JP2014220800A - Limited reception device and limited reception system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a limited reception device capable of realizing a limited reception method for contents distributed by a plurality of content distribution operators with a viewing contract at one point.SOLUTION: A limited reception device 1C comprises: authorization information acquisition processing means 14 that receives authorization information as a response to an authorization request from an authorization server 5, and stores it in authorization information storage means 15; EMM acquisition processing means 16B that transmits an EMM acquisition request including the authorization information to an EMM server 7B, and acquires an EMM; DRM license acquisition processing means 25 that transmits a license acquisition request including the authorization information to a DRM server 9, and acquires a DRM license; and contract information acquisition means 23 that acquires latest contract information stored in contract information storage means of a limited reception module, and transmits it to the authorization server 5.

Description

  The present invention relates to a conditional access apparatus and a conditional access system that implement a conditional access system.

In recent years, digital broadcasting such as BS digital broadcasting, CS digital broadcasting, and terrestrial digital broadcasting has become widespread, and it is possible to enjoy various services such as high-quality video / audio services, data broadcasting, and interactive services in general homes. It has become.
In such digital broadcasting, a conditional access system (CAS) that scrambles content for the purpose of copyright protection and pay broadcasting, and allows only contracted subscribers to descramble and view the content. (See Patent Documents 1 to 3 and Non-Patent Document 1).

In this limited reception method, only a contractor who has obtained a viewing license (contractor's individual information such as contract information) by a security module (CAS module) installed in the receiving apparatus can view the content. The system that can do is realized. In addition, the viewing license is currently distributed in the EMM (Entitlement Management Message) format defined by STD-B25 of the Radio Industry Association (ARIB).
In the current BS / broadband CS digital broadcasting and terrestrial digital broadcasting, the viewing license in the EMM format is distributed by broadcast waves (Part 1 of Non-Patent Document 1). However, license distribution by broadcast waves has problems in that there is a delay in the reflection of the license and in that the reflection timing of the license cannot be grasped, and the license distribution by communication is effective in an environment where the communication function can be used. On the other hand, in the terrestrial multimedia broadcast of the ISDB-Tmm system, EMM distribution by communication is performed (Non-patent Document 1 Part 4 / Non-patent Document 2 Part 5). However, the mechanism by which the receiving device acquires the viewing license (EMM [individual information]) for limited reception by communication employs a unique protocol for each content distributor that distributes content, and each protocol The corresponding viewing license distribution control is realized.
In addition, even the same content distribution company has a form of distributing EMM by broadcasting and a form of distributing EMM by communication, and content distribution viewing contracts are made by individual contracts.

JP 2009-296667 A JP 2009-267605 A Japanese Patent No. 5113954

The Japan Radio Industry Association, “Access Control Method for Digital Broadcasting Standard ARIB STD-B25 Version 6.2”, September 25, 2012 The Japan Radio Industry Association, “Rules for Broadcasting Terrestrial Multimedia Broadcasting Using Segment-Linked Transmission System, ARIB TR-B33 1.6 Edition”, 2nd volume, March 19, 2013

As described above, in the past, although the individual information of the contractor is distributed by the EMM in the same format, the distribution control of the viewing license is realized by the content distribution company using different protocols between the security module and the server. Therefore, it was not possible to coordinate between the content distribution companies.
For this reason, conventionally, the contractor has to make a contract for each content distribution company individually, and a plurality of troublesome contract procedures have occurred.
In addition, the content distributor must manage the contract status for each viewing license (EMM) distribution form. For example, even the same content distributor must manage licenses individually. did not become.
Further, conventionally, there has been a problem in that maintenance operations and costs have been increased because the receiving apparatus has to be associated with each unique protocol depending on different distribution forms of content distribution providers and viewing licenses.

  The present invention has been made in view of such a problem, and conditional access that can realize a conditional access system for content distributed by a plurality of content distribution companies with a viewing contract in one place. It is an object to provide an apparatus and a conditional access system.

  In order to solve the above-described problem, the conditional access apparatus according to claim 1 includes: a conditional reception apparatus that reproduces content encrypted by CAS or DRM; and an EMM that is individual information for each limited reception apparatus in the CAS. An EMM server to be issued; a DRM server that issues a DRM license that is a license for decrypting the content encrypted by the DRM; and a contractor registration information storage unit that stores contract information for each contractor. The conditional access apparatus in the conditional access system in which the EMM and the authorization server for authorizing the issuance of the DRM license based on contract information are connected via a network, the authorization requesting means, the authorization information receiving means, and the EMM An acquisition unit, a DRM license acquisition unit, and a contract information acquisition unit are provided.

  In such a configuration, the conditional access apparatus requests authorization information for acquiring EMM and DRM licenses necessary for viewing the content from the authorization request means to the authorization server that has made a content viewing contract in advance. Then, the authorization server transmits an authorization response including the viewing authorization information to the conditional access apparatus. Then, the conditional access apparatus receives the authorization response including the authorization information from the authorization server by the authorization information receiving means, and stores the authorization information in the authorization information storage means.

Then, the conditional access apparatus transmits an EMM acquisition request including the authorization information stored in the authorization information storage unit to the EMM server by the EMM acquisition unit, and acquires the EMM. In the EMM server, it is possible to determine whether or not the request is a request from a regular contractor based on the authorization information included in the EMM acquisition request from the conditional access device.
As a result, the conditional access apparatus can view the content encrypted by CAS by the EMM received from the EMM server.

Further, the conditional access apparatus transmits a license acquisition request including the authorization information stored in the authorization information storage unit to the DRM server by the DRM license acquisition unit, and acquires the DRM license.
As a result, the conditional access apparatus can view the content encrypted by the DRM with the DRM license received from the DRM server.

Further, the conditional access apparatus extracts the contract information from the individual information distributed by the EMM by the contract information acquisition means and stores it in the contract information storage means, and from the limited reception module that updates the contract information as the content is viewed. The latest contract information stored in the contract information storage unit is acquired and transmitted to the authorization server as contract information update information.
As a result, for example, contract information such as the number of viewing restrictions that changes depending on content viewing is notified to the authorization server, and the contract information can be newly taken over even when the conditional access apparatus is replaced.

  The conditional access system according to claim 2, a conditional access device that reproduces content encrypted by CAS or DRM, an EMM server that issues an EMM that is individual information for each conditional access device in the CAS, A conditional access system in which a DRM server that issues a DRM license that is a license for decrypting content encrypted by DRM and an authorization server that authorizes the issuance of the EMM and the DRM license are connected via a network. The limited receiving device includes an authorization request unit, an authorization information reception unit, an EMM acquisition unit, a DRM license acquisition unit, and a contract information acquisition unit, and the authorization server includes a contractor registration information storage unit, An authorization request receiving means, an authorization determining means, an authorization information issuing means, a contract information receiving means, an updating means, It was configured to include the.

  In such a configuration, the conditional access system includes an authorization server that preliminarily makes a content viewing contract with authorization information for acquiring EMM and DRM licenses necessary for viewing content by the authorization requesting means of the conditional access device. To request.

The conditional access system receives a request for authorization information by the authorization request receiving means of the authorization server.
Here, the conditional access system is configured to view content based on contract information for viewing content previously performed by the contractor, which is stored in the contractor registration information storage unit by the authorization determination unit of the authorization server. Determine authorization and generate authorization information.
Then, the conditional access system transmits the authorization information generated by the authorization determination means to the conditional access device by the authorization information issuing means of the authorization server.

Then, the conditional access system receives an authorization response including authorization information from the authorization server by the authorization information receiving means of the conditional access device, and stores the authorization information in the authorization information storage means. Then, the conditional access system acquires an EMM by sending an EMM acquisition request including the authorization information stored in the authorization information storage means to the EMM server by the EMM acquisition means of the conditional access device.
As a result, the conditional access apparatus can view the content encrypted by CAS by the EMM received from the EMM server.

In the conditional access system, the DRM license acquisition unit of the conditional access apparatus transmits a license acquisition request including the authorization information stored in the authorization information storage unit to the DRM server, and acquires the DRM license.
As a result, the conditional access apparatus can view the content encrypted by the DRM with the DRM license received from the DRM server.

Further, the conditional access system extracts contract information from the individual information distributed by EMM by the contract information acquisition means of the conditional access apparatus, stores the contract information in the contract information storage means, and updates the contract information as content is viewed. The latest contract information stored in the contract information storage unit is acquired from the limited reception module, and is transmitted as update information of the contract information to the authorization server.
Then, the limited reception system receives the updated contract information from the limited reception device by the contract information receiving unit of the authorization server, and the contract information of the contractor registration information storage unit is received with the contract information received by the update unit. Update.
As a result, for example, contract information such as the number of viewing restrictions that changes depending on content viewing is notified to the authorization server, and the contract information can be newly taken over even when the conditional access apparatus is replaced.

The present invention has the following excellent effects.
According to the present invention, since the contractor can obtain the authorization for viewing each content only by making a content viewing contract with one authorization server, the content of the contractor for each content distribution company can be obtained. It is possible to reduce the labor of the viewing contract.
Further, according to the present invention, because the conditional access apparatus requests the EMM server for the EMM and requests the DRM server for the DRM license according to the authorization information issued by the authorization server, a unique protocol for each content distributor Thus, there is no need to control the distribution of viewing licenses, and the content distribution company only has to manage the EMM and DRM licenses with a single server, and there is no need to manage a plurality of licenses.
Further, according to the present invention, the receiving device does not need to correspond to the individual protocol for each content distribution provider between the security module and the server, and the viewing license (EMM, DRM) according to the authorization information issued by the authorization server. (License) can be requested, and maintenance work and cost increase can be reduced. Further, according to the present invention, a license based on an arbitrary viewing contract can be immediately reflected.
Furthermore, according to the present invention, even when the contract information of the conditional access apparatus is updated, it can be managed collectively by the authorization server.

It is a system configuration figure showing the composition of the conditional access system concerning the 1st and 2nd embodiments of the present invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 1st Embodiment of this invention. It is a data block diagram which shows the structure of an EMM section. It is a data block diagram which shows the structure of an ECM section. It is a functional block diagram which shows the structure of the service provision server which concerns on 1st Embodiment of this invention. It is a figure which shows the memory content of the client information storage means in the service provision server of FIG. It is a figure which shows the memory content of the content information storage means in the service provision server of FIG. It is a functional block diagram which shows the structure of the authorization server which concerns on 1st Embodiment of this invention. It is a figure which shows the memory content of the contractor registration information storage means in the authorization server of FIG. It is a figure which shows the memory content of the authorization information storage means in the authorization server of FIG. It is a figure which shows the memory content of the client information storage means in the authorization server of FIG. It is a figure for demonstrating the type of the authorization information which the authorization information issuing means in the authorization server of FIG. 8 issues. It is a functional block diagram which shows the structure of the EMM server which concerns on 1st Embodiment of this invention. It is a figure which shows the memory content of the master key memory | storage means in the EMM server of FIG. It is a figure which shows the memory content of the work key memory | storage means in the EMM server of FIG. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 1st Embodiment of this invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 2nd Embodiment of this invention. It is a data block diagram which shows the structure of the EMM message section of an EMM individual message. It is a data block diagram which shows the structure of the EMM message section of an EMM common message. It is a functional block diagram which shows the structure of the service provision server which concerns on 2nd Embodiment of this invention. It is a figure which shows the memory content of the content information storage means in the service provision server of FIG. It is a functional block diagram which shows the structure of the EMM server which concerns on 2nd Embodiment of this invention. It is a figure which shows the memory content of the message control information storage means in the EMM server of FIG. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 2nd Embodiment of this invention. It is a system block diagram which shows the structure of the conditional access system which concerns on 3rd Embodiment of this invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 3rd Embodiment of this invention. It is a functional block diagram which shows the structure of the service provision server which concerns on 3rd Embodiment of this invention. It is a figure which shows the memory content of the content information storage means in the service provision server of FIG. It is a functional block diagram which shows the structure of the DRM server which concerns on 3rd Embodiment of this invention. It is a figure which shows the memory content of the content key memory | storage means in the DRM server of FIG. It is a figure which shows the memory content of the master key memory | storage means in the DRM server of FIG. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 3rd Embodiment of this invention. It is a system block diagram which shows the structure of the conditional access system which concerns on 4th Embodiment of this invention. It is a functional block diagram which shows the structure of the information processing apparatus which concerns on 4th Embodiment of this invention. It is a system block diagram which shows the structure of the conditional access system which concerns on 5th, 6th embodiment of this invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 5th Embodiment of this invention. It is a functional block diagram which shows the structure of the authorization server which concerns on 5th Embodiment of this invention. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 5th Embodiment of this invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 6th Embodiment of this invention. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 6th Embodiment of this invention. It is a system block diagram which shows the structure of the conditional access system which concerns on 7th Embodiment of this invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 7th Embodiment of this invention. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 7th Embodiment of this invention. It is a system block diagram which shows the structure of the conditional access system which concerns on 8th Embodiment of this invention. It is a functional block diagram which shows the structure of the conditional access apparatus which concerns on 8th Embodiment of this invention. It is a functional block diagram which shows the structure of the EMM server which concerns on 8th Embodiment of this invention. It is a sequence diagram which shows operation | movement of the conditional access system which concerns on 8th Embodiment of this invention.

Embodiments of the present invention will be described below with reference to the drawings.
<< First Embodiment >>
[Configuration of conditional access system]
First, the configuration of the conditional access system S of the first embodiment will be described with reference to FIG.

The conditional access system S is a system that allows video content (hereinafter simply referred to as “content”) to be viewed only by subscribers with viewing rights for the purpose of copyright protection and viewing restriction by pay broadcasting.
This limited reception system S is configured by connecting a limited reception device 1, a service providing server 3, an authorization server 5, and an EMM server 7 via a communication line N, and is distributed from the transmission device 1000 by broadcasting. Is received by the limited reception device 1.

  The conditional access apparatus 1 includes a security module that implements a conditional access system (CAS), and receives limited content (scrambled content) scrambled for copyright protection and pay broadcast implementation.

The service providing server 3 (service providing device) cooperates with the authorization server 5 and the EMM server 7 to provide a service for instructing the conditional access device 1 to acquire a license according to the content to be viewed. Here, the license is specifically individual information (EMM) of the contractor indicating the content (channel, contract expiration date, etc.) of the content viewing contract. The EMM server 7 distributes the individual information (EMM) to the conditional access apparatus 1 itself.
The service providing server 3 accepts a content viewing request, that is, a license acquisition request, but the transmission apparatus 1000 performs content distribution itself.

The authorization server 5 (authorization apparatus) manages the viewing contract state of the contractor's content and authorizes the EMM server 7 to issue a license.
That is, the authorization server 5 collectively manages the contract status of the contractor, and in response to authorization requests from a plurality of service providing servers 3, whether or not there is permission for viewing the specified content, and a permission range for permission (for example, Response information indicating the channel, contract expiration date, etc.).

  The EMM server 7 (EMM issuing device) is a contractor who has the right to view content based on the authorization information issued by the authorization server 5 transmitted from the conditional access device 1 based on the instruction from the service providing server 3. A license (EMM) is issued to the (restricted reception device 1).

  The transmitting apparatus 1000 distributes scrambled content (scrambled content) by broadcasting. Note that this broadcast is not limited to a wireless broadcast wave, and may be a wired broadcast such as a cable broadcast.

In this way, by configuring the conditional access system S, the conditional access system S manages the contract status of the contractor in one place in the authorization server 5 and licenses corresponding to the authorization information issued by the authorization server 5 Acquisition can be controlled by the service providing server 3. Further, the conditional access system S can unify the license distribution form to the distribution from the EMM server 7.
Hereinafter, the configurations of the conditional access device 1, the service providing server 3, the authorization server 5, and the EMM server 7 that configure the conditional access system S will be sequentially described. Note that the transmission apparatus 1000 is a general digital broadcast transmission apparatus, and a description thereof will be omitted here.

[Configuration of conditional access device]
First, the configuration of the conditional access apparatus 1 will be described with reference to FIG.
As shown in FIG. 2, the conditional access apparatus 1 includes a communication unit 10, an operation unit 11, a viewing request unit 12, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14, and an authorization information storage unit. 15, EMM acquisition processing means 16, broadcast wave reception means 17, separation means 18, security module 19, descrambler 20, decoder 21, display means 22, and contract information acquisition means 23. .

  The communication means 10 communicates with a communication destination server (service providing server 3, authorization server 5, EMM server 7) using a predetermined protocol such as TCP / IP. This communication means 10 can be realized by, for example, a NIC (Network Interface Card).

The operation unit 11 receives an input from the outside (for example, an input from a remote control device or the like) and performs an operation on the conditional access device 1.
This operation means 11 is a user interface for instructing contents to be viewed on a Web page provided by the service providing server 3 and inputting a contractor ID and password for contractor authentication, for example. .

The viewing request unit 12 requests the service providing server 3 to view the scrambled (encrypted) content via the communication unit 10.
For example, when the contractor wants to view the scrambled content broadcast by the broadcast wave, the contractor uses the operation means 11 to select a button for selecting whether to view the content displayed on the display screen. Then, a button for viewing is pressed. Then, the viewing request unit 12 transmits information (content ID or the like) specifying the content as a service request to the service providing server 3 that performs the license issue control service for the content.
The viewing request unit 12 notifies that the authorization information has been acquired when valid authorization information of the content (for example, authorization information within the expiration date) is stored in the authorization information storage unit 15 to be described later. May be added to make a service request to the service providing server 3.

  The contractor authentication information transmission unit 13 transmits contractor authentication information necessary for contractor authentication to the authorization server 5 via the communication unit 10. For example, when the contractor inputs the contractor ID or password as the contractor authentication information using the operation unit 11 with respect to the authentication form presented from the authorization server 5, the contractor authentication information transmission unit 13 Is transmitted to the authorization server 5. As a result, the authorization server 5 authenticates whether the contractor is a regular registered contractor. It is assumed that the contractor authentication information (contractor ID, password, etc.) is registered in advance in the authorization server 5 (contractor registration).

  The authorization information acquisition processing unit 14 has received an instruction (authorization request) from the service providing server 3 to the authorization server 5 to acquire the authorization information according to the contract status of the contractor (the limited receiving device 1). At this time, the authorization information is acquired from the authorization server 5. Here, the authorization information acquisition processing unit 14 includes an authorization request unit 140 and an authorization information receiving unit 141.

The authorization request unit 140 receives an authorization request from the service providing server 3 via the communication unit 10 and requests the authorization server 5 for authorization information for obtaining a license necessary for viewing desired content. is there. Specifically, the authorization request unit 140 receives an HTTP redirect instruction as an authorization request from the service providing server 3 and redirects the authorization request to the authorization server 5 via the communication unit 10.
This authorization request includes at least a license type necessary for viewing the scrambled content and a client identification for identifying the authorization request issuer (service providing server 3).
Note that the license type means, for example, a license (EMM) of content (package1) provided on the channel (ch1), such as “EMM: ch1: package1”.

The authorization information receiving unit 141 receives an authorization response including authorization information from the authorization server 5 via the communication unit 10 as a response to the authorization request requested by the authorization request unit 140. The authorization information receiving unit 141 writes and stores the received authorization information in the authorization information storage unit 15.
The authorization information may be the actual data itself of the authorization information or a token indicating the actual data. Here, the description will be made assuming that the authorization information is a token indicating the entity.
The authorization information receiving unit 141 notifies the service providing server 3 that has transmitted the authorization request that the authorization response has been received via the communication unit 10.

  The authorization information storage unit 15 stores the authorization information acquired by the authorization information acquisition processing unit 14. For example, the authorization information storage unit 15 is a storage medium such as a semiconductor memory.

When receiving an EMM acquisition instruction for instructing acquisition of EMM (individual information) from the service providing server 3, the EMM acquisition processing means 16 issues an EMM acquisition request including the authorization information stored in the authorization information storage means 15 to the EMM. The information is transmitted to the server 7 and EMM (individual information) is acquired.
This EMM (individual information) is defined in ARIB STD-B25 in a format as shown in FIG. In general, EMM (individual information) includes a plurality of EMM main body portions in FIG. 3 for a plurality of receiving apparatuses. However, since the conditional access apparatus 1 is specified and distributed by communication here, only one EMM main body is required.
The details of the contents of the EMM are the same as those defined in the ARIB STD-B25. Therefore, the description is omitted here, but the EMM variable unit is used to encrypt the scramble key. The work key Kw and the contract information of the contractor are set as appropriate.
Here, the EMM acquisition processing unit 16 includes an individual information acquisition instruction receiving unit 160 and an individual information acquisition unit 161.

  The individual information acquisition instruction receiving unit 160 receives an EMM acquisition instruction for instructing acquisition of an EMM from the service providing server 3 via the communication unit 10. The individual information acquisition instruction receiving unit 160 notifies the individual information acquisition unit 161 that the EMM acquisition instruction has been received.

The individual information acquisition means 161 (EMM acquisition means) is the authorization information (token) stored in the authorization information storage means 15 at the timing when the individual information acquisition instruction reception means 160 is notified that the EMM acquisition instruction has been received. Is sent to the EMM server 7 to acquire EMM (individual information).
The individual information obtaining unit 161 obtains EMMs as information necessary for generating an EMM, such as an identifier of the security module (CA module ID) and an identifier (operator identification) for identifying a content distribution provider in the conditional access method. It will be added to the request.
The individual information acquisition unit 161 outputs the acquired EMM to the security module 19.

The individual information acquisition unit 161 may be operated by a program input from the outside. For example, the individual information acquisition instruction receiving unit 160 receives an EMM acquisition instruction program described in a script language from the service providing server 3 and causes the computer to function as the individual information acquisition unit 161 by executing the program. It is good as well.
In that case, the individual information acquisition instruction receiving unit 160 may be operated at the timing when the EMM acquisition instruction program is acquired via the communication unit 10.

  Further, although not shown in FIG. 2, the EMM acquisition instruction program may be received by the broadcast wave receiving means 17 via the broadcast wave. In that case, the individual information acquisition instruction receiving unit 160 may operate the program at the timing when the EMM acquisition instruction is received via the broadcast wave receiving unit 17.

The broadcast wave receiving unit 17 receives the multiplexed broadcast signal transmitted from the transmission apparatus 1000 via the broadcast wave. The multiplexed broadcast signal may be, for example, a signal multiplexed in a TS (transport stream) format (MPEG-2 TS) defined in MPEG-2 Systems, or MMT (MPEG Media Transport). It may be a signal multiplexed by.
In this multiplexed broadcast signal, scrambled content, ECM (Entitlement Control Message) and the like are multiplexed.

The ECM (program information / control information) is defined by ARIB STD-B25 in the format shown in FIG. The details of the contents of this ECM are the same as those defined in ARIB STD-B25, and therefore the description thereof is omitted here, but at least the scramble key Ks encrypted with the work key Kw, the program attribute information Etc. are included.
The broadcast wave receiving means 17 outputs the received multiplexed broadcast signal to the separating means 18.

The separating unit 18 separates the multiplexed broadcast signal received by the broadcast wave receiving unit 17. Here, the separating means 18 separates scrambled content and ECM from, for example, MPEG-2 TS or MMT. The separated scrambled content is output to the descrambler 20, and the ECM is output to the security module 19.
If the EMM is multiplexed with the multiplexed broadcast signal received by the broadcast wave receiving unit 17, the separating unit 18 separates the EMM and outputs it to the security module 19.

The security module 19 (limited reception [CAS] module) controls the output of the scramble key Ks that scrambles the content. The security module 19 may be realized by a hardware device (removable device) that can be attached to and detached from the main body of the limited receiving device 1 such as an IC card, or may be incorporated in the main body of the limited receiving device 1.
Here, the security module 19 includes a master key storage unit 190 and an EMM / ECM processing unit 191. In the security module 19, an individual identifier (CA module ID) is set in advance in a storage unit (not shown).

  The master key storage unit 190 stores a key (master key) unique to the device of the conditional access apparatus 1, and is a general storage medium such as a semiconductor memory. Here, the device means an identification unit of the conditional access apparatus 1 managed for each manufacturer, model, lot or the like of the conditional access apparatus 1.

The EMM / ECM processing means 191 extracts the scramble key Ks using the ECM distributed by broadcast waves and separated by the separation means 18 and the EMM distributed by communication and acquired by the EMM acquisition processing means 16. . When the EMM is separated by the separation unit 18, the EMM / ECM processing unit 191 extracts the scramble key Ks using the EMM and the ECM.
Here, the EMM / ECM processing unit 191 includes an individual information processing unit 191a, a contract information storage unit 191b, a common information processing unit 191c, a descrambling availability determination unit 191d, and an output switching unit 191e.

The individual information processing unit 191a decrypts the encryption unit (see FIG. 3) of the EMM (individual information) acquired by the EMM acquisition processing unit 16 with the master key stored in the master key storage unit 190, and the work key Kw And contract information.
The individual information processing unit 191a outputs the extracted work key Kw to the common information processing unit 191c, and writes and stores the extracted contract information in the contract information storage unit 191b.

The contract information storage unit 191b stores the contract information extracted by the individual information processing unit 191a, and is a storage medium such as a semiconductor memory.
This contract information is contents of the contract for viewing the contractor's content, and is, for example, a channel, a contract expiration date, and the like. In addition, the contract information may include content viewing conditions (for example, viewing is allowed only 10 times). In that case, the contract information storage unit 191b stores the remaining number of viewing times subtracted by actual viewing. Manage.

The common information processing unit 191c uses the work key Kw extracted by the individual information processing unit 191a as the ECM encryption unit (see FIG. 4), which is the information shared by the entire conditional access apparatus 1 separated by the separating unit 18. And scramble key and program attribute information are extracted.
The common information processing unit 191c outputs the extracted scramble key Ks to the output switching unit 191e, and outputs the extracted program attribute information to the descrambling permission determination unit 191d.
Note that the program attribute information is information indicating attributes such as whether the content (program) is scrambled or whether it is free / paid content.

The descrambling / non-descrambling determining unit 191d compares the contract information stored in the contract information storing unit 191b with the program attribute information extracted by the common information processing unit 191c to determine whether or not the scrambled content can be descrambled. Is.
That is, the descrambling / non-descrambling determining unit 191d recognizes whether or not the currently viewed content is scrambled based on the program attribute information and whether or not the content is paid content. Thus, it is determined whether or not the content can be descrambled by recognizing whether or not the contract has been made. The descrambling / non-descrambling determining unit 191d determines that the content can be descrambled regardless of the contract information if it is free scrambled content.
The descrambling / non-descrambling determining unit 191d outputs the determination result (descrambling is possible or descrambling is not possible) to the output switching unit 191e.

The output switching unit 191e controls whether to output the scramble key Ks input from the common information processing unit 191c to the outside of the security module based on the determination result output from the descrambling determination unit 191d. Is.
The output switching unit 191e outputs the scramble key Ks to the descrambler 20 when the determination result output from the descrambling determination unit 191d is “descrambleable”. On the other hand, the output switching unit 191e stops the output of the scramble key Ks if the result of the availability determination output from the descrambling availability determination unit 191d is “not descrambleable”.

The descrambler 20 (content decrypting means) descrambles (decrypts) the scrambled content separated and extracted by the separating means 18 with the scramble key Ks output from the security module 19. As a result, content (encoded content) encoded by an encoding method such as MPEG-2 is restored.
The descrambler 20 outputs the descrambled content to the decoder 21.

The decoder 21 decodes the content (encoded content) descrambled by the descrambler 20 according to a predetermined encoding format and generates a display signal.
The decoder 21 outputs the generated display signal to the display means 22.

  The display means 22 reproduces the display signal decoded by the decoder 21. The display means 22 is, for example, a monitor device such as a liquid crystal display or a plasma display. Here, the display means 22 is provided in the conditional access apparatus 1, but it may be configured externally.

The contract information acquisition unit 23 acquires the contract information stored in the contract information storage unit 191b from the security module 19.
The contract information acquisition unit 23 acquires contract information from the security module 19 according to a request from the authorization server 5 or an operation of the operation unit 11, and transmits the contract information to the authorization server 5. As a result, the authorization server 5 can update the content of the contract information that has changed due to the viewing of the content or the setting of the contractor.

This contract information acquisition means 23 is not limited to a request from the authorization server 5, but may output the contract information to the Web server in response to a request from another Web server (not shown). Alternatively, the contract information may be returned to the application in response to a request from the application operating on the conditional access apparatus 1. Thereby, the Web server and the application can perform various services (for example, provision of program information related to the contracted channel) based on the contract information of the contractor.
The limited reception device 1 may be configured by omitting the contract information acquisition unit 23.

  By configuring the conditional access apparatus 1 as described above, the conditional access apparatus 1 allows the contractor to register with the authorization server 5 as a contractor even when requesting content viewing from a plurality of service providing servers 3. By doing so, it is possible to acquire EMM (individual information) from the EMM server 7 based on the authorization issued by the authorization server 5 and to descramble the content.

[Service providing server configuration]
Next, the configuration of the service providing server 3 will be described with reference to FIG.
As shown in FIG. 5, the service providing server 3 includes a communication unit 30, a storage unit 31, and a control unit 32.

  The communication means 30 communicates with the conditional access apparatus 1 using a predetermined protocol such as TCP / IP. The communication unit 30 can be realized by a NIC (Network Interface Card), for example.

  The storage unit 31 stores various data held in the service providing server 3. The storage means 31 is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 31 includes a client information storage unit 310 and a content information storage unit 311. These storage units may be configured as individual storage media, or may be configured to store in different storage areas with one storage medium.

The client information storage unit 310 stores client information registered in advance as a client for the authorization server 5 for each service provided by the service providing server 3. For example, as shown in FIG. 6, the client information associates client identification, which is an identifier that can identify the client with the authorization server 5, with client authentication information such as a password for performing authentication with the authorization server 5. Information.
FIG. 6 shows an example in which a plurality of client identifications are associated with each other. However, when the service providing server 3 provides a service (license issue control service) as one client, one client identification is provided. Good.

  The content information storage unit 311 is information for identifying content received by the conditional access device 1 and stores content information managed in advance by the service providing server 3. For example, as shown in FIG. 7, the content information includes an organization channel (channel) that distributes content, content identification that is an identifier unique to the content, and an identifier that identifies an operator that distributes the content. This information is associated with person identification.

  The control means 32 controls the operation of the service providing server 3. The control means 32 can be realized by a general hardware configuration such as a CPU, RAM, and ROM. Here, the control unit 32 includes a viewing request reception unit 320, an authorization acquisition unit 321, and an EMM acquisition instruction unit 322. The control means 32 can operate a computer (CPU) as a program (Web application) that functions as each of these means.

The viewing request receiving unit 320 receives a scrambled content viewing request (license acquisition request) from the conditional access device 1 via the communication unit 30. This viewing request includes information for specifying the target content to be viewed, such as a channel and content identification.
The viewing request receiving unit 320 notifies the authorization acquiring unit 321 that the viewing request has been received together with the content identification information included in the viewing request.
Note that the viewing request receiving unit 320 notifies the EMM acquisition instructing unit 322 that the viewing authorization for the content has been confirmed when the approval request has been acquired in the viewing request (service request). I decided to. Thereby, the authorization acquisition in the authorization server 5 can be omitted.

  The authorization acquisition unit 321 operates so that the conditional access apparatus 1 that has made a content viewing request acquires an authorization for viewing the content. Here, the authorization acquisition unit 321 includes an authorization request transmission unit 321a and an authorization response reception unit 321b.

The authorization request transmission unit 321a instructs the conditional access device 1 to make an authorization request for viewing content to the authorization server 5. For example, the authorization request transmission unit 321 a transmits an authorization request for redirecting to a predetermined authorization request reception URL of the authorization server 5 to the conditional access apparatus 1. At this time, the authorization request transmission unit 321a identifies the client that is the authorization request issuer stored in the client information storage unit 310, and the license type (enterprise identification information, organization channel, etc.) required for viewing the scrambled content. Is transmitted to the conditional access apparatus 1 via the communication means 30.
In addition, here, the authorization request transmission unit 321a adds the client authentication information stored in the client information storage unit 310 to the authorization request because the authorization server 5 authenticates the service providing server 3. . The client authentication information is encrypted with, for example, a common key common to the authorization server 5 in order to ensure safety.

The authorization response receiving unit 321 b receives a notification that the response (authorization response) to the authorization request has been received from the limited receiving device 1 via the communication unit 30.
When receiving the notification of the authorization response, the authorization response receiving unit 321b notifies the EMM acquisition instructing unit 322.

The EMM acquisition instruction unit 322 instructs the conditional access apparatus 1 that has received the authorization response to acquire EMM (individual information).
The EMM acquisition instruction unit 322 transmits an instruction (EMM acquisition instruction) to acquire EMM (individual information) from the EMM server 7 to the conditional access apparatus 1 via the communication unit 30. This EMM acquisition instruction is, for example, a program (EMM acquisition instruction program) written in a script language. This EMM acquisition instruction program includes information necessary for generating an EMM (security module identifier [CA module ID], operator identification, work key identification, etc.), and authorization information acquired by the conditional access device 1. Is described as an operation instruction to notify the authorization server 5 as an EMM acquisition request.

  By configuring the service providing server 3 as described above, the service providing server 3 sends the authorization information from the authorization server 5 to the conditional access device 1 when the content viewing request is received from the conditional access device 1. Can be acquired from the EMM server 7 to acquire an EMM that is a license for viewing the content.

[Authorization Server Configuration]
Next, the configuration of the authorization server 5 will be described with reference to FIG.
As shown in FIG. 8, the authorization server 5 includes a communication unit 50, a storage unit 51, and a control unit 52.

  The communication means 50 communicates with the conditional access apparatus 1 and the EMM server 7 using a predetermined protocol such as TCP / IP. The communication unit 50 can be realized by a NIC, for example.

  The storage means 51 stores various data held in the authorization server 5. The storage means 51 is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 51 includes a contractor registration information storage unit 510, an authorization information storage unit 511, and a client information storage unit 512. These storage units may be configured as individual storage media, or may be configured to store in different storage areas with one storage medium.

  The contractor registration information storage unit 510 (contractor registration information storage unit) stores contractor registration information for viewing content previously performed by the contractor. For example, as shown in FIG. 9, the contractor registration information includes a contractor ID that is an identifier for individually identifying a contractor, a password (PW) that is authentication information, and contract information that indicates a content viewing contract. Is information associated with each other. This contract information is, for example, a business unit identification unit for identifying a content distribution business, and is information including the presence / absence of a contract for each channel and the contract term. In the example of FIG. 9, the contractor ID of a contractor is “AAAAA”, the password is “12345”, and the contractor is the contract information of the channel of the content distribution business operator with the business operator identification “XXXXXX”. Of these, “CH-A” and “CH-B” are contracted with a contract term (circles in the figure).

The authorization information storage unit 511 stores the authorization information given to the conditional access apparatus 1 by the authorization server 5. The authorization information stored in the authorization information storage unit 511 is written and stored by the authorization determination unit 522 described later.
For example, as shown in FIG. 10, this authorization information is stored in association with a unique identifier (authorization information ID) for each authorization information together with an expiration date (authorization information expiration date) of the authorization information itself. In the example of FIG. 10, the channel “CH-B” of the content distribution business operator with the business operator identification “XXXX” is valid for the contractor (limited reception device 1) with the contractor ID “BBBB”. ) Indicates that it is licensed (circled in the figure). In FIG. 10, the token indicates that the authorization information given to the conditional access apparatus 1 is not the entity of the authorization information but the reference destination information indicating the entity of the authorization information.

  The client information storage unit 512 stores information for specifying a client of a service (license issue control service) provided by the service providing server 3. This information is registered in advance by a business operator who operates the service providing server 3. For example, as shown in FIG. 11, the client information includes client identification, which is an identifier that can identify the client of the service providing server 3, and client authentication information such as a password for performing authentication by the client authentication means 524 described later. Is information associated with each other. Further, the client information storage unit 512 may store a callback URL as shown in FIG. This callback URL indicates the address of the client provided by the service providing server 3, and is information for realizing authentication similar to client authentication by accessing a callback URL registered in advance.

  The control means 52 controls the operation of the authorization server 5. The control means 52 can be realized by a general hardware configuration such as a CPU, RAM, and ROM. Here, the control unit 52 includes an authorization request receiving unit 520, a contractor authenticating unit 521, an authorization determining unit 522, an authorization information issuing unit 523, a client authenticating unit 524, a contract information receiving unit 526, and an updating unit. 527.

The authorization request receiving unit 520 receives an authorization request transmitted from the service providing server 3 via (redirect) the limited reception device 1 via the communication unit 50.
The authorization request receiving unit 520 notifies the contractor authentication unit 521 that the authorization request has been received. At this time, the authorization request receiving means 520 includes the license type included in the authorization request, the client identification for identifying the authorization request issuing source (service providing server 3), and the information of the authorization request target (business entity identification information, organization channel, etc. ) To the contractor authentication means 521.

The contractor authentication means 521 performs contractor authentication with respect to the conditional access apparatus 1 that has made an authorization request. That is, the contractor authentication unit 521 acquires the contractor authentication information (contractor ID, password, etc.) from the conditional access device 1 and compares it with the contractor registration information stored in the contractor registration information storage unit 510. In this way, contractor authentication is performed. Here, the contractor may be a contractor in a unit corresponding to a device such as a receiver manufacturer or a receiver model, or may be a contractor in a user unit.
In order for the contractor authentication unit 521 to acquire the contractor authentication information, for example, the contractor authentication unit 521 transmits an authentication form for inputting the contractor authentication information to the conditional access device 1, and The contractor authentication information input to the authentication form is received.
When the contractor authentication is successful, the contractor authentication unit 521 outputs the content of the authorization request received by the authorization request reception unit 520 to the authorization determination unit 522.

  The authorization determination unit 522 performs an authorization determination on the authorization request of the contractor authenticated by the contractor authentication unit 521 based on the contract contents stored in the contractor registration information storage unit 510. For example, when an acquisition request is made to acquire an EMM for channel A of the content distribution business operator with the business entity identification “XXXX”, the authorization determination means 522 uses the authorized contractor in the contractor registration information storage means 510. Determines whether or not the content distribution provider with the provider identification “XXXX” has a contract for channel A.

As shown in FIG. 10, the authorization determination unit 522, in response to an authorization request, for each contractor ID, whether or not there is a license for the specified content viewing and a license scope (a contract expiration date, a channel, etc.) Is generated and stored in the authorization information storage unit 511. In addition, as shown in FIG. 10, the authorization determination means 522 preferably sets the expiration date of the authorization information itself for each authorization information.
Then, after generating the authorization information, the authorization determining unit 522 instructs the authorization information issuing unit 523 to issue the authorization information.

The authorization information issuing unit 523 issues authorization information to the conditional access apparatus 1 that has made an authorization request.
The authorization information issuing unit 523 transmits the authorization information to the service providing server 3 as an authorization response again through the limited reception device 1 that has been transmitted via the authorization request from the service providing server 3. At this time, the authorization information issuing means 523 authenticates whether or not the authorization request from the service providing server 3 is a regular client request by the client authentication means 524. Send a response.

  The authorization information issuing unit 523 adds a signature (electronic signature) to the authorization information to be transmitted, for example, with a signature key paired with the verification key used by the EMM server 7 in order to prevent falsification of the contents of the authorization information. May be. Further, in order to conceal the contents of the authorization information, the authorization information issuing unit 523 may encrypt the authorization information to be transmitted with a public key paired with the secret key of the EMM server 7 by a public key cryptosystem, for example.

  Further, the authorization information issuing means 523 may issue an identifier (token) for referring to the authorization information, instead of issuing the substance of the authorization information in order to reduce the data amount of the communication line N. . This token can be generated by, for example, a general software token generation method. Further, this token is stored in association with the authorization information as shown in FIG.

In addition, in order to distinguish a plurality of processes such as adding a signature, encrypting, and tokenizing the authorization information in this way, the authorization information issuing unit 523 identifies the processing contents in the authorization response. It is sufficient to add an authorization information type for
For example, as shown in FIG. 12 (a), when the authorization information is tokenized, the authorization information issuing unit 523 authorizes the authorization information indicating that the authorization information is a token type before the authorization token obtained by tokenizing the authorization information. An information type is added as an authorization response.
Also, for example, as shown in FIG. 12B, when the authorization information is transmitted as an entity, the authorization information issuing unit 523 indicates that the authorization information is an entity type before the authorization information entity. Add a type to make an authorization response. Of course, at this time, when a signature is added to the authorization information or when the authorization information is encrypted, an authorization information type for identifying each of them may be added.

  Further, when the authorization information is issued in token type, the authorization information issuing unit 523 stores the authorization information storage when the entity of the authorization information is requested by the token from the EMM server 7 via the authorization information inquiry receiving unit 525. The entity of the authorization information corresponding to the token is issued with reference to the means 511.

  The client authentication means 524 authenticates whether the authorization request from the service providing server 3 is a legitimate client request. For example, the client authentication unit 524 decrypts client authentication information encrypted and included in the authorization request with a common key common to the service providing server 3, and stores the client authentication information stored in the client information storage unit 512 in advance. Client authentication is performed by collating with authentication information. This authentication result is output to the authorization information issuing means 523.

  The authorization information inquiry receiving unit 525 receives an authorization information inquiry for inquiring about the substance of the authorization information for the token from the EMM server 7 via the communication unit 50. The authorization information inquiry receiving unit 525 outputs the token included in the received inquiry to the authorization information issuing unit 523.

  The contract information receiving unit 526 acquires the contract information of the contractor stored in the contract information storage unit 191b (see FIG. 2) of the security module 19 from the limited receiving device 1 via the communication unit 50. . The contract information receiving unit 526 outputs the received contract information to the updating unit 527.

The updating unit 527 updates the contractor registration information stored in the contractor registration information storage unit 510 with the contract information received by the contract information receiving unit 526.
In other words, the update unit 527 can update or add the content of the contract information that has changed due to the viewing of the content or the setting of the contractor in the contract information of the security module 19. Thereby, for example, when the limited receiving device 1 is exchanged, the updating unit 527 uploads the contents of the current contract information to the authorization server 5, and the new limited receiving device 1 updates the latest contract status of the contractor. It can be reflected.

  By configuring the authorization server 5 as described above, the authorization server 5 collectively manages the contractor's contract information, and there has been an authorization request from the service providing server 3 via the conditional access device 1. In this case, the authorized conditional access apparatus 1 can be given permission for viewing license acquisition.

[Configuration of EMM server]
Next, the configuration of the EMM server 7 will be described with reference to FIG.
As illustrated in FIG. 13, the EMM server 7 includes a communication unit 70, a storage unit 71, and a control unit 72.

  The communication means 70 communicates with the conditional access apparatus 1 and the authorization server 5 using a predetermined protocol such as TCP / IP. The communication unit 70 can be realized by a NIC, for example.

  The storage unit 71 stores various data held in the EMM server 7. The storage means 71 is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 71 includes a master key storage unit 710 and a work key storage unit 711. These storage units may be configured as individual storage media, or may be configured to store in different storage areas with one storage medium.

  The master key storage unit 710 stores a master key for each device of the conditional access apparatus 1. Here, the master key storage unit 710 stores the master key Km in association with the CA module ID, which is an identifier for identifying the security module 19 (see FIG. 2), as shown in FIG.

  The work key storage unit 711 stores a work key for decrypting the encrypted scramble key. Here, as shown in FIG. 15, the work key storage unit 711 stores the work key Kw in association with the work key identification, which is an identifier for identifying the work key, for each business entity identification for identifying the content distribution business operator. To do.

  The control means 72 controls the operation of the EMM server 7. The control means 72 can be realized by a general hardware configuration such as a CPU, RAM, and ROM. Here, the control unit 72 includes an EMM acquisition request reception unit 720, an authorization information confirmation unit 721, an EMM generation unit 722, and an EMM transmission unit 723.

The EMM acquisition request receiving unit 720 (individual information acquisition request receiving unit) receives an EMM acquisition request from the conditional access apparatus 1 via the communication unit 70.
The EMM acquisition request receiving unit 720 outputs the authorization information included in the EMM acquisition request to the authorization information confirmation unit 721, and information necessary for generating the EMM also included in the EMM acquisition request (CA Module ID, operator identification, work key identification, etc.) are output to EMM generation means 722. The operator identification and work key identification are specified in the EMM acquisition instruction program provided from the service providing server.

The authorization information confirmation unit 721 refers to the authorization information output from the EMM acquisition request reception unit 720 and confirms whether viewing is permitted by a contract. This viewing permission confirmation result (authorized / unauthorized) is output to the EMM transmission means 723 and used to determine whether or not to transmit the EMM. Of the authorization information, the contract information (for example, channel, contract expiration date, etc.) is output to the EMM generation unit 722.
When the authorization information output from the EMM acquisition request receiving unit 720 is authorization information indicated by a token, the authorization information confirmation unit 721 sends authorization information including the token to the authorization server 5 via the communication unit 70. Make an inquiry. Then, the authorization information confirmation unit 721 acquires the authorization information entity corresponding to the token from the authorization server 5.

The EMM generation unit 722 (individual information generation unit) generates EMM (individual information) based on the authorization information issued by the authorization server 5. Specifically, the EMM generation unit 722 includes the work key storage unit 711 specified by the contract information output from the authorization information confirmation unit 721, the operator identification output from the EMM acquisition request reception unit 720, and the work key identification. The secret information such as the work key Kw stored in is encrypted with the master key Km stored in the master key storage unit 710 specified by the CA module ID to generate an EMM. Note that the detailed data structure of the EMM is defined in ARIB STD-B25, and thus the description thereof is omitted here.
The EMM generation unit 722 outputs the generated EMM to the EMM transmission unit 723.

  The EMM transmission unit 723 transmits the EMM generated by the EMM generation unit 722 via the communication unit 70 to the limited reception device 1 that has transmitted the EMM acquisition request. However, the EMM transmission unit 723 does not transmit the EMM if the permission is not obtained (unauthorized) in the viewing permission confirmation result (authorized / unauthorized) in the authorization information confirming unit 721.

  By configuring the EMM server 7 as described above, the EMM server 7 can individually view the content only for the conditional access device 1 that is authorized to view the content according to the authorization information issued by the authorization server 5. Can be sent.

  By configuring the conditional access system S as described above, the conditional access system S manages the contracts of the contractors collectively by the authorization server 5 and provides one content for the content distributed by a plurality of content distributors. An individual license (EMM) can be provided to the conditional access device 1 from the EMM server 7.

[Operation of conditional access system]
Next, the operation of the conditional access system S of the first embodiment will be described with reference to FIG. 16 (refer to FIG. 1, FIG. 2, FIG. 5, FIG. 8, FIG. 13 for the configuration as appropriate). Here, an operation for distributing a license (EMM) for viewing scrambled content will be mainly described. Here, it is assumed that the contractor who views the content with the conditional access device 1 and the service providing server 3 are registered in advance in the authorization server 5.

First, the conditional access apparatus 1 uses the viewing request unit 12 to request viewing of the scrambled content (service request) from the service providing server 3 (step S10).
Then, the service providing server 3 receives the service request by the viewing request receiving unit 320 (step S11). Then, the service providing server 3 transmits an instruction (authorization request) to the authorization server 5 to acquire an authorization request for content viewing by the authorization request transmission unit 321a of the authorization acquisition unit 321 to the conditional access device 1. (Step S12).

  Further, the conditional access apparatus 1 receives an authorization request from the service providing server 3 by the authorization request unit 140 of the authorization information acquisition processing unit 14 (step S13), and requests authorization information from the authorization server 5 (step S14). ). At this time, the authorization request unit 140 receives an HTTP redirect instruction as an authorization request from the service providing server 3 and redirects the authorization request to the authorization server 5.

Then, the authorization server 5 receives the authorization request redirected from the limited receiving device 1 by the authorization request receiving unit 520 (step S15).
Here, the authorization server 5 uses the contractor authentication unit 521 to perform contractor authentication for the conditional access apparatus 1 that has transmitted the authorization request. That is, the contractor authentication unit 521 acquires the contractor authentication information (contractor ID, password, etc.) from the conditional access device 1 and compares it with the contractor registration information stored in the contractor registration information storage unit 510. Thus, contractor authentication is performed (steps S16A and S16B). Also, at this time, the authorization server 5 determines whether or not to authorize the contractor's authorization request based on the contract contents in the contractor registration information storage unit 510 by the authorization judgment unit 522, and the designated content viewing / listening is performed. Is generated and stored in the authorization information storage unit 511. The authorization information indicating the presence / absence of the permission and the permission range (contract expiration date, channel, etc.) for permission is generated.

If the authorization server 5 determines that the authorization request from the conditional access device 1 is a request from an authorized contractor, the authorization server 5 further performs client authentication with respect to the service providing server 3 that is the request source of the authorization request (step) S17). In this authentication, for example, client authentication information encrypted and added by the service providing server 3 to the authorization request is decrypted by the client authenticating unit 524 with a common key common to the service providing server 3 and stored in the client information storing unit 512. This can be done by checking with client authentication information stored in advance.
When the authentication is correctly performed by the contractor authentication and the client authentication, the authorization server 5 sends an authorization response to which the authorization information (token indicating the authorization information) is added to the conditional access apparatus 1 by the authorization information issuing unit 523. Transmit (step S18).

  Further, the conditional access apparatus 1 receives the authorization response transmitted from the authorization server 5 by the authorization information receiving unit 141 of the authorization information acquisition processing unit 14 (step S19), and the authorization information (token) added to the authorization response ) Is stored in the authorization information storage means 15 (step S20). Then, the conditional access apparatus 1 further notifies the service providing server 3 of the authorization response received in step S19 by the authorization information receiving unit 141 (step S21).

  On the other hand, the service providing server 3 receives the authorization response notification transmitted from the limited receiving device 1 by the authorization response receiving unit 321b of the authorization obtaining unit 321 (step S22). Then, the service providing server 3 transmits an instruction (EMM acquisition instruction) for acquiring EMM (individual information) to the conditional access apparatus 1 by the EMM acquisition instruction unit 322 (step S23).

  Then, the conditional access apparatus 1 receives the EMM acquisition instruction transmitted from the service providing server 3 by the individual information acquisition instruction receiving means 160 of the EMM acquisition processing means 16 (step S24), and the individual information acquisition means 161 permits the authorization. An EMM acquisition request to which the authorization information (token) stored in the information storage unit 15 is added is transmitted to the EMM server 7 (step S25).

  Further, the EMM server 7 receives the EMM acquisition request transmitted from the limited reception device 1 by the EMM acquisition request receiving unit 720 (step S26). Then, the EMM server 7 transmits an authorization information inquiry including the token indicating the authorization information added to the EMM acquisition request to the authorization server 5 by the authorization information confirmation unit 721 (step S27).

On the other hand, the authorization server 5 receives the authorization information inquiry by the authorization information inquiry receiving means 525 (step S28). Then, the authorization server 5 reads the authorization information corresponding to the token included in the authorization information inquiry from the authorization information storage unit 511 by the authorization information issuing unit 523 and transmits it to the EMM server 7 (step S29).
Then, the EMM server 7 receives the authorization information by the authorization information confirmation unit 721 (step S30).

Thereafter, the EMM server 7 includes the CA module ID, the operator identification, the work key identification, and the like included in the EMM acquisition request received in step S26 by the EMM generation unit 722 and the authorization information received in step S30. The EMM is generated based on the contract information and the like (step S31). As described above, when the content distribution companies are different, for example, even when the company identification is different between the company A, the company B, etc., the EMM acquisition request includes information for specifying them, so the EMM server 7 By registering the information of the content distribution company in the EMM, it is possible to collectively manage the EMM distribution process.
And the EMM server 7 transmits the EMM produced | generated by step S31 to the conditional access apparatus 1 by the EMM transmission means 723 (step S32).

Then, the conditional access device 1 receives the EMM (individual information) transmitted from the EMM server 7 by the individual information acquisition unit 161 of the EMM acquisition processing unit 16 (step S33).
Then, the conditional access device 1 processes the EMM received from the EMM server 7 in the security module 19 (step S34).
Specifically, the conditional access apparatus 1 uses the individual information processing unit 191a of the security module 19 to decrypt the EMM with the master key stored in the master key storage unit 190, and extracts the work key Kw and the contract information. . Note that, when the EMM is acquired by broadcasting in the security module 19, the operation is the same as when the EMM is acquired by communication. As a result, the present invention can be realized by coexisting with existing EMM distribution.

And the conditional access apparatus 1 processes ECM within the security module 19, when ECM is received by broadcast (step S35).
Specifically, the conditional access apparatus 1 uses the common information processing unit 191c of the security module 19 to decrypt the ECM with the work key Kw extracted in step S34, and extracts a scramble key and program attribute information.
Then, the conditional access device 1 collates the contract information extracted in step S34 with the program attribute information extracted from the ECM by the descrambling permission determining unit 191d of the security module 19, and performs descrambling of the scrambled content. Judgment is made.
The conditional access apparatus 1 controls the output of the scramble key Ks by the output switching unit 191e of the security module 19 based on the determination result of the descrambling determination unit 191d.

Then, the conditional access apparatus 1 descrambles the scrambled content with the scramble key Ks output from the security module by the descrambler 20 (step S36).
Thereafter, although illustration as a step is omitted, the conditional access apparatus 1 encodes and decodes the content descrambled in step S36 by the decoder 21, visualizes it by the display means 22, and outputs it.

As described above, the conditional access system S can collectively manage contracts of contractors by the authorization server 5 and provide an individual license (EMM) from the single EMM server 7 to the conditional access apparatus 1. .
Here, although the authorization response transmitted from the authorization server 5 to the conditional access apparatus 1 in step S18 has been described as a token of authorization information, it may be the substance of authorization information. In that case, since the entity of the authorization information is included in the EMM acquisition request in step S26, the operations in steps S27 to S30 may be omitted.

<< Second Embodiment >>
[Configuration of conditional access system]
Next, referring to FIG. 1, the configuration of the conditional access system S _B of the second embodiment. In the first embodiment, the conditional access system S is configured as a system that distributes EMM as a license for viewing content. In the second embodiment, in addition to EMM, a function for distributing messages (EMM individual messages) in a limited manner is added.
The conditional access system S _B has a limited reception apparatus 1B, and the service providing server 3B, and authorization server 5, and EMM server 7B, configured by connecting a communication line N, distributed by broadcast from the transmitting apparatus 1000 The limited reception device 1 allows limited reception of the content. Since the authorization server 5 and the transmission apparatus 1000 have the same configuration as that of the first embodiment, description thereof is omitted.

The conditional access device 1B is obtained by adding a function for receiving a message to the conditional access device 1 of the first embodiment.
The service providing server 3B is obtained by adding a service function for controlling message delivery to the service providing server 3 of the first embodiment.
The EMM server 7B is obtained by adding a function for issuing a message (EMM individual message) to the EMM server 7 of the first embodiment.

Hereinafter, a structure of the conditional access system S _B, a first embodiment of the conditional access system S limited reception apparatus 1B obtained by adding a function to the configuration, sequentially performed describe the configuration of the service providing server 3B and EMM server 7B.

[Configuration of conditional access device]
First, the configuration of the conditional access apparatus 1B will be described with reference to FIG.
As shown in FIG. 17, the conditional access apparatus 1B includes a communication unit 10, an operation unit 11, a viewing request unit 12, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14, and an authorization information storage unit. 15, EMM acquisition processing means 16B, broadcast wave receiving means 17, separation means 18B, security module 19B, descrambler 20, decoder 21, display means 22B, contract information acquisition means 23, and EMM common Message processing means 24.
Communication means 10, operation means 11, viewing request means 12, contractor authentication information transmission means 13, authorization information acquisition processing means 14, authorization information storage means 15, broadcast wave reception means 17, descrambler 20, decoder 21 and contract information The acquisition unit 23 has the same configuration as that of the conditional access apparatus 1 described in FIG.

  In addition to the function of the EMM acquisition processing unit 16 (see FIG. 2), the EMM acquisition processing unit 16B receives authorization information when receiving an individual message acquisition instruction for instructing acquisition of a message (EMM individual message) from the service providing server 3B. Is sent to the EMM server 7B to obtain a message (EMM individual message).

This EMM individual message is a message that is individually distributed to the conditional access apparatus 1B, and is defined by ARIB STD-B25 in the format shown in FIG. Normally, the EMM individual message has a plurality of EMM message main body parts in FIG. 18 for a plurality of receiving apparatuses. However, since the conditional access apparatus 1B is specified and distributed by communication here, only one EMM message body is required.
The details of the contents of the EMM individual message are the same as those defined in ARIB STD-B25, and thus the description thereof is omitted here. However, the message code includes the message delivered in the EMM common message. Message control information for performing display control is set.

  Here, the EMM acquisition processing unit 16B includes an individual information acquisition instruction receiving unit 160, an individual information acquisition unit 161, an individual message acquisition instruction receiving unit 162, and an individual message acquisition unit 163. The individual information acquisition instruction receiving unit 160 and the individual information acquiring unit 161 have the same configuration as that of the limited receiving apparatus 1 described with reference to FIG.

  The individual message acquisition instruction receiving unit 162 receives an individual message acquisition instruction for instructing acquisition of an individual message (EMM individual message) from the service providing server 3B via the communication unit 10. The individual message acquisition instruction receiving unit 162 notifies the individual message acquisition unit 163 that the individual message acquisition instruction has been received.

The individual message acquisition unit 163 (EMM individual message acquisition unit) receives the authorization information stored in the authorization information storage unit 15 at the timing when the individual message acquisition instruction reception unit 162 is notified that the individual message acquisition instruction has been received. An individual message acquisition request including (token) is transmitted to the EMM server 7B, and an individual message (EMM individual message) is acquired.
The individual message acquisition unit 163 includes, as information necessary for generating an EMM individual message, an identifier of the security module (CA module ID) and an identifier for identifying the content distribution provider for each conditional access method (provider identification). Is added to the individual message acquisition request.
The individual message acquisition unit 163 outputs the acquired EMM individual message to the security module 19B.

The individual message acquisition unit 163 may be operated by a program input from the outside. For example, the individual message acquisition instruction receiving unit 162 receives an individual message acquisition instruction program described in a script language from the service providing server 3B and executes the program, thereby causing the computer to function as the individual message acquisition unit 163. It is also possible to make it.
In that case, the individual message acquisition instruction receiving unit 162 may be operated at the timing at which the individual message acquisition instruction program is acquired via the communication unit 10.

  In addition, although the individual message acquisition instruction program is not illustrated in FIG. 17, the individual message acquisition instruction program may be received by the broadcast wave receiving unit 17 via the broadcast wave. In that case, the individual message acquisition instruction receiving means 162 may operate the program at the timing when the individual message acquisition instruction is received via the broadcast wave receiving means 17.

  The separation means 18B is basically the same as the separation means 18 described in FIG. 2, but when an EMM common message is multiplexed on the multiplexed broadcast signal received by the broadcast wave reception means 17, the EMM common The message is output to the EMM common message processing means 24.

  The security module 19B performs output control of the scramble key Ks that scrambles the content and display control of a message displayed on the screen. The security module 19B may be realized by a hardware device (removable device) that can be attached to and detached from the limited reception device 1 main body such as an IC card, or may be incorporated in the limited reception device 1B main body.

  Here, the security module 19B includes a master key storage unit 190, an EMM / ECM processing unit 191 and an EMM individual message processing unit 192. In the security module 19B, individual identifiers (CA module IDs) are set in advance in storage means (not shown). The master key storage unit 190 and the EMM / ECM processing unit 191 have the same configuration as that of the conditional access apparatus 1 described with reference to FIG.

The EMM individual message processing means 192 controls display of the message by the EMM common message distributed by the broadcast wave and separated by the separation means 18B, and the EMM individual message distributed by communication and acquired by the EMM acquisition processing means 16B. Is what you do.
Here, the EMM individual message processing unit 192 includes an individual message processing unit 192a and a message control information storage unit 192b.

The individual message processing unit 192a extracts message control information for controlling display of the message from the EMM individual message acquired by the EMM acquisition processing unit 16B. The individual message processing unit 192a encrypts the master key Km stored in the master key storage unit 190 when the area including the message control information is encrypted (the encryption unit in FIG. 18). The message control information is extracted.
The individual message processing unit 192a writes and stores the extracted message control information in the message control information storage unit 192b.

The message control information storage unit 192b stores the message control information extracted by the individual message processing unit 192a, and is a storage medium such as a semiconductor memory.
This message control information is information for controlling whether or not to display a message body distributed in the EMM common message. For example, if the value of the message control information is 0x0000, it means that the message is erased, and if it is any other value, it means the ID (message number) of the message delivered in the EMM common message.

The display means 22B synthesizes the message output from the EMM common message processing means 24 on the video reproduced from the display signal decoded by the decoder 21.
When the message is input from the EMM common message processing unit 24, the display unit 22B synthesizes the message so as to be superimposed on a predetermined (or designated) position of the video and inputs the message deletion. , Stop composing messages.

The EMM common message processing means 24 controls the output of the message code body included in the EMM common message distributed by broadcasting by the message control information stored in the message control information storage means 192b.
This EMM common message is a message distributed to all conditional access apparatuses 1B, and is defined in ARIB STD-B25 in the format shown in FIG.
Note that the details of the contents of the EMM common message are the same as those defined in STB-B25 of ARIB. Therefore, the description is omitted here, but the message number is set in the EMM message section header and is variable. The message code body is arranged in the section.

  When the message control information stored in the message control information storage unit 192b matches the message number, the EMM common message processing unit 24 outputs the message code body to the display unit 22B as a message to be combined with the content. If the message control information stored in the message control information storage unit 192b is a value indicating message deletion, the currently displayed message is deleted.

  By configuring the conditional access device 1B as described above, the conditional access device 1B allows the contractor to register with the authorization server 5 as a contractor even when requesting content viewing from a plurality of service providing servers 3B. Then, according to the authorization information issued by the authorization server 5, the EMM (individual information) and the EMM individual message can be acquired from the EMM server 7B, and the content can be descrambled and the message display can be controlled. it can.

[Service providing server configuration]
Next, the configuration of the service providing server 3B will be described with reference to FIG.
As shown in FIG. 20, the service providing server 3B includes a communication unit 30, a storage unit 31B, and a control unit 32B. The communication means 30 is the same as the communication means 30 described in FIG.

  The storage unit 31B stores various data held in the service providing server 3B. The storage means 31B is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 31B includes a client information storage unit 310 and a content information storage unit 311B. The client information storage unit 310 is the same as that described in FIG.

  The content information storage unit 311B is information for identifying content received by the conditional access device 1B, and stores content information managed in advance by the service providing server 3B. For example, as shown in FIG. 21, the content information includes an organization channel (channel) that distributes the content, content identification that is an identifier unique to the content, and an identifier that identifies an operator that distributes the content. This is information in which person identification is associated with the presence or absence of a message.

The control means 32B controls the operation of the service providing server 3B. The control means 32B can be realized by a general hardware configuration such as a CPU, RAM, ROM. Here, the control unit 32B includes a viewing request reception unit 320, an authorization acquisition unit 321 and an EMM acquisition instruction unit 322B. This control means 32B can operate a computer (CPU) as a program (Web application) that functions as each of these means.
The viewing request receiving unit 320 and the authorization obtaining unit 321 have the same configuration as the service providing server 3 described with reference to FIG.

The EMM acquisition instruction unit 322B sends an instruction (EMM acquisition instruction, individual message acquisition instruction) to the effect that an EMM (individual information) or an EMM individual message is acquired from the EMM server 7B via the communication unit 30. To send to.
Here, the EMM acquisition instruction unit 322B includes an individual information acquisition instruction transmission unit 322a and an individual message acquisition instruction transmission unit 322b.

  The individual information acquisition instruction transmission unit 322a instructs the conditional access apparatus 1B that has been notified of the authorization response by the authorization acquisition unit 321 to acquire EMM (individual information). The individual information acquisition instruction transmission unit 322a is the same as the EMM acquisition instruction unit 322 of the service providing server 3 described with reference to FIG.

The individual message acquisition instruction transmission unit 322b instructs the conditional access apparatus 1B to acquire an EMM individual message.
The individual message acquisition instruction transmission unit 322b transmits an instruction to acquire an EMM individual message (individual message acquisition instruction) from the EMM server 7B to the conditional access apparatus 1B via the communication unit 30. This individual message acquisition instruction is, for example, a program (individual message acquisition instruction program) written in a script language. This individual message acquisition instruction program includes information necessary for generating an EMM individual message (security module identifier [CA module ID], operator identification, etc.) and authorization information acquired by the conditional access device 1B. The operation for notifying the authorization server 5 as an individual message acquisition request is described.

  By configuring the service providing server 3B as described above, the service providing server 3B allows the conditional access device 1B to receive authorization information from the authorization server 5 when a content viewing request is received from the conditional access device 1B. To obtain an EMM or EMM individual message that is a license for viewing content from the EMM server 7B.

[Configuration of EMM server]
Next, the configuration of the EMM server 7B will be described with reference to FIG.
As shown in FIG. 22, the EMM server 7B includes a communication unit 70, a storage unit 71B, and a control unit 72B. The communication means 70 is the same as the communication means 70 described in FIG.

  The storage unit 71B stores various data held in the EMM server 7B. The storage unit 71B is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 71B includes a master key storage unit 710, a work key storage unit 711, and a message control information storage unit 712. The master key storage unit 710 and the work key storage unit 711 are the same as those described with reference to FIG.

The message control information storage unit 712 stores message control information for controlling message display in the conditional access apparatus 1B. Here, as shown in FIG. 23, the message control information storage unit 712 includes an operator identification that is an identifier for identifying an operator that distributes content, a contract type that indicates the type of contract, and message control information. Store in association with each other.
For example, the value of message control information (for example, 0x0000) indicating message deletion is associated with a value indicating the contract type (for example, 0x01) indicating the contract type for which the viewing contract has been made, and a viewing contract is made. A message number value (for example, 0x0010) of a message distributed as an EMM common message is stored in association with a value (for example, 0x00) indicating no contract type. In addition to the presence / absence of the contract, the contract type changes the message presented for each member type, such as “member type 1 (premium)”, “member type 2 (normal)”, or deletes the message display. It is good also as classification information for.

The control means 72B controls the operation of the EMM server 7B. The control means 72B can be realized by a general hardware configuration such as a CPU, RAM, ROM. Here, the control unit 72B includes an EMM acquisition request reception unit 720B, an authorization information confirmation unit 721, an EMM generation unit 722B, and an EMM transmission unit 723B.
The authorization information confirmation unit 721 has the same configuration as the EMM server 7 described with reference to FIG.

The EMM acquisition request receiving unit 720B receives an EMM acquisition request and an individual message acquisition request from the conditional access apparatus 1B via the communication unit 70.
Here, the EMM acquisition request receiving unit 720B includes an individual information acquisition request receiving unit 720a and an individual message acquisition request receiving unit 720b.

  The individual information acquisition request receiving unit 720a receives an EMM (individual information) acquisition request from the conditional access apparatus 1B via the communication unit 70. The individual information acquisition request receiving unit 720a is the same as the EMM acquisition request receiving unit 720 of the EMM server 7 described in FIG.

The individual message acquisition request receiving unit 720b receives an individual message acquisition request from the conditional access apparatus 1B via the communication unit 70.
The individual message acquisition request receiving unit 720b outputs the authorization information included in the individual message acquisition request to the authorization information confirmation unit 721, and generates an EMM individual message that is also included in the individual message acquisition request. Necessary information (CA module ID, business operator identification, etc.) is output to the EMM generation means 722B.

The EMM generation unit 722B generates an EMM or an EMM individual message based on the authorization information issued by the authorization server 5.
Here, the EMM generation unit 722B includes an individual information generation unit 722a and an individual message generation unit 722b.

  The individual information generating unit 722 a generates EMM (individual information) based on the authorization information issued by the authorization server 5. The individual information generating unit 722a is the same as the EMM acquisition request receiving unit 720 of the EMM server 7 described in FIG.

The individual message generation unit 722 b generates an EMM individual message based on the authorization information issued by the authorization server 5. Specifically, the individual message generation unit 722b receives the contract information output from the authorization information confirmation unit 721 (here, the contract type indicating the type of permission) and the operator identification output from the EMM acquisition request reception unit 720B. Is read from the message control information storage unit 712, and an EMM individual message including the message control information is generated. Note that the detailed data structure of this EMM individual message is defined in ARIB STD-B25, and therefore the description thereof is omitted here.
The EMM generation unit 722B outputs the generated EMM individual message to the EMM transmission unit 723B.

  The EMM transmission unit 723B transmits the EMM generated by the EMM generation unit 722B to the conditional access apparatus 1B that has transmitted the EMM acquisition request via the communication unit 70, and the EMM individual message generated by the EMM generation unit 722B. The message is transmitted via the communication means 70 to the conditional access apparatus 1B that has transmitted the individual message acquisition request. However, the EMM transmission unit 723B does not transmit the EMM or the EMM individual message if the permission is not obtained (unauthorized) in the viewing permission confirmation result (authorized / unauthorized) in the authorization information confirming unit 721. I will do it.

  By configuring the EMM server 7B as described above, the EMM server 7B can be used for individual content viewing only by the conditional access apparatus 1B that is authorized to view the content according to the authorization information issued by the authorization server 5. The EMM or EMM individual message that is the license of the EMM can be transmitted.

By configuring the conditional access system S _B as described above, conditional access system S _B are collectively manage the contract's in the authorization server 5, the content of the plurality of the content distribution service provider distributes, An individual license (EMM) and an individual message (EMM individual message) can be provided to the conditional access apparatus 1B from one EMM server 7B.

[Operation of conditional access system]
Next, (the configuration, FIG. 1 as appropriate, 17, 20, see FIG. 22) Referring to FIG. 24 to be described the operation of the conditional access system _{S B} of the second embodiment.
The operation from step S10 to step S22, that is, after the conditional access device 1B requests the service providing server 3B for the content viewing service, the service providing server 3B authorizes the conditional access device 1B by the authorization server 5. The operation up to confirming that this has been done is the same as that of the conditional access system S described with reference to FIG.
Hereinafter, the operation after step S22 will be described.

After step S22, the service providing server 3B transmits an instruction to acquire the EMM individual message (individual message acquisition instruction) to the conditional access apparatus 1B by the individual message acquisition instruction transmission unit 322b of the EMM acquisition instruction unit 322B. (Step S23B).
Then, the conditional access apparatus 1B receives the individual message acquisition instruction transmitted from the service providing server 3B by the individual message acquisition instruction reception unit 162 of the EMM acquisition processing unit 16B (step S24B), and the individual message acquisition unit 163 An individual message acquisition request to which the authorization information (token) stored in the authorization information storage unit 15 is added is transmitted to the EMM server 7B (step S25B).

Further, the EMM server 7B receives the individual message acquisition request transmitted from the conditional access device 1B by the individual message acquisition request reception unit 720b of the EMM acquisition request reception unit 720B (step S26B). Then, the EMM server 7B transmits an authorization information inquiry including the token indicating the authorization information added to the individual message acquisition request to the authorization server 5 by the authorization information confirmation unit 721 (S27B).
Thereafter, the operation until the EMM server 7B receives the substance of the authorization information from the authorization server 5 is the same as the operation described in FIG. 16 (steps S28 to S30).

Then, the EMM server 7B uses the individual message generation unit 722b of the EMM generation unit 722B to include the CA module ID, the operator identification, etc. included in the individual message acquisition request received in step S26B, and the authorization information received in step S30. The EMM individual message is generated based on the contract information (contract type indicating the type of permission) included in (step S31B). Then, the EMM server 7B transmits the EMM individual message generated in step S31B to the conditional access device 1B by the EMM transmission unit 723B (step S32B).
Then, the conditional access apparatus 1B receives the EMM individual message transmitted from the EMM server 7B by the individual message acquisition unit 163 of the EMM acquisition processing unit 16B (step S33B).

Then, the conditional access device 1B processes the EMM individual message received from the EMM server 7B in the security module 19B (step S34B).
Specifically, the conditional access apparatus 1B uses the individual message processing unit 192a of the security module 19B to extract message control information for controlling the display of the message from the EMM individual message, and writes and stores it in the message control information storage unit 192b. To do.
In the security module 19B, when the EMM individual message is acquired by broadcasting, the operation is the same as when the EMM individual message is acquired by communication. As a result, the present invention can be realized by coexisting with the distribution of the existing EMM individual message.

  When the conditional access apparatus 1B receives the EMM common message by broadcasting, the message control body 24 stores the message code body included in the EMM common message in the message control information storage unit 192b by the EMM common message processing unit 24. Output control is performed according to the information (step S35B).

As described above, conditional access system S _B are collectively manage the contract's in the authorization server 5, based on the authorization information issued from the authorization server 5, from one EMM server 7B, individual messages (EMM individual message) can be provided to the conditional access apparatus 1B.
Here, although the authorization response transmitted from the authorization server 5 to the conditional access apparatus 1B in step S18 is a token of authorization information, it may be the substance of authorization information. In that case, since the substance of the authorization information is included in the individual message acquisition request in step S26B, the operations in steps S27B to S30 may be omitted.

«Third embodiment»
[Configuration of conditional access system]
Next, referring to FIG. 25, the configuration of the conditional access system S _C of the third embodiment. In the second embodiment, the conditional access system S is configured as a system that distributes EMMs that are licenses for viewing content and EMM individual messages that are individual messages. The third embodiment is a system to which a function for distributing a license (DRM license) used in DRM (Digital Rights Management) technology known as a mechanism for protecting copyright of digital contents is added in addition to EMM.

The conditional access system _{S C} has a limited reception apparatus 1C, and the service providing server 3C, and authorization server 5, and the EMM server 7B, and a DRM server 9, configured by connecting a communication line N, from the transmission device 1000 The content distributed by broadcasting is limitedly received by the conditional access device 1C. Further, conditional access system S _C are those that can be viewed by the contract conditions the content delivered by communication from a content distribution server which is not shown, to the normal subscriber in the conditional access apparatus 1C.

Since the authorization server 5 and the transmission apparatus 1000 have the same configuration as in the first embodiment, and the EMM server 7B has the same configuration as in the second embodiment, description thereof is omitted.
The conditional access device 1C is obtained by adding a function of acquiring a DRM license and decrypting the content protected (encrypted) by the DRM to the conditional access device 1B of the second embodiment.

  The service providing server 3C is obtained by adding a service function for controlling distribution of a DRM license of content encrypted by the DRM method to the service providing server 3B of the second embodiment.

Based on the authorization information issued by the authorization server 5 that is notified from the service providing server 3C via the conditional access device 1C, the DRM server 9 provides the contractor (the conditional access device 1C) with the right to view the content. A license (DRM license) is issued.
Hereinafter, the configurations of the conditional access apparatus 1C, the service providing server 3C, and the DRM server 9 different from the first embodiment and the second embodiment will be sequentially described.

[Configuration of conditional access device]
First, the configuration of the conditional access apparatus 1C will be described with reference to FIG.
As shown in FIG. 26, the conditional access apparatus 1C includes a communication unit 10, an operation unit 11, a viewing request unit 12, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14, and an authorization information storage unit. 15, EMM acquisition processing means 16B, broadcast wave receiving means 17, separation means 18B, security module 19B, descrambler 20, decoder 21B, display means 22B, contract information acquisition means 23, and EMM common A message processing unit 24, a DRM license acquisition processing unit 25, an encrypted content acquisition unit 26, and a content decryption unit 27 are provided.

  The configuration other than the decoder 21B, the DRM license acquisition processing unit 25, the encrypted content acquisition unit 26, and the content decryption unit 27 is the same as the limited reception device 1 described in FIG. 2 and the limited reception device 1B described in FIG. Therefore, the description is omitted.

The decoder 21B decodes the content descrambled by the descrambler 20 (encoded content) or the content decoded by the content decoding means 27 (encoded content) according to a predetermined encoding format, and displays the display signal. Is to be generated.
The decoder 21B outputs the generated display signal to the display means 22.

When receiving a license acquisition instruction (DRM license acquisition instruction) for instructing acquisition of a DRM license from the service providing server 3C, the DRM license acquisition processing means 25 transmits a license request including authorization information to the DRM server 9, A license (DRM license) is acquired.
This DRM license is information including permission conditions (for example, expiration date) for viewing content protected by digital rights management (DRM), and is used for the contracted conditional access apparatus 1C and contractors. Encrypted with the key (master key) given.
Here, the DRM license acquisition processing unit 25 includes a DRM license acquisition instruction receiving unit 250 and a DRM license acquisition unit 251.

  The DRM license acquisition instruction receiving unit 250 receives a license acquisition instruction for instructing acquisition of a DRM license from the service providing server 3 </ b> C via the communication unit 10. The DRM license acquisition instruction receiving unit 250 notifies the DRM license acquisition unit 251 that the license acquisition instruction has been received.

The DRM license acquisition unit 251 acquires the license including the authorization information (token) stored in the authorization information storage unit 15 at the timing when the DRM license acquisition instruction reception unit 250 is notified that the license acquisition instruction has been received. A request is transmitted to the DRM server 9 to acquire a DRM license.
Note that the DRM license acquisition unit 251 includes, as information necessary for generating a DRM license, an identifier (content ID) that identifies content and an identifier (contract) that identifies a master key stored in the master key storage unit 270. The user ID etc.) is added to the license acquisition request.
The DRM license acquisition unit 251 outputs the acquired DRM license to the content decryption unit 27.

The DRM license acquisition unit 251 may be operated by a program input from the outside. For example, the DRM license acquisition instruction receiving unit 250 receives a DRM license acquisition instruction program described in a script language from the service providing server 3C, and executes the program, thereby causing the computer to function as the DRM license acquisition unit 251. It is also possible to make it.
In that case, the DRM license acquisition instruction receiving unit 250 may operate at the timing when the DRM license acquisition instruction program is acquired via the communication unit 10.

  Further, although not shown in FIG. 26, the DRM license acquisition instruction program may be received by the broadcast wave receiving means 17 via the broadcast wave. In that case, the DRM license acquisition instruction receiving unit 250 may operate the program at the timing when the license acquisition instruction is received via the broadcast wave receiving unit 17.

  The encrypted content acquisition unit 26 acquires encrypted content via a communication unit 10 from a content distribution server (which may be the service providing server 3C) (not shown). The encrypted content acquisition unit 26 acquires, for example, a list of content from a content distribution server (not shown), displays the content list on the display screen by the display unit 22, and displays the content selected by the contractor by the operation unit 11. Request and obtain from the distribution server. The acquired encrypted content is output to the content decrypting means 27.

The content decryption unit 27 decrypts the encrypted content acquired by the encrypted content acquisition unit 26 using the DRM license acquired by the DRM license acquisition unit 251 and functions as a DRM client.
Here, the content decryption unit 27 includes a master key storage unit 270, a license decryption unit 271, a permission condition storage unit 272, and an encrypted content decryption unit 273.

  The master key storage unit 270 stores a key (master key) given to the device of the conditional access apparatus 1C and the contractor who have completed the content viewing contract, and is a general storage medium such as a semiconductor memory. . Here, the master key storage unit 270 stores a master key given in advance by a contract in association with a contractor ID or device ID for identifying the key. In order to prove the validity of the contractor ID and the device ID to the DRM server 9, for example, an electronic certificate is also stored. Here, the device refers to an identification unit of the conditional access apparatus 1C managed for each manufacturer, model, lot or the like of the conditional access apparatus 1C. Note that the master key (and the contractor ID and device ID) may be distributed off-line from the content distribution company or on-line.

The license decryption unit 271 decrypts the DRM license acquired by the DRM license acquisition unit 251 with the master key stored in the master key storage unit 270, and extracts the content key Kc obtained by encrypting the content and the permission condition. Is.
The license decryption unit 271 outputs the extracted content key Kc to the encrypted content decryption unit 273, and writes and stores the extracted permission condition in the permission condition storage unit 272.

The permission condition storage means 272 stores the permission conditions extracted by the license decryption means 271 and is a storage medium such as a semiconductor memory.
This permission information is a viewing condition of the content given to the contractor by contract, and is, for example, an expiration date.

  By configuring the conditional access apparatus 1C as described above, the conditional access apparatus 1C allows the contractor to register with the authorization server 5 as a contractor even when requesting content viewing from a plurality of service providing servers 3C. Then, based on the authorization information issued by the authorization server 5, an EMM or EMM individual message is obtained from the EMM server 7B, a DRM license is obtained from the DRM server 9, and the content is descrambled (decrypted). ) And message display control.

[Service providing server configuration]
Next, the configuration of the service providing server 3C will be described with reference to FIG.
As illustrated in FIG. 27, the service providing server 3C includes a communication unit 30, a storage unit 31C, and a control unit 32C. The communication means 30 is the same as the communication means 30 described in FIG.

  The storage unit 31C stores various data held in the service providing server 3C. The storage unit 31C is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 31C includes a client information storage unit 310 and a content information storage unit 311C. The client information storage unit 310 is the same as that described in FIG.

The content information storage unit 311C is information for identifying content received by the conditional access device 1C, and stores content information managed in advance by the service providing server 3C. For example, as shown in FIG. 28, the content information includes an organization channel (channel) that distributes content, content identification that is an identifier unique to the content, and an identifier that identifies an operator that distributes the content. This is information in which the user identification, the protection method indicating the content license type, and the presence / absence of a message are associated with each other.
Note that there are a plurality of DRMs (DRM-A, DRM-B, etc.) as shown in FIG.

The control unit 32C controls the operation of the service providing server 3C. The control unit 32C can be realized by a general hardware configuration such as a CPU, a RAM, and a ROM. Here, the control unit 32C includes a viewing request reception unit 320, an authorization acquisition unit 321, an EMM acquisition instruction unit 322B, and a license acquisition instruction unit 323. This control means 32C can operate a computer (CPU) as a program (Web application) that functions as each of these means.
The viewing request receiving unit 320, the authorization acquisition unit 321 and the EMM acquisition instruction unit 322B have the same configuration as the service providing server 3 described in FIG. 5 and the service providing server 3B described in FIG. .

The license acquisition instruction unit 323 instructs the conditional access apparatus 1C to acquire a DRM license.
The license acquisition instruction unit 323 transmits an instruction to acquire a DRM license (license acquisition instruction) from the DRM server 9 via the communication unit 30 to the conditional access apparatus 1C. This license acquisition instruction is, for example, a program (DRM license acquisition instruction program) written in a script language. This DRM license acquisition instruction program licenses information necessary for generating a DRM license (identifier for specifying content [content ID]) and the authorization information acquired by the conditional access apparatus 1C to the authorization server 5. The operation to be notified as an acquisition request is described.

  By configuring the service providing server 3C as described above, the service providing server 3C allows the conditional access device 1C to receive authorization information from the authorization server 5 when there is a content viewing request from the conditional access device 1C. To obtain an EMM or an EMM individual message from the EMM server 7B, or obtain a DRM license from the DRM server 9.

[Configuration of DRM server]
Next, the configuration of the DRM server 9 will be described with reference to FIG.
As shown in FIG. 29, the DRM server 9 includes a communication unit 90, a storage unit 91, and a control unit 92.

  The communication means 90 communicates with the conditional access apparatus 1C and the authorization server 5 using a predetermined protocol such as TCP / IP. The communication unit 90 can be realized by a NIC, for example.

  The storage unit 91 stores various data held in the DRM server 9. The storage unit 91 is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 91 includes a content key storage unit 910 and a master key storage unit 911. These storage units may be configured as individual storage media, or may be configured to store in different storage areas with one storage medium.

  The content key storage unit 910 stores a key (content key) obtained by encrypting content. Here, the content key storage unit 910 stores the content key (Kc) in association with the content identification (content ID) as shown in FIG.

The master key storage unit 911 stores a key (master key) previously given to the contracted limited receiving device 1C and the contractor. Here, as shown in FIG. 31, the master key storage unit 911 stores the master key Km and the identifier (contractor ID) associated with the contracted conditional access apparatus 1C (contractor) in association with each other. Here, an example is shown in which the contract unit is the contractor and the master key is associated with the contractor ID. However, if the contract unit is a device (limited reception device 1C), the master key is associated with the device ID. Also good. In addition, in order to authenticate the validity of the device of the contractor or the conditional access apparatus 1C, in order to verify the certificate when the electronic certificate is distributed to each contractor or each device (the limited reception apparatus 1C). The verification key is also stored.
Note that the contractor ID (or device ID) and master key stored in the master key storage unit 911 are obtained by obtaining and setting information registered in the contractor in the authorization server 5 in advance.

  The control unit 92 controls the operation of the DRM server 9. The control unit 92 can be realized by a general hardware configuration such as a CPU, a RAM, and a ROM. Here, the control unit 92 includes a license acquisition request reception unit 920, an authorization information confirmation unit 921, a license generation unit 922, and a license transmission unit 923.

The license acquisition request receiving unit 920 receives a license acquisition request from the conditional access apparatus 1C via the communication unit 90.
The license acquisition request receiving unit 920 outputs the authorization information included in the license acquisition request to the authorization information confirmation unit 921 as information necessary for generating the DRM license that is also included in the license acquisition request. An identifier (content ID) for identifying the content is output to the license generation unit 922.

The authorization information confirmation unit 921 refers to the authorization information output from the license acquisition request reception unit 920 and confirms whether viewing is permitted by a contract. The viewing permission confirmation result (authorized / unauthorized) is output to the license transmission unit 923, and is used to determine whether or not to transmit a license (DRM license). Of the authorization information, the contract information (for example, expiration date) and the contractor ID are output to the license generation unit 922.
When the authorization information output from the license acquisition request receiving unit 920 is the authorization information indicated by the token, the authorization information confirmation unit 921 sends the authorization information including the token to the authorization server 5 via the communication unit 90. Make an inquiry. Then, the authorization information confirmation unit 921 acquires the authorization information entity corresponding to the token from the authorization server 5.

The license generation unit 922 generates a license (DRM license) based on the authorization information issued by the authorization server 5. Specifically, the license generation unit 922 outputs the content key Kc stored in the content key storage unit 910 specified by the content ID output from the license acquisition request reception unit 920 and the authorization information confirmation unit 921. The DRM license is generated by encrypting the license condition, which is the contract information, with the master key stored in the master key storage unit 911 corresponding to the contractor ID output from the authorization information confirmation unit 921. The contractor ID may be authenticated by an electronic certificate or the like by an authentication unit (not shown).
The license generation unit 922 outputs the generated DRM license to the license transmission unit 923.

  The license transmission unit 923 transmits the DRM license generated by the license generation unit 922 via the communication unit 90 to the conditional access apparatus 1C that has transmitted the license acquisition request. However, it is assumed that the license transmission unit 923 does not transmit a license if the permission is not obtained (unauthorized) in the viewing permission confirmation result (authorized / unauthorized) in the authorization information confirming unit 921.

  By configuring the DRM server 9 as described above, the DRM server 9 allows the DRM for viewing content only to the conditional access device 1C that is authorized to view the content according to the authorization information issued by the authorization server 5. License can be sent.

By configuring the conditional access system S _C As described above, conditional access system S _C is collectively manage the contract's in the authorization server 5, the content of the plurality of the content distribution service provider distributes, An individual license (DRM license) can be provided from the DRM server 9 to the conditional access apparatus 1C.
Here, the function of distributing the DRM license is added to the configuration of the second embodiment, but the function of distributing the DRM license may be added to the configuration of the first embodiment.

[Operation of conditional access system]
Next, (for configuration, as appropriate view 25, 26, 27, see FIG. 29) Referring to FIG. 32 to be described the operation of the conditional access system _{S C} of the third embodiment.
The operation from step S10 to step S22, that is, after the conditional access apparatus 1C requests the service providing server 3C for the content viewing service, the service providing server 3C authorizes the conditional access apparatus 1C by the authorization server 5. The operation up to confirming that this has been done is the same as that of the conditional access system S described with reference to FIG.
Hereinafter, the operation after step S22 will be described.

After step S22, the service providing server 3C transmits an instruction to acquire a DRM license (license acquisition instruction) to the conditional access apparatus 1C by the license acquisition instruction unit 323 (step S23C).
The conditional access apparatus 1C receives the license acquisition instruction transmitted from the service providing server 3C by the DRM license acquisition instruction receiving means 250 of the DRM license acquisition processing means 25 (step S24C), and the DRM license acquisition means 251 A license acquisition request to which the authorization information (token) stored in the authorization information storage unit 15 is added is transmitted to the DRM server 9 (step S25C).

Further, the DRM server 9 receives the license acquisition request transmitted from the conditional access apparatus 1C by the license acquisition request receiving unit 920 (step S26C). Then, the DRM server 9 transmits an authorization information inquiry including a token indicating the authorization information added to the license acquisition request to the authorization server 5 by the authorization information confirmation unit 921 (S27C).
Thereafter, the operation until the DRM server 9 receives the substance of the authorization information from the authorization server 5 is the same as the operation described in FIG. 16 (steps S28 to S30).

Then, the DRM server 9 uses the license generation unit 922 to include the content ID included in the license acquisition request received in step S26C and the contract information (licensing conditions) included in the authorization information received in step S30. Thus, a license (DRM license) is generated (step S31C). Then, the DRM server 9 transmits the license generated in step S31C to the conditional access device 1C by the license transmission unit 923 (step S32C).
Then, the conditional access apparatus 1C receives the license transmitted from the DRM server 9 by the DRM license acquisition unit 251 (step S33C).

Then, the conditional access apparatus 1C processes (license processing) the license received from the DRM server 9 within the content decrypting means 27 (step S34C).
Specifically, the conditional access apparatus 1C uses the license decryption unit 271 of the content decryption unit 27 to decrypt the DRM license with the master key Km stored in the master key storage unit 270, and the content key Kc, the permission condition, Is extracted, and the permission condition is written and stored in the permission condition storage means 272.

Then, the conditional access apparatus 1C acquires the encrypted content by the encrypted content acquisition unit 26, and performs the decryption process of the encrypted content (step S35C).
Specifically, the conditional access apparatus 1C decrypts the encrypted content with the content key Kc extracted in step S34C by the encrypted content decryption unit 273 of the content decryption unit 27.
Thereafter, although illustration as a step is omitted, the conditional access apparatus 1C encodes and decodes the content decoded in step S35C by the decoder 21B, and visualizes and outputs the content by the display means 22.

As described above, conditional access system S _C is collectively manage the contract's in the authorization server 5, based on the authorization information issued by the authorization server 5, from the DRM server 9, the license (DRM license) It can be provided to the conditional access apparatus 1C.
Here, although the authorization response transmitted from the authorization server 5 to the conditional access apparatus 1C in step S18 is a token of authorization information, it may be an entity of authorization information. In that case, since the actual license information is included in the license acquisition request in step S26C, the operations in steps S27C to S30 may be omitted.

<< Fourth Embodiment >>
[Configuration of conditional access system]
Next, the configuration of the conditional access system _SD of the fourth embodiment will be described with reference to FIG. The conditional access system _SD adds the information processing device 2000 to the configuration of the third embodiment, acquires the authorization information issued by the authorization server 5 by the information processing device 2000, and transfers it to the conditional access device 1C. is there.

Here, as shown in FIG. 33, conditional access system S _D, the information in the conditional access system S _{C (see} FIG. 25) via the access point of the communication line N the (AP), performs data communication wirelessly A processing apparatus 2000 is further provided.
The information processing apparatus 2000 (authorization information transfer apparatus) acquires the authorization information for the content to be viewed from the authorization server 5 and transfers it to the conditional access apparatus 1C.
Hereinafter, the configuration of the information processing apparatus 2000 will be described.

[Configuration of information processing device]
As shown in FIG. 34, the information processing apparatus 2000 includes a communication unit 10, an operation unit 11B, a viewing request unit 12, an authorization information storage unit 15, a decoder 21B, a display unit 22, and a DRM license acquisition processing unit. 25, encrypted content acquisition means 26, content decryption means 27, and authorization information transfer means 28.
Since the configuration other than the operation unit 11B and the authorization information transfer unit 28 is the same as the internal configuration of the limited reception device 1 (1B, 1C) described in the first to third embodiments, the same reference numerals are given. The description is omitted.

The operation unit 11B receives an external input (for example, a touch operation) and performs an operation on the information processing apparatus 2000.
The operation unit 11B is a user interface for instructing contents to be viewed on the Web page provided by the service providing server 3, and inputting a contractor ID and password for contractor authentication, for example. .
Furthermore, the operation means 11B also specifies the conditional access apparatus 1C to which the authorization information is transferred after the authorization information is stored in the authorization information storage means 15.
For example, the operation unit 11B notifies the authorization information transfer unit 28 of the address of the selected limited reception device 1C by selecting the limited reception device 1C registered in advance.

The authorization information transfer unit 28 transmits the authorization information stored in the authorization information storage unit 15 via the communication unit 10 to the conditional access apparatus 1C designated by the operation unit 11B.
In this way, by configuring the information processing device 2000, when there are a plurality of conditional access devices 1C in the home, the information processing device 2000 once acquires authorization information, and the multiple conditional access devices 1C Authorization information can be used. As a result, it is possible to save the trouble of acquiring the authorization information in each conditional access apparatus 1C.

  Here, the information processing apparatus 2000 includes the DRM license acquisition processing means 25, the encrypted content acquisition means 26, and the content decryption means 27, so that the information processing apparatus 2000 itself can be viewed. Needless to say, if only the authorization information is transferred, the encrypted content acquisition unit 26 and the content decryption unit 27 may be omitted from the configuration.

Here, with reference to FIG. 26, description is added about the function of the conditional access apparatus 1C to which the authorization information is transferred.
Upon receiving the authorization information from the information processing apparatus 2000, the conditional access apparatus 1C writes and stores the authorization information in the authorization information storage unit 15 by the authorization information acquisition processing unit 14.
As a result, the conditional access device 1C does not need to obtain authorization information when requesting a license from the service providing server 3C.
Therefore, if the conditional access device 1C has already obtained the authorization information, the viewing request unit 12 adds a notification that the authorization information for the content to be viewed has been obtained, to the service providing server 3C. We will make a request.

When the service providing server 3C receives the service request (license acquisition request) for which the authorization information has been acquired, the service providing server 3C issues an EMM, an EMM individual message, and a DRM license acquisition instruction without making an authorization request to the authorization server 5. What is necessary is just to instruct | indicate to the conditional access apparatus 1C.
That is, in the operation described with reference to FIG. 32, when the conditional access apparatus 1C to which the authorization information has already been transferred makes a service request in step S10, by notifying that the authorization information has already been acquired, the steps from step S12 to step S12 are performed. The operation up to S22 is omitted.
Here, the information processing apparatus 2000 has been described as an example added to the configuration of the third embodiment. However, the information processing apparatus 2000 may be added in the first embodiment or the second embodiment. Not too long.

«Fifth embodiment»
[Configuration of conditional access system]
Next, with reference to FIG. 35, the configuration of the conditional access system S _E of the fifth embodiment. Conditional access system S _E from the configuration of the first embodiment, is constructed by omitting the service providing server 3.
The conditional access system S _E includes a limited reception apparatus 1D, the authorization server 5B, the EMM server 7, constituted by connecting a communication line N, limited reception apparatus 1D contents distributed by broadcast from the transmitting apparatus 1000 Limited reception. Since the EMM server 7 has the same configuration as that of the first embodiment, description thereof is omitted.
Hereinafter, the configurations of the conditional access device 1D and the authorization server 5B will be described.

[Configuration of conditional access device]
First, the configuration of the conditional access device 1D will be described with reference to FIG.
As shown in FIG. 36, the conditional access apparatus 1D includes a communication unit 10, an operation unit 11, a viewing request unit 12B, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14B, and an authorization information storage unit. 15, EMM acquisition processing means 16 C, broadcast wave receiving means 17, separation means 18 C, security module 19, descrambler 20, decoder 21, display means 22, and contract information acquisition means 23. .
The communication unit 10, the operation unit 11, the contractor authentication information transmission unit 13, the authorization information storage unit 15, the broadcast wave reception unit 17, the security module 19, the descrambler 20, the decoder 21, the display unit 22, and the contract information acquisition unit 23 Since it is the same structure as the conditional access apparatus 1 demonstrated in FIG. 1, description is abbreviate | omitted.

The viewing request unit 12B responds to the authorization information acquisition processing unit 14B from the authorization server 5B as a service request for viewing scrambled (encrypted) content according to the contract status of the contractor (the limited receiving device 1D). It is an instruction to obtain authorization information.
This viewing request means 12B obtains an authorization request instruction including information (content identification etc.) specifying the address of the authorization server 5B and content multiplexed in the broadcast wave from the separating means 18C, and obtains authorization information. Notify the processing means 14B.
Note that the viewing request unit 12B is instructed by the contractor to view the scrambled content via the operation unit 11 in the same manner as the conditional access apparatus 1 described with reference to FIG.

  The authorization information acquisition processing unit 14B acquires authorization information from the authorization server 5B. Here, the authorization information acquisition processing unit 14B includes an authorization request unit 140B and an authorization information receiving unit 141B.

The authorization request unit 140B requests authorization information for obtaining a license necessary for viewing desired content from the authorization server 5B by receiving an authorization request instruction from the viewing request unit 12B. Specifically, the authorization request unit 140B transmits an authorization request to the authorization server 5B specified by the address notified from the viewing request unit 12B.
This authorization request includes at least a license type (for example, “EMM: ch1: package1”) necessary for viewing the scrambled content.

  The authorization information receiving unit 141B receives an authorization response including authorization information from the authorization server 5B via the communication unit 10 as a response to the authorization request requested by the authorization request unit 140B. This authorization information receiving unit 141B is the same except that the function for notifying the service providing server 3 that the authorization response has been received is omitted from the authorization information receiving unit 141 described in FIG.

  The EMM acquisition processing unit 16 </ b> C acquires EMM (individual information) from the EMM server 7. Here, the EMM acquisition processing unit 16C includes an individual information acquisition instruction receiving unit 160B and an individual information acquisition unit 161. The individual information acquisition unit 161 has the same configuration as that of the conditional access apparatus 1 described with reference to FIG.

  The individual information acquisition instruction receiving unit 160B receives a control signal (EMM acquisition instruction) multiplexed with a broadcast wave and indicating an instruction to acquire EMM individual information. The individual information acquisition instruction receiving unit 160B notifies the individual information acquisition unit 161 that the EMM acquisition instruction has been received. The individual information acquisition instruction receiving means 160B may be instructed by the contractor via the operation means 11 for an EMM acquisition instruction.

  The separating unit 18C separates the multiplexed broadcast signal received by the broadcast wave receiving unit 17. This separation means 18C basically has the same function as the separation means 18 described in FIG. However, when the authorization request instruction is multiplexed on the multiplexed broadcast signal, the separating means 18C separates the authorization request instruction and outputs it to the viewing request means 12B. In addition, when the EMM acquisition instruction is multiplexed on the multiplexed broadcast signal, the separation unit 18C separates the EMM acquisition instruction and outputs it to the EMM acquisition processing unit 16C.

  By configuring the conditional access device 1D as described above, even if the conditional access device 1D is content provided by a different content provider, if the contractor registers the contractor in the authorization server 5B, Based on the authorization issued by the authorization server 5B, the EMM (individual information) can be acquired from the EMM server 7 to descramble the content.

[Authorization Server Configuration]
Next, the configuration of the authorization server 5B will be described with reference to FIG.
As shown in FIG. 37, the authorization server 5B includes a communication unit 50, a storage unit 51B, and a control unit 52B. The communication unit 50 has the same configuration as the authorization server 5 described in FIG.

The storage unit 51B stores various data held in the authorization server 5B. The storage means 51B is a general storage medium such as a hard disk or a semiconductor memory. Here, the storage unit 51B includes a contractor registration information storage unit 510 and an authorization information storage unit 511. That is, the storage unit 51B is obtained by omitting the client information storage unit 512 from the storage unit 51 of the authorization server 5 described in FIG.
The contents stored in the contractor registration information storage unit 510 and the authorization information storage unit 511 are the same as those in the authorization server 5 described with reference to FIG.

  The control means 52B controls the operation of the authorization server 5B. The control means 52B can be realized by a general hardware configuration such as a CPU, RAM, ROM. Here, the control unit 52B includes an authorization request receiving unit 520, a contractor authentication unit 521, an authorization determining unit 522, an authorization information issuing unit 523B, a contract information receiving unit 526, and an updating unit 527. The configuration other than the authorization information issuing unit 523B is the same as that of the authorization server 5 described in FIG.

The authorization information issuing unit 523B issues authorization information to the conditional access apparatus 1D that has made an authorization request.
The authorization information issuing unit 523B has the same function as the authorization information issuing unit 523 except that the client authentication is omitted from the authorization information issuing unit 523 described in FIG.

  By configuring the authorization server 5B as described above, the authorization server 5B collectively manages the contractor's contract information, and performs the contractor authentication when there is an authorization request from the conditional access device 1D. Therefore, it is possible to give permission for viewing license acquisition to the regular conditional access apparatus 1D.

[Operation of conditional access system]
Next, (for configuration, as appropriate view 35 through 37 refer) Referring to FIG. 38 to be described the operation of the conditional access system S _E of the fifth embodiment. Since this operation is the operation of the conditional access system S of the first embodiment described in FIG. 16 with the process for the service providing server omitted, only the difference will be described.

First, the conditional access device 1D receives the address of the authorization server 5B multiplexed on the broadcast wave by the viewing request unit 12B when the contractor is instructed to view the scrambled content via the operation unit 11. An authorization request instruction including information (content identification etc.) specifying the content is notified to the authorization request means 140B. Then, the conditional access apparatus 1D transmits a service request (authorization request) to the authorization server 5B specified by the address included in the authorization request instruction by the authorization request unit 140B (step S10B).
Then, the authorization server 5B receives the authorization request transmitted from the limited reception device 1D by the authorization request receiving unit 520 (step S15).

Thereafter, contractor authentication is performed between the conditional access apparatus 1D and the authorization server 5B in the same manner as in the first embodiment (steps S16A and S16B). When the authentication is correctly performed, the authorization server 5B issues the authorization information. The means 523B transmits an authorization response with authorization information (token indicating the authorization information) added to the conditional access apparatus 1D (step S18).
The conditional access apparatus 1D receives the authorization response transmitted from the authorization server 5B by the authorization information receiving unit 141B of the authorization information acquisition processing unit 14B, and authorizes the authorization information (token) added to the authorization response. The information is stored in the information storage unit 15 (step S20B).

Then, the conditional access apparatus 1D receives the EMM acquisition instruction multiplexed with the broadcast wave in the individual information acquisition instruction receiving unit 160B via the separating unit 18C (step S24D), and the individual information acquisition unit 161 An EMM acquisition request to which the authorization information (token) stored in the authorization information storage unit 15 is added is transmitted to the EMM server 7 (step S25).
The subsequent operation is the same as that of the conditional access system S of the first embodiment described in FIG.
As described above, conditional access system S _E is collectively manage the contract's in the authorization server 5B, from one EMM server 7, is possible to provide a separate license (EMM) to the conditional access apparatus 1D it can.

<< Sixth Embodiment >>
[Configuration of conditional access system]
Next, with reference to FIG. 35, the configuration of the conditional access system S _F of the sixth embodiment. Conditional access system S _F from the configuration of the second embodiment, is constructed by omitting the service providing server 3B.
The conditional access system S _F has a limited reception apparatus 1E, the authorization server 5B, the EMM server 7B, the communication line connected constituted by N, limited reception apparatus 1E contents distributed by broadcast from the transmitting apparatus 1000 Limited reception. The authorization server 5B has the same configuration as that of the fifth embodiment, and the EMM server 7B has the same configuration as that of the second embodiment.
Hereinafter, only the configuration of the conditional access apparatus 1E will be described.

[Configuration of conditional access device]
With reference to FIG. 39, the structure of the conditional access apparatus 1E is demonstrated.
As shown in FIG. 39, the conditional access apparatus 1E includes a communication unit 10, an operation unit 11, a viewing request unit 12B, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14B, and an authorization information storage unit. 15, EMM acquisition processing means 16D, broadcast wave receiving means 17, separation means 18D, security module 19B, descrambler 20, decoder 21, display means 22B, contract information acquisition means 23, and EMM common Message processing means 24.
Communication means 10, operation means 11, contractor authentication information transmission means 13, authorization information storage means 15, broadcast wave reception means 17, security module 19B, descrambler 20, decoder 21, display means 22B, contract information acquisition means 23 and The EMM common message processing means 24 has the same configuration as that of the conditional access apparatus 1B described with reference to FIG.
The viewing request unit 12B and the authorization information acquisition processing unit 14B have the same configuration as the conditional access apparatus 1D described with reference to FIG.

The EMM acquisition processing unit 16D acquires a message (EMM individual message) from the EMM server 7B in addition to the function of the EMM acquisition processing unit 16C (see FIG. 36).
Here, the EMM acquisition processing unit 16D includes an individual information acquisition instruction reception unit 160B, an individual information acquisition unit 161, an individual message acquisition instruction reception unit 162B, and an individual message acquisition unit 163. The individual information acquisition instruction receiving unit 160B has the same configuration as that of the limited reception device 1D described with reference to FIG. 36, and the individual information acquisition unit 161 has the same configuration as that of the limited reception device 1 described with reference to FIG. The means 163 has the same configuration as that of the conditional access apparatus 1B described with reference to FIG.

  The individual message acquisition instruction receiving unit 162B receives an individual message acquisition instruction instructing acquisition of a message (EMM individual message) multiplexed in a broadcast wave. The individual message acquisition instruction receiving unit 162B notifies the individual message acquisition unit 163 that the individual message acquisition instruction has been received.

  The separating means 18D separates the multiplexed broadcast signal received by the broadcast wave receiving means 17. This separation means 18D basically has the same function as the separation means 18C described in FIG. However, when the individual message acquisition instruction is multiplexed on the multiplexed broadcast signal, the separating unit 18D separates the individual message acquisition instruction and outputs it to the individual message acquisition instruction receiving unit 162B.

  As described above, by configuring the conditional access device 1E, the conditional access device 1E can register the contractor with the authorization server 5B even if the content is provided by a different content provider. According to the authorization information issued by the authorization server 5B, the EMM (individual information) and the EMM individual message can be acquired from the EMM server 7B, and content descrambling and message display control can be performed.

[Operation of conditional access system]
Next, (for configuration, appropriately Figure 40 reference) Referring to FIG. 40 to be described the operation of the conditional access system S _F of the sixth embodiment.
Here, the operations from step S10B to step S20B, that is, the operations from when the conditional access apparatus 1E requests authorization for content viewing to the authorization server 5B until receiving the authorization response, are described with reference to FIG. is the same as the operation of the receiving system S _E.

The conditional access apparatus 1E receives the individual message acquisition instruction multiplexed with the broadcast wave in the individual message acquisition instruction reception unit 162B via the separation unit 18D (step S24E). Then, an individual message acquisition request to which the authorization information (token) stored in the authorization information storage unit 15 is added is transmitted to the EMM server 7B (step S25B).
The subsequent operation is the same as the operation of the conditional access system S _B of the second embodiment described in FIG. 24, the description thereof is omitted.
As described above, conditional access system S _F is collectively manage the contract's at authorization server 5B, based on the authorization information issued from the authorization server 5B, from one EMM server 7B, individual messages (EMM individual message) can be provided to the conditional access apparatus 1E.

<< Seventh Embodiment >>
[Configuration of conditional access system]
Next, referring to FIG. 41, the configuration of the conditional access system S _G of the seventh embodiment. Conditional access system S _G from the configuration of the third embodiment, is constructed by omitting the service providing server 3C.
The conditional access system _{S G} has a limited reception apparatus 1F, the authorization server 5B, the content and the EMM server 7B, and a DRM server 9, configured by connecting a communication line N, distributed by broadcast from the transmitting apparatus 1000 Is received by the limited reception device 1F. The authorization server 5B has the same configuration as that of the fifth embodiment, and the EMM server 7B has the same configuration as that of the second embodiment.
Hereinafter, only the configuration of the conditional access apparatus 1F will be described.

[Configuration of conditional access device]
With reference to FIG. 42, the configuration of the conditional access apparatus 1F will be described.
As shown in FIG. 42, the conditional access apparatus 1F includes a communication unit 10, an operation unit 11, a viewing request unit 12B, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14B, and an authorization information storage unit. 15, EMM acquisition processing means 16D, broadcast wave receiving means 17, separation means 18E, security module 19B, descrambler 20, decoder 21B, display means 22B, contract information acquisition means 23, and EMM common A message processing unit 24, a DRM license acquisition processing unit 25B, an encrypted content acquisition unit 26, and a content decryption unit 27 are provided. The configuration other than the separating unit 18E and the DRM license acquisition processing unit 25B is the same as that of the limited reception device 1D described with reference to FIG. 26 and the limited reception device 1E described with reference to FIG.

  The separating unit 18E separates the multiplexed broadcast signal received by the broadcast wave receiving unit 17. This separation means 18E basically has the same function as the separation means 18D described in FIG. However, when the license acquisition instruction is multiplexed on the multiplexed broadcast signal, the separating unit 18E separates the license acquisition instruction and outputs it to the DRM license acquisition instruction receiving unit 250B.

The DRM license acquisition processing unit 25B acquires a license (DRM license) from the DRM server 9.
Here, the DRM license acquisition processing unit 25B includes a DRM license acquisition instruction receiving unit 250B and a DRM license acquisition unit 251. Since the DRM license acquisition unit 251 has the same configuration as that of the conditional access apparatus 1C described with reference to FIG.

  The DRM license acquisition instruction receiving unit 250B receives a license acquisition instruction (DRM license acquisition instruction) that is multiplexed with a broadcast wave and that instructs acquisition of a DRM license. The DRM license acquisition instruction receiving unit 250B notifies the DRM license acquisition unit 251 that the license acquisition instruction has been received. Note that the DRM license acquisition instruction receiving unit 250B may be instructed by the contractor via the operation unit 11 to issue a license acquisition instruction.

  As described above, by configuring the conditional access device 1F, the conditional access device 1F can be a content provided by a different content provider, if the contractor registers the contractor in the authorization server 5B. Based on the authorization information issued by the authorization server 5B, an EMM or EMM individual message is obtained from the EMM server 7B, or a DRM license is obtained from the DRM server 9, so that content descrambling (decryption) and message display control are performed. It can be performed.

[Operation of conditional access system]
Next, (for configuration, appropriately Figure 42 reference) Referring to FIG. 43 to be described the operation of the conditional access system S _G of the seventh embodiment.
Here, the operation from step S10B to step S20B, that is, the operation from when the conditional access device 1F requests authorization for content viewing to the authorization server 5B until receiving the authorization response, is the limited explained in FIG. is the same as the operation of the receiving system S _E.

Then, the conditional access apparatus 1F receives the license acquisition instruction multiplexed on the broadcast wave via the separating unit 18E in the DRM license acquisition instruction receiving unit 250B (step S24F), and the DRM license acquisition unit 251 A license acquisition request to which the authorization information (token) stored in the authorization information storage unit 15 is added is transmitted to the DRM server 9 (step S25C).
The subsequent operation is the same as the operation of the conditional access system S _C of the third embodiment described with reference to FIG. 32, the description thereof is omitted.
As described above, conditional access system S _G is collectively manage the contract's at authorization server 5B, on the basis of authorization information that authorization server 5B issues, from the DRM server 9, the license (DRM license) It can be provided to the conditional access apparatus 1F.

Above, conditional access system S _E of the fifth embodiment according to the seventh embodiment which does not constitute a service providing _server, S _F, have been described S _G, as in the fourth embodiment described with reference to FIG. 33, the authorization An information processing device (authorization information transfer device) for transferring information may be added to the communication line N.
In this case, the configurations other than the operation unit 11B and the authorization information transfer unit 28 of the information processing apparatus 2000 described in FIG. 34 are the same as those in the conditional access devices 1D, 1E, and 1F according to the fifth to seventh embodiments (FIG. 36, FIG. 39 and FIG. 42), and the authorization server 5 may be the authorization server 5B (FIG. 37).

Here, with reference to FIG. 36, the function of the conditional access apparatus 1D to which the authorization information is transferred will be described.
The conditional access apparatus 1D notified of the authorization information from the information processing apparatus 2000 writes and stores the authorization information in the authorization information storage means 15 by the authorization information acquisition processing means 14B. Then, the conditional access apparatus 1D may acquire the EMM, the EMM individual message, and the DRM license without making an authorization request to the authorization server 5B based on the authorization information.
The same applies to the conditional access devices 1E and 1F (FIGS. 39 and 42).

As described above, the conditional access systems S _E , S _F , and S _G (FIGS. 35 and 41) according to the fifth to seventh embodiments configured without the service providing server have been described. However, the service providing server is provided. However, the configuration without this is not limited to these.
In the fifth to seventh embodiments, the conditional access devices 1D, 1E, and 1F make an authorization request to the authorization server 5B at the timing of receiving the authorization request instruction notified via the broadcast wave. . However, this authorization request instruction may be instructed by the EMM server.
Hereinafter, the eighth embodiment will be described.

<< Eighth Embodiment >>
[Configuration of conditional access system]
Referring to FIG. 44, the configuration of the conditional access system S _H of the eighth embodiment.
Conditional access system S _H has a limited reception apparatus 1G, the authorization server 5B, the EMM server 7C, configured by connecting a communication line N, the limited reception apparatus 1G contents distributed by broadcast from the transmitting apparatus 1000 Allow limited reception. Since the authorization server 5B has the same configuration as that of the fifth embodiment, description thereof is omitted.
Hereinafter, configurations of the conditional access device 1G and the EMM server 7C will be described.

[Configuration of conditional access device]
With reference to FIG. 45, the configuration of the conditional access apparatus 1G will be described.
As shown in FIG. 45, the conditional access apparatus 1G includes a communication unit 10, an operation unit 11, a contractor authentication information transmission unit 13, an authorization information acquisition processing unit 14C, an authorization information storage unit 15, and an EMM acquisition process. Means 16E, broadcast wave reception means 17, separation means 18C, security module 19, descrambler 20, decoder 21, display means 22, and contract information acquisition means 23 are provided.
The configuration other than the authorization information acquisition processing unit 14C and the EMM acquisition processing unit 16E is the same as that of the conditional access apparatus 1D described with reference to FIG.

  The authorization information acquisition processing unit 14C acquires authorization information from the authorization server 5B. Here, the authorization information acquisition processing unit 14C includes an authorization request unit 140C and an authorization information receiving unit 141B.

The authorization request unit 140C has the same function as the authorization request unit 140 described with reference to FIG. 2 except that it receives an instruction (authorization request) to obtain authorization information from the EMM server 7C.
The authorization information receiving unit 141B has the same configuration as that of the conditional access apparatus 1D described with reference to FIG.

  The EMM acquisition processing means 16E acquires EMM (individual information) from the EMM server 7C. Here, the EMM acquisition processing unit 16E includes an individual information acquisition instruction receiving unit 160C and an individual information acquisition unit 161. The individual information acquisition unit 161 has the same configuration as that of the conditional access apparatus 1 described with reference to FIG.

  The individual information acquisition instruction receiving unit 160C indicates an instruction to acquire the EMM individual information multiplexed on the broadcast wave when instructed by the contractor via the operation unit 11 to receive the EMM acquisition instruction. A control signal (EMM acquisition instruction) is received. The individual information acquisition instruction receiving unit 160C notifies the individual information acquisition unit 161 that the EMM acquisition instruction has been received.

  By configuring the conditional access device 1G as described above, even if the conditional access device 1G is content provided by a different content provider, if the contractor registers the contractor in the authorization server 5B, Based on the authorization issued by the authorization server 5B, the EMM (individual information) can be acquired from the EMM server 7C to descramble the content.

[Configuration of EMM server]
Next, the configuration of the EMM server 7C will be described with reference to FIG.
As illustrated in FIG. 46, the EMM server 7C includes a communication unit 70, a storage unit 71, and a control unit 72B. The communication unit 70 and the storage unit 71 have the same configuration as the EMM server 7 described with reference to FIG.

  The control means 72B controls the operation of the EMM server 7C. The control means 72C can be realized by a general hardware configuration such as a CPU, a RAM, and a ROM. Here, the control unit 72C includes an EMM acquisition request reception unit 720, an authorization information confirmation unit 721, an EMM generation unit 722, an EMM transmission unit 723, and an authorization request transmission unit 724. The configuration other than the authorization request transmission unit 724 is the same as that of the EMM server 7 described with reference to FIG.

  The authorization request transmission unit 724 authorizes the limited reception device 1G that has been confirmed (unauthorized) that the viewing is not permitted by the contract based on the confirmation result (authorized / unauthorized) of the authorization information in the authorization information confirming unit 721. A request is sent. For example, the authorization request transmission unit 724 transmits an authorization request for redirecting to a predetermined authorization request reception URL of the authorization server 5B to the conditional access device 1G. At this time, the authorization request transmission unit 724 adds the license type (including operator identification information, organization channel, etc.) necessary for viewing the scrambled content acquired from the conditional access apparatus 1G as the EMM acquisition request to the authorization request. Then, the data is transmitted to the conditional access device 1G via the communication means 70.

  As described above, by configuring the EMM server 7C, the EMM server 7C can individually view the content only to the conditional access device 1G that is authorized to view the content according to the authorization information issued by the authorization server 5B. Can be sent.

[Operation of conditional access system]
Next, (for configuration, appropriately diagram 44 to see diagram 46) Referring to FIG. 47 to be described the operation of the conditional access system S _H of the eighth embodiment. This operation is in the operation of the conditional access system S _E of the fifth embodiment described in FIG. 38, since the point to perform an authorization request from the EMM server 7C are different will be described only for its differences.
First, the conditional access apparatus 1G receives the EMM acquisition instruction multiplexed with the broadcast wave in the individual information acquisition instruction receiving means 160C via the separating means 18C, and the individual information acquisition means 161 uses the authorization information storage means. The EMM acquisition request to which the authorization information (token) stored in 15 is added is transmitted to the EMM server 7C (step S100).

  Then, the EMM server 7C receives the EMM acquisition request transmitted from the limited reception device 1G by the EMM acquisition request receiving unit 720 (step S101). Then, the EMM server 7C transmits an authorization information inquiry including a token indicating the authorization information added to the EMM acquisition request to the authorization server 5B by the authorization information confirmation unit 721 (step S102).

  On the other hand, the authorization server 5B receives the authorization information inquiry by the authorization information inquiry receiving means 525 (step S103). Then, the authorization server 5B reads the authorization information corresponding to the token included in the authorization information inquiry from the authorization information storage unit 511 by the authorization information issuing unit 523B, and transmits it to the EMM server 7C (step S104).

Then, the EMM server 7C receives the authorization information by the authorization information confirmation unit 721 (step S106). Further, the EMM server 7C uses the authorization information confirmation unit 721 to determine whether or not the authorization information has been approved for viewing according to the contract (step S107). If viewing is permitted (Yes in S107), the EMM server 7C proceeds to the operation after step S31, generates an EMM, and transmits it to the conditional access device 1G.
On the other hand, if viewing is not permitted (No in S107), the EMM server 7C gives an instruction (authorization request) to obtain an authorization request for content viewing by the authorization server 5B by the authorization request transmission unit 724. It transmits to the conditional access apparatus 1G (step S108).

Further, the conditional access apparatus 1G receives an authorization request from the EMM server 7C by the authorization request means 140C of the authorization information acquisition processing means 14C (step S109), and requests authorization information from the authorization server 5B (step S110). . At this time, the authorization request unit 140C receives an HTTP redirect instruction as an authorization request from the EMM server 7C, and redirects the authorization request to the authorization server 5B.
The subsequent operation is the same as the operation of the conditional access system S _E of the fifth embodiment described in FIG. 38, the description thereof is omitted.

As described above, conditional access system S _H is collectively manage the contract's in the authorization server 5B, from one EMM server 7C, to provide separate license (EMM) to the conditional access apparatus 1G it can.
Here, as a modification of the fifth embodiment, the authorization request is instructed in the EMM server 7C, but the same modification can be performed in the sixth to seventh embodiments.

DESCRIPTION OF SYMBOLS 1 Limited reception apparatus 10 Communication means 11 Operation means 12 Viewing request means 13 Contractor authentication information transmission means 14 Authorization information acquisition means 140 Authorization request means 141 Authorization information reception means 15 Authorization information storage means 16 EMM acquisition processing means 160 Individual information acquisition instruction Receiving means 161 Individual information obtaining means (EMM obtaining means)
162 Individual message acquisition instruction receiving means 163 Individual message acquisition means (EMM individual message acquisition means)
17 Broadcast wave receiving means 18 Separating means 19 Security module (CAS, conditional access module)
DESCRIPTION OF SYMBOLS 20 Descrambler 21 Decoder 22 Display means 23 Contract information acquisition means 24 EMM common message processing means 25 DRM license acquisition processing means 250 DRM license acquisition instruction reception means 251 DRM license acquisition means 26 Encrypted content acquisition means 27 Content decryption means (DRM client) )
270 Master key storage unit 271 License decryption unit 272 License condition storage unit 273 Encrypted content decryption unit 28 Authorization information transfer unit 3 Service providing server 310 Client information storage unit 311 Content information storage unit 320 Viewing request reception unit 321 Authorization acquisition unit 322 EMM Acquisition instruction means 323 License acquisition instruction means 5 Authorization server 510 Contractor registration information storage means 511 Authorization information storage means 512 Client information storage means 520 Authorization request reception means 521 Contractor authentication means 522 Authorization determination means 523 Authorization information issue means 524 Client authentication Means 525 Authorization information inquiry reception means 526 Contract information reception means 527 Update means 7 EMM server 710 Master key storage means 711 Work key storage means 720 EMM acquisition Request receiving means 721 Authorization information confirmation means 722 EMM generation means 723 EMM transmission means 9 DRM server 910 Content key storage means 911 Master key storage means 920 License acquisition request reception means 921 Authorization information confirmation means 922 License generation means 923 License transmission means 1000 transmission Apparatus 2000 Information processing apparatus

Claims (2)

A conditional access device that reproduces content encrypted by CAS or DRM, an EMM server that issues EMM that is individual information for each conditional access device in CAS, and for decrypting the content encrypted by DRM A DRM server that issues a DRM license, and a contractor registration information storage unit that stores contract information for each contractor, and authorizes the issuance of the EMM and the DRM license based on the contract information The conditional access apparatus in the conditional access system in which a server and a network are connected,
Authorization request means for requesting authorization information for acquiring the EMM and the DRM license to the authorization server that has made a content viewing contract in advance;
An authorization information receiving means for receiving an authorization response including the authorization information from the authorization server, and storing the authorization information in an authorization information storage means;
An EMM acquisition unit that transmits an EMM acquisition request including the authorization information stored in the authorization information storage unit to the EMM server, and acquires the EMM;
DRM license acquisition means for transmitting a license acquisition request including the authorization information to the DRM server and acquiring the DRM license;
The contract information is extracted from the individual information distributed by the EMM, stored in the contract information storage means, and the latest information stored in the contract information storage means from the limited reception module that updates the contract information as the content is viewed. Contract information acquisition means for acquiring the contract information and transmitting the contract information as update information to the authorization server;
A conditional access apparatus comprising: A conditional access device that reproduces content encrypted by CAS or DRM, an EMM server that issues EMM that is individual information for each conditional access device in CAS, and for decrypting the content encrypted by DRM A conditional access system in which a DRM server that issues a DRM license that is a license of the ERM and an authorization server that authorizes the issuance of the EMM and the DRM license via a network,
The conditional access device is:
Authorization request means for requesting authorization information for acquiring the EMM and the DRM license to the authorization server that has made a content viewing contract in advance;
An authorization information receiving means for receiving an authorization response including the authorization information from the authorization server, and storing the authorization information in an authorization information storage means;
An EMM acquisition unit that transmits an EMM acquisition request including the authorization information stored in the authorization information storage unit to the EMM server, and acquires the EMM;
DRM license acquisition means for transmitting a license acquisition request including the authorization information to the DRM server and acquiring the DRM license;
The contract information is extracted from the individual information distributed by the EMM, stored in the contract information storage means, and the latest information stored in the contract information storage means from the limited reception module that updates the contract information as the content is viewed. Contract information acquisition means for acquiring the contract information and transmitting the contract information as update information of the contract information to the authorization server,
The authorization server is
Contractor registration information storage means for storing contract information for viewing the content;
An authorization request receiving means for receiving a request for the authorization information from the conditional access device;
Based on the contract information stored in the contractor registration information storage means, the permission determination means for determining permission for viewing the content and generating the authorization information;
Authorization information issuing means for transmitting the authorization information generated by the authorization determining means to the limited receiving device;
Contract information receiving means for receiving updated contract information from the limited receiving device;
Updating means for updating the contract information in the contractor registration information storage means with the contract information received by the contract information receiving means;
A conditional access system comprising:

Images