JP4843903B2 - Packet transmission equipment - Google Patents

Description

  The present invention is a packet transmission that uses an Ethernet (wired LAN) such as IEEE 802.3 or a wireless LAN such as IEEE 802.11 to convert an encrypted AV stream into an IP packet and transmit the packet with high quality. Regarding equipment.

  Conventionally, MPEG-TS signals are encrypted and transmitted based on a method defined in IEC 61883-4 using IEEE 1394 in general households. A DTCP (Digital Transmission Content Protection) system is defined as an example of a system for encrypting and transmitting AV data such as MPEG-TS. DTCP is a content protection technology on transmission media such as IEEE 1394 and USB. The DTCP method is a method standardized by DTLA (Digital Transmission Licencing Administrator), http://www.dtcp.com, http://www.dtcp.com/data/dtcp_tut.pdf, http: // Explained in www.dtcp.com/data/wp_spec.pdf, book “IEEE1394, application to AV equipment”, supervised by Shinji Takada, Nikkan Kogyo Shimbun, “Chapter 8, Copy Protection” (pages 133-149) ing.

  FIG. 12 shows an example of MPEG-TS IEEE 1394 transmission using the DTCP method. In the DTCP method, the transmission side is called a source (1801) and the reception side is called a sink (1802), and encrypted content such as MPEG-TS is transferred from the source (1801) to the sink (1802) via the network (1803). Is transmitting. FIG. 12 also shows examples of the source device and the sink device as supplementary information.

  Next, an outline of conventional packet communication means in the DTCP method will be described with reference to FIG. FIG. 13 is a schematic diagram of the configuration of the source (1801) and the sink (1802) of FIG. First, authentication and key exchange (abbreviated as Authentification and Key Exchange, AKE) in accordance with the DTCP method is performed. The authentication and key exchange setting information is input to the AKE means (1901), and this information is packetized by adding a specified header by the packetizing means (1902) and output to the network (1907). Here, the packetizing means (1902) packetizes and transmits the input data according to the transmission parameter determined by the transmission condition setting means (1903). On the receiving side, a signal input from the network (1907) is filtered by the packet receiving means (1904) by identification of a packet header or the like and input to the AKE means (1901). As a result, the transmitting side (source) AKE unit and the receiving side (sink) AKE unit can communicate with each other via the network (1803, 1907). That is, authentication and key exchange are executed according to the DTCP procedure.

  If authentication and key exchange are established between the transmission side (source) and the reception side (sink), AV data is then transmitted. At the source, the MPEG-TS signal is input to the encrypted data generating means (1905), the MPEG-TS signal is encrypted, and then the encrypted MPEG-TS signal is input to the packetizing means (1902). , Output to the network (1907). In the sink, the signal input from the network (1907) is filtered by the packet receiving means (1904) based on the identification of the packet header, etc., input to the encrypted data decrypting means (1906), decrypted, and the MPEG-TS signal is output. .

  Next, the above procedure will be supplementarily described with reference to FIG. In FIG. 14, the source and the sink are connected by IEEE 1394. First, a content transmission request is generated on the source side. Then, the encrypted content and the content protection mode information are transmitted from the source to the sink. The sink analyzes the content copy protection information, determines whether to use full authentication or restricted authentication, and sends an authentication request to the source. The source and sink share the authentication key (Kauth) by DTCP predetermined processing. The source encrypts the exchange key (Kx) using the authentication key and sends it to the sink, and the exchange key (Kx) is decrypted by the sink. In order to change the encryption key (Kc) in time at the source, seed information (Nc) that changes in time is generated and transmitted to the sink. At the source, an encryption key (Kx) is generated from the exchange key (Nx) and seed information (Nc), and the MPEG-TS is encrypted by the encryption means using this encryption key and transmitted to the sink. The sink receives the seed information and restores the decryption key from the exchange key and the seed information information. The sink decrypts the encrypted MPEG-TS signal using this decryption key.

FIG. 15 is an example of an IEEE 1394 isochronous packet when the MPEG-TS signal is transmitted in FIG. This packet is composed of a 4-byte (32-bit) header, a 4-byte (32-bit) header CRC, a 224-byte data field, and a 4-byte (32-nit) trailer. Of the CIP header and TS signal constituting the data field of 224 bytes, only the TS signal is transmitted and the other data is not encrypted. Here, the information specific to the DTCP system is 2-bit EMI (Encription Mode Indicator), which is copy protection information, and 1-bit seed information O / E (Odd / Even), which are included in the 32-bit header. Is transmitted without being encrypted.
JP 2004-56776 A "IEEE 1394, application to AV equipment", supervised by Shinji Takada, Nikkan Kogyo Shimbun, "Chapter 8, Copy Protection" (pages 133-149)

  However, the above conventional configuration has the following problems. Since the conventional DTCP method uses IEEE 1394 to transmit using an isochronous packet, MPEG-TS signals can be transmitted in real time. However, Ethernet (R) (IEEE 802.3) can be used using the IP protocol, which is a standard protocol of the Internet. There is a big problem that wireless LAN (IEEE 802.11) and other networks that can transmit IP packets cannot be transmitted. That is, an AV stream such as an MPEG-TS signal cannot be transmitted between a transmission device and a reception device logically connected via the IP protocol in a state where the confidentiality of the content and the copyright are protected by encryption. There is a big problem.

  In order to solve the above-mentioned problems, the first invention of the present application inputs a data input means for inputting AV data and non-AV data respectively, and inputs the output of the data input means, and a prescribed transmission / reception condition, that is, AV data. In the packet transmission device comprising: encrypted data generation means for executing encryption or encryption information header addition according to copy control information and format information; and packet header addition means, the encrypted data generation means Means, encryption means, and encryption information header addition means, and the encryption means executes encryption according to the prescribed transmission / reception conditions, or the encryption information header addition means performs encryption information header And means for controlling at least one of whether or not the addition is performed. As a result, the encryption mode is determined in accordance with the transmission conditions according to a certain rule given from the outside for the AV stream such as the MPEG-TS signal, and the addition of the encryption information header is further determined, so that the compatibility of the signal between the transmitting and receiving devices It is possible to maintain the confidentiality of the AV stream while securing the content, that is, to protect the copyright of the content.

In the second invention of this application, in order to execute a high-speed encryption process by selecting one encryption key from a plurality of encryption keys in the key update during AV data transmission in the encryption means in the first invention, The encryption key holds the original data for generating the encryption key that the packet transmitting device has and the multiple encryption keys corresponding to the encryption control information having multiple modes in the memory space, and the transmission encryption mode is After the determination, an encryption key corresponding to the encryption mode is selected from a plurality of encryption keys, the encryption key of the encryption means is set, and encryption is performed. With these configurations, it is possible to execute encryption processing at high speed while selecting one encryption key from a plurality of encryption keys and performing key update at high speed while transmitting high-speed AV data.
According to the third invention of the present application, in the encrypted data generation means according to the first invention, the format information of the AV data such as MIME-TYPE is specified in the encrypted data specification according to the copy control information (CCI) of the AV stream inputted externally. After changing the format, it is encrypted and transmitted. Further, the original format information of the AV stream is mapped to other data using the UPnP-AV method or a unique communication method, and transmitted from the transmission side to the reception side. With these configurations, it is possible to restore the original format information of the AV data on the receiving side while changing the format information of the AV data and performing encrypted transmission.
According to a fourth aspect of the present invention, in the first aspect of the present invention, the AV data packetization is performed smoothly and finely with smooth control of switching of RTP / UDP or HTTP / TCP protocol by control from the receiving side. . For example, packetization of AV data can be achieved by selecting a TV tuner channel from the receiving side to the transmitting side, or when selecting AV content recorded on the DVD disc by the HDD on the receiving side, RTP / UDP with a small transmission delay. Using the protocol, it is possible to quickly select the channel of the TV tuner and select the recorded AV content. In addition, after selecting these viewing contents, use the HTTP / TCP protocol to view high-quality contents using the HTTP / TCP system that has a retransmission function in TCP for packet drops rather than RTP / UDP. Do. With these configurations, when content selection is performed on the receiving side by switching control, it is possible to perform a light operation with low delay so that the user does not feel the delay, and after viewing content selection is completed, a signal due to packet loss, etc. It is possible to transmit high-quality AV content in which missing is compensated.
According to a fifth aspect of the present invention, in the first aspect, one or more data blocks to which time information composed of a time stamp or affiliated data is added to the data block constituting the AV data and the time information is added are collected. To the payload part of the RTP packet or the payload part of the HTTP packet. As a result, since a time stamp and specific information can be added to the TS packet, it is possible to finely control whether the receiving side decodes the MPEG-TS using the time stamp or does not use the time stamp. .

According to the first invention of the present application, the following effects are obtained. That is, the packet transmission means according to the first invention of the present application is a data input means for inputting AV data and non-AV data, respectively, and an output of the data input means, and a prescribed transmission / reception condition, that is, a copy of AV data. In the packet transmission / reception means comprising: encrypted data generation means “performs execution of encryption or encryption information header addition” and packet header addition means according to control information and format information, the encrypted data generation means is authentication means And encryption means and encryption information header addition means, and the encryption means executes encryption according to the prescribed transmission / reception conditions, or the encryption information header addition means adds encryption information header And means for controlling at least one of whether or not. As a result, the encryption mode is determined in accordance with the transmission conditions according to a certain rule given from the outside for the AV stream such as the MPEG-TS signal, and the addition of the encryption information header is further determined, so that the compatibility of the signal between the transmitting and receiving devices is improved. It is possible to maintain the confidentiality of the AV stream while securing the content, that is, to protect the copyright of the content.
According to the second invention of the present application, the following effects are obtained. That is, the packet transmission means according to the second invention of the present application selects one encryption key from a plurality of encryption keys and performs encryption processing in the key update during AV data transmission in the encryption means in the first invention. For high-speed execution, the encryption key is stored in the memory space with the original data for generating the encryption key possessed by the transmission means and multiple encryption keys corresponding to the encryption control information having multiple modes in the memory space. After the encryption mode is determined, an encryption key corresponding to the encryption mode is selected from a plurality of encryption keys, the encryption key of the encryption means is set, and encryption is performed. With these configurations, it is possible to execute encryption processing at high speed while selecting one encryption key from a plurality of encryption keys and performing key update at high speed while transmitting high-speed AV data.
According to the third invention of the present application, the following effects are obtained. According to the third invention of the present application, in the encrypted data generation means according to the first invention, the format information of the AV data such as MIME-TYPE is specified in the encrypted data specification according to the copy control information (CCI) of the AV stream inputted externally. After changing the format, it is encrypted and transmitted. Further, the original format information of the AV stream is mapped to other data using the UPnP-AV method or a unique communication method, and transmitted from the transmission side to the reception side. With these configurations, it is possible to restore the original format information of the AV data on the receiving side while changing the format information of the AV data and performing encrypted transmission.
The fourth invention of the present application has the following effects. According to a fourth aspect of the present invention, in the first aspect of the present invention, the AV data packetization is performed smoothly and finely with smooth control of switching of RTP / UDP or HTTP / TCP protocol by control from the receiving side. . For example, packetization of AV data can be achieved by selecting a TV tuner channel from the receiving side to the transmitting side, or when selecting AV content recorded on the DVD disc by the HDD on the receiving side, RTP / UDP with a small transmission delay. Using the protocol, it is possible to quickly select the channel of the TV tuner and select the recorded AV content. In addition, after selecting these viewing contents, use the HTTP / TCP protocol to view high-quality contents using the HTTP / TCP system that has a retransmission function in TCP for packet drops rather than RTP / UDP. Do. With these configurations, when content selection is performed on the receiving side by switching control, it is possible to perform a light operation with low delay so that the user does not feel the delay, and after viewing content selection is completed, a signal due to packet loss, etc. It is possible to transmit high-quality AV content in which missing is compensated.
According to the fifth invention of the present application, the following effects are obtained. That is, in the fifth invention of the present application, in the first invention, time data constituted by a time stamp or affiliated data is added to a data block constituting AV data, and one attached data block to which time information is added is provided. The above is collectively mapped to the payload part of the RTP packet or the payload part of the HTTP packet. As a result, since a time stamp and specific information can be added to the TS packet, it is possible to finely control whether the receiving side decodes the MPEG-TS using the time stamp or does not use the time stamp. .
Further, according to the first to fifth aspects of the present invention, regarding the transmission of AV content using a network, data eavesdropping on the network is prevented, and highly secure data transmission is realized. Thereby, even when a public network such as the Internet is used for the transmission path, it is possible to prevent wiretapping and leakage of priority data (AV data content) transmitted in real time. In addition, it is possible to sell and charge AV data transmitted over the Internet or the like, and it is possible to sell and distribute highly secure BB and BC content.
According to the second to 65th aspects of the present invention, even when AV content is transmitted and processed by hardware, a general data packet can be processed by software using a CPU as usual. Therefore, data such as management information and control information can be transmitted as general data by adding software. Since these data amounts are very small compared to the AV data which is the priority data, it can be realized by an inexpensive microprocessor such as a microcomputer and can be realized at a low cost. In addition, since an expensive CPU or a large-scale memory is not required for protocol processing of a high load and high transmission rate priority packet, there is a great merit that a high-performance apparatus can be provided at low cost from these points.

First, an outline of a system example applied to clarify the positioning of the present invention will be described. FIG. 1 shows an example of a system to which the present invention is applied.
In FIG. 1, a packet transmitting device (101) and a packet receiving device (103) are invention implementation units of the first, second, third, fourth and fifth applications (hereinafter, the present invention unit). 101 is a transmitting device, 102 is a router, and 103 is a receiving device. The transmission device (101) receives transmission / reception condition setting information, authentication and key exchange setting information, and an input stream (content such as MPEG-TS), and communication is performed based on the following procedures 1 to 3.
Procedure 1) Set transmission / reception parameters.
(1-1) Set the MAC address, IP address, TCP / UDP port number, etc. of the transmitting / receiving device.
(1-2) Set the transmission signal format type and bandwidth. Setting related to the operation of the network using the IEEE 802.1Q (VLAN) standard between the transmitting device (101) operating as a QoS agent, the receiving device (103), and the router (102) operating as a QoS manager.
(1-3) Priority setting (operation according to IEEE 802.1Q / p)
Procedure 2) Authentication and key exchange:
(2-1) Perform authentication and key exchange. For example, the DTCP method can be used.
Procedure 3) Stream transmission:
(3-1) Transmission of encrypted stream content (MPEG-TS) between transmitting device and receiving device Note that MPEG-TS is used in the example as an input signal for content, but this is not restrictive. The application range of the input content used in the present invention includes MPEG-TS stream (ISO / IEC 13818) such as MPEG1 / 2/4, DV (IEC 61834, IEC 61883), SMPTE 314M (DV-based), SMPTE 259M (SDI) ), Streams standardized by SMPTE 305M (SDTI), SMPTE 292M (HD-SDI), etc. Note that general AV content is also applicable. Furthermore, the application range of input data used in the present invention is applicable to data file transfer. In the case of file transfer, content transmission that is faster than real-time can be performed under conditions such as the data transfer rate being higher than the normal playback data rate of the content stream due to the relationship between the processing capability of the transmission / reception terminal and the propagation delay time between the transmission and reception terminals Is possible.
Next, a supplementary explanation will be given regarding the authentication and key exchange in the above procedure 2. In FIG. 2, the transmitting device and the receiving device are connected by an IP network. First, content protection mode information including content copy protection information is transmitted from the transmission device to the reception device. The receiving device analyzes the copy protection information of the content, determines an authentication method to be used, and sends an authentication request to the transmitting device. Through these processes, the transmitting device and the receiving device share an authentication key. Next, the transmitting device encrypts the exchange key using the authentication key and sends it to the receiving device, and the receiving device decrypts the exchange key. In order to change the encryption key with time, the transmitting device generates key change information that changes with time and transmits it to the receiving device. In the transmitting device, an encryption key is generated from the exchange key and the key change information, and the MPEG-TS is encrypted by the encryption means using this encryption key and transmitted to the receiving device. The receiving device restores the decryption key from the exchange key with the received key change information. The receiving device decrypts the encrypted MPEG-TS signal using this decryption key.
FIG. 3 shows an example in which this method is applied to a two-story home using Ethernet (R). In FIG. 3, 301 is the first floor network configuration, and 302 is the second floor network configuration. 303 is a router installed on the first floor and connected to the Internet, and 304 is a switching hub installed on the second floor. An Ethernet (R) network 304 connects the router (303) and the switching hub (304). The bandwidth of all Ethernet (R) networks in the home is 100 Mbps. As for the details of the network configuration on the first floor, a router (303) is connected to a TV (TV), a personal computer (PC), a DVD recorder via Ethernet (R) of 100 Mbps, and an air conditioner and a refrigerator are connected via ECHONET. Yes. On the second floor, a television (TV), a personal computer (PC), and a DVD recorder are connected to the switching hub (304) via Ethernet (R) of 100 Mbps, and an air conditioner is connected via ECHONET. ECHONET is a transmission method developed by the “Echonet Consortium” (http://www.echonet.gr.jp/).
In FIG. 3, a personal computer (PC), a DVD recorder, a router (301), and a switching hub (304) correspond to IEEE 802.1Q (VLAN). That is, when the data rate of each port is the same (for example, 100 Mbps) in the router (301) and the switching hub (304), the total data bandwidth output to a specific port is the standard value or the actual value of the transmission rate of that port. As long as the value does not exceed, data input to the input port is not lost inside the router (or switching hub) and is all output to the output port. In a switching hub, for example, even if data is input to 8 input ports at the same time, if each data output port is different, each data is switched without contention in the buffer inside the hub and output from the output port. Therefore, all input data is output to the output port without dropping packets.
In FIG. 3, since the bandwidth of all Ethernet (R) in the home is 100 Mbps, the bandwidth of the network 305 between the first floor and the second floor is also 100 Mbps. When a plurality of data flows between a plurality of devices on the first floor and the second floor, there is a possibility that the total data rate of data flowing on the network 305 may exceed 100 Mbps if there is no bandwidth limitation for each data. Streams that require real-time transmission such as video applications may be interrupted. In this case, priority control is required for transmission data so that a stream that requires real-time transmission is not interrupted. This problem can be solved by introducing a speed limiting mechanism for stream transmission and file transfer, which will be described later, in the router and switching hub as well as the terminal. For example, if the transmission priority of the MPEG-TS stream is set higher than the transmission priority of the file transfer data, the file transfer between the first floor and the second floor PC is performed in the background while the first floor and the second floor are simultaneously transferred. MPEG-TS can be encrypted and transmitted in real time between the DVD recorder, PC, and TV.
The transmission rate limiting mechanism in the router or switching hub described above can be realized by data inflow control. That is, it can be realized by comparing high priority data with low priority data in the input data queue of the router (or switching hub) and preferentially outputting high priority data. Buffer control rules used in this priority control method include a round robin method, a fluid fair scheduling method, a weighted fair scheduling method, a self-synchronous fair scheduling method, a WFFQ method, a virtual clock scheduling method, and a class-specific scheduling method. Information on these scheduling methods is described in Toda Kaoru, “Network QoS Technology”, May 25, 2001 (first edition), Chapter 12 of Ohm Publishing Co., etc.
(Embodiment 1)
The first invention of the present application will be described. FIG. 4 is a block diagram relating to the packet transmitting / receiving means (device) of the first invention of the present application. Reference numeral 401 denotes packet transmission / reception means by encryption using AKE means. The AKE setting information is input to the AKE means (402), and information related to the AKE setting information, such as copy protection information and encryption key change information, is input to the packetizing means (403), and the TCP / IP protocol is used. In addition, the framing means 409 adds a MAC header to convert it into an Ethernet (R) frame, and outputs it to the network as a transmission frame. Here, the packetizing means (403) packetizes and transmits the input data according to the transmission parameter determined by the transmission condition setting means (404). In the transmission condition setting management means (404), the format information of the AV data includes the format type of the transmission data including any of the MIME type, file type, or extension, information on the transmission destination address and port number, transmission Transmission condition setting information such as path information (routing information), transmission data bandwidth, transmission data transmission priority, etc., device management control data in transmission means (local) and reception means (remote), and reception status Is input to the transmission side, and headers and payload data generated by the packetizing means (403) and the framing means (409) are set.

Here, settings such as destination address and port number information are used with reference to UPnP and device architecture (for example, DA ver. 1.0) defined by the UPnP Forum. Alternatively, an application using a WEB browser other than UPnP or an original application may be used.
Also, the format information of AV data is composed of the format type of transmission data including any of MIME type, file type, or extension, etc., together with copy control information (CCI, Copy Control Information) and the like, specified by UPnP Forum Set with reference to the UPnP-AV specification. Further, it may be set by an application using a WEB browser other than the specification defined by UPnP-AV or an original application.
On the receiving side, a signal input from the network is filtered by the frame receiving means (410) based on the MAC header, and input to the packet receiving means (405) as an IP packet. The packet receiving means (405) performs filtering based on identification of an IP packet header or the like, and inputs it to the AKE means (402). As a result, the transmitting-side AKE means and the receiving-side AKE means are connected via the network, so that messages can be exchanged with each other via the communication protocol. That is, authentication and key exchange can be executed according to the setting procedure of the AKE means.

If authentication and key exchange are established between the transmission side and the reception side, the encrypted AV data is transmitted. At this time, the transmission condition setting means (404) encrypts the operation of at least one of the encryption mode setting and the encryption information header addition according to the copy control information and format information of the AV data. Control is performed for the data generation means (406) and the packetization means (403).
On the transmission side, the MPEG-TS signal is input to the encryption means (406), the MPEG-TS signal is encrypted, and then the encrypted MPEG-TS signal is input to the packetization means (403). A TCP / IP protocol header is added. Further, the framing means 409 adds an MAC header using the 802.1Q (VLAN) method, converts it to an Ethernet (R) frame, and outputs it to the network as a transmission frame. Here, by setting the priority (user priority) in TCI (Tag Control Informaition) in the MAC header high, the priority of network transmission can be made higher than that of general data.
On the receiving side, a signal input from the network is filtered based on the MAC header by the frame receiving means (410), and input to the packet receiving means (405) as an IP packet. The packet receiving means (405) performs filtering based on the identification of the packet header and the like, and inputs to the decoding means (407) to output the decoded MPEG-TS signal.

  The transmission condition setting means (404) receives data for feeding back the reception status to the transmission side, and sets the header and payload data generated by the packetizing means (403) and the framing means (409). .

  Next, the above procedure will be supplementarily described using the protocol stack of FIG. In the transmission side in FIG. 5, first, the encrypted content and the content protection mode information are transmitted from the transmission side to the reception side. The receiving side analyzes the content copy protection information, determines the authentication method, and sends an authentication request to the transmitting device. Next, a random number is generated, and this random number is input to a predetermined function to create an exchange key. The exchange key information is input to a predetermined function to generate an authentication key. The receiving side also attempts to share the authentication key by a predetermined process. As the encryption information used here, for example, one or more combinations of unique information (device ID, device authentication information, mac address, etc.), secret key, public key, externally provided information, etc. By using an encryption method with strong encryption strength such as DES method or AES method, it is possible to perform strong encryption. Then, the transmission side encrypts the exchange key using the authentication key and sends it to the reception side, and the exchange side decrypts the exchange key. Further, the exchange key and the initial key update information are input to a predetermined function to generate an encryption key. In order to change the encryption key with time, the transmission side generates key update information that changes with time and transmits it to the reception side. The content MPEG-TS is encrypted with an encryption key. The encrypted MPEG-TS is combined with the above-described encryption mode information such as EMI or numerical information as key generation original information in units of one or more TS packets, and is used as a transmission AV data payload. Or RTP packet payload. Furthermore, this HTTP or RTP packet is mapped to the TCP or UDP protocol and then used as the data payload of the IP packet to generate an IP packet. Further, this IP packet is used as payload data of a MAC frame, and an Ethernet (R) MAC frame is generated. Note that the MAC can be applied not only to IEEE 802.3, which is Ethernet (R), but also to IEEE 802.11, which is a wireless LAN standard.

  The Ethernet (R) MAC frame is transmitted from the transmission side to the reception side on the Ethernet (R). A decryption key is generated according to a predetermined procedure on the receiving side. Then, the IP packet is filtered from the received Ethernet (R) MAC frame. Further, a TCP (or UDP) packet is extracted from the IP packet. Then, AV data is extracted from the TCP (or UDP) packet, and the MPEG-TS (content) is decrypted and output using the decryption key restored from the exchange key and the key change information.

As described above, it is possible to encrypt an AV stream such as an MPEG-TS signal by a transmitting device, transmit an IP packet through a network, and decrypt the original signal by a receiving device.
In FIG. 3, stream transmission and file transfer can coexist by devising a network topology using a switching hub. For example, by expanding the bandwidth of the network 305 between the first floor and the second floor from 100 Mbps described in the conventional embodiment to 1 Gbps, file transfer between the first and second floor PCs is performed in the background. At the same time, MPEG-TS can be encrypted and transmitted in real time between the DVD recorder, PC, and TV on the first and second floors. For example, using a commercially available switching hub with eight 100 Mbps ports and one 1 Gbps port, connect the 1 Gbps port to the network 305 linking the first floor and the second floor, and the remaining 8 channels of 100 Mbps ports Connect an AV device such as a TV. Since there are 8 ports of 100 Mbps, even if the data of 8 ports is input at a maximum of 100 Mbps and output to the port of 1 Gbps, the data input from 8 ports is less than 100 Mbps × 8 ch = 800 Mbps and 1 Gbps. Are not lost inside the switching hub and are all output to the 1 Gbps port. Therefore, all data generated on the first floor can be transmitted to the second floor. Conversely, all data generated on the second floor can be transmitted to the first floor. As described above, when a switching hub is used, stream transmission and file transfer can coexist by devising a network topology.

The DTCP method can be used as an encryption method for AKE and AV data.
(Embodiment 2)
The second invention of the present application will be described. FIG. 6 is a block diagram of the second invention of the present application. 6, except for the AKE unit (402) and the plurality of encryption key holding units (602), the configuration is the same as that in FIG. 4, and therefore, a new part will be described below.

In the second invention of this application, in the key update during AV data transmission in the encryption means in the first invention, in order to select one encryption key from a plurality of encryption keys and execute the encryption process at high speed, The encryption key holds the original data for generating the encryption key held by the transmission means and multiple encryption keys corresponding to the encryption control information having multiple modes in the memory space, and the transmission encryption mode is determined After that, an encryption key corresponding to the encryption mode is selected from a plurality of encryption keys, the encryption key of the encryption means is set, and encryption is performed. With these configurations, it is possible to execute encryption processing at high speed while selecting one encryption key from a plurality of encryption keys and performing key update at high speed while transmitting high-speed AV data.
In FIG. 6, AKE setting information is input to the AKE means (402), information related to the AKE setting information (for example, copy control information and encryption key change information), transmission data type, and transmission destination Address and port number information, path information used for transmission (routing information), transmission data bandwidth, transmission data transmission priority settings such as transmission priority, and devices in the transmission means (local) and reception means (remote) Management control data and data for feeding back the reception status to the transmission side are input to the packetizing means (403), subjected to TCP / IP protocol processing, and input to the first queue means (603).
Here, the transmission condition setting management means (404) and the AKE means (402) each provide information for generating an encryption key, and the AKE means (402) sets 1 according to a plurality of encryption modes (such as EMI). One or more encryption key generation means (601) are generated and set in a plurality of encryption key holding means (602). If the AV data to be transmitted is input to the encrypted data generation means (406), a plurality of encryptions set in the plurality of encryption key holding means (602) according to the copy control information of the AV data. One encryption key is selected from the keys. The selected encryption key encrypts AV data as a set in encryption means such as AES system or DES system, and outputs it to the packetization means (403). Here, the encryption key generation means (601) uses hardware, the plurality of encryption key holding means (602) uses software memory, and the encryption means uses hardware configuration to encrypt at high speed. Transmission of AV data can be realized while updating the key.

The operation on the receiving side is the same as in the first embodiment.
(Embodiment 3)
The third invention of the present application will be described. According to the third invention of the present application, in the encrypted data generation means according to the first invention, the format information of the AV data such as MIME-TYPE is specified in the encrypted data specification according to the copy control information (CCI) of the AV stream inputted externally. After changing the format, it is encrypted and transmitted. Further, the original format information of the AV stream is mapped to other data using the UPnP-AV method or a unique communication method, and transmitted from the transmission side to the reception side. With these configurations, it is possible to restore the original format information of the AV data on the receiving side while changing the format information of the AV data and performing encrypted transmission.

FIG. 6 is a block diagram of the third invention of the present application. In FIG. 6, AKE setting information is input to the AKE means (402), information related to the AKE setting information (for example, copy protection information and encryption key change information), transmission data type, and transmission destination Address and port number information, path information used for transmission (routing information), transmission data bandwidth, transmission data transmission priority settings such as transmission priority, and devices in the transmission means (local) and reception means (remote) Management control data and data for feeding back the reception status to the transmission side are input to the first packetization means (701), and are subjected to TCP / IP protocol processing by software processing using a processor, and the first queue means (603).
AV data format information is input to the transmission condition setting management means (404). On the other hand, the format information of AV data is rewritten according to the encryption mode (such as EMI) described above. For example, if not encrypted, the format information of AV data is
Do not change video / mpeg. In the case of encryption, the format information of AV data is changed from video / mpeg to application / x-dtcp1. Furthermore, as supplementary information of video / mpeg, information such as mpeg-ps, mpeg-ts, NTSC, and PAL is not used as AV data but as separate data, and is transmitted from the transmission side to the reception side using UPnP-AV or a dedicated protocol. Transmit to. On the receiving side, the original AV data format can be restored from the received information. These MIME types are described in IETF RFC standards and ARIB standards. As specifications described in the ARIB standard, for example,
application / x-arib-mpeg-ts
And application / x-arib-mpeg-tts
and so on.
(Embodiment 4)
The fourth invention of the present application will be described.
According to a fourth aspect of the present invention, in the first aspect of the present invention, the AV data packetization is performed smoothly and finely with smooth control of switching of RTP / UDP or HTTP / TCP protocol by control from the receiving side. .
FIG. 9 is a block diagram of the fourth invention of the present application. First packetizing means (901) and second packetizing means (902) in the packetizing means (403) in FIG. 9, first packet receiving means (903) in the packet receiving means (405) and 2 packet receiving means (904). Here, the first packetizing means (901) is the RTP method, the second packetizing means (902) is the HTTP method, the first packet receiving means (903) is the RTP method, and the second packet receiving means ( Step 904) performs packet processing of the HTTP method.
The AV data packetization is performed by the first packetizing means when a TV tuner channel selection on the receiving side or an AV content selection command recorded on the DVD disc on the receiving side is issued on the receiving side. (901) and the first packet receiving means (903) are used to quickly select the channel of the TV tuner and the recorded AV content by the RTP method with a small transmission delay. In addition, after the selection of the viewing content, the second packetizing means (902) and the second packet receiving means (904) are used, the HTTP / TCP protocol is used, and the packet drops more than RTP / UDP. On the other hand, high-quality content viewing is performed using an HTTP / TCP system having a retransmission function in TCP. With these configurations, when content selection is performed on the receiving side by switching control, it is possible to perform a light operation with low delay so that the user does not feel the delay, and after viewing content selection is completed, a signal due to packet loss, etc. It is possible to transmit high-quality AV content in which missing is compensated.
(Embodiment 5)
The fifth invention of the present application will be described. FIG. 10 is a block diagram of the fifth invention of the present application.
10, except for the time information adding means (1001) and the time information discriminating means (1002), the configuration is the same as that shown in FIG.

  According to a fifth aspect of the present invention, in the first aspect, one or more data blocks to which time information composed of a time stamp or affiliated data is added to the data block constituting the AV data and the time information is added are collected. To the payload part of the RTP packet or the payload part of the HTTP packet. As a result, since a time stamp and specific information can be added to the TS packet, it is possible to finely control whether the receiving side decodes the MPEG-TS using the time stamp or does not use the time stamp. .

  FIG. 11 shows an example of a packet format when MPEG-TS is transmitted as an IP packet and further converted into an Ethernet (R) frame. A 194-byte unit is created by adding a 6-byte time code (TC) to the 188-byte MPEG-TS. The TC is composed of a 42-bit time stamp and a 6-bit base clock ID (BCID). The frequency information of the time stamp can be expressed by BCID. For example, (Case 1) when BCID is 0x00, there is no time stamp frequency information. (Case 2) When BCID is 0z01, the time stamp frequency information is 27 MHz (MPEG2 system clock frequency). (Case 3) When the BCID is 0x02, the time stamp frequency information is 90 kHz (clock frequency used in MPEG1). (Case 4) When the BCID is 0x03, the time stamp frequency information is Is 24.576 MHz (clock frequency used in IEEE 1394). (Case 5) When the BCID is 0x04, the frequency information of the time stamp can be represented by the BCID such that the frequency information of the time stamp is 100 MHz (frequency used in the Ethernet (R)). Two pieces of 194-byte data are encrypted together and further combined with 2-byte DTCP information to form an RTP protocol payload. Here, the DTCP information includes 2-bit EMI, 1-bit O / E, and 13-bit Reserved Data. The RTP packet is packetized by the UDP and IP protocols and then Ethernet (R) frame. As the Ethernet (R) header, as shown in FIG. 9, both a standard Ethernet (R) header and an Ethernet (R) header extended by IEEE 802.1Q (VLAN) are supported. Note that the priority of the Ethernet (R) frame can be set by a 3-bit Priority flag in the TCI field in the Ethernet (R) header extended by IEEE 802.1Q (VLAN). Further, in order to identify a state with a time stamp and a state without a time stamp on the receiving side, a configuration in which a state identification flag is notified by UPnP-AV or a specific application may be adopted.

  Further, a 4-byte time code (TC) defined by ARIB-STD-B21 may be added to MPEG-TS to obtain 192 bytes. In this case, a state in which the BCID of (Case 1) corresponds to 0x00, that is, a state without time stamp frequency information, defines a specific value such as all 1 and the state with the time stamp and the time stamp No state can be defined.

  In order to identify a state with a time stamp and a state without a time stamp on the receiving side, a configuration in which a state identification flag is notified by UPnP-AV or a specific application can be used. It can also be determined from the received value of a specific value such as all 1 as 4-byte data.

  In the above-described first to fifth embodiments, when transmitting on a communication network where the order of packets is not guaranteed, such as a general IP network, the packet is transmitted with a sequence number added, and is received on the receiving side. The sequence number may be guaranteed using the sequence number. This ordering can be ensured by the fourth or higher layer of the OSI model, that is, the RTP protocol, video signal processing, or the like.

  It should be noted that a countermeasure can be taken because the AV signal packet processed and transmitted by the hardware on the transmission side is not fragmented in the network. That is, on the transmission side, the maximum size (MTU) that is not fragmented in the communication network is inspected in advance by application level processing, and the packet size smaller than that may be transmitted. Alternatively, since the RFC standard stipulates that all terminals must be able to handle 576-byte IP packets, many network devices such as routers do not fragment in IP packets smaller than this. Therefore, the packet size of the AV signal that is hardware-processed on the transmission side may be adjusted so that the size of the IP packet is 576 bytes or less. If no fragmentation occurs in the AV signal packet that is hardware-processed on the transmission side, all the received packets may be processed as general packets. If the maximum value of the Ethernet (R) IP packet is exceeded, it must be fragmented at the transmitting terminal. Therefore, in order not to cause priority packet fragmentation, it must be less than the maximum value of the IP packet. Needless to say.

If the probability of fragmentation occurring in the communication network is very low, the router sets the fragment prohibition flag in the IP header of the AV signal packet that has been hardware-processed and transmitted on the transmission side and transmits the fragment. In the unavoidable state, the fragment processing load on the receiving terminal may be reduced by discarding the IP packet. In this case, a very small number of packets are lost, but communication quality can be compensated by performing error correction or error correction on the receiving side.
Further, in the first to sixth embodiments, Ethernet (R) is used as an example of the communication network protocol, but this is not restrictive.

As an example of video signal processing, MPEG-TS is used in the first to fifth embodiments. However, the present invention is not limited to this, and the applicable range of input data used in the present invention is an MPEG-TS stream such as MPEG1 / 2/4. (ISO / IEC 13818), DV (IEC 61834, IEC 61883), SMPTE 314M (DV-based), SMPTE 259M (SDI), SMPTE 305M (SDTI), SMPTE 292M (HD-SDI), etc. The present invention can be applied to any video / audio stream including a stream. The data rate of video and audio is not limited to CBR (constant bit rate). Furthermore, not only video and audio, but also general real-time data or any data that is preferentially transmitted / received is not excluded from the present invention.
In addition, the application range of the input data used in the present invention is applicable to data file transfer. In the case of file transfer, transmission at higher speed than real time is possible under certain conditions depending on the relationship between the processing capability of the transmission / reception terminals and the propagation delay time between the transmission / reception terminals.

The figure which shows an example of the system which applies this invention 1st invention Explanatory diagram of a content transmission procedure when the DTCP method is applied to authentication and key exchange Illustration of an example when applied to a general household using Ethernet (R) Block diagram of packet transmitting / receiving means (device) of the first invention of the present application Explanatory drawing of the protocol stack of the first invention of the present application Block diagram of packet transmitting / receiving means of the second invention of the present application Block diagram of the packet transmitting / receiving means of the third invention of the present application Explanatory drawing of the protocol stack of the third invention of the present application Block diagram of the packet transmitting / receiving means of the fourth invention of the present application Block diagram of packet transmitting / receiving means of fifth invention of the present application The figure which shows the example of the Ethernet (R) frame structure specification of MPEG-TS in this invention 5th invention The figure which shows an example of the transmission by IEEE-1394 of MPEG-TS using a DTCP system Schematic explanatory diagram of conventional packet communication means in the DTCP system The figure which shows the encryption stream transmission procedure which used DTCP in IEEE1394. The figure which shows an example of the IEEE 1394 isochronous packet in the case of transmitting an MPEG-TS signal

Explanation of symbols

101 packet transmitting device 102 router 103 packet receiving device 401 packet transmitting / receiving means (device)
402 AKE means 403 packetization means
404 Transmission condition setting management means 405 Packet receiving means 406 Encryption means 407 Decoding means 408 Reception condition setting management means 409 Frame forming means 410 Frame receiving means

Claims (14)

A packet transmission device in a packet transmission / reception system that performs packet communication of data between a packet transmission device and a packet reception device,
Input means for inputting AV data, copy control information of the AV data, IP address information designating an access position of the AV data, and TCP port information for authenticating the packet receiving device;
Authentication means for performing authentication processing of the AV data using the IP address information;
Encryption means for performing encryption processing of the AV data using the copy control information of the AV data;
Encryption information header for performing encryption information header addition processing using the AV data copy control information, IP address information designating the access position of the AV data, and TCP port information for authenticating the packet receiving device Additional means;
Comprising
A packet transmission device characterized by the above. The input means includes
Receiving the format information of the AV data,
In accordance with the AV data copy control information, the AV data format information is changed to an encrypted data specification format, and the AV data is added to the encrypted data and transmitted from the packet transmitting device to the packet receiving device. Do,
The packet transmission device according to claim 1. The format information of the AV data is
Including any of the MIME types, file types, or extensions,
The packet transmission device according to claim 2. TCP port information for authenticating the packet receiving device is:
Provided when the AV data information requested by the IP address information designating the AV data access position is returned.
The packet transmission device according to claim 1. The encryption information header is
Contains either encryption mode information or encryption payload length,
The packet transmission device according to claim 1. The encryption information header adding means includes
Determining whether to add the encryption information header to the AV data according to the copy control information of the AV data;
The packet transmission device according to claim 1. The encryption means includes
An encryption key is used for encryption, and an integer value is added to the encryption information header or packet header as ID information or update information of the encryption key.
The packet transmission device according to claim 1. The integer value is
When a packet is transmitted using the HTTP protocol, the packet is updated to a random value or an update value based on a specific rule for each packet of the HTTP packet.
The packet transmission device according to claim 7 . The change in the encryption mode information is
Detect and set by changing port number of TCP protocol or UDP protocol,
The packet transmission device according to claim 5. Having the encryption mode information in a packet;
The packet transmission device according to claim 5. The encryption key update condition is:
Use the condition that it is done at a predetermined time,
The packet transmission device according to claim 7 . The authentication means includes
Add authentication mode information to the packet header,
The packet transmission device according to claim 7 . When N is an integer equal to or greater than 2, N-format AV data is allocated and transmitted for each port using N ports of the UDP protocol or TCP protocol.
The packet transmission device according to claim 1. The packet size of an IP packet is
Set to be equal to or smaller than the path MTU size of the IP network located between the packet transmitting device and the packet receiving device;
Packet transmission device according to any of claims 1 1 to 3, characterized in that.

Images