JP2014147086A - Limited reception apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a limited reception apparatus in which a limited reception software can be updated safely at a low cost.SOLUTION: A limited reception apparatus 2 includes separation means 21 for receiving a multiple signal including a CAS software subjected to double security measures via broadcast wave and separating the multiple signal, EMM-RMP decoding means 22, EMM-CAS decoding means 23, ECM-RMP decoding means 24, CAS software decoding means 25 for outputting a CAS software, ECM-CAS decoding means 26, a descrambler 27, a CAS loader 28, and storage means 29. The CAS software operates as at least one of the EMM-RMP decoding means 22, the EMM-CAS decoding means 23, the ECM-RMP decoding means 24, the CAS software decoding means 25, the ECM-CAS decoding means 26 and the descrambler 27.

Description

  The present invention relates to a transmission device that transmits conditional access software to a conditional reception device via a broadcast wave, and a conditional reception device that receives and operates the conditional reception software.

  Conventionally, in digital broadcasting, paid broadcasts that are received only by subscribers, and services such as copyrighted programs can be received by allowing only authorized receivers to receive content such as broadcast programs by eliminating unauthorized receivers. Therefore, a conditional access system (CAS: Conditional Access System) is used.

  In the limited reception system, limited reception is realized by encrypting the content and distributing a decryption key that can be decrypted only to the reception contractor and the regular reception device. At this time, on the receiving device side, in order to safely signal the decryption key transmitted only to the reception contractor or the regular receiving device, the decryption key is signaled in a tamper resistant module such as an IC (Integrated Circuit) card. Processing. The tamper resistant module performs decryption key accumulation and data encryption processing and decryption processing (here, software for realizing this operation is referred to as CAS software).

  This conditional access system is not a problem if it is operated normally, but if the value of the decryption key or the system design is leaked to the outside, the security cannot be ensured and the service operation becomes difficult. On the other hand, when a new service is realized in a conditional access system that has started operation, there are cases in which the conditional access system does not have extensibility, so that the new service cannot be flexibly handled.

  In order to ensure such security and respond flexibly to new services, it is necessary to re-design and switch to a conditional access system that has new decryption keys and performs new encryption and decryption processes. Become. Therefore, there is a demand for a conditional access system that can be updated after operation so that it can flexibly cope with new services.

Based on the above, the prior art regarding the update of the conditional access system will be described.
There is known a tamper-resistant module that can be inserted / removed in order to secure the safety by updating the limited reception system by producing an IC card having a limited reception system designed by a new system and replacing the IC card in operation.

  In addition, a tamper-resistant module that is incorporated into a substrate and cannot be inserted and removed, such as LSI (Large Scale Integration), is known (see, for example, Patent Document 1). The invention described in Patent Document 1 has a configuration in which CAS software is placed in a replaceable memory storage device, and the CAS software is read out by an LSI to realize a conditional access system. Then, the CAS software is updated by replacing the memory storage device.

  Further, a method of updating the CAS software using a communication line such as a telephone line or an Internet connection can be considered.

JP 2005-269578 A

  However, replacing all of the conventional tamper-resistant modules that can be exchanged for all receivers that are subject to digital broadcasting is problematic because replacement costs are a major problem because there are more than 40 million digital broadcast receivers. Not. Further, the invention described in Patent Document 1 is difficult in practice because the problem of the replacement cost of the memory storage device is not solved as in the conventional replaceable tamper-resistant module. Furthermore, since communication lines such as telephone lines and Internet connections are easier to perform fraud using a computer than broadcast waves, it is highly likely that updating CAS software over a communication line is subject to fraud. .

  Accordingly, an object of the present invention is to provide a transmission apparatus and a conditional access apparatus that can update the conditional access software safely and at low cost.

  In order to solve the above-described problem, the transmission device according to the first reference invention is a transmission device that transmits conditional access software that allows only an authorized subscriber to view content to the conditional access device via broadcast waves. A scrambler, a first common information generating means, a transmission data generating means, a second common information generating means, a first individual information generating means, a second individual information generating means, and a multiplexing means. It was set as the structure provided.

  In such a configuration, the transmission apparatus encrypts the content with the scramble key by the scrambler and generates the encrypted content. Further, the transmission device encrypts the scramble key with a contract key that can be decrypted only by the limited reception device of the authorized contractor by using the first common information generating means, and generates the first common information including the scramble key.

  Further, the transmission device encrypts the conditional access software with the master secret key common to the conditional access device by the transmission data generation means, and generates transmission data including the conditional access software. Furthermore, the transmission apparatus encrypts the transmission data by using the common key encryption algorithm by the second common information generation unit, and generates the second common information including the transmission data. As a result, the transmission device can apply double security measures to the conditional access software.

  In addition, the transmission device encrypts the contract key with the master key set for each conditional access device by the first individual information generation unit, and generates the first individual information including the contract key. Further, the transmission device encrypts the transmission path protection key transmitted to all the limited reception apparatuses using the common key encryption algorithm by the second individual information generation means, and obtains the second individual information including the transmission path protection key. Generate.

  Then, the transmission apparatus multiplexes the encrypted content, the first common information, the second common information, the first individual information, and the second individual information by the multiplexing unit, and generates a multiplexed signal, The multiplexed signal is transmitted to the conditional access device. As a result, the multiplexing means can transmit the conditional access software on which double security measures have been taken to the conditional access apparatus via the broadcast wave.

  A transmission apparatus according to a second reference invention is characterized in that, in the transmission apparatus according to the first reference invention, the transmission data generation means comprises transmission data division means, signature value addition means, and transmission data encryption means. To do.

  In such a configuration, the transmission apparatus divides the conditional access software into a predetermined size by the transmission data dividing means. Further, the transmission device adds a signature value to the divided conditional access software, the version number information of the conditional access software, and the identifier of the conditional access software using a preset secret key by the signature value adding means. . As a result, the conditional access device can verify whether the received conditional access software has been transmitted from an authenticated transmission device.

  Then, the transmission apparatus encrypts the limited reception software to which the signature value is added, the version number information, and the identifier with the master secret key by the transmission data encryption unit.

  A transmission apparatus according to a third reference invention is the transmission apparatus according to the second reference invention, wherein the transmission data generation means includes forward error correction code addition means.

  In such a configuration, the transmission apparatus adds the forward error correction code to the conditional access software divided by the transmission data division means by the forward error correction code addition means. As a result, the conditional access apparatus can cope with a case where the reception environment is not stable and a code error occurs.

  A transmitting apparatus according to a fourth reference invention is the transmitting apparatus according to the third reference invention, wherein the multiplexing means operates on the limited reception apparatus, version number instruction information indicating a version number of limited reception software to be operated by the limited reception apparatus. The identifier specifying information indicating the identifier of the conditional access software to be inserted is inserted into the program sequence information, and a multiplexed signal including the program sequence information is generated.

  In such a configuration, the transmission device includes the version number instruction information and the identifier instruction information in program arrangement information such as PSI (Program Specific Information) or SI (Service Information) by the multiplexing means. This identifier instruction information can be set to a different value for each business operator.

  In addition, in order to solve the above-described problem, the conditional access apparatus according to the present invention receives a multiplexed signal including limited reception software from a transmission apparatus via a broadcast wave, and only the authorized contractor uses the limited reception software. Is a conditional access apparatus that enables viewing of content, and includes a separation means, a transmission path protection key output means, a first individual information decryption means, a second common information decryption means, a conditional access software decryption means, 1 common information decoding means and a descrambler.

  In such a configuration, the conditional access device uses, as the transmission data, the conditional access software including the encrypted content included in the multiplexed signal received from the transmission device, the first common information including the scramble key that encrypted the content, and the transmission data. The second common information including the first individual information including the contract key that can be decrypted only by the limited reception device of the authorized subscriber, and the information including the transmission path protection key transmitted to all the limited reception devices To do. As a result, the separating means receives the multiplexed signal including the limited reception software on which the double security measures are applied via the broadcast wave, and separates it.

  Further, the conditional access apparatus decrypts the information including the transmission path protection key separated by the separating means by the transmission path protection key output means by a common key encryption algorithm using a master key shared by the transmission apparatus and the limited reception apparatus, Output the transmission path protection key. Further, the limited receiving apparatus decrypts the first individual information separated by the separating means by the first individual information decrypting means with the master key set for each limited receiving apparatus, and outputs the contract key.

  Also, the conditional access apparatus decrypts the second common information separated by the separating means by the second common information decrypting means with the transmission path protection key output by the transmission path protection key output means, and outputs transmission data. Further, the conditional access apparatus decrypts the transmission data output from the second common information decryption means by the conditional access software decryption means with the master secret key common to the conditional access apparatus, and outputs the conditional access software. As a result, the conditional access apparatus can decrypt the conditional access software that has been encrypted using two keys, ie, the master secret key and the transmission path protection key.

  Further, the conditional access apparatus decrypts the first common information separated by the separating means by the first common information decrypting means with the contract key output by the first individual information decrypting means, and outputs a scramble key. Further, the conditional access apparatus decrypts the encrypted content separated by the separating means by the descrambler with the scramble key output by the first common information decrypting means, and outputs the contents. As a result, the conditional access device allows only authorized subscribers to view the content.

  In the conditional access device, the conditional access software includes at least one of a transmission path protection key output unit, a first individual information decryption unit, a second common information decryption unit, a conditional access software decryption unit, a first common information decryption unit, and a descrambler. It operates as either one. As a result, the conditional access device can receive the conditional access software from the transmission device via the broadcast wave, and can decode and operate the received conditional access software.

  A conditional access apparatus according to a fifth reference invention is the conditional access apparatus according to the present invention, wherein the conditional access software decryption means comprises transmission data decryption means, signature value verification means, and writing means. .

  In such a configuration, the conditional access device includes the conditional access software to which a signature value is added using a secret key preset in the transmission device as transmission data by the transmission data decrypting means, and version number information of the conditional access software, The identifier of the conditional access software is decrypted with the master secret key.

  The conditional access apparatus verifies whether the signature value is correct or not based on the public key included in the predetermined public key certificate and corresponding to the private key by the signature value verification means. The public key certificate is transmitted by being included in the multiplexed signal by the transmission device, or stored in advance in the conditional access device. Further, the conditional access apparatus writes the conditional access software into the storage means when the signature value is correct by the writing means. Thus, the conditional access device stores only the conditional access software transmitted from the authenticated transmission device in the storage means.

  The conditional access apparatus according to the sixth reference invention is the conditional access apparatus according to the fifth reference invention, wherein the separating means includes version number instruction information indicating a version number of the conditional access software to be operated by the conditional access apparatus from the multiplexed signal, Separating program arrangement information into which identifier indication information indicating an identifier of conditional access software to be operated by the conditional access device is inserted, the storage means stores plural conditional access software having different version number information and identifiers, and version number It further comprises reading means for reading and operating the conditional access software having version number information that matches the instruction information and an identifier that matches the identifier instruction information from the storage means.

  In such a configuration, the conditional access device can instruct the transmission device to operate the conditional access software having arbitrary version number information and an identifier.

  The conditional access apparatus according to the seventh reference invention is the conditional access apparatus according to the sixth reference invention, wherein conditional access software having version number information matching the version number instruction information and an identifier matching the identifier instruction information is stored in the storage means. When not stored, or when the read conditional access software does not operate normally, the reading means has conditional reception having version number information older than the version number instruction information and having an identifier that matches the identifier instruction information. Software is read from the storage means and operated.

  In this configuration, the conditional access apparatus operates the old version of the conditional access software even when there is no conditional access software having version number information and an identifier indicated by the transmission apparatus or even when the read conditional access software does not operate. be able to.

  The limited receiving apparatus according to the eighth reference invention is the limited receiving apparatus according to the seventh reference invention, wherein the version number information does not match the version number instruction information and the identifier does not match the identifier instruction information, The operation of reading the received software from the storage means is stopped.

  In such a configuration, the conditional access apparatus can prevent unauthorized conditional access software having version number information and an identifier that do not match the version number instruction information and the identifier instruction information from operating.

  The limited reception device according to the ninth reference invention is the limited reception device according to any of the fourth reference invention to the eighth reference invention, using master key generation data having a data length longer than the key length of the master key, Master key generation means for generating a master key is further provided.

  In such a configuration, the conditional access apparatus can update the master key without exchanging hardware or transmitting / receiving the master key via a broadcast wave or a communication line.

  The limited reception device according to the tenth reference invention uses master secret key generation data having a data length longer than the key length of the master secret key in the limited reception device according to any of the fourth reference invention to the ninth reference invention. And a master secret key generating means for generating a master secret key.

  In such a configuration, the conditional access apparatus can update the master secret key without exchanging hardware or transmitting / receiving the master secret key via a broadcast wave or a communication line.

  The conditional access apparatus according to the eleventh reference invention is the conditional reception apparatus according to any of the fourth reference invention to the tenth reference invention, wherein the conditional access software decryption means is a key longer than the master key, the transmission path protection key and the contract key. It is characterized by using a long master secret key.

  In such a configuration, the conditional access apparatus makes the encryption strength of the transmission data including the conditional access software higher than the encryption strength of the first common information, the second common information, the first individual information, and the second individual information.

According to the present invention, the following excellent effects can be obtained.
According to the first reference invention, in order to transmit conditional access software with double security measures via broadcast waves, the limited reception software is safe and low cost without replacing hardware. Can be updated.

  According to the second reference invention, in the conditional access device, since it is possible to verify whether or not the conditional access software is transmitted from an authenticated transmission device, unauthorized conditional access software is transmitted to the conditional access device. However, it is possible to prevent a situation in which this is erroneously operated.

  According to the third reference invention, even when the reception environment is not stable, the reception efficiency of the conditional access software in the conditional access apparatus is improved.

  According to the fourth reference invention, in order to insert the version number instruction information and the identifier instruction information into the program arrangement information, the conditional access software to be operated can be instructed to the conditional access device, and update management of the conditional access software can be performed. It becomes easier to do. Further, according to the fourth reference invention, if different values are set for each provider in the identifier instruction information, the update timing of the conditional access software can be changed for each business operator, and the conditional access software needs to be updated collectively. Disappears.

  According to the present invention, in order to receive conditional access software with double security measures via broadcast waves, the conditional access software is updated safely and at low cost without replacing hardware. it can.

  According to the fifth reference invention, since it is possible to verify whether or not the received conditional access software is transmitted from an authenticated transmission device, it is possible to prevent a situation in which unauthorized conditional access software is erroneously operated. it can.

  According to the sixth reference invention, since the transmission apparatus can instruct the operation of conditional access software having arbitrary version number information and an identifier, update management of conditional access software is facilitated. Further, according to the sixth reference invention, if different values are set for each provider in the identifier instruction information, the update timing of the conditional access software can be changed for each business operator, and the conditional access software needs to be updated collectively. Disappears.

  According to the seventh reference invention, even when a problem occurs, an old version of conditional access software can be operated, so that it is possible to prevent a situation in which content cannot be viewed without the conditional access software operating.

  According to the eighth reference invention, since it is possible to prevent the unauthorized conditional access software having version number information and an identifier that do not match the version number instruction information and the identifier instruction information from operating, it is possible to prevent fraud. .

  According to the ninth reference invention, the master key can be updated without exchanging hardware or transmitting / receiving the master key via a broadcast wave or a communication line, so that the increase in cost can be suppressed and the safety can be further increased. .

  According to the tenth reference invention, the master secret key can be updated without exchanging hardware or transmitting / receiving the master secret key via a broadcast wave or a communication line. Can be high.

  According to the eleventh reference invention, the encryption strength of the transmission data including the conditional access software is higher than the encryption strength of the first common information, the second common information, the first individual information, and the second individual information. The security of conditional access software can be ensured while reducing the load of decryption processing of information and the like.

7 is a block diagram of a transmission apparatus according to Reference Example 1. FIG. It is a block diagram which shows the structure of the transmission data production | generation means of FIG. It is a data structure figure which shows the format of the transmission data in the reference example 1. It is a data structure figure which shows the format of the version number instruction information in the reference example 1. It is a data structure figure which shows the format of the identifier instruction | indication information in the reference example 1. FIG. 3 is a flowchart illustrating an operation of the transmission device in FIG. 1. It is a block diagram of the conditional access apparatus which concerns on 1st Embodiment of this invention. It is a sequence diagram which shows the update timing of the CAS software in this invention. It is a flowchart which shows operation | movement of the conditional access apparatus of FIG. 10 is a block diagram of a transmission device according to Reference Example 2. FIG. It is a block diagram of the transmission apparatus which concerns on the reference example 3. FIG. It is a block diagram of the conditional access apparatus which concerns on 2nd Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings as appropriate. In each embodiment, means having the same function and the same member are denoted by the same reference numerals, and description thereof is omitted.

(Reference Example 1)
[Configuration of transmitter]
With reference to FIG. 1, the structure of the transmission apparatus which concerns on the reference example 1 is demonstrated. FIG. 1 is a block diagram of a transmission apparatus according to Reference Example 1.

  1 includes a scrambler 11, an ECM-CAS generation unit (first common information generation unit) 12, a transmission data generation unit 13, and an ECM-RMP generation unit (second common information generation unit) 14. And EMM-CAS generation means (first individual information generation means) 15, EMM-RMP generation means (second individual information generation means) 16, and multiplexing means 17.

  In FIG. 1, Ks is a scramble key, Kw is a contract key, Kp is a transmission path protection key, and Km is a master key. Also, Ct is content, Sct is encrypted content, ECM-CAS is first common information, ECM-RMP is second common information, EMM-CAS is first individual information, and EMM-RMP is second individual information. Show. Further, CAS indicates conditional access software, CAS-Ver indicates version number information, and CAS-ID indicates an identifier. The CAS software corresponds to the conditional access software described in the claims.

  The scrambler 11 encrypts content (Ct) with a scramble key (Ks) and generates encrypted content (Sct). Here, the scrambler 11 encrypts (scrambles) the content (Ct) input from the outside using MULTI 2 or AES, and outputs the generated encrypted content (Sct) to the multiplexing means 17.

  The ECM-CAS generation means 12 encrypts the scramble key (Ks) with the contract key (Kw) that can be decrypted only by the limited reception device (not shown) of the authorized subscriber, and the first common information including the scramble key (Ks). (ECM-CAS) is generated. Here, the ECM-CAS generating unit 12 generates first common information (ECM-CAS) having an ECM (Entlement Control Message) structure defined by MPEG (Moving Picture Experts Group) 2-Systems, and a multiplexing unit. 17 to output.

  For the scramble key (Ks), for example, a common key encryption algorithm is used. For example, a common key encryption algorithm is used for the contract key (Kw) assigned to each service (content).

  The transmission data generation means 13 encrypts CAS software (CAS) with a master secret key common to all conditional access apparatuses, and generates transmission data including CAS software (CAS). Hereinafter, the details of the transmission data generating means 13 will be described with reference to FIG. FIG. 2 is a block diagram showing the configuration of the transmission data generating means of FIG.

  As shown in FIG. 2, the transmission data generating unit 13 includes a transmission data dividing unit 13a, a forward error correction code adding unit 13b, a signature value adding unit 13c, and a transmission data encryption unit 13d. Kms is a master secret key, Kps is a secret key, and PKC is a public key certificate.

  The transmission data dividing unit 13a divides the CAS software (CAS) into a predetermined size, for example, about 4 kilobytes (hereinafter, the divided CAS software may be abbreviated as “divided data”). is there.). Then, the divided data is inserted into the second common information and transmitted to the conditional access device. As described above, the transmission device 1 divides and transmits the CAS software (CAS), thereby improving the reception efficiency of the CAS software (CAS) in the limited reception device that does not always receive the broadcast wave. be able to.

The forward error correction code adding means 13b adds a forward error correction code to the CAS software (CAS) divided by the transmission data dividing means 13a. Here, the forward error correction code adding means 13b uses the FEC (Forward Error Correction) method as the forward error correction code method. As described above, when the forward error correction code adding means 13b adds the forward error correction code to the divided data, the reception environment is not stable, such as terrestrial digital broadcasting for mobile objects, and a code error occurs. However, the reception efficiency of CAS software (CAS) can be improved. When the reception environment is stable, the forward error correction code adding unit 13b may not add the forward error correction code to the divided data.

  The signature value adding means 13c is preset in CAS software (CAS) to which a forward error correction code is added, CAS software version number information (CAS-Ver), and CAS software identifier (CAS-ID). A signature value is added using a secret key (Kps). Here, the signature value adding unit 13c merges the divided data to which the forward error correction code adding unit 13b has added the forward error correction code, the version number information (CAS-Ver), and the identifier (CAS-ID). Then, the signature value adding unit 13c digitally signs the merged data using a private key (Kps), for example, by PKI (Public Key Infrastructure), and gives a signature value.

  At this time, the signature value adding unit 13c may attach a public key certificate (PKC) including a public key corresponding to the secret key (Kps) to the merged data. On the other hand, when the transmission band is narrow, since the data size of the public key certificate is large and there is a high possibility that the transmission band is compressed, the public key certificate (PKC) is stored in advance in the conditional access apparatus.

  For the public key corresponding to the secret key (Kps) and the secret key, for example, a public key encryption algorithm such as RSA is used. The signature value is generated using, for example, a public key encryption algorithm such as RSA and a SHA (Secure Hash Algorithm) hash function.

  The transmission data encryption means 13d encrypts the CAS software (CAS) to which the signature value is added, the version number information (CAS-Ver), and the identifier (CAS-ID) as transmission data with the master secret key (Kms). To do. Here, the transmission data encryption unit 13 d outputs the encrypted transmission data to the ECM-RMP generation unit 14.

  The master secret key (Kms) is a key for encrypting and decrypting the CAS software (CAS). For the master secret key (Kms), for example, a common key encryption algorithm is used. Further, the transmission apparatus 1 stores a master secret key (Kms) common to all conditional access apparatuses in a tamper-resistant module or HDD (Hard Disk Drive) (not shown).

  Hereinafter, the format of transmission data will be described with reference to FIG. FIG. 3 is a data structure diagram showing a format of transmission data in the present invention. The transmission data generation means 13 generates transmission data in a format as shown in FIG.

  As shown in FIG. 3, the item “data length” has a byte length of 2 bytes and stores the data length of the transmission data. The item “ID” has a byte length of 1 byte and stores an identifier. The item “version number” has a byte length of 1 byte and stores version number information. The item “number of divisions” stores the number of blocks obtained by dividing the CAS software with a byte length of 3 bytes.

  In addition, the item “number of blocks” stores information on the byte number of 3 bytes and the number of divided blocks. The item “block size” has a byte length of 1 byte and stores the size (size) of the block. The item “block data” has a byte length of up to 256 bytes and stores data of the block. Further, the item “signature data” has a byte length of 128 bytes and stores a signature value to be described later.

Hereinafter, returning to FIG. 1, the description of the configuration of the transmission device 1 will be continued.
The ECM-RMP generating unit 14 encrypts transmission data with a transmission path protection key (Kp) transmitted to all conditional access apparatuses, and generates second common information (ECM-RMP) including the transmission data. . Here, the ECM-RMP generating unit 14 generates second common information (ECM-RMP) having an ECM structure defined by MPEG2-Systems, and outputs the second common information to the multiplexing unit 17.

  For the transmission path protection key (Kp), for example, a common key encryption algorithm is used. Further, the first common information (ECM-CAS) and the second common information (ECM-RMP) may include information related to the content (program information) and information related to availability of viewing in the conditional access apparatus that has received the content.

  The EMM-CAS generation unit 15 encrypts the contract key (Kw) with the master key (Km) set for each conditional access apparatus, and generates first individual information (EMM-CAS) including the contract key (Kw). Is. Here, the EMM-CAS generating unit 15 generates first individual information (EMM-CAS) having an EMM (Entitlement Management Message) structure defined by MPEG2-Systems and outputs the first individual information (EMM-CAS) to the multiplexing unit 17. Further, the EMM-CAS generation unit 15 may include a limited reception device ID unique to each limited reception device in the first individual information.

  The master key (Km) is a key for encrypting and decrypting the first individual information (EMM-CAS) and the second individual information (EMM-RMP). The master key (Km) includes, for example, A common key encryption algorithm is used. In addition, the transmission device 1 stores a master key (Km) that is different for each conditional access device in a tamper-resistant module or HDD.

  The EMM-RMP generating means 16 encrypts the transmission path protection key (Kp) with the master key (Km) and generates second individual information (EMM-RMP) including the transmission path protection key (Kp). Here, the EMM-RMP generating unit 16 generates second individual information (EMM-RMP) having an EMM structure defined by MPEG2-Systems and outputs the second individual information to the multiplexing unit 17.

  The multiplexing unit 17 includes the encrypted content (Sct) generated by the scrambler 11, the first common information (ECM-CAS) generated by the ECM-CAS generation unit 12, and the first content generated by the ECM-RMP generation unit 14. 2 common information (ECM-RMP), first individual information (EMM-CAS) generated by the EMM-CAS generation means 15, second individual information (EMM-RMP) generated by the EMM-RMP generation means 16, Is multiplexed to generate a multiplexed signal (MPEG2-TS), and the multiplexed signal (MPEG2-TS) is transmitted to the conditional access apparatus.

  Here, the multiplexing means 17 indicates version number instruction information indicating the version number of the CAS software operated by the conditional access apparatus and the identifier of the CAS software operated by the conditional access apparatus in the MPEG2-TS (Transport Stream) system. The identifier instruction information is inserted into program sequence information (PSI / SI) such as PSI or SI, and a multiplexed signal (MPEG2-TS) including the program sequence information (PSI / SI) is generated.

  Hereinafter, the format of the version number instruction information and the identifier instruction information will be described with reference to FIGS. FIG. 4 is a data structure diagram showing the format of the version number instruction information in the present invention.

  As shown in FIG. 4, the item “data length” has a byte length of 1 byte and stores the data length of the version number instruction information. In addition, the item “version number” stores version number instruction information indicating the version number information of CAS software to be operated by the conditional access apparatus having a byte length of 1 byte.

  FIG. 5 is a data structure diagram showing the format of the identifier instruction information in the present invention. The item “data length” has a byte length of 1 byte and stores the data length of the identifier instruction information. In addition, the item “ID” stores the identifier instruction information indicating the identifier of the CAS software that has a byte length of 1 byte and operates on the conditional access apparatus.

  As described above, in addition to updating the CAS software (CAS) due to safety issues, there are cases where it is desired to update the CAS software (CAS) for the purpose of function expansion. Conventionally, when updating CAS software (CAS), it has been necessary to obtain the consent of all operators using the conditional access system. However, there may be cases where new costs are incurred or the business model under operation is affected. It is difficult to unify the opinions of all operators, and it is actually difficult to update the CAS software (CAS) in a batch. .

  Therefore, the transmission device 1 can update the CAS software (CAS) for each business operator by using a different identifier (CAS-ID) for each business operator, that is, different CAS software (CAS) depending on the business operator. It becomes possible to operate. The setting of the identifier (CAS-ID) is not limited to this, and the same value may be set by a plurality of operators.

  Further, although the transmission apparatus 1 has been described as an independent apparatus, a general computer can be operated by a program that functions as each of the above-described units. This program may be distributed via a communication line, or may be distributed by writing in a recording medium such as a CD-ROM or a flash memory.

  As described above, the transmission apparatus 1 has limited reception software (CAS) encrypted using two keys, ie, a master secret key (Kms) and a transmission path protection key (Kp), that is, a double security measure. Since the applied limited reception software (CAS) is transmitted via broadcast waves, the CAS software (CAS) can be updated safely and at low cost.

[Transmission Device Operation]
Hereinafter, the operation of the transmission apparatus 1 will be described with reference to FIG. 6 (see FIG. 1 as appropriate). FIG. 6 is a flowchart showing the operation of the transmission apparatus of FIG.

  First, the transmitting apparatus 1 encrypts the content (Ct) with the scramble key (Ks) by the scrambler 11, and generates the encrypted content (Sct) (step S1). In addition, the transmitting apparatus 1 encrypts the scramble key (Ks) with the contract key (Kw) that can be decrypted only by the limited reception apparatus of the authorized contractor by the ECM-CAS generation unit 12, and includes the scramble key (Ks). 1 common information (ECM-CAS) is generated (step S2). Further, the transmission device 1 encrypts the CAS software (CAS) with the master secret key (Kms) common to the limited reception device by the transmission data generation means 13, and generates transmission data including the CAS software (CAS) (step). S3).

  Subsequent to step S3, the transmission device 1 encrypts transmission data with the transmission path protection key (Kp) transmitted to all the limited reception devices by the ECM-RMP generation unit 14, and the second common information including the transmission data. (ECM-RMP) is generated (step S4). In addition, the transmitting apparatus 1 encrypts the contract key (Kw) with the master key (Km) set for each conditional access apparatus by the EMM-CAS generation unit 15 and first individual information including the contract key (Kw) ( EMM-CAS) is generated (step S5). In addition, the transmission apparatus 1 encrypts the transmission path protection key (Kp) with the master key (Km) by the EMM-RMP generation means 16 and includes the second individual information (EMM-RMP) including the transmission path protection key (Kp). Is generated (step S6).

  Further, the transmission apparatus 1 uses the multiplexing unit 17 to encrypt the content (Sct), the first common information (ECM-CAS), the second common information (ECM-RMP), and the first individual information (EMM- CAS) and second individual information (EMM-RMP) are multiplexed to generate a multiplexed signal (MPEG2-TS), and the multiplexed signal (MPEG2-TS) is transmitted to the conditional access apparatus. At this time, the transmitter 1 may insert the version number instruction information and the identifier instruction information into the program arrangement information (PSI / SI) by the multiplexing means 17 to generate a multiplexed signal including the program arrangement information ( Step S7).

(First embodiment)
[Configuration of conditional access device]
With reference to FIG. 7, the structure of the conditional access apparatus which concerns on 1st Embodiment of this invention is demonstrated. FIG. 7 is a block diagram of the conditional access apparatus according to the first embodiment of the present invention. In FIG. 7, functional blocks (means) operable as CAS software are indicated by broken lines.

  7 includes a separating unit 21, an EMM-RMP decoding unit (transmission path protection key output unit) 22, an EMM-CAS decoding unit (first individual information decoding unit) 23, and an ECM-RMP decoding. Means (second common information decoding means) 24, CAS software decoding means 25, ECM-CAS decoding means (first common information decoding means) 26, descrambler 27, CAS loader (reading means) 28, storage Means 29.

  Separating means 21 includes a first common including an encrypted content (Sct) included in a multiplexed signal (MPEG2-TS) received from a transmission device (not shown) and a scramble key (Ks) obtained by encrypting the content (ct). Information (ECM-CAS), transmission data including second common information (ECM-RMP) including CAS software (CAS), and a contract key (Kw) that can be decrypted only by the limited reception device 2 of the authorized contractor The first individual information (EMM-CAS) is separated from the second individual information (EMM-RMP) including the transmission path protection key (Kp) transmitted to all the conditional access apparatuses 2.

  Here, the multiplexed signal is multiplexed by the MPEG2-TS system, and includes program arrangement information (PSI / SI) such as PSI or SI into which version number instruction information and identifier instruction information are inserted. In this case, the separating means 21 separates the program arrangement information (PSI / SI) from the multiplexed signal (MPEG2-TS) and outputs the program arrangement information (PSI / SI) to the CAS loader 28.

  The EMM-RMP decryption means 22 decrypts the second individual information (EMM-RMP) separated by the separation means 21 with a preset master key (Km) and outputs a transmission path protection key (Kp). is there. Here, the conditional access apparatus 2 stores the master key (Km) paired with the exclusive master key (Km) stored in the transmission apparatus 1 in advance in the storage means 29 or a tamper resistant module (not shown). Remember it.

  The EMM-CAS decrypting unit 23 decrypts the first individual information (EMM-CAS) separated by the separating unit 21 with the master key (Km) and outputs a contract key (Kw). Here, the EMM-CAS decoding means 23 compares the conditional access apparatus ID included in the first individual information (EMM-CAS) with the own terminal ID preset in the storage means 29, and addresses the own terminal. It is determined whether it is the first individual information. Then, in the case of the first individual information (EMM-CAS) addressed to the own terminal, that is, only when the conditional access apparatus ID and the own terminal ID match, this is decrypted with the master key (Km). In this way, the contract key (Kw) cannot be decrypted by the limited receiving device 2 other than the authorized contractor.

  The ECM-RMP decrypting unit 24 decrypts the second common information (ECM-RMP) separated by the separating unit 21 with the transmission path protection key (Kp) output by the EMM-RMP decrypting unit 22, and converts the transmission data to CAS. This is output to the software decryption means 25.

  The CAS software decryption means 25 decrypts the transmission data output by the ECM-RMP decryption means 24 with a preset master secret key (Kms), outputs CAS software (CAS), and writes it in the storage means 29. is there.

  Here, the first common information (ECM-CAS), the second common information (ECM-RMP), the first individual information (EMM-CAS) and the second individual information (mainly providing the function as the conditional access apparatus 2) Even if a technology capable of illegally releasing the EMM-RMP code is leaked, it can be dealt with by upgrading the CAS software (CAS). However, simultaneously with these technologies, a problem arises when a technology that can illegally release the encryption of CAS software (CAS) leaks. Therefore, the security of the first common information (ECM-CAS) and the security of the CAS software need to be managed independently.

  For this reason, the CAS software decryption means 25 has higher encryption strength of the CAS software (CAS) than encryption strength of the first common information (ECM-CAS), specifically, a master key (Km), a transmission path protection key. A master secret key (Kms) having a key length longer than (Kp) and the contract key (Kw) is used. For example, the key length of the master key (Km), the transmission path protection key (Kp), and the contract key (Kw) is 64 bits, and the key length of the master secret key (Kms) is 128 bits.

  As described above, the conditional access apparatus 2 minimizes the influence of a decrease in the decryption processing speed and an increase in power consumption due to the use of a master key (Km) having a long key length, and the first common information (ECM). -Ensuring safety when sending / receiving CAS software (CAS) via broadcast waves by increasing the strength of the master secret key (Kms) for emergency situations where security is broken, such as (CAS) Can do.

  Further, as shown in FIG. 7, the CAS software decrypting unit 25 includes a transmission data decrypting unit 25a, a signature value verifying unit 25b, a writing unit 25c, and a certificate verifying unit 25d.

  The transmission data decrypting means 25a includes, as transmission data, CAS software (CAS) to which a signature value is added using a secret key preset in the transmission apparatus, CAS software version number information (CAS-Ver), and CAS. The software identifier (CAS-ID) is decrypted with the master secret key (Kms). Here, the limited receiving apparatus 2 stores the same master secret key (Kms) as that of the transmitting apparatus 1 in advance in the storage means 29 or a tamper resistant module (not shown).

  The certificate verification unit 25d verifies whether the public key certificate attached to the transmission data decrypted by the transmission data decryption unit 25a is authenticated by the certificate authority. In this case, the conditional access device 2 stores a root public key certificate (RPKC) in advance. The certificate verification unit 25d verifies the public key certificate attached to the transmission data using the root public key certificate (RPKC), and only when the public key certificate is authenticated by the certificate authority. The signature value is verified by the signature value verification means 25b.

  When the transmitting device stores the public key certificate in advance in the conditional access device 2 without attaching the public key certificate to the transmission data, the conditional access device 2 does not include the certificate verification means 25d, and the root public key certificate. It is not necessary to verify the public key certificate using (RPKC).

  The signature value verification unit 25b is included in the public key certificate attached to the transmission data decrypted by the transmission data decryption unit 25a or the public key certificate stored in advance, and based on the public key corresponding to the private key, This verifies whether the signature value added to the CAS software (CAS) is correct. Further, the signature value verification unit 25b outputs the transmission data to the writing unit 25c when the signature value is correct.

  The writing unit 25c writes CAS software (CAS) in the storage unit 29 when the signature value is correct, that is, when the signature value verification result by the signature value verification unit 25b is correct. Here, when the CAS software included in the transmission data is divided, the writing unit 25c concatenates the items “block data” in the order of the item “block number” of the transmission data, and stores it in the storage unit 29 as CAS software. Write. Further, the writing unit 25c writes the item “version number” and the item “ID” of the transmission data in the storage unit 29 together with the CAS software (see FIG. 3).

  Further, when the forward error correction code is added to the divided CAS software (CAS), the writing unit 25c uses the forward error correction code to recover the packet loss of the divided CAS software (CAS). To the storage means 29.

  The ECM-CAS decrypting means 26 decrypts the first common information (ECM-CAS) separated by the separating means 21 with the contract key (Kw) output by the first individual information decrypting means 23, and the first common information ( The scramble key (Ks) included in the ECM-CAS) is output to the descrambler 27.

  The descrambler 27 decrypts the encrypted content (Sct) separated by the separating unit 21 with the scramble key (Ks) output by the ECM-CAS decrypting unit 26 and outputs the content (Ct).

  The storage means 29 is, for example, an HDD, and stores a plurality of CAS software having different version number information (CAS-Ver) and identifiers (CAS-ID). That is, the CAS software (CAS) can be read from the storage unit 29 using the version number information (CAS-Ver) and the identifier (CAS-ID) as keys.

  The CAS loader 28 matches the version number information (CAS-Ver) that matches the version number instruction information included in the program arrangement information (PSI / SI) output by the separating means 21 and the identifier instruction information included in the program arrangement information. CAS software (CAS) having an identifier (CAS-ID) to be read is read out from the storage means 29 and operated.

  The CAS software (CAS) read by the CAS loader 28 includes EMM-RMP decoding means 22, EMM-CAS decoding means 23, ECM-RMP decoding means 24, CAS software decoding means 25, and ECM-CAS decoding means 26. It operates as at least one of these. That is, by updating the CAS software (CAS), the EMM-RMP decryption unit 22, the EMM-CAS decryption unit 23, the ECM-RMP decryption unit 24, the CAS software decryption unit 25, and the encryption of the ECM-CAS decryption unit 26 The algorithm can be updated.

  Further, the CAS software (CAS) read by the CAS loader 28 may operate as the descrambler 27. In this case, the encryption algorithm of the descrambler 27 can also be updated.

  When a plurality of CAS software (CAS) having the same version number information (CAS-Ver) as the version number instruction information and having the same identifier (CAS-ID) as the identifier instruction information are stored in the storage unit 29 Alternatively, the CAS software (CAS) may not be stored in the storage unit 29. In addition, the CAS software (CAS) may not operate normally after reading. In this case, the CAS loader 28 stores, in the storage unit 29, old CAS software having version number information (CAS-Ver) older than the version number instruction information and having the same identifier (CAS-ID) as the identifier instruction information. If so, the old CAS software is read from the storage means 29 (CAS) and operated.

  The CAS loader 28 also includes version number information (CAS-Ver) and identifier (CAS-ID) included in the transmission data, version number information (CAS-Ver) and identifier (CAS-ID) of CAS software (CAS) to be read. ), And if they are different, it may be determined that fraud has occurred and the operation of reading the CAS software (CAS) may be stopped.

  The CAS loader 28 may read the CAS software (CAS) when the power is turned on, and when switching the CAS software (CAS) for each service (content), the CAS loader 28 reads the CAS software (CAS) when switching the service. Also good.

  Although it has been described that the key length of the master secret key (Kms) is longer than the key length of other keys, the encryption algorithm of the master secret key (Kms) may be made stronger than the encryption algorithm of other keys. good. For example, a high-speed but low-security cryptographic algorithm is used for the other keys, and a low-speed and heavy-load but high-security cryptographic algorithm is used for the master secret key (Kms).

  As described above, the conditional access device 2 is the conditional access software (CAS) encrypted using two keys, ie, the master secret key (Kms) and the transmission path protection key (Kp), that is, a double security measure. Since the conditional access software (CAS) to which is applied is received via a broadcast wave, the conditional access software can be updated safely and at low cost.

[CAS software update timing]
Hereinafter, the update of the CAS software will be described with reference to FIG. FIG. 8 is a sequence diagram showing the update timing of the CAS software in the present invention.

  In STEP 1 of FIG. 8, the CAS software whose version number information is 1 is operated by the conditional access apparatus, and the CAS software whose version number information is 2 is received by the conditional access apparatus. In order to allow as many conditional access devices as possible to receive CAS software whose version number information is 1, STEP 1 is preferably continued for a sufficient period (for example, one year or more).

  In STEP 2, CAS software whose version number information is 1 or 2 is operated by the conditional access apparatus. At this time, the conditional access apparatus that does not store the CAS software whose version number information is 2 operates the CAS software whose version number information is 1, and receives the CAS software whose version number information is 2. For this reason, the transmission apparatus transmits the first common information and the second common information corresponding to the CAS software whose version number information is 1 and 2 simultaneously. Details of the transmission of the version number information simultaneously with the first common information and the second common information corresponding to the CAS software of 1 and 2 will be described later.

  Note that STEP2 is not necessarily required because it is performed in order to smoothly transition from the CAS software whose version number information is 1 to the CAS software whose version number information is 2. However, when CAS software is transmitted, the problem that a security hole occurs in the conditional access device, and whether the CAS software is operating normally in the conditional access device cannot be confirmed. There was a problem. For this reason, STEP 2 is provided so that the service can be returned to the CAS software whose version number information is 1 without stopping the service after the migration to the CAS software whose version number information is 2.

  In STEP 3, the CAS software whose version number information is 2 is operated by the conditional access apparatus, and the reception of the CAS software whose version number information is 2 is stopped. Here, when it is desired that the conditional access apparatus operates the CAS software whose version number information is 3, the conditional reception apparatus receives the CAS software whose version number information is 3.

[Operation of conditional access device]
Hereinafter, the operation of the conditional access apparatus will be described with reference to FIG. 9 (see FIG. 7 as appropriate). FIG. 9 is a flowchart showing the operation of the conditional access apparatus of FIG.

  First, the conditional access device 2 uses the separating means 21 to encrypt the content (Sct) included in the multiplexed signal (MPEG2-TS) received from the transmission device (not shown) and the scramble key obtained by encrypting the content (ct). Only the first common information (ECM-CAS) including (Ks), the second common information (ECM-RMP) including CAS software (CAS) as transmission data, and the limited reception device 2 of the authorized contractor can be decrypted. First individual information (EMM-CAS) including a unique contract key (Kw), and second individual information (EMM-RMP) including a transmission path protection key (Kp) transmitted to all conditional access apparatuses 2 Separate (step S11).

  In addition, following step S11, the conditional access apparatus 2 decrypts the second individual information (EMM-RMP) separated by the separating means 21 by the EMM-RMP decrypting means 22 with a preset master key (Km). The transmission path protection key (Kp) is output (step S12). Further, the conditional access apparatus 2 uses the EMM-CAS decrypting means 23 to decrypt the first individual information (EMM-CAS) separated by the separating means 21 with the master key (Km), and outputs the contract key (Kw). (Step S13).

  Further, following step S13, the conditional access apparatus 2 transmits the second common information (ECM-RMP) separated by the separation means 21 by the ECM-RMP decoding means 24 and outputted by the EMM-RMP decoding means 22. The decryption is performed with the path protection key (Kp), and the transmission data is output to the CAS software decryption means 25 (step S14). Further, the conditional access apparatus 2 uses the CAS software decryption means 25 to decrypt the transmission data output from the ECM-RMP decryption means 24 with a preset master secret key (Kms), and outputs CAS software (CAS). Is written in the storage means 29 (step S15).

  In addition, following step S15, the conditional access apparatus 2 outputs the first common information (ECM-CAS) separated by the separation means 21 by the ECM-CAS decoding means 26, by the first individual information decoding means 23. The decryption is performed using the contract key (Kw), and the scramble key (Ks) included in the first common information (ECM-CAS) is output to the descrambler 27 (step S16). Further, the conditional access device 2 decrypts the encrypted content (Sct) separated by the separating means 21 with the scramble key (Ks) output by the ECM-CAS decrypting means 26 by the descrambler 27, and the contents (Ct) Is output (step S17).

(Reference Example 2)
[Configuration of transmitter]
With reference to FIG. 10, the difference of the configuration of the transmission apparatus according to Reference Example 2 from the transmission apparatus of FIG. 1 will be described. FIG. 10 is a block diagram of a transmission apparatus according to Reference Example 2.

  10 includes a scrambler 11, two ECM-CAS generation units (first common information generation units) 12a and 12b, a transmission data generation unit 13, and two ECM-RMP generation units ( (Second common information generating means) 14a, 14b, EMM-CAS generating means (first individual information generating means) 15, EMM-RMP generating means (second individual information generating means) 16, multiplexing means 17, Is provided.

  The ECM-CAS generation unit 12a uses, for example, a contract key (Kw1) corresponding to the CAS software whose version number information is 1, and uses the contract key (Kw1) corresponding to the CAS software whose version number information is 1 (ECM-CAS ( Ver1)) is generated.

  The ECM-CAS generation unit 12b uses, for example, a contract key (Kw2) corresponding to the CAS software whose version number information is 2, and uses the contract key (Kw2) corresponding to the CAS software whose version number information is 2 (ECM-CAS ( Ver2)) is generated.

  The ECM-RMP generation unit 14a uses, for example, a transmission path protection key (Kp1) corresponding to CAS software whose version number information is 1, and uses the second common information (ECM−) corresponding to CAS software whose version number information is 1. RMP (Ver1)) is generated.

  The ECM-RMP generation unit 14b uses, for example, a transmission path protection key (Kp2) corresponding to the CAS software whose version number information is 2, and uses the second common information (ECM-) corresponding to the CAS software whose version number information is 2. RMP (Ver2)) is generated.

  The ECM-CAS generation unit 12a and the ECM-RMP generation unit 14a correspond to the CAS software whose version number information is 1, and the ECM-CAS generation unit 12b and the ECM-RMP generation unit 14b have version number information of 2. Although it corresponds to CAS software, it is not limited to this.

  For example, the ECM-CAS generation unit 12a and the ECM-RMP generation unit 14a correspond to CAS software whose version number information is 2, and the ECM-CAS generation unit 12b and the ECM-RMP generation unit 14b have version number information 3 It may correspond to CAS software. Furthermore, the transmission apparatus 1B may include three ECM-CAS generation units and three ECM-RMP generation units (not shown) corresponding to the CAS software whose version number information is 1 to 3, respectively. .

  As described above, the transmission apparatus 1B can simultaneously transmit the first common information and the second common information corresponding to two pieces of CAS software (CAS software having version numbers 1 and 2) having different encryption algorithms. That is, the transmission apparatus 1B can operate as shown in STEP 2 of FIG.

(Reference Example 3)
[Configuration of transmitter]
With reference to FIG. 11, the difference of the configuration of the transmission apparatus according to Reference Example 3 from the transmission apparatus of FIG. 10 will be described. FIG. 11 is a block diagram of a transmission apparatus according to Reference Example 3.

  11 includes a scrambler 11, two ECM-CAS generation units (first common information generation units) 12a and 12b, a transmission data generation unit 13, and two ECM-RMP generation units ( (Second common information generating means) 14a, 14b, two EMM-CAS generating means (first individual information generating means) 15a, 15b, EMM-RMP generating means (second individual information generating means) 16a, 16b, And multiplexing means 17.

  The EMM-CAS generation unit 15a supports the first individual information (EMM-CAS (Ver1)) including the contract key (Kw1) corresponding to the CAS software whose version number information is 1, and the CAS software whose version number information is 1. It is generated by encrypting with a master key (Km).

  The EMM-CAS generation unit 15b supports the first individual information (EMM-CAS (Ver2)) including the contract key (Kw2) corresponding to the CAS software whose version number information is 2, and the CAS software whose version number information is 2. It is generated by encrypting with a master key (Km).

  The EMM-RMP generation means 16a uses the second individual information (EMM-RMP (Ver1)) including the transmission path protection key (Kp1) corresponding to the CAS software whose version number information is 1, and the CAS software whose version number information is 1 It is generated by encrypting with a master key (Km) corresponding to.

  The EMM-RMP generating unit 16b uses the second individual information (EMM-RMP (Ver2)) including the transmission path protection key (Kp2) corresponding to the CAS software whose version number information is 2, and the CAS software whose version number information is 2. It is generated by encrypting with a master key (Km) corresponding to.

  In FIG. 11, for the sake of explanation, it is illustrated as one master key (Km). However, the transmission apparatus 1 </ b> C has a master key corresponding to CAS software whose version number information is 1 and version number information 2. It has two master keys (not shown) with a master key corresponding to CAS software. Here, the master key corresponding to the CAS software whose version number information is 1, for example, has a key length of 64 bits. The master key corresponding to the CAS software whose version number information is 2 has, for example, a key length of 128 bits.

  The EMM-CAS generation unit 15a and the EMM-RMP generation unit 16a correspond to the CAS software whose version number information is 1, and the EMM-CAS generation unit 15b and the EMM-RMP generation unit 16b have version number information of 2. Although it corresponds to CAS software, it is not limited to this.

  For example, the EMM-CAS generation unit 15a and the EMM-RMP generation unit 16a correspond to CAS software whose version number information is 2, and the EMM-CAS generation unit 15b and the EMM-RMP generation unit 16b have version number information 3 It may correspond to CAS software. Furthermore, the transmission apparatus 1C may include three EMM-CAS generation units and three EMM-RMP generation units (not shown) corresponding to the CAS software whose version number information is 1 to 3, respectively. .

  As described above, the transmitting apparatus 1C includes the first common information, the second common information, the first individual information, and the second information corresponding to two pieces of CAS software (CAS software having version numbers 1 and 2) having different encryption algorithms. Individual information can be transmitted simultaneously. That is, the transmission apparatus 1C can operate as shown in STEP 2 of FIG.

(Second Embodiment)
[Configuration of conditional access device]
With reference to FIG. 12, the configuration of the conditional access apparatus according to the second embodiment of the present invention will be described while referring to differences from the conditional access apparatus 2 of FIG. FIG. 12 is a block diagram of a conditional access apparatus according to the second embodiment of the present invention.

  The conditional access apparatus 2B of FIG. 12 includes a separation unit 21, an EMM-RMP decryption unit (transmission path protection key output unit) 22, an EMM-CAS decryption unit (first individual information decryption unit) 23, and an ECM-RMP decryption. Means (second common information decoding means) 24, CAS software decoding means 25, ECM-CAS decoding means (first common information decoding means) 26, descrambler 27, CAS loader 28, storage means 29, Master key generation means 30 and master secret key generation means 31 are provided.

  The master key generation means 30 generates a master key (Km) using master key generation data (Seed) having a data length longer than the key length of the master key (Km). For example, when 256-bit master key generation data (Seed) is stored in the storage unit 29 in advance, and the master key generation unit 30 wants to newly generate a 64-bit master key (Km), the master key generation data ( The lower 64 bits of Seed) are used.

  For example, when a 128-bit master key (Km) is newly generated, the lower 128 bits of the master key generation data (Seed) are used. In other words, the data size of the master key generation data (Seed) is increased as the period for securing the safety of the master key (Km) becomes longer.

  The master secret key generation means 31 generates a master secret key (Kms) using master secret key generation data (Seed) having a data length longer than the key length of the master secret key (Kms). Here, the master secret key generation unit 31 generates a master secret key (Kms) using the lower predetermined bits of the master secret key generation data (Seed), similarly to the master key generation unit 30.

  In addition, although the conditional access apparatus 2B has been described as an example in which the master key generation unit 30 and the master secret key generation unit 31 are configured separately, they may be configured integrally. In this case, the master key (Km) and the master secret key (Kms) may be generated from common key generation data.

  In this case, the transmitting device preferably uses the same master key (Km) and master secret key (Kms) as those of the conditional access device 2B. Specifically, the transmission device includes a master key generation unit 30, a master secret key generation unit 31, the same master key generation data as that of the limited reception device 2B, and the same master secret key generation data as that of the limited reception device 2B. Prepare. Then, the transmission device and the conditional access device 2B update the master key and the master secret key in synchronization.

  As described above, the conditional access device 2B can update the master key and the master secret key without exchanging the master key and the master secret key via hardware exchange or broadcast waves and communication lines. The increase can be suppressed and safety can be further increased.

DESCRIPTION OF SYMBOLS 1 Transmitter 1B Transmitter 1C Transmitter 11 Scrambler 12 ECM-CAS generating means (first common information generating means)
12a ECM-CAS generation means (first common information generation means)
12b ECM-CAS generation means (first common information generation means)
13 transmission data generation means 13a transmission data division means 13b forward error correction code addition means 13c signature value addition means 13d transmission data encryption means 14 ECM-RMP generation means (second common information generation means)
14a ECM-RMP generating means (second common information generating means)
14b ECM-RMP generating means (second common information generating means)
15 EMM-CAS generation means (first individual information generation means)
15a EMM-CAS generating means (first individual information generating means)
15b EMM-CAS generation means (first individual information generation means)
16 EMM-RMP generating means (second individual information generating means)
16a EMM-RMP generating means (second individual information generating means)
16b EMM-RMP generating means (second individual information generating means)
17 Multiplexing means 2 Conditional receiver 2B Conditional receiver 21 Separation means 22 EMM-RMP decryption means (transmission path protection key output means)
23 EMM-CAS decoding means (first individual information decoding means)
24 ECM-RMP decoding means (second common information decoding means)
25 CAS software decryption means 25a Transmission data decryption means 25b Signature value verification means 25c Write means 25d Certificate verification means 26 ECM-CAS decryption means (first common information decryption means)
27 Descrambler 28 CAS loader (reading means)
29 Storage means 30 Master key generation means 31 Master secret key generation means

Claims (1)

A limited reception device that receives limited reception software from a transmission device via a broadcast wave, and allows only authorized subscribers to view content by the limited reception software,
The encrypted content included in the multiplexed signal received from the transmission device, the first common information including a scramble key obtained by encrypting the content, the second common information including the conditional access software as transmission data, and the regular First individual information having an EMM structure defined in MPEG that includes a contract key that can be decrypted only by the limited receiver of the contractor, and information including a transmission path protection key transmitted to all of the limited receivers; Separating means for separating,
A transmission path protection key that decrypts the information including the transmission path protection key separated by the separation means by a common key encryption algorithm using a master key shared by the transmission apparatus and the conditional access apparatus, and outputs the transmission path protection key Output means;
First individual information decryption means for decrypting the first individual information separated by the separation means with a master key set for each conditional access device, and outputting the contract key;
Second common information decrypting means for decrypting the second common information separated by the separating means with the transmission path protection key output by the transmission path protection key output means, and outputting the transmission data;
Conditional access software decrypting means for decrypting the transmission data output by the second common information decryption means with the master secret key common to the conditional access device, and outputting the conditional access software;
First common information decryption means for decrypting the first common information separated by the separation means with the contract key output by the first individual information decryption means, and outputting a scramble key included in the first common information;
A descrambler that decrypts the encrypted content separated by the separation unit with the scramble key output by the first common information decryption unit and outputs the content;
The conditional access software includes at least one of the transmission path protection key output means, the first individual information decryption means, the second common information decryption means, the conditional access software decryption means, the first common information decryption means, and the descrambler. A conditional access apparatus that operates as any one of them.

Images