TWI336584B - Device key protection method, and encoding apparatus, decoding apparatus, video transmission apparatus and video receiving apparatus using the method - Google Patents

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a device key protection method for authenticating a digital cryptographic processing device, a cryptographic device and a decoding device, and an image transmitting device and a video receiving device. [Prior Art] In the LCDCLiquid Crystal Display: One of the ways to monitor the digital transmission of video signals by Certified or CRT (Cathode-Ray Tube) monitors, there is DVI (Digital Visual Interface). Interface) specifications. When analog video transmission is performed on an lCD monitor or a CRT monitor, there is a problem that the quality of the display screen is easily deteriorated due to the distortion or the like, but in the specification, the video is transmitted by the digital encoding method. Signal, so there is no transmission distortion, but can display high quality. In addition, the DVI specification has also been applied to connect a digital telecommunication broadcast box (set t〇p box) to a digital TV, or to connect a digital player such as a DVD (Digital Vide 〇 Disk). On the LCD monitor, the situation of the digital image is displayed. In the DVI specification, HDCP (High_bandwidth) is proposed because it can utilize high-quality video content so that the video content provided is not improperly broadcasted or illegally copied.

Digital Content Pr〇tecti〇n System: High-bandwidth digital content protection system) specifications as a content protection method. The HDCp specification is a specification for securely transmitting video content protected by the copyright of 5 335 899 1336584 in the transmission system of the DVI video signal. It is the authentication and authentication key between the transmitting device and the receiving device. The common and the specifications of the transmitted video signal plus the password are specified. In the authentication of the HDCP standard or the like, the device key for the device of the communication partner is individually authenticated by the public key code. When the authentication is successfully performed between the transmitting device and the receiving device, the transmitting device encrypts and transmits the video signal using the device key, and the receiving device decodes the received video signal using the device key. For example, a digital image transmission device using the § forcible mode of the HDCp specification or the like is disclosed in the reference. Reference: Japanese Laid-Open Patent Publication No. 2002-314970 (full text, Figs. 1 to 3) A device key for a device for individually authenticating an image signal is written to EEPR0M (Electrica Uy Erasable) when the device is shipped.

Programmable Read-only Memory can be externally stored in an external memory such as a programmable read-only memory or written in an internal memory that can be written and read from the outside. The device key is written to the external memory or the internal memory as it is, and since it is not protected, it is easy to access the external memory or the internal memory and completely copy the device key or observe The information of the device key is stolen from the external memory flowing to the signal mounted on the body. Since it is impossible to obtain the device key in advance because of maliciousness, there is a fear that the video content is misused and the copyright is violated. Moreover, since most of the device keys for consumer products such as DVD players, video converter boxes, and digital television receivers are issued according to the number of shipments, 315899 6 1336584 cannot be immediately known even if some of them are completely copied and utilized. In the case of improper use, it is difficult to find out after the fact that the device key is completely copied, or the path of the full copy is tracked. Moreover, even if it is known that the device key is improperly used, it is difficult to reconstruct the system because the password and decoding architecture of the device key are changed. SUMMARY OF THE INVENTION The present invention has been developed in view of such a situation, and an object thereof is to provide a method for securely protecting a wear button of a processing device for authenticating a digital signal such as an image signal or an audio signal, which can be utilized. A cryptographic device and a decoding device, and an image signal transmitting device and an image signal receiving device. One aspect of the present invention relates to a device key protection method. The method is characterized in that a device key protection circuit for decoding a device key for authenticating the device is provided inside the processing device of the input digital signal, and the device key is password-added and written to the device at the shipping stage of the device. It can be read from the memory in the device. The memory can also be external to the device or mounted inside the device as a rewritable EEPROM or flash memory. Within the device 4, no further system is constructed to reconfigure the decoding of the device keys in the device key protection circuit when the device key protection circuit is improperly accessed. The digital call can be an image signal or a sound = number ' can also be a combination of these. The processing device can be any one of a digital signal transmitting device and a receiving device. Another aspect of the present invention relates to a digital signal encryption device, the device comprising: s ** 体 体 将 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 个别 ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; After reading the 315899 7 1336584, the above-mentioned loading and setting key ' is decoded and added; and the encryption part is used to encrypt the input digital signal by using the decoded device key '. The device key protection circuit and the encryption unit can be installed inside the device as an LSI circuit' and the decoding of the device key can be internally processed in the LSI circuit, and the configuration cannot be observed from the outside. The above memory may be provided on the (3) circuit substrate, but the transmission path of the data from the memory to the device key protection circuit may be formed by an external bus bar such as a serial bus bar, and can be observed and transmitted to the bus bar. Signal. Still another aspect of the present invention is directed to a decoding device for a digital signal. The device comprises: a memory, a device key for individually authenticating the device. The password is added and saved; the device key protection circuit reads from the memory. The device key after the password is added and decoded; and decoding And using the decoded device key to decode the password of the input digital signal. The weighting device and the decoding device may further include a system reconstruction circuit that uses a predetermined secret key and a public key with respect to the device key to generate a work key, and the device key protection circuit may also use the above system. The above work keys generated by the construction circuit decode the above device keys. Here, when the device key protection circuit is attacked, the decoding mode of the device key in the device key protection circuit can be constructed by changing the secret key. Still another aspect of the present invention relates to an image transmitting apparatus. The device comprises: a cryptographic processing block to encrypt the input image signal; and an image sending processing block, wherein the multiplexed image signal is processed and sent by the 315899 8 1336584; The block includes: a memory, a device key for authentication using a public key to be password-added and saved and stored; the system reconstructs the circuit, and uses a predetermined secret key and a public 'open key of the device key to generate a work key; The key protection circuit reads the device key after the password is encrypted from the memory, and uses the above-mentioned servant key to solve the stone; and the cryptographic part, so that the device key of the decoding is decoded, and the image number is encrypted. . Still another aspect of the present invention relates to an image receiving apparatus. The device includes: an image receiving processing block that receives the encoded image signal and performs _ decoding processing; and a decoding processing block that decodes the decoded password of the image signal; the decoding processing block includes: a memory The device key for authentication using the public key cipher is encrypted and saved; the system rebuild circuit 'uses the predetermined secret key and the public key of the device key to generate a work key; the device key protection circuit 'reads from the above memory The device key after the encryption is taken, and decoded by using the above work key; and the decoding unit 'decodes the weight of the video signal by using the decoded device key. It is also an effective aspect of the present invention to convert any combination of the above constituent elements and the technical idea 4 of the present invention between methods, apparatuses, systems, recording media, computer programs, semiconductor devices and the like. In addition, the above summary of the present invention does not include all necessary features, and the present invention may be a sub-combination of the described features. [Embodiment] The present invention will be described with reference to a preferred embodiment, but it is only considered as an example of the invention 315899 9 !336584, which is not limited by the scope of the invention. The description in the specific examples does not include all features and combinations thereof. (First Embodiment) Fig. 1 is a configuration diagram of a transmission system of a content signal in the first embodiment. The encryption device 1 accepts the input of the content signal including the image signal and the audio signal, and the HDCP password unit 1 encrypts the input valley signal according to the HDCP specification, and transmits it to the dv I coil through the DVI terminal. 4 0 on. The decoding device 200 receives the encrypted content signal transmitted by the dvI terminal to the dvI cable 4, and the HDCp decoding unit 2 decodes the received content signal password according to the HDCp specification, and outputs the decoded code. Content signal. The outputted content signal can be played back using a display, a speaker, or the like. In the HDCP specification, after the mutual authentication is performed by a public key cipher between the s〇urce device (also referred to as a transmitter) that transmits the content signal and the absorbing device (also referred to as a receiver) that receives the content signal, the content is The signal is encrypted and transmitted. Here, the encryption device 1 corresponds to the source device, and the decoding device 200 corresponds to the absorption device. In order to authenticate and add the password, the public key is shared between the encryption device 100 and the decoding device 200. The secret key hidden in each device is called a device key. The public key of the corresponding device key (hereinafter referred to as the device public key) is referred to as Ksv (Key Selection Vector). The cryptographic device 1 and the decoding device 200 authenticate each other using a pair of device keys and device public keys. When successful authentication, the cryptographic device 100 uses the device keys to add the content signals sent to the decoding device 200. Password, and the decoding device 2 〇〇 利 315899 1336584

Use the device key to decode the content of the self-added, Yimin, and the Λ1A received passwords received by the horse. In order to protect the device key used for the authentication of the device and the encryption of the content signal from the improper access or the full copy, the device key plus password processing software 30 encrypts and writes the device key by using a predetermined secret key. Add the password device 100 to the memory 丨6. The device key protection circuit 12 of the adding code device 100 reads the device key after the password is encrypted from the memory 16, and the device key after the password is added to the device key to tilt the 12 system to install the series. To HDcp plus password part 1G 'HDCP plus password part, use the decoded device key ^ to encrypt the content signal of the input person and input b data due to stream 2 from m 16 to device key protection circuit 12 The device key on the transmission path is encrypted, so it cannot be used even if it is not obtained. The device key after the password is added can be decoded by the device key protection circuit 12 inside the encryption device (10), and is supplied to the rib encryption unit 1G by the internal bus bar. Therefore, as long as the circuit is not restored, it cannot be used. Obtain the data of the decoded device key. The system reconstruction circuit 14 reconstructs the device key in the device key protection circuit 12 in the event that the device key protection circuit 12 is attacked by improper access such as full retrieval or restoration engineering. The so-called improper access refers to, for example, stealing the decoded device key outputted from the device key protection circuit 12, and collecting the corresponding mode of the encrypted device key and the decoded device key. Then, the behavior of the decoding and decoding mechanism is performed. In the case where the key attack of the device occurs, the device key plus the cryptographic processing software ^ 315899 1336584 reconfigures the reference key by changing the device key circuit 14 and uses the system accordingly. The decoding device of the update device key is constructed and the decoding mode of V2 is 'immediately utilized by the HDCP encryption unit 1G and ^ device keys. The circuit umsi^ and u re-construct the .y mode on a substrate, for example, in the EEPROM block a, # # 1 . The hidden body 16 is used in the EEPROM by the Mm/board when the circuit board is shipped, the device key is added with the code processing software. In addition, in the case where the stone is not a, such as 3 Jun, the device key is written by the device key plus the password processing access, the user adds the password, and; m;; the new password mode sets the device key 1 (four) μ The device key after the password is added.

Then, the circuit 14 is constructed first, and the eight-eighth s ^ τ of the pile A is connected to the control unit of the CPU or the like on the substrate, and the decoding method of the device key protection circuit 12 is changed. The memory 26, the key protection circuit 12 and the system reconstruction circuit 24 are respectively configured and operated, respectively, and the memory 16 and the device key are protected by the Thunder 19 s ^^衣直一川" The key device key protection circuit 22 of the circuit 12 and the system reconstruction circuit 14 supplies the decoded device key to the HDCP decoding unit 2, the ηπγρ station π & Λ 丨W, and the HDCP decoding unit 20 uses the solution. ',,, the device key transcodes the encrypted content message and outputs it. Fig. 2 is an explanatory diagram of the configuration of the device key plus password processing software 3〇. The device key plus password processing software 3〇, input has One of the secret keys is the device=4 2 and the device public key 4 4. The work key generating unit 34 generates the work key wko' using the predetermined t secret (10) κο' initial value vo and the device public key 44 and supplies the password to the secret key. The 32. The secret key plus password unit 32 encrypts the device key 42 using the work key wko, and writes the password 315899 12 1336584 (4) to the memory 16, 26. The corresponding device key 42 is also written. Eight _ - in the case of the hidden body 16, 26 K0, due to the production of ^ A 幵 1 key. Here When the secret key of the secret key 42 is changed, the different work keys are just changed, so that the device key map system and the device can be changed, although the description of the composition is not shown. The functional 槿 &; 疋 疋 疋 疋 更 与 与 与 与 与 与 与 与 与 与 与 与 与 与 与 与 与 与 与 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12 12°, from the memory 16 reading device, when the keyboard is opened, the predetermined secret key κ〇 and initial value are continued. The secret key κ 值 value VG is the same as that used in the device key cryptographic processing software 3 of Fig. 2. The work key generation circuit 12 uses the secret key, the initial value V0, and the device public key 44 to generate a work key, and supplies it to the secret key decoder iio. The secret key decoder 110 reads the cryptographic device key 46' from the memory 16 and decodes it using the work key WK. The device keys decoded by the secret key decoder 110 are supplied to the HDCp cipher core 130. The HDCP cipher core 130 is a cryptographic processing circuit based on the HDCp standard, and has a function of authenticating a communication partner, performing a function common to the keys, and a function of encrypting the content signals by using the shared keys. The HDCp cipher core 130' uses the device key decoded by the secret key decoder 21 to encrypt and output the input content signal. When the secret key κ 输入 input to the work key generation circuit 120 is changed, 315899 13 (1) 6584 = different work. The key is just 'can be changed by adding =:: no code mod /. When the _ 之 μ μ 为 is changed, the secret key κ 使用 used in the device key Hi processing software 30 of FIG. 2 is changed and the password mode is updated, and the input to the work key generation circuit is similarly changed accordingly. 】, secret key KG. By this, the decoding method of the secret key unlocking device (1) can be reconstructed, and the description of the configuration of the erroneous device key 46 and the Δ4 decoding device 2 can be prevented. Performing, 26 reading a pair of password-added device keys and device public key 4丫: the secret key decoding benefit 210 and the work key generating circuit 22 are processed by the device key 46 after the password is added. It is the same as the secret key coder 11 of FIG. 3 and the work key generation circuit 12A. The HDCp decoding core "o is a decoding processing circuit based on the HDCP specification, which has the function of authenticating the communication partner's f and performing the key sharing function" and the function of decoding the inner=signal using the shared key. HDCp decoding The core, 23(), decodes and outputs the encrypted content signal using the device key 'decoded by the secret key decoder 210. Even in the decoding device 2, the password is installed. In the same manner, the decoding method of the secret key decoder 21A can be reconstructed by changing the input to the work key generation circuit 22: the secret key K0. (Second embodiment) The second embodiment is a first embodiment. The cryptographic device 1 and the decoding device 200 are applied to a DVI-standard video signal transmission system. The DVI-compliant transmission system is a video transmission device 300 and a sixth image connected via a transmission path. The image receiving device 4 315 899 is configured. The transmitting device _ and the video receiving device can be implemented by DVI ^ ' and DVI receiver LSI, respectively. As an example, the transmitting device 300 By using the video output unit as a personal computer, the video reception slot 400 is used as a video input L video output unit and a video input unit of a display device such as an LCD, and is connected by a _cable: As another example, it is also possible to use the image transmission '300 as the video wheeling portion of the video conversion box, and use the image receiving and setting 400 as the video input unit of the digital television receiver connected to the video conversion box. The video transmitting device 300 can be used as the video output unit of the _ player, and the video receiving device can be used as the video input unit of the LCD display connected to the _ player. Fig. 5 is a video transmitting device of the second embodiment.构成 图 L L 衫 发送 发送 发送 发送 发送 发送 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 视频 HD HD HD HD HD HD HD HD HD HD HD HD The Dn transmitter 3^20' transmits the encrypted video signal according to the DVI specification. The composition and operation of the HDCp cipher 310, and the H]) cp illustrated in FIG. The code core 130 is the same, and the video signal is encrypted by the device key and sent to the DVI transmitter 320. The TMDS encoder of the DVI transmitter 320 commits 2, and the 3 types of R, G, and B are added after the password is added. The 4 channels of the color signal and the sync signal are coded according to the TMDS (Transition Minimized Differential Signaling) method and transmitted by the differential drive using the 315899 1336584 of the two signal lines. The DVI interface 324 is the coded signal. Serialized and sent to the transmission path via the DVI terminal. Thus, the image transmitting apparatus 300 transmits the encrypted image signal to the image receiving apparatus 400 via the DVI cable. The EEPROM 330 is equivalent to the memory 16 of Fig. 3. The pair of device keys 46 and the device public key 44 described in Fig. 3 are written to the EEPROM 330 when the image transmitting apparatus 300 is shipped. Inside. Further, on the EEPROM 330, the secret key K0 for generating the work key WK0 of Fig. 3 and the initial value V 0 are also written. The configuration configurator (conf igurat〇r) 332 has a function corresponding to the operation key generation circuit 120 of FIG. 3, which reads the secret key K0, the initial value V0, and the device public key 44 from the EEPROM 330, and Stored in the internal register 336 'use the data to generate the work key WK 〇, and the generated work key WK0 is stored in the internal register 336. The secret key decoder 334 is equivalent to the secret key decoder 110 described in FIG. 3, which can read the cryptographic device key 鲁 46 ' from the EEPR 〇 M 33 并 and read from the internal register 336 The work key WK0 generated by the configuration setter 332. The secret key decoder 334 uses the work key WK0 to decode the Kasong, coded device key 46 and supplies the decoded device key to the HDCP cipher 310. The path indicated by the dotted line from the secret key decoder 334 to the HDCp cryptography is the internal bus of the LSI, and there is no fear of being attacked even if the data of the unencrypted device key flows in.

Fig. 6 is a view showing the configuration of a video receiving device 400 according to the second embodiment. The image receiving device 4A includes: a DVI receiver 420 that receives the encrypted image signal according to the specification of DVI 315899 1336584; an HDCP decoder 410 that decodes the received image signal according to the HDCP specification; and a display controller 450, for supplying the decoded image signal to the display device for signal processing. The DVI interface 424 of the DVI receiver 420 receives the encrypted image signal from the image transmitting device 300. The data playback and synchronization processing unit 423 plays back the data of the video signal and synchronizes it to the TMDS decoder 422. The TMDS decoder 422 decodes the encoded video signal according to the TMDS method, and separates the three types of color signals and synchronization signals of R, G, and B, and supplies them to the HDCP decoder 410. The HDCP decoder 410 is constructed and operated in the same manner as the HDCP decoding core 320 illustrated in Fig. 4, and the password of the video signal is decoded by the device key and supplied to the display controller 450. The EEPROM 430, the configuration setter 432, the secret key decoder 434, and the internal register 436 perform the EEPROM 330, the configuration setter 332, the secret key decoder 334, and the internal portion of the image transmitting apparatus 300 of FIG. The same processing of the register 336 can be safely supplied to the device key decoded from the secret key decoder 434 to the HDCP decoder 410. As described above, according to the present embodiment, the device keys stored in the memory can be password-added in advance by the software, and can be read into the body device via the external bus bar during use. The device key after the password is added, because it cannot be combined with other devices for improper use, the key information will not be leaked even if the device key is completely copied from the memory or the external bus signal is observed to obtain the device key. Moreover, since the device key read from the memory can be interpreted inside the main body device, the data of the decoded device key cannot be obtained unless the device is internally restored. In this way, the security of the system can be improved because the protection of the device keys can be enhanced. Further, even if the structure of the device key protection circuit inside the device is attacked, the system can be easily reconstructed by changing the device key protection software, the device key protection circuit configuration, and the secret key used in the device key protection circuit. Moreover, in the event of an attack, the device key protection circuit can be disabled depending on the initial setting of the device. In this way, it is also possible to deal with improper flexibility and improve the convenience of the system. Further, the present invention will be described based on the embodiments. The embodiments are exemplified, and various combinations of the components or processes may be variously modified. It will also be understood by those skilled in the art that such variations are still encompassed by the present invention. Within the scope. As a variation of the above, in the second embodiment, the device key protection method of the video transmission device conforming to the DVI standard has been described, but the HDMI (High Definition Multimedia Interface) specification can be used. The HDMI specification is a next-generation digital audio/visual interface specification based on (10)丨 while maintaining the next level of interchangeability and adding rich functions to home appliances. In addition to video signals, it can also transmit high-quality audio signals. The control signal is transmitted by remote control or the like. Since the HDCP standard suitable for the surface specification is provided, the protection method of the attack key similar to that of the second embodiment can be applied to the transmission/reception apparatus according to the deletion specification. 'Although the present invention has been fully described in the context of a typical embodiment, it will be apparent to those skilled in the art that the present invention can be used in various ways as long as it does not depart from the scope defined by the scope of the appended claims. Change and replace. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a view showing the configuration of a transmission system of a content signal of the first embodiment. Description of the configuration of the device key plus cryptographic processing software in Fig. 1 and Fig. 1 is a diagram showing the configuration of the cryptographic device of Fig. 1.

Fig. 4 is an explanatory diagram showing the configuration of the decoding device of Fig. 1. Fig. 5 is a configuration diagram of a video transmitting apparatus according to a second embodiment. Fig. 6 is a configuration diagram of a video receiving device according to a second embodiment. [Description of main component symbols] hdcp cipher section 14, 24 system reconstruction circuit 20 HDCP decoding section 12, 22 device key protection circuit 16, 26 memory 30 32 40 44 46 100 120, 200 300 device key plus cryptographic processing software secret key Key part DVI electric device public key (public key) After encrypting the device key cryptographic device 220 work key generating circuit calculus horse farm image transmitting device 34 work key generating portion 42 device key (secret key) 110, 210 Secret key decoder 130 HDCP cipher core 230 HDCP decoding core 310 HDCP cipher

315899 19 1336584 320 DVI Transmitter 322 TMDS Encoder 324 > 424 DVI Interface 330 , 430 EEPROM 332 , 432 Set Sadness 334 > 434 Secret Key Decoder 336 , 436 Internal Register 400 Image Receiving Device 410 HDCP Decoding 420 DVI receiver 422 TMDS decoder 423 data playback and synchronization processing unit 450 display controller 20 315899

Claims (1)

1336584 X. Patent application scope: 1. A device key protection method is used in a processing device for inputting a digital signal, and a device key protection circuit for individually decoding a device key for the device is not disposed. In the shipping phase, the device key is password-added and written into the memory that can be read from the device. 3. 2. The method of protecting the device key according to the scope of the patent application, wherein the device is within the device. The system further constructs a circuit for reconfiguring the above-mentioned device key in the upper-level key protection circuit when the device protection circuit is improperly accessed. A cryptographic device, a cryptographic device for a coefficient bit signal, comprising: a memory, which encrypts and saves a device key for individually authenticating the device; and the 键 key protection circuit reads the password after the password is read from the memory The device key is decoded and decoded; and the digit t=port is used to encrypt the entered digit number using the decoded device key. Declaring the cryptographic device of the third item, using the predetermined secret key and the system for making the key with respect to the upper switch 3, the above-mentioned / key-key system re-constructs the circuit to generate the 1-key 4 circuit system. Decoded on. The above-mentioned work key is generated by the above device key 5, such as the encryption code of the fourth item of the patent application scope, and the above-mentioned secret key, to make the wrong key, and the above-mentioned device key protection circuit in the μ, seven Zhuangban The decoding method is rebuilt. ΤUpper speed device key 315899 21 1336584 6·- Kind of decoding device, coefficient bit signal decoding device, including · memory, encrypts and saves the device key for individually authenticating the device; device key protection circuit, self The memory reads the encrypted device key and decodes the device key, and the decoding unit decodes the input number and bit signal password using the decoded device key. 7. The decoding device of claim 6, further comprising a system reconstruction circuit for generating a job call key using a predetermined secret key and a public key relative to the device key, wherein the device key protection circuit uses the above. The above-mentioned work keys generated by the system reconstruction circuit convert the above device keys to decode. 8. The decoding apparatus according to claim 7, wherein the decoding method of the device key in the device key protection circuit is reconstructed by changing the above-described secret key. 9. An image transmitting device, comprising: a weighting code processing block for adding a password to the input image signal; and an image processing processing block, wherein the image signal after the password is added is processed and sent; The cryptographic processing block contains: . In the memory, the device key for authentication using the public key cipher is encrypted and saved; the system rebuilds the circuit, and uses the predetermined secret key and the public key of the device key to generate a work key; 315899 22 1336584 device key protection circuit, The device key after the password is read from the memory and decoded by using the work key; and the encryption unit uses the decoded device key to encrypt the video signal. 10. An image receiving apparatus, comprising: a video receiving processing block that receives a coded video signal and performs decoding processing; and a decoding processing block that decodes a decoded password of the image signal; the decoding processing block includes : The memory, the device key for authenticating the public key password is encrypted and saved; the system reconstructs the circuit, and uses the predetermined secret key and the public key of the device key to generate a work key; the device key protection circuit, from the above memory The device reads the encrypted device key and decodes it by using the work key; and the decoding unit decodes the password of the video signal by using the decoded device key. 23 315899