JP5053014B2 - Reception device and stream transmission device - Google Patents

Description

  The present invention relates to a signature verification method, a stream generation method, a reception apparatus, and a stream transmission apparatus, and more particularly, to a signature verification technique for appropriately authenticating / verifying an entire stream.

  Conventionally, content such as television and radio has been broadcast / transmitted in an analog format. However, with the recent development of digital technology, content and service data have been digitized, and content and service have been broadcast in the form of digital data. Furthermore, terrestrial digital broadcasting has been put into practical use, and one-segment broadcasting, which is digital broadcasting for mobile terminals, has started.

  In such digital broadcasting, not only normal video and audio services (contents) but also services such as captions and data for data broadcasting (content-attached information) are broadcast. Such content and content-attached information are packetized and broadcast as a series of packets by streaming. In particular, since terrestrial digital broadcasting (including one-segment broadcasting) is transmitted using radio waves, when an attacker transmits an illegal broadcast wave as a jamming radio wave on the same channel, a general viewer The digital broadcast receiving terminal used by can not distinguish between a broadcast wave by a regular broadcast station and an illegal broadcast wave by an attacker. FIG. 18 schematically shows, for example, a situation when illegal broadcasting is performed in a conventional system. As shown in FIG. 18A, a receiving terminal in an environment where the attacker's unauthorized broadcast wave is stronger than the regular broadcast wave regards the unauthorized broadcast wave as a regular broadcast wave. I receive it. Accordingly, as shown in FIG. 18B, the viewer views the video and audio based on the illegal broadcast wave without realizing it, and recognizes that the video and audio information is correct. There is a fear. In the case of one-segment broadcasting, it is expected that transmission devices such as relay devices and gap fillers for difficult viewing areas in urban areas such as underground shopping centers and indoors are expected. Furthermore, in the case of one-segment broadcasting, a small transmission device has been developed that performs independent broadcasting for a narrow reception area in a store or commercial facility. In such a receiving device that receives broadcast waves from various types of transmission devices, whether or not the received broadcast wave is a broadcast wave from a regular broadcast station, or a reliable business operator If there is a function for discriminating whether or not the broadcast wave is from, it is convenient for the user, but such a mechanism and technology have not been developed.

  As described above, improper broadcasting may cause problems such as spoofing to a legitimate broadcasting station, data falsification, and guidance to a malicious site (phishing fraud). In particular, for data such as caption broadcasting and data broadcasting, information important for economic activities (names, specifications and prices of products sold by TV / radio shopping, or economic indicators such as stock prices and economic statistics) is distributed. The As a result, various economic activities are often carried out between viewers and companies, and it is very important to guarantee the legitimacy and reliability of the content of broadcast waves (ie, the non-falsification of content and content-attached information). Is important to. For example, since data broadcasting is broadcast in BML (Broadcast Markup Language), a script written in BML causes a command to jump to a link destination URL unrelated to broadcasting or a command to start an unnecessary application. May be replaced with malicious code. It is also very important to prevent such an operation different from the original operation.

  Therefore, in order to guarantee the legitimacy and safety of the broadcast wave, authentication information is derived from each packet, each derived authentication information is added to each packet, and the content is authenticated on the receiving side in units of packets. There has been proposed a message authentication device that confirms that the message has not been tampered with (see Patent Document 1). FIG. 19 shows a technique for adding a hash value to a transport stream packet according to the conventional technique.

FIG. 19 shows a technique of adding a hash value to a stream transfer type packet according to the conventional technique. As shown in FIG. 19A, the transfer method packet does not include information for authentication, and the non-tampering property cannot be proved. For example, as shown in FIG. 19B, there is a conventional technique in which a hash value is calculated from a message of each packet using a hash function, and the calculated hash value is added to the packet used for the hash calculation.
JP 2001-251296 A

  The above-described prior art can authenticate individual packets, but cannot authenticate the entire packet stream (that is, a series of packets).

  In addition, in order to perform authentication processing for each packet, the receiving device needs to have a high calculation processing capability, and the calculation processing capability is relatively low, such as a mobile phone terminal device, an STB (Set Top Box), a PDA (Personal Digital). It is difficult to apply the conventional message authentication technique described above to a small receiving device such as Assistants) because the calculation load is too heavy.

  Furthermore, when using wireless transmission such as terrestrial digital broadcasting when authenticating the entire stream, the radio wave propagation environment is often poor, and in such cases communication errors such as packet loss occur frequently, so this There is a high possibility that authentication processing cannot be performed due to such frequent packet loss. In particular, in the broadcast / multicast wireless transmission path, the packet loss is not retransmitted even though the probability of packet loss is greatly increased, and authentication processing cannot be performed. Therefore, in order to put message authentication into practical use in an environment where there are many packet losses, such as wireless communication, a technique for improving resistance to reception errors represented by packet loss is also required.

  Therefore, an object of the present invention is to provide a stream authentication / verification technique (apparatus, method) for appropriately authenticating / verifying the entire stream.

In order to solve the above-described problems, the receiving device according to the first invention provides:
A receiving unit that receives a transport stream with signature information and a verification packet (VP: Verification Packet) for verifying the signature of the transport stream;
Based on an identifier included in a part of each packet of the transport stream, the transport stream packet used to generate a hash value as signature information is determined, and a specific packet is extracted from the received transport stream An extractor to perform,
A generation unit that generates a hash value by using the specific transport stream packet extracted by the extraction unit as many as the number indicated by the identifier included in the verification packet;
A counter unit that counts the number of specific transport stream packets extracted based on an identifier included in the packet after receiving the verification packet;
A collation unit that collates a hash value as signature information included in the verification packet received next by the reception unit and the generated hash value;
If the hash value as the signature information included in the verification packet and the generated hash value do not match as a result of the verification by the verification unit, the verification packet and the next received verification packet In the section, the number of packets counted by the counter unit (that is, the number of packets that are normally received in the section) and the transport stream defined by the identifier included in the verification packet When the number of packets (that is, the number of target TSPs that should exist in the section between the verification packet and the next received verification packet) does not match, a processing unit that excludes the section from the signature verification section;
It is characterized by comprising.

The receiving apparatus according to the second invention is
When the hash value as the signature information and the generated hash value do not match as a result of the verification by the verification unit, the processing unit counts the number of packets counted by the counter unit and the verification packet. When the number of transport stream packets specified by the included identifier matches, the section is determined to be an illegal section.
It is characterized by that.

A receiving device according to a third invention is
When content or service is output using a transport stream packet in a section excluded from the signature verification section, output of the content or service is performed based on a signature verification result before and / or after the excluded section. A control unit for controlling
It is characterized by further comprising.

A receiving device according to a fourth invention is
An identifier included in a part of each packet is stored in a transport scrambling control field of header information of a transport stream packet,
Based on the identifier stored in the transport scrambling control field of header information of the transport stream packet, the extraction unit determines the transport stream packet used to generate the hash value as the signature information, Extract transport stream packets,
It is characterized by that.

  As described above, the solution of the present invention has been described as an apparatus. However, the present invention can be realized as a method, a program, and a storage medium storing the program, which are substantially equivalent to these. It should be understood that these are also included.

Although the present invention has been described as a receiving apparatus on the receiving side and a method in the receiving apparatus, the present invention may be configured as a transmitting apparatus on the transmitting side or a method in the transmitting apparatus. For example, the stream transmitting apparatus according to the fifth invention is:
A setting unit that sets an identifier for identifying a specific packet and an identifier that defines the number of the specific packet;
Based on an identifier for identifying a specific packet set by the setting unit, a specific packet is selected from the transport stream, and the selected transport stream packet is used by the number indicated by the identifier that defines the number of packets. A generation unit that generates a hash value as signature information;
A stream generation unit that generates a stream by arranging a verification packet including an identifier for identifying a specific packet, an identifier that defines the number of the specific packets, and a hash value in a transport stream;
A transmission unit for sequentially transmitting packets included in the generated stream,
The stream generation unit includes an identifier for identifying a specific packet in a header of the selected transport stream packet;
It is characterized by that.

  According to the present invention, the entire stream can be properly authenticated.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The present invention can be applied regardless of whether the transmission path of the packet (broadcast wave) is wired or wireless, but packet loss is likely to occur, and one that uses the wireless transmission path that will most enjoy the advantages of the present invention. A description will be given in a mode applied to the segment broadcasting system. Typical examples of a receiving apparatus having a one-segment broadcast receiving function are a mobile phone terminal and a notebook personal computer.

  FIG. 1 is a block diagram showing a basic configuration of a receiving apparatus according to an embodiment of the present invention. As shown in the figure, the receiving device 100 includes an antenna ANT1, a receiving unit 110, a hash value calculation unit (generation unit) 120, a packet processing unit 130, an authentication unit 140, a control unit 150, a memory 160, an output unit 170, and A decoder 180 is provided. The antenna ANT1 receives a broadcast wave including a packet and supplies the received broadcast wave to the receiving unit 110. The receiving unit 110 converts a transport stream (TS) signal (TS packet and verification packet) obtained by performing signal processing (such as OFDM demodulation processing) from the received broadcast wave to a hash value calculation unit 120, a packet processing unit 130, and Supply to the memory 160. The memory 160 stores TS packets.

  Further, the receiving unit 110 separates and analyzes information for specifying content (for example, program specifying information PSI storing the program association table PAT and the program map table PMT) from the received transport stream. Then, based on the information, the video signal, the audio signal, and the data signal are separated from the transport stream. The decoder 180 decodes audio packets, video packets, data broadcast packets, and the like stored in the memory 160 and supplies them to the display unit 172 and the speaker 174 provided in the output unit 170.

  The packet processing unit 130 extracts a verification packet (VP packet) from the TS signal, and serves as signature information for a series of TS packets that are included in the verification packet and exist in a section [VP-VP] between the verification packets. A hash value H is acquired, and the acquired hash value H is stored in the memory 160. The hash value calculation unit 120 reads one TS packet at a time from the beginning of a series of TS packets after the verification packet, and uses this one TS packet and the calculated hash value h in a chain to obtain a predetermined function. The hash value as signature information is generated / calculated (the details of the generation method will be described later), and the generated hash value h is supplied to the authentication unit 140. The hash value calculation unit 120 repeats the same hash value calculation process every time a new verification packet is received.

  The authentication unit 140 includes a verification unit 142 and a processing unit 144. The collation unit 142 collates whether or not the hash value H as the signature information included in the next verification packet matches the generated hash value h. The decoder 180 decodes audio packets, video packets, data broadcast packets, and the like stored in the memory 160 and supplies them to the display unit 172 and the speaker 174 provided in the output unit 170. If the hash value H as the signature information included in the next verification packet does not match the generated hash value h as a result of the collation by the collation unit 142, the processing unit 144 determines that the section is an illegal section. Then, the determination result (collation result) is supplied to the control unit 150.

  The control unit 150 controls the supply of data to the output unit 170 and the decoder 180. Based on the determination result supplied from the authentication unit 140, the control unit 150 stops the output of the content or service using the transport stream packet of the section determined to be an unauthorized section, or indicates that the section is an unauthorized section. The display unit 172 and the speaker 174 are controlled so as to output by adding a character, superimpose and output a character to that effect, or output a sound indicating that.

  FIG. 2 is a block diagram showing a basic configuration of a transmission apparatus according to an embodiment of the present invention. As shown in the figure, the transmission apparatus 200 includes a hash value calculation unit (generation unit) 210, a stream generation unit 220, a transmission unit 230, a counter unit 240, a memory 250, and an antenna ANT2. The transmission device 200 receives an original message (original series of TS packets) to be transmitted from a higher-level device (such as a content server) via a wired connection or the like. For example, the hash value calculation unit 210 starts from the head of the “series of packets” between the first null packet and the second null packet that is one or more after that (that is, the second and subsequent null packets). , TS packets are read one by one, and the hash value h as signature information is calculated using a predetermined hash function using the one TS packet and the calculated hash value in a chain. The hash value calculated using the message of the last TS packet in the section and the previously calculated hash value h is set as a hash value H as signature information. The counter unit 240 counts the number of packets processed in the series of packets described above, and stores the counted value in the memory 250.

  The stream generation unit 220 generates a verification packet including a hash value H as signature information for a preceding series of packet sections, and replaces the above-described null packet with this verification packet. The null packet is inserted into the stream to some extent periodically for timing. In this embodiment, the null packet is replaced with a verification packet, and the information (hash value H) for signature is received by the receiver. To communicate.

  In this way, the stream generation unit 220 arranges the verification packet including the hash value H as signature information for authenticating the message in the section between the verification packets after the series of transport stream packets. Accordingly, the stream generation unit 220 generates a stream in the order of a verification packet, a series of transport stream packets, and a verification packet. The generated stream is sent out as a broadcast wave from the antenna ANT2 after the transmission unit 230 performs necessary processing such as modulation processing.

FIG. 3 is a flowchart showing an example of a signature verification method executed by the receiving apparatus of FIG. First, the hash value calculation unit 120 selects a verification packet in step J11, and then starts loop 1 (steps J13 and J14). Next, in step J13, from the TS packet message m (payload) and the previous hash value h0 (null at the first execution) until the end condition of step J14 is satisfied, that is, until the next verification packet is received. The hash value h is generated (calculated) from all the received TS packets using the following predetermined hash function f.
h = f (m, h0)

  When the next verification packet is received and the loop 1 is finished, the packet processing unit 130 acquires the hash value H as signature information stored in the next verification packet and stores it in the memory 160 in step J15. To do. In step J16, the collation unit 142 in the authentication unit 140 collates whether or not the hash value H as the signature information acquired from the verification packet matches the hash value h generated by the hash value calculation unit 120. . If the acquired hash value H and the generated hash value h match, the processing is completed assuming that the signature information has been successfully authenticated. Under the control of the control unit 150, the TS packet in the relevant section is normally transmitted by the decoder 180. Decoded and output by the output unit 170. If H and h do not match, the process proceeds to step J17, the collation unit 142 regards the section as an illegal section, and the control unit 150 does not output the content received in the section so that the decoder 180 and The output unit 170 is controlled.

  FIG. 4 is a flowchart showing an embodiment of the stream generation method executed by the transmission apparatus of FIG. Here, an embodiment will be described in which a hash value H is obtained from all TS packets in the signature verification section, and this is included in a stream for transmission. As shown in FIG. 4A, in step K11, an original message (original series of TS packets) received from a higher-level device (such as a content server) by a network unit (not shown) provided in the transmission device 200. Thus, a section between the first null packet and the second null packet one or more after that (that is, the second and subsequent null packets) is set as the signature verification section.

  Next, in step K12, the hash value calculation unit 210 uses a predetermined hash function as signature information from all the series of packets in this signature verification section (except for null packets in the section). A hash value H is calculated. In step K13, the stream generation unit 220 creates a verification packet including the obtained hash value H. Next, in step K14, the stream generation unit 220 replaces the null packet at the end point (or the start point) of the section with the generated verification packet, so that a series of TS packets and the verification packet in the signature verification section Generate a series of streams consisting of Finally, in step K15, the transmission unit 230 sequentially transmits (broadcasts) the packets included in the generated series of streams. Note that data and information created and generated in each block in the transmission apparatus 200 are temporarily stored in the memory 250 as necessary, and similarly, stored data and information are read out as necessary. To do.

  The transmission process of the transmission apparatus 200 illustrated in FIG. 2 will be described with reference to FIG. FIG. 5 is a diagram for explaining a technique (on the transmission device side) for calculating a hash value from a transport stream (TS) including a null (NULL) packet in the transmission device 200.

  As shown in the upper part of FIG. 5, the original message (original TS packet) includes packets P0 (null packet), P1 (PID = A), P2 (PID = B), P3 (PID = C), P4 (PID = A), P5 (null packet), and P6 (PID = A) in this order. Here, PID = A is a video signal, PID = B is an audio signal, and PID = C is a packet identifier indicating a data broadcast signal. The hash value calculation unit 210 of the transmission apparatus 200 generates (calculates) a hash value by chaining packets P1 to P4 that are TS packets in the signature verification section [P1 to P4]. First, as shown in the lower part of FIG. 5, a 16-byte hash value h1 is generated from a message (184 bytes) stored in the payload portion of the packet P1 (PID = A) using a predetermined hash function. (calculate. Next, a hash value h2 is generated (calculated) from the hash value h1 and the message m1 (184 bytes) of the packet P2 (PID = B). Similarly, a hash value h3 is generated from the hash value h2 and the message m2 (184 bytes) of the packet P3 (PID = C), and further the message m3 (184 bytes) of the hash value h3 and the packet P4 (PID = A). From this, a hash value h4 is generated (calculated). Since all the packets in the section have been processed, the last hash value h4 is set as the final hash value H, and the packet P5 (null packet) is replaced with a verification packet (VP) including the hash value H. Then, these packets are transmitted (broadcast) as a stream.

  The stream reception process shown in FIG. 5 will be described with reference to FIG. FIG. 6 is a diagram for explaining a method for calculating the hash value from the received transport stream (TS) message and verifying the validity of the message in the receiving apparatus 100 of FIG. As shown in the figure, the hash value calculation unit 210 of the receiving apparatus 100 generates (calculates) a hash value by using packets P1-P4 that are TS packets in the signature verification section [P1-P4] in a chain. First, a 16-byte hash value h1 is generated (calculated) from a message (184 bytes) stored in the payload portion of the packet P1 (PID = A) using a predetermined hash function. Next, a hash value h2 is generated (calculated) from the hash value h1 and the message m1 (184 bytes) of the packet P2 (PID = B). Similarly, a hash value h3 is generated (calculated) from the hash value h2 and the message m2 (184 bytes) of the packet P3 (PID = C), and further, the hash value h3 and the message m3 (packet P4 (PID = A)) of the message m3 ( Hash value h4 is generated (calculated) from (184 bytes). Since the hash value calculation unit 120 has processed all the packets in the section, the hash value calculation unit 120 sets the last hash value h4 as the final hash value. The collation unit 142 acquires the hash value H as signature information stored in the packet P5 (verification packet VP) following the signature verification section from the memory 160. Then, the collation unit 142 collates the calculated hash value h4 with the hash value H of the verification packet P5. In accordance with the collation result of the collation unit 142, the control unit 150 controls the output of content and services in the signature verification section.

  Thus, in this embodiment, since all TS packets (4) in the section are used as the hash value generation source, the same number of hash calculations as the number of TS packets are performed, and the stream calculation is performed. Authentication processing as a whole is possible. However, small portable terminals often have a low calculation capability, and a situation in which the load of hash calculation is too heavy can be considered.

  In the methods shown in FIGS. 5 and 6, four TS packets are described as an example. However, the longer the verification interval, the greater the load of the arithmetic processing. Therefore, a low-load signature verification method for a small portable terminal will be described with reference to FIG. 7 and subsequent drawings.

  FIG. 7 is a block diagram showing a basic configuration of a receiving apparatus to which a low-load signature verification method according to an embodiment of the present invention is applied. As illustrated, the receiving device 100A includes an antenna ANT1, a receiving unit 110, a hash value calculating unit (generating unit) 120A, a counter unit 125, a packet processing unit 130A, an authenticating unit 140A, a control unit 150A, a memory 160, and an output. A unit 170 and a decoder 180. The antenna ANT1 receives a broadcast wave including a packet and supplies the received broadcast wave to the receiving unit 110. The reception unit 110 converts a transport stream (TS) signal (TS packet and verification packet) obtained by signal processing (such as OFDM demodulation processing) from the received broadcast wave, into a hash value calculation unit 120A, a packet processing unit 130A, and Supply to the memory 160. The memory 160 stores TS packets.

  The packet processing unit 130A extracts a verification packet from the TS signal, and further generates a first identifier (packet ID: PID) and a second identifier (signature information in a series of TS packets) stored in the verification packet. The number of packets used in the process: n) is acquired, and the acquired first and second identifiers (PID and n) are stored in the memory 160. Further, the packet processing unit 130A further obtains a hash value H as signature information between verification packets (section [VP-VP]), and stores this in the memory 160.

  The hash value calculation unit 120A has the same number of TS packets (verification target packets) having the same PID as the PID specified by the first identifier from the series of TS packets after the verification packet from which the PID and n are extracted. The selected TS packet is chained to generate a hash value, and the generated hash value h is supplied to the authentication unit 140. When receiving the verification packet, the counter unit 125 clears the counter with 0, increments by 1 each time a TS packet having the same PID as the first identifier is selected, and stores the count value in the memory 160. Each time the hash value calculation unit 120A and the counter unit 125 receive a new verification packet, the same hash value calculation process and count process are repeated. Further, n packets (packets having a PID defined by the first identifier) used for hash calculation may be selected immediately after receiving a verification packet, or before a verification packet to be received next. Of the received packets, the number of packets that are closer to the next received verification packet may be n. That is, a selection rule may be determined in advance between the reception device and the transmission device, and n items may be selected according to the selection rule. The number n defined by the second identifier can be set as appropriate according to the calculation capability of the receiving apparatus.

  The authentication unit 140A includes a verification unit 142 and a processing unit 144A. The collation unit 142 determines whether or not the hash value H as signature information included in the verification packet received next to the verification packet that triggers the hash calculation matches the generated hash value h. Collate. If the hash value H as signature information included in the next verification packet does not match the generated hash value h as a result of the collation, the processing unit 144A determines that the section is an illegal section. The control unit 150A controls the output of the content or service in the unauthorized section by the output unit 170. For example, the control unit 150A performs control so that decoding of the section in the decoder 180 is stopped.

  In this way, since only the specific packet specified by the first identifier and the second identifier is used for the calculation of the hash value, compared to the case of calculating the hash value using all the packets constituting the stream, The calculation load on the receiving side can be reduced. In order to make it difficult for the packet (message) to be tampered with, that is, to increase resistance to attack, it is preferable that the PID as the first identifier is randomly changed for each signature verification section. Further, the number n of packets used for calculation of the hash value can be designated according to the processing capability of the receiving apparatus.

  FIG. 8 shows a block diagram of a transmission apparatus according to an embodiment of the present invention. Processing performed by the transmission apparatus 200A will be described with reference to FIG. FIG. 9 shows a hash value calculation on the transmission side in which the load of hash calculation is reduced using the first identifier (PID) and the second identifier (number of packets n used for hash calculation) while authenticating the entire stream. It is a figure explaining a method. Here, the first identifier (PID) and the second identifier (the number of packets n used for hash calculation) are set by a setting unit (not shown) provided in the transmission apparatus 200A. As shown in the upper part of FIG. 9, the original message (original TS packet) includes packets P0 (null packet), P1 (PID = A), P2 (PID = B), P3 (PID = A), P4 (PID = C), P5 (PID = A), P6 (null packet), P7 (PID = A), P8 (PID = B), P9 (PID = A), P10 (PID = B), P11 (null packet) In this order. In this embodiment, packets P1 to P10 exist in the signature verification section [VP-VP] between verification packets. The packet P0 of the null packet is replaced with a VP packet. This VP packet (P0) includes “PID = A” as the first identifier for the subsequent signature verification section [VP-VP], the number of packets “n = 4” as the second identifier, And the hash value H for the section preceding.

  The hash value calculation unit 210A of the transmission apparatus 200A sequentially selects up to n TS packets with a PID of A according to the first identifier and the second identifier, and generates hash values in a chain. That is, the hash value calculation unit 210A generates a hash value by using the same number of TS packets having the same PID as the PID specified by the first identifier, and a verification packet including the generated hash value. Replace P11 (null packet). In this stream, there is a packet with PID A in the packet P9, but since the number of packets designated by n is selected at the time of the packet P7, the packet P9 is not used for the hash calculation. Also, packets with PID other than A, such as packet P2, are excluded from the hash calculation. Specifically, first, as shown in the lower part of FIG. 9, a 16-byte hash value is obtained from a message (184 bytes) stored in the payload portion of the packet P1 (PID = A) using a predetermined hash function. h1 is generated. Next, a hash value h2 is generated (calculated) from the hash value h1 and the message m1 (184 bytes) of the packet P3 (PID = A). Similarly, a hash value h3 is generated from the hash value h2 and the message m2 (184 bytes) of the packet P5 (PID = A), and further, the message m3 (184 bytes) of the hash value h3 and the packet P7 (PID = A). From this, a hash value h4 is generated. Since n packets in the section have been processed, the last hash value h4 is set as the final hash value H, and the packet P11 (null packet) is replaced with a verification packet (VP) including the hash value H. Then, these packets are transmitted (broadcast) as a stream.

  FIG. 10 shows a flowchart of processing of the transmitting apparatus 200A that performs hash calculation using such a limited number of packets. As shown in FIG. 10, in step K21, a null part of an original message (original series of TS packets) received from a higher-level device (such as a content server) by a network unit (not shown) provided in the transmitting device 200A. Based on this, a signature verification interval is set. In step K22, from the “series of packets” in the signature verification section, an identifier of a packet for which a hash value is calculated (for example, a PID indicating a packet of a video signal) and a hash value having the identifier are generated. The number of packets to be used n is set (where n is an integer of 2 or more). Next, in step K23, the hash value calculation unit 210A selects n TS packets having the same PID as the set identifier (PID) from the beginning of the section, and chain-selects some of the selected TS packets. Is used to calculate a hash value H as signature information using a predetermined hash function.

  In this way, a hash value as signature information is generated from a part of a series of TS packets. In step K24, the stream generation unit 220 creates a verification packet in which the first identifier (PID) and the second identifier (n) and the hash value H for the signature verification section are stored. However, the first identifier (PID) and the second identifier (n) store identifiers used in the signature verification section that follows the verification packet, and the hash value corresponds to the signature verification section that precedes the verification packet. Stores a value.

  Next, in step K25, the stream generation unit 220 performs the first identifier (PID) and the second identifier (n) for the subsequent signature verification section, and the hash value for the signature verification section preceding the verification packet. The null packet at the start point of the section is replaced with a verification packet including H. By repeating this null packet replacement, a series of streams including a verification packet, a series of TS packets in the signature verification section, and a verification packet are generated. Finally, in step K26, the transmission unit 230 sequentially transmits (broadcasts) the packets included in the generated series of streams.

  The stream reception process shown in FIG. 9 will be described. FIG. 11 is a diagram for explaining a method (receiving device side) for calculating a hash value from a received transport stream (TS) message and verifying the validity of the message in the receiving device 100A of FIG. As shown in the figure, the hash value calculation unit 120A of the receiving apparatus 100A selects up to n TS packets having a PID of A sequentially according to the first identifier (PID = A) and the second identifier (n). , Generate hash values in a chain. That is, the hash value calculation unit 120A uses the same number of TS packets having the same PID as the PID specified by the first identifier to generate a hash value. Further, in this stream, there is a packet P9 whose PID indicates A, but since the number of packets designated by n is selected at the time of packet P7, the packet P9 is not used for hash calculation. Also, packets with PID other than A, such as packet P2, are excluded from the hash calculation.

  9 and 11 is the same as the hash calculation method in FIG. 3 except for the packet selection method. In this way, among the 10 packets P1 to P10, 4 (n = 4) packets whose PID indicates A are used as the signature information for calculating the hash value, so that the entire packet stream (a series of packets) ), The calculation load can be reduced to 40%. As described above, in this embodiment, a specific TS packet in a section (PID is a packet indicating A, and the fourth packet from the start point of the section) is used as hash value generation data. The hash calculation is performed using a limited number of packets. Thereby, the processing load of signature verification in the receiving apparatus can be suppressed low.

  FIG. 12 is a diagram for explaining a case where packet loss cannot be handled by the methods shown in FIGS. The stream configuration (packet configuration, order) in FIG. 12 is the same as that in FIGS. FIG. 12A shows a pattern in which no packet loss occurs. In this case, the obtained hash value h4 matches the hash value H for signature verification stored in the packet VP (packet P11), the verification of the signature verification section is successful, Non-tamperability of the section is guaranteed. On the other hand, FIG. 12B shows that the packet P7 (PID = A) used at the time of transmission for calculating the hash value of the signature information cannot be received due to packet loss, so the packet P9 is erroneously determined as the target TS packet. Then, the hash value h4 ′ has been calculated from the message m3 ′ of the packet and the hash value h3 of the previous stage. Therefore, the calculated hash value h4 ′ and the hash value H of the verification packet VP (packet P11) do not match, and collation fails. In this case, it is considered that the packet loss is the main factor rather than the cause of the illegal broadcast wave by the attacker. In particular, when a wireless path is used for packet transmission, packet loss occurs frequently. If such a packet loss is uniformly determined as an illegal broadcast by an attacker, there is a disadvantage that there are only a few sections that can be displayed as a normal broadcast to the user. FIG. 13 shows a mechanism for determining such packet loss and improving usability.

  In order to deal with the case where packet loss cannot be handled in the methods shown in FIGS. 9 and 11, the processing of the transmitting apparatus 200A that generates a stream in which the third identifier (FLAG) is newly included in the hash value calculation target TSP FIG. 13 shows a flowchart of the above. In order to correspond to the stream generation process of FIG. 13, the operation of the stream generation unit 220 of the transmission apparatus 200A of FIG. 8 is changed as follows. The stream generation unit 220 of the transmission device 200A sets a flag (FLAG = 1) for the specific packet used for packet generation.

  As shown in FIG. 13, in step K31, a null part of an original message (original series of TS packets) received from a higher-level device (such as a content server) received by a network unit (not shown) provided in the transmitting device 200A. Based on this, a signature verification interval is set. In step K32, for example, the video PID is acquired from the “series of packets” in the signature verification section, and the counter unit 240 counts the number of packets having this PID. Then, among the acquired PID, the number of packets to be used for generating the hash value among the packets having the PID (where n is an integer of 2 or more), and the third identifier is set in the packet used for generating the hash value Set the flag (FLAG = 1) to be used. That is, a setting unit (not shown) provided in the transmission apparatus 200A sets the first to third identifiers to be used.

  Next, in step K33, the hash value calculation unit 210 selects n TS packets having the same PID as the set PID from the beginning of the section, and uses the selected TS packets in a chain to obtain a predetermined hash function. A hash value H is calculated as signature information. In this way, a hash value as signature information is generated from a series of TS packets. Next, in step K34, the flag FLAG = 1 is set in the header information of a part of the packets used for calculating the hash value. As for the flag FLAG = 1, it is assumed that the position and format information is transmitted from the transmitting apparatus side to the receiving apparatus side by some means. Alternatively, the position and format information of the flag may be stored in a verification packet and transmitted to the receiving apparatus side. Alternatively, it may be determined in advance according to the specification, and the receiving device may be designed to operate based on the specification. For example, the third identifier (FLAG = 1) is preferably set to 1 in the most significant bit of the transport scrambling control field (TSCF) of the header information of the packet used for generating the hash value.

  Next, in step K35, the stream generation unit 220 sets the PID of the TS packet used for hash generation as the first identifier, and sets the number n of some TS packets used for packet generation as the second identifier. The flag FLAG = 1 is set as the third identifier, and a verification packet including these first to third identifiers is created. Here, the verification packet includes a first identifier (PID) and a second identifier (n) for the signature verification section that follows the verification packet, and a hash value H for the signature verification section that precedes the verification packet. And are stored.

  Next, in step K36, the stream generation unit 220 generates a new series of streams including a verification packet and a series of TS packets in the signature verification section by replacing the null packet with the generated verification packet. Finally, in step K37, the transmission unit 230 sequentially transmits (broadcasts) the packets included in the generated series of streams.

  Note that the null packet is inserted into the stream to some extent periodically in order to obtain timing. In this embodiment, the null packet is replaced with a verification packet, and information for a signature (hash value H, first value) 1 identifier (PID), second identifier (n), third identifier (FLAG 1), etc.) are transmitted to the recipient.

  FIG. 14 is a block diagram showing a basic configuration of a receiving apparatus according to an embodiment of the present invention that detects packet loss from a stream including a third identifier (FLAG) in a hash value calculation target TSP. As illustrated, the receiving device 100B includes an antenna ANT1, a receiving unit 110, an extracting unit 115, a hash value calculating unit (generating unit) 120B, a counter unit 125B, a packet processing unit 130B, an authentication unit 140B, and a control unit 150B. A memory 160, an output unit 170, and a decoder 180. 14 that are similar to the components in FIG. 7 have substantially the same functions, and thus the description thereof is omitted.

  The packet processing unit 130B extracts a verification packet from the TS signal, and further uses a first identifier and a second identifier stored in the verification packet (used to create a hash value that is signature information in a series of TS packets). The number of received packets: n) is acquired, and the acquired first and second identifiers (PID and n) are stored in the memory 160. The memory 160 stores information relating to the third identifier for identifying the transport stream packet used to create the hash value that is the signature information. For this information, a packet having the most significant bit of 1 in the transport scrambling control field (TSCF) of the TSP header information, that is, a packet having a corresponding flag (FLAG = 1) is used to create a hash value. It is described that it is a packet. The packet processing unit 130B also includes signature information included in a section [VP-VP] between the “current verification packet” and the “next received verification packet”, which is included in the next verification packet. Is obtained and stored in the memory 160.

  The hash value calculation unit 120B selects the same number of TS packets having the same PID as the PID and having FLAG = 1 in the header information from the series of TS packets after the verification packet from which the PID and n are extracted. Then, a hash value is generated using the selected TS packets in a chain, and the generated hash value h is supplied to the authentication unit 140B. When receiving the verification packet, the counter unit 125B clears the counter with 0, increments by 1 each time a TS packet having the same PID and FLAG = 1 is selected, and stores the count value in the memory 160. To do. The hash value calculation unit 120B and the counter unit 125B repeat the same hash value calculation process and count process each time a new verification packet is received. Further, n packets may be selected for hash calculation immediately after receiving the verification packet, or n packets may be selected from the next verification packet side, and a selection rule between the receiving device and the transmitting device in advance. And n may be selected according to the selection rule. The number n defined by the second identifier can be appropriately set according to the calculation capability of the receiving apparatus.

  The authentication unit 140B includes a verification unit 142 and a processing unit 144B. The collation unit 142 collates whether or not the hash value H as the signature information included in the next verification packet matches the generated hash value h. If the hash value H as signature information included in the next verification packet does not match the generated hash value h as a result of the verification by the verification unit 142, the processing unit 144B In the interval, the number c of packets counted by the counter unit 125B (that is, the number of packets that are normally received in the interval (FLAG1)) and the verification packet defined by the second identifier Next, when the number of target TSPs n that should exist in a section between the received verification packet and the verification packet does not match, it is considered that a packet loss has occurred, and the section is excluded from the signature verification section. For TSPs that are excluded from processing by the first, second, and third identifiers, even if there is a packet loss, the authentication operation is not affected. It is possible. That is, according to this configuration, different processing can be performed depending on the type of packet loss. Similar coins can be obtained using only the second and third identifiers.

  The decoder 180 decodes audio packets, video packets, data broadcast packets, and the like stored in the memory 160 and supplies them to the display unit 172 and the speaker 174 provided in the output unit 170. When the hash value H as the signature information does not match the generated hash value h as a result of the verification by the verification unit 142, the processing unit 144 and the number c of packets counted by the counter unit 125B and the target When the number of TSPs n matches, the section is determined to be an illegal section. When the hash value H as the signature information and the generated hash value h do not match as a result of the verification by the verification unit 142, the authentication unit 140B determines that the section is an illegal section, and the determination result (the verification result) ) Is supplied to the control unit 150B.

  The control unit 150B controls the supply of data to the output unit 170 and the decoder 180. Based on the determination result supplied from the authentication unit 140B, the control unit 150 stops output of content or service using the transport stream packet in the section determined to be an unauthorized section, or indicates that the section is an unauthorized section. The display unit 172 and the speaker 174 are controlled so as to output by adding a character, superimpose and output a character to that effect, or output a sound indicating that.

  As described above, since only the specific packet specified by the first identifier, the second identifier, and the third identifier is used for the calculation of the hash value, the hash value is calculated using all the packets constituting the stream. The calculation load on the receiving side can be reduced as compared with the case of doing so. Note that the hash value generation algorithm is preferably changed as appropriate so as not to be tampered with. The number n of packets (number of target TSPs) used for calculating the hash value depends on the processing capability of the receiving apparatus. Can be specified. In addition, since it is possible to clearly indicate the target TSP by the third identifier, even if the packet corresponds to the first identifier and the second identifier, if a packet loss occurs, It is possible to completely prevent erroneous use in hash calculation. That is, the same effect can be obtained even if a hash value is generated based on the second identifier.

  FIG. 15 is a diagram for explaining a signature verification method (receiving device side) that detects a packet loss by newly setting a flag indicating whether or not the target TSP is a third identifier in a packet. As shown in FIG. 15A, a packet P0, which is a verification packet before the signature verification section [P1-P5], includes a first identifier (PID = A) and a second identifier (n = 4). And are stored. Among the TSPs in the section, a packet (FLAG = 1) is set as a third identifier in the packets P1-P4 that are TSPs used for hash generation. The packet P5 has PID = A, but is not used for hash generation, so the flag is not set (that is, FLAG = 0). Then, the hash value H created using a part of the packets in the section is included in the packet P6 that is a verification packet after the signature verification section [P1-P5]. Note that there is a packet other than the target packet PID = A specified by the first identifier between the packets, but it is omitted for convenience of explanation and drawing. Here, the packet P3 is a packet loss due to a communication error, and the packet P5 that is not used for generating the hash value is erroneously used for calculating the hash value. Therefore, even if the calculated hash value h4 is compared with the stored H, they do not match.

  On the other hand, the number of received TSPs c of the counted target (FLAG = 1) is 3, and the target TSP number n = 4 defined by the packet P0 is also inconsistent, and packet loss has occurred. It turns out. In such a case, it can be considered that the main cause of the hash value mismatch is packet loss. For example, it is possible to exclude the section from the signature verification section.

  Thereafter, the verification process is reset, and verification of the next signature verification section [P7-P12] is started. Here, since the packet P11 (FLAG = 0) other than the packet used for calculating the hash value as the signature information is a packet loss, the hash value verification is successful. As shown in FIG. 15B, it is possible to grasp the fact that the packet loss is the main cause of authentication failure. In such a case, it is preferable not to determine that the section is fraudulent but to simply exclude it from the authentication section and perform output control based on the authentication result of the preceding section or the subsequent section. Therefore, the receiving apparatus can recognize the fact that “there is a packet loss and authentication failure” and recognize that “the cause of the authentication failure is likely to be a packet loss”. Therefore, even if the authentication apparatus has failed in the section, the receiving apparatus continues to play back the content in the section, or is restricted or has subtitles / displays indicating the authentication result added according to the policy of the apparatus. It is possible to play with. For example, if the content in the section where the authentication has failed is reproduced with caption / display indicating the authentication result, the content can be reproduced with no practical problem even in a wireless environment or the like, and the usability is greatly improved.

  That is, even if the cause is a packet lost (reception error) of a packet defined by the first identifier (PID or the like), the configuration shown in FIG. In this case, it must be determined that an illegal stream is received. However, in this embodiment, by using the third identifier, it is confirmed on the receiving device side that there is a possibility that a packet loss has occurred in the packet specified by the first identifier (PID, etc.) and the second identifier. The section in which such a packet loss has occurred can be excluded from the signature verification section. Accordingly, when the hash values do not match and the number of target packets n that should exist in the signature verification section matches the number of packets corresponding to the target PID received in the section (count value c), It can now be determined that the stream is completely invalid.

  Further, in the case of FIG. 12B, when the packet P7 corresponding to the first identifier (PID = A) and the second identifier (n = 4) becomes a packet loss, it is not originally targeted. Packet P9 is erroneously used for hash value generation, but if the third identifier (FLAG = 1) is stored in the hash target TSP as shown in FIG. 15, collation failure is prevented in advance (third The packet P9 is excluded from the target by the identifier.), And it is possible to determine that the verification has failed due to packet loss. Thus, the introduction of the third identifier makes it possible to grasp the cause of the collation failure in more detail.

  FIG. 16 is a diagram illustrating an example of the third identifier set in the header information of the transport stream packet. 16A shows conventional header information, and FIG. 16B shows the storage location of the third identifier (FLAG 1) used in this embodiment. As shown in the figure, in this embodiment, bit 0 of the transport scrambling control field (TSCF) is used as FLAG. That is, when the TSCF is “0X”, the packet is not a hash target, and when it is “1X”, the packet is a hash target packet.

  FIG. 17 is a flowchart illustrating an example of a signature verification method executed by the receiving apparatus of FIG. As shown in the figure, in step S11, initial values are set (count value c and previous hash value h0 are set to zero). Next, in step S12, the hash value calculation unit 120 monitors the received and demodulated TS signal, and selects a verification packet having a predetermined unique identifier. Next, in step S13, the hash value calculation unit 120 extracts the first identifier (PID) and the second identifier (the number n of packets used for hash creation) from the selected verification packet, and stores the first identifier from the memory. The information of the identifier 3 (FLAG 1), that is, the position information in the packet of the flag is read.

In step S14, the hash value calculation unit 120B starts loop 1 (steps S15, S16, and S17). In step S15, a TS packet having a corresponding PID and a corresponding flag FLAG = 1 is selected, and the counter unit 125B increments the count value c by 1 each time a packet is selected. Next, in step S16, the number of hash calculations is calculated from the TS packet message m (payload) and the previous hash value h0 (null for the first execution and the hash value calculated the second time and thereafter). A hash value h is generated using a predetermined hash function f until n times defined by the identifier of 2.
h = f (m, h0)

  As described above, according to the present invention, the number of packets used for signature verification is limited by filtering a part of a series of packets by PID, and the number of hash calculations is also limited by the number n. Therefore, even in a small portable terminal that does not have a room for assigning calculation capability to hash calculation, it is possible to execute signature verification processing smoothly under an appropriate calculation load (low load).

  Next, in step S18, loop 1 is repeated until the end condition of loop 1 is satisfied. The termination condition is to process n TS packets having the PID specified by the first identifier and the corresponding flag FLAG = 1 in the section [VP-VP] between the verification packet and the next verification packet. It is. Next, in step S <b> 19, when the packet processing unit 140 </ b> B receives the next verification packet, the packet processing unit 140 </ b> B acquires a hash value H as signature information stored in the next verification packet and stores this in the memory 160. In step S20, the collation unit 152 in the authentication unit 150B collates whether or not the hash value H as the signature information acquired from the verification packet matches the hash value h generated by the hash value calculation unit 120. . If the acquired hash value H and the generated hash value h match, the processing is finished assuming that the signature information has been successfully authenticated, and the TS packet in the section is normally decoded by the decoder 180 and output by the output unit 170. Is done. If the acquired hash value H and the generated hash value h do not match, the process proceeds to step S21, and the processing unit 144B counts the measured packet to confirm whether or not a packet loss of the target packet has occurred. It is determined whether or not the value c matches the number of target packets n (second identifier) that should exist in the section. If the measured count value c matches the target packet count n, the process proceeds to step S22, and the hash value collation has failed despite no packet loss. Therefore, the processing unit 144B controls the decoder 180 to stop the decoding of the section. Alternatively, the processing unit 1444B may be controlled not to output directly from the output unit 170 instead of the decoder 180. In step S21, if the measured count value c does not match the target packet number n, the process proceeds to step S23, and the processing unit 144B indicates that a packet loss has occurred. Excluding from the verification section, the process ends. In step S17, when the next verification packet is received during the loop 2, the corresponding section is excluded as in step S23.

  Finally, the advantages of the present invention will be described again. According to the embodiments of the present invention, even a device with low computing capability can properly authenticate the entire stream, and improve error tolerance and usability by detecting packet loss (reception error). Will be able to. That is, in the present invention, a hash value as signature information is generated only for a part of a series of stream packets, and stored in a verification packet at a position away from the part of the packets. It is difficult to find the relationship between verification packets that contain information and some packets (messages) used to generate signature information, and it is possible to provide a robust authentication system that is highly resistant to tampering. is there. In addition, by setting the type of packet specified by the first, second, and third identifiers, the number of target packets, and a flag and limiting the packet to a part of the packet, the entire series of packets (ie, , The entire stream) can be properly covered, and the number of messages subject to hash calculation can be reduced, and the calculation processing for signature verification, particularly on the receiving device side, can be reduced. It is also possible to cope with packet loss peculiar to the wireless environment.

  Although the present invention has been described based on the drawings and examples, it should be noted that those skilled in the art can easily make various modifications and corrections based on the present disclosure. Therefore, it should be noted that these variations and modifications are included in the scope of the present invention. For example, the functions included in each unit, each means, each step, etc. can be rearranged so as not to be logically contradictory, and a plurality of means, steps, etc. can be combined or divided into one. It is.

  In the embodiment, the video PID is used as the first identifier. However, the audio PID, the data broadcast PID, or the like is used, or each time the section is updated, the video PID is used. A PID may be selected at random. In addition, when only aiming at prevention of guidance to a phishing site, only a PID for data broadcasting including BML may be used. Further, the first identifier includes two or more PIDs (for example, a combination of video and data broadcasting) and a plurality of numbers n, or includes a total number n of a plurality of types of PIDs. Is possible. In the embodiment, hash values are generated in a chain using each message and the generated hash value in order from the front. However, these are merely examples. For example, each message is used in a chain from the rear in order. The present invention can use various formats for hash generation, such as generating values. It is also possible to implement the present invention using the second identifier and the third identifier (without using the first identifier).

It is a block diagram which shows the basic composition of the receiver by one embodiment of this invention. It is a block diagram which shows the basic composition of the transmitter by one embodiment of this invention. 3 is a flowchart illustrating an example of a signature verification method executed by the receiving apparatus in FIG. 1. 3 is a flowchart showing an example of a stream generation method executed by the apparatus of FIG. It is a figure explaining the method of calculating a hash value from the transport stream (TS) containing a null (NULL) packet. It is a figure explaining the hash value calculation method which reduced the load of hash calculation. It is a figure explaining the case where it cannot respond to a packet loss in the method shown in FIG. It is a block diagram of the transmission apparatus by one embodiment of this invention. It is a figure explaining the hash value calculation method (the transmission device side) which reduced the load of hash calculation using the 1st identifier (PID) and the 2nd identifier (n), authenticating the whole stream. It is a flowchart of the process of 200 A of transmission apparatuses which perform a hash calculation using a limited number of packets. It is a figure explaining the method (reception apparatus side) which calculates a hash value from the message of the transport stream (TS) received in the receiving apparatus 100A of FIG. 7, and verifies the validity of a message. It is a figure explaining the case which cannot respond to a packet loss in the method shown to FIG. It is a flowchart of the process of 200 A of transmission apparatuses which produce | generate the stream which newly included the 3rd identifier (FLAG) in the object TSP of hash value calculation. It is a block diagram which shows the basic composition of the receiver by one embodiment of this invention which detects packet loss from the stream which included the 3rd identifier (FLAG) in the object TSP of hash value calculation. It is a figure explaining the signature verification method which detects a packet loss by newly setting the flag which shows whether it is object TSP as a 3rd identifier to a packet. It is a figure which shows an example of the 3rd identifier set to the header information of a transport stream packet. 12 is a flowchart illustrating an example of a signature verification method executed by the receiving apparatus in FIG. 11. It is a figure which shows typically the unauthorized broadcast reception in a conventional system. It is a figure which shows the technique which adds a hash value to a transport stream packet by a prior art.

Explanation of symbols

100, 100A, 100B Receiver 110 Receiver 115 Extractor 120, 120A, 120B Hash value calculator 125, 125B Counter unit 130, 130A, 130B Packet processor 140, 140A, 140B Authentication unit 142 Verification unit 144, 144A, 144B Processing unit 150, 150A, 150B Control unit 160 Memory 170 Output unit 172 Display unit 174 Speaker 180 Decoder 200, 200A Transmission device 210, 210A Hash value calculation unit 220 Stream generation unit 230 Transmission unit 240 Counter unit 250 Memory ANT1-2 Antenna h0 -4, h4 'Hash value m1-3, m3' Message P1-P11 Packet VP Verification packet

Claims (5)

A receiving unit for receiving a transport stream with signature information and a verification packet for verifying a signature of the transport stream;
Based on an identifier included in a part of each packet of the transport stream, a transport stream packet used to generate a hash value as signature information is determined, and a specific packet is extracted from the received transport stream An extractor;
A generation unit that generates a hash value by using the specific transport stream packet extracted by the extraction unit as many as the number indicated by the identifier included in the verification packet;
A counter unit that counts the number of specific transport stream packets extracted based on an identifier included in the packet after receiving the verification packet;
A collation unit that collates a hash value as signature information included in the verification packet received next by the reception unit and the generated hash value;
If the hash value as the signature information included in the verification packet and the generated hash value do not match as a result of the verification by the verification unit, the verification packet and the next received verification packet In a section, when the number of packets counted by the counter unit and the number of transport stream packets specified by the identifier included in the verification packet do not match, the section is excluded from the signature verification section A processing unit to
A receiving apparatus comprising: The receiving device according to claim 1,
When the hash value as the signature information and the generated hash value do not match as a result of the verification by the verification unit, the processing unit determines the number of packets counted by the counter unit and the verification packet. When the number of transport stream packets specified by the included identifier matches, the section is determined to be an illegal section.
A receiving apparatus. The receiving device according to claim 1,
When content or service is output using a transport stream packet in a section excluded from the signature verification section, output of the content or service is performed based on a signature verification result before and / or after the excluded section. A control unit for controlling
The receiving apparatus further comprising: The receiving device according to any one of claims 1 to 3,
An identifier included in a part of each packet is stored in a transport scrambling control field of header information of the transport stream packet,
Based on the identifier stored in the transport scrambling control field of header information of the transport stream packet, the extraction unit determines the transport stream packet used to generate the hash value as the signature information, Extract transport stream packets,
A receiving apparatus. A setting unit that sets an identifier for identifying a specific packet and an identifier that defines the number of the specific packet;
Based on an identifier for identifying a specific packet set by the setting unit, a specific packet is selected from the transport stream, and the selected transport stream packet is used by the number indicated by the identifier that defines the number of packets. A generation unit that generates a hash value as signature information;
A stream generation unit that generates a stream by arranging a verification packet including an identifier for identifying the specific packet, an identifier that defines the number of packets, and a hash value in a transport stream;
A transmission unit for sequentially transmitting packets included in the generated stream,
The stream generation unit includes an identifier for identifying the specific packet in a header of the selected transport stream packet;
A stream transmitter characterized by the above.

Images