WO2005098631A1 - 受信装置、送出装置、セキュリティモジュール、及びデジタル権利管理システム - Google Patents
受信装置、送出装置、セキュリティモジュール、及びデジタル権利管理システム Download PDFInfo
- Publication number
- WO2005098631A1 WO2005098631A1 PCT/JP2005/004202 JP2005004202W WO2005098631A1 WO 2005098631 A1 WO2005098631 A1 WO 2005098631A1 JP 2005004202 W JP2005004202 W JP 2005004202W WO 2005098631 A1 WO2005098631 A1 WO 2005098631A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- license
- content
- encryption
- unit
- period
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8355—Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Definitions
- Receiver transmitter, security module, and digital rights management system
- the present invention relates to a system that manages usage rights of digital content such as video and music distributed on digital broadcasting and the Internet, and that allows a user to use digital content on a terminal device based on the usage right.
- the present invention relates to a system that can reliably control the acquisition of digital content usage rights in terminal devices in accordance with the intentions of business operators.
- a license that is a right to use the content is stored in the terminal device along with the content, so that the license can be freely copied.
- a plurality of licenses for the same content can be obtained without limitation.
- a normal license is delivered in a state where encryption is performed, not all users can freely use the power.
- a contract subscription
- Patent Document 1 Japanese Patent Application Laid-Open No. 2004-5526
- the present invention solves such a conventional problem, and when distributing a license in digital broadcasting or the like, prevents unlimited license acquisition by a user and also records the license on an IC card or the like.
- the purpose of the present invention is to provide a receiving device and a sending device capable of preventing an increase in the size of information related to license management.
- a receiving device obtains the license from a transmitting device that distributes a license for granting a license to use the content, and uses the content based on the license.
- the license is given at least a license take-in period and a license ID, which are periods until the license is taken into the receiving device and made usable.
- a license fetching means for fetching the transmitted license, a history recording means for recording a license fetching history including the license ID and the license fetching term at least until the license fetching term, and the license fetching means. License of license When the license acquisition history includes the same license ID as the ID, the license acquisition unit includes a license acquisition suppression unit that inhibits the license acquisition by the license acquisition unit.
- the license acquisition suppressing unit of the receiving device can prevent unauthorized acquisition of the license by using the license ID and the license acquisition period.
- the receiving device further includes: a license decrypting unit configured to decrypt the encrypted license before being captured by the license capturing unit and generate a decrypted license; Re-encrypting means for re-encrypting the decrypted license to generate a re-encrypted license by using an encryption key different from the encryption key for encryption, and storing at least the re-encrypted license And a storage means.
- the license may be further added with a cryptographic conversion period, which is a period during which the re-encryption unit can perform re-encryption. Performs re-encryption on the license within the cryptographic conversion A re-encrypted license is generated, and the re-encrypted license is stored in the storage unit.
- a sending device is a sending device that sends the license to a receiving device that uses the content based on a license for granting a license to use the content, and generates the license.
- the license in the transmission device, the license can be transmitted to the reception device with at least a license ID and a license take-in expiration date, and the information on the license can be more appropriately managed. It becomes.
- the receiving device re-encrypts the decrypted license using an encryption key different from the encryption key used for encrypting the license.
- the transmission device further includes a re-encryption device that generates a re-encryption license, and the sending device further adds, to the license, an encryption conversion period that is a period during which the re-encryption process can be performed by the re-encryption device.
- a transmitting unit that transmits at least the license ID and the license to which the cryptographic conversion period has been assigned to the receiving device.
- the security module is a security module that operates in cooperation with a terminal device that uses content based on a license.
- the license includes at least the license loaded into the receiving device and used.
- a license take-in period and a license ID, which are a period for enabling the license, are assigned, and the security module includes a license take-in unit that takes in the license transmitted by the sending device, and at least until the license take-in period.
- History recording means for recording a license acquisition history including the license ID and the license expiration date; and a license ID identical to the license ID acquired by the license acquisition means in the license acquisition history.
- a license fetching means for suppressing the fetching of the license by the license fetching means.
- the security module further includes: a license decryption unit configured to decrypt and decrypt the encrypted license before being captured by the license capturing means to generate a decrypted license; A re-encrypting means for re-encrypting the decrypted license by using an encryption key different from the encryption key used for encryption and generating a re-encrypted license is provided.
- the license is illegally used by using the information on the license take-in expiration date and the encryption conversion expiration date assigned to the license. It can solve the problem of oppressing.
- the present invention provides a receiving method, a transmitting method, and a license acquiring method in which the characteristic units of the receiving device, the transmitting device, and the security module are implemented as steps. It can also be implemented as a program that includes all of these steps.
- the program is not only stored in a ROM or the like provided in the receiving device and the sending device, but is also distributed through a recording medium such as a CD-ROM or a communication network.
- the license ID and the expiration date acquired by the terminal By maintaining the license acquisition history at least until the license acquisition date, it is possible to prevent unlimited license acquisition and prevent an increase in the data size to be managed. Become. Also, by using the cryptographic conversion period, only the license actually used by the user can be loaded into the IC card, and the data volume recorded on the IC card can be appropriately managed.
- FIG. 1 is a diagram showing an overall schematic configuration of a content distribution system according to an embodiment of the present invention.
- FIG. 2 is a diagram showing an outline of an encryption scheme according to an embodiment of the present invention.
- FIG. 3 is a functional block diagram showing a configuration of a broadcast station according to the embodiment of the present invention.
- FIG. 4 is a diagram showing a configuration of a contract information management table of a contract information management DB according to the embodiment of the present invention.
- FIG. 5 is a diagram showing a configuration of a work key management table of a work key DB according to the embodiment of the present invention.
- FIG. 6 is a diagram showing a configuration of a content attribute information management table of a content attribute information DB according to the embodiment of the present invention.
- FIG. 7 is a diagram showing a configuration of a content key management table of a content key DB according to the embodiment of the present invention.
- FIG. 8 is a diagram showing a configuration of a content management table of a content DB according to the embodiment of the present invention.
- FIG. 9 is a diagram showing a configuration of an EMM according to the embodiment of the present invention.
- FIG. 10 is a diagram showing a configuration of ECM-Kw and ECM-Kc according to the embodiment of the present invention.
- FIG. 11 is a diagram showing a configuration of a Kc transmission ECM according to an embodiment of the present invention.
- FIG. 12 is a diagram showing a configuration of a terminal device according to an embodiment of the present invention.
- FIG. 13 is a common information tape of a card management information DB according to the embodiment of the present invention.
- FIG. 3 is a diagram showing a configuration of a file.
- FIG. 14 is a diagram showing a configuration of a business-specific information table of a card management information DB according to an embodiment of the present invention.
- FIG. 15 is a diagram showing a configuration of a TL according to an embodiment of the present invention.
- FIG. 16 is a diagram showing a configuration of a license according to the embodiment of the present invention.
- FIG. 17 is a flowchart showing contract processing in a broadcasting station and EMM reception processing in a terminal device and an IC card according to an embodiment of the present invention.
- FIG. 18 is a flowchart showing a content transmission process in a broadcasting station according to the embodiment of the present invention.
- FIG. 19 is a flowchart showing a content accumulation process in the terminal device and the IC card according to the embodiment of the present invention.
- FIG. 20 is a diagram showing a message presented to the user when license conversion is disabled according to the embodiment of the present invention.
- FIG. 21 is a flowchart showing license conversion availability determination processing in an IC card according to an embodiment of the present invention.
- FIG. 22 is a flowchart showing a content use process in the terminal device and the IC card according to the embodiment of the present invention.
- FIG. 23 is a diagram showing a configuration of a terminal device according to a modification of the embodiment of the present invention.
- FIG. 24 is a diagram showing a configuration of a Kc transmission ECM according to a modification of the embodiment of the present invention.
- FIG. 25 is a diagram showing a configuration of a TL according to a modification of the embodiment of the present invention.
- FIG. 26 is a diagram showing a message presented to the user at the time of detection of duplicate purchase of PPV content according to a modification of the embodiment of the present invention.
- FIG. 27 is a diagram showing a message presented to a user when a license cannot be acquired due to a license acquired on another terminal according to a modification of the embodiment of the present invention.
- FIG. 28 is a functional block diagram of a broadcast station according to Embodiment 2.
- FIG. 29 is a table recorded in the content attribute information DB of the transmitting apparatus according to Embodiment 2.
- FIG. 7 is a diagram showing an example of a content attribute information management table that is displayed.
- FIG. 30 shows an example of a content management table recorded in a content DB of the transmission device according to Embodiment 2.
- FIG. 31 is a reference drawing showing an example of the data configuration of the ECM for Kc transmission transmitted from the transmitting apparatus according to Embodiment 2.
- FIG. 32 is a reference diagram showing a system configuration of a receiving apparatus according to Embodiment 2.
- FIG. 33 is a reference diagram showing an example of an import history table (IL: Import List) (!), which is recorded in an import card DB of an IC card on the receiving device side according to the second embodiment.
- IL Import List
- FIG. 34 is a flowchart showing an operation procedure in which the transmitting device in the broadcasting station according to Embodiment 2 transmits contents.
- FIG. 35 is a flowchart showing content reception and encryption conversion processing in the terminal device and the IC card according to Embodiment 2.
- FIG. 36 is a flowchart showing an operation procedure in a cipher conversion availability determination process (corresponding to S3501 in FIG. 35) in the terminal device according to Embodiment 2.
- FIG. 37 is a flowchart showing a processing procedure when a license is taken in the terminal device and the IC card according to the second embodiment.
- FIG. 38 is a flowchart showing a specific operation procedure of the license fetching availability determination (corresponding to step S3702) shown in FIG. 37 in the receiving apparatus according to Embodiment 2.
- FIG. 39 is a diagram of an import history table (IL: Import List) for PPC (contents purchased each time) managed by an IC card according to a modification.
- IL Import List
- FIG. 40 is a reference drawing showing an example of an ECM for Kc transmission distributed to a receiving device having a transmitting device according to a modification.
- FIG. 41 is a flowchart showing a processing procedure in PPC license import in a receiving apparatus according to a modification.
- FIG. 42 is a flowchart showing a specific operation procedure of license incorporation determination (corresponding to step S4102) shown in FIG.
- FIG. 1 is a diagram showing an overall schematic configuration of a content distribution system 1 using a digital right management system according to an embodiment of the present invention.
- the content distribution system 1 allows the user to securely control the use of the encrypted content that is also transmitted by the transmitting device installed in the broadcasting station through digital broadcasting,
- a system that can be used in a terminal device which is a broadcasting station 101 that distributes content and content licenses, a terminal device 102 that uses the content, and an IC card 103 that is used together with the terminal device 102 to use the content.
- a digital broadcast 104 for interconnecting them, and a communication network 105.
- FIG. 1 shows only one terminal device 102 as a representative for simplicity!
- Broadcasting station 101 has a transmitting device that distributes encrypted content (hereinafter, encrypted content), an encryption key for decrypting the encrypted content, and the like.
- encrypted content hereinafter, an encryption key for decrypting the encrypted content
- the terminal device 102 receives the encrypted content from the digital broadcast 104, the communication network 105, or the like, receives a license for decrypting the B-encoded content, and transmits the B-encoded content. This is a device for decrypting and using the content. Further, the terminal device 102 has an interface for inserting the IC card 103, and executes a process that requires high security by cooperating with the IC card 103.
- the IC card 103 is a tamper-resistant hardware module. Specifically, the IC card 103 has a high security card, such as a B-CAS card equipped with the domestic digital broadcasting standard CAS, or a security processor installed on an SD (Secure Digital) card. Such modules.
- a high security card such as a B-CAS card equipped with the domestic digital broadcasting standard CAS, or a security processor installed on an SD (Secure Digital) card.
- SD Secure Digital
- the digital broadcast 104 is a radio digital broadcast such as a BS (Broadcasting Satellite) digital broadcast, a CS (Communication Satellite) digital broadcast, a terrestrial digital broadcast, or a wired digital broadcast such as a digital CATV.
- BS Broadcasting Satellite
- CS Common Satellite
- the communication network 105 is a network that connects the broadcasting station 101 and the terminal device 102 to each other.
- the communication network 105 is a high-speed Internet network such as ADSL (Asymmetric Digital Subscriber Line), FTTH (Fiber To The Home), two-way digital CATV, IEEE802.11g, and the like.
- the content is scrambled, that is, encrypted (202) using an encryption key called a scramble key Ks201.
- a scramble key Ks201 For content scrambling, the payload part of the TS packet is scrambled for each packet of the MPEG-2 transport stream (Transport Stream, hereafter referred to as TS).
- the scramble key Ks201 is a time-varying key that is changed every few seconds to improve security against unauthorized reception.
- the scramble key Ks201 for scrambling the content is encrypted (204) using the work key Kw203 in order to prevent unauthorized eavesdropping by a malicious user or the like.
- the work key Kw203 is an encryption key that is used in the conventional general conditional access system and is assigned to each broadcaster on a contract basis or a group basis. It is generally updated over a period of several years.
- a data structure including at least the scramble key Ks201 and transmitting information related to the content is called an ECM (Entitlement Control Message), and is configured as a private section of MPEG-2 Systems (IECZIS013818-1).
- ECM-Kw The ECM encrypted with the peak key Kw203 is called ECM-Kw, and is used for real-time viewing of broadcast content.
- the scramble key Ks201 is also encrypted (204) with the content key Kc205.
- the content key Kc205 is an encryption key assigned to each content, and is configured as a private section of MPEG-2 Systems, similar to ECM-Kw.
- An ECM that includes at least the scramble key Ks201 and is encrypted with the content key Kc205 is called ECM-Kc, and is used for storage and viewing of broadcast content (Typel content in the server-type broadcast system).
- the content key Kc205 is also decrypted (206) with the work key Kw203 in order to prevent unauthorized eavesdropping by a malicious user or the like.
- the ECM including the content key Kc205 and encrypted with the work key Kw203 is called an ECM for Kc transmission, and is used for storing and viewing broadcast content.
- ECM for Kc transmission is ECM-Kw and ECM-K Like c, it is configured as a private section of MPGE-2 Systems.
- ECM The work key Kw203 that encrypts the ECM for Kw and Kc transmission must be shared between the sender 200 and the receiver 250 prior to using the content. ) Is shared by both parties using a data structure called). At this time, like the scramble key Ks201 and the content key Kc205, in order to prevent eavesdropping, it is encrypted (208) with an encryption key called the master key Km207, which is unique to the terminal device 102.
- the master key Km207 also needs to be shared in advance between the sending side 200 and the receiving side 250, but the master key Km252 of the receiving side 250 is used for the secure part of the terminal device 102 and the security module. This is set by writing in advance to a tamper-resistant module called hardware at the time of shipment.
- the terminal device 102 may be configured to manage and process information that particularly requires security, such as the master key Km207 and the work key Km203, using an IC card. .
- AES Advanced Encryption Standard
- a SAC Secure Authenticated Channel
- work key Kw203 is shared via communication network 105. You can do it.
- ECM—Kw The encrypted content, ECM—Kw, ECM—Kc, Kc transmission ECM and EMM generated as described above are MPEG-2 TS packetized, and if necessary, PSI (Program Specific Information). / SI (multiplexed with data such as Service Information) (209) and transmitted to the receiving side 250.
- PSI Program Specific Information
- SI Multiplexed with data such as Service Information
- the receiving side 250 receives the MPEG-2 TS packets transmitted from the transmitting side 200, separates them (251), and outputs the B-encoded contents, ECM-Kw, ECM-Kc, Kc. Acquire the transmission ECM and EMM.
- the encrypted EMM is decrypted (253) using the master key Km252 held in advance on the receiving side 250, and a work key Kw203 is obtained.
- the work key Kw203 is held in a non-volatile memory of the receiving side 250 or the like.
- the ECM—Kw is obtained, the ECM—Kw encrypted with the work key Kw203 is decrypted (255), and the scramble key Ks201 is obtained.
- the encrypted content can be decrypted (256) using the scramble key Ks201, and the content can be used.
- the ECM for transmission of the encrypted content, ECM—Kc, and Kc recorded in the storage unit (not shown) is read.
- the ECM for Kc transmission the power that is repeatedly transmitted from the transmitting side 200 need only be acquired once in the receiving side 250.
- ECM—Kw is used only for real-time viewing and is not stored at the receiving side 250.
- the content key Kc205 is obtained by decrypting (254) the encrypted Kc transmission ECM using the work key Kw203 obtained by the method described above. This makes it possible to decrypt (255) the ECM-Kc with the content key Kc205 and decrypt (256) the encrypted content and use the content.
- contents (programs) and licenses are distributed via the digital broadcast 104.
- the terminal device 102 stores the contents and licenses in an HDD or the like, and distributes the contents based on the license. The processing used will be described in detail with reference to the drawings of FIGS.
- FIG. 3 is a functional block diagram showing a configuration of broadcast station 101 shown in FIG.
- the broadcast station 101 includes a contract information management DB 301 for managing contract information, a work key DB 302 for managing work keys, a content attribute information DB 303 for managing attribute information related to contents, and a content key harmed for each content.
- Key DB3 04 for managing content
- content DB305 for managing content such as video and audio, and terminal device 102.
- a communication unit 306 that provides an interface of the terminal device, a contract processing unit 307 that manages the contract information of the user, an EMM generation unit 308 that generates individual information for each terminal device 102, and an EMM encryption that encrypts the EMM.
- An ECM generating unit 310 for generating information common to all the terminal devices 102; an ECM decoding unit 311 for decoding the ECM; a content encoding unit 312 for encoding the content; — 2 It consists of a multiplexing unit 313 for multiplexing TS, a content encryption unit 314 for encrypting TS packets such as video and audio, and a content transmission unit 315 for transmitting TS-converted content. .
- the contract information management DB 301 is a database for managing information related to a user's content viewing contract. More specifically, as shown in FIG. 4, the contract information management DB 301 has a contract information management table 400 for centrally managing information related to the viewing contract for each IC card 103 and the master key Km207.
- the contract information management DB 301 is mainly referred to when the EMM generating unit 308 generates an EMM for distributing viewing contract information for each terminal device 102.
- the card ID 401 is information for uniquely identifying the IC card 103 to be inserted into the terminal device 102 and serving as a destination for sending the EMM 900 to the IC card 103 that has performed the contract processing.
- the tier contract ID 402 is an ID for identifying a monthly contract (subscription) for the service provided by the broadcasting station 101, and indicates a kind of contract form. For example, there are a “sports content pack” that allows users to view and view sports-related content, and a “movie content pack” that allows users to view movie content.
- the PPV contract ID 403 is an ID for identifying the viewing contract of the pay-per-view for the service provided by the broadcasting station 101, and shows a kind of contract form like the tier contract ID 908.
- the expiration date 404 indicates a contract period with the broadcasting station 101, and the content of the broadcasting station 101 can be used until the expiration date 904.
- the stored encryption key Km, 405 is stored in the terminal device 102 that has acquired the content or license, ie, the IC card 103. Used when binding content and licenses.
- Master key Km406 is an encryption key unique to IC card 103, and is used for encrypting the EMM.
- the IC card 103 is embedded at the time of shipment.
- the IC card 103 having the card ID 401 of “CARD-ID-1” has the tier contract ID 402 of “TIERCONT—ID—1” and the PPV contract ID 403 of “PPVCONT—ID—1”.
- the expiration date is 404 power 2004/4 / 1—2005 / 3/31 ”
- the work key DB 302 is a database for managing a key for encrypting an ECM transmitted when a user makes a viewing contract with a business operator, and has a work key management table 500.
- the work key DB 302 is used for providing a work key Kw 203 when encrypting the ECM for transmitting ECM—Kw, Kc.
- the work key DB 302 includes a work key ID 501, a work key Kw
- a work key management table 500 for managing a set of work key use start dates 503 is managed.
- the work key Kw502 corresponding to the work key ID 501 “WK—ID-1” is “0 ⁇ 123 ⁇ cdf”, and the work key use start indicating the use start date of the work key Kw502 is started. Day 503 indicates "2003ZllZ24".
- the work key ID 501 is information used to specify the work key Kw203 used for encryption in the encrypted ECM.
- the content attribute information DB 303 is a database for managing various information related to content usage, such as content usage conditions and types of contracts that allow viewing of the content. Specifically, as shown in FIG. 6, the content attribute information DB 303 uniquely identifies the content in the content distribution system 1 with the content ID 601 and the license in the content distribution system 1.
- the content attribute information management table 600 includes a license ID 602 for use, a use condition 603, contract information 604, and a license conversion time limit 605. Note that the license take-in time limit in the claims corresponds to the license conversion time limit in the description of the present embodiment.
- the usage condition 603 is “expiration date 1 month” and the contract information 604 is “TIERCONT— Since ID-1 and license conversion expiration date 605 are "2004Z4Z30”, a contract was signed with Broadcasting Station 101 for the service "TIERCONT-ID-1” and a license was acquired up to "2004Z4Z30". In this case, it indicates that the content can be reproduced for one month after storing the content.
- the license conversion process related to the license conversion period 605 will be described in detail when describing the configuration of the terminal device 102.
- the content key DB 304 is a database that manages an encryption key assigned to each license for using the content stored in the terminal device 102 (that is, for each content).
- the content key DB 304 is a content ID 701 that is an identifier for uniquely identifying the content in the content distribution system 1, and an identifier for uniquely identifying the license in the content distribution system 1. It has a content key management table 700 including a license ID 702 and a content key Kc703 set in the license ID 702.
- the content 701 is a license ID 102 corresponding to “CONTENT—ID—1”: “LICENSE—ID—1”, and the corresponding content key Kc703 is “0 ⁇ 123 ⁇ ⁇ 'Cdf'
- the content DB 305 is a database for storing content. Specifically As shown in FIG. 8, the content DB 305 includes a content ID 801 for uniquely identifying the content in the content distribution system 1, a content name 802 indicating the name of the content, and a date and time when the content is distributed by digital broadcasting. And a file name 804 indicating the location of the file in the content DB 305 for each content.
- the content whose content ID 801 is "CONTENT-ID-1" is the content name of 802 Monday Sports,
- the file name 804 in the content DB 305 has a URI (Uniform Resource Identifier) of“ ZSPORTZ ⁇ /MONSPORTS.VC ”(“ ⁇ ”means that part of the URI is omitted. ,) /
- URI Uniform Resource Identifier
- the content management table 800 may be an analog VCR (Video Cassette Recorder), or may be a video camera or the like that shoots live broadcasts (live broadcasts) instead of the content management table 800. Good,.
- VCR Video Cassette Recorder
- the communication unit 306 is a unit for communicating with the terminal device 102 via the communication network 105.
- Contract processing unit 307 is a unit that processes an application for a viewing contract from terminal device 102. Specifically, contract processing unit 307 receives a viewing contract with broadcast station 101 through a Web browser or the like, and The viewing contract information for (terminal device 102) is registered in the contract information management DB 301.
- the EMM generation unit 308 is a unit that generates an EMM including the work key Kw203, contract information of the user, and the like.
- the EMM generation unit 308 mainly sends the user (terminal device 102, ie, IC card 103) who has made a new contract or a contract change from the contract information management DB 301 to that user. Read the contract contents such as tier contract ID 402, PPV contract ID 403, expiration date 404, etc., and set them in EMM.
- FIG. 9 mainly transmits the work key Kw201 and information for each user (each IC card 103).
- FIG. 3 is a diagram illustrating an example of a data structure of an EMM.
- the EMM 900 shown in FIG. 9 has a card ID 902, a carrier ID 903, an expiration date 904, a work key ID 905, a work key Kw906, a stored encryption key Km, 907, a tier contract ID 908, a PPV contract ID909, and a tampering detection 910. It is composed of To multiplex the transport stream in the MPEG-2 Systems private section format, the section header 9
- section tailor (error detection) 911 is added.
- Most of the data shown on the EMM900 is stored in the IC card 103 and managed.
- the card ID 902 uniquely identifies the IC card 103 to be inserted into the terminal device 102 in the content distribution system 1, and is a destination for sending the EMM 900 to the IC card 103 that has performed the contract processing. Information.
- the business entity ID 903 is a code for identifying a business entity that provides a service in the content distribution system 1, and is referred to together with a work key ID 905 described later.
- the expiration date 904 indicates a contract period with the broadcasting station 101. Until the expiration date 904, the content of the broadcasting station 101 can be used.
- the work key ID 905 is information for identifying the work key Kw 203 for encrypting the ECM, and has the same information power as the work key ID 905 when decrypting the ECM encrypted by the IC card 103. Since it is set in the non-encrypted part of the CM, it is possible to determine which work key Kw203 should be used to decrypt the encrypted ECM by referring to the work key ID 905.
- the work key Kw906 is an encryption given to a user for a contract with the broadcasting station 101, and is used when the ECM-Kw encrypted by the IC card 103 and the ECM for Kc transmission are decrypted. Used.
- the terminal device 102 stores the content or license (such as ECM) in an HDD or the like in the terminal device 102
- the storage encryption key Km, 907 stores the content or license in the terminal device 10 that has acquired the content or license.
- the tier contract ID 908 is an ID for identifying a monthly contract (subscription) for the service provided by the broadcast station 101, and includes a contract form with the broadcast station 101 such as a "standard pack” or a "premium pack”.
- Indicate [0088] PPV contract ID 909 is an ID for identifying a viewing contract of pay-per-view for a service provided by broadcast station 101, and indicates a kind of contract form like tier contract ID 908.
- a hash value for detecting tampering of the encrypted EMM 900 is set.
- the hash algorithm uses MAC (Message Authentication Code), which is the result of encryption in CBC mode of AES, SHA-256, or the like.
- the tier contract ID 908 and the PPV contract ID909 are described as examples in the case where they are directly set in the EMM900.
- the amount of information to be distributed and transmitted and the amount of information to be held in the IC card 103 may be reduced.
- the work key Kw203 may be assigned to each contract such as each tier contract ID.
- the EMM encryption unit 309 is a unit that encrypts the EMM900 generated by the EMM generation unit 308 using AES or the like.
- EMM encryption section 309 encrypts EMM 900 generated by EMM generation section 308 using master key Km 207 obtained from contract information management DB 301, and transmits it to multiplexing section 313.
- the encryption mode uses CBC (Cipher Block Chaining) + OFB (Output FeedBack).
- ECM generation section 310 is a section that generates an ECM including scramble key Ks201 and the like.
- the ECM generation unit 310 generates an ECM-Kw, ECM-Kc, and Kc transmission ECM in accordance with the transmission of the content according to the instruction of the upstream system.
- a scramble key Ks is generated every few seconds and set to ECM-Kw and ECM-Kc in order to secure content security.
- the Kc transmission ECM the content attribute information DB303, the content key DB304, and the like, the usage condition 603, the content key Kc703, and the like are acquired and set in the Kc transmission ECM. Further, it transmits the generated scramble key Ks201 to content encrypting section 314 that encrypts the content.
- the data structure of the ECM-Kw, ECM-Kc, and Kc transmission ECM will be described in detail with reference to Figs.
- FIG. 10 is a diagram showing an example of the data structure of ECM-Kw and ECM-Kc mainly transmitting scramble key Ks201.
- the ECM-Kwl000 and the ECM-Kcl020 shown in Fig. 10 are information used for transmission of information about the scramble key Ks201 and content, and include a carrier ID 1002, a peak key ID 1003, a content ID 1004, and a scramble key. Ksl005, contract judgment information 1006, and falsification detection 1007. A section header 1001 and a section tailor (error detection) 1007 are added to multiplex the transport stream in the private section format of MPEG-2 Systems.
- the company ID 1002 is a code for identifying the company that provides the service in the content distribution system 1, and is referred to together with the work key ID 1003 described below.
- the work key ID 1003 is information for identifying the work key Kw203 that encrypts the ECM, and is set in an unencrypted part of the ECM.
- decrypting the encrypted ECM with the IC card 103 it is possible to determine which work key Kw203 should be used to decrypt the ECM by referring to the work key ID 1003.
- the content ID 1004 is an identifier uniquely assigned to the content in the content distribution system 1, and is used for identifying the content.
- the scramble key Ksl005 is a decryption key for encrypting the payload portion of the TS packet of the content.
- a plurality of encryption keys are generally set to the scramble key Ksl005.
- the contract determination information 1006 is information indicating the attribute of the content, and is used to determine whether a contract for viewing the content has been made when viewing the content on the terminal device 102. Used for
- FIG. 11 is a diagram showing an example of the data structure of a Kc transmission ECM that transmits a content key Kc205 for mainly decoding an ECM—Kcl020 for storage and viewing.
- the ECM 1100 for Kc transmission shown in Fig. 11 is information used for transmitting the content key Kc205 and the usage conditions (license) of the content.
- the company ID 1102, the service type 1103, the work key ID 1104, and the contract determination It comprises information 1105, license conversion period 1106, license ID 1107, license expiration period 1108, content key Kcl 109, possible number of times 1110, possible number of times of writing 1111, and tampering detection 1112. Also, similarly to the ECM-KwlOO and ECM-Kcl020, a section header 1101 and a section tailor (error detection) 1113 are added.
- the service type 1103 is a content that includes the ECM1100 for Kc transmission, and is a content that can be viewed with a tier contract. It is a PPV contract that is a content that can be viewed by performing a separate purchase process. Is a flag for identifying. In the embodiment of the present invention, the following description will be given, assuming that the tier contract is “TIERCONT” and the PPV contract is “PPVCONT”.
- the license conversion time limit 1106 indicates the time limit of the process of converting the ECM 1100 for Kc transmission in the IC card 103 and obtaining the license for storage and viewing.
- License conversion refers to the process of generating a license for storage and viewing by format conversion using the information included in the ECM1100 for Kc transmission. If the license conversion expiration date 1106 has passed, it is not possible to obtain the license required for storage and viewing from the ECM1100 for Kc transmission, and it is necessary to obtain it separately using communication after the license conversion expiration date 1106 has elapsed. There is.
- the license ID 1107 is a code for uniquely identifying the converted license in the content distribution system 1, and is used as a license conversion history in the IC card 103.
- the license expiration date 1108 indicates the expiration date of viewing the content by the license.
- the content key Kcl 109 is a 16-byte length encryption key assigned in content units, and is an encryption key included in the license.
- the number of usable times 1110 indicates the number of times that the content can be viewed by the license.
- the number of times of writing 1111 indicates the number of times that the content can be written to the storage medium by the license.
- the format of the ECM—KclOOO for real-time viewing encrypted with the work key Kw203 and the format of the ECM—Kcl020 for storage and viewing encrypted with the content key Ks205 are the same, and encryption is performed.
- the encryption key (work key Kw203 and content key Ks205) is different from the section identification information (table ID, table ID extension, etc.) described in section header 1001 and the PID (Packet ID) of TS packet.
- the license conversion period 1106 separately from the license expiration period 1108, a large amount of contents and licenses are accumulated in the terminal device 102, and a short-term viewing contract is performed. This problem can be solved if a large number of licenses are acquired in a short period of time, including the past licenses accumulated in the system. In this case, a relatively short period may be set as the license conversion period 1106. Also, for this purpose, it is not necessary to set a license conversion period 1106 for each license (ECM for Kc transmission). Is also good.
- ECM-Kwl000, ECM-Kcl020, and EC Ml100 for Kc transmission have been described above in detail with reference to FIGS. 10 to 11.
- ECM encryption section 311 is a section that encrypts the ECM generated by ECM generation section 310 using AES or the like. Specifically, the ECM encryption unit 311 encrypts the ECM—Kwl000 generated by the ECM generation unit 310 and the ECM1100 for Kc transmission with the work key Kw203 obtained from the work key DB302. In addition, the ECM-Kcl020 generated by the ECM generation unit 310 is encrypted with the content key Kc205 obtained from the content key DB304. When encrypting each ECM, the encryption mode is CBC + OFB. The ECM encryption unit 311 transmits the ECMs thus encrypted to the multiplexing unit 313.
- the content encoding unit 312 is a unit that reads the content to be transmitted to the terminal device 102 from the content DB 305, and encodes the content in the MPEG format.
- the content encoding unit 312 is a real-time encoder that generates an MPEG stream.
- the content encoding unit 312 outputs video and audio data from the content DB 305 according to an instruction from an upstream system (for example, a program operation management system).
- an upstream system for example, a program operation management system.
- MP EG-2 and MPEG-4 ES Simple Stream
- MPEG-2 and MPEG-4 ES Simple Stream
- a PES Packetized Elementary Stream
- MPE G-2 TS is generated and transmitted to the multiplexing unit 313.
- Multiplexing section 313 includes a transport stream including video, audio, data, and the like received from content encoding section 312, an ECM transport stream received from ECM encryption section 311, and an EMM encryption section.
- This unit multiplexes the transport stream of the EMM 900 received from the 309 and sends the multiplexed transport stream to the content encryption unit 314.
- the multiplexing unit 313 includes the TS packet-rendered content received from the content encoding unit 312 and the TS packetized ECM—KwlOOO, ECM—Kcl020 received from the ECM encryption unit 311. , TS multiplexing of the ECM 100 for Kc transmission and the EMM 900 with the TS packet received from the EMM decoding unit 309 to generate a multiplexed transport stream for transmission to the terminal device 102.
- Content encryption section 314 is a section that scrambles content by encrypting the content using AES or the like. Specifically, the content encryption unit 314 encrypts the payload (except for the adaptation field of the TS packet) in the CBC + OFB mode using the scramble key Ks201 obtained from the ECM generation unit 310. Rumble).
- the content transmission unit 315 is a unit that transmits the TS packet encrypted by the content encryption unit 314 to the terminal device 102. Specifically, content transmitting section 315 transmits the transport stream received from content encryption section 314 to terminal apparatus 102 via network 103 as a broadcast wave.
- the content stored in the content DB 305 is read out, and the PES (ES) or TS is generated off-line as shown in the example of real-time encoding in the content encoding unit 312.
- the encoding process in the content encoding unit 312 may be omitted when the content is transmitted.
- the configuration of the broadcast station 101 has been described above in detail with reference to FIGS. 3 to 11.
- FIG. 12 is a functional block diagram showing the configurations of the terminal device 102 and the IC card 103 shown in FIG.
- the transmission / reception unit 1201 is a processing unit for receiving the content and the license from the broadcasting station 101 and communicating with the broadcasting station 101 via the digital broadcasting 104 and the communication network 105.
- the separation unit 1202 is a processing unit for acquiring encrypted content multiplexed by MPEG-2 TS and separating the content from the ECM and the like.
- the demultiplexing unit 1202 refers to PSI information such as a PAT (Program Association Table) and a PMT (Program Map Table) included in the transport stream received by the transmission / reception unit 1201, and refers to the video of the content. It acquires the PID of TS packets including voice, data, ECM—Kwl000, ECM—Kcl020, and ECM100 for Kc transmission, and separates the content from ECM-Kcl020.
- PSI information such as PAT and PMT is also selected and necessary information is generated to generate PSI information such as SIT (Selection on Information Table) and DIT (Discontinuity Information Table).
- the received transport stream is processed to generate a stream called a partial transport stream (hereinafter, referred to as a partial TS).
- the storage unit 1203 is a unit for storing contents, licenses, and the like. More specifically, the storage unit 1203 is a large-capacity non-volatile storage medium such as an HDD. The storage unit 1203 generates content such as video and audio generated from the transport stream received by the separation unit 1202 and licenses such as ECM—Kcl020. The partial TS containing the is stored. The storage management unit 1204 manages content licenses stored in the storage unit 1203 of the terminal device 102, and has information for presenting a list of stored contents and licenses to the user.
- the content decrypting unit 1205 is a unit that decrypts encrypted content. Specifically, the content decryption unit 1205 obtains the encrypted MPEG-2 TS content, and refers to the PSI information such as PAT and PMT included in the transport stream to obtain the video and audio of the content. And obtain a TS packet including data. Then, the payload portion of the AES-encrypted TS packet is decrypted with the scramble key Ks201 obtained from the IC card 103.
- the content use unit 1206 is a unit for securely using content using the scramble key Ks201 acquired from the IC card 103 and the use condition of the content.
- the content using unit 1206 obtains the ECM-KwlOOO TS packet from the transport stream received from the separating unit 1202, and reconfigures the ECM-KwlOOO.
- the ECM-KwlOOO obtained in this manner is decrypted with the peak key Kw203, a scramble key Ks 201 for descrambling the content is obtained, and the content is decrypted.
- the ECM 1100 for Kc transmission is decrypted with the work key Kw203 from the transport stream from which the storage unit 1203 has also read, and a license is obtained.
- the ECM-Kcl020 is decrypted using the content key Kc205 included in the license to obtain the scramble key Ks201.
- the content use unit 1206 controls the use of the content according to the use condition by measuring the use time of the content using a secure timekeeping unit not shown in FIG. Under such control, the content use unit 1206 decodes the ES of MPGE-2 or MPEG-4 video, audio, data, etc., and outputs it to a monitor not shown in FIG.
- a use end notification may be sent to the IC card 103.
- the first card IZF unit 1207 in the terminal device 102 includes the terminal device 102 and the IC card 103. This is a section for providing an interface with the server.
- SAC Secure Authenticated Channel
- the user IZF unit 1208 is a unit for providing an interface between the terminal device 102 and a user.
- the user IZF unit 1208 is a GUI (Graphical Use r Interface) such as a BML (Broadcasting Markup Language) browser, a Web browser, and a resident application. Accept requests and present messages to users.
- GUI Graphic User Interface
- BML Broadcasting Markup Language
- the card information management DB 1210 is a database for managing information related to a user's content viewing contract. Specifically, the card information management DB 1210 includes a common information table 1300 for managing information related to a viewing contract common to all businesses, and a business-specific information table 1400 for managing information on viewing contracts for each business. Having.
- the common information table 1300 of the card information management DB 1210 manages a card ID 1301, a master key Kml302, and a stored B phonetic key Km, 1303.
- the card ID 1301 is an ID for uniquely identifying the IC card 103 in the content distribution system 1, and is written in the IC card 103 in advance and shipped.
- the master key Kml302 is an encryption key unique to the card ID 1301 used for encrypting the EMM 900, and is written in the IC card 103 in advance and shipped like the card ID 1301.
- the license is stored in the storage unit 1203 of the terminal device 102 with the stored encryption key Km ′ 1303.
- this is an encryption key for binding the license to the IC card 103 that has obtained the license, and is an ID specified by the business operator ID 903 of the EMM900.
- the business information table 1400 of the card information management DB 1210 includes a business operator ID 1401, a tier contract ID 1402, a PPV contract ID 1403, and an expiration date 140.
- the provider ID 1401 is an ID for uniquely identifying the broadcasting station 101 in the content distribution system 1, and is an ID specified by the provider ID 903 of the EMM900.
- Tier contract ID 1402 is an ID of a service for which the user has made a monthly content viewing contract with broadcast station 101, and is an ID specified by tier contract ID 908 of EMM900.
- PPV contract ID 1403 is an ID of a service for which the user has contracted for PVV content with broadcast station 101, and is an ID specified by PPV contract ID 909 of EMM900.
- the expiration date 1404 indicates the viewing expiration date in the viewing contract with the broadcasting station 101.
- Work key ID 1405 is an ID for uniquely identifying work key Kw203 distributed from broadcast station 101 in content distribution system 1, and is an ID specified by work key ID 905 of EMM900. is there. However, it should be noted that the identification of the work key Kw203 is unique within the content distribution system 1 due to the link between the business operator ID 1401 and the work key ID 1405.
- Work key Kwl406 is work key Kw203 distributed from broadcast station 101, and is a 16-byte byte string specified by work key Kw906 of EMM900.
- the contract contents with the provider whose service ID 1401 is “SERVICE—ID-1” are as follows: the tier contract ID 1402 is “TIERCONT—ID-1”, the PPV contract ID 1403 is “PPV CONT— ID-1 ", expiration date 1404 force S" 2004Z4Zl- 2005Z3Z31 ", work key ID1 405 force S" KW-ID-1 ", work key Kwl406 indicates” 0x111
- the contents with SERVICE—ID-1 are tier contents (contents for which the service type 1104 of the ECM 1100 for Kc transmission is “TIERCONT”) and PPV contents (the service type 1104 for the ECM1100 for Kc transmission is “PPVCONT”) Content) can be viewed.
- the carrier ID 1401 is “SERVICE—ID-10”.
- Tier contract ID1402 is “One (uncontracted)” and PPV contract ID1403 is “PVCCONT—ID—1,” so the content that is “SERVICE—ID—1” Cannot be viewed PPV content can be viewed by separately purchasing.
- the pair of the work key ID 1405 and the work key 1406 is an example in which the latest pair is retained. It is desirable that the separate information table 1400 should be able to hold at least two sets of work keys.
- the conversion history DB 1211 is a database for accumulating the license conversion history. Specifically, the conversion history DB1211 uses license conversion (hereinafter referred to as license conversion) to prevent unlimited conversion of stored and viewed licenses from information contained in the Kc transmission ECM1100. A transformation history (Transformation Log, hereafter referred to as TL) indicating that the operation has been performed is retained.
- license conversion license conversion
- a transformation history Transformation Log, hereafter referred to as TL
- the TL1500 is composed of a set of a license ID 1501 for identifying the license that has undergone the license conversion and a license conversion period 1502 indicating a period during which the license can be converted. Is managed as a list. Each record of the TL1500 is retained at least until the license conversion period 1502 has passed, so that once a license has been converted, further license conversion can be suppressed, and as a result, one Kc Since only one license can be obtained from the transmission ECM 1100, the rights of the business can be reliably protected.
- the license DB 1212 is a database for securely managing the license acquired from the broadcasting station 101. Specifically, the license DB 1212 stores and manages licenses acquired from the broadcast station 101, and also stores and manages licenses outside the IC card 103 such as the storage unit 1203 of the terminal device 102. Manages the hash value of the license in the license DB1212 to prevent fraudulent activities
- the second card IZF unit 1213 is a functional block similar to the first card iZF unit 1207 in the terminal device 102, and thus the description is omitted here.
- the ECMZEMM decryption unit 1214 is a unit for decrypting the encrypted ECM and the encrypted EMM900 received from the terminal device 102. Specifically, the ECMZ EMM decryption unit 1214 receives the encrypted ECM-KwlOOO, the encrypted ECM-Kcl020, and the encrypted EMM900 from the second card IZF unit 1213, and responds to them from the card management information DB 1210. Reads work key Kw203 (1406) and master key Km207 (1302), receives content key Kc205 from license held in license DB1212, encrypts ECM—KwlOOO, encrypts ECM—Kcl020, and transmits Kc ECM1100, encryption Decrypt the EMM900 encryption.
- the ECMZEMM processing unit 1215 is a unit for extracting and processing necessary information from the plain text ECM or EMM. Specifically, the ECMZEMM processing unit 1215 interprets the ECM—KwlOOO, ECM—Kcl020, and Kc transmission ECM1100 and EMM900 received from the EC MZEMM decoding unit 1214, and sends the information necessary to construct the card management information DB1210. The terminal device 102 extracts and records the scramble key Ks201 required for reproducing the content from the ECM-KwlOOO or ECM-Kcl020, and returns the scramble key Ks201 to the terminal device 102 as a response.
- the license conversion processing unit 1216 converts the information (or the license itself) included in the ECM or the like received from the broadcast station 101 into a license for controlling the use of the stored content, and the number of converted licenses. Is a part for managing Specifically, the license conversion processing unit 1216 converts the information included in the Kc transmission ECM 1100 obtained from the broadcasting station 101 into the license format for storage and viewing shown in FIG. Generate and manage TL1500, which is the conversion history for managing license IDs and expiration dates.
- the license 1600 is information for licensing the use of the content, and includes a license identifier 1601, a license ID 1602, an expiration date 1603, a reproduction count 1604, and a write count 1605. Tampering detection to detect tampering with content key Kcl606 and license 1600
- the license identifier 1601 is an identifier for identifying a license that can be used in the content distribution system 1.
- the identifier is an identifier such as “SV—DRM LICENSE”, and is an identifier held by the license conversion processing unit 1216.
- the license ID 1602 is an identifier for uniquely identifying a license in the content distribution system 1. License ID 1602 is the license ID 1 of ECM1100 for Kc transmission
- the expiration date 1603 indicates a period during which the license 1600 can be used, and has a use start date and time and a use end date and time. For the expiration date 1603, set the value of the license expiration date 1108 of the ECM1100 for Kc transmission.
- the number of times of reproduction 1604 indicates the number of times that the content can be reproduced. For the number of times of reproduction 1604, set the value of the number of usable times 1110 of the ECM1100 for Kc transmission.
- the number of times of writing 1605 indicates the number of times the content has been copied to a recording medium such as a DVD (Digital Versatile Disc) or a BD (Blu-ray Disc). For the number of times of writing 1605, set the value of the number of times of writing 1111 of the ECM1100 for Kc transmission.
- the content key Kcl606 indicates a content key Kc205 for decrypting the ECM-Kcl020.
- Content key Kc205 is set as a binary value, and is used when ECM-Kcl020 is decrypted.
- the content key Kc 1606 sets the value of the content key Kcl 109 of the ECM 1100 for Kc transmission.
- Tamper detection 1607 is for detecting tampering and ensuring its validity when license 1600 is stored in a non-secure area such as a hard disk.
- the contents of license 1600 are updated.
- the hash value is calculated for the place where the tampering of the license 1600 is to be prevented (typically, license identifier 1601—content key Kcl606), and the calculation result is managed.
- This hash value is managed inside the IC card 103 that is tamper-resistant in hardware. Examples of the hash algorithm include SHA-1 (Secure Hash Algorithm 1) and SHA-256.
- license 1 When 600 is stored in an insecure area such as a node disk, at least the part of the content key Kcl606 is encrypted and stored.
- the license processing unit 1217 securely determines whether or not the content can be used based on the license.
- the license processing unit 1217 determines whether or not the content can be used based on the use conditions included in the license acquired from the broadcast station 101. judge. Then, only when the use condition permits the use of the content, the content key Kc205 for decrypting the ECM-Kcl020 is transferred to the ECM ZEMM decryption unit 1214.
- the license processing unit 1217 refers to the expiration date 1603 set in the license 1600, and determines whether the content is available. Referring to the current time provided by the secure timekeeping unit (not shown in FIG. 12) held in the terminal device 102, if the current time is within the expiration date 1603, the content can be reproduced. Such a determination process is performed.
- the user makes a viewing contract with the broadcast station 101, and the distribution device power of the broadcast station 101 also acquires the content and license.
- the content is stored in the device 102 and the content is used in the terminal device 102 will be described with reference to flowcharts shown in FIGS.
- the user uses the GUI provided by the user IZF unit 1208 The user makes a viewing contract with the broadcasting station 101 (step S1701).
- the user IZF section 1208 transmits an ID for identifying the corresponding contract (hereinafter referred to as contract ID) to transmitting / receiving section 1201 together with card ID 1301 of IC card 103 and the like.
- the transmission / reception unit 1201 establishes SAC with the broadcasting station 101 using SSL (Secure Sockets Layer) or the like, and transmits the received contract ID and card ID 1301 to the broadcasting station 101. It is assumed that the user IZF unit 1208 has obtained a contract ID in advance using a Web browser or the like. It is also assumed that the card ID 1301 has already been acquired when the IC card 103 is inserted.
- Broadcasting station 101 receives an application for a viewing contract from terminal device 102 (step S1702).
- the broadcast station 101 performs a contract process based on the contract ID received from the terminal device 102, and registers information on the user's contract in the database (step S1703).
- the contract processing unit 307 performs a charging process using a credit card number or a bank account number as necessary, and registers the user's viewing contract information in the contract information management DB 301. . At this time, the contract processing unit 307 also generates a storage encryption key Km, 305 unique to the IC card 103, and registers it together with the master key Km306 unique to the IC card 103 in the contract information management DB 301.
- the master key Km306 unique to each IC card 103 is assumed to be obtained from a key management center or the like.
- EMM generating section 308 of broadcast station 101 generates EMM900 for the user who has made the viewing contract (step S1704).
- the EMM generation unit 308 reads out the contract information management table 400 of the contract information management DB 301 from the contract information management table 400.
- Tier contract ID of card ID 401 to send EMM900 402 Extract the stored encryption key Km ′ 405 and generate an EMM 900 addressed to the corresponding card ID 401.
- EMM generating section 308 transmits the generated EMM 900 to EMM encrypting section 309.
- EMM encryption section 309 of broadcast station 101 encrypts EMM900 with the generated master key corresponding to EMM900 (step S1705).
- the EMM encryption unit 309 refers to the card ID 902 of the EMM 900 received from the EMM generation unit 308, and refers to the contract information management table 400 of the contract information management DB 301 and the IC whose card ID 401 matches. Read the master key Km406 of the card 103. Using this master key Km406, the necessary part of the EMM900 is encrypted by AES. EMM encrypting section 309 transmits encrypted EMM 900 to multiplexing section 313.
- the broadcast station 101 multiplexes the encrypted EMM900 with the content and the like, and transmits the multiplexed EMM900 to the terminal device 102 (step S1706).
- the multiplexing unit 313 performs TS packet routing on the EMM 900 received from the EMM encrypting unit 309 and the content that has also received power, such as the content encoding unit 312,
- the content encryption unit 314 scrambles the necessary part of the content, and transmits the TS including the EMM 900 as a broadcast wave to the terminal device 102 as a broadcast wave.
- the terminal device 102 receives the EMM 900 addressed to itself (step S1707).
- the transmission / reception unit 1201 and the separation unit 1202 of the terminal device 102 filter the received EMM900 using the card ID acquired in advance from the IC card 103, and extract the EMM900 addressed to itself.
- the first card IZF unit 1207 of the terminal device 102 sends the received EMM900 to the IC card 103 (Step S 1708).
- the second card IZF unit 1213 of the IC card 103 is the first card iZF unit of the terminal device 102.
- the 1207 power also receives the EMM900 (step S1709).
- the IC card 103 manages information included in the EMM 900 in the IC card 103 (step S1710).
- EMM 900 received by second card IZF section 1213 is transmitted to ECMZEMM decoding section 1214.
- ECMZEMM decryption unit 1214 is the card ID902 of EMM900 After confirming that the ID matches the card ID held by its own IC card 103, the master key Kml302 is read from the common information table 1300 of the card management information DB 1210, and the card ID 902 of the EMM 900 is decrypted. After decryption, it is confirmed by using the tampering detection 910 of the EMM 900 that the decryption EMM 900 has been correctly decrypted. If tampering is found, the processing of the EMM900 is interrupted.
- the ECMZEMM decoding unit 1214 passes the decoded EMM900 to the ECMZEMM processing unit 1215.
- the ECMZEMM processing unit 1215 interprets the received EMM900, stores necessary information in the card management information DB 1210, and constructs the common information table 1300 and the company-specific information table 1400 shown in FIGS. 13 and 14.
- ECM generating section 310 upon receiving the content transmission instruction, ECM generating section 310 generates Kc transmission ECM 1100 prior to starting the content transmission (step S1801).
- the ECM generation unit 310 transmits the Kc transmission ECM 1100 having the encryption key for each content by using the content transmission instruction of the upstream system such as the program operation management device, that is, the ECM generation instruction as a trigger.
- the license ID 602, the use condition 603, the content key Kc703, etc. are read out with reference to the content attribute information DB 303 and the content key DB 304.
- the ECM1100 for Kc transmission shown in Fig. 11 is generated from the read information.
- ECM generating section 310 transmits the generated ECM 1100 for Kc transmission to ECM decoding section 311.
- ECM encryption section 311 encrypts ECM1100 for Kc transmission with work key Kw203 (step S1802).
- the ECM decoding unit 311 refers to the work key use start date 503 of the work key management table 500 of the work key DB 302, and specifies the work key Kw203 currently in use. Reads the specified work key ID 501 and work key Kw502 and receives them from ECM generation unit 310. The necessary part of the transmitted Kc transmission ECM 1100 is encrypted by AES in CBC + OFB mode. At the same time, set the work key ID 501 to the work key ID 1104 of the ECM1100 for Kc transmission. The ECM encryption unit 311 transmits the encrypted ECM 1100 for Kc transmission to the multiplexing unit 313.
- the content encoding unit 312 starts reading and transmitting the content, and monitors whether or not the transmission of the content is completed during the transmission of the content (step S1803).
- step S1801 the content encoding unit 312 receives the same instruction as the content transmission instruction that the ECM generation unit 310 has also received the upstream system power, and sends the relevant content from the content management tape storage 800 of the content DB 305 to the corresponding content. Is read, and the TS of the content is generated by MPEG encoding. At the same time that the generated TS is transmitted to the multiplexing unit 313, it is monitored whether the reading of the content from the content DB 305 and the transmission of the content to the multiplexing unit 313 are completed.
- step S1804 If NO in step S1803, that is, if the transmission of the content has not been completed, step S1804 is executed.
- step S1803 If YES in step S1803, that is, if the transmission of the content has been completed, the present content transmission process ends.
- ECM generation section 310 generates a scramble key Ks201 for scrambling the content in response to the start of transmission of the content (step S1804).
- the ECM generation unit 310 performs a process of sequentially generating the scramble key Ks201 updated every few seconds and sequentially transmitting the generated scramble key Ks201 to the content encryption unit 314. .
- ECM generation section 310 generates an ECM from the content attribute information (step S1805).
- the contract information 604 and the like of the content attribute information management table 600 of the content attribute information DB 303 are read, and ECM-Kwl000 and ECM-Kc 1020 are generated.
- ECM generating section 310 transmits the generated ECM-Kwl000 and ECM-Kcl020 to ECM encrypting section 311.
- the ECM encryption unit 311 encrypts the ECM-Kw with the work key Kw203 (step S18). 06).
- the ECM encryption unit 311 sets the work key use start date 503 of the work key management table 500 of the work key DB 302 in the same manner as the encryption of the ECM 1100 for Kc transmission using the work key Kw203.
- the ECM-KwlOOO is encrypted with AES using the work key Kw502.
- the ECM encryption unit 311 transmits the encrypted ECM—KwlOOO to the multiplexing unit 313.
- the ECM encryption unit 311 encrypts the ECM-Kc with the content key Kc205 (step S1806).
- the ECM encryption unit 311 refers to the content key management table 700 of the content key DB 304 and reads out the content to be transmitted and the content key Kc703 of the record that matches the content ID 701 and the license 702. .
- the content ID and license ID of the content to be transmitted have been obtained from the upstream system or the like when the content transmission is instructed from the upstream system.
- the necessary part of the ECM1100 for Kc transmission received from the ECM generation unit 310 is encrypted by AES in CBC + OFB mode.
- the ECM encryption unit 311 transmits the encrypted ECM-Kcl 020 to the multiplexing unit 313.
- the content encryption section 314 scrambles the TS in which the content and the ECM are multiplexed (step S1808).
- the content encryption unit 314 performs multiplexing of the TS of the content and the TS such as ECM-KwlOOO, ECM-Kcl020, and ECM1100 for Kc transmission in the multiplexing unit 313. , Select a TS packet of contents such as data, and scramble the payload portion of the TS packet in the ABC CBC + OFB mode.
- the content transmission unit 315 transmits the encrypted TS (step S1809).
- content transmitting section 315 transmits the TS scrambled in content encryption section 314 to terminal apparatus 102 as a broadcast wave.
- the power terminal device 102 shown in the example of transmitting the scramble key Ks201 that is, ECM-KwlOOO, ECM-Kcl020, Make sure that the power is also descrambled. It is desirable that ECM-Kwl000 and ECM-Kcl020 be multiplexed and transmitted prior to the start of transmission of data.
- FIG. 19 is a flowchart showing the content reception and license conversion processing in terminal device 102 and IC card 103. However, in this process, the license conversion availability determination process in the IC card 103 will be described separately with reference to the flowchart shown in FIG.
- the storage management unit 1204 in the terminal device 102 monitors the storage status of the content stored in the storage unit 1203, and checks whether or not the content storage has been completed (step S1901).
- the storage management unit 1204 tunes the server-type broadcast Typel content designated by the user power, and sequentially stores the tuned content in the storage unit 1203 as a partial TS. While referring to the storage process f3 ⁇ 4, P; 5i /; 5l (Program @ pecinc Information / Service Information; etc.), monitor the power of storing the content.
- step S1902 If YES in step S1901, that is, if storage of the content has not been completed, step S1902 is executed.
- step S1901 that is, if the storage of the content is completed, the content storage process ends.
- Separating section 1202 determines whether or not ECM1100 for Kc transmission has been acquired (step S1902).
- the demultiplexing unit 1202 refers to the PAT, PMT, and the like of the received TS and reconfigures the ECM1100 for Kc transmission from the TS packet to which the PID of the ECM for Kc transmission is assigned. In content storage, it is monitored whether ECM1100 for Kc transmission which has only to be acquired at least once has been acquired.
- step S1903 If YES in step S1902, that is, if the ECM1100 for Kc transmission is not If it is acquired, step S1903 is executed.
- step S1912 is executed.
- Separating section 1202 separates the Kc transmission ECM and transmits it to IC card 103 (step S1).
- separation section 1202 acquires Kc transmission ECM 1100 reconstructed in the process of step S 1902, and transmits it to IC card 103 through first card IZF section 1207.
- the IC card 103 determines whether or not the received Kc transmission ECM 1100 can be converted (step S1904).
- second card IZF section 1213 of IC card 103 receives encrypted Kc transmission ECM 1100 transmitted by first card IZF section 1207 of terminal device 102, and performs decryption.
- the license conversion processing unit 1216 performs the license conversion processing by using the conversion history DB 1211 accumulated in the IC card 103, and executes the processing of determining whether or not the license conversion processing is performed. The details of the license conversion availability determination processing will be described later with reference to FIG. 21, and thus will not be described in detail here.
- the license conversion processing unit 1216 of the IC card 103 confirms whether or not the license conversion is permitted as a result of the license conversion availability determination processing (step S1905).
- step S1906 is executed.
- step S1910 is executed.
- the license conversion processing unit 1216 converts the license of the ECM 1100 for Kc transmission and generates a license 1600 for storage and viewing (step S 1906).
- license conversion processing section 1216 acquires license ID 1107, license expiration date 1108, and the like included in ECM 1100 for Kc transmission, and generates license 1600 as shown in FIG.
- the license conversion processing unit 1216 determines whether the converted license is a tier content, It is determined whether the content is PV content (step S1907).
- the license conversion processing unit 1216 refers to the service type 1103 of the ECM1100 for Kc transmission, and determines that the service type 1103 is "TEIRCONT” (tier content) and that "PPVCONT” (PPV Content).
- step S1907 If YES in step S1907, that is, if the content is a tier content, step S1908 is executed.
- step S1907 If NO in step S1907, that is, if the content is PPV content, there is no need to record the license conversion history, so step S1908 is not executed and step S1909 is executed.
- the license 1600 of the PPV content is a license that can be used only after the purchase process, for example, immediately after the license conversion, a flag indicating that the license has not been purchased is stored together with the license 1600. It is necessary to perform processing such that the license is already purchased by deleting the flag after the purchase processing.
- the license conversion processing unit 1216 records the conversion history of the license (step S1908).
- the license conversion processing unit 1216 adds the license ID 1107 of the ECM 1100 for Kc transmission and the license conversion period 1106 to the license ID 1501 and the license conversion period 1502 of the TL 1500 stored in the conversion history DB 1211. I do.
- the license processing unit 1217 stores the converted license in the license DB 1212 (Step S1909).
- the second card IZF unit 1213 transmits a response to the license conversion request by the Kc transmission ECM 1100 to the terminal device 102 (step S 1910).
- the second card I / F unit 1213 is permitted to perform the license conversion of the content, and the license conversion of the content is completed or the license conversion of the content is permitted.
- a response message indicating that there is no license conversion or the license conversion has failed is generated and transmitted to the terminal device 102.
- step S1905 If license conversion of the content is not permitted, as in the case of NO in step S1905, a message as shown in Fig. 20 is presented to the user. Show.
- FIG. 20 is a diagram showing an example of a walking message that the user IZF unit 1208 presents to the user.
- the message 2002 displayed on the monitor 2001 indicates that the user has already converted and obtained the license corresponding to the license ID of the content "Monday Sports" on the IC card 103, and cannot obtain any more licenses. ing
- First card IZF section 1207 receives the response from IC card 103 (step S1911).
- first card IZF section 1207 receives, from second card iZF section 1213 of IC card 103, a response of a license conversion result with respect to transmission of ECM 1100 for Kc transmission.
- the storage management unit 1204 of the terminal device 102 performs processing for storing the content in the storage unit 1203 (step S1912).
- the accumulation management unit 1204 sequentially accumulates TS packets such as content, ECM—Kcl020, and ECM 1100 for Kc transmission in the accumulation unit 1203, and also collects SITs generated from a PMT or the like. Dn Accumulate. Note that, even if the license conversion processing in the IC card 103 fails for some reason, the storage processing of the contents and the ECM-Kcl020 and Kc transmission ECM1100 continues so that the license conversion can be attempted again later.
- the ECMZEMM decryption unit 1214 of the IC card refers to the card management information DB 1210, and determines whether or not there is a work key Kw203 for decrypting the Kc transmission ECM 1100 (Step S2101).
- the ECMZEMM decoding unit 1214 refers to the carrier-specific information table 1400 of the card management information DB 1210, and checks the carrier ID 1102 of the ECM1100 for Kc transmission, Searches the record of the company ID that matches the user ID 1401, and reads out the work key Kwl406. At this time, the current time obtained together with the Kc transmission ECM 1100 from the terminal device 102 has exceeded the expiration date 1404, or the work key ID 1104 of the Kc transmission ECM 1100 and the work key ID 1405 of the company-specific information table 1400 are If not, the work key Kw203 does not exist!
- step S2101 If YES in step S2101, that is, if work key Kwl406 exists, step S2102 is executed.
- step S2111 is executed.
- the ECMZEMM decryption unit 1214 decrypts the Kc transmission ECM 1100 with the work key Kwl406 (step S2102).
- the ECMZEMM decryption unit 1214 decrypts the encryption unit of the ECM1100 for Kc transmission using AES with the work key Kwl406 acquired in step S2101, and performs tampering detection 1110 of the EC Ml100 for Kc transmission by using Check if the ECM1100 for Kc transmission has been tampered with! /, Na! /, Etc. If it is detected that the Kc transmission ECM1100 has been tampered with, license conversion cannot be permitted, so step S2111 is executed to end this processing (not shown in FIG. 21). .
- the ECM / EMM processing unit 1215 determines whether or not the IC card 103 has a contract for viewing the content and whether or not it has the power (step S2103).
- the ECMZEMM processing unit 1215 compares the contract determination information 1105 of the ECM1100 for Kc transmission with the tier contract ID1402 or the PPV contract ID 1403 of the carrier-specific information table 1400 of the card management information DB1210. Judgment processing is performed to determine whether the IDs of,, and do not match.
- step S2104 is executed.
- step S2111 is executed.
- the license conversion processing unit 1216 indicates that the ECM1100 for Kc transmission is within the license conversion period. It is determined whether or not (step S2104).
- the license conversion processing unit 1216 refers to the license conversion expiration date 1106 of the Kc transmission ECM 1100 and compares it with the current time acquired together with the Kc transmission ECM 1100 from the terminal device 102. Then, it is determined whether or not the ECM1100 for Kc transmission is within the license conversion time limit.
- step S2104 that is, if the license conversion time limit 1106 is newer than the current time, it is determined that the license conversion time limit has been reached.
- step S 2104 that is, if the license conversion time limit 1106 is earlier than the current time, it is determined that the license conversion time limit has expired, and step S 2111 is executed.
- the license conversion processing unit 1216 refers to the conversion history DB 1211 and searches for a conversion history of the corresponding license ID (Step S2105).
- license conversion processing section 1216 refers to TL1500 of conversion history DB 1211 and searches for a record of license ID 1501 that matches license ID 1107 of ECM 1100 for Kc transmission.
- the license conversion processing unit 1216 determines whether or not a conversion history of the corresponding license ID exists (step S2106).
- the license conversion processing unit 1216 refers to the search result in step S2105, and checks whether there is a record that matches.
- step S2107 If YES in step S2106, that is, if there is no conversion history of the corresponding license ID, step S2107 is executed.
- step S2111 If NO in step S2106, that is, if there is a conversion history of the corresponding license ID, step S2111 is executed.
- the license conversion processing unit 1216 searches whether there is an empty record or a record whose expiration date has expired in the TL 1500 (step S2107).
- the license conversion processing unit 1216 newly performs license conversion.
- the license conversion time limit 1502 of the TL1500 is compared with the current time obtained together with the ECM1100 for Kc transmission from the terminal device 102, and a record whose license conversion time limit 1502 is newer than the current time is compared. Search for.
- the license conversion processing unit 1216 determines whether or not there is an empty record or a record that has exceeded the license conversion time limit in the conversion history DB 1211 (step S2108).
- the license conversion processing unit 1216 refers to the search result in step S2107, and determines whether there is an empty record in the TL 1500 or a record exceeding the license conversion time limit 1502.
- step S2109 is executed.
- step S2108 if NO, that is, if there is no empty record or a record exceeding the license conversion time limit 1502, license conversion cannot be performed any more, so Execute step S2111.
- the license conversion processing unit 1216 deletes the record that has exceeded the license conversion period 1502, and can add a new license ID 1501. (Step S2109).
- the license conversion processing unit 1216 determines that the license of the ECM1100 for Kc transmission is permitted to be converted, and ends the license conversion availability determination process (step S2110).
- the license conversion processing unit 1216 determines that the license of the ECM1100 for Kc transmission is not allowed to be converted, and ends the license conversion availability determination process (step S2111).
- terminal device 102 and IC card 103 during content storage have been described above with reference to FIGS. 19 and 21.
- the terminal device 102 requests the IC card 103 for a content key (step S2201).
- the user IZF unit 1208 of the terminal device 102 acquires the license ID of the content that the user wants to play using metadata or the like, and transmits the license ID to the IC card 103.
- the first card is transmitted to the IZF unit 1207.
- the first card IZF unit 1207 transmits the received license ID to the IC card 103.
- the IC card 103 searches the license DB 1212 for a license having the corresponding license ID (step S 2202).
- the second card IZF unit 1213 of the IC card 103 transmits the received license ID to the license processing unit 1217, and the license processing unit 1217 searches the license DB 1212 using the license ID as a key. I do.
- the license processing unit 1217 determines whether there is a valid license that matches the requested license ID (step S2203).
- step S2204 is executed.
- step S2203 If NO in step S2203, that is, if there is no valid license, it is determined that reproduction is impossible and step S2205 is executed.
- the license processing unit 1217 also acquires the acquired license power, the content key and the use condition (step S2204).
- the license processing unit 1217 obtains the content key Kcl606, the expiration date 1603, the number of times of reproduction 1604, and the number of times of writing 1605 from the obtained license 1600.
- the license processing unit 1217 determines whether the license is valid by comparing the expiration date 1603 with the current time.
- the number of times of reproduction 1604 and the number of times of writing 1605 since the user has requested the reproduction of the content, it is determined whether or not the number of times of reproduction 1604 is larger than 0 by referring to the number of times of reproduction 1604. I do.
- the license processing unit 1217 decrypts the encrypted key ECM-Kcl020 received from the terminal device 102 in synchronization with the content reproduction, so that the Kcl606 is transmitted to ECMZEMM decoding section 1214.
- the content key Kcl606 is used by the ECMZEMM decryption unit 1214 during playback of the content. Will be retained.
- the second card IZF unit 1213 transmits a response of the license processing result to the terminal device 102 (step S2205).
- the second card IZF unit 1213 searches for the license by the license processing unit 1217 and acquires the result of the license availability determination, and acquires the first card of the terminal device 102. The effect is transmitted as a response to the I / F unit 1207.
- the first card IZF unit 1207 of the terminal device 102 receives the response from the IC card 103 and transmits it to the content decryption unit 1205, and the content decryption unit 1205 checks whether the content can be reproduced. (Step S2206).
- step S2207 is executed.
- step S2206 that is, if the content cannot be reproduced, the content use processing ends.
- the storage management unit 1204 reads the corresponding content from the storage unit 1203, and the content decryption unit 1205 and the content use unit 1206 start decrypting the encrypted content and decoding the content (step S2207).
- the storage management unit 1204 reads all TS packets of the corresponding content from the storage unit 1203
- step S2208 it is determined whether or not the reproduction of the content has been completed.
- step S2209 is executed.
- step S2208 that is, if the reproduction of the content has ended, the content reproduction processing ends.
- the separation unit 1202 also uses the ECM—KclO for the corresponding content read by the storage management unit 1204.
- separation section 1202 obtains a TS packet of the PID of ECM-Kcl020 from the corresponding content, and reconfigures ECM-Kcl020. Transfer the reconstructed ECM-Kcl020 to the first card IZF section, and transfer the ECM-Kcl02 to the first card IZF section 1207 power C card 103.
- the scramble key Ks201 included in ECM-Kcl020 is every few seconds It is necessary to perform this step once every few seconds.
- the IC card 103 decrypts the received ECM-Kcl020 with the content key Kc205 (step S2211).
- the second card IZF unit 1213 of the IC card 103 transmits the ECM-Kcl020 received from the first card IZF unit 1207 of the terminal device 102 to the ECMZEMM decoding unit 1214,
- the ECMZEMM decryption unit 1214 decrypts the ECM-Kcl020 with the content key Kcl606 held.
- the IC card 103 transmits the scramble key Kc201 obtained from the ECM-Kcl020 to the terminal device 102 (step S2212).
- the ECMZEMM processing unit 1215 of the IC card 103 acquires the scramble key Ks201 from the decrypted ECM—Kcl 020, and transmits the scramble key Ks201 to the terminal device 102 through the second card IZF unit 1213. I do. At this time, it may be determined whether or not to transmit the scramble key Kc201 to the terminal device 102 with reference to the content usage conditions set in the license 1600.
- the content decrypting unit 1205 of the terminal device 102 desk lamps the content using the scramble key Ks201 obtained from the IC card 103, and the content using unit 1206 decodes the content (step S2210).
- the content decryption unit 1205 sequentially receives the scramble key Ks 201 obtained from the IC card 103 from the first card IZF unit 1207, and sets it in the content decryption unit 1205.
- the encrypted TS packet of the content read from the storage unit 103 is descrambled using the scramble key Ks201 and transmitted to the content use unit 1206.
- the content use unit 1206 MPEG-decodes the descrambled content received from the content decryption unit 1205 and outputs it to a monitor (not shown).
- the content decryption unit 1205 and the content utilization unit 1206 of the terminal device 102, or the ECMZEMM decryption unit 1214 of the IC card 103, etc. control the use of the content such as the valid period and the accumulated use time based on the utilization conditions. It may be performed.
- the license 1600 includes the corresponding use conditions.
- the license ID and the expiration date acquired by the terminal device are managed as a license acquisition history, and the license is acquired at least until the license acquisition expiration date.
- the acquisition history is kept. Therefore, prevention of unlimited license acquisition and prevention of increase in the data size to be managed can be achieved at the same time, and the rights of the business can be sufficiently protected.
- the transmission device power of broadcast station 101 is also set to license 1600 for terminal device 102 and IC card 103, using Kc transmission ECM1100 of the server type broadcast system.
- Kc transmission ECM1100 of the server type broadcast system.
- the license 1600 may include a license in a format different from that of the license 1600, or ECM or EMM may be distributed with a license in a format different from the license 1600. It can be thought that there is.
- license 1600 is stored in IC card 103. However, considering that the storage capacity of IC card 103 is not large, at least license 1600 Some may be stored in the terminal device 102.
- encryption is required to ensure the security of license 1600 generated by license conversion.
- this encryption for example, a master key Km252 unique to the IC card 103, an encryption key (group key) shared in advance by a plurality of terminal devices 102, or a stored encryption key Km ′ 1303 shown in FIG.
- the license 1600 may be bound to the terminal device 102, the IC card 103, or a set of these.
- the Kc transmission ECM 1100 before license conversion or the like may be stored in the storage unit 1203 of the terminal device 102 as it is.
- the encryption may be stored as it is without performing the cryptographic conversion, or the ECM for Kc transmission may be cryptographically converted in the same way as the license 1600 to prepare for the regular or irregular update of the work key Kw203. May be.
- the terminal When the device 102 and the IC card 103 perform the encryption conversion process of the license, it is preferable to add an ECMZEMM re-encryption unit 2301 inside the IC card 103 as shown in FIG.
- a license ID 1501 is used to control license conversion.
- An ID (ECM—ID2401) for identifying the ECM may be provided in the ECM2400 for Kc transmission.
- the license conversion can be controlled by using ECM-ID2401 in TL 1500 instead of license ID 1501.
- license conversion control for ECM1100 units for Kc transmission is different from license conversion control for 1600 license units.
- the license conversion may be controlled by using ECM-ID2401 in addition to the license ID 1501.
- the license 1600 of the same license ID is included in different ECM1100s for Kc transmission (that is, the same license is obtained from different services), or the license 1600 of the same license ID is acquired from the communication network 105 or the like. Even in this case, it is possible to distinguish the destination where the license 1600 has been obtained, so that in the case where the same license has been obtained from a different service, the license conversion cannot be performed in some cases. it can. Furthermore, these IDs are not limited to this as long as they are information that can identify the license, ECM1100 for Kc transmission, and the like.Therefore, the hash value, MAC, URI, etc. of the license may be used. .
- the license conversion period 1106 of the ECM1100 for Kc transmission (the license conversion period 1502 of the TL1500) is represented by an absolute date and time, but a relative date and time may be set. .
- it may be a relative date and time from the license expiration date 1108, or a relative date and time from the date and time when the terminal device 102 received the Kc transmission ECM 1100.
- the start date and time may be added together as shown in the example in which only the end date and time for which conversion is permitted is shown.
- the license 1600 always has an expiration date 1603.
- the expiration date 1603 (ECM2400 for Kc transmission)
- the license expiration date of ECM2400 for Kc transmission 1108) is indefinite, It is also conceivable that the license conversion expiration date is not set in the ECM2400 for Kc transmission.
- the license conversion processing unit 1216 of the IC card 103 may generate the license conversion time limit 1502 of the TL1500.
- a method of adding a certain period (for example, one month) to the reception date and time of the ECM2400 for Kc transmission and the date and time of license conversion may be considered.
- the added value may be stored as a system fixed value in the terminal device 102 or the IC card 103, but can be dynamically changed from the broadcasting station 101 in the digital broadcasting 104, the communication network 105, or the like. You may do it.
- the TL1500 describes the license ID 1501 and the license conversion period 1502
- Service type 2503, purchase information 2504, and the number of acquired licenses 2506 may be described together.
- the company ID 2501 is described, so that the license 2502 can have a unique value for each company.
- the service type 2503 it is possible to integrate and manage the license conversion history related to the PPV content by focusing on the license conversion history related to the tier content.
- the date and time when the PPV content was purchased is described as purchase information 2504.
- the number of acquired licenses is described as 2506, licenses that can be acquired by the user with respect to one license from the broadcasting station 101, such as the ECM1100 for Kc transmission, etc.
- the number that is, the number of licenses that can be copied
- the number of licenses that can be acquired can be reliably controlled by recording the number of acquired licenses 2506.
- not only the number of licenses that can be acquired, but also other license acquisition conditions may be managed.
- FIG. 26 is a diagram showing an example of a warung message presented to the user by the user IZF unit 1208.
- Message 2602 displayed on monitor 2601 indicates that the user Since the license of "Kamiki 2" has been purchased at 2004Z4Z15 19:00:00, a message is displayed to confirm to the user whether or not the same content can be repurchased! .
- the terminal device ID of the terminal device 102 that first performed the license conversion process is recorded in the IC card 103, so that the terminal device 102 and the IC card 103
- An example of binding a domain ID is not limited to this.
- a domain ID for identifying a set called a domain consisting of a plurality of terminal devices 102 and an IC card 103 that can share a content license is described below. It may be used instead of the terminal device ID.
- the license conversion period 1106 and the license expiration date 1108 are set in the ECM1100 for power Kc transmission, which shows an example in which the license conversion period 1502 is always managed in the TL1500.
- the license conversion history of the license may be managed based on the number of records of the TL 1500 instead of being managed in a time-limited manner, and a hybrid configuration may be adopted such that old records are deleted.
- force Kc transmission for determining whether or not to add a record of license conversion history to TL 1500 is determined.
- the content usage conditions set in the ECM1100 such as license expiration date 1108, usable count 1110, and writeable count 1111, etc.
- the Kc transmission ECM 1100 or the license 1600 may be provided with identification information as to whether or not the license has a state.
- having a use condition power state mainly means a use condition such as the number of usable times 1110 and the number of times of writing 1111 and the like, and use conditions without a state mainly include an expiration date of 1108. Is raised.
- a record whose license conversion period 1502 has passed is deleted.
- Search for records whose license conversion period 1502 has passed when the IC card 103 receives a specific command from the terminal device 102, a record in which the license conversion period 1502 has elapsed may be searched and deleted. Further, the condition for deleting the record whose license conversion period 1502 has passed may be dynamically updated from the broadcast station 101. Further, it may be deleted by a user's instruction.
- TL 1500 is assigned to terminal device 102 in consideration of the storage capacity of IC card 103 that manages TL 1500 inside IC card 103.
- the information may be stored in the storage unit 1203.
- the hash value of the TL 1500 stored in the storage unit 1203 needs to be stored in the IC card 103 in the storage unit 123 to prevent the TL 1500 from being illegally operated by a malicious user or the like.
- the TL 1500 is stored in the storage unit 1203 of a certain terminal device 102 and a new license is obtained (converted) by another terminal device 102, the number of licenses that can be obtained by the user will be inconsistent. there is a possibility.
- the terminal device 102 when the TL 1500 is stored in the terminal device 102, it is necessary to limit the terminal device 102 from which a license can be acquired by holding an ID that uniquely identifies the terminal device 102 in the IC card 103. In order to avoid such a problem in advance, the ID of the terminal device 102 for which the license has been acquired first is stored in the IC card 103, so that the terminal device for which the license can be acquired for the first time. It is good to limit 10 2.
- TL1500 is managed in units of IC card 103. It is also possible to manage each broadcast station 101 (business) inside IC card 103. In addition, by coordinating between a plurality of IC cards 103, management may be performed for each of the plurality of IC cards 103 (domains). [0332] Also, TL 1500, which is the license conversion history, is transmitted to broadcast station 101, other terminal devices 102, and other IC cards 103, and is used by broadcast station 101, other terminal devices 102, and other IC cards 103. I use it.
- the IC card 103 permits re-acquisition only a certain number of times, or communicates with the broadcast station 101 using the communication network 105 and re-licenses the license 1600 while referring to TL1500. You can also make it available.
- a program that realizes the flowcharts shown in FIGS. 17 to 22 is stored in a CPU and a storage device.
- the transmission device in the broadcast station 101 and the terminal device 102 may be realized by executing the program on a powerful general-purpose computer device such as a device or a communication device.
- each functional block constituting the distribution device and the terminal device may be realized by a plurality of system LSIs or the like, or may be realized by a single system LSI.
- a single distribution route also acquires content license, control information, and the like.
- digital broadcasting and the Internet can be used together, It can also be applied to a content distribution system composed of multiple distribution channels, such as using media and the Internet together.
- FIG. 28 shows a functional block diagram of broadcast station 101 according to Embodiment 2.
- ECM generation section 2801 of broadcast station 101 gives a cryptographic conversion time limit to the Kc transmission ECM. Note that the functions of the other processing units are the same as those in the first embodiment, and a description thereof will be omitted.
- FIG. 29 is a diagram showing an example of a content attribute information management table 2900 recorded in the content attribute information DB 303 of the transmitting device according to the second embodiment.
- an encryption conversion time limit 2905 serving as a re-encryption time limit on the receiving device side is given.
- the license can be taken in by performing re-encryption within the encryption conversion period 2905.
- FIG. 30 shows an example of the content management table 3000 recorded in the content DB 305 of the transmission device according to the second embodiment.
- the content management table 3000 has the same configuration as the content management table 800 shown in FIG. 8 of the first embodiment, and a description thereof will be omitted.
- FIG. 31 is a reference diagram showing an example of the data configuration of Kc transmission ECM 3100 to which the transmitting device power according to the second embodiment is also transmitted.
- This ECM3100 for Kc transmission has a data structure of the ECM1100 for Kc transmission shown in Fig. 11 described above, which includes the provider ID 1102, service type 1103, work key 1104, contract determination information 1105, license ID 1107, and license expiration date 1108.
- the number of possible times 1110 the number of times The difference is that an encryption conversion period 3101 is added to the ECM generation unit 2801 and is a period during which re-encryption can be performed on the receiving device side.
- the section header 1101 and the section tailor (error detection) 1113 are added! / As in FIG.
- FIG. 32 is a reference diagram showing a system configuration of the receiving apparatus according to the second embodiment.
- the functional configuration of the terminal device 102 is the same as that of the terminal device 102 of FIG. 23 according to Embodiment 1 described above.
- the IC card 103 includes an ECM re-encryption unit 3201, A license import processing unit 3202 and an import history database 3203 are provided.
- the license import processing unit 3202 checks the decryption result of the Kc transmission ECM encrypted with the storage unique key ⁇ , and also stores the decryption result from the storage unit 1203 of the terminal device 102 to the license DB 1212 of the IC card 103. When the license is imported, license acquisition processing is performed.
- the import history database 3203 is a license that is marked with! / In the ECM re-encryption unit 3201, ie, a license that has undergone cryptographic conversion.
- the license ID of the license that has been determined to be available for import is managed as the import history DB3203.
- the ECM re-encrypting unit 3201 performs the encryption conversion process of the ECM for Kc transmission using the stored unique key ⁇ when the license of the sending device is received. That is, the ECM re-encrypting unit 3201 performs the marking process on the license for which the contract has been made and within the cryptographic conversion period by using the stored encryption key ⁇ .
- FIG. 33 is a reference diagram showing an example of an import history table (IL: Import List) 3300 recorded in the import history DB32 03 of the IC card 103 on the receiving device side according to the second embodiment. It is. Note that the capture history table 3300 shown in this figure is almost the same as the capture history table 1500 according to FIG. 15 of Embodiment 1. Instead of the license conversion time limit 1502 in FIG. 15, the license validity period corresponding to the license ID 3301 is used. 3302 is described.
- IL Import List
- FIG. 34 is a diagram illustrating a case where the transmitting device in the broadcasting station 101 according to Embodiment 2 transmits the content. It is a flowchart which shows the operation
- the ECM generation unit 2801 of the transmission device generates an ECM 3100 for Kc transmission to which the encryption conversion time limit 3101 has been added (step S3401).
- the ECM generation unit 2801 refers to the content attribute information DB303 and the content key DB304 in order to generate an ECM3100 for Kc transmission having an encryption key for each content, triggered by the ECM generation instruction. , License ID 2902, usage conditions 2903, etc.
- the ECM 3100 for Kc transmission shown in FIG. 31 is generated from the read information.
- ECM generation section 2801 transmits the generated Kc transmission ECM 3100 to ECM encryption section 311. Note that the processing in S1802-S1809 is the same as the processing procedure of the transmission device shown in FIG. 18, and therefore the description thereof is omitted.
- FIG. 35 is a flowchart showing content reception and encryption conversion processing in terminal device 102 and IC card 103 according to the second embodiment.
- the encryption conversion permission / inhibition determination process in the IC card 103 (step S3501) will be described in detail separately with reference to the flowchart shown in FIG.
- the storage management unit 1204 in the terminal device 102 monitors the storage status of the content stored in the storage unit 1203, and checks whether or not the content storage is completed (Step S1901).
- step S1902 is executed. On the other hand, if NO in step S1901, that is, if the storage of the content is completed, the content storage process ends.
- separation section 1202 determines whether or not the power has acquired ECM3100 for Kc transmission (step S1902).
- step S1903 if YES in step S1902, that is, if the ECM 3100 for Kc transmission has not been acquired, step S1903 is executed. On the other hand, if NO in step S1902, that is, if the Kc transmission ECM 3100 has been acquired, step S1911 is executed.
- Separating section 1202 separates ECM3100 for Kc transmission and transmits it to IC card 103 ( Step SI 903).
- the license fetch processing unit 3202 refers to the encryption conversion time limit of the ECM 3100 for Kc transmission to perform encryption conversion availability determination processing (step S3501). The details of the process of determining whether or not to perform encryption conversion (step S3501) will be described with reference to the flowchart in FIG.
- the ECM re-encryption unit 3201 determines whether or not the license can be re-encrypted by using the result of performing the encryption conversion availability determination in step S3051 (step S3051). If the encryption conversion is OK (YES in step S3502), the ECM re-encryption unit 3201 re-encrypts (marks) the ECM 3100 for Kc transmission with the stored encryption key ⁇ and performs encryption conversion. Is performed (step S3503). On the other hand, if the cryptographic conversion is NO (NO in step S3502), re-encryption is performed using the stored encryption key ⁇ . In other words, the Kc transmission ECM3100 (that is, no marking is added) is sent as a response. The message is transmitted to the terminal device 102 (step S1910).
- step S3502 as in the case where the re-encryption of the ECM re-encryption unit 3201 is NO, encryption conversion of the license of the content is permitted! In such a case, it is also possible to present a message to that effect to the user. Also, in this case, re-encryption is always performed using the stored encryption key ⁇ , and the ECM 3100 for Kc transmission (that is, no marking is added) is not transmitted to the terminal device 102 side. Is also good.
- first card IZF section 1207 of terminal device 102 receives the response from IC card 103 (step S1910). Specifically, first card IZF section 1207 receives a response to the transmission of Kc transmission ECM 1100 from second card IZF section 1213 of IC card 103.
- the storage management unit 1204 of the terminal device 102 stores the content, the ECM-Kc, and the Kc transmission ECM2 100 that has been re-encrypted with the stored encryption key ⁇ returned from the IC card 103. Processing for storing the data in the storage unit 1203 is performed (step S 1911).
- the content storage processing in the terminal device 102 and the IC card 103 has been described above with reference to FIG.
- FIG. 36 is a diagram illustrating a process of determining whether or not to perform encryption conversion in terminal device 102 according to Embodiment 2 (see FIG. 35 is a flowchart showing an operation procedure in (corresponding to S3501 in 35).
- the ECMZEMM decryption unit 1214 of the IC card 103 refers to the card management information DB 1210, and determines whether or not there is a work key Kw203 for decrypting the Kc transmission ECM 3100 (Step S2101).
- step S2101 If YES in step S2101, that is, if work key Kwl406 exists, step S2102 is executed. On the other hand, in step S2101,
- step S36 If NO, that is, if the work key Kwl406 does not exist, step S36
- ECMZEMM decrypting section 1214 decrypts ECM 3100 for Kc transmission with work key Kwl406 (step S2102).
- ECMZEMM processing section 1215 determines whether or not IC card 103 has a contract for viewing the content (step S2103). Specifically, the ECM / EMM processing unit 1215 compares the contract determination information 1105 of the ECM3100 for Kc transmission with the tier contract ID 1402 or the PPV contract ID 1403 of the operator-specific information table 1400 recorded in the card management information DB 1210. Then, a determination process is performed to determine whether or not the ID of the shift matches. In addition, referring to the expiration date 1404 of the business-specific information table 1400 recorded in the card management information DB 1210, it is confirmed whether the current time is within the expiration date 1404. In this case, the terminal device 102 transmits the current time acquired by the current time management unit, not shown in the terminal device 102 of FIG. 32, to the IC card 103 together with the Kc transmission ECM 2100 in step S1910. I do.
- step S2103 If YES in step S2103, that is, if any ID matches and the current time is within expiration date 1404, step S3601 is executed. On the other hand, if NO in step S2103, that is, if none of the IDs match, or if the current time is outside the expiration date 1404, step S3603 is executed.
- the ECM re-encryption unit 3201 determines whether or not it is within the cryptographic conversion deadline described in the ECM3100 for Kc transmission (step S3601). (YES in step S3601), enable marking, and use the stored encryption key ⁇ for Kc transmission The encryption conversion for re-encrypting the ECM3100 is permitted (step S3602). On the other hand, if the license conversion processing unit 3202 is not within the time limit for the encryption conversion (NO in step S3602), the license conversion processing unit 3202 restarts the Kc transmission ECM3100. The encryption is not permitted (step S3603).
- the license import processing unit 3202 refers to the encryption conversion time limit 3101 of the ECM 3100 for Kc transmission and refers to the current time acquired together with the ECM 3100 for Kc transmission from the terminal device 102. By comparing with ECM3100, it is determined whether or not the ECM3100 for Kc transmission is within the cryptographic conversion time limit.
- FIG. 37 is a flowchart showing a processing procedure at the time of acquiring a license in terminal device 102 and IC card 103 according to the second embodiment.
- the license incorporation availability determination process (corresponding to step S3702) in the IC card 103 will be described separately with reference to the flowchart shown in FIG.
- the process at the time of license acquisition may be performed before viewing the content corresponding to the license, or may be performed when the user views the content.
- step S3701 a process of transmitting the Kc transmission ECM 3100 stored in the storage unit 1203 of the terminal device 102 to the IC card is performed.
- the IC card 103 performs a license incorporation availability determination process for the received ECM3100 for Kc transmission (step S3702).
- the second card IZF unit 1213 of the IC card 103 receives the Kc transmission ECM3100 transmitted by the first card IZF unit 1207 of the terminal device 102, and the license acquisition processing unit 3202 By checking whether the ECM 3100 for Kc transmission is marked, that is, whether or not the ECM 3100 has been re-encrypted with the stored encryption key ⁇ , a determination process is performed as to whether or not license acquisition processing may be performed. The details of the license import availability determination process will be described with reference to FIG.
- the license incorporation processing unit 3202 of the IC card 103 confirms whether or not license incorporation is permitted (step S3703).
- step S3704 If YES in step S3703, that is, license acquisition is permitted If so, step S3704 is executed. On the other hand, if NO in step S3703, that is, if license acquisition is not permitted, license acquisition is not performed and step S3707 is executed.
- license import processing section 3202 converts license of ECM3100 for Kc transmission and generates license 1600 for storage and viewing as shown in FIG. 16 (step S3704). . Specifically, license acquisition processing section 3202 obtains license ID 1107, license expiration date 1108, and the like included in ECM 3100 for Kc transmission, and generates license 1600.
- the license import processing section 3202 imports the conversion history of the license and records it in the import history DB 3203 (step S3705). Specifically, the license import processing unit 3202 adds the license ID 1107 and the expiration date 1108 of the ECM3100 for Kc transmission to the license ID 1501 and the expiration date of the TL1500 stored in the import history DB 3203.
- the license processing unit 1217 performs a process of storing the received license in the license DB 1212 (step S3706).
- second card IZF section 1213 transmits a response to the license conversion request by Kc transmission ECM 3100 to terminal apparatus 102 (step S3707). Specifically, the second card I / F unit 1213 is permitted to take in the license of the content, and is not authorized to take the license in, or is not permitted to take in the license of the content, or Then, a response message indicating that the license acquisition has failed is generated and transmitted to the terminal device 102.
- first card I / F section 1213 transmits a response to the license conversion request by ECM 3100 for Kc transmission from IC card 102 (step S3708).
- step S3703 as in the case of NO, license acquisition of the content is permitted, and in such a case, a message to that effect may be presented to the user.
- step S3706 If the acquired license is not stored in the license DB 1212 of the IC card 103 but is stored in the terminal device 102, in step S3706, the license of the It is sufficient that the license ID, the hash value, and the like are stored in the IC card 103, and the license acquired in the terminal device 102 in step S3707 is transmitted as a response.
- FIG. 38 is a flowchart showing a specific operation procedure of the license incorporation availability determination (corresponding to step S3702) shown in FIG. 37 in the receiving apparatus according to Embodiment 2.
- the ECMZEMM decryption unit 1214 of the IC card refers to the card management information DB1210 and determines whether or not the stored encryption key ⁇ 203 for decrypting the ECM3100 for Kc transmission exists (step S3801). .
- the ECMZEMM decryption unit 1214 reads the stored encryption key ⁇ corresponding to the card ID with reference to the card management information DB1210. At this time, if the card ID of the ECM3100 for Kc transmission and the stored encryption key ⁇ do not match, processing is performed assuming that the stored encryption key ⁇ does not exist (NO in step S3801).
- step S3802 If YES in step S3801, that is, if the stored encryption key ⁇ is present, step S3802 is executed. On the other hand, if NO in step S3801, that is, if the stored encryption key ⁇ does not exist, step S2111 is executed to prohibit license acquisition.
- ECMZEMM decryption section 1214 determines whether or not ECM1100 for Kc transmission can be decrypted with stored encryption key ⁇ (step S 3802).
- the ECMZEMM decryption unit 1214 decrypts the encryption unit of the ECM3100 for Kc transmission by AES with the stored encryption key ⁇ obtained in step S3801, and detects tampering of the ECM 3100 for Kc transmission 1110 by It checks whether the ECM3100 for Kc transmission has been tampered with! / ⁇ and determines whether it can be decrypted with the stored encryption key ⁇ . If it is detected that the Kc transmission ECM 3100 has been tampered with, license acquisition cannot be permitted, so that step S2111 is executed and this processing ends.
- the license fetch processing unit 3202 determines whether the ECM3100 for Kc transmission is within the validity period of the license. Is determined (step S3803). Specifically, the license import processing unit 3202 determines that the license expiration date of the ECM3100 for Kc transmission is 110 Referring to FIG. 8, by comparing with the current time acquired together with Kc transmission ECM 3100 from terminal device 102, it is determined whether or not the Kc transmission ECM 3100 has expired.
- step S3803 If YES in step S3803, that is, if the expiration date 1108 is newer than the current time, it is determined that it is within the expiration date, and step S2105 is executed. On the other hand, if NO in step S3803, that is, if the expiration date 1108 is earlier than the current time, it is determined that the expiration date has not passed, and step S2111 is executed.
- step S3803 the expiration date determination process in step S3803 is performed so as not to accumulate unnecessary licenses whose expiration date has passed, so this process can be omitted. .
- the license import processing unit 3202 refers to the import history DB 3203 and searches for a conversion history of the corresponding license ID (step S2105). Specifically, the license import processing unit 3202 refers to TL1500 of the import history DB3203, and searches for a record of the license ID 1501 that matches the license ID 1107 of the ECM 3100 for Kc transmission.
- the license acquisition processing unit 3202 determines whether or not the conversion history of the corresponding license ID exists (step S2106). Specifically, the license import processing unit 3 202 refers to the search result in step S2105, and determines whether there is a record in the import history DB3203 that matches the license ID 1107 of the ECM3100 for Kc transmission and the license ID 1501 of the TL1500. Check.
- step S2106 If YES in step S2106, that is, if there is no import history of the corresponding license ID, step S2107 is executed. On the other hand, if NO in step S2106, that is, if there is an entry history of the corresponding license ID, step S2111 is executed.
- the license import processing unit 3202 searches for an empty record or a record whose expiration date has expired in the TL1500 (step S2107).
- the license acquisition processing unit 3202 refers to the TL1500 to find an empty record in order to find a record in which a license ID to be newly converted is added. Search for. If there is no empty record, the license conversion time limit 1502 of the TL 1500 is compared with the current time obtained together with the Kc transmission ECM3100 from the terminal device 102, and the record whose license conversion time limit 1502 is newer than the current time is compared. Search for.
- the license import processing unit 3202 determines whether or not there is an empty record or a record that has exceeded the license conversion time limit in the conversion history DB 1211 (step S2108). Specifically, the license acquisition processing unit 3202 refers to the search result in step S2107, and determines whether there is an empty record in the TL 1500 or a record exceeding the license conversion time limit 1502.
- step S2108 If YES in step S2108, that is, if there is an empty record or a record whose license conversion period 1502 has been exceeded, step S2109 is executed. On the other hand, if NO in step S2108, that is, if there are no empty records or records that have exceeded the license conversion time limit 1502, license conversion cannot be performed any more, so Execute S2111.
- license acquisition processing section 3202 deletes the record exceeding license conversion period 1502 and adds a new license ID 1501. (Step S2109).
- the license import processing unit 3202 determines that license conversion of the ECM3100 for Kc transmission is permitted, and ends the license conversion availability determination process (step S2110). In addition, the license import processing unit 3202 determines that the license of the ECM3100 for Kc transmission is not allowed to be converted, and ends the license conversion availability determination process (step S2111).
- a cryptographic conversion time limit is given to the ECM3100 for Kc transmission. Then, the receiving apparatus determines whether or not the received ECM3100 for Kc transmission is within the cryptographic conversion deadline, and if it is within the cryptographic conversion deadline, the ECM re-encrypting unit 3201 obtains it using the stored encryption key ⁇ . License and re-encrypt the license. Is also returned to the terminal device 102 side and stored in the storage unit 1203.
- the license capture processing unit 3202 of the IC card 103 determines whether or not the decryption is possible using the stored encryption key ⁇ , and only the decryptable ECM3100 for Kc transmission is loaded. Therefore, only the license related to the content actually viewed by the user can be loaded into the IC card 103, and the license information is recorded on the terminal device 102 side. It is possible to avoid the problem of compressing the capacity.
- the import history DB 3203 manages the import history table 3300 in which the license ID 3301 and the expiration date 3302 are recorded, use of the license exceeding the expiration date 3302 is appropriately prevented. It is possible to do.
- the ECM re-encryption unit 3201 of the IC card 103 performs the re-encryption of the ECM 3100 for Kc transmission using the stored encryption key ⁇ .
- the present invention is not limited to this.
- the encryption key for re-encrypting the ECM3100 for Kc transmission may use an encryption key common to a plurality of terminal devices 102 in addition to the stored encryption key ⁇ unique to the terminal device 102 or the IC card 103. .
- the cryptographic conversion time limit is given to the ECM3100 for Kc transmission on the transmitting side, but if the cryptographic conversion time limit is not given on the transmitting side, the terminal At the time of performing the cryptographic conversion of the ECM 3100 for Kc transmission on the device 102 side, whether or not to perform the cryptographic conversion may be determined based on certain conditions. For example, if the encryption conversion period is a certain number of days before the expiration date of the ECM310 0 (license) for Kc transmission, There may be a case where the cryptographic conversion period is determined based on the current time received together with the Kc transmission ECM3100 from the 102 side.
- license acquisition is managed based on a knock ID, a license ID (acquired license ID), and an expiration date.
- Fig. 39 is a diagram of an import history table (IL: Import List) 3900 for PPC (Pay Per Content, each time purchased content) managed by the IC card 103 according to this modification.
- IL Import List
- PPC Payment Per Content, each time purchased content
- Each record of this PPC IL3900 is generated when the content (package) of the PPC is purchased.
- the package ID 3901 is information for identifying the purchased package, and is described, for example, as “PKG-ID-1” and indicates a unit of purchase of the content.
- a package contains a plurality of contents (for example, a pack of 10 episodes of a drama), and these are managed as an in-package license ID 3903 corresponding to the package ID 3901.
- the same license may be included in different packages. For example, there may be a sports package ⁇ [league package, and a content related to the J-League included in both packages.
- the expiration date 3902 is the expiration date corresponding to the package ID 3901. The longest (latest expiration date) of the license expiration dates in the package is described.
- the license ID 3903 in the package is a list of license IDs included in the package. For example, “: LICENSE—ID—1, LICENSE—ID—2 ,,,,” The license acquisition status in the package can be presented.
- the license ID 3902 in the package, together with the acquired license ID 3904 tells the user the relationship between the license included in the package and the license already acquired. It is assumed to be used when presenting.
- the acquired license ID 3904 indicates a license ID that has been acquired with respect to the license ID 3903 in the package, and is described, for example, as ": LICENSE-ID-1 or LICENSE-ID-2".
- the information managed in the import history table 3900 includes the allocation method of the package ID 3901 and the license ID 3903 in the package (the ability to assign IDs so as to be globally unique, the unique ID for each service provider).
- the management method may change depending on the power of shaking.
- FIG. 40 is a reference diagram showing an example of the ECM4000 for Kc transmission distributed from the transmitting device to the receiving device according to the present modification.
- the ECM4000 for Kc transmission according to this modified example is added with the capture history table for PPC, and the package ID 4002 corresponding to the package ID 3901 recorded in the capture history table 3900 of the capture history DB3203 at the time of license capture, and A license ID 4003 in the package corresponding to the license ID 3903 in the package shown in FIG. 39, and an encryption conversion time limit 4001 are described as in the second embodiment.
- the in-package license ID 4003 is a list of license IDs included in the package, and the same value is transmitted by the Kc transmission ECM4000 in the same package.
- FIG. 41 is a flowchart showing a processing procedure in the license acquisition of the PPC in the receiving apparatus according to the present modification.
- the processing of the license incorporation availability determination processing (corresponding to step S4102) shown in this figure will be described in detail with reference to FIG.
- step S4101 a process of transmitting the Kc transmission ECM4000 stored in the storage unit 1203 of the terminal device 102 to the IC card is performed.
- the IC card 103 performs a license incorporation availability determination process of the received Kc transmission ECM4000 (step S4102).
- the license acquisition processing unit 3202 of the IC card 103 confirms whether or not the license acquisition is permitted as a result of the license acquisition enable / disable determination process (step S4103).
- step S4103 If YES in step S4103, that is, if license acquisition is permitted, step S4104 is executed. On the other hand, in step S4103, If NO, that is, if license acquisition is not permitted, license acquisition is not performed and step S4107 is executed.
- step S4103 the license import processing unit 320
- step S4104 converts the license of the ECM4000 for Kc transmission to generate a license 1600 for storage and viewing as shown in FIG. 16 (step S4104).
- the license import processing unit 3202 imports the license conversion history and records it in the import history DB 3203 (step S4105). Specifically, the license import processing unit
- 3202 When acquiring the first license within the knockage, 3202 records the knowledge ID3901, expiration date 3902, in-package license ID 3903, and acquired license ID 3904 of the import history table 3900 in the import history DB3203. Also
- the process of recording only the acquired license ID 3904 in the import history table 3900 in the import history DB3203 is performed.
- the license processing unit 1217 performs a process of accumulating the acquired license in the license DB 1212 (step S4106).
- the second card IZF unit 1213 sends a Kc transmission ECM400 to the terminal device 102.
- a response to the license conversion request with 0 is transmitted (step S4107).
- FIG. 42 is a flowchart showing a specific operation procedure of the license incorporation availability determination (corresponding to step S4102) shown in FIG.
- the ECMZEMM decryption unit 1214 of the IC card 103 refers to the card management information DB1210 and determines whether or not the stored encryption key ⁇ for decrypting the ECM4000 for Kc transmission exists (step S4201). .
- step S4202 if YES in step S4201, ie, if the stored encryption key ⁇ exists, step S4202 is executed. On the other hand, in step S4201,
- step S2111 is executed to prohibit license acquisition.
- the ECMZEMM decryption unit 1214 decrypts the ECM1100 for Kc transmission with the stored encryption key S ⁇ (step S4202).
- the license fetch processing unit 3202 determines whether the ECM4000 for Kc transmission is within the validity period of the license (step S4203).
- step S4203 If YES in step S4203, that is, if the expiration date 1108 is newer than the current time, it is determined that it is within the expiration date, and step S4204 is executed. On the other hand, if NO in step S4203, that is, if the expiration date 1108 is earlier than the current time, it is determined that the expiration date has not passed, and step S2111 is executed.
- the license import processing unit 3202 refers to the import history DB 3203 and searches for a conversion history of the corresponding license ID (step S4204). Specifically, the license import processing unit 3202 refers to the TL1500 of the import history DB3203, and based on the set of the package ID 4002 of the ECM4000 for Kc transmission and the license ID 4003, determines whether the records match or not. Search for.
- the license import processing unit 3202 determines whether or not there is a conversion history of the relevant package ID and license ID (step S2106). More specifically, the license import processing unit 3202 refers to the search result of step S2105, and stores the set of the package ID 4002 of the ECM4000 for Kc transmission and the license ID 4003 in the package in the import history DB3203 and the package ID 3901 of the import history table 3900. Check whether there is a record that matches the set with the license ID 3903 in the package.
- step S2107 is executed.
- step S2111 is executed. Note that the processing after S2107 is the same as that in FIG. 38 described above, and a description thereof will not be repeated.
- the package ID 4002 and the license ID 4003 included in the ECM4000 for Kc transmission use the package ID 4002 and the license ID 4003 included in the package.
- the acquisition of the license is controlled by the IC card 103 of the receiving device while the acquisition is suppressed. Therefore, Knocke Package ID 3901 assigned to multiple packages, and the in-package license ID 3903 assigned to multiple contents included in the package can be managed in different packages in a unified manner. More efficient use of licenses to prevent unauthorized use of licenses, and is more suitable for actual user use, for example, when purchasing a large number of series programs or contents that are broadcast 12 times in three months of a drama. It becomes possible to manage license data.
- the digital rights management system of the present invention manages a license ID and an expiration date acquired in a terminal device together in a list, and holds a record at least until the expiration date of the license, thereby preventing unauthorized license acquisition. It has the effect of preventing the increase in the size of data to be managed, and is useful as a digital rights management system for content distribution services such as digital broadcasting, digital CATV, and the Internet. It can also be applied to digital rights management systems for content distribution services using portable media such as package media.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/588,268 US20070124252A1 (en) | 2004-03-31 | 2005-03-10 | Reception device, transmission device, security module, and digital right management system |
JP2006519408A JP4642023B2 (ja) | 2004-03-31 | 2005-03-10 | 受信装置、送出装置、セキュリティモジュール、及びデジタル権利管理システム |
EP05720473A EP1734452A4 (en) | 2004-03-31 | 2005-03-10 | RECEIVING DEVICE, TRANSMISSION DEVICE, SECURITY MODULE, AND DIGITAL RIGHTS MANAGEMENT SYSTEM |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-106339 | 2004-03-31 | ||
JP2004106339 | 2004-03-31 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005098631A1 true WO2005098631A1 (ja) | 2005-10-20 |
Family
ID=35125261
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/004202 WO2005098631A1 (ja) | 2004-03-31 | 2005-03-10 | 受信装置、送出装置、セキュリティモジュール、及びデジタル権利管理システム |
Country Status (5)
Country | Link |
---|---|
US (1) | US20070124252A1 (ja) |
EP (1) | EP1734452A4 (ja) |
JP (1) | JP4642023B2 (ja) |
CN (1) | CN1939061A (ja) |
WO (1) | WO2005098631A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009521742A (ja) * | 2005-12-26 | 2009-06-04 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 権利管理のための方法および装置 |
US8590055B2 (en) | 2006-02-15 | 2013-11-19 | Samsung Electronics Co., Ltd. | Method and apparatus for importing content having plurality of parts |
US8978154B2 (en) | 2006-02-15 | 2015-03-10 | Samsung Electronics Co., Ltd. | Method and apparatus for importing content having plurality of parts |
JP2022055285A (ja) * | 2020-09-28 | 2022-04-07 | ベイジン バイドゥ ネットコム サイエンス テクノロジー カンパニー リミテッド | ミニプログラムパッケージ送信方法、装置、電子機器コンピュータ可読媒体およびコンピュータプログラム製品 |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8843413B2 (en) * | 2004-02-13 | 2014-09-23 | Microsoft Corporation | Binding content to a domain |
US7940930B2 (en) * | 2005-05-02 | 2011-05-10 | Nds Limited | Native scrambling system |
US7818260B2 (en) * | 2005-10-12 | 2010-10-19 | Cable Television Laboratories, Inc. | System and method of managing digital rights |
US9313248B2 (en) | 2006-04-13 | 2016-04-12 | Johnny Stuart Epstein | Method and apparatus for delivering encoded content |
JP2007304849A (ja) * | 2006-05-11 | 2007-11-22 | Sony Corp | 管理装置、情報処理装置、管理方法および情報処理方法 |
US8856861B2 (en) * | 2007-12-20 | 2014-10-07 | Samsung Electronics Co., Ltd. | Generic rights token and DRM-related service pointers in a common protected content file |
US8166508B2 (en) | 2008-01-04 | 2012-04-24 | Apple Inc. | Content rental system |
US8677430B2 (en) * | 2008-01-04 | 2014-03-18 | Apple, Inc. | Content rental system |
EP2150049A1 (en) | 2008-07-30 | 2010-02-03 | Koninklijke KPN N.V. | Virtually increasing the number of content broadcast channels |
US20130282870A1 (en) * | 2012-04-18 | 2013-10-24 | Sony Corporation | Reception apparatus, reception method, transmission apparatus, transmission method, and program |
CN103632071B (zh) * | 2012-08-28 | 2018-04-13 | 北京超图软件股份有限公司 | 地理空间数据产品的版权保护方法和系统 |
US9846899B1 (en) * | 2012-08-31 | 2017-12-19 | Amazon Technologies, Inc. | Dynamic software licensing |
EP2866454A1 (en) * | 2013-10-25 | 2015-04-29 | British Telecommunications public limited company | Triple buffer key handling |
US10503566B2 (en) * | 2018-04-16 | 2019-12-10 | Chicago Mercantile Exchange Inc. | Conservation of electronic communications resources and computing resources via selective processing of substantially continuously updated data |
CN108875398B (zh) * | 2018-09-06 | 2023-06-09 | 山西特信环宇信息技术有限公司 | 基于证件链技术的加解密系统及其使用方法 |
JP2020178185A (ja) * | 2019-04-16 | 2020-10-29 | 日本放送協会 | コンテンツ配信装置、携帯端末、受信装置およびそれらのプログラム |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002097694A1 (en) * | 2001-05-29 | 2002-12-05 | Matsushita Electric Industrial Co., Ltd. | Insurance system |
JP2004005526A (ja) * | 2002-04-05 | 2004-01-08 | Matsushita Electric Ind Co Ltd | コンテンツ利用システム |
JP2004021424A (ja) * | 2002-06-13 | 2004-01-22 | Toshiba Corp | 車載器データのバックアップシステムおよびその方法 |
JP2004046809A (ja) * | 2002-05-15 | 2004-02-12 | Matsushita Electric Ind Co Ltd | コンテンツ利用管理システム並びにこのシステムに用いられるサーバ装置及び端末装置 |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5138712A (en) * | 1989-10-02 | 1992-08-11 | Sun Microsystems, Inc. | Apparatus and method for licensing software on a network of computers |
US7124302B2 (en) * | 1995-02-13 | 2006-10-17 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7213005B2 (en) * | 1999-12-09 | 2007-05-01 | International Business Machines Corporation | Digital content distribution using web broadcasting services |
DE60119678T3 (de) * | 2000-12-15 | 2010-09-16 | Panasonic Corp., Kadoma | Empfangsgerät mit Aufzeichnungseinheit zum Aufzeichnen eines verschlüsselten Rundfunksignals und Rundfunkvorrichtung zum Verschlüsseln eines auszustrahlenden Signals sowie zugehörige Verfahren |
US7065507B2 (en) * | 2001-03-26 | 2006-06-20 | Microsoft Corporation | Supervised license acquisition in a digital rights management system on a computing device |
CN1579095A (zh) * | 2001-10-29 | 2005-02-09 | 松下电器产业株式会社 | 基线内容保护和复制管理数字视频广播的装置 |
JP4408601B2 (ja) * | 2001-12-27 | 2010-02-03 | 富士通株式会社 | 情報再生装置およびセキュアモジュール |
JP4323745B2 (ja) * | 2002-01-15 | 2009-09-02 | 三洋電機株式会社 | 記憶装置 |
KR20040103891A (ko) * | 2002-04-05 | 2004-12-09 | 마쯔시다덴기산교 가부시키가이샤 | 컨텐츠 이용 시스템 |
EP1505528A4 (en) * | 2002-05-15 | 2006-12-06 | Matsushita Electric Ind Co Ltd | SYSTEM FOR MANAGING THE USE OF CONTENTS |
US7222106B2 (en) * | 2002-05-21 | 2007-05-22 | International Business Machines Corporation | Mechanisms for handling software license agreements on multi-user system |
JP4018498B2 (ja) * | 2002-10-15 | 2007-12-05 | キヤノン株式会社 | 管理装置、管理方法、制御プログラム |
JP4217455B2 (ja) * | 2002-10-15 | 2009-02-04 | キヤノン株式会社 | 周辺装置、情報処理方法、および制御プログラム |
JP4343542B2 (ja) * | 2003-01-30 | 2009-10-14 | ソニー株式会社 | 情報処理システム、情報処理装置および情報処理方法、並びにプログラムおよび記録媒体 |
US7516147B2 (en) * | 2003-10-23 | 2009-04-07 | Sumisho Computer Systems Corporation | URL system and method for licensing content |
JP2006031169A (ja) * | 2004-07-13 | 2006-02-02 | Oki Electric Ind Co Ltd | ライセンス情報確認装置、ライセンス情報確認方法及びライセンス情報確認プログラム |
-
2005
- 2005-03-10 WO PCT/JP2005/004202 patent/WO2005098631A1/ja not_active Application Discontinuation
- 2005-03-10 CN CNA2005800102485A patent/CN1939061A/zh active Pending
- 2005-03-10 US US10/588,268 patent/US20070124252A1/en not_active Abandoned
- 2005-03-10 EP EP05720473A patent/EP1734452A4/en not_active Withdrawn
- 2005-03-10 JP JP2006519408A patent/JP4642023B2/ja not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002097694A1 (en) * | 2001-05-29 | 2002-12-05 | Matsushita Electric Industrial Co., Ltd. | Insurance system |
JP2004005526A (ja) * | 2002-04-05 | 2004-01-08 | Matsushita Electric Ind Co Ltd | コンテンツ利用システム |
JP2004046809A (ja) * | 2002-05-15 | 2004-02-12 | Matsushita Electric Ind Co Ltd | コンテンツ利用管理システム並びにこのシステムに用いられるサーバ装置及び端末装置 |
JP2004021424A (ja) * | 2002-06-13 | 2004-01-22 | Toshiba Corp | 車載器データのバックアップシステムおよびその方法 |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009521742A (ja) * | 2005-12-26 | 2009-06-04 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | 権利管理のための方法および装置 |
US8590055B2 (en) | 2006-02-15 | 2013-11-19 | Samsung Electronics Co., Ltd. | Method and apparatus for importing content having plurality of parts |
US8978154B2 (en) | 2006-02-15 | 2015-03-10 | Samsung Electronics Co., Ltd. | Method and apparatus for importing content having plurality of parts |
US9147048B2 (en) | 2006-02-15 | 2015-09-29 | Samsung Electronics Co., Ltd. | Method and apparatus for importing content having plurality of parts |
JP2022055285A (ja) * | 2020-09-28 | 2022-04-07 | ベイジン バイドゥ ネットコム サイエンス テクノロジー カンパニー リミテッド | ミニプログラムパッケージ送信方法、装置、電子機器コンピュータ可読媒体およびコンピュータプログラム製品 |
JP7191999B2 (ja) | 2020-09-28 | 2022-12-19 | ベイジン バイドゥ ネットコム サイエンス テクノロジー カンパニー リミテッド | ミニプログラムパッケージ送信方法、装置、電子機器コンピュータ可読媒体およびコンピュータプログラム製品 |
Also Published As
Publication number | Publication date |
---|---|
EP1734452A1 (en) | 2006-12-20 |
JPWO2005098631A1 (ja) | 2008-02-28 |
CN1939061A (zh) | 2007-03-28 |
US20070124252A1 (en) | 2007-05-31 |
EP1734452A4 (en) | 2008-04-16 |
JP4642023B2 (ja) | 2011-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4642023B2 (ja) | 受信装置、送出装置、セキュリティモジュール、及びデジタル権利管理システム | |
US7194091B2 (en) | Content using system | |
US8234217B2 (en) | Method and system for selectively providing access to content | |
KR100718086B1 (ko) | 디지털 홈 네트워크를 위한 범용 복사 방지 시스템에서 액세스 관리 방법 및 디바이스 | |
US20060287956A1 (en) | System and method for time based digital content access | |
US20080279386A1 (en) | Method and apparatus for encrypting media programs for later purchase and viewing | |
US20090199287A1 (en) | Systems and methods for conditional access and digital rights management | |
US20090044241A1 (en) | Broadcasting content protection/management system | |
KR20110004333A (ko) | 스트림에서의 레코딩가능한 콘텐트의 프로세싱 | |
KR20050117526A (ko) | 디지털 권리 관리용 콘텐츠 이용 실적 수집을 위한 시스템 및 방법 | |
JP2005160032A (ja) | コンテンツ再生制御システム、サーバ装置、端末装置およびコンテンツ再生制御方法 | |
KR20110004332A (ko) | 스트림에서의 레코딩가능한 콘텐트의 프로세싱 | |
US8406426B2 (en) | Method and apparatus for storing and retrieving encrypted programming content such that it is accessible to authorized users from multiple set top boxes | |
US20070288713A1 (en) | Data Recording/Reproducing Device and Method | |
US8433926B2 (en) | Method and apparatus for storing and retrieving encrypted programming content using an asymmetric key arrangement | |
JP4485753B2 (ja) | コンテンツ利用システム | |
JP4098348B2 (ja) | 端末装置、サーバ装置及びコンテンツ配信システム | |
KR20060120650A (ko) | 메타데이터 액세스 제어 시스템, 그 방법, 수신장치, 및송신장치 | |
CA2593952A1 (en) | Method and apparatus for providing a border guard between security domains | |
JP5775140B2 (ja) | デジタルコンテンツ送受信システム、および、デジタルコンテンツ送受信方法 | |
JP4554806B2 (ja) | 受信方法及び送信方法 | |
JP2006287769A (ja) | 配信システム | |
JP5450875B2 (ja) | デジタルコンテンツ受信装置、および、デジタルコンテンツ受信方法 | |
JP5450876B2 (ja) | デジタルコンテンツ送受信システム、および、デジタルコンテンツ送受信方法 | |
JP4806977B2 (ja) | 情報処理装置および方法、並びにプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2006519408 Country of ref document: JP |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2005720473 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007124252 Country of ref document: US Ref document number: 10588268 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 200580010248.5 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005720473 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10588268 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2005720473 Country of ref document: EP |