simply referred to as an A application) indicating that it has been approved by a broadcaster or the like.

  In this way, the A application that is operated under the instruction of the broadcaster is considered that the broadcaster has given the minimum approval for the content of the application and the reliability of the operation. For this reason, in order to ensure the reliability of the broadcaster, even when this A application is activated on the receiving device, the authenticity of the broadcaster with the approval (approval) is confirmed. It is necessary to be. That is, it is required that the content of the application that the broadcaster or the like wants to operate as the A application matches the content of the A application that is activated by the receiving device.

In providing an application, it is conceivable that a service provider providing the application gives a signature to the application and verifies the signature on the receiver side. As a result, it is possible to identify the service provider that provides the application and verify whether or not the application conforms to the intention of the service provider.
However, in the above method, the authenticity of the application is left to the service provider that provides the application, and the contents of the application that the broadcaster or the like wants to operate as the A application and the application that is activated by the user's receiving device. It was not possible to verify on a per-application basis whether the contents matched.

For this reason, for example, the content and operation of the application that the broadcaster or the like has instructed in the application activation information is changed by the malicious rewrite or version upgrade of the application by the broadcaster or the like. There is a risk that it will be presented to the user as an A application even if it is not in accordance with the intention at the time of giving approval.
Thus, if the broadcaster or the like gives approval as an A application and an application having a content different from the content specified in the application activation information is presented to the user as an A application, the reliability of the broadcaster may be impaired. is there.

  The present invention has been made in view of such problems, and when a user acquires an A application that is approved in advance by the broadcaster or the like and instructed in the application activation information, the broadcaster or the like is used as the A application. Can verify the authenticity of the application approved by the application, and can control the activation of the application according to the result, broadcast transmission device, broadcast communication cooperation receiving device and its program, and broadcast communication cooperation The challenge is to provide a program.

  The present invention has been made to solve the above-described problem. First, the broadcast transmission device according to claim 1 is described in the application activation information distributed to the broadcast communication cooperative reception device via a communication line. A broadcast transmission apparatus in a broadcast communication cooperation system that verifies the authenticity of an application through cooperation between the broadcast transmission apparatus and the broadcast communication cooperative reception apparatus, and controls the activation of the application according to the verification result. A child calculation unit, an application activation information generation unit, a common information encryption unit, an individual information encryption unit, a multiplexing unit, and a broadcast transmission unit are provided.

According to such a configuration, the broadcast transmitting apparatus calculates the authenticator of the application using the selected application or the hash value of the application and the first encryption key by the authenticator calculating unit. Thereby, the authenticator depending on the contents of the application is calculated.
Also, the broadcast transmitting apparatus generates application activation information, which is information for starting an application, to which the authentication code calculated by the authentication code calculation unit is added by the application activation information generation unit.
Further, the broadcast transmitting apparatus includes, by using the common information encryption unit, the common information that is common information for each of the broadcast communication cooperation receiving apparatuses including the first encryption key for calculating the authenticator of the application. Encrypt using the encryption key.

Subsequently, the broadcast transmission device uses the individual information encryption unit to individually transmit individual information including the second encryption key to each of the broadcast / communication cooperative reception devices, to each of the broadcast / communication cooperative reception devices. Encrypt using the master key.
Then, the broadcast transmission apparatus multiplexes the encrypted common information, the encrypted individual information, the video / audio content, and the data broadcast content by the multiplexing means, or further includes an application. Multiplex the startup information to generate a stream.
Then, the broadcast transmission device transmits the stream generated by the multiplexing unit to the plurality of broadcast communication cooperative reception devices by the broadcast transmission unit.

  In this manner, the first encryption key used to calculate the application authenticator by the authenticator generating means of the broadcast transmitting apparatus can be transmitted to the broadcast communication cooperative receiving apparatus via the broadcast wave. Thereby, in the broadcasting / communication cooperation receiving apparatus, it is possible to calculate the authenticator of the acquired application using the first encryption key. Then, on the broadcast communication cooperative receiving device side, the authenticator added to the application activation information calculated by the broadcast transmitting device and the application authenticator calculated on the broadcast communication cooperative receiving device side are used to correct each application. The authenticity can be verified. Further, the first encryption key can be changed as necessary.

  The broadcast communication cooperative reception device according to claim 2 cooperates between the broadcast transmission device and the broadcast communication cooperative reception device with respect to the authenticity of the application described in the application activation information distributed to the broadcast communication cooperative reception device via a communication line. And a broadcast communication cooperative receiving device in the broadcast communication cooperative system that controls the activation of the application according to the verification result, the broadcast receiving means, the broadcast signal analyzing means, the application activation information acquiring means, The application activation information storage means, the individual information decryption means, the common information decryption means, the application acquisition means, the authenticator calculation means, the application verification means, and the application execution means.

According to such a configuration, the broadcasting / communication cooperation receiving apparatus receives the stream transmitted from the broadcasting transmitting apparatus by the broadcasting receiving unit.
Also, the broadcast communication cooperative receiving apparatus analyzes the broadcast signal included in the stream received by the broadcast receiving means by the broadcast signal analyzing means, and is encrypted common information that is common information for the broadcast communication cooperative receiving apparatus. And encrypted individual information, video / audio content, data broadcast content, and application activation information, which are individual information for the device.

The broadcast communication cooperative reception device is information for starting an application generated by the broadcast transmission device by the application start information acquisition unit, and the application start information with the application authenticator added thereto is broadcast or communication. get.
Furthermore, the broadcasting / communication cooperation receiving apparatus stores the application activation information acquired by the application activation information acquisition unit by the application activation information storage unit.

Furthermore, the broadcasting / communication cooperation receiving device uses the individual information decrypting unit to obtain the encrypted common information from the encrypted individual information extracted by the broadcasting signal analyzing unit using a master key unique to the device. Decrypt the second encryption key for decryption. As a result, the encrypted common information can be decrypted.
Subsequently, the broadcasting / communication cooperation receiving apparatus uses the second encryption key decrypted by the individual information decrypting means by the common information decrypting means, from the encrypted common information extracted by the broadcast signal analyzing means, The first encryption key for calculating the authenticator is decrypted. As a result, it is possible to calculate the authenticator of the application.

Next, the broadcasting / communication cooperation receiving apparatus receives an application selection input by the application management / execution control means, instructs the acquisition of the application, and controls the activation of the application.
For example, an input of an application selection operation using a remote controller or a mouse is accepted from a user who refers to a list of applications presented on a digital broadcast screen.

Subsequently, the broadcasting / communication cooperation receiving apparatus acquires the application instructed by the application management / execution control means via the communication line by the application acquisition means.
As a result, the pre-approved application held by the broadcaster's server or the pre-approved application provided by an external service provider or general user, as instructed in the application activation information, is acquired. It becomes possible.

Then, the broadcasting / communication cooperation receiving apparatus uses the application acquired by the application acquiring unit or the hash value calculated from the application by the authenticator calculating unit and the first encryption key decrypted by the common information decrypting unit. To calculate the authenticator of the application.
Thereby, the authenticator depending on the contents of the application acquired by the application acquisition unit is calculated. Then, this authenticator can be compared with the authenticator added to the application activation information on the broadcaster side, that is, the authenticator generated from the application that has been previously approved by the broadcaster side. It becomes.

  In the broadcast communication cooperative receiving apparatus, the authenticator calculated by the authenticator calculating unit and the authenticator included in the application activation information stored in the application activation information storage unit match each other by the application verification unit. Verify the authenticity of the application by verifying whether to do so.

According to this, the broadcasting / communication cooperation receiving device uses the first encryption key used to calculate the authenticator for the pre-approved application instructing the application activation information on the broadcasting transmitting device side. The authenticator of the application corresponding to this pre-approved application is calculated, that is, the authenticator is calculated using the first encryption key common to the broadcast transmitting apparatus and the broadcast communication cooperative receiving apparatus. As a result, the difference between the calculated authenticators depends on the difference in the contents of the application.
Therefore, by verifying whether or not the authenticator calculated by the authenticator calculating means and the authenticator included in the application activation information acquired by broadcasting or communication match each other, Whether the content of the application approved in advance on the broadcaster side matches the content of the application described in the application startup information corresponding to the application approved in advance on the broadcaster side, acquired by the application acquisition unit Can be determined.

  That is, if the authenticator calculated by the authenticator calculating means matches the authenticator included in the application activation information acquired by broadcasting or communication, the contents of the application acquired by the application acquiring means and the broadcasting business It can be seen that the content of the application that has been approved in advance by the user matches. On the other hand, if the authenticator calculated by the authenticator calculating means and the authenticator included in the application activation information acquired by broadcasting or communication do not match, the contents of the application acquired by the application acquiring means and the broadcasting business It can be seen that the content of the intended application that has been previously approved by the user does not match.

Then, the broadcasting / communication cooperation receiving apparatus receives the verification result input indicating that the application authenticity is confirmed from the application verification means by the application execution availability determination means by the application execution means. The application is executed according to the application execution instruction.
As a result, it is executed only when the authenticity is confirmed by the application verification means, that is, when the application acquired by the application acquisition means matches the intended application that has been previously approved by the broadcaster. For this reason, it is possible to prevent an application not intended by the broadcaster from being executed.

  According to a third aspect of the present invention, there is provided a broadcast transmission program in which the broadcast transmission device and the broadcast communication cooperative reception device cooperate with each other to determine the authenticity of the application described in the application activation information distributed to the broadcast communication cooperative reception device via a communication line. In the broadcasting / communication cooperation system that verifies and controls the activation of the application according to the verification result, in order to verify the authenticity of the application, the computer includes an authenticator calculation unit, an application activation information generation unit, and common information. The encryption unit, the individual information encryption unit, the multiplexing unit, and the broadcast transmission unit function.

According to such a configuration, the broadcast transmission program calculates the authenticator of the application by the authenticator calculating means using the selected application or the hash value calculated from the application and the first encryption key.
The broadcast transmission program generates application activation information, which is information for starting an application, to which the authentication code calculated by the authentication code calculation unit is added by the application activation information generation unit.

Subsequently, the broadcast transmission program encrypts common information, which is common information for each of the broadcast communication cooperative reception devices, including the first encryption key, using the second encryption key, by the common information encryption unit. .
Furthermore, the broadcast transmission program includes individual information that is individually transmitted to each of the broadcast communication cooperative reception devices including the second encryption key by the individual information encryption unit. Encrypt using the master key.

Then, the broadcast transmission program multiplexes the encrypted common information including the encrypted common information, the encrypted individual information, the video / audio content, the data broadcast content, or the application. Multiplex the startup information to generate a stream.
Then, the broadcast transmission program transmits the stream generated by the multiplexing unit to the plurality of broadcast communication cooperative reception devices by the broadcast transmission unit.

  According to another aspect of the broadcast communication cooperative reception program of the present invention, the authenticity of the application described in the application activation information distributed between the broadcast communication cooperative reception device and the broadcast communication cooperative reception device is distributed between the broadcast transmission device and the broadcast communication cooperative reception device. In the broadcasting / communication cooperation system that collaborates and verifies the activation of the application in accordance with the verification result, in order to verify the authenticity of the application, the computer includes a broadcast receiving unit, a broadcast signal analyzing unit, It is configured to function as application activation information acquisition means, application activation information storage means, individual information decoding means, common information decoding means, application acquisition means, authenticator calculation means, application activation availability determination means, and application execution means.

According to such a configuration, the broadcast communication cooperative reception program receives the stream transmitted from the broadcast transmission device by the broadcast receiving means.
The broadcast communication cooperative reception program analyzes the broadcast signal included in the stream received by the broadcast reception means by the broadcast signal analysis means, and is encrypted common information that is common information for the broadcast communication cooperative reception device. And encrypted individual information, video / audio content, data broadcast content, and application activation information, which are individual information for the device.

The broadcast communication cooperative reception program is information for starting an application generated by the broadcast transmission apparatus by the application start information acquisition unit, and broadcasts or communicates the application start information to which the authenticator of the application is added. Get in.
Further, the broadcast communication cooperative reception program stores the application activation information acquired by the application activation information acquisition unit by the application activation information storage unit.

Subsequently, the broadcast communication cooperative reception program uses the individual information decrypting unit to extract the encrypted common information from the encrypted individual information extracted by the broadcast signal analyzing unit using a master key unique to the device. Decrypt the second encryption key for decryption.
Further, the broadcast communication cooperative reception program uses the second encryption key decrypted by the individual information decryption means by the common information decryption means to authenticate the application from the encrypted common information extracted by the broadcast signal analysis means. The first encryption key for calculating the child is decrypted.

Next, the broadcast communication cooperative reception program accepts an input of application selection by the application management / execution control means, instructs the acquisition of the application, and controls the activation of the application.
The broadcast communication cooperative reception program acquires an application instructed by the application management / control unit by the application acquisition unit via the communication line.
Furthermore, the broadcast communication cooperative reception program uses the application acquired by the application acquiring unit or the hash value calculated from the application by the authenticator calculating unit and the first encryption key decrypted by the common information decrypting unit. To calculate the authenticator of the application.

In the broadcast communication cooperative reception program, the authenticator calculated by the authenticator calculating means and the authenticator included in the application activation information stored in the application activation information storage means match each other by the application verification means. Verify the authenticity of the application by verifying whether to do so.
Then, the broadcast communication cooperative reception program is received by the application execution unit from the application management / execution control unit that has received the input of the verification result that the authenticity of the application has been confirmed by the application verification unit. Run the application.

  In the broadcast communication cooperative system according to claim 5, the broadcast transmission device and the broadcast communication cooperative reception device cooperate with each other in the authenticity of the application described in the application activation information distributed to the broadcast communication cooperative reception device via the communication line. A broadcast communication cooperation system that operates and verifies and controls activation of the application according to the verification result, wherein the broadcast transmission device includes an authenticator calculation unit, an application activation information generation unit, and a common information encryption Means, an individual information encryption means, a multiplexing means, and a broadcast transmission means, and the broadcasting / communication cooperation receiving apparatus, the broadcast receiving means, the broadcast signal analysis means, the application activation information acquisition means, and the application activation Information storage means, individual information decryption means, common information decryption means, application acquisition means, authenticator calculation means, application And Shon start determination means, and configured to include an application executing means.

According to such a configuration, the broadcasting / communication cooperation system uses the authenticator calculating unit of the broadcast transmitting apparatus to select the application or the hash value calculated from the application and the first encryption key, and the authenticator of the application. Is calculated.
In the broadcasting / communication cooperation system, the application activation information generating unit of the broadcast transmitting apparatus generates application activation information that is information for starting an application to which the authentication code calculated by the authentication code calculating unit is added.

Furthermore, the broadcasting / communication cooperation system uses the second encryption key by the common information encryption unit of the broadcasting transmission apparatus, using the second encryption key, including the first encryption key and common information that is common information for each of the broadcasting / communication cooperation receiving apparatuses. To encrypt.
Subsequently, the broadcasting / communication cooperation system receives broadcasting / communication cooperation receiving individual information individually transmitted to each of the broadcasting / communication cooperation receiving devices including the second encryption key by the individual information encryption unit of the broadcasting transmitting device. Encryption is performed using a master key unique to each device.

Then, the broadcasting / communication cooperation system multiplexes the encrypted common information, the encrypted individual information, the video / audio content, and the data broadcasting content by the multiplexing means of the broadcast transmitting apparatus. Alternatively, the application activation information is multiplexed to generate a stream.
In the broadcast communication cooperative system, the broadcast transmission unit of the broadcast transmission device transmits the stream generated by the multiplexing unit to the plurality of broadcast communication cooperative reception devices.

Subsequently, the broadcast / communication cooperation system receives a stream transmitted from the broadcast transmission apparatus by the broadcast reception unit of the broadcast / communication cooperation reception apparatus.
Also, the broadcast communication cooperative system analyzes the broadcast signal included in the stream received by the broadcast receiving means by the broadcast signal analysis means of the broadcast communication cooperative reception apparatus, and is encryption information that is common information for the broadcast communication cooperative reception apparatus. Common information, encrypted individual information, video / audio content, data broadcast content, and application activation information, which are individual information for the device.

Furthermore, the broadcasting / communication cooperation system is information for starting an application by the application starting information acquisition unit of the broadcasting / communication cooperation receiving apparatus, and acquires application starting information to which an application authenticator is added by broadcasting or communication.
Next, the broadcasting / communication cooperation system is information for starting an application generated by the broadcasting transmission apparatus by the application starting information storage unit of the broadcasting / communication cooperation receiving apparatus, and an application to which an authenticator of the application is added. Store startup information.

Subsequently, the broadcasting / communication cooperation system is encrypted from the encrypted individual information extracted by the broadcasting signal analysis means by the individual information decrypting means of the broadcasting / communication cooperation receiving apparatus using a master key unique to the apparatus. The second encryption key for decrypting the common information is decrypted.
Further, the broadcast communication cooperative system uses the second encryption key decrypted by the individual information decryption means by the common information decryption means of the broadcast communication cooperative reception device, and the encrypted common information extracted by the broadcast signal analysis means. Then, the first encryption key for calculating the authenticator of the application is decrypted.
Further, in the broadcast communication cooperative system, the application management / execution control means of the broadcast communication cooperative reception apparatus accepts an input of application selection, instructs acquisition of the application, and controls activation of the application.

Next, in the broadcasting / communication cooperation system, the application acquisition unit of the broadcasting / communication cooperation receiving device acquires the application instructed from the application management / execution control unit via the communication line.
Further, the broadcasting / communication cooperation system is configured such that the authenticator calculating unit of the broadcasting / communication cooperation receiving apparatus acquires the application acquired by the application acquiring unit or the hash value calculated from the application, and the first cipher decrypted by the common information decoding unit. The authenticator of the application is calculated using the key.

The broadcast communication cooperative system includes an authenticator calculated by the authenticator calculating means by the application verification means of the broadcast communication cooperative receiving apparatus, and an authenticator included in the application activation information stored in the application activation information storage means. And verify the authenticity of the application by verifying whether they match each other.
Then, the broadcasting / communication cooperation system is configured such that the application execution unit of the broadcasting / communication cooperation receiving apparatus receives the verification result that the authenticity of the application has been confirmed by the application verification unit, and the application management / execution control unit receives the application. The application is executed according to the execution instruction.

The present invention has the following excellent effects.
According to the first and third aspects of the present invention, the first encryption key used for calculating the authenticator for the pre-approved application designated by the broadcast transmission apparatus side in the application activation information is broadcasted via the broadcast wave. By transmitting to the cooperative reception device, the first encryption key can be shared with the broadcast communication cooperative reception device. The first encryption key can be easily changed as necessary. Further, by adding the calculated authenticator to the application activation information, the calculated authenticator can be notified to the broadcast communication cooperative receiving apparatus.
As a result, when an application is acquired based on the application activation information on the broadcast communication cooperative reception device side, it is possible to calculate the authenticator of the application using the first encryption key received from the broadcast transmission device. Become.
It is also possible to verify the authenticity of the application described in the application activation information by comparing the authenticator calculated on the broadcast communication cooperative receiving device side with the authenticator added to the application activation information on the broadcast transmitting device. It becomes.
As a result, the broadcast transmitting device and the broadcast communication cooperative receiving device can collaborate to verify the authenticity of each application described in the application activation information.

  According to the second and fourth aspects of the present invention, the first encryption key used for calculating the application authenticator described in the application activation information approved in advance from the broadcast transmitting apparatus side is received via the broadcast wave. Then, it becomes possible to calculate the authenticator of the application acquired based on the application activation information using the first encryption key. Then, the authenticator of the application acquired by the broadcast communication cooperative receiving apparatus and the authenticator calculated for the application approved in advance corresponding to the application acquired based on the application activation information in the broadcast transmitting apparatus match each other. It is possible to verify the authenticity of the application acquired based on the application activation information. And, as a result of the verification, if the authenticity of the application acquired by the broadcasting / communication cooperation receiving apparatus is not confirmed, the application is not executed, so that it is not intended to differ from the contents of the application approved in advance by the broadcaster side. It is possible to prevent the application from being executed. For this reason, the reliability of the broadcaster can be ensured.

According to the fifth aspect of the present invention, the authenticity of each application described in the application activation information can be verified by cooperation between the broadcast transmitting apparatus and the broadcast communication cooperative receiving apparatus.
In addition, when the authenticity of the application is not confirmed, the broadcast communication cooperation receiving apparatus does not execute the application, so that an application having an unintended content different from the content of the application approved in advance by the broadcaster side is obtained. It is possible to prevent execution. For this reason, the reliability of the broadcaster can be ensured.

It is a figure which shows the outline | summary of the broadcast communication cooperation system of this invention. It is a block diagram which shows the structure of the broadcast transmission apparatus in the broadcast communication cooperation system which concerns on embodiment of this invention. It is a figure explaining the example of the application starting information produced | generated with the broadcast transmission apparatus in the broadcast communication cooperation system which concerns on embodiment of this invention. It is a figure explaining the example of the application control code contained in the application starting information produced | generated with the broadcast transmission apparatus in the broadcast communication cooperation system which concerns on embodiment of this invention. It is a flowchart which shows operation | movement of the broadcast transmission apparatus in the broadcast communication cooperation system which concerns on embodiment of this invention. It is a block diagram which shows the structure of the broadcast communication cooperation receiving apparatus in the broadcast communication cooperation system which concerns on embodiment of this invention. It is a flowchart which shows the application starting / ending operation | movement of the broadcast communication cooperation receiving apparatus in the broadcast communication cooperation system which concerns on embodiment of this invention.

Embodiments of the present invention will be described below with reference to the drawings.
[Broadcasting communication system configuration]
First, the configuration of the broadcasting / communication cooperation system will be described with reference to FIG. Hereinafter, the application may be described as “APL”.
The broadcasting / communication cooperation system S is a system that links broadcasting and communication and presents an application to a viewer. Here, the application is software that operates using the broadcasting / communication cooperation receiving apparatus 400 described later as an execution environment.
In the broadcast communication cooperation system S, a broadcast transmission apparatus 100, an APL server 200, an APL activation information server 210, a broadcast communication cooperation reception apparatus 400, and an APL activation information server 500 are connected via a communication line N. Configured. The communication line N may be wired or wireless.

The broadcast transmission apparatus 100 is installed in a broadcast station, and transmits a broadcast program (content) accompanying program organization and program information associated therewith to the broadcast communication cooperative reception apparatus 400 via a broadcast wave W.
Also, the broadcast transmitting apparatus 100 generates application activation information necessary for starting an application, and manages the application activation information using the application activation information (for example, the APL activation information server 210 and the APL activation information server 500). May accumulate.
Further, the broadcast transmitting apparatus 100 may generate application activation information necessary for activating an application, add the application activation information to the broadcast wave W, and transmit the application activation information to the broadcast communication cooperative reception apparatus 400 in some cases.
Here, the application activation information is information for identifying an application such as an application identifier (ID), an application placement location, and additional information for controlling the application.
Here, the broadcast transmitting apparatus 100 will be described in the form of transmitting a broadcast program or the like as a broadcast wave W, but may be transmitted via a cable (not shown) or a communication line N. The configuration and operation of the broadcast transmitting apparatus 100 will be described in detail later.

  The APL (application) server 200 provides an application created in advance by a service provider to the broadcasting / communication cooperation receiving apparatus 400 via the communication line N. As described above, the application directly provided from the APL server 200 to the broadcasting / communication cooperation receiving device 400 includes a general application that is not approved by an authorized organization, and a third trusted by the broadcaster or the broadcaster in advance. It is roughly divided into A application that is given approval by the organization.

  Here, the general application means an application or the like created by a service provider (including general users) and has not been approved by the certification body, and the A application means a service provider (general An application created by (including users) that has been approved by the certification authority authorized by the broadcaster.

  The APL activation information server 210 stores application activation information of applications stored in the APL server 200.

  Here, the APL (application) registration device 300 is installed in the broadcasting station itself or a third party authorized by the broadcasting station to approve the A application. The APL confirmation device 310, the management device 320, Is provided.

The APL (application) confirmation device 310 accepts an application registration application from the APL server 200, verifies the application, and gives approval as an A application of the broadcasting station when a predetermined standard is satisfied.
There are various criteria for granting approval as an A application. For example, if an application for application from a service provider is in line with the content of a broadcast program provided by a broadcast station and the content is reliable, The application may be given approval as an A application. The application given approval as the A application by the APL confirmation device 310 is managed by the management device 320 or an external APL server (for example, the APL server 200).
It is assumed that the network address (IP address or the like) of the APL registration apparatus 300 is held in advance by the broadcast transmission apparatus 100.

The management device 320 accumulates and stores information on the application (A application) approved by the APL confirmation device 310. Here, the application A can be linked to or not linked to the program, linked to the program channel, or linked to the program channel at the discretion of the broadcasting station. Since it does not matter whether it is different or channel-linked / non-linked, the following explanation will be made without distinguishing in principle. Here, the A application information includes at least an application or an application hash value, application identification information (application ID, application name, etc.), and an application location. The entity of the application may be managed by the management device 320 or may be managed by the application creator's own server. When distributedly managed by the application creator's own server, the management device 320 manages the hash value of the application when approved by the APL confirmation device 310 and the location of the application.
The A application information managed by the management apparatus 320 is appropriately selected by referring to the broadcast transmission apparatus 100 via the communication line N. The A application information thus selected is provided to the broadcasting / communication cooperation receiving device 400 via the communication line N.

The APL (application) activation information server 500 holds application activation information created by a broadcasting station and corresponding to an approved application (A application). The APL activation information held in the APL activation information server 500 is acquired via the communication line N by the broadcasting / communication cooperation receiving device 400.
Further, for example, when the APL activation information server 500 receives a push notification request for a specific application from the broadcasting / communication cooperation receiving device 400, the APL activation information server 500 transmits the application activation information to the broadcasting / communication cooperation receiving device 400 via the communication line N. At this time, the APL activation information server 500 registers the broadcast communication cooperative reception device 400 that has made the push notification request, and when the application activation information of a specific application is updated, the application activation information is registered as the registered broadcast. It transmits to the communication cooperation receiver 400. Or you may notify that application starting information was updated.
The APL activation information server 500 (see FIG. 1) may be installed in the broadcasting station or held by a third party.

The broadcasting / communication cooperation receiving apparatus 400 presents a broadcast program to the viewer and operates the application to present it to the viewer. The configuration and operation of the broadcast communication cooperative reception device 400 will be described in detail later.
By configuring the broadcasting / communication cooperation system S in this manner, in the broadcasting / communication cooperation receiving device 400, the viewer views the broadcast program provided by the broadcasting station and also provides the application provided by the service provider or the broadcasting station. It can be operated. The configuration and operation of the broadcast communication cooperative reception device 400 will be described in detail later.

The broadcasting / communication cooperation system S according to the embodiment of the present invention provides an application (A) when a broadcasting station or a third-party organization gives approval as satisfying predetermined criteria for reliability and minimum operation of the application. Application) and the content of the A application when provided to the viewer, that is, whether the A application when provided to the viewer has authenticity or not is broadcasted. The apparatus 100 and the broadcasting / communication cooperation receiving apparatus 400 cooperate to enable verification in units of applications.
Next, the configuration and operation of such a broadcast transmission device 100 and the configuration and operation of the broadcast communication cooperative reception device 400 will be described.

[Configuration of Broadcast Transmitter]
First, with reference to FIG. 2 (refer to FIG. 1 as appropriate), the configuration of the broadcast transmitting apparatus 100 according to the embodiment of the present invention will be described.
Here, the broadcast transmitting apparatus 100 includes an APL selection unit 101, an authenticator calculation unit 102, a common information encryption unit 103, an individual information encryption unit 104, an APL activation information generation unit 105, and a content storage unit 106. A data broadcast content storage unit 107, a multiplexing unit 108, and a broadcast transmission unit 109.

The APL (application) selection unit 101 selects one or more applications from the A application information stored in the management device 320 of the APL registration device 300.
For example, when the APL selection unit 101 receives an input of A application selection from the outside by the administrator of the broadcasting station, the APL selection unit 101 acquires A application information related to the selection from the management device 320.

  In this case, the broadcast transmitting apparatus 100 further includes, for example, a list display unit (not shown) that displays a list of information (for example, an ID or URL of the A application) specifying the A application on a display device (not shown). In other words, the APL (application) selection unit 101 receives an input of an A application selection operation via an input unit (for example, a remote controller (not shown)) by a broadcast station manager who refers to the list, and the management device 320. The A application information related to the selection is acquired from. The A application information includes at least the application itself or the hash value of the application, application identification information, and the location of the application.

  For example, the APL selection unit 101 may have a function of automatically selecting the A application according to a predetermined condition. For example, the APL selection unit 101 has a list of A applications corresponding to the broadcast program genre, broadcast period, etc. in advance, and automatically selects an appropriate A application when the broadcast program or broadcast period is input. Then, the A application information related to the selection may be acquired from the management device 320. The A application information related to the A application selected by the APL selection unit 101 is output to the authenticator calculation unit 102.

The authenticator calculating unit 102 includes an A application or a hash value of the A application included in the A application information related to the A application selected by the APL selecting unit 101, and a key for calculating an authenticator issued from a key issuing unit (not shown). Is used to calculate the authenticator of the selected A application using the authenticator calculation key K ₁ (first encryption key). Format authenticator calculates key K ₁ is not limited in particular, it is possible to use the key of a pseudo random number generated by known techniques. Further, the authenticator calculates key K ₁ is the information common to the network-linked digital terrestrial television broadcasting receiving apparatus 400 (common information).

Further, the authenticator only needs to depend on the selected A application, and the authenticator calculation algorithm or the like is not particularly limited. If the authenticator is Tag, the authenticator calculation algorithm is MAC, and the selected A application is APL, for example, the authenticator calculating unit 102 calculates an authenticator Tag defined by the following equation (1).

Hereinafter, the authenticator calculated by the authenticator calculating means 102 is referred to as an authenticator Tag ₁ .
When the authenticator is calculated using the hash value of the application, “APL” in the formula (1) may be replaced with “HASH (APL)”. The authenticator Tag ₁ calculated by the authenticator calculating means 102 is output to the APL activation information generating means 105.

The common information encryption unit 103 generates an authenticator calculation key K ₁ , which is common information common to the broadcasting / communication cooperation receiving apparatus 400, used by the authenticator calculation unit 102 to calculate the authenticator Tag _1. The data is encrypted in the data format constituted by, for example, ECM (Entitlement Control Message) with the encryption key K ₂ (second encryption key) issued by the means. Format cryptographic key K ₂ is not limited in particular, it is possible to use a key generated by known techniques. Here, the common information, is described as authenticator calculates key K _1, it is a matter of course that may also include other information.

Individual information encrypting unit 104, the encryption key K ₂ used in the encryption of the common information in the common information encrypting unit 103, the specific master key K _M to each of the network-linked digital terrestrial television broadcasting receiving apparatus 400, for example, EMM The data is encrypted in a data format composed of (Entitlement Management Message). The master key K _M to the storage means, not previously shown, are stored in association with information for identifying a broadcast communication cooperation receiver 400 (e.g., ID of the network-linked digital terrestrial television broadcasting receiving apparatus).
The contents of this master key K _M is not limited in particular, it is possible to use those produced by a known method. Note that, it is assumed that the individual information as an encryption key K _2, it is of course may also include other information.

In this way, encrypted authenticator calculates key K ₁ used in the authenticator computing means 102 to calculate the authenticator Tag _1, encrypted with the encryption key K _2, the encryption key K _2, the master key K _M By doing so, the authenticator calculating key K ₁ used for calculating the authenticator Tag ₁ by the authenticator calculating means 102 can be safely sent to each of the broadcast communication cooperative receiving devices 400.

The APL (application) activation information generation unit 105 generates application activation information necessary for controlling the activation of the application.
When the APL activation information generating unit 105 generates application activation information for the A application selected by the APL selecting unit 101, the APL activation information generating unit 105 adds the authenticator Tag ₁ calculated by the authenticator calculating unit 102 and starts the application. Generate information.

Here, the application activation information is basically information for specifying the application and additional information for controlling the application. However, the application activation information is information on the A application selected by the APL selection unit 101. An authentication code Tag ₁ calculated by the authentication code calculation means 102 is further added to the application activation information.
The APL activation information generation means 105 is described as the A application activation information selected by the APL selection means 101 in, for example, a text representation (AIT file format) in XML (eXtensible Markup Language) format as shown in FIG. Generate application launch information. The numbers (1) to (41) in the left column of FIG. 3 are line numbers added for convenience of explanation.

Next, an example of A application activation information generated by the APL activation information generation unit 105 will be described with reference to FIG.
First, the application activation information includes the following information as information for specifying an application.
For example, in FIG. 3, the application name is described in the (9) line. Also, (11) line describes the organization that created the application, and (12) line describes the number that uniquely identifies the application within the organization. The numbers shown in the (11) and (12) lines are application IDs that uniquely identify the application.
Further, the location (address) of the application is described in the (29) line.
Also, the algorithm MAC used for calculating the authenticator Tag _{1 by} the authenticator calculating means 102 on the (30) to (31) lines, and calculated by the authenticator calculating means 102 on the (32) to (33) lines. The authenticator Tag ₁ is described.

  In addition to these, as shown in line (38), additional information used by the application, for example, the location (address) of metadata, image data, etc. may be described. Thus, by describing the reference destination of additional data, the amount of data added to the APL activation information can be suppressed.

Further, the application activation information includes the following information as additional information for controlling the application.
For example, in FIG. 3, the control code (application control code) for controlling the application state is described in the (15) line.
This application control code takes a value as shown in FIG. 4, for example. This application control code is basically the same as that defined in ARIB STD-B23. For example, “AUTOSTART” indicates that the broadcasting / communication cooperation receiving apparatus 400 is an application that automatically starts regardless of the user's operation. “PRESENT” indicates that the application is not automatically started.
“DESTROY” and “KILL” are control codes for instructing termination of the application. Whether the termination is normal termination (for example, termination after user confirmation) or forced termination (for example, user confirmation is performed). Immediately exit).
This application control code is basically the same as that defined in ARIB STD-B23.

In FIG. 3, activation information corresponding to one application is described in lines (8) to (41), but when there are a plurality of applications, (8) to (8) corresponding to each application. (41) A plurality of contents of the line may be described.
In this way, the APL activation information generation unit 105 generates application activation information with the authenticator Tag ₁ calculated by the authenticator calculation unit 102 added to the A application selected by the APL selection unit 101.
On the other hand, are arranged in APL start information server 210, for general applications, shown in FIG. 3 (30) - (33) th row according, that is, application startup information, except for the description of authenticator Tag ₁ is managed separately Is done.

When the APL activation information generation unit 105 generates the application activation information for the A application selected by the APL selection unit 101 in this way, the APL activation information generation unit 105 accesses the APL activation information server 500 (both see FIG. 1) and selects the APL. Application activation information of the A application selected by the means 101 can be arranged. The application activation information generated in this way is acquired via the communication line N by the broadcasting / communication cooperation receiving device 400 (see FIG. 1).
When transmitting application activation information to the broadcasting / communication cooperation receiving apparatus 400 (see FIG. 1) via the broadcast wave W, the APL activation information generating unit 105 outputs the generated application activation information to the multiplexing unit 108.

  Referring to FIG. 2 again, the content storage means 106 stores content (broadcast program) including a video signal and an audio signal. Here, content refers to MPEG-2 (Moving Picture Expert Group-2), H.264, or H.264. Data encoded by H.264 / AVC encoding or data in PES (Packetized Elementary Stream) format. The content storage means 106 is a storage medium such as a hard disk. The content stored in the content storage unit 106 is appropriately read out by the multiplexing unit 108.

  The data broadcast content storage means 107 stores data broadcast content. The data broadcast content is BML content described in a content description language (for example, BML (broadcast Markup Language). The data broadcast content storage unit 107 is a storage medium such as a hard disk, for example. The data broadcast content stored in 107 is read as appropriate by the multiplexing means 108.

  Multiplexing means 108 includes content acquired from content storage means 106, data broadcast content acquired from data broadcast content storage means 107, common information input from common information encryption means 103, and individual information encryption means 104. Is multiplexed with the individual information input from, and a transport stream (TS: Transport Stream; hereinafter, also simply referred to as a stream) is generated. For example, the multiplexing unit 108 multiplexes content, data broadcast content, common information, and individual information using MPEG-2 Systems to generate a stream. Furthermore, the application activation information generated by the APL activation information generation unit 105 may be multiplexed together to generate a stream. The generated stream is output to the broadcast transmission means 109.

  The broadcast transmission unit 109 receives a stream input from the multiplexing unit 108, and transmits the received stream via a transmission antenna (not shown), whereby a plurality of broadcast communication cooperative reception devices 400 are transmitted via a broadcast wave. (Refer to FIG. 1) and realized by an electronic circuit.

[Broadcast transmitter operation]
Next, the operation of the broadcast transmission device 100 will be described with reference to FIG.
Here, the A application information approved in advance by the APL confirmation device 310 of the APL registration device 300 is stored in the management device 320 (both see FIG. 1), the content is stored in advance in the content storage means 106, and the data broadcast content is stored. It is assumed that data broadcasting content is stored in the means 107 in advance.

As shown in FIG. 5, the broadcast transmitting apparatus 100 selects one or a plurality of A applications from the A applications stored in advance in the management apparatus 320 of the APL registration apparatus 300 by the APL selection unit 101 (step S1). ). Broadcast transmission apparatus 100 outputs A application information related to the selected A application to authenticator calculation means 102 by APL selection means 101.
Next, the broadcast transmitting apparatus 100 uses the authenticator calculating unit 102 with the A application or the hash value of the A application included in the A application information related to the A application selected by the APL selecting unit 101, and a key issuing unit (not shown). issued the authenticator calculates key _{K 1,} it is used to calculate the authenticator Tag ₁ of the a application (step S2). The broadcast transmitting apparatus 100 outputs the calculated authenticator Tag ₁ to the APL activation information generating unit 105 by the authenticator calculating unit 102.

Subsequently, the broadcast transmitting apparatus 100 generates APL activation information to which the authenticator Tag ₁ calculated by the authenticator calculating unit 102 is added by the APL activation information generating unit 105 (step S3). Then, the broadcast transmitting apparatus 100 accesses the APL activation information server 500 by the APL activation information generation unit 105 and arranges application activation information to which the A application authenticator Tag ₁ selected by the APL selection unit 101 is added. (Step S4). At this time, the broadcast transmitting apparatus 100 may output the generated application activation information to the multiplexing unit 108 by the APL activation information generation unit 105. In this case, step S4 can be omitted.

Further, the broadcast transmitting apparatus 100 uses the common information encryption unit 103 to obtain the common information including the authenticator calculation key K ₁ used for calculating the authenticator Tag ₁ by the authenticator calculating unit 102 as a key (not shown). in published encryption key K ₂ by issuing means, for example, encrypted with configured data format by ECM (step S5). The broadcast transmitting apparatus 100 outputs the common information encrypted by the common information encryption unit 103 to the multiplexing unit 108.

Further, the broadcast transmitting apparatus 100 broadcasts individual information including the encryption key K ₂ used to encrypt the authenticator calculation key K ₁ by the common information encryption unit 103 by the individual information encryption unit 104. the respective communication cooperation receiver 400 at the specific master key _{K M,} for example, encrypted with configured data format by EMM (step S6). The broadcast transmitting apparatus 100 outputs the encrypted individual information to the multiplexing unit 108 by the individual information encryption unit 104.

  Broadcast transmitting apparatus 100 may perform any of steps S3 and S4, and steps S5 and S6 first, or in parallel.

  Subsequently, the broadcast transmitting apparatus 100 uses the multiplexing unit 108 to acquire the content acquired from the content storage unit 106, the data broadcast content acquired from the data broadcast content storage unit 107, and the common information input from the common information encryption unit 103. A stream is generated by multiplexing the information and the individual information input from the individual information encryption means 104 (step S7). When application activation information is input from the APL activation information generation unit 105, a stream may be generated by multiplexing the application activation information together. Then, the broadcast transmission apparatus 100 outputs the generated stream to the broadcast transmission unit 109 by the multiplexing unit 108.

Then, the broadcast transmitting apparatus 100 transmits a stream generated by the multiplexing means 108 by the broadcast transmitting means 109 via a transmission antenna (not shown), so that a plurality of broadcast communication cooperative receiving apparatuses are transmitted via the broadcast wave. 400 (see FIG. 1) (step S8).
The broadcast transmitting apparatus 100 operates as described above.

[Configuration of broadcast communication cooperative receiver]
Next, with reference to FIG. 6 (refer to FIG. 1 as appropriate), the configuration of the broadcast communication cooperative reception apparatus 400 according to the embodiment of the present invention will be described.

  Here, the broadcasting / communication cooperation receiving apparatus 400 includes a broadcast receiving unit 401, a broadcast signal analyzing unit 402, a master key storage unit 403, an individual information decoding unit 404, a common information decoding unit 405, and a video / audio decoding unit. 406, data broadcast decoding means 407, communication transmitting / receiving means 408, APL activation information acquisition means 409, APL activation information storage means 410, list control means 411, security management means 412, APL management / execution control means 413, activation APL identification information storage means 414, APL acquisition means 415, APL storage means 416, APL execution means 417, operation control means 418, and composite display means 419.

The broadcast receiving unit 401 receives an MPEG-2 transport stream transmitted as a broadcast wave W via the antenna A. The received transport stream is output to the broadcast signal analysis unit 402.
The broadcast receiving means 401 is not limited to receiving a broadcast signal by radio waves via the antenna A, and may be a means for receiving a broadcast signal via a cable.

The broadcast signal analyzing unit 402 extracts data such as a video signal, an audio signal, a data broadcast signal, common information, and individual information from the stream data (transport stream) demodulated by the broadcast receiving unit 401. Further, when the application activation information is included in the stream data, the application activation information is extracted.
The broadcast signal analyzing unit 402 outputs the extracted data such as the video signal and the audio signal to the video / audio decoding unit 406, and outputs the extracted data such as the data broadcast to the data broadcast decoding unit 407. When the application activation information is extracted from the stream data, the extracted application activation information is output to the APL activation information acquisition unit 409. Further, when the application activation information is extracted from the stream data, the broadcast signal analysis unit 402 indicates that the application activation information has been notified (activation information notification), together with information for identifying the application (application ID), APL management / execution Notify the control means 413.
Further, the broadcast signal analyzing unit 402 outputs the extracted individual information to the individual information decoding unit 404 and outputs the extracted common information to the common information decoding unit 405.
The individual information is encrypted by the individual information encryption unit 104 (see FIG. 2) of the broadcast transmission apparatus 100, and the common information is the common information encryption unit 103 (FIG. 2) of the broadcast transmission apparatus 100. (See).

Master key storage unit 403, the network-linked digital terrestrial television broadcasting receiving apparatus 400 is configured to store a unique master key K _M. The master key K _M are those that are shared in advance broadcast transmitting apparatus 100.

Individual information decoding unit 404, a master key using the stored unique master key K _M in the storage unit 403, a broadcast signal analyzing means from the individual information extracted in 402, the encryption key for decrypting common information K ₂ Is decrypted. The decrypted encryption key K ₂ is output to the common information decryption unit 405.

Common information decoding unit 405 uses the encryption key K ₂ generated by the individual information decoding unit 404, the common information extracted by the broadcast signal analyzing unit 402, the authenticator calculates key for generating the authenticator application K ₁ is decoded. The decrypted authenticator calculation key K ₁ is output to an authenticator generation unit of the security management unit 412 described later.

  The video / audio decoding unit 406 decodes the video / audio (video stream and audio stream) extracted by the broadcast signal analysis unit 402. This video / audio decoding means 406 synthesizes video / audio data as output format video / audio data that can be decoded and displayed when MPEG-2 encoding is used, for example. It outputs to the display means 419.

  The data broadcast decoding unit 407 decodes the data broadcast data extracted by the broadcast signal analysis unit 402. The data broadcast decoding unit 407 has a function of a BML browser that analyzes the BML and converts the BML into an output format that can be displayed, and outputs the converted display data (data broadcast data) to the composite display unit 419. .

  The communication transmitting / receiving means 408 receives data such as an application and application activation information via the communication line N.

  The APL (application) activation information acquisition unit 409 acquires application activation information via the broadcast signal analysis unit 402 or the communication transmission / reception unit 408. This APL activation information acquisition means 409 is, for example, from a server (APL activation information server 210 [see FIG. 1]) determined in advance (when the power is turned on) or from the APL activation information server 500 using a broadcast signal as a trigger. The application activation information of an executable (or ready for execution) application may be acquired. Alternatively, when an instruction for displaying a list of applications (list display instruction) is notified to the list control unit 411 (to be described later) via the operation control unit 418 (to be described later), the application is performed according to an instruction from the list control unit 411. You may make it acquire starting information.

  The APL activation information acquisition unit 409 writes and stores the acquired application activation information in the APL activation information storage unit 410.

As described above, this application activation information is basically data including information for specifying an application and additional information for controlling the application. Here, FIG. It is described in a text representation in the XML format as shown. In the broadcast transmission apparatus 100, the application activation information generated for the selected A application includes the A application authenticator Tag ₁ calculated by the authenticator calculation means 102 (see FIG. 2) of the broadcast transmission apparatus 100. Further described.

  The APL (application) activation information storage unit 410 stores application activation information.

  The list control unit 411 is an application launcher (Launcher) that controls display of a list of applications that can be started and selection of applications. Here, the list control unit 411 displays a list of applications that can be activated, and in the displayed application list, based on a list selection instruction from the user that is instructed via the operation control unit 418. Select.

  The list control unit 411 generates a list of applications corresponding to the application activation information stored in the APL activation information storage unit 410 in response to a list display instruction from the user via the operation control unit 418, and displays the display data. Is output to the composite display means 419. For example, the list control unit 411 displays the application name shown in the (9) line in the application activation information described with reference to FIG.

  When the user is notified of an instruction (list display instruction) for displaying a list of applications on the list control unit 411 via the operation control unit 418 described later, the list control unit 411 receives the APL activation information acquisition unit 409. An instruction to acquire APL activation information (APL activation information acquisition instruction) may be notified to cause the APL activation information acquisition unit 409 to acquire APL activation information.

In addition, the list control unit 411 is notified of a pressing signal of a direction (arrow) button (not shown) of the remote controller Ri as a list selection instruction via the operation control unit 418, and thus among the plurality of applications. , Recognizing which application is selected as an activation candidate and notifying a pressing signal of a decision button (not shown), the application in which the activation instruction is actually selected is recognized.
The list control unit 411 outputs a selection APL (application) notification including a number (application ID) for identifying the selected application to the APL management / execution control unit 413.

  The security management unit 412 verifies the authenticity of the application acquired by the APL acquisition unit 415. The security management unit 412 includes an A / general APL determination unit 412a, an authenticator calculation unit 412b, and an APL verification unit 412c.

The A / general APL (application) determination unit 412a determines whether the application acquired by the APL acquisition unit 415 is an A application or a general application.
Specifically, for example, when the A / general APL determination unit 412a receives an application acquisition notification from the APL acquisition unit 415, the A / general APL determination unit 412a acquires the APL activation information corresponding to the application stored in the APL activation information storage unit 410. Then, it is searched whether or not the authenticator Tag _{1 of the} application is included. Then, it is determined whether the acquired application is an A application or a general application depending on whether or not the authenticator Tag ₁ is included in the APL activation information.

When the A / general APL determination unit 412a searches for APL activation information corresponding to the application acquired by the APL acquisition unit 415 and stored in the APL activation information storage unit 410, the authenticator Tag ₁ is included. It is determined that the application is the A application, and the determination result is notified to the authenticator calculating unit 412b. On the other hand, if the A / general APL determination means 412a does not include the authenticator Tag ₁ as a result of searching the APL activation information, the A / general APL determination means 412a determines that the application is a general application, and APL management / execution control means 413 is notified.

When the determination result that the application acquired by the APL acquisition unit 415 is an A application is notified from the A / general APL determination unit 412a, the authenticator calculation unit 412b acquires the A application from the APL storage unit 416. the hash value of the a application or the a application, the authenticator calculates key K _1, which is decoded by the common information decoding unit 405, using, and generates an authenticator Tag of the a application. Note that the hash value of the A application can be calculated from the A application read from the APL storage unit 416 by the authenticator calculation unit 412b. In the following description, the authenticator Tag of the A application is expressed as an authenticator Tag ₂ . The authenticator calculating unit 412b calculates the authenticator Tag ₂ using, for example, the above-described equation (1). The calculated authenticator Tag ₂ is output to the APL verification unit 412c.

The APL (application) verification unit 412c receives the input of the authenticator Tag ₂ calculated by the authenticator calculating unit 412b, and acquires the authenticator Tag ₁ described in the APL activation information from the APL activation information storage unit 410. The authenticity of whether the A application acquired by the APL acquisition means 415 is an application approved by the broadcast station as the A application is verified by comparing whether or not they match. is there.

APL verification means 412c has been described in APL start information stored in the APL start information storage means 410, the authenticator Tag ₁ of A application selected by the broadcast transmitting apparatus 100, obtained by the APL acquisition unit 415, When the A application authenticator Tag ₂ corresponding to the A application selected by the broadcast transmitting apparatus 100 is compared and they match, the A application acquired by the APL acquisition means 415 is intended by the broadcast station. It is determined that this is an application. On the other hand, if they do not match, it is determined that the A application acquired by the APL acquisition unit 415 is not the application intended by the broadcast station.

Here, as described above, the authenticator Tag ₁ is started by the broadcast communication cooperative receiving apparatus 400 from the A application that has been approved after confirming the reliability and operation of the contents in advance in the broadcast transmitting apparatus 100. This is an authenticator for the A application selected for the purpose.

Further, as described above, the authenticator Tag ₁ is calculated using two elements, that is, the A application selected in the broadcast transmitting apparatus 100 and the authenticator calculation key K ₁ . On the other hand, the authenticator Tag ₂ is an A application corresponding to the A application selected in the broadcast transmitting apparatus 100 acquired by the APL acquiring unit 415 and the authentication used for calculating the authenticator Tag ₁ in the broadcast transmitting apparatus 100. child calculated key K _1, and is calculated using the two elements. That is, the authenticator Tag ₁ and the authenticator Tag ₂ share one element (authenticator calculation key K ₁ ) of the two elements. Therefore, the match / mismatch is the match / mismatch of the contents of the A application. Rely on discrepancy.

Therefore, the APL verification unit 412c compares the authenticator Tag ₁ and the authenticator Tag _2, and determines whether or not they match, thereby selecting in the broadcast transmitting apparatus 100 corresponding to the authenticator Tag _1. It can be seen whether or not the registered A application and the A application acquired by the APL acquisition unit 415 corresponding to the authenticator Tag ₂ match.

When the authenticator Tag ₁ and the authenticator Tag ₂ match, that is, when the A application selected in the broadcast transmitting apparatus 100 matches the A application acquired by the APL acquisition unit 415, the APL The A application acquired by the acquiring unit 415 completely matches the A application selected by the broadcast transmitting apparatus 100, that is, the A application selected by the broadcast transmitting apparatus 100. For this reason, it is possible to determine that the A application acquired by the APL acquisition unit 415 is an application intended by the broadcasting station.

On the other hand, if the authenticator Tag ₁ and the authenticator Tag ₂ do not match, that is, if the A application selected by the broadcast transmitting apparatus 100 and the A application acquired by the APL acquisition unit 415 do not match, APL acquisition is performed. It can be determined that the A application acquired by the means 415 is not an application intended by the broadcasting station.

Then, the APL verification unit 412c outputs the verification result obtained by comparing the authenticator Tag ₁ and the authenticator Tag ₂ to the APL management / execution control unit 413.

  The APL (application) management / execution control means 413 controls the life cycle of the application (the process until the application is loaded and executed and ends). Here, the APL management / execution control unit 413 includes a start control unit 413a and an end control unit 413b.

The activation control unit 413a controls the activation of the application.
Specifically, the activation control unit 413a is a case where the determination result that the application is a general application is notified from the A / general APL determination unit 412a, and the activation of the general application is performed from the APL activation information extraction unit 402a. When the information notification is notified, the application control code described in the application activation information corresponding to the application ID notified together with the activation information notification stored in the APL activation information storage unit 410 is “AUTOSTART”. Start the application.

  That is, when the application control code is “AUTOSTART”, the activation control unit 413a notifies the APL execution unit 417 that the application is to be executed (activation control instruction). This activation control instruction includes information (application ID, location, etc.) that identifies the application described in the application activation information. As a result, the general application is automatically activated regardless of the user's operation.

  In addition, the activation control unit 413a receives a determination result that the application is a general application from the A / general APL determination unit 412a and the selection control unit 411 notifies the selection APL notification. Regardless of the value of the application control code, the APL execution means 417 is notified that the application is to be executed (activation control instruction). As a result, the general application selected from the list by the user is started.

  Further, the activation control unit 413a extracts the APL activation information when the APL verification unit 412c notifies the verification result that the authenticity of the application determined as the A application by the A / general APL determination unit 412a is confirmed. When the activation information notification of the A application is notified from the means 402a, the application described in the application activation information corresponding to the application ID notified together with the activation information notification stored in the APL activation information storage means 410 If the control code is “AUTOSTART”, the application is started by notifying the APL execution means 417 of the start control instruction as described above.

  Further, when the verification result that the authenticity of the application determined to be the A application by the A / general APL determination unit 412a is notified from the APL verification unit 412c, the list control unit 411 notifies the selected APL. Is notified, the APL execution means 417 is notified that the application is to be executed (activation control instruction) regardless of the value of the application control code. As a result, the application selected from the list by the user is activated.

  On the other hand, when the activation control unit 413a is notified from the APL verification unit 412c that the verification result that the application determined to be the A application by the A / general APL determination unit 412a is not authentic, “the display of this application is managed. The composite display means 419 is instructed to display on the video display device Mo an error message notifying the user that an application such as “not permitted by the user” or “cannot display this application” cannot be displayed.

  The activation control unit 413a manages the activated application with identification information (application ID), and writes the activated application ID in the activation APL identification information storage unit 414. Further, when the application activates another application (child application) in the APL execution unit 417, the activation control unit 413a manages the child application and the parent application in a hierarchical association.

The termination control means 413b performs termination control of the running application.
Specifically, the termination control unit 413b corresponds to the application ID notified together with the activation information notification stored in the APL activation information storage unit 410 when the activation information notification is notified from the APL activation information extraction unit 402a. When the application control code described in the application activation information to be executed is “DESTROY” or “KILL”, the application is terminated.

When the application control code is “DESTROY”, the termination control unit 413b instructs the APL execution unit 417 to normally terminate the application corresponding to the notified application ID. When the application control code is “KILL”, the termination control unit 413b instructs the APL execution unit 417 to forcibly terminate the application corresponding to the notified application ID.
The termination control unit 413b refers to the activation APL identification information storage unit 414 when terminating the application, and terminates all the child applications when there is a child application in the application instructed to terminate.

  In addition, the termination control unit 413b refers to the activation APL identification information storage unit 414 when the activated application is terminated, for example, when the APL execution unit 417 notifies that the application is terminated by a user operation. If there is a child application in the terminated application, the child application is also terminated.

  The activation APL (application) identification information storage unit 414 stores identification information (application ID) of the application being activated, and is a storage medium such as a semiconductor memory. The activation APL identification information storage unit 414 is written with an application ID when the application is activated by the activation control unit 413a, and is deleted when the application is terminated by the termination control unit 413b.

The APL (application) acquisition unit 415 acquires an application from the management device 320 or the APL (application) server 210 (see FIG. 1) connected to the communication line N via the communication transmission / reception unit 408.
When the APL acquisition instruction is notified from the activation control means 413a, the APL acquisition means 415 acquires the designated application from the location (address) of the application notified by the instruction, and stores the acquired application in the APL storage. Write and accumulate in means 416.

The APL (application) storage unit 416 stores the application acquired by the APL acquisition unit 415, and is a storage medium such as a hard disk. The APL storage unit 416 verifies the authenticity of the application acquired by the APL acquisition unit 415 by the APL verification unit 412c, and determines whether the operation can be performed by the APL management / execution control unit 413 according to the verification result. It is accumulated to determine.
The APL storage unit 416 accumulates the application acquired by the APL acquisition unit 415 in order to operate at an arbitrary timing.
The application stored in the APL storage unit 416 is read by the authenticator calculation unit 412b of the security management unit 412.

The APL (application) execution means 417 starts and ends an application based on an instruction (startup control instruction) from the APL management / execution control means 413.
When the APL execution unit 417 is instructed to execute the application notified from the activation control unit 413a, the APL execution unit 417 determines whether the application is based on information (application ID, location, etc.) that identifies the application included in the activation control instruction. In addition, data necessary for executing the application (for example, metadata, icon data, etc.) is acquired from the acquisition source of the application.
Then, the APL execution unit 417 expands (loads) the application in a memory (not shown) and executes the application.
Image and audio data accompanying execution of this application is output to the composite display means 419.

  In addition, when instructed to terminate the application notified from the termination control unit 413b, the APL execution unit 417 terminates the instructed application.

  The operation control unit 418 controls user operations (for example, list display, list selection, channel change, etc.) on the broadcasting / communication cooperation receiving device 400 via an input unit such as an external remote controller Ri. When the user is instructed to display a list via the remote controller Ri, the operation control unit 418 gives an instruction to generate a list of applications corresponding to the application activation information stored in the APL activation information storage unit 410. The list control unit 411 Notify As a result, a list of applications that can be started is displayed to the user.

Further, when the user is instructed to select an application in the list via the remote controller Ri, the operation control unit 418 sends an application selection notification including the application ID of the selected application to the APL management / execution control unit. Output to.
Further, the operation control unit 418 notifies the broadcast signal analysis unit 402 of a channel switching instruction including the channel number of the selected channel when the user instructs to change the channel via the remote controller Ri. As a result, the channel currently being viewed is selected.

The composite display means 419 combines and displays video and audio. The composite display means 419 includes the video data / audio data decoded by the video / audio decoding means 406, the display data of the data broadcast decoded by the data broadcast decoding means 407, and the display data of the list generated by the list control means 411. And the application display data generated by the APL execution means 417 are combined and displayed.
The synthesized display means 419 outputs the synthesized audio as an audio signal to an audio output device Sp such as a speaker connected to the outside, and the synthesized video (image) is externally connected as a video signal. Output to a video display device Mo such as a liquid crystal display.

  Further, when the composite display unit 419 is notified from the activation control unit 413a of the APL management / execution control unit 413 of an instruction to display an error message notifying the user that the application cannot be displayed, “the display of this application is managed. Error messages such as "Not allowed by the user" or "Cannot display this application" are combined with video / audio data, data broadcast display data, and list display data. This error message may be generated each time a message display instruction is input from the activation control unit 413a of the APL management / execution control unit 413, or may be generated in advance and stored in a storage unit (not shown). When the notification of the error message display instruction is received from the activation control means 413a of the APL management / execution control means 413, it may be read from a storage means (not shown).

[Operation of broadcasting / communication cooperation receiver]
Next, with reference to FIG. 7 (refer to FIG. 2 as appropriate for the configuration), an operation for starting or ending an application according to the application start information in the broadcast communication cooperative receiving apparatus 400 according to the embodiment of the present invention will be described. To do. Here, the APL activation information acquisition means 409 is operated by a server (APL activation information server 500 or APL activation information server 210 [both see FIG. 1]) determined in advance at the time of activation (when the power is turned on) or broadcast. It is assumed that application activation information is separately obtained from the signal. The acquired application activation information is stored in the APL activation information storage unit 410.
In addition, it is assumed that a list of applications that can be activated is generated from the application activation information acquired by the APL activation information acquisition unit 409 by the list control unit 411 and displayed to the user.

  The broadcast / communication cooperation receiving device 400 receives the broadcast signal transmitted from the broadcast transmitting device 100 via the broadcast wave W by the broadcast receiving means 401 (step S21). Then, the broadcast receiving unit 401 outputs the received broadcast signal to the broadcast signal analyzing unit 402.

  Next, the broadcasting / communication cooperation receiving device 400 analyzes the stream data received and demodulated by the broadcast receiving unit 401 by the broadcast signal analyzing unit 402, and performs individual information, common information, video / audio signal, data Broadcast signals are extracted (step S22). Then, the broadcast signal analyzing unit 402 outputs the individual information to the individual information decoding unit 404, the common information is output to the common information decoding unit 405, the video / audio signal is output to the video / audio decoding unit 406, and the data broadcast The signal is output to the data broadcast decoding means 407. Note that the individual information and the common information are encrypted by the broadcast transmitting apparatus 100.

Then, network-linked digital terrestrial television broadcasting receiving apparatus 400, network-linked digital terrestrial television broadcasting receiving apparatus 400 by individual information decoding unit 404, to the network-linked digital terrestrial television broadcasting receiving apparatus 400 issued by the key issuing means (not shown) the specific master key K _M used to decrypt the encryption key K ₂ from the encrypted individual information (step S23). Then, the individual information decryption unit 404 outputs the decrypted encryption key K ₂ to the common information decryption unit 405.

Then, the broadcasting / communication cooperation receiving device 400 uses the common information decryption unit 405 to decrypt the authenticator calculation key K ₁ from the encrypted common information using the encryption key K ₂ decrypted by the individual information decryption unit 404. (Step S24). Then, the common information decoding unit 405 outputs the authenticator calculates key K ₁ that decoded authenticator computing unit 412b.

The broadcasting / communication cooperation receiving device 400 receives an instruction to select an application in the list from the user via the remote control device Ri using the list control unit 411 (step S25). Then, an application selection notification including the application ID of the application selected by the user is output to the APL management / execution control means 413.
Then, when the APL management / execution control unit 413 receives the application selection notification from the list control unit 411, the broadcasting / communication cooperation receiving apparatus 400 receives the application activation information of this application from the APL activation information storage unit 410. Obtain (step S26). Then, the application activation information acquired from the APL activation information storage unit 410 is analyzed (step S27).

  Here, when the application control code is a code indicating activation (“AUTOSTART”) (“activation” in step S27), the broadcasting / communication cooperation receiving device 400 selects the application notified by the APL acquisition unit 415 in the application activation information. Obtained via the communication transmitting / receiving means 408 (step S28). Then, the application acquired by the APL acquisition unit 415 via the communication transmission / reception unit 408 is stored in the APL storage unit 416 (step S29). The APL acquisition unit 415 notifies the A / general APL determination unit 412a of application acquisition. Note that step S21 to step S24 and step S25 to step S29 may be performed in parallel.

On the other hand, when the application control code is a code indicating termination (“KILL” or the like) (“end” in step S27), the broadcasting / communication cooperation receiving device 400 is executed by the termination control unit 413b in the APL execution unit 417. The existing application is terminated (step S30).
If the application control code is not a code indicating activation or termination (step S
27, “others”), the broadcasting / communication cooperation receiving device 400 ends the activation / termination operation of the application and continues the analysis operation of the broadcast signal (not shown as a step).

Subsequently, when the A / general APL determination unit 412a receives the application acquisition notification from the APL acquisition unit 415, the broadcast communication cooperative reception apparatus 400 corresponds to the application acquired in step S28 from the APL activation information storage unit 410. APL activation information is acquired, and whether or not the application is an A application or a general application is determined based on whether or not the application activation information includes the authenticator Tag ₁ of the application (step S31).

If the application acquired in step S28 is the A application (“A APL” in step S31), the authentication result calculation unit 412b is notified of the determination result.
Then, the broadcasting / communication cooperation receiving apparatus 400 is notified of the determination result that the application acquired in step S28 is the A application from the A / general APL determination unit 412a by the authenticator calculation unit 412b, whereby the APL storage unit get the application from 416, and this application, the authenticator calculates key _{K 1} that has received the input from the common information decoding unit 405, is used to calculate the authenticator Tag ₂ of this application (step S32). Then, the authenticator calculating unit 412b outputs the calculated authenticator Tag ₂ to the APL verifying unit 412c.

  On the other hand, when the application acquired in step S28 is a general application (“general APL” in step S31), the determination result is notified from the authenticator calculation unit 412b to the APL management / execution control unit 413.

  The broadcast communication cooperative receiving apparatus 400 is notified by the APL management / execution control means 413 of the determination result that the application is a general application from the A / general APL determination means 412a. The APL execution means 417 is notified of an activation control instruction for activating the application acquired in step S28. Then, the broadcast communication cooperative receiving device 400 reads the application acquired in step S28 from the APL storage unit 416 by the APL execution unit 417 when the activation control instruction of the application is notified from the activation control unit 413a. Is activated (step S33).

Subsequently, when the APL verification unit 412c receives the input of the authentication code Tag ₂ from the authentication code calculation unit 412b, the broadcast communication cooperative reception apparatus 400 receives an application corresponding to the authentication code Tag ₂ from the APL activation information storage unit 410. Is read out, the authenticator Tag ₁ included in the application activation information is extracted, and whether or not the authenticator Tag ₁ and the authenticator Tag ₂ match is compared. Then, depending on whether or not the authenticator Tag ₁ and the authenticator Tag ₂ match, the authenticity of whether or not the application acquired in step S28 is an application approved by the broadcasting station is verified (step S34).

If the authenticator Tag ₁ and the authenticator Tag ₂ match (Yes in step S34), the broadcast communication cooperative receiving apparatus 400 has confirmed the authenticity of the application acquired in step S28 by the APL verification means 412c. A application is determined.

  The broadcasting / communication cooperation receiving apparatus 400 is notified by the APL management / execution control means 413 that the verification result that the authenticity of the application acquired in step S28 has been confirmed is received from the application verification means. By 413a, an activation control instruction for activating the application acquired in step S28 is output to the APL execution unit 417. Then, the broadcasting / communication cooperation receiving apparatus 400 reads out the application acquired in step S28 from the APL storage unit 416 by the APL execution unit 417 and starts the application (step S35). Then, the application is output from the APL execution unit 417 to the composite display unit 419, and the application is output from the composite display unit 419 to the video display device Mo or the like, so that the user can browse.

On the other hand, if the authenticator Tag ₁ and the authenticator Tag ₂ do not match (No in step S34), the broadcast communication cooperative receiving device 400 determines that the application acquired in step S28 is not authentic by the APL verification unit 412c. To do. The APL verification unit 412 c notifies the APL management / execution control unit 413 of the verification result.

  The APL management / execution control unit 413 is notified of the verification result that the application acquired in step S28 is not authentic from the APL verification unit 412c, so that the activation control unit 413a receives the application acquired in step S28. An error message display instruction for notifying the user that the message cannot be displayed is sent to the composite display means 419. Then, the APL management / execution control means 413 displays an error message by the composite display means 419 when an instruction to display an error message is notified from the activation control means 413a (step S36).

According to the broadcast communication cooperation system S described above, the broadcast transmission apparatus 100 receives the authentication code calculation key K ₁ used for calculating the authentication code Tag ₁ of the selected A application via the broadcast wave W. by transmitting to the device 400, in the network-linked digital terrestrial television broadcasting receiving apparatus 400 side, using the authenticator calculates key K ₁ used for generating the authenticator Tag ₁ in the broadcast transmitting apparatus 100, which is selected in the broadcast transmitting apparatus 100 a It is possible to calculate the authenticator of the application corresponding to the application.

Further, in the broadcast transmitting apparatus 100, by adding the authenticator Tag ₁ to the application activation information and writing it in the APL activation information server 500, or by including it in the broadcast signal and transmitting it, the broadcast communication cooperative receiving apparatus 400 side. Thus, it is possible to check whether or not the authenticator Tag ₁ included in the application activation information corresponding to the acquired A application matches the authenticator Tag ₂ calculated for the acquired A application. . Then, it is possible to verify the authenticity of each application by verifying whether the A application acquired based on whether or not they match each other is the A application at the time of approval by the broadcast station. Become.

  Furthermore, according to the broadcasting / communication cooperation system S, when the authenticity of the A application acquired by the broadcasting / communication cooperation receiving device 400 is not confirmed, the A application is not executed. It is possible to prevent an application having an unintentional content different from the content of. For this reason, the reliability of the broadcaster can be ensured.

  The broadcast transmission device 100 or the broadcast communication cooperative reception device 400 described in the above-described embodiment can be realized, for example, by operating a general computer with a program that functions as each of the above-described units.

  In the embodiment described above, the broadcast transmitting apparatus 100 generates application start information by the APL start information generating unit 105, writes this application start information into the APL start information server 500, and the broadcast communication cooperative receiving apparatus 400 includes the APL start information. Although the acquisition unit 409 acquires the application activation information from the APL activation information server 500 (or the APL activation information server 210) via the communication line N, the present invention is not limited to this.

For example, the broadcast transmitting apparatus 100 (see FIG. 2) uses the APL activation information generating means 105 (see FIG. 2) to convert the binary into an event information table (EIT: Event Information Table) which is one of SI (program sequence information). The application activation information expressed in terms of expression is described, SI (program arrangement information) including this EIT is multiplexed on the multiplexing means 108 (see FIG. 2), and transmitted to the broadcasting / communication cooperation receiving apparatus 400 via broadcasting waves. It is good as well.
The broadcasting / communication cooperation receiving apparatus 400 further includes an EIT APL activation information extracting means (not shown) in the broadcast signal analyzing means 402, and an EIT descriptor by the APL activation information extracting means (not shown). Extract application start information included in (application descriptor).

Also, for example, the broadcast transmitting apparatus 100 (see FIG. 2) uses the APL activation information generating means 105 (see FIG. 2) to generate an application activation information file in which the application activation information is expressed in the XML format, and this application activation information. May be transmitted in a data carousel.
The broadcasting / communication cooperation receiving apparatus 400 further includes APL activation information extracting means (not shown) for extracting an application activation information file in the data broadcast decoding means 407, and the APL activation information extracting means (not shown) uses the application. Extract the startup information file.
Here, the application activation information transmitted by the data carousel is data expressed in text, but may be data expressed in binary.
The broadcasting / communication cooperation receiving apparatus 400 is compatible with any method for acquiring the application activation information described above, and may select transmission by any method for each broadcaster.

  In the above-described embodiment, the APL server 200 and the APL activation information server 210 (both refer to FIG. 1) are held by individual service providers, but in addition to or in addition to that, in the broadcasting station Or you may install in a third party organization.

  Further, the APL activation information server 210 and the APL activation information server 500 (both see FIG. 1) are provided, and APL activation information that collects and holds application activation information of applications created by each service provider or the like. A server (not shown) may be provided, and this APL activation information server (not shown) may manage application activation information collectively. That is, the APL activation information server (not shown) may hold application activation information corresponding to the general application in addition to the application activation information corresponding to the A application.

DESCRIPTION OF SYMBOLS 100 Broadcast transmission apparatus 101 APL selection means 102 Authentication code calculation means 103 Common information encryption means 104 Individual information encryption means 105 APL activation information generation means (application activation information generation means)
106 content storage means 107 data broadcast content storage means 108 multiplexing means 109 broadcast transmission means 200 APL server 210 APL activation information server 300 APL registration apparatus 310 APL confirmation apparatus 320 management apparatus 400 broadcast communication cooperative reception apparatus 401 broadcast reception means 402 broadcast signal Analysis means 403 Master key storage means 404 Individual information decoding means 405 Common information decoding means 406 Video / audio decoding means 407 Data broadcast decoding means 408 Communication transmitting / receiving means 409 APL activation information acquisition means (application activation information acquisition means)
410 APL activation information storage means 411 list control means 412 security management means 412a A / general APL determination means 412b authenticator calculation means 412c APL verification means (application verification means)
413 APL management / execution control means 413a Start control means 413b End control means 414 Start APL identification information storage means 415 APL acquisition means (application acquisition means)
416 APL storage means 417 APL execution means (application execution means)
418 Operation control means 419 Composite display means 500 APL activation information server

Claims (5)

The authenticity of the application described in the application activation information distributed to the broadcasting / communication cooperation receiving device via the communication line is verified in cooperation between the broadcasting transmitting device and the broadcasting / communication cooperation receiving device, and according to the verification result, The broadcast transmission apparatus in the broadcast communication cooperation system for controlling the activation of an application,
Authenticator calculating means for calculating an authenticator of the application using the selected application or the hash value of the application and the first encryption key;
Application activation information generating means for generating application activation information, which is information for starting the application, to which the authenticator calculated by the authenticator calculating means is added;
Common information encryption means for encrypting common information including the first encryption key, which is common information for each of the broadcast communication cooperative reception devices, using a second encryption key;
Individual information encryption including the second encryption key and encrypting individual information to be individually transmitted to each of the broadcast communication cooperative reception devices using a master key unique to each of the broadcast communication cooperative reception devices And
Multiplex including the encrypted common information, encrypted individual information, video / audio content, and data broadcasting content, or further multiplexing the application activation information to generate a stream Multiplexing means to
Broadcast transmission means comprising: broadcast transmission means for transmitting the stream generated by the multiplexing means to a plurality of broadcast communication cooperative reception apparatuses. The authenticity of the application described in the application activation information distributed to the broadcasting / communication cooperation receiving device via the communication line is verified by cooperation between the broadcasting transmission device and the broadcasting / communication cooperation receiving device, and according to the verification result, The broadcasting / communication cooperation receiving device in the broadcasting / communication cooperation system for controlling activation of an application,
Broadcast receiving means for receiving a stream transmitted from the broadcast transmitting device;
The broadcast signal included in the stream received by the broadcast receiving unit is analyzed, and the encrypted common information that is common information for the broadcast communication cooperative reception device and the individual information for the device are encrypted. Broadcast signal analysis means for extracting the individual information, the video / audio content, the data broadcast content, and the application activation information,
Information for starting the application generated by the broadcast transmission device, and application start information acquisition means for acquiring application start information with an authenticator of the application by broadcasting or communication;
Application activation information storage means for storing the application activation information acquired by the application activation information acquisition means;
Individual information for decrypting the second encryption key for decrypting the encrypted common information from the encrypted individual information extracted by the broadcast signal analyzing means using a master key unique to the device Decryption means;
A first encryption key for calculating an authenticator of the application from the encrypted common information extracted by the broadcast signal analysis unit using the second encryption key decrypted by the individual information decryption unit Common information decoding means for decoding
An application management / execution control means for accepting an input of selection of the application, instructing acquisition of the application, and controlling activation of the application;
Application acquisition means for acquiring an application instructed by the application management / execution control means via the communication line;
An authenticator calculating unit that calculates an authenticator of the application using the application acquired by the application acquiring unit or the hash value calculated from the application and the first encryption key decrypted by the common information decrypting unit. When,
By verifying whether or not the authenticator calculated by the authenticator calculating unit and the authenticator included in the application activation information stored in the application activation information storage unit match each other, Application verification means for verifying the authenticity of the application;
An application execution unit that executes the application according to an execution instruction of the application from the application management / execution control unit that has received an input of a verification result that the authenticity of the application has been confirmed by the application verification unit. A broadcasting / communication cooperative receiving apparatus comprising: The authenticity of the application described in the application activation information distributed to the broadcasting / communication cooperation receiving device via the communication line is verified in cooperation between the broadcasting transmitting device and the broadcasting / communication cooperation receiving device, and according to the verification result, In the broadcasting / communication cooperation system for controlling the activation of the application, in order to verify the authenticity of the application, a computer is provided.
An authenticator calculating means for calculating an authenticator of the application using the selected application or the hash value of the application and the first encryption key;
Application activation information generating means for generating application activation information, which is information for starting the application, with the authenticator calculated by the authenticator calculating means added;
Common information encryption means for encrypting common information including the first encryption key, which is common information for each of the broadcast communication cooperative reception devices, using a second encryption key;
Individual information encryption including the second encryption key and encrypting individual information to be individually transmitted to each of the broadcast communication cooperative reception devices using a master key unique to each of the broadcast communication cooperative reception devices Means
Multiplex including the encrypted common information, encrypted individual information, video / audio content, and data broadcasting content, or further multiplexing the application activation information to generate a stream Multiplexing means,
A broadcast transmission program for causing the stream generated by the multiplexing unit to function as a broadcast transmission unit that transmits the plurality of broadcast communication cooperative reception devices. The authenticity of the application described in the application activation information distributed to the broadcasting / communication cooperation receiving device via the communication line is verified in cooperation between the broadcasting transmitting device and the broadcasting / communication cooperation receiving device, and according to the verification result, In a broadcasting / communication cooperation system that controls the activation of applications,
In order to verify the authenticity of the application distributed to the broadcasting / communication cooperation receiver via the communication line,
Broadcast receiving means for receiving a stream transmitted from the broadcast transmitting device;
The broadcast signal included in the stream received by the broadcast receiving unit is analyzed, and the encrypted common information that is common information for the broadcast communication cooperative reception device and the individual information for the device are encrypted. Broadcast signal analyzing means for extracting the individual information, the video / audio content, the data broadcast content, and the application activation information,
Information for starting the application, generated by the broadcast transmission device, and application start information acquisition means for acquiring application start information to which an authenticator of the application is added by broadcast or communication,
Application activation information storage means for storing the application activation information acquired by the application activation information acquisition means;
Individual information for decrypting the second encryption key for decrypting the encrypted common information from the encrypted individual information extracted by the broadcast signal analyzing means using a master key unique to the device Decryption means,
A first encryption key for calculating an authenticator of the application from the encrypted common information extracted by the broadcast signal analysis unit using the second encryption key decrypted by the individual information decryption unit Common information decoding means for decoding
An application management / execution control means for accepting an input of selection of the application, instructing acquisition of the application, and controlling activation of the application;
Application acquisition means for acquiring an application instructed by the application management / execution control means via the communication line;
An authenticator calculating unit that calculates an authenticator of the application using the application acquired by the application acquiring unit or the hash value calculated from the application and the first encryption key decrypted by the common information decrypting unit. ,
By verifying whether or not the authenticator calculated by the authenticator calculating unit and the authenticator included in the application activation information stored in the application activation information storage unit match each other, Application verification means for verifying the authenticity of the application,
The application verification unit functions as an application execution unit that executes the application according to an execution instruction of the application from the application management / execution control unit that has received an input of a verification result that the authenticity of the application has been confirmed. Broadcast / communication cooperative reception program The authenticity of the application described in the application activation information distributed to the broadcasting / communication cooperation receiving device via the communication line is verified in cooperation between the broadcasting transmitting device and the broadcasting / communication cooperation receiving device, and according to the verification result, A broadcasting / communication cooperation system for controlling the activation of an application,
The broadcast transmitting device is:
Authenticator calculating means for calculating an authenticator of the application using the selected application or the hash value of the application and the first encryption key;
Application activation information generating means for generating application activation information, which is information for starting the application, to which the authenticator calculated by the authenticator calculating means is added;
Common information encryption means for encrypting common information including the first encryption key, which is common information for each of the broadcast communication cooperative reception devices, using a second encryption key;
Individual information encryption including the second encryption key and encrypting individual information to be individually transmitted to each of the broadcast communication cooperative reception devices using a master key unique to each of the broadcast communication cooperative reception devices And
Multiplex including the encrypted common information, encrypted individual information, video / audio content, and data broadcasting content, or further multiplexing the application activation information to generate a stream Multiplexing means to
Broadcast transmission means for transmitting the stream generated by the multiplexing means to a plurality of the broadcast communication cooperative reception devices,
The broadcast communication cooperative receiving device is
Broadcast receiving means for receiving a stream transmitted from the broadcast transmitting device;
The broadcast signal included in the stream received by the broadcast receiving unit is analyzed, and the encrypted common information that is common information for the broadcast communication cooperative reception device and the individual information for the device are encrypted. Broadcast signal analysis means for extracting the individual information, the video / audio content, the data broadcast content, and the application activation information,
Information for starting the application generated by the broadcast transmission device, and application start information acquisition means for acquiring application start information with an authenticator of the application by broadcasting or communication;
Application activation information storage means for storing the application activation information acquired by the application activation information acquisition means;
Individual information for decrypting the second encryption key for decrypting the encrypted common information from the encrypted individual information extracted by the broadcast signal analyzing means using a master key unique to the device Decryption means;
A first encryption key for calculating an authenticator of the application from the encrypted common information extracted by the broadcast signal analysis unit using the second encryption key decrypted by the individual information decryption unit Common information decoding means for decoding
An application management / execution control means for accepting an input of selection of the application, instructing acquisition of the application, and controlling activation of the application;
Application acquisition means for acquiring an application instructed by the application management / execution control means via the communication line;
An authenticator calculating unit that calculates an authenticator of the application using the application acquired by the application acquiring unit or the hash value calculated from the application and the first encryption key decrypted by the common information decrypting unit. When,
By verifying whether or not the authenticator calculated by the authenticator calculating unit and the authenticator included in the application activation information stored in the application activation information storage unit match each other, Application verification means for verifying the authenticity of the application;
An application execution unit that executes the application according to an execution instruction of the application from the application management / execution control unit that has received an input of a verification result that the authenticity of the application has been confirmed by the application verification unit. A broadcasting / communication cooperation system characterized by comprising:

Images