JP2014033281A - Encryption apparatus, decryption apparatus, encryption program and decryption program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To maintain high security of encrypted content data and support a mixture of an existing cryptosystem and a new cryptosystem.SOLUTION: An encryption apparatus includes: an encryption section 123 for encrypting coded content data by each of two types of cryptosystems; an encrypted packet generation section 124 for converting the encrypted data to transport streams, and as to each cryptosystem-specific transport stream, setting a packet identifier corresponding to the cryptosystem in a packet identifier area of each transport stream packet; a plaintext packet generation section for setting the first packet identifier in an elementary packet identifier area of a PMT, generating and setting in an elementary stream loop area of the PMT a simultaneous scramble descriptor including the second packet identifier, and generating plaintext packet data including the PMT; and a packet combination section 126 for combining the encrypted packet data and the plaintext packet data to generate a stream.

Description

  The present invention relates to an encryption device, a decryption device, an encryption program, and a decryption program.

  In recent years, content distribution services for distributing content data to content reproduction devices of a large number of users have been realized by broadcasting or communication. In this content distribution service, the content distribution device distributes encrypted content data so that only authorized users of the service can acquire content data. The following method is known as a method for a content reproduction apparatus of an authorized user to receive the encrypted content data and make it viewable. For example, by distributing a strong tamper-resistant IC card storing a decryption key for decrypting encrypted content data to an authorized user and incorporating it into the content playback device, only the content playback device of the authorized user can A method for decrypting encrypted content data is known. There is also known a content reproduction apparatus that decrypts and reproduces encrypted content data by executing a content reproduction program in which an encryption decryption key is previously incorporated. This content reproduction apparatus has a software structure with a strong tamper resistance for the content reproduction program to be incorporated, and also makes a control unit that executes the content reproduction program refer to a unique identifier that is unique to the content reproduction apparatus. Thus, the encrypted content data is decrypted and reproduced.

  However, the protection of content data by the above-described method is established when an attack method for an encryption method has not been developed.

In recent years, development examples of attack methods for popular encryption methods have been reported (see, for example, Non-Patent Document 1 and Non-Patent Document 2).
When realizing these attack methods, an arithmetic processing unit such as a central processing unit (CPU) executes enormous arithmetic processing. If the processing capability of the arithmetic processing unit is small, it takes a long time to attack the encryption method. However, with the increase in capacity of semiconductor memories and the like, the computing processing capacity of electronic computers is increasing year by year, and the time required for attacks on cryptographic methods by electronic computers is becoming shorter. As this time reduction further progresses, the risk of compromising the encryption method becomes stronger. Since the compromised encryption method is not secure, another encryption method is introduced in the content distribution service.

“Advances in Cryptology-EUROCRYPT’ 93 ”, Lecture Notes in Computer Science, vol. 765, pp. 386-397 “Fast Software Encryption 2009”, Lecture Notes in Computer Science, vol. 5665, pp. 296-307

  However, in a broadcast service that simultaneously distributes encrypted content data to a large number of content playback devices, the encryption method cannot be immediately switched from the current method to the new method. That is, since the content reproduction apparatus has a decryption unit that uses a decryption method corresponding to the current encryption method as hardware or software, the decryption unit needs to be updated when the encryption method is changed. However, it is extremely difficult to perform this update operation on all the content reproduction apparatuses at the same time.

  In addition, if the update operation is performed within a certain period, the content playback device in which the decryption unit corresponding to the current encryption method and the decryption unit corresponding to the new encryption method are installed within the certain period. A reproduction apparatus is mixed. In this mixed state, a provider who provides a content distribution service distributes both encrypted content data encrypted by the current encryption method and encrypted content data encrypted by the new encryption method, by the content distribution device. There is a need. In addition, the content playback apparatus normally receives the encrypted content data encrypted by both the new and old systems distributed in this manner, and updates the decryption unit performed until the above-described predetermined period has elapsed, thereby updating the new content. It is necessary to be able to decrypt the encrypted content data by the method.

  However, for example, on the transmitting side of the current digital broadcast, the content distribution apparatus respectively transmits both the encrypted content data encrypted by the current encryption method and the encrypted content data encrypted by the new encryption method. Cannot be sent with identification. Further, the encrypted content data transmitted by the content distribution device and generated by the above two encryption methods cannot be normally received and decrypted normally by the current receiving device. In other words, as a current digital broadcasting transmission / reception system, it is possible to decrypt current content receiving device that can decrypt only encrypted content data encrypted by the current encryption method and encrypted content data encrypted by the new encryption method. There is no technical mechanism that enables mixed operation with new receivers.

  The present invention has been made in view of the above circumstances. For example, in the switching of an encryption method during operation of a content distribution service in which a content distribution company distributes encrypted content data to a number of decryption devices simultaneously, this switching period The present invention provides an encryption device, a decryption device, an encryption program, and a decryption program that can maintain the security (confidentiality) of encrypted content data at a high level and allow the current encryption method and a new encryption method to be mixed. For the purpose.

[1] In order to solve the above-described problem, an encryption apparatus according to an aspect of the present invention includes a data acquisition unit that acquires encoded content data, and a first encryption of the encoded content data acquired by the data acquisition unit. An encryption unit that generates encrypted data by encrypting each of the encryption method and the second encryption method, and converts the encrypted data generated by the encryption unit into a transport stream, for each transport stream for each encryption method A packet identifier associated with an encryption method is provided in a packet identifier area of a header of each transport stream packet, and an encrypted packet generation unit that generates encrypted packet data is associated with the first encryption method. Provided in the elementary packet identifier area of the program map table, Generating descriptor information including a second packet identifier associated with two encryption methods, providing the descriptor information in an elementary stream loop area of the program map table, and plaintext packet data including the program map table A plaintext packet generator to generate, and a packet combiner to generate a stream by combining the encrypted packet data generated by the encrypted packet generator and the plaintext packet data generated by the plaintext packet generator. It is characterized by providing.
Here, the encoded content data is, for example, encoded content data of video that has been compression-encoded based on the MPEG-2 video standard. Further, the first encryption method is, for example, a current encryption method. Further, the second encryption method is, for example, an encryption method (new encryption method) different from the current one. Further, the plaintext packet generation unit provides the first packet identifier associated with the first encryption method applied to the encryption unit in the elementary packet identifier area of the program map table. In addition, the plaintext packet generation unit associates the second packet identifier associated with the second encryption method, the encryption identifier for identifying the second encryption method, and information (parameter) related to the decryption of the second encryption method. Generate a simul scramble descriptor containing Then, the plaintext packet generation unit 125 provides the simul scramble identifier in the descriptor area (descriptor area 2) in the elementary stream loop area of the program map table. Then, the plaintext packet generation unit generates plaintext packet data by sectioning the program map table.

[2] The encryption apparatus according to [1], further including a start code detection unit that detects a predetermined start code from the encoded content data captured by the data acquisition unit, wherein the encryption unit includes the code Encrypting block data including the start code and a part of the variable length code after the start code in the encrypted content data to generate encrypted data by using the first encryption method and the second encryption method, respectively, The plaintext packet generation unit converts data excluding the block data from the encoded content data into a transport stream, and the first packet is included in a packet identifier area of a header included in each transport stream packet in the transport stream. Generating packet data provided with an identifier, and Also included in the plaintext packet data, characterized in that.
Here, the predetermined start code is, for example, a header start code included in each of the sequence layer, the GOP layer, the picture layer, and the slice layer in the data structure according to the MPEG-2 video standard. The predetermined start code may be the start code of the slice header in the slice layer in which the GOP layer is an I picture. The block data including the start code and a part of the variable length code after the start code is, for example, a code string including a slice header and at least the first 1 bit among the variable length codes existing after the slice header.

  [3] In the encryption device according to any one of [1] and [2], the plaintext packet generation unit associates an encryption identifier for identifying the second encryption method with the second packet identifier, and It is included in the descriptor information.

[4] In order to solve the above-described problem, a decryption device according to an aspect of the present invention transports encrypted data obtained by encrypting encoded content data using the first encryption method and the second encryption method, respectively. The encrypted packet data generated by providing a packet identifier associated with the encryption method in the packet identifier region of the header of each transport stream packet for each transport stream for each encryption method, Providing a first packet identifier associated with the first encryption scheme in an elementary packet identifier area of a program map table, generating descriptor information including a second packet identifier associated with the second encryption scheme, and Descriptor information is provided in the elementary stream loop area of the program map table. A stream acquisition unit that captures a stream generated by combining the plaintext packet data generated including the program map table, and the program map included in the plaintext packet data in the stream captured by the stream acquisition unit The descriptor information is extracted from the elementary stream loop area of the table, the second packet identifier is extracted from the descriptor information, and the encrypted packet data in the stream is extracted from the encrypted packet data into the packet identifier area of the header. A packet extraction unit for extracting the second encrypted packet data provided with two packet identifiers, and the encoded content by decoding the encrypted data included in the second encrypted packet data extracted by the packet extraction unit. A decryption unit for generating data; Characterized in that it comprises.
Here, the encoded content data is, for example, encoded content data of video that has been compression-encoded based on the MPEG-2 video standard. Further, the first encryption method is, for example, a current encryption method. Further, the second encryption method is, for example, an encryption method (new encryption method) different from the current one. In the program map table included in the plaintext packet data, the elementary packet identifier area is provided with a first packet identifier associated with the first encryption scheme, and a descriptor area (descriptor area) in the elementary stream loop area. 2) includes a second packet identifier associated with the second encryption method, an encryption identifier for identifying the second encryption method, and information (parameters) related to decryption of the second encryption method in association with each other. A scramble descriptor is provided.

  [5] In the decoding device according to [4], the stream acquisition unit includes block data including a predetermined start code and a portion of a variable length code after the start code in the encoded content data. The encrypted data obtained by encrypting each of the first encryption method and the second encryption method is converted into a transport stream, and a packet identifier of a header included in each transport stream packet for each transport stream for each encryption method Encrypted packet data generated by providing a packet identifier associated with an encryption method in the area and data excluding the block data from the encoded content data are converted into a transport stream, and each transport in the transport stream is converted. Head of port stream packet Packet data in which the first packet identifier is provided in the packet identifier area, and the first packet identifier is provided in the elementary packet identifier area of the program map table, and descriptor information including the second packet identifier is generated. The descriptor information is provided in the elementary stream loop area of the program map table, and the stream obtained by synthesizing the program map table and the plain text packet data generated including the packet data is captured. The packet extraction unit extracts the first packet identifier from the elementary packet identifier area of the program map table, and provides the first packet identifier in a packet identifier area of a header from the plaintext packet data of the stream. Before Packet data is also extracted, and the decrypting unit decrypts the encrypted data included in the second encrypted packet data to obtain decrypted data, and the block data is extracted from the packet data extracted by the packet extracting unit. Extracted data is extracted, and the encoded data is generated by synthesizing the decoded data and the data.

  [6] In the decryption device according to any one of [4] and [5], the descriptor information includes an encryption identifier for identifying the second encryption scheme in association with the second packet identifier, The packet extraction unit extracts, from the descriptor information, the second packet identifier that is associated with an encryption identifier that is the same as the own device encryption identifier in advance, and from the encrypted packet data of the stream, a header The second encrypted packet data in which the second packet identifier is provided in the packet identifier area is extracted.

  [7] In order to solve the above-described problem, an encryption program according to an aspect of the present invention includes a data acquisition unit that captures encoded content data, and the encoded content data captured by the data acquisition unit. An encryption unit that encrypts each of the first encryption method and the second encryption method to generate encrypted data, and converts the encrypted data generated by the encryption unit into a transport stream, and transports by encryption method An encrypted packet generator for generating encrypted packet data by providing a packet identifier associated with an encryption method in a packet identifier region of a header of each transport stream packet for each stream, and the first encryption method The first packet identifier associated with the elementary packet of the program map table Providing the descriptor information including a second packet identifier associated with the second encryption scheme in a separate region, providing the descriptor information in an elementary stream loop region of the program map table, and A plaintext packet generator that generates plaintext packet data including a map table, and the encrypted packet data generated by the encrypted packet generator and the plaintext packet data generated by the plaintext packet generator are combined to generate a stream. It functions as a packet synthesizer to be generated.

  [8] In order to solve the above-described problem, a decryption program according to an aspect of the present invention provides encrypted data obtained by encrypting encoded content data using a first encryption method and a second encryption method. Packet data generated by converting a packet into a transport stream and providing a packet identifier associated with the encryption method in the packet identifier region of the header of each transport stream packet for each transport stream for each encryption method And providing a first packet identifier associated with the first encryption scheme in an elementary packet identifier area of the program map table, and generating descriptor information including the second packet identifier associated with the second encryption scheme The descriptor information is stored in the element list of the program map table. A stream acquisition unit that captures a stream generated by combining the plaintext packet data generated including the program map table provided in the loop region, and the plaintext packet data in the stream captured by the stream acquisition unit The descriptor information is extracted from the elementary stream loop region of the program map table included in the program map table, the second packet identifier is extracted from the descriptor information, and from the encrypted packet data in the stream, a header A packet extraction unit that extracts the second encrypted packet data in which the second packet identifier is provided in a packet identifier region, and decrypts the encrypted data included in the second encrypted packet data extracted by the packet extraction unit The encoded content data A decoding unit that generates, to function as a.

  According to the present invention, for example, when a content distribution company operates a content distribution service that distributes encrypted content data to a number of decryption devices at the same time, the encryption of the encrypted content data during this switching period is safe. Therefore, it is possible to maintain a high level of secrecy (confidentiality) and to mix the current encryption method and the new encryption method, and to realize smooth switching of the receiving apparatus.

1 is a schematic configuration diagram of a content distribution system to which an encryption device and a decryption device according to a first embodiment of the present invention are applied. It is a block diagram which shows the function structure of a content server. It is a figure which shows the data structure of a transport stream packet. It is a conceptual diagram which shows the relationship between the packet data of video content and the program map table in the stream which the encryption server in the same embodiment produces | generates. It is a block diagram which shows the function structure of the encryption server in the embodiment. It is a block diagram which shows the function structure of a transmitter. It is a block diagram which shows the function structure of the receiver in the same embodiment. It is a flowchart which shows the procedure of the process which a content server performs. It is a flowchart which shows the procedure of the process which the encryption server in the embodiment performs. It is a flowchart which shows the procedure of the process which a transmitter performs. It is a flowchart which shows the procedure of the process which the receiver in the same embodiment performs. It is a conceptual diagram which shows the relationship between the packet data of a video content, and the program map table in the stream which the encryption server in 2nd Embodiment of this invention produces | generates. It is a block diagram which shows the function structure of the encryption server in the embodiment. It is a block diagram which shows the function structure of the receiver in the same embodiment. It is a figure which shows the schematic data structure of a slice layer among the hierarchical data structures of compression encoding content data. It is a flowchart which shows the procedure of the process which the encryption server in the embodiment performs. It is a flowchart which shows the procedure of the process which the receiver in the same embodiment performs.

Hereinafter, embodiments for carrying out the present invention will be described in detail with reference to the drawings.
[First Embodiment]
1st Embodiment of this invention is an example of the content delivery system which implement | achieves the content delivery service by the digital broadcasting which a broadcasting station implements. In the present embodiment, an example is described in which the encryption method (scramble method) applied to the content distribution service is switched from the current encryption method to a different encryption method (new encryption method) from the current one.

  FIG. 1 is a schematic configuration diagram of a content distribution system to which an encryption apparatus and a decryption apparatus according to this embodiment are applied. In FIG. 1, the content distribution system 1 includes a broadcast station device group 10, a transmission antenna 20, and a reception device 30. The receiving device 30 includes a decoding device. Actually, there are a large number of receiving apparatuses 30, but in this embodiment, four receiving apparatuses 30 (referred to as receiving apparatuses 30-1 to 30-4) are shown in order to simplify the drawing and simplify the description. Is illustrated. The broadcast station apparatus group 10 and the transmission antenna 20 are an apparatus group and equipment managed by the broadcast station. The receiving device 30 is a device managed by a viewer.

The broadcast station apparatus group 10 compresses and encodes content data produced by a broadcast station, a program production company, etc., and generates compression-encoded content data. Then, the broadcast station apparatus group 10 encrypts the compression-encoded content data by the method of the present embodiment and generates a stream. Then, the broadcast station apparatus group 10 converts the generated stream into a broadcast signal, and transmits this broadcast signal to the transmission antenna 20.
The broadcast station apparatus group 10 includes a content server 11, an encryption server 12, a transmission apparatus 13, and a network 14 as its functional configuration. The encryption server 12 includes an encryption device.

  The network 14 is a communication line that connects the content server 11, the encryption server 12, and the transmission device 13 to each other. For example, the network 14 is a computer network that can communicate with the Internet Protocol (IP). The content server 11, the encryption server 12, and the transmission device 13 communicate via the network 14.

  The content server 11 takes in content data and a coding rate from a content supply device (not shown). The content data is digital data including video data, audio data, and the like. In the present embodiment, the content data includes at least video data. The coding rate is a value indicating the capacity that can be used in the transmission path between the transmitting antenna 20 and the receiving device 30, that is, the usable bandwidth.

  The content server 11 executes compression encoding processing of content data, generates compression encoded content data having a capacity equal to or less than the encoding rate, and stores this compression encoded content data. The compression encoding process is, for example, an encoding process based on the MPEG-2 video standard or the MPEG-2 audio standard. This compression encoding process includes a variable length encoding process. That is, the compression-encoded content data is, for example, encoded content data of video that has been compression-encoded based on the MPEG-2 video standard, or encoded content of audio that has been compression-encoded based on the MPEG-2 audio standard It is data.

  The encryption server 12 takes in compression-encoded content data from the content server 11, and takes in control information (hereinafter also referred to as control information) related to digital broadcasting from, for example, a program organizing apparatus (not shown). The control information is information related to digital broadcasting, broadcasting programs, and the like. Specifically, the control information includes various Program Specific Information / Service Information (PSI / SI) information and a packet identifier (PID) associated with each encryption method.

  The encryption server 12 encrypts the compression-encoded content data by, for example, two types of encryption methods (first encryption method and second encryption method), respectively, and two (two systems) encrypted data (first encryption) Data and second encrypted data). The first encryption method is a current encryption method. The second encryption method is a different encryption method (new encryption method) from the current one. The encryption server 12 converts each of the two encrypted data into packet data, and provides each packet with a packet identifier associated with the encryption method to provide two (two systems) encrypted packet data (first encrypted packet data). And second encrypted packet data). The encryption server 12 also has a program map table (Program Map Table; PMT) including packet identifiers (first packet identifier and second packet identifier) associated with each of the two types of encryption methods based on the control information. And plaintext packet data including the PMT is generated. The PMT is a kind of PSI / SI and is a table for designating a packet identifier for identifying a packet storing data constituting a broadcast program. However, the receiving device 30 according to the present embodiment decrypts the second encrypted packet data encrypted by the second encryption method, and the conventional receiving device encrypts the first encrypted packet data encrypted by the first encryption method. The encryption server 12 generates a PMT corresponding to the encrypted packet data as follows.

That is, the encryption server 12 sets the first packet identifier associated with the first encryption scheme in the elementary packet identifier area of the PMT that can be recognized by both the receiving device 30 of the present embodiment and the conventional receiving device. Provide. In addition, the encryption server 12 is not recognized by the conventional receiving apparatus and is recognized by the receiving apparatus 30 in the second descriptor area (referred to as descriptor area 2) in the elementary stream loop area of the PMT. A simultaneous scramble identifier (descriptor information) including a second packet identifier associated with the encryption method, an encryption identifier for identifying the second encryption method, and information (parameters) related to the decryption of the second encryption method is provided.
The conventional receiving apparatus cannot recognize and detect the simulant scramble identifier provided in the descriptor area 2 of the PMT. The conventional receiving apparatus ignores the simul scramble identifier provided in the descriptor area 2 of the PMT and executes normal processing to be executed by the receiving apparatus in accordance with the basic processing requirements defined by the MPEG-2 system standard. . Therefore, the conventional receiving apparatus can normally receive and process both the conventional stream not provided with the simul scrambling identifier and the stream provided with the simul scrambling identifier. Details of the data structure of the PMT and the simul scrambling identifier will be described later.

  The encryption server 12 generates a stream by combining the two encrypted packet data and the plaintext packet data, and stores this stream. The stream is, for example, a transport stream (TS) defined by the MPEG-2 system standard.

The transmission device 13 takes in the stream from the encryption server 12, converts this stream into a broadcast signal for digital broadcasting, and transmits this broadcast signal to the transmission antenna 20.
The transmission antenna 20 radiates a broadcast radio wave by a broadcast signal supplied from the transmission device 13 of the broadcast station device group 10 into the air.

  The receiving apparatus 30 receives a broadcast signal by receiving the broadcast radio wave radiated from the transmission antenna 20, and acquires a stream from the broadcast signal. The receiving device 30 extracts the PMT from the stream, and from the descriptor area 2 of the PMT, receives a packet identifier (second packet identifier) associated with the same encryption identifier as the own device encryption identifier provided in the own device. ) Is extracted. Then, the receiving device 30 acquires the second encrypted packet data provided with the second packet identifier from the stream, and converts the second encrypted packet data into the second encrypted packet data using information related to the decryption of the second encryption method included in the simul scrambling identifier. The included second encrypted data is decrypted to obtain compressed encoded content data. The receiving device 30 then decodes the compression-encoded content data to generate content data, and presents this content data.

  FIG. 2 is a block diagram showing a functional configuration of the content server 11. As shown in the figure, the content server 11 includes a content acquisition unit 111, an encoding rate acquisition unit 112, a content compression encoding unit 113, a compression encoded content storage unit 114, and a compression encoded content supply unit 115. With.

The content acquisition unit 111 captures content data from the content supply device and supplies the content data to the content compression encoding unit 113. The content supply device is, for example, a storage device such as a magnetic hard disk device or a semiconductor disk device, a content editing device connected via the network 14, or the like.
The encoding rate acquisition unit 112 takes in an encoding rate from an encoding rate supply device (not shown), and supplies the encoding rate to the content compression encoding unit 113. The coding rate supply device is, for example, an input device such as a keyboard or a mouse, or a storage device such as a semiconductor memory.

  The content compression encoding unit 113 takes in the content data supplied from the content acquisition unit 111 and takes in the encoding rate supplied from the encoding rate acquisition unit 112. The content compression encoding unit 113 generates compression encoded content data having a data amount equal to or less than a specified encoding rate by executing compression encoding processing of the content data, and compression encodes the compression encoded content data This is supplied to the content storage unit 114. The compression encoding process is, for example, a video compression encoding process based on the MPEG-2 video standard. This compression encoding process includes, for example, a Huffman encoding process as the variable length encoding process.

  The compression-encoded content storage unit 114 stores the compression-encoded content data supplied from the content compression / encoding unit 113 as file data, for example.

  The compression-encoded content supply unit 115 reads the compression-encoded content data from the compression-encoded content storage unit 114 and supplies the compression-encoded content data to, for example, the encryption server 12.

Here, a data structure of a transport stream packet that is a packet of a stream generated by the encryption server 12 will be described.
FIG. 3 is a diagram illustrating a data configuration of the transport stream packet. As shown in the figure, a transport stream packet (hereinafter referred to as a TS packet) has a header part (header) and an adaptation field / payload part. The header part is 4-byte data. The adaptation field / payload portion is 184 bytes of data. That is, the TS packet is data having a fixed length of 188 bytes.

  The header portion includes a synchronization byte, a transport error indicator, a payload unit start indicator, a transport priority, a packet identifier (PID), a transport scramble control, an adaptation field control, and a continuity index. .

  The synchronization byte is 8-bit data indicating the head of the TS packet, and is 0x47 (hexadecimal number). The transport error indicator is a 1-bit flag indicating whether or not there is a bit error in the TS packet. When the transport error indicator is '1' (binary number), it indicates that there is an uncorrectable error of at least 1 bit in the TS packet. The payload unit start indicator is 1-bit data, and when it is '1' (binary number), it indicates that the start point of the payload of the TS packet is the start point or pointer of the PES packet. The transport priority is a 1-bit flag indicating the priority in TS packets having the same packet identifier, and indicates priority when it is ‘1’ (binary number). The packet identifier is 13-bit data that identifies the type of payload data.

  The transport scramble control is a 2-bit data area for identifying the scramble mode of the payload of the TS packet. The scramble control values stored in this transport scramble control area (transport scramble control area) are shown in Table 1 below.

  In the data structure of the scramble control value shown in Table 1, “no scramble” (“00” (binary number)) indicates that the payload of the TS packet is not scrambled (encrypted). “Undefined” (“01” (binary number)) indicates that it is not currently defined. "Even key" ('10' (binary number)) and "odd key" ('11' (binary number)) indicate the type of scramble key.

  The adaptation field control is a 2-bit data area indicating the type of configuration of the adaptation field / payload part. The adaptation field control values stored in the adaptation field control area (adaptation field control area) are shown in Table 2 below.

  The continuity index is 4-bit data that designates the order of TS packets having the same packet identifier, and increments by “1” (binary number) starting from “0000” (binary number), and becomes “1111”. After reaching (binary number), it returns to '0000' (binary number).

  The adaptation field / payload part is an area for storing the adaptation field and / or the payload according to the adaptation field control value stored in the adaptation field control. The adaptation field is information that extends the header part. The payload is the main body of information included in the TS packet.

  Next, the data structure of the PMT generated by the encryption server 12 will be described with reference to Table 3 below.

In the data structure of the program map table (PMT) shown in Table 3, table_id (8 bits) is an identifier of PMT and is 0x02 (hexadecimal number). The section_syntax_indicator (1 bit) is “1” (binary number). section_length (12 bits) is the data length from immediately after the field to the end of the PMT. program_number (16 bits) is service identification information of this PMT. version_number (5 bits) is the version number of the PMT. current_next_indicator (1 bit) indicates that this PMT is applied when it is “1” (binary number), and indicates that this PMT is applied next when it is “0” (binary number). . section_number (8 bits) is a section number. last_section_number (8 bits) is the maximum section number in this PMT. PCR_PID (13 bits) is a packet identifier of a TS packet that stores a program clock reference (PCR) of a program including this PMT. program_info_length (12 bits) is the data length ((8 × N) bits) of the loop provided in the next stage of the field. The loop provided in the next stage of program_info_length is a program loop (first loop, PMT first loop). This program loop area (program loop area) is a descriptor area 1 and is provided with first descriptor information. The loop provided in the next stage of the program loop is an elementary stream loop (second loop, PMT second loop). In this elementary stream loop area (elementary stream loop area), stream_type (8 bits) indicates the stream format of the target elementary stream. elementary_PID (13 bits) is a packet identifier of a TS packet that stores an associated elementary stream or payload. In the present embodiment, the elementary_PID area (elementary packet identifier area) is provided with a first packet identifier indicating a TS packet storing the first encrypted data encrypted by the first encryption method. ES_info_length (12 bits) is the data length ((8 × M) bits) of the descriptor information that starts immediately after the field. The loop provided at the next stage of ES_info_length is the descriptor area 2, and the second descriptor information is provided. In the present embodiment, in this embodiment, a simul scramble descriptor (simultaneous_scramble_descriptor) is provided in this descriptor area. CRC_32 (32 bits) is a cyclic redundancy check (CRC) value for the entire PMT.

  Next, an example of the data structure of the simul scramble descriptor provided in the descriptor area in the PMT elementary stream loop area will be described with reference to Table 4 below.

  In the data configuration example of the simul scramble descriptor shown in Table 4, descriptor_tag (8 bits) is tag information for identifying the simul scramble descriptor. descriptor_length (8 bits) is the data length from immediately after the field to the end of the simulant scramble descriptor. scramble_ID (8 bits) is an encryption identifier for identifying the second encryption method. ES_PID (13 bits) is a packet identifier of the second encrypted packet data. That is, in the ES_PID area, a second packet identifier indicating a TS packet in which the second encrypted data encrypted by the second encryption method is stored is provided. The loop provided in the next stage of ES_PID is a parameter loop. In the parameter loop area (parameter loop area), information related to the decryption of the second encryption method necessary for decrypting the second encrypted data is provided. The parameter loop can be omitted.

As shown in Table 1, the encryption server 12 stores the first encryption in the packet identifier area of the header part when storing the encrypted data encrypted by the current encryption method (first encryption method) in the payload of the TS packet. A first packet identifier associated with the scheme is provided, and a scramble control value “10” (binary number) indicating “even key” or “odd key” corresponding to the scramble key to be used is provided in the transport scramble control area of the header part. ) Or '11' (binary number).
In addition, when the encryption server 12 stores encrypted data encrypted by a different encryption method (second encryption method) from the current one in the payload of the TS packet, the encryption server 12 associates the packet identifier area of the header part with the second encryption method. Scramble control value “10” (binary number) or “11” indicating “even key” or “odd key” corresponding to the scramble key to be used in the transport scramble control area of the header portion. '(Binary number) is provided.

  Also, as shown in Tables 3 and 4, the encryption server 12 provides the first packet identifier associated with the first encryption scheme in the elementary packet identifier area in the elementary stream loop area. The encryption server 12 also encrypts the second packet identifier associated with the second encryption scheme and the second encryption scheme in the descriptor area (descriptor area 2) in the elementary stream loop area. And a simultaneous scramble descriptor including information related to decryption of the second encryption method.

  FIG. 4 is a conceptual diagram showing the relationship between video content packet data and PMT in a stream generated by the encryption server 12. As shown in the figure, the stream generated by the encryption server 12 is the first encrypted packet obtained by encrypting the compressed encoded content data by the first encryption method as the packet data (video packet) of the video content. Data and second encrypted packet data obtained by encrypting the compression-encoded content data by the second encryption method. The first encrypted packet data includes a first packet identifier (first PID) indicating the first encryption method. The second encrypted packet data includes a second packet identifier (second PID) indicating the second encryption method. In addition, this stream includes a first packet identifier in the elementary packet identifier area in the elementary stream loop area of the PMT corresponding to the video packet, and a simultaneous scramble description in which the second packet identifier is provided in the descriptor area. Includes children.

  FIG. 5 is a block diagram showing a functional configuration of the encryption server 12. As shown in the figure, the encryption server 12 includes a data acquisition unit 121, a storage unit 122, an encryption unit 123, an encrypted packet generation unit 124, a plaintext packet generation unit 125, and a packet synthesis unit 126. The stream storage unit 127 and the stream supply unit 128 are provided.

The data acquisition unit 121 takes in the compression encoded content data from the content server 11 and stores the compression encoded content data in the storage unit 122. In addition, the data acquisition unit 121 takes in control information related to digital broadcasting from, for example, a program organization device (not shown), and stores the control information in the storage unit 122.
The storage unit 122 stores the compression-encoded content data and control information supplied from the data acquisition unit 121. The storage unit 122 is realized by, for example, a semiconductor storage device.

  The encryption unit 123 reads the compression-encoded content data from the storage unit 122, encrypts the compression-encoded content data with each of two types of encryption methods, and generates two (two systems) encrypted data. The encryption unit 123 includes a first encryption unit 123-1 and a second encryption unit 123-2 as its functional configuration. In the present embodiment, the first encryption unit 123-1 executes encryption processing using the current encryption method (first encryption method). Further, the second encryption unit 123-2 executes an encryption process using an encryption method (second encryption method) different from the current one.

The first encryption unit 123-1 reads the compression-encoded content data stored in the storage unit 122 so as to match the payload size of the TS packet, and sequentially encrypts the read block data using the first encryption method. To generate first encrypted data.
Similarly, the second encryption unit 123-2 reads the compressed encoded content data from the storage unit 122 so as to match the payload size of the TS packet, and sequentially encrypts the read block data using the second encryption method. To generate second encrypted data.

  The encrypted packet generation unit 124 captures the two encrypted data generated by the encryption unit 123 and also captures packet identifiers corresponding to the two types of encryption methods from the plaintext packet generation unit 125. Then, the encrypted packet generation unit 124 converts each of the two encrypted data into a transport stream. Then, the encrypted packet generation unit 124 provides a packet identifier associated with the encryption method in the packet identifier region of the header part of each TS packet for each transport stream for each encryption method, and provides two (2 System) encrypted packet data is generated. For example, the encrypted packet generation unit 124 determines the size of the header portion and the adaptation field of the TS packet, that is, the size of the payload, and then captures the encrypted data so as not to exceed the payload size. The encrypted packet generation unit 124 includes a first encrypted packet generation unit 124-1 and a second encrypted packet generation unit 124-2 as its functional configuration. The first encrypted packet generator 124-1 and the second encrypted packet generator 124-2 have the same configuration.

  The first encrypted packet generation unit 124-1 takes in the first encrypted data from the first encryption unit 123-1, and converts the first encrypted data into a transport stream. Then, the first encrypted packet generation unit 124-1 has a scramble control value ('10') indicating an even key or an odd key corresponding to the scramble key to be used in the transport scramble control area included in the header portion of each TS packet. (Binary number) or '11' (binary number)). Then, the first encrypted packet generation unit 124-1 provides the first packet identifier taken from the plaintext packet generation unit 125 in the packet identifier region included in the header portion of each TS packet. Thus, the first encrypted packet generator 124-1 generates the first encrypted packet data. The first encrypted packet generation unit 124-1 supplies the first encrypted packet data to the packet combining unit 126.

  The second encrypted packet generation unit 124-2 takes in the second encrypted data from the second encryption unit 123-2, and takes in the second packet identifier from the plaintext packet generation unit 125. Then, the second encrypted packet generation unit 124-2 performs the same processing as the first encrypted packet generation unit 124-1, generates second encrypted packet data, and uses the second encrypted packet data as the second encrypted packet data. This is supplied to the packet combining unit 126.

  The plaintext packet generation unit 125 reads the packet identifiers corresponding to the two types of encryption methods from the storage unit 122 and supplies these two packet identifiers to the encrypted packet generation unit 124.

Further, the plaintext packet generation unit 125 reads the control information from the storage unit 122, and converts various PSI / SI into a transport stream based on the control information. For example, the plaintext packet generation unit 125 provides the first packet identifier associated with the first encryption method among the two types of encryption methods applied to the encryption unit 123 in the elementary packet identifier region of the PMT. Further, the plaintext packet generation unit 125, for example, a second packet identifier associated with the second encryption method among the two types of encryption methods, an encryption identifier for identifying the second encryption method, and a second encryption method A simultaneous scramble descriptor including information related to decoding is generated in association with each other. Then, the plaintext packet generation unit 125 provides the simul scramble identifier in the descriptor area in the PMT elementary stream loop area. Then, the plaintext packet generation unit 125 divides the PMT into sections and generates plaintext packet data.
The plaintext packet generator 125 supplies the plaintext packet data to the packet synthesizer 126.

  The packet synthesizing unit 126 synthesizes the two encrypted packet data supplied from the encrypted packet generating unit 124 and the plain text packet data supplied from the plain text packet generating unit 125 to generate a stream.

  Specifically, the packet combining unit 126 includes the first encrypted packet data supplied from the first encrypted packet generation unit 124-1, and the second encrypted packet data supplied from the second encrypted packet generation unit 124-2. And plaintext packet data supplied by the plaintext packet generation unit 125 is captured. Then, the packet combining unit 126 generates a stream by concatenating the first encrypted packet data, the second encrypted packet data, and the plaintext packet data, and supplies this stream to the stream storage unit 127. As a concatenation method, for example, the packet combining unit 126 converts the first encrypted packet data, the second encrypted packet data, and the plaintext packet data into, for example, the first encrypted packet data, the second encrypted packet data, and the plaintext packet. A stream is generated by concatenating data in the order, and this stream is stored in the stream storage unit 127.

Note that the order in which the packet combining unit 126 connects the first encrypted packet data, the second encrypted packet data, and the plaintext packet data is not limited to the above order, and the first encrypted packet data and the second encrypted packet Connection by all combinations of data and plaintext packet data is possible.
Further, the packet combining unit 126 may arbitrarily combine the first encrypted packet data, the second encrypted packet data, and the plaintext packet data in units of TS packets.

The stream storage unit 127 stores the stream supplied from the packet combining unit 126. The stream storage unit 127 is realized by a storage device such as a magnetic disk device or a semiconductor disk device, for example.
The stream supply unit 128 reads a stream from the stream storage unit 127 and supplies this stream to, for example, the transmission device 13.

  FIG. 6 is a block diagram illustrating a functional configuration of the transmission device 13. As shown in the figure, the transmission device 13 includes a stream acquisition unit 131, a broadcast signal generation unit 132, and a broadcast signal transmission unit 133.

The stream acquisition unit 131 takes in the stream from the encryption server 12 and supplies this stream to the broadcast signal generation unit 132.
The broadcast signal generation unit 132 takes in the stream supplied from the stream acquisition unit 131, modulates the stream to convert it into a digital broadcast signal, and supplies the broadcast signal to the broadcast signal transmission unit 133. Broadcast signal specifications are defined by, for example, ARIB (Association of Radio Industries and Broadcast) standards.
The broadcast signal transmission unit 133 takes in the broadcast signal supplied by the broadcast signal generation unit 132 and transmits this broadcast signal to the transmission antenna 20.

  FIG. 7 is a block diagram illustrating a functional configuration of the receiving device 30. As shown in the figure, the reception device 30 includes a decryption key storage unit 301, a broadcast signal reception unit (stream acquisition unit) 302, a packet extraction unit 303, a decryption unit 304, and a compression-encoded content decryption unit 305. A content processing unit 306.

  The decryption key storage unit 301 has a first decryption key for decrypting the first encrypted data obtained by encryption using the first encryption method or a second encryption obtained by encryption using the second encryption method. One of the second decryption keys for decrypting the data and the own device encryption identifier for identifying the decryption key are stored in association with each other. The decryption key storage unit 301 is, for example, an IC card that stores a decryption key and its own device encryption identifier. The decryption key storage unit 301 may be a storage device that guarantees the tamper resistance of the decryption key.

  For example, the broadcast signal receiving unit 302 takes in a broadcast signal obtained by receiving broadcast radio waves with a receiving antenna (not shown) connected to the receiving device 30. Then, the broadcast signal receiving unit 302 demodulates the broadcast signal to acquire a stream, and supplies this stream to the packet extraction unit 303.

  The packet extraction unit 303 takes in the stream supplied from the broadcast signal reception unit 302. Then, the packet extraction unit 303 searches for the simulant scramble identifier from the identifier area in the PMT elementary stream loop area included in the stream. When the packet extraction unit 303 detects the simul scrambling identifier, the packet extraction unit 303 reads the local device encryption identifier from the decryption key storage unit 301, and extracts the simul scrambling identifier including the same encryption identifier as the local device encryption identifier from the PMT. . Then, the packet extraction unit 303 extracts the packet identifier (in this case, the second packet identifier) and information related to the decryption of the second encryption method from the simul scramble identifier. Then, the packet extraction unit 303 extracts, from the two encrypted packet data included in the stream, the encrypted packet data in which the second packet identifier is provided in the packet identifier area of the header, that is, the second encrypted packet data. . Then, the packet extraction unit 303 supplies the second encrypted packet data and information related to the decryption of the second encryption method extracted from the stream to the decryption unit 304.

  The packet extraction unit 303 extracts the first packet identifier from the elementary packet identifier region in the elementary stream loop region of the PMT when the simul- scramble identifier is not detected from the region of the identifier in the elementary stream loop region of the PMT. . Then, the packet extraction unit 303 extracts the encrypted packet data in which the first packet identifier is provided in the packet identifier area of the header part, that is, the first encrypted packet data, from the two encrypted packet data included in the stream. . Then, the packet extraction unit 303 supplies the first encrypted packet data extracted from the stream to the decryption unit 304.

  When the packet extraction unit 303 outputs the first encrypted packet data, the decryption unit 304 takes in the first encrypted packet data, extracts the payload from the first encrypted packet data, synthesizes it, and performs the first encryption Generate data. Then, the decryption unit 304 reads the decryption key (first decryption key) associated with the own device encryption identifier from the decryption key storage unit 301, applies the decryption key to decrypt the first encrypted data, Compression-encoded content data that is decoded data is generated.

  Further, when the packet extraction unit 303 outputs the second encrypted packet data and information related to the decryption of the second encryption method, the decryption unit 304 includes the second encrypted packet data and the information related to the decryption of the second encryption method, Capture. Then, the decryption unit 304 extracts the payload from the second encrypted packet data and combines them to generate second encrypted data. Then, the decryption unit 304 reads the decryption key (second decryption key) associated with the own device encryption identifier from the decryption key storage unit 301, and applies the decryption key and information related to decryption of the second encryption method. Then, the second encrypted data is decrypted to generate compressed encoded content data that is the decrypted data. The decoding unit 304 supplies the compression-encoded content data that is the decoded data to the compression-encoded content decoding unit 305.

  The compression-encoded content decoding unit 305 takes in compression-encoded content data that is decoded data supplied by the decoding unit 304. The compression-encoded content decoding unit 305 decodes the compression-encoded content data into content data, and supplies this content data to the content processing unit 306.

  The content processing unit 306 takes in the content data supplied from the compression-encoded content decoding unit 305. Then, the content processing unit 306 displays the content data on a display device (not shown) and outputs the sound on a sound output device (not shown).

Next, the operation of the content distribution system 1 in the first embodiment will be described.
FIG. 8 is a flowchart showing a procedure of processing executed by the content server 11.
In step S <b> 11, the content acquisition unit 111 takes in content data from the content supply device, and supplies this content data to the content compression encoding unit 113. The content compression encoding unit 113 takes in the content data supplied from the content acquisition unit 111.
Next, in step S <b> 12, the encoding rate acquisition unit 112 takes in the encoding rate from the encoding rate supply device, and supplies this encoding rate to the content compression encoding unit 113. The content compression encoding unit 113 takes in the encoding rate supplied by the encoding rate acquisition unit 112.

Next, in step S13, the content compression encoding unit 113 executes compression encoding processing of the content data to generate compression encoded content data having a capacity value equal to or less than the encoding rate, and this compression encoded content data Is supplied to the compression-encoded content storage unit 114.
Next, in step S14, the compression-encoded content storage unit 114 stores the compression-encoded content data supplied from the content compression / encoding unit 113, for example, as file data.

FIG. 9 is a flowchart showing a procedure of processing executed by the encryption server 12.
In step S <b> 31, the data acquisition unit 121 takes in the compressed encoded content data from the content server 11 and stores the compressed encoded content data in the storage unit 122. Next, the data acquisition unit 121 takes in control information related to digital broadcasting from, for example, a program organization device, and stores the control information in the storage unit 122.

  Next, in step S32, the encryption unit 123 reads the compression-encoded content data from the storage unit 122, encrypts the compression-encoded content data with each of the two types of encryption methods, and provides two (two systems) encryptions. Generate data. Specifically, the first encryption unit 123-1 reads the compressed encoded content data stored in the storage unit 122 so as to match the payload size of the TS packet, and reads the read block data into the first encryption method. The first encrypted data is generated by sequentially encrypting. The second encryption unit 123-2 reads the compression-encoded content data stored in the storage unit 122 so as to match the payload size of the TS packet, and sequentially reads the read block data using the second encryption method. Encrypt to generate second encrypted data.

  Next, in step S <b> 33, the encrypted packet generation unit 124 captures the two encrypted data generated by the encryption unit 123 and captures packet identifiers corresponding to the two types of encryption methods from the plaintext packet generation unit 125. Next, the encrypted packet generation unit 124 converts each of the two encrypted data into a transport stream. Next, the encrypted packet generation unit 124 provides a packet identifier associated with the encryption method in the packet identifier region of the header part of each TS packet for each transport stream for each encryption method, (2 systems) of encrypted packet data is generated.

  Specifically, the first encrypted packet generation unit 124-1 takes in the first encrypted data from the first encryption unit 123-1, and converts the first encrypted data into a transport stream. Next, the first encrypted packet generation unit 124-1 has a scramble control value ('10 indicating the even key or the odd key corresponding to the scramble key to be used in the transport scramble control area included in the header part of each TS packet. '(Binary number) or' 11 '(binary number)) is provided. Next, the first encrypted packet generation unit 124-1 provides the first packet identifier taken from the plaintext packet generation unit 125 in the packet identifier region included in the header portion of each TS packet. Thus, the first encrypted packet generator 124-1 generates the first encrypted packet data. Next, the first encrypted packet generation unit 124-1 supplies the first encrypted packet data to the packet combining unit 126.

  In addition, the second encrypted packet generation unit 124-2 takes in the second encrypted data from the second encryption unit 123-2 and converts the second encrypted data into a transport stream. Next, the second encrypted packet generation unit 124-2 has a scramble control value ('10 indicating the even key or the odd key corresponding to the scramble key to be used, in the transport scramble control area included in the header part of each TS packet. '(Binary number) or' 11 '(binary number)) is provided. Next, the second encrypted packet generation unit 124-2 provides the second packet identifier fetched from the plaintext packet generation unit 125 in the packet identifier region included in the header portion of each TS packet. Thus, the second encrypted packet generator 124-2 generates second encrypted packet data. Next, the second encrypted packet generator 124-2 supplies the second encrypted packet data to the packet combiner 126.

  Next, the plaintext packet generation unit 125 reads the control information from the storage unit 122, and converts various PSI / SI into a transport stream based on the control information. For example, the plaintext packet generation unit 125 provides the first packet identifier associated with the first encryption method among the two types of encryption methods applied to the encryption unit 123 in the elementary packet identifier region of the PMT. Further, the plaintext packet generation unit 125, for example, a second packet identifier associated with the second encryption method among the two types of encryption methods, an encryption identifier for identifying the second encryption method, and a second encryption method A simultaneous scramble descriptor including information related to decoding is generated in association with each other. Next, the plaintext packet generation unit 125 provides the simul scramble identifier in the descriptor area in the PMT elementary stream loop area. Next, the plaintext packet generation unit 125 divides the PMT into sections to generate plaintext packet data. Next, the plaintext packet generation unit 125 supplies the plaintext packet data to the packet synthesis unit 126.

  Note that the encrypted packet generation unit 124 and the plaintext packet generation unit 125 may execute either process first or in parallel.

  Next, in step S34, the packet combining unit 126 combines the two encrypted packet data supplied from the encrypted packet generation unit 124 and the plaintext packet data supplied from the plaintext packet generation unit 125 to generate a stream. . Specifically, the packet combining unit 126 includes the first encrypted packet data supplied from the first encrypted packet generation unit 124-1, and the second encrypted packet data supplied from the second encrypted packet generation unit 124-2. And plaintext packet data supplied by the plaintext packet generation unit 125 is captured. Next, the packet combining unit 126 generates a stream by concatenating the first encrypted packet data, the second encrypted packet data, and the plaintext packet data, and supplies this stream to the stream storage unit 127.

  Next, in step S <b> 35, the stream storage unit 127 stores the stream supplied by the packet combining unit 126.

FIG. 10 is a flowchart illustrating a procedure of processing executed by the transmission device 13.
In step S 51, the stream acquisition unit 131 takes in the stream from the encryption server 12 and supplies this stream to the broadcast signal generation unit 132.
Next, in step S <b> 52, the broadcast signal generation unit 132 takes in the stream supplied from the stream acquisition unit 131, modulates this stream, converts it into a digital broadcast signal, and sends the broadcast signal to the broadcast signal transmission unit 133. Supply.
Next, in step S <b> 53, the broadcast signal transmission unit 133 takes in the broadcast signal supplied by the broadcast signal generation unit 132 and transmits this broadcast signal to the transmission antenna 20.

FIG. 11 is a flowchart illustrating a procedure of processing executed by the receiving device 30.
In step S <b> 71, the broadcast signal receiving unit 302 takes in a broadcast signal obtained by receiving broadcast radio waves with a receiving antenna connected to the receiving device 30, for example. Next, the broadcast signal receiving unit 302 acquires a stream by demodulating the broadcast signal, and supplies this stream to the packet extraction unit 303.

  Next, in step S <b> 72, the packet extraction unit 303 takes in the stream supplied from the broadcast signal reception unit 302. Next, the packet extraction unit 303 searches for the simulant scramble identifier from the identifier area in the PMT elementary stream loop area included in the stream. When the packet extraction unit 303 detects the simul scrambling identifier, the packet extraction unit 303 reads the local device encryption identifier from the decryption key storage unit 301, and extracts the simul scrambling identifier including the same encryption identifier as the local device encryption identifier from the PMT. . Next, the packet extraction unit 303 extracts a packet identifier (in this case, the second packet identifier) and information related to the decryption of the second encryption method from the simul scrambling identifier. Next, the packet extraction unit 303 extracts the encrypted packet data in which the second packet identifier is provided in the packet identifier area of the header, that is, the second encrypted packet data, from the two encrypted packet data included in the stream. To do. Next, the packet extraction unit 303 supplies the second encrypted packet data extracted from the stream and information related to the decryption of the second encryption method to the decryption unit 304.

  On the other hand, when the packet extraction unit 303 does not detect the simul scramble identifier from the identifier region in the elementary stream loop region of the PMT, the packet extraction unit 303 obtains the first packet identifier from the elementary packet identifier region in the elementary stream loop region of the PMT. Extract. Next, the packet extraction unit 303 extracts the encrypted packet data in which the first packet identifier is provided in the packet identifier area of the header, that is, the first encrypted packet data, from the two encrypted packet data included in the stream. To do. Next, the packet extraction unit 303 supplies the first encrypted packet data extracted from the stream to the decryption unit 304.

  When the packet extraction unit 303 outputs the first encrypted packet data in the process of step S72, in step S73, the decryption unit 304 takes in the first encrypted packet data, and loads the payload from the first encrypted packet data. Extracted and combined to generate first encrypted data. Next, the decryption unit 304 reads the decryption key associated with the self-device encryption identifier from the decryption key storage unit 301, applies the decryption key to decrypt the first encrypted data, and compresses the decrypted data. Encoded content data is generated.

  On the other hand, when the packet extraction unit 303 outputs the second encrypted packet data and the information related to the decryption of the second encryption method in the process of step S72, the decryption unit 304 determines that the second encrypted packet data and the second encryption method And information related to the decoding of. Next, the decryption unit 304 extracts the payload from the second encrypted packet data and combines them to generate second encrypted data. Next, the decryption unit 304 reads the decryption key (second decryption key) associated with its own device encryption identifier from the decryption key storage unit 301, and obtains the decryption key and information related to decryption of the second encryption method. The second encrypted data is decrypted by applying the compressed encrypted content data, which is decrypted data. Next, the decoding unit 304 supplies the compression-encoded content data that is the decoded data to the compression-encoded content decoding unit 305.

  Next, in step S74, the compression-encoded content decoding unit 305 takes in the compression-encoded content data that is the decoded data supplied by the decoding unit 304. Next, the compression-encoded content decoding unit 305 decodes the compression-encoded content data into content data, and supplies this content data to the content processing unit 306.

Here, the operation when a conventional receiving apparatus capable of decrypting only encrypted data encrypted by the current encryption method (first encryption method) takes in the stream generated by the encryption server 12 will be described. . Since the packet extraction unit included in the conventional receiving apparatus does not recognize the simulant scramble descriptor provided in the descriptor area 2 of the PMT in the elementary stream loop area, the elementary packet is detected without detecting the simulant scramble descriptor. The first packet identifier provided in the identifier area is extracted. Then, the packet extraction unit extracts, from the two encrypted packet data included in the stream, the encrypted packet data in which the first packet identifier is provided in the packet identifier region of the header, that is, the first encrypted packet data. . In addition, the decryption unit included in the conventional receiving apparatus takes in the first encrypted packet data from the packet extraction unit, extracts the payload from the first encrypted packet data, and synthesizes the first encrypted data. Then, the decryption unit decrypts the first encrypted data by applying the decryption key possessed by the device, and generates compressed encoded content data that is the decrypted data.
As described above, the conventional receiving device can obtain the encoded content data by acquiring and decrypting the encrypted data encrypted by the current encryption method even if the stream generated by the encryption server 12 is captured. .

  As described above, the encryption server 12 according to the first embodiment generates a stream by encrypting only the compression-encoded content data for the control information and the compression-encoded content data related to digital broadcasting. Therefore, since the receiving device 30 that does not have the correct decryption key cannot decrypt the encrypted packet data, it cannot obtain the compression-encoded content data.

  Further, the encryption server 12 encrypts and generates the compression-encoded content data by using the first encryption method (current encryption method) and the second encryption method (an encryption method different from the current one, for example, a new encryption method). One encrypted packet data is included in one stream. In this case, the encryption server 12 uses the first packet identifier associated with the first encryption scheme in the elementary packet identifier area in the PMT that can be recognized by both the receiving device 30 of the present embodiment and the conventional receiving device. Is provided. Then, the encryption server 12 receives the second descriptor associated with the second encryption scheme in the descriptor area in the elementary stream loop area of the PMT that is not recognized by the conventional receiving apparatus and recognized by the receiving apparatus 30. A simultaneous scramble identifier including a packet identifier, an encryption identifier for identifying the second encryption method, and information related to decryption of the second encryption method is provided.

  Also, the receiving device 30 that has received the stream searches the PMT for a simul scramble identifier. When the receiving device 30 detects the simul scrambling identifier from the PMT, the receiving device 30 extracts the simul scrambling identifier including the same encryption identifier as the own device encryption identifier, and the packet identifier (second packet identifier) and the second scrambling identifier from the simul scrambling identifier. 2. Information related to decryption of encryption is extracted. Then, the receiving device 30 extracts the second encrypted packet data associated with the second packet identifier from the stream, and decrypts the second encrypted data using the information related to the decryption of the second encryption, Get content data.

  Further, when the receiving device 30 does not have the own device encryption identifier indicating the second encryption method, the receiving device 30 extracts the first packet identifier associated with the first encryption method from the elementary packet identifier region of the PMT. Then, the encryption server 12 acquires the content data by extracting the first encrypted packet data associated with the first packet identifier from the stream and decrypting the first encrypted data.

  Therefore, according to the first embodiment of the present invention, for example, in the switching of the encryption method during the operation of the content distribution service in digital broadcasting, the security (confidentiality) of the encrypted content data is kept high during this switching period and A mixture of the current encryption method and the new encryption method can be realized. Thereby, smooth update and switching of the encryption method of the receiving apparatus can be realized.

[Second Embodiment]
2nd Embodiment of this invention has the structure which changed the encryption server 12 and the receiver 30 into the encryption server 12a and the receiver 30a with respect to 1st Embodiment mentioned above.

  The encryption server 12a encrypts block data, which is a part of compression-encoded content data, using, for example, two types of encryption methods (first encryption method and second encryption method), respectively, and two (two systems) encryption Data (first encrypted data and second encrypted data) is generated. The block data includes information necessary for synchronization in the decoding process of the compression-encoded content data. Similar to the first embodiment, the first encryption method is the current encryption method. The second encryption method is a different encryption method (new encryption method) from the current one. The encryption server 12a converts each of the two encrypted data into packet data, and provides each packet with a packet identifier associated with the encryption method to provide two (two systems) encrypted packet data (first encrypted packet data). And second encrypted packet data). Further, the encryption server 12a generates a PMT including packet identifiers (first packet identifier and second packet identifier) associated with each of the two types of encryption methods based on the control information. Then, the encryption server 12a generates plaintext packet data by converting the data excluding block data and the PMT into packet data in the compressed encoded content data. The encryption server 12a combines the two encrypted packet data and the plaintext packet data to generate a stream, and stores this stream.

  The receiving device 30a receives a broadcast signal by receiving the broadcast radio wave radiated from the transmission antenna 20, and acquires a stream from the broadcast signal. The receiving device 30a extracts the PMT from the stream, and from the descriptor area 2 of the PMT, a packet identifier (second packet identifier) associated with the same encryption identifier as the own device encryption identifier provided in the own device. ) Is extracted. Then, the receiving device 30a acquires the second encrypted packet data provided with the second packet identifier from the stream, and uses the second encryption packet data included in the second encrypted packet data using the information regarding the decryption included in the simul scrambling identifier. The block data is obtained by decoding the digitized data. In addition, the receiving device 30a acquires data excluding block data in the compression-encoded content data from the plaintext packet data. Then, the receiving device 30a combines the block data with the data excluding the block data in the compression encoded content data, and generates the compression encoded content data. Then, the receiving device 30a decodes the compression-encoded content data to generate content data, and presents the content data.

  FIG. 12 is a conceptual diagram showing the relationship between video content packet data and PMT in a stream generated by the encryption server 12a. As shown in the figure, the stream generated by the encryption server 12a is the first obtained by encrypting the block data in the compression-encoded content data as the packet data (video packet) of the video content using the first encryption method. Encrypted packet data, second encrypted packet data obtained by encrypting the block data by the second encryption method, and plaintext data of data excluding block data in the compression-encoded content data. The first encrypted packet data includes a first packet identifier (first PID) indicating the first encryption method. The second encrypted packet data includes a second packet identifier (second PID) indicating the second encryption method. The plaintext data includes a first packet identifier. In addition, this stream includes a first packet identifier in the elementary packet identifier area in the elementary stream loop area of the PMT corresponding to the video packet, and a simultaneous scramble description in which the second packet identifier is provided in the descriptor area. Includes children.

  FIG. 13 is a block diagram showing a functional configuration of the encryption server 12a. As shown in the figure, the encryption server 12a further includes a start code detection unit 129 and a start code detection unit 130 with respect to the encryption server 12 of the first embodiment. Further, the encryption server 12a is different from the encryption server 12 in that the data acquisition unit 121, the storage unit 122, the encryption unit 123, the plaintext packet generation unit 125, the data acquisition unit 121a, and the storage unit 122a. And an encryption unit 123a and a plaintext packet generation unit 125a.

  The data acquisition unit 121a takes in the compression encoded content data from the content server 11 and supplies this compression encoded content data to the start code detection unit 129. In addition, the data acquisition unit 121a takes in control information related to digital broadcasting from, for example, a program organization device (not shown), and supplies this control information to the storage unit 122a.

  The start code detection unit 129 takes in the compressed encoded content data supplied from the data acquisition unit 121a. Then, the start code detection unit 129 detects the start code of the predetermined data area by analyzing the code string of the compression encoded content data. For example, the start code detection unit 129 detects the start code in each of a plurality of types of data areas from the compression encoded content data, and specifies the position of the start code.

  Here, an example in which the compression-encoded content data is MPEG-2 video file data that has been compression-encoded and filed based on the MPEG-2 video standard will be specifically described. In this example, the compression-encoded content data has a data structure according to the MPEG-2 video standard. Specifically, the compression-encoded content data includes, for example, a sequence layer (Sequence Layer), a GOP layer (Group Of Picture Layer), a picture layer (Picture Layer), a slice layer (Slice Layer), and a macro block layer (Macro). It has a 6-layer hierarchical data structure up to a block layer and a block layer. Of these six layers, the sequence layer is the highest layer, and the block layer is the lowest layer.

  The sequence layer includes attributes common to a series of frame images (eg, image size, aspect ratio, frame rate, etc.). The sequence layer includes a sequence header which is a data area. The sequence header has a 32-bit start code (Start Code) from the beginning. This start code is a start code (start synchronization code) of the sequence layer.

  The GOP layer defines a GOP that is a minimum unit of an image group. The GOP layer includes a GOP header that is a data area. The GOP header has a start code (Start Code) having a 32-bit length from the beginning. This start code is a start code (start synchronization code) of the GOP layer.

  The picture layer includes attributes (eg, picture display order, picture type, etc.) regarding the frame image. The picture layer includes a picture header that is a data area. The picture header has a 32-bit length start code (Start Code) from the beginning. This start code is a start code (start synchronization code) of the picture layer.

  The slice layer includes attributes common to slices obtained by dividing one frame image (for example, quantization scale, intra slice information, etc.). The slice layer includes a slice header that is a data area. The slice header has a 32-bit start code (Start Code) from the beginning. This start code is a start code (start synchronization code) of the slice layer.

The macroblock layer includes attributes common to macroblocks that are pixel blocks (for example, motion vector values). The macroblock layer includes a macroblock header that is a data area. However, this macroblock header does not include a start code. The data included in the macroblock layer includes a variable length code.
The block layer includes coding coefficients (for example, discrete cosine transform (DCT) coefficients).

  When the compression-encoded content data includes compression-encoded audio data that is compression-encoded based on the MPEG-2 audio standard, the compression-encoded audio data has a data structure according to the MPEG-2 audio standard. In the data structure according to the MPEG-2 audio standard, the predetermined start code is, for example, an Audio Data Transport Stream (ADTS) header.

  The start code detection unit 129 supplies the compression encoded content data to the storage unit 122a. Further, the start code detection unit 129 supplies start code position information indicating the position of the start code in each data area to the storage unit 122a. Specifically, the start code detection unit 129 counts the number of bits from the beginning of the compression-encoded content data (the beginning of the file) to the start code of the header included in each of the sequence layer, the GOP layer, the picture layer, and the slice layer. The number of bits is supplied to the storage unit 122a as start code position information.

  The start code detection unit 129 may set the count start position for counting the number of bits as an arbitrary predetermined position (for example, the start of the sequence header) instead of the start of the compression encoded content data. .

  The storage unit 122a stores control information supplied from the data acquisition unit 121a. In addition, the storage unit 122a stores the compression encoded content data and start code position information supplied from the start code detection unit 129. The storage unit 122a stores the start code position information supplied from the start code detection unit 130. The storage unit 122a is realized by a semiconductor storage device, for example.

  The plaintext packet generation unit 125a reads the compression encoded content data and the start code position information from the storage unit 122a. Then, the plaintext packet generation unit 125a converts data in a range from the beginning of the compression-encoded content data to the start code position indicated by the start code position information into a transport stream. For example, the plaintext packet generation unit 125a converts data in a range including the start code position in the slice header of the slice layer indicated by the start code position information from the head of the compression-encoded content data into a transport stream. Then, the plaintext packet generation unit 125a supplies the transport stream to the start code detection unit 130.

  In addition, the plaintext packet generation unit 125 a reads packet identifiers corresponding to the two types of encryption methods from the storage unit 122 a and supplies these two packet identifiers to the encrypted packet generation unit 124.

  The plaintext packet generation unit 125a reads the compression-encoded content data, start code position information, and control information from the storage unit 122a. The plaintext packet generator 125a packet-converts the compression-encoded content data and control information to generate a transport stream. Then, the plaintext packet generation unit 125a determines, based on the position of the start code indicated by the start code position information, from the transport stream, at least the first bit of the start code and the variable length code after the start code. The data excluding the code string (block data) including is extracted. Then, the plaintext packet generator 125a provides the first packet identifier associated with the first encryption scheme in the packet identifier area of the header of each TS packet included in the extracted data, and transport scramble control of the header A scramble control value “00” (binary number) indicating “no scramble” is provided in the area, and plaintext packet data is generated.

Specifically, the plaintext packet generation unit 125a reads MPEG-2 video file data, start code position information indicating the position of the start code in the slice header of the slice layer, and control information from the storage unit 122a. Then, the plaintext packet generation unit 125a converts the MPEG-2 video file data and the control information into a transport stream. Then, the plaintext packet generation unit 125a extracts data excluding a code string (block data) including a slice header and at least the first bit of a variable length code existing after the slice header from the transport stream. Then, the plaintext packet generation unit 125a provides a scramble control value (“00” (binary number)) indicating no scramble in the transport scramble control area included in the header portion of each TS packet. In this way, the plaintext packet generator 125a generates plaintext packet data.
The plaintext packet generation unit 125 a supplies the plaintext packet data to the packet synthesis unit 126.

  The start code detection unit 130 takes in the transport stream supplied by the plaintext packet generation unit 125a, detects a start code in a predetermined data area from the transport stream, and stores start code position information indicating the position of the start code. Store in the unit 122a.

  Specifically, when the compression-encoded content data included in the transport stream has a data structure according to the MPEG-2 video standard, the predetermined data area is, for example, from the sequence layer, the GOP layer, the picture layer, the slice layer, Among the six layers up to the macro block layer and the block layer, the slice layer is positioned at the lowest level as the layer including the start code. The start code detection unit 130 counts the number of bits from the beginning of the transport stream to the start code in the slice header, and stores the number of bits in the storage unit 122a as start code position information.

  The encryption unit 123a converts the block data including the start code and a part of the variable length code in the compression encoded content data based on the compression encoded content data and the start code information read from the storage unit 122a into two types of encryption schemes, respectively. To generate two (two systems) encrypted data.

  That is, the first encryption unit 123a-1 reads the compression encoded content data and the start code position information from the storage unit 122a. Then, the first encryption unit 123a-1 generates a code string (block data) including, from the compression-encoded content data, a fixed start code and at least the first 1 bit of the variable length code after the start code. , It is extracted to match the payload size of the TS packet. Then, the first encryption unit 123a-1 encrypts the extracted code string with the first encryption method to generate first encrypted data.

  Specifically, the first encryption unit 123a-1 reads the MPEG-2 video file data and the position information of the start code in the slice header of the slice layer from the storage unit 122a. Then, the first encryption unit 123a-1 converts a code string including a slice header and at least the first 1 bit of a variable length code existing after the slice header from the MPEG-2 video file data into a payload size of the TS packet. To match. Then, the first encryption unit 123a-1 encrypts the code string using the first encryption method and generates first encrypted data.

  The second encryption unit 123a-2 performs the same process as the first encryption unit 123a-1, thereby encrypting the code string extracted from the compressed encoded content data using the second encryption method and performing the second encryption. Generate data.

  FIG. 14 is a block diagram illustrating a functional configuration of the receiving device 30a. As shown in the figure, the receiving device 30a is configured such that the packet extracting unit 303 and the decoding unit 304 are changed to a packet extracting unit 303a and a decoding unit 304a with respect to the receiving device 30 of the first embodiment. Have

  The packet extraction unit 303a takes in the stream supplied from the broadcast signal reception unit 302. Then, the packet extraction unit 303a searches for the simulant scramble identifier from the identifier region in the PMT elementary stream loop region included in the stream.

  When the packet extraction unit 303a detects the simul scrambling identifier, the packet extraction unit 303a reads the local device encryption identifier from the decryption key storage unit 301, and extracts the simul scrambling identifier including the same encryption identifier as the local device encryption identifier from the PMT. . Then, the packet extraction unit 303a extracts a packet identifier (in this case, the second packet identifier) and information related to the decryption of the second encryption method from the simul scrambling identifier. Then, the packet extraction unit 303a extracts, from the two encrypted packet data included in the stream, encrypted packet data in which the second packet identifier is provided in the packet identifier region of the header part, that is, second encrypted packet data. . Then, the packet extracting unit 303a extracts the first packet identifier from the elementary packet identifier region in the PMT elementary stream loop region. The packet extraction unit 303a then provides the first packet identifier in the packet identifier area of the header part from the two encrypted packet data included in the stream, and “no scramble” in the transport scramble control area of the header part. Packet data provided with a scramble control value '00' (binary number) is extracted. Then, the packet extraction unit 303a supplies the second encrypted packet data, the information related to the decryption of the second encryption method, and the packet data extracted from the stream to the decryption unit 304a.

The packet extraction unit 303a extracts the first packet identifier from the elementary packet identifier region in the elementary stream loop region of the PMT when the simul- scramble identifier is not detected from the region of the identifier in the elementary stream loop region of the PMT. . Then, the packet extraction unit 303a extracts, from the two encrypted packet data included in the stream, encrypted packet data in which the first packet identifier is provided in the packet identifier area of the header part, that is, the first encrypted packet data. . Then, the packet extraction unit 303a is provided with a scramble control value '00' (binary number) indicating “no scramble” in the transport scramble control area of the header portion from the plaintext packet data included in the stream, and the header The first packet identifier is provided in the packet identifier area of the packet, and packet data is extracted.
Then, the packet extraction unit 303a supplies the first encrypted packet data and the packet data extracted from the stream to the decryption unit 304a.

  When the packet extraction unit 303a outputs the first encrypted packet data and the packet data, the decryption unit 304a takes in the first encrypted packet data and the packet data. Then, the decryption unit 304a extracts the payload from the first encrypted packet data and synthesizes it to generate the first encrypted data. Then, the decryption unit 304a reads the decryption key (first decryption key) associated with the own device encryption identifier from the decryption key storage unit 301, and decrypts the first encrypted data by applying this decryption key. Generate decrypted data.

  When the packet extraction unit 303a outputs the second encrypted packet data, information related to the decryption of the second encryption method, and the packet data, the decryption unit 304a deciphers the second encrypted packet data and the decryption of the second encryption method. Information and packet data. Then, the decryption unit 304a extracts the payload from the second encrypted packet data and combines them to generate second encrypted data. Then, the decryption unit 304 reads the decryption key (second decryption key) associated with the own device encryption identifier from the decryption key storage unit 301, and applies the decryption key and information related to decryption of the second encryption method. Then, the second encrypted data is decrypted to generate decrypted data.

  Then, the decoding unit 304a combines the packet data supplied from the packet extraction unit 303a with the decoded data to generate compressed encoded content data, and supplies the compressed encoded content data to the compressed encoded content decoding unit 305. .

FIG. 15 is a diagram illustrating a schematic data configuration of a slice layer in a hierarchical data structure of compression-encoded content data. In the figure, slice layer data 60 includes a start code 61, control data 62, and a plurality of macroblocks 63. The start code 61 and the control data 62 are slice layer header information (slice header). The start code 61 is a start code of the slice layer. The control data 62 includes, for example, various attribute information about slices obtained by dividing the frame image. The macro block 63 includes macro block data that is a set of pixels as a variable length code.
According to the figure, the plaintext packet generator 125a detects the start code 61, the control data 62, and data including a predetermined length at the beginning of the variable length code as block data.

Next, the operation of the content distribution system in the second embodiment will be described.
FIG. 16 is a flowchart showing a procedure of processing executed by the encryption server 12a.
In step S91, the data acquisition unit 121a takes in the compressed encoded content data from the content server 11, and supplies the compressed encoded content data to the start code detecting unit 129. In addition, the data acquisition unit 121a takes in control information related to digital broadcasting from, for example, a program organization device, and supplies this control information to the storage unit 122a.

  Next, in step S92, the start code detection unit 129 takes in the compression-encoded content data supplied from the data acquisition unit 121a. Next, the start code detection unit 129 detects the start code of a predetermined data area by analyzing the code string of the compression encoded content data. For example, the start code detection unit 129 detects the start code in each of a plurality of types of data areas from the compression encoded content data, and specifies the position of the start code. Next, the start code detecting unit 129 stores the compression encoded content data and start code position information indicating the position of the start code in each data area in the storage unit 122a.

  Next, in step S93, the plaintext packet generation unit 125a reads the compression-encoded content data and start code position information from the storage unit 122a. Next, the plaintext packet generation unit 125a converts data in a range from the beginning of the compression-encoded content data to the start code position indicated by the start code position information into a transport stream. For example, the plaintext packet generation unit 125a converts data in a range including the start code position in the slice header of the slice layer indicated by the start code position information from the head of the compression-encoded content data into a transport stream. Next, the plaintext packet generator 125 a supplies the transport stream to the start code detector 130.

  Next, in step S94, the start code detection unit 130 takes in the transport stream supplied by the plaintext packet generation unit 125a, detects a start code in a predetermined data area from the transport stream, and determines the position of the start code. The start code position information shown is stored in the storage unit 122a.

  Next, the plaintext packet generation unit 125a reads the compression-encoded content data, start code position information, and control information from the storage unit 122a. Next, the plaintext packet generation unit 125a packet-converts the compression-encoded content data and control information to generate a transport stream. Next, based on the position of the start code indicated by the start code position information, the plaintext packet generation unit 125a extracts at least the first bit of the start code and the variable length code after the start code from the transport stream. The data excluding the code string (block data) including the above is extracted. Next, the plaintext packet generation unit 125a provides a first packet identifier associated with the first encryption method in the packet identifier region of the header portion of each TS packet included in the extracted data, and transport scrambles the header portion. A scramble control value “00” (binary number) indicating “no scramble” is provided in the control area, and plaintext packet data is generated. Next, the plaintext packet generation unit 125 a supplies the plaintext packet data to the packet synthesis unit 126.

  Next, in step S95, the encryption unit 123a, based on the compression encoded content data and the start code information read from the storage unit 122a, block data including a start code and a part of the variable length code in the compression encoded content data. Is encrypted with each of the two types of encryption methods to generate two (two systems) of encrypted data.

  That is, the first encryption unit 123a-1 reads the compression encoded content data and the start code position information from the storage unit 122a. Next, the first encryption unit 123a-1 includes a code string (block data) including, from the compression-encoded content data, a fixed start code and at least the first 1 bit among the variable length codes after the start code. Are extracted to match the payload size of the TS packet. Next, the first encryption unit 123a-1 encrypts the extracted code string using the first encryption method to generate first encrypted data.

  Similarly to the first encryption unit 123a-1, the second encryption unit 123a-2 reads the compressed encoded content data and the start code position information from the storage unit 122a, and generates a code string from the compressed encoded content data. (Block data) is extracted so as to match the payload size of the TS packet. Next, the second encryption unit 123a-2 encrypts the extracted code string with the second encryption method to generate second encrypted data.

  Since the process from step S96 to step S98 is the same as the process from step S33 to step S35 in the first embodiment, the description thereof is omitted here.

FIG. 17 is a flowchart illustrating a procedure of processing executed by the receiving device 30a.
In step S101, the broadcast signal receiving unit 302 takes in a broadcast signal obtained by receiving broadcast radio waves with a receiving antenna connected to the receiving device 30a, for example. Next, the broadcast signal receiving unit 302 obtains a stream by demodulating the broadcast signal, and supplies this stream to the packet extraction unit 303a.

  In step S102, the packet extraction unit 303a takes in the stream supplied from the broadcast signal reception unit 302. Next, the packet extraction unit 303a searches for the simul scramble identifier from the identifier area in the PMT elementary stream loop area included in the stream.

  When the packet extraction unit 303a detects the simul scrambling identifier, the packet extraction unit 303a reads the local device encryption identifier from the decryption key storage unit 301, and extracts the simul scrambling identifier including the same encryption identifier as the local device encryption identifier from the PMT. . Next, the packet extraction unit 303a extracts a packet identifier (in this case, the second packet identifier) and information related to the decryption of the second encryption method from the simul scrambling identifier. Next, the packet extraction unit 303a extracts, from the two encrypted packet data included in the stream, the encrypted packet data in which the second packet identifier is provided in the packet identifier region of the header, that is, the second encrypted packet data. To do. Next, the packet extraction unit 303a extracts the first packet identifier from the elementary packet identifier area in the elementary stream loop area of the PMT. Next, the packet extraction unit 303a, from the two encrypted packet data included in the stream, the first packet identifier is provided in the packet identifier region of the header portion, and “no scramble” is provided in the transport scramble control region of the header portion. Packet data provided with a scramble control value '00' (binary number) indicating "" is extracted. Next, the packet extraction unit 303a supplies the second encrypted packet data, information related to the decryption of the second encryption method, and packet data extracted from the stream to the decryption unit 304a.

  On the other hand, if the packet extraction unit 303a does not detect the simulant scramble identifier from the identifier region in the PMT elementary stream loop region, the packet extraction unit 303a obtains the first packet identifier from the elementary packet identifier region in the PMT elementary stream loop region. Extract. Next, the packet extraction unit 303a extracts, from the two encrypted packet data included in the stream, the encrypted packet data in which the first packet identifier is provided in the packet identifier area of the header part, that is, the first encrypted packet data. To do. Next, the packet extraction unit 303a is provided with a scramble control value '00' (binary number) indicating “no scramble” in the transport scramble control area of the header portion from the plaintext packet data included in the stream, and A first packet identifier is provided in the packet identifier area of the header portion, and packet data is extracted. Next, the packet extraction unit 303a supplies the first encrypted packet data and the packet data extracted from the stream to the decryption unit 304a.

Next, when the packet extraction unit 303a outputs the first encrypted packet data and the packet data in step S103, the decryption unit 304a takes in the first encrypted packet data and the packet data. Next, the decryption unit 304a extracts the payload from the first encrypted packet data and combines them to generate first encrypted data. Next, the decryption unit 304a reads the decryption key (first decryption key) associated with the self-device encryption identifier from the decryption key storage unit 301, and decrypts the first encrypted data using this decryption key. To generate decoded data.
On the other hand, when the packet extraction unit 303a outputs the second encrypted packet data, the information related to the decryption of the second encryption method and the packet data, the decryption unit 304a decrypts the second encrypted packet data and the decryption of the second encryption method. Information and packet data. Next, the decryption unit 304a extracts the payload from the second encrypted packet data and combines them to generate second encrypted data. Next, the decryption unit 304 reads the decryption key (second decryption key) associated with its own device encryption identifier from the decryption key storage unit 301, and obtains the decryption key and information related to decryption of the second encryption method. Apply to decrypt the second encrypted data to generate decrypted data.

  Next, in step S104, the decoding unit 304a combines the packet data supplied from the packet extraction unit 303a with the decoded data to generate compression-encoded content data, and the compression-encoded content decoding is performed on the compression-encoded content data. To the unit 305.

  Next, in step S <b> 105, the compression-encoded content decoding unit 305 decodes the compression-encoded content data into content data, and supplies this content data to the content processing unit 306.

Here, an operation when a receiving device capable of decrypting only encrypted data encrypted by the current encryption method (first encryption method) takes in a stream generated by the encryption server 12a will be described. Since the packet extraction unit included in the conventional receiving apparatus does not recognize the simulant scramble descriptor provided in the descriptor area 2 of the PMT in the elementary stream loop area, the elementary packet is detected without detecting the simulant scramble descriptor. The first packet identifier provided in the identifier area is extracted. Then, the packet extraction unit extracts, from the two encrypted packet data included in the stream, the encrypted packet data in which the first packet identifier is provided in the packet identifier region of the header, that is, the first encrypted packet data. . The packet extraction unit extracts packet data in which the first packet identifier is provided in the packet identifier region of the header from the plaintext packet data in the stream. In addition, the decryption unit included in the conventional receiving apparatus takes in the first encrypted packet data and the packet data from the packet extraction unit. Then, the decryption unit extracts the payload from the first encrypted packet data and combines them to generate the first encrypted data. Then, the decryption unit decrypts the first encrypted data by applying the decryption key possessed by its own device, generates decrypted data, synthesizes the packet data and the decrypted data, and compresses the encoded content data. Is generated.
As described above, the conventional receiving apparatus can obtain the encoded content data by acquiring and decrypting the encrypted data encrypted by the current encryption method even if the stream generated by the encryption server 12a is captured. .

As described above, the encryption server 12a in the second embodiment generates a stream by encrypting block data including information necessary for synchronization in the decoding process of the compression encoded content data. Therefore, the receiving device 30a that does not have the correct decryption key cannot be synchronized in the decryption process and cannot decrypt the compression-encoded content data.
Further, since a part of the variable length code is encrypted by the encryption server 12a, a part of the variable length code is concealed, and the delimiter of the unencrypted variable length code string cannot be specified. Overall safety (confidentiality) can be kept high.
Further, since the encryption server 12a encrypts only the block data of the compression-encoded content data by using two types of encryption methods, the encryption server 12a uses the encoding method rather than encrypting the entire compression-encoded content data by using two types of encryption methods. The amount can be greatly reduced. Therefore, the use band of the transmission line is not compressed.

  The receiving device 30a can generate content data from the stream by taking in the stream generated by the encryption server 12a and decrypting the encrypted packet that can be decrypted by the receiving device 30a.

  Therefore, according to the second embodiment of the present invention, for example, in the switching of the encryption method during the operation of the content distribution service in digital broadcasting, the security (confidentiality) of the encrypted content data is kept high during this switching period, It is possible to reduce the bandwidth consumption of the transmission path in the distribution and realize a mixture of the current encryption method and the new encryption method. Thereby, smooth update and switching of the encryption method of the receiving apparatus can be realized.

In the first embodiment and the second embodiment described above, the encryption servers 12 and 12a include a plurality of second encryption units 123-2 and 123a-2 and a second encrypted packet generation unit 124-2, respectively. Also good. In this case, the plaintext packet generators 125 and 125a perform the Nth packet identifier associated with the Nth encryption method (N ≧ 2), the encryption identifier for identifying the Nth encryption method, and the decryption of the Nth encryption method. N types of simul- scramble descriptors including information related to the information are managed. The Nth encrypted packet generation unit provides the Nth packet identifier in the packet identifier area of the header. The receiving devices 30 and 30a can obtain encrypted packet data that can be decrypted by the receiving device 30 and 30a by extracting from the PMT a simultaneous scramble descriptor corresponding to the own device encryption identifier.
By configuring in this way, in addition to the current encryption method, a plurality of new encryption methods can be introduced at the same time.

  Further, in the first embodiment and the second embodiment described above, the encryption identifier may not be provided in the simul scrambling identifier. In this case, when detecting the simul scrambling identifier from the PMT, the receiving devices 30 and 30a extract the second packet identifier from the simul scrambling identifier, and from the two encrypted packet data in the stream to the packet identifier area of the header. The second encrypted packet data provided with the 2-packet identifier is extracted.

  Moreover, you may make it implement | achieve a part of function of the encryption servers 12 and 12a in each embodiment mentioned above with a computer. In this case, an encryption program for realizing the function is recorded on a computer-readable recording medium, the encryption program recorded on the recording medium is read into the computer system, and the computer system executes the program. It may be realized.

  Moreover, you may make it implement | achieve a part of function of the receivers 30 and 30a in each embodiment with a computer. In this case, the decryption program for realizing the function is recorded on a computer-readable recording medium, and the decryption program recorded on the recording medium is read into the computer system and executed by the computer system. May be.

  The computer system includes an operating system (OS) and peripheral device hardware. The computer-readable recording medium is a portable recording medium such as a flexible disk, a magneto-optical disk, an optical disk, or a memory card, and a storage device such as a magnetic hard disk or a solid state drive provided in the computer system. Furthermore, a computer-readable recording medium dynamically holds a program for a short time, such as a computer network such as the Internet, and a communication line when transmitting a program via a telephone line or a cellular phone network. In addition, a server that holds a program for a certain period of time, such as a volatile memory inside a computer system serving as a server device or a client in that case, may be included. The above encryption program and decryption program may be for realizing a part of the above-described functions, and further, the above-described functions are realized by a combination with a program already recorded in the computer system. It may be a thing.

  As mentioned above, although embodiment of this invention was explained in full detail with reference to drawings, the specific structure is not restricted to that embodiment, The design of the range which does not deviate from the summary of this invention, etc. are included.

DESCRIPTION OF SYMBOLS 1 Content distribution system 10 Broadcast station apparatus group 11 Content server 12, 12a Encryption server 13 Transmission apparatus 14 Network 20 Transmission antenna 30,30-1-30-4,30a Reception apparatus 111 Content acquisition part 112 Encoding rate acquisition part 113 Content compression encoding unit 114 Compression encoded content storage unit 115 Compression encoded content supply unit 121, 121a Data acquisition unit 122, 122a Storage unit 123, 123a Encryption unit 123-1, 123a-1 First encryption unit 123- 2, 123a-2 Second encryption unit 124 Encrypted packet generation unit 124-1 First encryption packet generation unit 124-2 Second encryption packet generation unit 125, 125a Plain text packet generation unit 126 Packet synthesis unit 127 Stream storage Part 128 Stream supply unit 131 stream acquisition unit 132 broadcast signal generation unit 133 broadcast signal transmission unit 301 decryption key storage unit 302 broadcast signal reception unit (stream acquisition unit)
303, 303a Packet extraction unit 304, 304a Decoding unit 305 Compression-encoded content decoding unit 306 Content processing unit

Claims (8)

A data acquisition unit that captures encoded content data;
An encryption unit that encrypts the encoded content data captured by the data acquisition unit using a first encryption method and a second encryption method to generate encrypted data;
The encrypted data generated by the encryption unit is converted into a transport stream, and for each transport stream for each encryption method, the packet identifier area of the header of each transport stream packet is associated with the encryption method An encrypted packet generator for generating encrypted packet data by providing a packet identifier;
A first packet identifier associated with the first encryption scheme is provided in an elementary packet identifier area of a program map table, and descriptor information including a second packet identifier associated with the second encryption scheme is generated. Providing the descriptor information in an elementary stream loop area of the program map table, and generating plaintext packet data including the program map table;
A packet combining unit that generates a stream by combining the encrypted packet data generated by the encrypted packet generation unit and the plaintext packet data generated by the plaintext packet generation unit;
An encryption device comprising: A start code detection unit for detecting a predetermined start code from the encoded content data captured by the data acquisition unit;
The encryption unit encrypts block data including the start code and a part of a variable-length code after the start code in the encoded content data by the first encryption method and the second encryption method, respectively. To generate encrypted data,
The plaintext packet generation unit converts data excluding the block data from the encoded content data into a transport stream, and the first packet is included in a packet identifier area of a header included in each transport stream packet in the transport stream. Generating packet data with an identifier and including the packet data in the plaintext packet data;
The encryption apparatus according to claim 1, wherein: The plaintext packet generation unit includes an encryption identifier for identifying the second encryption method in the descriptor information in association with the second packet identifier.
The encryption apparatus according to claim 1 or 2, characterized in that: The encrypted data obtained by encrypting the encoded content data by the first encryption method and the second encryption method is converted into a transport stream, and each transport stream packet has for each transport stream for each encryption method. Encrypted packet data generated by providing a packet identifier associated with an encryption method in the packet identifier area of the header, and the first packet identifier associated with the first encryption method as an elementary packet identifier of the program map table The program map table provided in a region, generating descriptor information including a second packet identifier associated with the second encryption method, and providing the descriptor information in an elementary stream loop region of the program map table Plaintext packet data generated including A stream acquisition unit for capturing a stream generated by the, synthesis,
The descriptor information is extracted from the elementary stream loop area of the program map table included in the plaintext packet data in the stream captured by the stream acquisition unit, and the second packet identifier is extracted from the descriptor information. A packet extraction unit that extracts the second encrypted packet data in which the second packet identifier is provided in a packet identifier region of a header from the encrypted packet data in the stream;
A decryption unit for decrypting encrypted data included in the second encrypted packet data extracted by the packet extraction unit to generate the encoded content data;
A decoding apparatus comprising: The stream acquisition unit encrypts block data including a predetermined start code and a part of a variable length code after the start code in the encoded content data by the first encryption method and the second encryption method, respectively. Encrypted data obtained by converting to a transport stream, and for each transport stream for each encryption method, a packet identifier associated with the encryption method is provided in the packet identifier area of the header of each transport stream packet The encrypted packet data generated by the above and the data excluding the block data from the encoded content data are converted into a transport stream, and the packet identifier area of the header included in each transport stream packet in the transport stream 1 packet Packet data provided with an identifier is generated, the first packet identifier is provided in an elementary packet identifier area of a program map table, descriptor information including the second packet identifier is generated, and the descriptor information is stored in the program The stream obtained by synthesizing the program map table provided in the elementary stream loop area of the map table and the plaintext packet data generated including the packet data is fetched,
The packet extraction unit extracts the first packet identifier from the elementary packet identifier region of the program map table, and the first packet identifier is provided in a packet identifier region of a header from the plaintext packet data of the stream. Also extract the packet data,
The decryption unit decrypts encrypted data included in the second encrypted packet data to obtain decrypted data, extracts data excluding the block data from the packet data extracted by the packet extraction unit, The decoding apparatus according to claim 4, wherein the encoded content data is generated by combining the decoded data and the data. The descriptor information has an encryption identifier for identifying the second encryption method in association with the second packet identifier,
The packet extraction unit extracts, from the descriptor information, the second packet identifier associated with an encryption identifier that is the same as the own device encryption identifier in advance, and from the encrypted packet data of the stream, The decryption device according to claim 4 or 5, wherein the second encrypted packet data in which the second packet identifier is provided in a packet identifier region of a header is extracted. Computer
A data acquisition unit that captures encoded content data;
An encryption unit that encrypts the encoded content data captured by the data acquisition unit using a first encryption method and a second encryption method to generate encrypted data;
The encrypted data generated by the encryption unit is converted into a transport stream, and for each transport stream for each encryption method, the packet identifier area of the header of each transport stream packet is associated with the encryption method An encrypted packet generator for generating encrypted packet data by providing a packet identifier;
A first packet identifier associated with the first encryption scheme is provided in an elementary packet identifier area of a program map table, and descriptor information including a second packet identifier associated with the second encryption scheme is generated. Providing the descriptor information in an elementary stream loop area of the program map table, and generating plaintext packet data including the program map table;
A packet combining unit that generates a stream by combining the encrypted packet data generated by the encrypted packet generation unit and the plaintext packet data generated by the plaintext packet generation unit;
Encryption program to function as Computer
The encrypted data obtained by encrypting the encoded content data by the first encryption method and the second encryption method is converted into a transport stream, and each transport stream packet has for each transport stream for each encryption method. Encrypted packet data generated by providing a packet identifier associated with an encryption method in the packet identifier area of the header, and the first packet identifier associated with the first encryption method as an elementary packet identifier of the program map table The program map table provided in a region, generating descriptor information including a second packet identifier associated with the second encryption method, and providing the descriptor information in an elementary stream loop region of the program map table Plaintext packet data generated including A stream acquisition unit for capturing a stream generated by the, synthesis,
The descriptor information is extracted from the elementary stream loop area of the program map table included in the plaintext packet data in the stream captured by the stream acquisition unit, and the second packet identifier is extracted from the descriptor information. A packet extraction unit that extracts the second encrypted packet data in which the second packet identifier is provided in a packet identifier region of a header from the encrypted packet data in the stream;
A decryption unit for decrypting encrypted data included in the second encrypted packet data extracted by the packet extraction unit to generate the encoded content data;
Decoding program to function as.

Images