JPH1079730A - Decoder - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a decoder satisfying both of two requirements as secret information protection of user and ciphered data. SOLUTION: A scramble circuit 54 in a set-top unit 50 applies scramble processing with a 2nd system to digital image fed from a network and scrambled by a 1st system, and the processed data are fed to a security module 70. A descramble circuit 72 of the security module 70 applies 1st descramble processing to the data and returns the result to the set-top unit 50. The data are subjected to 2nd descramble processing by a descramble circuit 50 in the set-top unit 50 and the processed data are outputted to an image display terminal equipment via an MPEG decoder 60.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a decoding device connected to a network or the like and for decoding encrypted data supplied from the network or the like.

[0002]

2. Description of the Related Art In recent years, networks have been developed and various information services have been provided. In order to prevent a third party other than the genuine contractor from receiving the information free of charge, the service provider encrypts the information and sends it over the network.
The service provider informs only the contractor of the decryption key so that only the contractor can correctly decrypt the information.
Information services are widely used not only in wired networks but also in wireless LANs, television broadcasts, and the like.

[0003] As a conventional example of such a decoding device,
There is an apparatus as shown in FIG. This device includes a set-top unit 10, a security module 20, and an IC card 30, but the set-top unit 10 and the security module 20 are actually integrated and realized as one product (decryption device). And I
Only the C card 30 is separate from this product.

[0004] Encrypted data (here, encryption is scrambled, hereinafter, the encrypted data is referred to as scrambled data) supplied from a network (an antenna in the case of wireless LAN and television broadcasting) is set-top unit. It is input to 10 receivers / demodulators 12.
In this example, it is assumed that the original data is digital image data encoded by the MPEG method. The output (scrambled data) of the receiver / demodulator 12 is supplied to the security module 20 and input to the descramble circuit 22 and the filter 24.

[0005] The filter 24 extracts ECM and EMM from the input stream data, and
Supply to 6. ECM and EMM are data defined in MPEG2, and ECM is Entitlement control.
rol message, EMM is Entitlement management message
Abbreviation for ge. More specifically, when the payload of the packet of the MPEG transport stream for transferring the image and audio data is scrambled, the stream includes control information to be transmitted in the transport stream.

[0006] The ECM includes a key (key) necessary for descrambling the scramble, a program number (in MPEG2, a program means a group of image / audio data streams having a common time base), and use of the program. The information includes access control information unique to the video / audio data stream, such as a fee.

[0007] The EMM contains information for controlling access to the entire system. For example, it includes a new user's subscription and a new program number. As described above, the filter 24 includes a stream containing the ECM and EMM (mixed with the encoded image / audio data stream)
ram stream map, TS for transport stream
filter to extract the program map section). This filtering is performed according to the values of the PID (packet ID) and the stream ID assigned to the packet.

[0008] The interface 26 is connected to an IC card 30 owned by the contractor. A service provider, which is a sender of digital image data, writes a descramble key corresponding to scrambling at the time of transmission, a user password, and the like in the IC card 30 in advance, and gives them to the user at the time of contract.

In the system of FIG. 1, possession of a decryption device (consisting of a set-top unit 10 and a security module 20) is a kind of personal authentication.
In order to cope with theft of the device, personal authentication such as password verification is actually performed.

[0010] When the IC card 30 is connected to the interface 26 and the authentication is successful, the descrambling key is input from the IC card 30 to the descrambling circuit 22 in the security module 20.

The descramble circuit 22 descrambles the scrambled data supplied from the set top unit 10 using the descramble key, and returns the original MPEG encoded digital image data to the set top unit 10. The original data is stored in the multiplexer 14, MPE in the set top unit 10.
It is output to a user terminal (not shown) (image display device or the like) via the G decoder 16. The MPEG decoder 16 has a built-in analog / digital converter and outputs an original analog image signal.

As described above, the security module 20
Will descramble the scrambled data,
The original MPEG encoded digital image data is supplied to the set top unit 10. Therefore, only a genuine user can descramble.

However, in this decryption device, user secret information such as a descramble key appears on the interface 26. For this reason, there is a possibility that confidential information of the user may be stolen by a third party via this interface, and there is a problem in terms of user protection and security.

In order to avoid this, the IC card 30 and the security module 20 are integrated (the set-top unit 10 and the security module 20).
May be separated). In this case, the confidential information of the user will not be stolen by a third party, but since the descrambled original digital image data appears on the interface between the security module 20 and the set-top unit 10, it is illegally used. May be used (copied, etc.), and pose a threat to service providers. The above-described problem is not limited to the decoding of information supplied via a network, but also occurs in the distribution of packaged software.

[0015]

As described above, the conventional decryption apparatus has a drawback that it is impossible to satisfy both of the two requirements, that is, protection of user's secret information and protection of encrypted data. SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a decryption device that can protect secret information of a user and prevent unauthorized use of encrypted data.

[0016]

According to the present invention, there is provided a decryption apparatus for decrypting data encrypted by a first method, comprising: a first unit for receiving encrypted data; Second unit detachably connected to one unit
And the second unit is the first unit.
Means for decoding data supplied from the first unit by the first method and returning the data to the first unit,
A unit for encrypting received data by a second method and outputting the encrypted data to a second unit; and a means for decrypting data supplied from the second unit by a second method. It is characterized by.

Further, the first unit includes means for generating an encryption / decryption key of the second system, and a signal output from the generation means is not output to the outside of the unit. I do.

Further, the second unit includes a memory for storing a decryption key of the first system, and a signal output from the memory is not output to the outside of the unit.

Further, the encryption / decryption key of the second system generated by the key generation means of the first unit is variable. According to the decryption device of the present invention, at least the data on which the second encryption is performed appears at the interface between the first unit and the second unit. Can be prevented.

Also, since the user's secret information is not output from the second unit to the outside, the user's secret information can be protected. Further, the encryption / decryption key of the second method is the first type.
Since this unit is not output to the outside, it is very unlikely that this key can be seen by a third party. Furthermore, the second
Since the encryption / decryption key of this method is variable, it is very unlikely that this key can be seen by a third party.

[0021]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A first embodiment of a decoding device according to the present invention will be described below with reference to the drawings. FIG. 2 shows the first
FIG. 3 is a block diagram of the embodiment. This embodiment comprises a set-top unit 50 and a security module 70, which are different from the conventional example and are separate and detachable, and an interface exists between them.

The set top unit 50 includes a receiver /
Demodulator 52, scramble circuit 54, descramble circuit 56, demultiplexer 58, MPEG decoder 6
0, a key control circuit 62. The security module 70 includes a descrambling circuit 72 and an authentication / access control circuit 74. Note that the security module 7
0 may be realized as a form of an IC card.

As in the conventional example, the encrypted data (scrambled MPEG digital image data) supplied from the network or the antenna is input to the receiver / demodulator 52 of the set top unit 10.
The scramble process is performed on the server side of the information provider (not shown), and this scramble process is referred to as a first scramble process (S _A ). The output of the receiver / demodulator 52 controls a scrambling circuit 54 for performing a predetermined second scrambling process (S _B ) different from the first scrambling process (S _A ) on the server side, and a key for the second scrambling process. Is supplied to the key control circuit 62.

The key control circuit 62 includes a receiver / demodulator 52
, A scramble key for a second scramble process and a descramble key corresponding to the scramble key are generated, and the scramble key and the descramble key are converted to the scramble circuit 54 and the descramble circuit 5.
6 respectively. Assuming that the first and second descrambling processes are D _A and D _B , the key control circuit 62 calculates D _B · D
_A scramble key and a descramble key for a second scramble process that satisfies _A · S _B · S _A = I (I: unit matrix) are generated.

The scramble circuit 54 includes a key control circuit 62
The second scrambling process (S _B ) is performed by using the scramble key from. The output of the scrambling circuit 54 is supplied to the security module 70, it is inputted to the descramble circuit 72 for the first descrambling processing (D _A).

The descrambling circuit 72 performs a first descrambling process on the data supplied from the set-top unit 50 with the descramble key supplied from the authentication / access control circuit 74 (D _A), descrambling data Is returned to the set top unit 50. The service provider who is the sender of the digital image data previously writes a descramble key corresponding to the first scrambling process at the time of transmission in the authentication / access control circuit 74,
Give this to the user at the time of contract. For this reason, the descramble circuit 72 obtains data in which the first scrambled data of the data supplied to the set and the unit 50 from the network is descrambled. However, this data is subjected to a second scrambling process (S
_A ) has been done.

The authentication / access control circuit 74 is a conventional IC
Instead of the card, the service provider has written a descramble key, user password, etc.,
Owning the security module 70 incorporating this is a kind of authentication.

In the set-top unit 50, a descrambling circuit 56 performs a second descrambling process (D _B ) on the input data using the descrambling key supplied from the key control circuit 62, and performs the original MPEG encoding. Reproduce digital image data. The output of the descramble circuit 56 is supplied to a user terminal (not shown) (not shown) via a demultiplexer 58 and an MPEG decoder 60.
Output to The MPEG decoder 60 has a built-in analog / digital converter and outputs an analog image signal.

The operation of this embodiment will be described with reference to FIG. FIG. 3 is a diagram illustrating only the scramble process and the descramble process, which are extracted and shown. Here, the first scramble circuit 42 that performs the first scramble process (SA) on the server 40 side is also shown. Assuming that the original digital data is M, the first scramble circuit 42 in the server 40 outputs data S _A (M) scrambled by the first method.

When this data is received by the set-top unit 50, the second scrambling circuit 54 performs a second scrambling process on the data, and the data is subjected to S _B (S _A
(M)) is output. For this reason, data scrambled double by the first and second scrambling methods is supplied from the set top unit 50 to the security module 70. Even if this data is stolen by a third party, it cannot be descrambled, so that the original data cannot be reproduced and there is no fear of unauthorized use of the original digital data.

The first de-scrambling circuit 72 of the security module 70 performs a descrambling process of the first method in the dual scrambled data (D _A), D
_A (S _B (S _A (M))) = S _B (M) is output and returned to the set-top unit 50. Therefore, the scrambled data is supplied from the security module 70 to the set top unit 50 in the second method.
Even if this data is stolen by a third party, it cannot be descrambled, so that the original data cannot be reproduced and there is no fear of unauthorized use of the original digital data. In particular, since the key for the second scramble processing is generated by the key control circuit 62 in the set top unit 50, it does not leak to the outside, and the third key of the original data is not leaked.
Can be prevented from being illegally used.

The second descrambling circuit 56 in the set top unit 50 performs a descrambling process (D _B ) of the second method on the input data, and obtains D _B (D _A (S _B
(S _A (M)))). As described above, since the key control circuit 62 is chosen such that the second scrambling / descrambling S _B, is D _B becomes _{D B · D A · S B} · S A = I, D B (D _A (S _B (S _A
(M)))) = M, and the descrambling circuit 56 can reproduce the original data. _{Incidentally, D B · D A · S} B
· S _A = I means that D _A · S _A = D _B
It is not that S _B = I.

As described above, according to the present embodiment, since the original digital data does not appear on the interface between the set-top unit 50 and the security module 70, unauthorized use of the original digital data (copy, etc.) ) Is impossible, and the service provider can be sufficiently protected. In addition, the IC
Since there is no interface between the card and the security module, the secret information of the user such as the password and the descramble key is not stolen by a third party.

Furthermore, it is more effective if the key control circuit 62 changes the key for the second scrambling process regularly / irregularly in order to enhance security. That is, the possibility that the second scramble key is found by monitoring the data output from the set top unit 50 is not zero. However, by making the key variable, such a possibility can be substantially reduced to zero.

The following effects can be obtained by separately providing the set top unit 50 and the security module 70. The set top unit 50 can be shared by a plurality of users. That is, one set-top unit 50 can be installed at home, and each family can have its own security module 70. Also,
The scramble method may be different depending on the service provider, but even in this case, one set-top unit 50 can cope with the problem by incorporating a descrambling function unique to the service provider into the security module.

The present invention is not limited to the above embodiment,
Various modifications are possible. For example, in the above description, the encryption has been described as scrambling, but the present invention is not limited to this, and ordinary encryption such as the RSA method and the DES method may be used. The data supplied from the network is not limited to image data, but may be audio data, video data, or the like. Further, the data supply form is applicable not only when supplied via a network but also when supplied via a storage medium.

[0037]

As described above, according to the present invention, there is provided a decryption device capable of protecting user's secret information and preventing unauthorized use of encrypted data.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a conventional decoding device.

FIG. 2 is a block diagram showing a configuration of a first embodiment of a decoding device according to the present invention.

FIG. 3 is an exemplary diagram showing a scramble / descrambling process according to the first embodiment;

[Explanation of symbols]

40 ... server 42 ... scramble circuit (S _A) 50 ... set-top units 54 ... scramble circuit (S _B) 56 ... descramble circuit (D _B) 60 ... MPEG decoder 62 ... key control circuit 70 ... security module 72 ... descramble circuit (D _A) 74 ... authentication / access control circuit

Claims (4)

[Claims] 1. A decoding device for decoding data encrypted by a first method, comprising: a first unit for receiving encrypted data; and a second unit detachably connected to the first unit. Wherein the second unit comprises means for decoding data supplied from the first unit by a first method and returning the data to the first unit, wherein the first unit comprises: Means for encrypting received data by a second method and outputting the encrypted data to a second unit, and means for decrypting data supplied from the second unit by a second method. Decoding device. 2. The method according to claim 1, wherein the first unit includes key generating means for generating an encryption / decryption key of a second system, and a key signal output from the key generating means is supplied to the outside of the first unit. 2. The decoding device according to claim 1, wherein the data is not output. 3. The second unit includes a memory storing a decryption key of the first system, and a key signal output from the memory is not output outside the second unit. The decoding device according to claim 1, wherein 4. The encryption / decryption key of the second system generated by the key generation means of the first unit is variable. Decoding device.