JP6463654B2 - Receiver - Google Patents

Description

  The present invention relates to a receiving apparatus for switching a related information subsystem for delivering a scramble key of content by using related information of the key in a conditional access system.

  Conventionally, in order to realize pay broadcasting, digital broadcasting employs a conditional access system that allows only subscribers to receive broadcasts in a limited manner. In this conditional access system, the content to be broadcast is scrambled, and as a mechanism for safely delivering a scramble key for unscrambling, the related information subsystem (3) that delivers the scramble key using the relevant information of the key. (Refer to Non-Patent Document 1).

The conditional access system realized by the related information subsystem includes, for example, CAS (Conditional Access System) that realizes pay broadcasting, RMP (Rights Management and Protection) that realizes broadcasting specialized for content protection, and the like.
As described above, as a technique for operating different related information subsystems in parallel, the current digital broadcasting employs the simulcrypt system.
This simultaneous cryptosystem is a technique for describing a conditional access system descriptor for specifying a conditional access system in parallel in a program map table (PMT: Program Map Table) or a conditional access table (CAT: Conditional Access Table). (See Patent Document 1 and Non-Patent Document 2).

In the conditional access system, a scramble key for encrypting content is encoded and encrypted into key information common to a receiving device called ECM (Entitlement Control Message) and transmitted together with the content. This ECM has a different encoding format and encryption method for each conditional access system. When a plurality of different limited reception methods are adopted, a plurality of ECMs are transmitted in parallel.
In this case, in the simultaneous cryptosystem, a plurality of conditional access system descriptors including a packet identification for identifying a packet for transmitting the ECM are described in the PMT for each limited reception system, and the PMT is transmitted to the receiving apparatus in advance. deep. Then, the receiving apparatus responds from the broadcast stream by packet identification described in the conditional access system descriptor that matches the local conditional access system descriptor among the multiple conditional access system descriptors described in the PMT. ECM to be extracted.

In the limited reception method, in order to individually transmit contract information and the like to the receiving device, key information for each receiving device called EMM (Entitlement Management Message) is used. This EMM also has a different encoding format and encryption method for each conditional access system. And when employ | adopting a several different conditional access system, several EMM is transmitted in parallel.
In this case, in the simultaneous cryptosystem, a plurality of conditional access system descriptors including a packet identification for identifying a packet for transmitting an EMM are described in the CAT for each limited reception system, and the CAT is transmitted to the receiving apparatus in advance. deep. Then, the receiving device responds from the broadcast stream by the packet identification described in the conditional access system descriptor that matches the local conditional access system descriptor among the multiple conditional access system descriptors described in the CAT. Extract the EMM.

Japanese Patent No. 5113954

"Access Control System Standards for Digital Broadcasting (ARIB STD-B25) Part 3", 6.2 edition, revised by the Japan Radio Industry Association, September 25, 2012 "Technical information on digital terrestrial television broadcasting operation (ARIB TR-B14) Vol. 5 Part 2", 4.8 edition, P112-113, Radio Industry Association, Revised on February 14, 2012

A plurality of related information subsystems that distribute the keys of the conditional access method can be realized according to the type of service (for example, charging function) and the security strength.
In addition, broadcasters select related information subsystems according to each company's business model, switch between pay broadcasting and free broadcasting services, and update the key length and algorithm used for encryption. There is a desire to increase.

  However, the conventional method of describing the conditional access system descriptors in parallel in the PMT and the CAT only implements one related information subsystem for one conditional access system (CAS, RMP, etc.). However, there is a problem that related information subsystems having different service types and different security strengths cannot be selected in the same conditional access system.

  The present invention has been made in view of such problems, and an object of the present invention is to provide a receiving apparatus that enables a broadcaster to select a related information subsystem for each limited reception method.

In order to solve the above-described problems, the receiving apparatus constituting the conditional access system of the present invention has the following configuration.
That is, the reception apparatus according to the present invention multiplexes the broadcast stream with the transmission apparatus by the limited reception method using the key information common to the reception apparatus and the key information specific to the reception apparatus as the related information of the scramble key for scrambling the content. Receiving apparatus for limited reception of the scrambled content, mapping information analysis means, program selection means, first limited reception system information analysis means, second limited reception system information analysis means, and key information acquisition Means, limited reception control means, mapping information analysis means, and program selection means.

In such a configuration, the receiving apparatus uses the mapping information analyzing unit to set the limited reception method identification for identifying the limited reception method and the scramble key set in the first table or the second table multiplexed in the broadcast stream. Select the program identification that includes the version of the relevant program that identifies the relevant information subsystem program that is the program that executes the delivery process, and the program to be started from the relevant information subsystem program based on the version indicated by the program identification. Program identification and parameters are extracted from the mapping information including the parameters indicating the rules to be executed.
Here, the transmission device sets the conditional access system identification, the program identification including the version of the related information subsystem program, and the parameters as mapping information in the first table or the second table.

In addition, the receiving device selects one of the related information subsystem programs stored in the program storage unit by the program selection unit based on the program identification and parameters extracted by the mapping information analysis unit.
Here, the receiving apparatus extracts from the mapping information the conditional access system identification corresponding to the program identification of the related information subsystem program selected by the program selection means by the mapping information analysis means, Notify the first and second conditional access system information analysis means.

  In addition, the reception device is configured to set the first reception method information analysis unit, the first reception table multiplexed in the broadcast stream, the limited reception method identification, the position information of the individual key information of the reception device, Among the conditional access system information including the conditional access system information including the conditional access system information having the conditional access system identification notified from the mapping information analysis means.

  In addition, the reception device uses the second conditional access method information analysis means to set the conditional access method identification for identifying the conditional access method set in the second table multiplexed in the broadcast stream, and a key common to the reception device. Among the limited reception method information including the position information of the information, the position information of the key information common to the receiving device is extracted from the limited reception method information having the limited reception method identification notified from the mapping information analysis means.

  Here, in the mapping information, program identification and conditional access system identification are associated with each other. Therefore, when extracting the position information, the first and second conditional access system information analysis means use the correspondence relationship of the mapping information, and from the program identification representing the related information subsystem program selected by the program selection means. Reverse the corresponding conditional access system identification.

  Then, the receiving device acquires key information specific to the receiving device and key information common to the receiving device based on the position information extracted by the first and second limited reception method information analyzing units by the key information acquiring unit. . For example, when the packet ID of the broadcast stream is notified as the position information, the key information acquisition unit can acquire the key information by extracting the packet with the packet ID notified in the broadcast stream.

In addition, the receiving apparatus stores a plurality of related information subsystem programs in the limited reception control means provided with the program storage means. Then, the reception apparatus generates a scramble key by using the key information acquired by the key information acquisition unit by the related information subsystem program selected by the program selection unit by the limited reception control unit.
As a result, the receiving apparatus can select and operate one program that matches the rule specified by the parameter from among a plurality of related information subsystem programs corresponding to the conditional access system identification designated by the transmitting apparatus. it can.

The present invention has the following excellent effects.
According to the present invention, a plurality of related information subsystem programs for one conditional access method are stored in the conditional access control means of the receiving device, and the conditional access method and the related information subsystem program corresponding thereto are transmitted from the transmitting device. Is specified, the receiving apparatus can switch to the specified related information subsystem program and execute the key distribution process.
As a result, according to the business model of the broadcaster, the present invention can appropriately switch related information subsystem programs having different security strengths and functions from the transmission device.

It is a system configuration figure showing the composition of the conditional access system concerning a 1st embodiment of the present invention. It is a block block diagram which shows the structure of the transmitter which concerns on 1st Embodiment of this invention. (A) is a data structure figure which shows the data example of a program map table (PMT), (b) is a data structure figure which shows the data example of the conditional access system information set to PMT. (A) is a data structure diagram showing a data example of the conditional access table (CAT), (b) is a data structure diagram of a data example of conditional access system information set in the CAT, and (c) is a mapping set in the CAT. FIG. 4D is a data structure diagram illustrating an example of information data, and FIG. 4D is a data structure diagram illustrating an example of data of load instruction information set in mapping information. It is a block block diagram which shows the structure of the receiver which concerns on embodiment of this invention. It is a block block diagram which shows the structure of the related information subsystem program mounted in the receiver of FIG. It is a flowchart which shows the switching operation | movement of the related information subsystem in the conditional access system which concerns on 1st Embodiment of this invention. It is a flowchart which shows the conditional access operation | movement in the conditional access system which concerns on 1st Embodiment of this invention. It is a system block diagram which shows the structure of the conditional access system which concerns on 2nd Embodiment of this invention. It is a block block diagram which shows the structure of the transmitter which concerns on 2nd Embodiment of this invention. (A) is a data structure diagram showing a data example of a program map table (PMT), (b) is a data structure diagram showing a data example of conditional access system information set in the PMT, and (c) is set in the PMT. FIG. 4D is a data structure diagram showing an example of mapping information data, and FIG. 4D is a data structure diagram showing an example of load instruction information data set in the mapping information. (A) is a data structure figure which shows the example of data of a conditional access table (CAT), (b) is a data structure figure of the example of data of the conditional access system information set to CAT. It is a block block diagram which shows the structure of the receiver which concerns on 2nd Embodiment of this invention. It is a flowchart which shows the switching operation | movement of the related information subsystem in the conditional access system which concerns on 2nd Embodiment of this invention.

Embodiments of the present invention will be described below with reference to the drawings.
(First embodiment)
[Outline of conditional access system]
First, the outline of the conditional access system according to the first embodiment of the present invention will be described with reference to FIG.

The conditional access system S is composed of a digital broadcast transmission device 1 owned by a broadcaster and digital broadcast reception devices 2, 2,... Installed in each home, etc., and scrambles content (video, audio, etc.). As the related information of the scramble key to be transmitted, the transmission device 1 to the reception device 2 can use the limited reception method using key information common to the reception device associated with the conditional access method identification for identifying the conditional access method and key information specific to the reception device. To receive limited content.
The broadcast wave W of digital broadcasting may be wireless or wired, such as terrestrial digital broadcasting, satellite broadcasting, and cable broadcasting. In addition, this digital broadcast may be transmitted via a communication line such as an IP network.

  Here, the receiver 2 stores a plurality of programs (related information subsystem programs P1, P2,...) P for realizing the related information subsystem in a tamper-resistant module. This related information subsystem program P is a program for executing a key distribution process for a scramble key of a conditional access system such as CAS. To extract.

  The receiving device 2 stores related information subsystem programs (P1, P2,...) In advance. This related information subsystem program P is configured to have different security strengths with different key lengths (64 bits, 128 bits, etc.) and different charging methods (charging for programs, charging for channels, etc.), for example. Can do. Further, the related information subsystem programs P1 and P2 may each have a plurality of versions.

On the other hand, the transmission apparatus 1 uses information for specifying the related information subsystem program P (mapping information [conditional reception method identification, program identification, etc.]) as a conditional access table (CAT, first information). Table) and multiplexed into a broadcast stream for transmission.
Then, the receiving device 2 analyzes the CAT, selects the specified related information subsystem program P, and operates it.

Note that a plurality of pieces of positional information (broadcast stream packet identification, etc.) indicating the location of key information in the conditional access method are described in the program map table (PMT, second table) and CAT for each conditional access method. .
That is, position information (packet identification, etc.) of common key information (ECM: Entitlement Control Message) including a scramble key, which is key information common to the receiving devices 2, 2,. For each system identification, a plurality of PMTs are described and transmitted.

In addition, a plurality of pieces of position information (packet identification, etc.) of individual key information (EMM: Entitlement Management Message) including a work key, which is individual key information for each receiving device 2, is described in the CAT for each conditional access method identification. And transmitted.
As a result, the conditional access system S can be operated by the broadcaster by switching a plurality of related information subsystem programs for each conditional access method in the reception device 2.
Hereinafter, the transmission device 1 and the reception device 2 constituting the conditional access system S will be described sequentially.

[Configuration of transmitter]
First, the configuration of the transmission apparatus 1 according to the first embodiment of the present invention will be described with reference to FIG. 2 (refer to FIG. 1 as appropriate).
The transmission device 1 uses, as related information of a scramble key for scrambling content, a limited reception method using key information common to a reception device associated with a conditional access method identification for identifying a conditional access method and key information specific to the reception device. The scrambled content multiplexed in the broadcast stream is limitedly received by the receiving device 2. In addition, the transmission device 1 is configured to switch and operate a related information subsystem program (related information subsystem program) installed in the reception device 2.
Here, the transmission apparatus 1 includes a scramble unit 10, an ECM generation unit 11, an EMM generation unit 12, a PMT generation unit 13, a CAT generation unit 14, and a multiplexing unit 15.

The scramble means 10 scrambles (encrypts) the input content (video, audio, etc.) C with a scramble key Ks. For the encryption with the scramble key Ks, a common common key encryption algorithm may be used. For example, the encryption is performed with the MULTI2 encryption. Then, the scramble means 10 outputs the scrambled content (scrambled content SC) to the multiplexing means 15.
Note that the scramble key Ks is updated about once every few seconds. Here, it is assumed that the scramble key Ks is updated when a new scramble key Ks is input from the outside as appropriate.

The ECM generation means (common key information generation means) 11 encrypts the scramble key Ks used in the scramble means 10 with the work key Kw, and common key information which is key information common to the receiving device 2 including the encrypted scramble key Ks. Is generated. A common common key encryption algorithm may be used for encryption with the work key Kw.
The work key Kw has a longer update time than the scramble key Ks, and is updated in about one month, for example. Here, it is assumed that the work key Kw is updated by appropriately inputting a new work key Kw from the outside.

This common key information can be generated as an ECM (Entitlement Control Message) defined by STD-B25 of the Japan Radio Industry Association (ARIB).
Here, the ECM generation unit 11 outputs the generated common key information (ECM) to the multiplexing unit 15. At this time, the ECM generation unit 11 packetizes the ECM, and sets the ECM packet identification (ECM_PID), which is the position information of the key information set by the PMT generation unit 13 described later, in the header area.

The EMM generation means (individual key information generation means) 12 encrypts the work key Kw used in the ECM generation means 11 with the master key Km, and is an individual key that is individual key information of the receiving device 2 including the encrypted work key Kw. Information is generated. A common common key encryption algorithm may be used for encryption using the master key Km.
Note that the master key Km is a unique key assigned in advance to each receiving apparatus 2 and is stored in advance in a storage unit (not shown).

This individual key information can be generated as an EMM (Entitlement Management Message) defined by the STIB-B25 of ARIB.
Here, the EMM generation unit 12 outputs the generated individual key information (EMM) to the multiplexing unit 15. At this time, the EMM generation unit 12 packetizes the EMM, and sets the EMM packet identification (EMM_PID), which is the position information of the key information set by the CAT generation unit 14 described later, in the header area.

A plurality of ECM generation means 11 and EMM generation means 12 described above are provided for different conditional access systems. For example, the ECM generation means 11 and the EMM generation means 12 are provided as means for implementing each method corresponding to the CAS method, the RMP method, and the like.
Here, the EMM generation unit 12 encrypts the work key Kw with the master key of the receiver 2 individually, but the management unit of the limited reception method is a device unit such as a receiver manufacturer or a receiver model. In this case, the work key Kw is encrypted with the device key previously assigned to the receiving device 2 in the unit.

The PMT generating unit 13 generates table information specifying position information specifying the location of key information common to the receiving device 2. This table information can be in the data format of a program map table (PMT) defined by ARIB STD-B10. The PMT generation unit 13 outputs the generated PMT to the multiplexing unit 15.
Here, the PMT generation unit 13 includes a conditional access method information setting unit 130.
In addition to the limited reception method information, the PMT generation means 13 also includes, for example, position information (PID) of packets for transmitting various encoded signals constituting a broadcast program defined by ARIB STD-B10. Although it can be set, since there is no direct relationship in the present invention, illustration and description thereof are omitted.

The conditional access method information setting means (second conditional access method information setting means) 130 corresponds to the conditional access method including the conditional access method identification for identifying the conditional access method and the position information of the key information common to the receiving apparatus. The one or more conditional access system information is set in the program map table (PMT, second table).
Here, “restricted reception system identification” is an identifier assigned in advance for each limited reception system. The conditional access system identification set in this PMT is used in the receiving apparatus 2 to identify whether or not the PMT is table information corresponding to the conditional access system implemented in the receiving apparatus 2.
The “position information of key information” is a packet identification (PID) that identifies a packet that transmits common key information (ECM).
This limited reception method information (limited reception method identification, key information position information) is input from the outside.

Here, an example of the data structure of the PMT generated by the PMT generating unit 13 will be described with reference to FIG. 3 (refer to FIG. 2 as appropriate).
As shown in FIG. 3 (a), the PMT generation means 13 includes a section header including table identification for identifying the PMT from other table information, a descriptor area for arranging various descriptors, a CRC, Table information composed of (checksum) is generated.
In this descriptor area, one or more conditional access method information (limited reception method descriptor) is set by the conditional access method information setting means 130.

As shown in FIG. 3B, the conditional access method information (conditional reception method descriptor) includes a descriptor tag for identifying the descriptor, a descriptor length, a conditional access method identification (CA_System_ID), and key information. And positional information (CA_PID) of each item. The position information (CA_PID) of the key information set in the PMT is the packet identification (ECM_PID) of the common key information (ECM).
Returning to FIG. 2, the description of the configuration of the transmission device 1 will be continued.

The CAT generation unit 14 generates table information specifying position information specifying the location of the key information of the receiving device 2 individually. This table information can be in a CAT data format defined by ARIB STD-B10. The CAT generation unit 14 outputs the generated CAT to the multiplexing unit 15.
Here, the CAT generation unit 14 includes a conditional access method information setting unit 140 and a mapping information setting unit 141.
In addition to the limited reception method information and mapping information, this CAT generation means 14 is, for example, position information (PID) of a packet for transmitting various related information of limited reception broadcast defined in ARIB STD-B10. However, since there is no direct relationship in the present invention, illustration and description thereof are omitted.

The conditional access method information setting means (first conditional access method information setting means) 140 includes one or more conditional access methods corresponding to the conditional access method, including the conditional access method identification and the position information of the key information of each receiver. The system information is set in the limited reception table (CAT, first table).
Here, the “restricted reception method identification” is an identifier assigned in advance for each limited reception method, similarly to the limited reception method identification set by the limited reception method information setting means 130. The conditional access system identification set in the CAT is used in the receiving apparatus 2 to identify whether the CAT is table information corresponding to the conditional access system operating in the receiving apparatus 2.

The “position information of the key information” is a packet identification (PID) that identifies a packet that transmits the individual key information (EMM), unlike the position information of the key information set by the conditional access method information setting unit 130. is there. When the receiving device 2 acquires individual key information (EMM) from an external server, the position information of the individual key information (EMM) may be the network address (IP address) of the server.
This limited reception method information (limited reception method identification, key information position information) is input from the outside.

  The mapping information setting unit 141 sets one or more mapping information (CA load descriptor) corresponding to the conditional access system including the conditional access system identification and the program identification in the conditional access table (CAT, first table). Is. Here, it is assumed that the mapping information setting unit 141 further sets the load instruction information and the load security information in the CAT as the mapping information.

Here, “restricted reception system identification” is an identifier assigned in advance for each limited reception system. The conditional access system identification set in the CAT is used in the receiving apparatus 2 to identify whether the CAT is table information corresponding to the conditional access system operating in the receiving apparatus 2.
The “program identification” is information for identifying a plurality of related information subsystem programs stored in advance in the receiving device 2. The program identification includes an identification of the program itself (for example, a unique value for each CAT and RMP) and information for specifying the version of the program.

The “load instruction information” is information for instructing loading (starting) of the related information subsystem program stored in the receiving device 2 and includes a program identification and a parameter. The program identification included in the “load instruction information” is the same as the “program identification” described above, which is set at the same level as the “load instruction information”.
The parameter indicates a rule for selecting one of a plurality of related information subsystem programs.
That is, in the load instruction information, the related information subsystem program to be operated by the receiving device 2 is designated by a parameter based on the designated program identification. This parameter indicates, for example, a rule such that if there is a version that is newer than the designated program identification, the version is operated, or limited to a version specified by the designated program identification.

  The “load security information” is security information related to the related information subsystem program stored in the receiving device 2, and is, for example, a hash value of the related information subsystem program. Here, the load security information is data in which the program identification and the hash value are paired. This hash value is a value obtained by calculating the related information subsystem program by a hash function (such as SHA256) known in advance by the receiving device 2. This load security information does not need to be information including the hash value directly as data, and may be reference information indicating a URL, an address, and the like of a server (not shown) in which the hash value is stored.

In the load instruction information, when the operation is limited to the version specified by the designated program identification, only one hash value may be included in the load security information. In that case, the load security information does not need to include the program identification, and may be composed of only a hash value. On the other hand, when different related information subsystem programs are to be activated in each receiving device 2 according to the load instruction information, a plurality of hash values are set at least for each program identification to be activated.
This mapping information (conditional reception method identification, program identification, load instruction information, load security information) is input from the outside.

Here, an example of the data structure of the CAT generated by the CAT generating unit 14 will be described with reference to FIG. 4 (refer to FIG. 2 as appropriate).
As shown in FIG. 4A, the CAT generating unit 14 includes a section header including a table identification for identifying the CAT from other table information, a descriptor area in which various descriptors are arranged, a CRC, Table information composed of (checksum) is generated.
In this descriptor area, one or more conditional access system information (a limited reception system descriptor) is set by the conditional access system information setting means 140 corresponding to the conditional access system.

  As shown in FIG. 4B, the conditional access system information (conditional reception system descriptor) includes a descriptor tag for identifying the descriptor, a descriptor length, a conditional access system identification (CA_System_ID), and key information. And positional information (CA_PID) of each item. The location information (CA_PID) of the key information set in the CAT is the packet identification (EMM_PID) of the individual key information (EMM).

  Also, one or more mapping information is set in the descriptor area of FIG. 4A by the mapping information setting unit 141 corresponding to the limited reception method.

  As shown in FIG. 4C, the mapping information includes a descriptor tag for identifying a descriptor, a descriptor length, a conditional access method identification (CA_System_ID), a program identification (CA_prog_ID), load instruction information, , And load security information.

The load instruction information includes, for example, program identification (CA_prog_ID) and parameters as shown in FIG. 4 (d).
Here, if the parameter value is “0”, it means an instruction to start the program (related information subsystem program) ignoring the specified program identification. If the value of the parameter is “1”, it means an instruction to start a program after the designated program identification, that is, a version equal to or newer than the version indicated by the program identification. If the parameter value is “2”, it means an instruction to start a program before the designated program identification, that is, a version older than the version indicated by the program identification. If the value of the parameter is “3”, it means that the program is limited to the designated program identification, that is, an instruction to start with the version of the program indicated by the program identification. Of course, the value of this parameter is not limited to these values.

The parameter is not limited to this example, and may be a parameter specifying a version section. For example, the mapping information setting unit 141 designates a range of program identifications to be operated by setting “4” as a parameter value as load instruction information and subsequently setting two different versions of program identifications. .
Note that the setting of the conditional access method information in the conditional access method information setting unit 140 and the setting of the mapping information in the mapping information setting unit 141 do not have to be performed simultaneously.

Here, as shown in FIGS. 3 and 4, an example is shown in which table information (PMT, CAT) is configured in the MPEG-2 TS descriptor format in accordance with ARIB STD-B10. However, PMT and CAT do not necessarily have to be described in a descriptor format. For example, they are described as a session description protocol (SDP: Session Description Protocol 1) format of IP protocol or a control message format defined by MMT (MPEG Media Transport). It doesn't matter.
Also, the common key information and individual key information described above need not be in the ECM or EMM data format, but may be in the IP protocol session description protocol format or the control message format defined by the MMT.
Returning to FIG. 2, the description of the configuration of the transmission device 1 will be continued.

The multiplexing means 15, the scrambled content SC scrambled by the scramble means 10, the ECM generated by the ECM generation means 11, the EMM generated by the EMM generation means 12, and the PMT generated by the PMT generation means 13 The CAT generated by the CAT generating means is sequentially multiplexed at the generated timing.
The multiplexing means 15 transmits the multiplexed broadcast stream (for example, MPEG2 TS) as a broadcast wave W to the receiving device 2 via a transmission modulation device (not shown).

  By configuring the transmission apparatus 1 as described above, the transmission apparatus 1 can select and operate a related information subsystem program operated by the reception apparatus 2 for each conditional access method.

[Receiver configuration]
Next, the configuration of the receiving device 2 according to the first embodiment of the present invention will be described with reference to FIG. 5 (refer to FIG. 1 as appropriate).
The receiving device 2 uses, as related information of a scramble key for scrambling content, a conditional access method using key information common to the receiving device associated with the conditional access method identification for identifying the conditional access method and key information specific to the receiving device. The scrambled content multiplexed in the broadcast stream is limitedly received by the transmission device 1.
Here, the receiving apparatus 2 includes a channel selection / demodulation unit 20, a demultiplexing unit 21, a PMT analysis unit 22, a CAT analysis unit 23, a key information acquisition unit 24, a program selection unit 25, and a limited reception control. Means 26 and descrambling means 27 are provided.

  The channel selection / demodulation means 20 demodulates a broadcast stream selected by the viewer from a broadcast wave W (broadcast signal) via a remote control device (not shown). The channel selection / demodulation means 20 outputs the demodulated broadcast stream (for example, MPEG2 TS) to the demultiplexing means 21. Further, the channel selection / demodulation unit 20 outputs a channel selection notification indicating the channel selection to the CAT analysis unit 23.

The demultiplexing means 21 separates the broadcast stream packets selected and demodulated by the channel selection / demodulation means 20.
Here, the demultiplexing means 21 separates the program map table (PMT) multiplexed and transmitted in the broadcast stream, and outputs it to the PMT analysis means 22. The demultiplexing means 21 separates the limited reception table (CAT) that is multiplexed and transmitted in the broadcast stream, and outputs it to the CAT analysis means 23.

Further, the demultiplexing means 21 separates the common key information (ECM) and the individual key information (EMM) that are multiplexed and transmitted in the broadcast stream, and outputs them to the key information acquisition means 24.
Further, the demultiplexing means 21 separates the scrambled content (video, audio, etc.) SC that is a broadcast program multiplexed and transmitted in the broadcast stream, and outputs it to the descrambling means 27.

The PMT analysis means 22 analyzes the program map table (PMT) separated by the demultiplexing means 21. Here, the PMT analysis unit 22 includes a conditional access system information analysis unit 220.
In addition to the conditional access system information, the PMT analysis means 22 also includes, for example, position information (PID) of packets for transmitting various encoded signals constituting a broadcast program defined by ARIB STD-B10. Although it can be analyzed and extracted, since it is not directly related in the present invention, illustration and explanation thereof are omitted.

The conditional access system information analysis means (second conditional access system information analysis means) 220 is a CAT analysis means 23 (mapping information analysis means) among one or more conditional access system information set in the PMT (second table). 231), the position information of the key information common to the receiving apparatus is extracted from the conditional access system information having the conditional access system identification (CA_System_ID) notified from 231).
The conditional access method information analyzing unit 220 outputs the position information (ECM_PID) of the common key information among the extracted conditional access method information to the key information obtaining unit 24.

The CAT analysis unit 23 analyzes the limited reception table (CAT) separated by the demultiplexing unit 21. Here, the CAT analysis unit 23 includes a conditional access system information analysis unit 230 and a mapping information analysis unit 231.
In addition to the limited reception method information and mapping information, this CAT analysis means 23 is, for example, position information (PID) of a packet for transmitting various related information of limited reception broadcasting defined by STIB-B10 of ARIB. However, since there is no direct relationship in the present invention, illustration and explanation thereof are omitted.

The conditional access system information analysis unit (first limited reception system information analysis unit) 230 is notified from the mapping information analysis unit 231 among one or more conditional access system information set in the CAT (first table). The position information of the key information for each receiving apparatus is extracted from the conditional access system information having the conditional access system identification (CA_System_ID).
This conditional access system information analysis unit 230 outputs the position information (EMM_PID) of the individual key information among the extracted limited reception system information to the key information acquisition unit 24.

The mapping information analysis means 231 extracts program identification from mapping information (CA load descriptor) set in CAT (first table). Note that if the mapping information includes the load instruction information and the load security information, the mapping information analysis unit 231 also extracts the information.
Here, the mapping information analysis unit 231 extracts the program identification from the mapping information at the timing when the channel selection notification is input from the channel selection / demodulation unit 20.
The mapping information analysis unit 231 outputs the extracted program identification (load instruction information, load security information) to the program selection unit 25.
Further, when the program identification is input from the program selection unit 25 (load instruction unit 252), the mapping information analysis unit 231 extracts the conditional access system identification (CA_System_ID) corresponding to the input program identification from the mapping information. .

That is, the mapping information analysis means 231 temporarily ignores the conditional access system identification (CA_System_ID) at the selected timing and extracts the program identification from the mapping information (CA load descriptor) set in the CAT. To do. Thereafter, the mapping information analysis unit 231 receives the conditional access method identification (CA load descriptor) set in the CAT at the timing when the program identification is input from the program selection unit 25, and the conditional access method identification corresponding to the program identification ( CA_System_ID) is extracted.
Then, the mapping information analysis unit 231 notifies the extracted limited reception scheme information analysis unit 220 and the limited reception scheme information analysis unit 230 of the extracted limited reception scheme identification.

  The key information acquisition unit 24 acquires the common key information (ECM) based on the position information (ECM_PID) of the common key information extracted by the conditional access method information analysis unit 220 of the PMT analysis unit 22, and the CAT analysis unit 23 The individual key information (EMM) is acquired based on the position information (EMM_PID) of the individual key information extracted by the conditional access method information analysis unit 230.

Here, the key information acquisition unit 24 receives a packet having the same packet identification as the position information (ECM_PID) of the common key information extracted by the conditional access method information analysis unit 220 from the plurality of ECMs separated by the demultiplexing unit 21. By extracting, the ECM corresponding to the conditional access system identification (CA_System_ID) is acquired.
Further, the key information acquisition unit 24 extracts a packet having the same packet identification as the position information (EMM_PID) of the individual key information extracted by the conditional access method information analysis unit 230 from the plurality of EMMs separated by the demultiplexing unit 21. By doing so, the EMM corresponding to the conditional access system identification (CA_System_ID) is acquired.

That is, the key information acquisition unit 24 is a packet having the same value as the position information (ECM_PID) of the key information described in the PMT conditional access method information among the plurality of ECMs and EMMs separated by the demultiplexing unit 21. And a packet having the same value as the position information (EMM_PID) of the key information described in the CAT conditional access method information functions as a PID filter.
The key information acquisition unit 24 outputs the acquired ECM and EMM to the conditional access control unit 26.

  The key information acquisition unit 24, when the position information of the key information described in the CAT conditional access method information is a network address (such as an IP address) of an external server (not shown), It is assumed that key information is acquired via communication control means (not shown).

The program selection means 25 selects one of the related information subsystem programs P stored in the conditional access control means 26 based on the program identification extracted by the mapping information analysis means 231 of the CAT analysis means 23, and the conditional access control. The means 26 is instructed to start the program.
Here, the program selection unit 25 includes a program identification acquisition unit 250, a load instruction determination unit 251, and a load instruction unit 252.

The program identification acquisition unit 250 acquires a list of program identifications of the related information subsystem program P stored in advance in the limited reception control unit 26 from the limited reception control unit 26. Here, the program identification acquisition unit 250 acquires a list of program identifications via the program identification notification unit 261 of the conditional access control unit 26.
As a result, the program selection unit 25 can recognize the related information subsystem program stored in advance in the conditional access control unit 26.
The program identification acquisition unit 250 outputs the acquired program identification list to the load instruction determination unit 251.

The load instruction determination unit 251 determines whether or not one or more program identifications acquired by the program identification acquisition unit 250 conform to the rules indicated in the load instruction information extracted by the CAT analysis unit 23. is there.
Then, the load instruction determination unit 251 determines one program identification conforming to the rule, and outputs the program identification to the load instruction unit 252. When there are a plurality of program identifications conforming to the rules, the load instruction determination unit 251 outputs the latest version of the program identification to the load instruction unit 252.

  For example, when the parameter of the load instruction information shown in FIG. 4D is applied and the parameter value is “0”, the load instruction determination unit 251 includes the program identification acquired by the program identification acquisition unit 250. Then, the latest version of the program identification is output to the load instruction means 252. If the value of the parameter is “1”, the load instruction determination unit 251 has a program whose version is newer than the program identification extracted by the CAT analysis unit 23 in the program identification acquired by the program identification acquisition unit 250. The identification (the latest program identification if there are a plurality of identifications) is output to the load instruction means 252.

  If the value of the parameter is “2”, the load instruction determination unit 251 has a program whose version is older than the program identification extracted by the CAT analysis unit 23 in the program identification acquired by the program identification acquisition unit 250. The identification (when there are a plurality of programs, the latest program identification among them) is output to the load instruction means 252. If the parameter value is “3”, the load instruction determination unit 251 outputs the program identification extracted by the CAT analysis unit 23 to the load instruction unit 252.

The load instruction unit 252 instructs the conditional access control unit 26 to start (load) the related information subsystem program P corresponding to the program identification determined by the load instruction determination unit 251.
At this time, the load instruction unit 252 outputs the load security information (see FIG. 4C) extracted by the CAT analysis unit 23 to the conditional access control unit 26 together with the identification of the program to be loaded.
The load instruction unit 252 outputs the program identification determined by the load instruction determination unit 251 to the mapping information analysis unit 231.

The conditional access control unit 26 generates a scramble key based on the key information (ECM, EMM) acquired by the key information acquisition unit 24.
The conditional access control means 26 is a tamper-resistant module equipped with a related information subsystem program that generates a scramble key using key information.

  Here, the limited reception control unit 26 includes a program storage unit 260, a program identification notification unit 261, a load unit 262, a falsification detection unit 263, a key storage unit 264, and a work memory 265.

The program storage means 260 stores one or more related information subsystem programs P. The related information subsystem program P has a unique program identification (CA_prog_ID), and the individual related information subsystem programs P1, P2,.
The program identification may be data different from the related information subsystem program P and may be associated with the related information subsystem program P or inside the related information subsystem program P (for example, at the beginning) It may be information embedded in a predetermined number of bytes.

  The program storage means 260 may store a plurality of related information subsystem programs P1, P2,... In advance, or may be separately read from a storage medium such as a memory card via a reading means (not shown). The related information subsystem program P may be added. Further, the related information subsystem program P may be downloaded (acquired) to the program storage means 260 via data broadcasting or a network.

  Here, the structure of the related information subsystem program P will be described with reference to FIG. As shown in FIG. 6, the related information subsystem program P includes EMM processing means 30 and ECM processing means 31. That is, the related information subsystem program P is a program that realizes a related information subsystem by causing a computer (not shown) in the conditional access control unit 26 to function as the EMM processing unit 30 and the ECM processing unit 31.

  The EMM processing means (individual key information processing means) 30 decrypts the individual key information (EMM) acquired by the key information acquisition means 24 with the master key Km stored in the key storage means 264, and obtains the work key Kw. To get. The EMM processing means 30 outputs the decrypted work key Kw to the ECM processing means 31.

The ECM processing means (common key information processing means) 31 decrypts the common key information (ECM) acquired by the key information acquisition means 24 with the work key Kw decrypted by the EMM processing means 30, and acquires the scramble key Ks. To do. The ECM processing unit 31 outputs the decrypted scramble key Ks to the descrambling unit 27.
Thereby, the related information subsystem program P can generate the scramble key Ks from the key information (ECM, EMM).

Each of the related information subsystem programs P1, P2,... Uses, for example, different key lengths in the EMM processing means 30 and the ECM processing means 31, or uses different charging methods such as charging for programs and charging for channels. By doing so, it can be set as the program from which security intensity | strength and a charging system differ.
Returning to FIG. 5, the description of the configuration of the receiving device 2 will be continued.

  The program identification notification means 261 notifies the program identification of the related information subsystem programs P1, P2,... Stored in the program storage means 260 in response to a program identification acquisition request. Here, the program identification notifying unit 261 receives a program identification acquisition request from the program selecting unit 25 and notifies the program selecting unit 25 of the program identification.

The load unit 262 reads the related information subsystem program P corresponding to the program identification selected by the program selection unit 25 from the program storage unit 260, expands (loads) it into the work memory 265, and starts the program. It is.
Here, it is assumed that the loading means 262 expands the work information 265 in the work memory 265 only when the related information subsystem program P corresponding to the selected program identification is not falsified.

  That is, the load unit 262 notifies the falsification detection unit 263 of the program identification and the hash value notified from the program selection unit 25 before expanding the related information subsystem program P in the work memory 265, and corresponds to the program identification. The related information subsystem program P is inspected for falsification. Then, the load means 262 expands the related information subsystem program P in the work memory 265 and activates it only when it is notified as a result of the inspection that no falsification has been performed.

The falsification detection unit 263 detects falsification of the related information subsystem program P to be activated and stored in the program storage unit 260.
Here, the falsification detection means 263 inputs the program identification and the load security information of the relevant information subsystem program to be activated from the loading means 262, and with respect to the relevant information subsystem program designated by the program identification. The hash value is calculated by a hash function (SHA256 or the like). This hash function is the same hash function as that on the transmission side, that is, the same function that generates a hash value added to the mapping information (CA load descriptor).

  Then, the falsification detection unit 263 compares the hash value of the calculation result with the hash value indicated by the load security information input from the load unit 262. If the hash values are the same, the related information subsystem program is falsified. If the hash values are different, a test result indicating that the related information subsystem program has been tampered with is generated and output to the load means 262.

In addition, when the reference information of the hash value is described in the load security information, the falsification detection unit 263 receives the hash value from the server (not shown) specified by the reference information via the communication unit (not shown). To get.
When the reference information is described in the load security information, it is not always necessary to acquire the hash value by the falsification detection unit 263. For example, when the load instruction determination unit 251 determines the program identification to be loaded. Thus, the hash value may be acquired. If only one hash value reference information is described in the load security information, the mapping information analysis unit 231 may obtain the hash value.

  The key storage unit 264 stores a master key Km for each receiving apparatus 2 and is a general storage medium such as a semiconductor memory. When the management unit of the limited reception method of the receiving device 2 is a device unit such as a receiver manufacturer or a receiver model, a device key is stored.

The work memory 265 is a storage device for expanding the related information subsystem program P and operating a computer (CPU [Central Processing Unit]). The work memory 265 includes a general memory such as a RAM (Random Access Memory).
Here, after the related information subsystem program is expanded in the work memory 265 by the loading means 262, the relevant information subsystem is executed in the conditional access control means 26 by the CPU not shown in the figure executing the program. Works.

  The descrambling means 27 descrambles (decodes) the scrambled content (video, audio, etc.) SC packet separated by the demultiplexing means 21 with the scramble key Ks generated by the limited reception control means 26. It is. The content decrypted by the descrambling means 27 is output to a display device or the like (not shown), decoded into data that can be viewed by the viewer, and displayed.

  By configuring the receiving device 2 as described above, the receiving device 2 can arbitrarily switch a plurality of related information subsystem programs by the same limited reception method according to an instruction from the transmitting device 1.

[Operation of conditional access system]
Next, the operation of the conditional access system S will be described. Here, the switching operation of the related information subsystem, which is a feature of the present invention, will be described with reference to FIG. 7, and the conditional access operation by the related information subsystem will be described with reference to FIG.

[Related information subsystem switching operation]
First, the switching operation of the related information subsystem in the conditional access system S will be described with reference to FIG.

First, the transmission apparatus 1 sets mapping information to CAT by the mapping information setting unit 141 of the CAT generation unit 14 (step S10).
Specifically, the mapping information setting unit 141 externally assigns “restricted reception method identification (CA_System_ID)” for each limited reception method in advance, and a related information subsystem to be activated corresponding to the limited reception method. “Program identification (CA_prog_ID)” that is an identifier of a program, “Load instruction information” that indicates a rule for selecting a related information subsystem program, and “Load security information” that is security information related to the related information subsystem program, , And set to CAT (see FIG. 4).

  Then, the transmitter 1 multiplexes the CAT generated in step S10 into the broadcast stream by the multiplexing unit 15 (step S11). This broadcast stream is transmitted to the receiving device 2 via a transmission modulation device (not shown).

  On the other hand, the receiving apparatus 2 demodulates the selected broadcast stream by the channel selection / demodulation means 20 (not shown as a step), and separates the CAT from the broadcast stream by the demultiplexing means 21 (step S12). .

  Then, the receiving device 2 extracts mapping information (program identification, load instruction information, load security information) from the CAT by the mapping information analyzing unit 231 of the CAT analyzing unit 23 (step S13).

  Then, the receiving device 2 uses the program selection unit 25 based on the mapping information extracted in step S13, and a plurality of related information subsystem programs P1, P2 stored in the program storage unit 260 of the conditional access control unit 26. Select one from.

  Specifically, the receiving apparatus 2 uses the related information subsystem stored in the program storage unit 260 of the conditional access control unit 26 via the program identification notification unit 261 by the program identification acquisition unit 250 of the program selection unit 25. The program identification of the programs P1, P2,... Is acquired as a list (step S14).

  Then, the receiving device 2 matches the rules indicated by the parameters of the load instruction information of the mapping information extracted in step S13 by the load instruction determination means 251 of the program selection means 25 so that each program identification in the list acquired in step S14 is matched. It is determined whether or not, and one matched program identification is selected (step S15). At this time, when there are a plurality of program identifications that match the rule, the load instruction determination unit 251 selects the latest version of the program identification.

Then, the receiving device 2 uses the mapping information analysis unit 231 to extract the limited reception method identification (CA_System_ID) corresponding to the program identification selected in Step S15 from the mapping information set in the CAT (Step S16).
The extracted conditional access system identification (CA_System_ID) is notified to the conditional access system information analysis unit 220 and the conditional access system information analysis unit 230, and used in the limited reception operation (FIG. 8) described later.

  The receiving device 2 notifies the conditional access control means 26 of the program identification selected in step S15 and the load security information of the mapping information extracted in step S13 corresponding to the program identification as load instruction information. (Step S17).

Thereafter, the reception device 2 calculates a hash value for the related information subsystem program P corresponding to the program identification notified in step S17 by the falsification detection unit 263 of the conditional access control unit 26, and notifies it in step S17. The falsification is detected based on whether or not the hash value indicated by the loaded load security information matches (step S18).
In addition, when the reference information of the hash value is described in the load security information, the falsification detection unit 263 receives the hash value from the server (not shown) specified by the reference information via the communication unit (not shown). Let's get

  Then, when it is determined that there is no falsification as the detection result in step S18 (Yes in step S19), the receiving device 2 uses the loading unit 262 to associate the related information subsystem program corresponding to the program identification selected in step S15. P is read from the program storage unit 260, loaded (loaded) into the work memory 265, and the program is started (step S20).

  On the other hand, when it is determined that there is tampering (No in step S19), the receiving device 2 ends the process without loading and starting the designated related information subsystem program P. In this case, the limited reception control means 26 may notify the program selection means 25 to that effect, and the program selection means 25 may display a message on the screen that the program has been tampered with.

With the above operation, the conditional access system S can switch the related information subsystem program operating in the receiving device 2 according to an instruction from the transmitting device 1.
As a result, the conditional access system S can flexibly specify related information subsystem programs having different security strengths and functions for each conditional access system identification, and the related information sub-system can be finely defined according to the business model of the broadcaster. The system program can be switched.

  Further, the conditional access system S can appropriately switch the related information subsystem program even if the related information subsystem program possessed by the receiving device 2 is different for each receiving device 2, and the entire broadcasting system Broadcast services can be operated while maximizing security strength.

[Limited reception operation]
Next, the conditional access operation by the related information subsystem in the conditional access system S will be described with reference to FIG.

First, the transmission apparatus 1 sets the limited reception method information in the CAT by the limited reception method information setting unit 140 of the CAT generation unit 14 (step S30).
Specifically, the conditional access method information setting means 140 externally assigns “restricted reception method identification (CA_System_ID)” previously assigned to each conditional access method, and individual key information (CA_System_ID) corresponding to the conditional access method. “Position information of key information (EMM_PID)” indicating packet identification etc. for transmitting EMM) is input and set in CAT (see FIG. 4).
Then, the transmitter 1 multiplexes the CAT generated in step S30 by the multiplexing unit 15 into the broadcast stream (step S31).

Further, the transmission apparatus 1 sets the limited reception method information in the PMT by the limited reception method information setting unit 130 of the PMT generation unit 13 (step S32).
Specifically, the conditional access method information setting means 130 externally assigns “restricted reception method identification (CA_System_ID)” previously assigned to each conditional access method, and the common key information (CA_System_ID) corresponding to the conditional access method. “Key information position information (ECM_PID)” indicating packet identification etc. for transmitting (ECM) is input and set in the PMT (see FIG. 3).
Then, the transmitter 1 multiplexes the PMT generated in step S32 by the multiplexing unit 15 into the broadcast stream (step S33).

Further, the transmitting device 1 encrypts the work key Kw input from the outside with the master key Km by the EMM generating means 12, and the individual key information which is the individual key information of the receiving device 2 including the encrypted work key Kw. (EMM) is generated (step S34).
Then, the transmitter 1 multiplexes the EMM generated in step S34 into the broadcast stream by the multiplexing unit 15 (step S35).

In addition, the transmitting apparatus 1 encrypts the scramble key Ks input from the outside with the work key Kw by the ECM generation means 11, and common key information that is key information common to the receiving apparatus 2 including the encrypted scramble key Ks. (ECM) is generated (step S36).
Then, the transmitter 1 multiplexes the ECM generated in step S36 by the multiplexing unit 15 into the broadcast stream (step S37).

Further, the transmitter 1 scrambles the content C input from the outside with the scramble key Ks by the scramble means 10 to generate the scrambled content SC (step S38).
Then, the transmitter 1 multiplexes the scrambled content SC generated in step S38 by the multiplexing unit 15 into the broadcast stream (step S39).

Through the above operation, the transmission apparatus 1 can transmit the scrambled content SC as a broadcast stream, and multiplex the key information for descrambling the scrambled content SC into the broadcast stream for transmission.
Here, in order to simplify the description, the operation has been described in the flow of sequentially multiplexing CAT, PMT, EMM, ECM, and content into a broadcast stream. However, strictly speaking, these pieces of information are multiplexed into the broadcast stream at individual timings.

On the other hand, the receiving device 2 performs the following operation while demodulating the selected broadcast stream by the channel selection / demodulation means 20.
That is, when the CAT is multiplexed in the broadcast stream, the receiving device 2 separates the CAT from the broadcast stream by the demultiplexing unit 21 (step S40).

  Then, the receiving apparatus 2 notifies the mapping information analyzing unit 231 of the one or more limited receiving method information set in the CAT separated in step S40 by the limited receiving method information analyzing unit 230 of the CAT analyzing unit 23. The position information (EMM position information [EMM_PID]) of the individual receiver key information is extracted from the conditional access system information having the conditional access system identification (CA_System_ID) (extracted in step S16 in FIG. 7) S41).

Further, when the PMT is multiplexed in the broadcast stream, the receiving device 2 separates the PMT from the broadcast stream by the demultiplexing unit 21 (step S42).
Then, the reception apparatus 2 notifies the mapping information analysis unit 231 of the one or more limited reception method information set in the PMT separated in step S42 by the limited reception method information analysis unit 220 of the PMT analysis unit 22. Position information (ECM position information [ECM_PID]) common to the receiving apparatus is extracted from the limited reception system information having the limited reception system identification (CA_System_ID) (extracted in step S16 in FIG. 7) (step S16). S43).

  In addition, when the EMM is multiplexed in the broadcast stream, the reception device 2 separates the EMM from the broadcast stream by the demultiplexing unit 21. Further, the receiving device 2 extracts the EMM having the packet identification of the EMM_PID that is the position information extracted in step S43 from the separated EMMs by the key information acquisition unit 24 (step S44).

  Then, the receiving device 2 stores the EMM extracted in step S44 in the key storage unit 264 by the EMM processing unit 30 of the related information subsystem program P that is expanded and operating in the work memory 265 of the conditional access control unit 26. The work key Kw is extracted by decrypting with the stored master key Km (step S45).

  In addition, when the ECM is multiplexed in the broadcast stream, the reception device 2 separates the ECM from the broadcast stream by the demultiplexing unit 21. Further, the receiving apparatus 2 extracts the ECM having the packet identification of the ECM_PID that is the position information extracted in step S41 from the separated ECM by the key information acquisition unit 24 (step S46).

  Then, the receiving device 2 extracts the ECM extracted in step S46 by the ECM processing unit 31 of the related information subsystem program P that is expanded and operating in the work memory 265 of the conditional access control unit 26 in step S45. By decrypting with the work key Kw, the scramble key Ks is extracted (step S47).

In addition, the receiving device 2 uses the demultiplexing unit 21 to demultiplex the scrambled content SC multiplexed in the broadcast stream (step S48).
The receiving device 2 then descrambles (decrypts) the scrambled content SC separated in step S48 with the scramble key Ks extracted in step S47 by the descrambling means 27 (step S49).

  With the above operation, the receiving device 2 can receive limited scrambled content SC by using key information for descrambling the scrambled content SC that is multiplexed and transmitted in the broadcast stream.

(Second Embodiment)
[Outline of conditional access system]
Next, with reference to FIG. 9, the outline of the conditional access system SB according to the second embodiment of the present invention will be described while referring to differences from the first embodiment.
The conditional access system SB is different from the first embodiment in that mapping information is described in a program map table (PMT) instead of CAT.

  As shown in FIG. 9, the conditional access system SB includes a transmission device 1B and reception devices 2B, 2B,. Then, the transmission device 1B describes the mapping information in a program map table (PMT), multiplexes it with the broadcast stream, and transmits it. Further, the receiving device 2B analyzes the PMT, selects the designated related information subsystem program P, and operates it.

[Configuration of transmitter]
With reference to FIG. 10 (refer to FIG. 9 as appropriate), the difference of the configuration of the transmission apparatus 1B according to the second embodiment of the present invention from the first embodiment will be described.
As illustrated in FIG. 10, the transmission apparatus 1B includes a scramble unit 10, an ECM generation unit 11, an EMM generation unit 12, a PMT generation unit 13B, a CAT generation unit 14B, and a multiplexing unit 15.
Note that the scramble unit 10, the ECM generation unit 11, the EMM generation unit 12, and the multiplexing unit 15 are the same as those in the first embodiment, and thus description thereof is omitted.

The PMT generating unit 13B generates a program map table (PMT) and outputs the generated PMT to the multiplexing unit 15. The PMT generation unit 13B includes a conditional access method information setting unit 130 and a mapping information setting unit 131.
The mapping information setting means 131 sets mapping information corresponding to the conditional access method in the program map table (PMT).
The conditional access method information setting unit 130 is the same as that in the first embodiment, and thus the description thereof is omitted.

  Here, an example of the data structure of the PMT generated by the PMT generating unit 13B will be described with reference to FIG. 11 (refer to FIG. 10 as appropriate).

As shown in FIG. 11A, the PMT generating unit 13B includes a section header including a table identification for identifying the PMT from other table information, a descriptor area in which various descriptors are arranged, a CRC, Table information composed of (checksum) is generated.
In this descriptor area, one or more conditional access system information (limited reception system descriptor) is set by the conditional access system information setting means 130 corresponding to the conditional access system. In the descriptor area, mapping information setting means 131 sets one or more mapping information corresponding to the limited reception method.
Note that the data structures of the conditional access method information and the mapping information are the same as those in the first embodiment, and thus description thereof is omitted.

Returning to FIG. 10, the description of the configuration of the transmission device 1B will be continued.
The CAT generation unit 14B generates a CAT and outputs the generated CAT to the multiplexing unit 15. The CAT generation unit 14B includes a conditional access method information setting unit 140.

  As shown in FIG. 12, the CAT generated by the CAT generation unit 14B is the same as that of the first embodiment except that mapping information is not set. Therefore, description of the data structure of the CAT generation unit 14B and the CAT is omitted.

  By configuring the transmission apparatus 1B as described above, the transmission apparatus 1B can select and operate the related information subsystem program operated by the reception apparatus 2B for each limited reception method.

[Receiver configuration]
With reference to FIG. 13 (refer to FIG. 9 as appropriate), the difference of the configuration of the receiving device 2B according to the second embodiment of the present invention from the first embodiment will be described.
As shown in FIG. 13, the receiving device 2B includes a channel selection / demodulation unit 20, a demultiplexing unit 21, a PMT analysis unit 22B, a CAT analysis unit 23B, a key information acquisition unit 24, and a program selection unit 25. , Limited reception control means 26 and descrambling means 27.
Note that the channel selection / demodulation unit 20, the demultiplexing unit 21, the key information acquisition unit 24, the program selection unit 25, the conditional access control unit 26, and the descrambling unit 27 are the same as those in the first embodiment, and thus description thereof is omitted. .

The PMT analysis means 22B analyzes the program map table (PMT) separated by the demultiplexing means 21. Here, the PMT analysis unit 22B includes a conditional access method information analysis unit 220 and a mapping information analysis unit 221.
The conditional access system information analysis unit 220 is the same as that in the first embodiment, and thus the description thereof is omitted.

The mapping information analysis means 221 extracts program identification from mapping information set in the PMT. Note that if the mapping information includes the load instruction information and the load security information, the mapping information analysis unit 221 also extracts the information.
The mapping information analysis unit 221 outputs the extracted program identification (load instruction information, load security information) to the program selection unit 25.
Note that the processing of the mapping information analysis unit 221 is the same as that of the first embodiment (mapping information analysis unit 231 in FIG. 5), and thus description thereof is omitted.

The CAT analysis unit 23B analyzes the conditional access table (CAT) separated by the demultiplexing unit 21. The CAT analysis unit 23 includes a conditional access system information analysis unit 230.
The CAT analysis unit 23B is the same as that of the first embodiment except that the CAT mapping information is not extracted. Therefore, the description of the CAT analysis unit 23B is omitted.

  By configuring the receiving device 2B as described above, the receiving device 2B can arbitrarily switch a plurality of related information subsystem programs by the same limited reception method according to an instruction from the transmitting device 1B.

[Related information subsystem switching operation]
Next, referring to FIG. 14 (refer to FIG. 9, FIG. 10, and FIG. 13 as appropriate for the configuration), the difference between the related information subsystem switching operation in the conditional access system SB and the first embodiment will be described. .

First, the transmitting apparatus 1B sets the mapping information to the PMT by the mapping information setting unit 131 of the PMT generating unit 13B (step S10B).
Specifically, the mapping information setting unit 131 externally assigns “restricted reception method identification (CA_System_ID)” assigned in advance for each limited reception method, and a related information subsystem to be activated corresponding to the limited reception method. “Program identification (CA_prog_ID)” that is an identifier of a program, “Load instruction information” that indicates a rule for selecting a related information subsystem program, and “Load security information” that is security information related to the related information subsystem program, Are set to the PMT (see FIG. 11).

  Then, the transmission apparatus 1B multiplexes the PMT generated in step S10B by the multiplexing unit 15 into the broadcast stream. This broadcast stream is transmitted to the receiving device 2B via a transmission modulation device (not shown) (step S11B).

  On the other hand, the receiving apparatus 2B demodulates the broadcast stream selected by the channel selection / demodulation means 20 (not shown as a step), and separates the PMT from the broadcast stream by the demultiplexing means 21 (step S12B). .

  Then, the receiving device 2B extracts mapping information (program identification, load instruction information, load security information) from the PMT by the mapping information analyzing unit 221 of the PMT analyzing unit 22 (step S13B).

  In addition, since the process after step S14 is the same as that of 1st Embodiment, description is abbreviate | omitted. Also, the conditional access operation by the related information subsystem is the same as that in the first embodiment, and thus description thereof is omitted.

With the above operation, the conditional access system SB can switch the related information subsystem program operating in the receiving device 2B in accordance with an instruction from the transmitting device 1B.
As a result, the conditional access system SB can flexibly specify related information subsystem programs having different security strengths and functions for each conditional access system identification, and the related information sub-systems are finely defined according to the business model of the broadcaster. The system program can be switched.

  Further, the conditional access system SB can appropriately switch the related information subsystem program even if the related information subsystem program possessed by the receiving device 2B is different for each receiving device 2B, and the entire broadcasting system Broadcast services can be operated while maximizing security strength.

The configuration and operation of the conditional access systems S and SB, the transmission apparatuses 1 and 1B, and the reception apparatuses 2 and 2B according to the embodiments of the present invention have been described above. However, the present invention is not limited to these embodiments. Absent.
(Modification 1)
In the present embodiment, as shown in FIGS. 4 and 11, parameters are set in the load instruction information of mapping information set in the CAT or PMT (see FIGS. 4D and 11C) and designated. Based on the program identification, the related information subsystem program to be activated in the receiving devices 2 and 2B is selected.

However, when the related information subsystem program started in the receiving devices 2 and 2B is limited to the related information subsystem program specified by the program identification designated by the transmitting devices 1 and 1B, the load instruction information is omitted from the mapping information. May be.
That is, in the transmission apparatus 1, the setting of the load instruction information may be omitted in the mapping information setting unit 141 of the CAT generation unit 14 (the same applies to the mapping information setting unit 131).
In that case, in the receiving apparatuses 2 and 2B, the load instruction determination unit 251 may be omitted from the configuration from the program selection unit 25. In this case, the program identification acquisition unit 250 outputs the designated program identification to the load instruction unit 252.

(Modification 2)
In this embodiment, as shown in FIGS. 4 and 11, load security information is set in mapping information set in CAT or PMT (see FIGS. 4C and 11C), and the receiving apparatus In step 2, the alteration of the related information subsystem program to be activated is detected.
However, if the conditional access control means 26 that is a tamper resistant module is highly secure, the conditional access systems S and SB may be configured simply by omitting the falsification detection process.

In that case, in the transmission apparatus 1, the setting of the load security information is omitted in the mapping information setting unit 141 of the CAT generation unit 14 (the same applies to the mapping information setting unit 131).
Further, in the limited reception control means 26 of the receiving devices 2 and 2B, the falsification detection means 263 is omitted from the configuration, and the load means 262 falsifies the related information subsystem program P corresponding to the program identification selected by the program selection means 25. Without detection, the data may be read from the program storage unit 260, expanded in the work memory 265, and the program may be activated.

(Modification 3)
In this embodiment, the conditional access system descriptor is exemplified as the conditional access system information described in the PMT and CAT. However, the present invention may use an access control descriptor as the conditional access system information.
That is, in PMT and CAT, not only two conditional access method descriptors but also two access control descriptors may be described as conditional access method information. One child may be described at a time.
In addition, the access control descriptor is “Program standard information used for digital broadcasting (ARIB STD-B10) Part 2”, 5.3 edition, The Japan Radio Industry Association, March 18, 2014 Since it is described in “Revision”, further explanation is omitted.

(Modification 4)
In the present embodiment, the CAT analysis unit 23 analyzes the mapping information at the selected timing. However, the CAT analysis unit 23 may cache and reuse the conditional access system identification (CA_System_ID) and the position information (EMM_PID) of the individual key information while the CAT version described in the CAT does not change. Further, the PMT analysis unit 22 may cache the position information (ECM_PID) of the common key information and reuse it (the same applies to the PMT analysis unit 22B) as in the CAT analysis unit 23.

(Modification 5)
In the present embodiment, mapping information is set only in one of CAT and PMT. However, the transmission apparatuses 1 and 1B may include both of the mapping information setting units 131 and 141 and set the mapping information in any one of CAT and PMT. In that case, the receiving apparatuses 2 and 2B may include both the mapping information analysis units 131 and 221 and refer to the mapping information included in either CAT or PMT.

S, SB conditional access system 1, 1B transmission device 10 scramble means 11 ECM generation means (common key information generation means)
12 EMM generation means (individual key information generation means)
13, 13B PMT generation means 130 Conditional reception method information setting means (second conditional access method information setting means)
14, 14B CAT generation means 140 Limited reception method information setting means (first limited reception method information setting means)
131, 141 Mapping information setting means 15 Multiplexing means 2, 2B receiver 20 Channel selection / demodulation means 21 Demultiplexing means 22, 22B PMT analysis means 220 Limited reception method information analysis means (second limited reception method information analysis means)
23, 23B CAT analysis means 230 Limited reception method information analysis means (first limited reception method information analysis means)
221, 231 Mapping information analysis means 24 Key information acquisition means 25 Program selection means 250 Program identification acquisition means 251 Load instruction determination means 252 Load instruction means 26 Limited reception control means 260 Program storage means 261 Program identification notification means 262 Load means 263 Tamper detection Means 264 Key storage means 265 Work memory 27 Descramble means P Related information subsystem program 30 EMM processing means (individual key information processing means)
31 ECM processing means (common key information processing means)

Claims (2)

Receiving device for limited reception of scrambled content multiplexed in a broadcast stream by a transmitting device by a limited receiving method using key information common to the receiving device and key information specific to the receiving device as related information of a scramble key for scrambling the content Because
A related information sub set that is set in the first table or the second table multiplexed in the broadcast stream and that executes a conditional access system identification for identifying the conditional access system and a key distribution process of the scramble key. From the mapping information including the program identification including the version of the system program, and the parameter indicating the rule for selecting the program to be activated in the related information subsystem program based on the version indicated by the program identification, Mapping information analyzing means for extracting the program identification and the parameters;
Program selection means for selecting one of the related information subsystem programs stored in the program storage means based on the program identification and parameters extracted by the mapping information analysis means;
Of the limited reception scheme information set in the first table multiplexed in the broadcast stream and including the conditional access scheme identification and the position information of the key information of each receiver, the mapping information analyzing means First conditional access method information analyzing means for extracting position information of key information specific to the receiving device from the conditional access method information having the conditional access method identification notified from
Of the limited reception scheme information set in the second table multiplexed in the broadcast stream and including the conditional access scheme identification and the position information of the key information common to the receiving apparatus, the mapping information analyzing means Second conditional access method information analyzing means for extracting position information of key information common to the receiving device from conditional access method information having the conditional access method identification notified from
Key information acquisition means for acquiring key information specific to the receiving apparatus and key information common to the receiving apparatus based on the position information extracted by the first and second conditional access system information analyzing means;
Conditional reception in which the related information subsystem program is stored in the program storage means and the scramble key is generated by the key information acquired by the key information acquisition means by the related information subsystem program selected by the program selection means Control means,
The mapping information analysis means extracts a conditional access system identification corresponding to a program identification of the related information subsystem program selected by the program selection means from the mapping information, and extracts the conditional access system identification extracted from the first and A reception apparatus that notifies the second conditional access system information analysis means.   2. The mapping information analyzing unit extracts the program identification and the parameter from the mapping information set in the first table or the second table at a selected timing. The receiving device described.