JP4876654B2 - Software download system, broadcast receiving apparatus, server, and software download method - Google Patents

Description

  The present invention relates to a software download system, a broadcast receiving apparatus, a server, and a software download method. In detail, an encryption key is generated based on information obtained only by receiving a broadcast, for example, time information, and a software request or requested software is encrypted with this encryption key to prevent unauthorized software download. It is.

  In a broadcast receiving apparatus that receives a broadcast program, when updating software, an update program supplied via a transmission line such as a telephone line, a satellite, or a cable net is used as shown in Patent Document 1. ing.

JP 2003-143502 A

  By the way, in the broadcast receiving apparatus, for the purpose of copyright protection and the like, it is necessary to output video and audio contents after correctly performing copy control in accordance with the copy control information included in the broadcast signal. Also, when various application programs such as games, document creation, numerical calculation, and image processing are provided for a fee and can be executed by the broadcast receiving apparatus, for example, they are executed only within the set number of times of use and period of use. It is necessary to perform control so that it is not possible or executed by another broadcast receiving apparatus.

  Here, when updating the program of the broadcast receiving apparatus, if a falsified update program is downloaded and installed in the broadcast receiving apparatus, expected copy control processing, program execution control, and the like cannot be performed correctly. Increased risk.

  For example, when an update program is downloaded via a network, there is a possibility that software executable by the broadcast receiving apparatus can be created by eavesdropping and analyzing network traffic. For this reason, when an update program that does not restrict copy and application execution is created by a user and installed in the broadcast receiving apparatus, an operation unintended by the broadcast receiving apparatus designer is performed by the broadcast receiving apparatus. Will be done.

  Also, when downloading software such as application programs, if the software is stolen by eavesdropping on network traffic, this software can be downloaded from the spoofing server, so that the application can be downloaded without downloading the software from the correct server. It becomes possible to use it. In addition, since the correct server cannot manage software downloads, it becomes impossible to perform download restrictions or charge according to the downloads.

  Therefore, the present invention provides a software download system, a broadcast receiving apparatus, a server, and a software download method that can prevent unauthorized software download.

  In this invention, in a broadcast receiving device connected to a server via a network, an encryption key is generated based on information obtained only by receiving a broadcast, for example, time information, and a software request is encrypted with this encryption key. And supplied to the server. Also, the software encrypted and supplied from the server is decrypted using the generated encryption key. In a server connected to a broadcast receiving device via a network, an encryption key is generated based on information obtained only by receiving a broadcast, and is encrypted and supplied from the broadcast receiving device using this encryption key. The software request is decrypted. Also, the software corresponding to the software request is encrypted with the generated encryption key, and supplied to the broadcast receiving apparatus that has made the software request.

  According to the present invention, an encryption key is generated based on information obtained only by receiving a broadcast, and a software request and software supplied in response to the software request are encrypted with this encryption key to be transmitted via a network. Is transmitted. For this reason, since software requests and software cannot be obtained even if eavesdropping on network traffic, software can be downloaded safely. Also, since the encryption key is generated based on the information obtained only by receiving the broadcast, it is possible to prevent the user from changing the information used for generating the encryption key to analyze the encryption algorithm. As a result, the analysis of the encryption key and the encryption algorithm can be made difficult. Furthermore, by using time information as information obtained only by receiving a broadcast, the encryption key changes with time, so that analysis of the encryption key and encryption algorithm can be made more difficult.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings. FIG. 1 shows the configuration of the software download system of the broadcast receiving apparatus. The broadcast receiving apparatus 10 is connected to a server 60 that provides software via a network 50. The software provided by the server 60 is not limited to application programs and update programs, and includes data used for device settings and various processes, video content, audio content, and the like.

  The broadcast receiving device 10 and the server 60 use encryption when requesting software or providing requested software.

  The antenna 11 of the broadcast receiving apparatus 10 is for receiving broadcast radio waves. A reception signal obtained by receiving broadcast radio waves with the antenna 11 is supplied to the tuner 121 of the reception unit 12. The tuner 121 selects a desired broadcast content frequency from the received signal. Further, digital demodulation processing, error correction processing, and deinterleaving processing are performed on the signal obtained by channel selection, and a transport stream is generated and supplied to the descrambler 122 of the receiving unit 12.

  The descrambler 122 generates a work key by decrypting the individual information included in the transport stream using a unique master key determined for each individual receiver. Also, the scramble key is generated by decrypting the common information included in the transport stream using the generated work key. Further, descrambling processing of the transport stream is performed using the generated scramble key, and the transport stream before scramble is restored and supplied to the demultiplexer 123 of the receiving unit 12.

  The demultiplexer 123 separates the target program packet from the restored transport stream, and supplies the video data packet to the video decoder 13 and the audio data packet to the audio decoder 14. In addition, a data broadcast packet and a transmission control signal packet are supplied to the control unit 27. Further, a packet indicating time information is supplied to the internal clock 25. That is, when the PID (Packet Identifier) of the header in the transport stream indicates that it is TDT (Time and Date Table) or TOT (Time Offset Table), this packet is supplied to the internal clock 25.

  The video decoder 13 performs decompression processing of the compressed video data and outputs the processed signal as a video output signal. The audio decoder 14 performs decompression processing of compressed audio data and outputs the processed signal as an audio output signal.

  The card interface 15 is an interface for reading information from and writing information to the IC card 40 storing information such as a master key uniquely assigned to each receiver.

  The network interface 18 is an interface for connecting to a server 60 that supplies software via the network 50.

  The tuner 121, descrambler 122, demultiplexer 123, video decoder 13, audio decoder 14, card interface 15, and network interface 18 of the reception unit 12 are connected to the control unit 27 via the bus 20. Further, an input unit 21, a non-volatile memory 22, a RAM (Random Access Memory) 23, and a built-in clock 25 are connected to the bus 20.

  The input unit 21 includes a remote control signal receiving unit that receives a signal transmitted from an operation key or a remote control device. In the input unit 21, an operation signal corresponding to the key operation of the operation key is generated and supplied to the control unit 27. Alternatively, a signal transmitted from the remote control device is received, and an operation signal corresponding to a key operation of an operation key provided in the remote control device is supplied to the control unit 27.

  The non-volatile memory 22 stores software for operating the broadcast receiving apparatus 10, software for application programs, and the like. The non-volatile memory 22 stores unique identification information and encryption algorithm that each broadcast receiving apparatus individually has so that it cannot be rewritten by a user operation. For example, the manufacturing serial number is stored. The identification information is not limited to the information stored in the non-volatile memory 22, and for example, network node information set in the network interface 18 can be used.

  The RAM 23 is a memory for storing various information when the control unit 27 controls each unit of the broadcast receiving apparatus 10 to perform a desired operation.

  The built-in clock 25 synchronizes the time of the clock function of the broadcast receiving apparatus 10 with the time on the broadcast station side based on the packet signal including the time information supplied from the demultiplexer 123. In addition, since the time can be set correctly by using the time information supplied from the broadcast station side, the broadcast receiving apparatus 10 does not have a time setting function by a user operation.

  The control unit 27 generates a control signal based on the operation signal, supplies the control signal to each unit, and controls the operation of the broadcast receiving apparatus 10 to be an operation corresponding to the user's key operation. When communicating with the server 60, the control unit 27 generates an encryption key based on information obtained only by receiving a broadcast, and performs encryption or decryption using the encryption key. Here, since the function of setting the time by the user operation is not provided in the broadcast receiving apparatus 10, the time indicated by the built-in clock 25 is information obtained only by receiving the broadcast. Therefore, the control unit 27 performs a process of generating an encryption key based on the time information of the built-in clock 25. In addition, when a user operation for requesting software is performed, the control unit 27 encrypts the software request with the generated encryption key and supplies the encrypted software request to the server 60, or the software supplied after being encrypted from the server 60. The decryption process is performed with the generated encryption key. This encryption or decryption is performed using an encryption algorithm stored in the nonvolatile memory 22.

  The network interface 61 of the server 60 is an interface for connecting to the broadcast receiving apparatus 10 via the network 50. The network interface 61 is connected to a bus 62, and an encryption algorithm storage unit 63, a built-in clock 65, a software storage unit 66, and a control unit 67 are connected to the bus 62.

  The encryption algorithm storage unit 63 stores an encryption algorithm corresponding to the encryption algorithm stored in the nonvolatile memory 22 of the broadcast receiving apparatus 10. That is, the encryption algorithm storage unit 63 stores an algorithm for decrypting a signal encrypted with the encryption algorithm stored in the nonvolatile memory 22 of the broadcast receiving device 10. Further, even if the signal is encrypted with the stored encryption algorithm, the encrypted signal can be decrypted with the encryption algorithm stored in the nonvolatile memory 22 of the broadcast receiving apparatus 10.

The built-in clock 65 indicates time information transmitted by broadcasting, that is, a time equal to the built-in clock 25 of the broadcast receiving apparatus 10.
The software storage unit 66 stores software such as update programs and application programs. The software storage unit 66 stores information used when software is supplied, for example, unique identification information that each broadcast receiving apparatus has individually.

  The control unit 67 communicates with the broadcast receiving device 10 and supplies software such as an update program and an application program to the broadcast receiving device 10. Here, the time indicated by the internal clock 65 is the same as the time indicated by the internal clock 25 of the broadcast receiving apparatus 10. That is, the time indicated by the built-in clock 65 corresponds to information obtained only by receiving a broadcast. Therefore, the control unit 67 performs processing for generating an encryption key based on the time information of the built-in clock 65. In addition, the control unit 67 decrypts the software request encrypted and supplied from the broadcast receiving device 10 with the generated encryption key, and decrypts the software requested with the software request with the generated encryption key. A process of supplying the request to the broadcast receiving apparatus is performed. This encryption or decryption is performed using an encryption algorithm stored in the encryption algorithm storage unit 63.

  Next, the software download operation will be described with reference to FIG. The broadcast receiving apparatus 10 receives a broadcast (ST1), and performs various setting processes based on information obtained by receiving this broadcast (ST2). For example, the time of the built-in clock 25 is synchronized with the time indicated by TOT.

  When a software request operation is performed on the broadcast receiving apparatus 10 (ST3), the control unit 27 issues a software request to the server 60 (ST4). For example, when the control unit 27 determines from the operation signal from the input unit 21 that the user operation requesting the software of the application program has been performed, the control unit 27 determines that the software request operation has been performed and issues a software request to the server 60. Do. Alternatively, the provision of an update program is notified using broadcasting or the like, and when it is determined by the operation signal from the input unit 21 that a user operation requesting this update program has been performed, a software request operation is performed. As a result, a software request is made to the server 60. Alternatively, when the provision of an update program is notified using broadcasting or the like, when the setting is made to automatically request the update program, it is assumed that the software request operation has been performed and the server 60 is notified. Make software requests to them.

  When making a software request, the control unit 27 performs an encryption process using information obtained only by receiving a broadcast. Also, not only information obtained only by receiving broadcasts, but also encryption processing that uses unique identification information that each broadcast receiving device has individually, and encryption processing that also uses unique information unique to the requested software I do. Hereinafter, a case where each encryption process is used will be described individually.

  The control unit 27 is assumed to use a common key cryptosystem as the encryption process. As the encryption algorithm, for example, a 64-bit block encryption algorithm, a 128-bit block encryption algorithm, a stream encryption algorithm, or the like is used.

  When the encryption process is performed using information obtained only by receiving the broadcast, the control unit 27 generates, for example, an encryption key having a predetermined bit length by digitizing the time indicated by the built-in clock 25. In this way, if the encryption key is generated based on information obtained only by receiving the broadcast, the user cannot freely change the information used for generating the encryption key. Analysis can be prevented from being easily performed.

  Moreover, in order to misrepresent information obtained only by receiving a broadcast, a facility for transmitting the misrepresented information as a broadcast is required. In other words, the process of multiplexing the misinformation and the control information such as the misinformation NIT (Network Information Table) to form one stream signal, the process of modulating this stream signal, and the modulated signal are used in broadcasting. Processing to convert to a frequency band signal must be performed. Therefore, information obtained only by receiving a broadcast cannot be easily misrepresented.

  For this reason, a spoofing server 70 is connected to the network 50 in FIG. 1, and information obtained only when the spoofing server 70 receives a broadcast is spoofed to connect to the broadcast receiving device 10. The risk of supplying software to the broadcast receiving apparatus 10 can be reduced.

  The control unit 67 of the server 60 performs response processing to the software request supplied from the broadcast receiving device 10 via the network 50 (ST5). That is, the control unit 67 generates an encryption key based on the time information indicated by the built-in clock 65, and uses the encryption key to encrypt the software encrypted based on the encryption algorithm stored in the encryption algorithm storage unit 63. Decrypt the request.

  When the time information indicated by the built-in clock 65 is used for generating the encryption key, the encryption key used for encryption and the encryption key used for decryption are different unless the time required for transmitting the software request is taken into consideration. . For this reason, when the control unit 67 cannot decrypt with the encryption key generated from the time information of the current time indicated by the internal clock 65, the control unit 67 repeatedly generates the encryption key using the time information traced back in the past direction. Decrypt with encryption key. At this time, if it is set in advance so that the time information is sequentially used for a time slightly longer than the time required for transmission of the software request, the software request from the broadcast receiving apparatus 10 can be correctly decoded. A software request encrypted using incorrect time information will not be decrypted. Therefore, the control unit 67 can eliminate unauthorized software requests.

  Further, if the time resolution of the time information used by the control units 27 and 67 is set coarsely, the time required for decoding the software request can be shortened. For example, when the hour / minute / second is indicated by the time information, the time resolution is coarsened by rounding up or down the last digit of the second. In this way, the control units 27 and 67 often generate encryption keys based on the same time information. Therefore, it is possible to reduce the case where it takes time to decrypt the software request by generating the encryption key based on the time information traced back in the past direction. Furthermore, if the time resolution is set coarsely, even if an encryption key is generated based on time information traced back in the past, the number of times the encryption key is generated until the correct encryption key is obtained is reduced. It is possible to reduce the time required for decoding the server 60 and also reduce the load on the server 60.

  When the software request is correctly decrypted in the response process, the control unit 67 of the server 60 encrypts the software instructed by the software request. Further, the control unit 67 performs software transmission for transmitting the encrypted software to the broadcast receiving apparatus that has made the software request (ST6). Note that the software to be transmitted is an application program, an update program, or an image file thereof (a file indicating the memory contents when the program is written in the memory).

  In this software encryption, the control unit 67 of the server 60 encrypts the encryption algorithm stored in the encryption algorithm storage unit 63 using the encryption key generated based on the time information of the built-in clock 65.

  The control unit 27 in the broadcast receiving apparatus 10 that has made the software request performs an installation process of the software supplied from the server 60 (ST7). In this introduction process, the control unit 27 decrypts the encrypted software using the encryption key generated based on the time information of the built-in clock 25. When decryption is not possible, the encryption key is generated based on the time information in the past direction as in the server 60. Further, as described above, if the encryption key is generated by coarsening the time resolution of the time information, decryption in the broadcast receiving apparatus 10 can be facilitated.

  As described above, if encryption is performed by the broadcast receiving apparatus 10 and the server 60 using information obtained only by receiving a broadcast, for example, an encryption key generated based on time information, the encryption is performed with time. Since the key changes, it is not possible to easily analyze the encryption key or the encryption algorithm even if the software request or the supplied software is eavesdropped. Therefore, it is possible to distribute the software safely and to tamper with the software. Further, after eavesdropping on the network traffic and after a lapse of time, it is possible to prevent the software from being introduced from the spoofing server to the broadcast receiving apparatus again or received by a different broadcast receiving apparatus. Furthermore, if the software request is encrypted including the time information, the server 60 has a large time difference between the time information used for generating the encryption key and the time information included in the software request when the software request can be correctly decrypted. Sometimes it is possible to invalidate a software request for possible tampering.

  Next, a description will be given of a case where encryption processing is performed using not only information obtained only by receiving a broadcast but also unique identification information that each broadcast receiving apparatus individually has.

  The control unit 27 generates an encryption key based on the time information and the identification information in the above-described software request. For example, the time information and the identification information are digitized to generate an encryption key having a predetermined bit length. Thus, if the identification information is used, each broadcast receiving apparatus can generate a unique encryption key. Further, the control unit 27 may encrypt not only the software request but also the software request including identification information.

  In the response process described above, the control unit 67 of the server 60 reads the identification information of the broadcast receiving apparatus that has requested the software from the software storage unit 66, and generates an encryption key based on the read identification information and time information. I do.

  Here, the broadcast receiving apparatus that has made the software request may be determined by using the transmission source information added when the encrypted software request signal is transmitted via the network 50. For example, when a so-called global address is assigned as node information in each broadcast receiving apparatus, and a software request is transmitted using this global address as transmission source information, the broadcast requesting the software request from this global address is performed. The receiving device can be identified.

  The control unit 67 performs decryption based on the encryption algorithm stored in the encryption algorithm storage unit 63 using the encryption key generated from the time information and the identification information. When the decryption of the software request is correctly performed, the control unit 67 encrypts the software instructed by the software request and supplies the encrypted software to the broadcast receiving apparatus that has made the software request. In this software encryption, the control unit 67 encrypts the encryption algorithm stored in the encryption algorithm storage unit 63 using the encryption key generated based on the time information and identification information of the built-in clock 65.

  The control unit 27 in the broadcast receiving apparatus 10 that has made the software request decrypts the software supplied from the server 60 using the encryption key generated using the time information and the identification information of the built-in clock in the introduction process described above. I do. When decryption is not possible, the encryption key is generated based on the time information in the past direction as in the server 60. Furthermore, as described above, if the encryption key is generated by coarsening the time resolution of the time information, decryption in the broadcast receiving apparatus 10 can be facilitated.

  As described above, if the identification information is used for generating the encryption key, only the software request from the correct broadcast receiving apparatus is decrypted, and the control unit 67 of the server 60 can eliminate the illegal software request. . In addition, since the encrypted software transmitted from the server 60 can be decrypted only by the broadcast receiving apparatus at the correct transmission destination, the encrypted software is decrypted even if wiretapping is performed. The risk of being lost can be reduced.

  Further, the control unit 67 can manage the download history of each broadcast receiving device by associating the requested software with the identification information and storing them in the software storage unit 66. For example, the version of each broadcast receiving device can be managed. You can grasp the up state. Moreover, since the control part 67 can discriminate | determine the broadcast receiver which performed the request | requirement, it can also set the software which can be supplied for every broadcast receiver, and can also restrict | limit supply of software. In addition, services such as billing for software town roads can be performed.

  Furthermore, the above-described identification information may include device information indicating the configuration of the broadcast receiving device. As the device information of the broadcast receiving device, the hardware configuration and software configuration of the broadcast receiving device, for example, when having a display unit for displaying the video of the program content, the screen size of the display unit, and the storage unit for storing the program content are included. When provided, information indicating the capacity of the storage unit, the version of software installed in the broadcast receiving apparatus, and the like is used. If these pieces of device information are included in the identification information, the server 60, when the identification information is included in the software request, even if the requested software is not individually indicated, the broadcast receiving device that has made the software request. The software corresponding to the configuration can be selected and supplied to the broadcast receiving apparatus.

  The control unit 67 associates the time difference between the time indicated by the built-in clock 65 and the time information used for generating the encryption key that was able to correctly decrypt the software request with the identification information, for example, in the software storage unit 66. It may be memorized. In this case, since the temporal fluctuation of the software request from each broadcast receiving device can be grasped, if the generation of the encryption key and the setting of the time range going back in the past are performed in consideration of this temporal fluctuation, Software requests from the receiving device 10 can be quickly decoded, and software requests using illegal time information can be efficiently eliminated.

  As the identification information, identification information stored in the IC card 40 attached to the card interface 15 can be used. In this case, the supply of software is controlled not to the main body of the broadcast receiving apparatus but to the IC card 40, and software can be provided for each user having the IC card 40.

  Next, a software download operation using information obtained only by receiving a broadcast and software specific information will be described. The software specific information is information shared between the broadcast receiving apparatus and the server.

  The control unit 27 generates an encryption key based on the time information of the internal clock 25 and the software specific information in the above-described software request. For example, the time information and the software specific information are digitized to generate an encryption key having a predetermined bit length. In this way, if software specific information is used, a unique encryption key can be generated for each requested software. The control unit 27 may encrypt the software request including the software specific information.

  In the response process described above, the control unit 67 of the server 60 reads the software unique information from the software storage unit 66 and generates an encryption key based on the read software unique information and time information.

  Here, if a plurality of pieces of software can be provided from the server 60, a process for determining the software requested by the broadcast receiving apparatus is required. However, since the software request is encrypted, the requested software cannot be determined. Therefore, when the software request cannot be correctly decrypted with the generated encryption key, the process of newly reading the software unique information from the software storage unit 66 and generating the encryption key is repeated, and decryption is performed using the generated encryption key. I do. Further, if the process of generating the encryption key is repeatedly performed, it may take time to decrypt the software request when the number of software that can be provided is large. For this reason, it is assumed that software requests distributed to a plurality of time zones are received only in the assigned time zone. In this way, since the number of software that can be provided in each time zone is reduced, it is possible to prevent the time required until a correct encryption key is generated from being increased.

  The control unit 67 performs decryption based on the encryption algorithm stored in the encryption algorithm storage unit 63 using the encryption key generated based on the time information and the software unique information. Here, when the software request is correctly decrypted, the control unit 67 encrypts the software indicated by the software specific information included in the software request and supplies the encrypted software request to the broadcast receiving apparatus that has made the software request. In this software encryption, the control unit 67 encrypts the encryption algorithm stored in the encryption algorithm storage unit 63 using the encryption key generated based on the time information of the built-in clock 65 and the software unique information.

  The control unit 27 in the broadcast receiving apparatus 10 that has made the software request uses the encryption key generated based on the time information of the built-in clock 25 and the software unique information in the introduction process described above, and the software supplied from the server 60. Decrypt.

  As described above, if the encryption key is generated also using the software specific information, the software request is decrypted by the server 60 when the software requesting the software request is correctly specified. In 67, unauthorized software requests can be eliminated. In addition, since the software supplied from the server 60 can be decrypted only by the broadcast receiving apparatus that has requested this software, the encrypted software is decrypted even if wiretapping is performed. Risk can be reduced.

  Further, the control unit 27 and the control unit 67 generate an encryption key based on the time information, the identification information, and the software specific information, or add the time information, the identification information, and the software specific information to the software request or the requested software. May be included. In addition, if the control unit 27 or the control unit 67 transmits the information to be encrypted with an error detection code or error correction code added thereto, the control unit 27 or the control unit 67 uses these codes to correct the correct software request without error or the requested software. Only can be used.

  Further, the server 60 may set conditions for accepting the request in response to the request from the broadcast receiving apparatus. As an acceptance condition of the request, for example, a software request with the same identification information, that is, a software request with the same manufacturing serial number or a software request with the same network node information, so that the software supply is not repeatedly performed in a short time On the other hand, software is supplied at a predetermined time interval. Further, the number of times of supply per day is set to the same identification information in advance and limited. Furthermore, when the number of times of software supply is integrated and the number of times of integration reaches a preset number, software supply is not performed. Further, when a plurality of broadcast receiving apparatuses can be connected to the same network node information, for example, when a plurality of private addresses can be set for one global bus address, the same network node Limit the number of broadcast receivers that can be connected to When a global address is individually assigned to each broadcast receiving device, the software request is invalidated when the global address indicated by the software request signal is different from the actual global bus address. As described above, if the request acceptance condition is set, the software is not supplied without limitation to the request from the broadcast receiving apparatus, and the risk of the analysis of the encryption method can be reduced.

  By the way, the identification information is information that cannot be rewritten by a user operation. If this identification information can be updated from the server 60, it is possible to prevent the same identification information from being used repeatedly, and the encrypted software Analysis of requirements and provided software can be made more difficult.

  FIG. 3 shows a software download operation when the identification information is updated. Also, the encryption key is generated using the identification information.

  The control unit 67 of the server 60 generates an encryption key based on the time information and the identification information as described above in the response process (ST8) of the software request supplied from the broadcast receiving device 10 via the network 50. The software request is decrypted using the generated encryption key. In addition, when the software request is correctly decrypted, the control unit 67 encrypts the software instructed by the software request including the instruction to update the identification information. In this encryption, the encryption algorithm stored in the encryption algorithm storage unit 63 is encrypted using the encryption key generated based on the time information of the internal clock 65 and the identification information before update.

  The control unit 67 performs software transmission for supplying the encrypted software to the broadcast receiving apparatus that has made the software request (ST9).

  The control unit 27 of the broadcast receiving apparatus 10 that has made the software request performs an installation process of the software supplied from the server 60 (ST10). In the introduction process, the control unit 27 uses the encryption key generated as described above to decrypt the encrypted software. Here, when the decryption is correctly performed, the control unit 27 updates the identification information based on the update instruction included in the decrypted software.

  Thereafter, when a software request operation is performed (ST11), the control unit 27 makes a software request to the server 60 (ST12). When making this software request, the control unit 27 generates an encryption key based on information obtained only by receiving the broadcast and the updated identification information. In addition, the software request is encrypted with the generated encryption key and supplied to the server 60 so that the software request includes the updated identification information or the identification information before and after the update.

  The control unit 67 of the server 60 is based on the information obtained only by receiving the broadcast and the updated identification information in the response process (ST13) to the software request supplied from the broadcast receiving device 10 via the network 50. An encryption key is generated, and the software request is decrypted using the generated encryption key. Here, since the updated identification information is used to generate the encryption key, when the software request is correctly decrypted, it can be determined that the identification information has been updated in the broadcast receiving apparatus. In addition, when the software request is encrypted including the updated identification information and the identification information before and after the update, when the identification information obtained by decryption matches the updated identification information, the identification information is correctly It can be determined that the update has been performed.

  When the software request is correctly decrypted, the control unit 67 encrypts the software designated by the software request. In this encryption, the encryption algorithm stored in the encryption algorithm storage unit 63 is encrypted using the encryption key generated based on the time information of the internal clock 65 and the updated identification information.

  The control unit 67 performs software transmission for transmitting the encrypted software to the broadcast receiving apparatus that has made the software request (ST14).

  The control unit 27 in the broadcast receiving apparatus 10 that has made the software request performs an installation process of the software supplied from the server 60 (ST15). In this introduction process, the control unit 27 decrypts the encrypted software using the encryption key generated as described above, and introduces the software obtained when the decryption is correctly performed. .

  Further, when the control unit 27 updates the identification information based on the update instruction, the server 60 identifies the server 60 if the change completion notification indicating that the update of the identification information has been completed is sent to the server 60. Whether or not information has been updated can be quickly grasped.

  In the change completion notification, the identification information before the update and the identification information after the update are encrypted and transmitted with the time information or the encryption key generated based on the time information and the identification information. The control unit 67 of the server 60 determines whether or not a change completion notification is supplied from the broadcast receiving apparatus that has transmitted the update instruction. Here, when the change completion notification is supplied, decryption is performed using the encryption key generated based on the time information or the time information and the identification information, and when the change completion notification is correctly decrypted, the change completion notification It can be determined that the update of the identification information is completed based on the identification information before the update and the identification information after the update shown in FIG. Further, when it is determined that the update of the identification information is completed, if the procedure such as reconfirmation from the server 60 is taken, it is ensured that the update of the identification information is completed in each of the broadcast receiving device and the server. I can confirm.

  If the identification information is updated in this way, even if the identification information is leaked, even if the software is downloaded illegally using the leaked identification information, the fraud continues. Can be prevented.

It is a figure which shows the structure of a software download system. It is a sequence diagram which shows software download operation | movement. It is a sequence diagram which shows software download operation | movement (when updating identification information).

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Broadcast receiver, 11 ... Antenna, 12 ... Receiver, 13 ... Video decoder, 14 ... Audio decoder, 15 ... Card interface, 18, 61 ... Network interface 20, 62 ... bus, 21 ... input unit, 22 ... non-volatile memory, 23 ... RAM, 25, 65 ... built-in clock, 27, 67 ... control unit, 40. ... IC card, 50... Network, 60... Server, 63 .. cryptographic algorithm storage unit, 66... Software storage unit, 70.・ Descrambler, 123 ・ ・ ・ Demultiplexer

Claims (9)

In a software download system having a broadcast receiving device for receiving a broadcast and a server connected to the broadcast receiving device via a network and supplying software,
The broadcast receiving device includes a process for generating an encryption key based on information obtained only by receiving a broadcast, a process for encrypting a software request with the encryption key and supplying the encrypted request to the server, and an encryption from the server. A control unit that performs a process of decrypting the supplied software with the encryption key,
The server generates a cryptographic key based on information obtained only by receiving a broadcast, decrypts a software request supplied encrypted from the broadcast receiving device with the cryptographic key, A control unit that performs processing for encrypting software corresponding to a software request with the encryption key and supplying the software to the broadcast receiving device that has made the software request ,
Time information was used as information obtained only by receiving the broadcast.
Software download system. The software download system according to claim 1, wherein the encryption key is generated based on information obtained only by receiving the broadcast and unique identification information that the broadcast receiving apparatus has individually. The control unit of the broadcast receiving device shall include the identification information in the software request,
The control unit of the server supplies software corresponding to the software request when the identification information used to generate the encryption key matches the identification information included in the decrypted software request. Item 3. The software download system according to Item 2 . The control unit of the broadcast receiving device includes device information indicating a configuration of the broadcast receiving device in the identification information,
The software download system according to claim 3 , wherein the control unit of the server determines software to be supplied based on device information included in the identification information. The control unit of the server shall include an update instruction for the identification information when supplying software corresponding to the software request to the broadcast receiving device,
The software download system according to claim 2 , wherein when the software supplied from the server includes an update instruction for the identification information, the control unit of the broadcast receiving apparatus updates the identification information based on the update instruction. . The software download system according to claim 1, wherein the encryption key is generated based on information obtained only by receiving the broadcast and unique information of software requested by the software request. A receiver for receiving broadcasts;
A network interface for connecting to a server supplying software via a network;
A process of generating an encryption key based on information obtained only by receiving the broadcast at the receiving unit, a process of encrypting a software request with the encryption key and supplying it to the server, and encrypted from the server A control unit that performs a process of decrypting the supplied software with the encryption key ;
I have a,
A broadcast receiving apparatus using time information as information obtained only by receiving the broadcast. A software storage unit in which software to be supplied is stored;
A network interface for connecting to a broadcast receiving device via a network;
A process for generating an encryption key based on information equal to information obtained only by receiving a broadcast at the broadcast receiving apparatus, and a software request encrypted and supplied from the broadcast receiving apparatus is decrypted with the encryption key. A control unit that performs processing, and reads the software requested by the software request from the software storage unit and encrypts it with the encryption key, and then supplies the software request to the broadcast receiving device that has made the software request ;
Equipped with a,
A server using time information as information obtained only by receiving the broadcast . In a software download method for supplying software from a server to a broadcast receiving device that receives a broadcast via a network,
The broadcast receiving device is
Generating an encryption key based on information obtained only by receiving a broadcast;
Encrypting a software request with the encryption key and supplying it to the server;
Decrypting the software supplied encrypted from the server with the encryption key ;
Have
The server is
Generating an encryption key based on information obtained only by receiving a broadcast;
Decrypting the software request encrypted and supplied from the broadcast receiving device with the encryption key;
Supplying the software in response to the software request to the broadcast receiving apparatus that has made the software request by encrypting the software with the encryption key ;
I have a,
Time information was used as information obtained only by receiving the broadcast.
Software download method.

Images