WO2012157767A1 - Récepteur et procédé de réception - Google Patents

Récepteur et procédé de réception Download PDF

Info

Publication number
WO2012157767A1
WO2012157767A1 PCT/JP2012/062858 JP2012062858W WO2012157767A1 WO 2012157767 A1 WO2012157767 A1 WO 2012157767A1 JP 2012062858 W JP2012062858 W JP 2012062858W WO 2012157767 A1 WO2012157767 A1 WO 2012157767A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
unit
information
broadcast
receiver
Prior art date
Application number
PCT/JP2012/062858
Other languages
English (en)
Japanese (ja)
Inventor
松村 欣司
茂明 三矢
馬場 秋継
藤沢 寛
秀 武智
保明 金次
浩行 浜田
Original Assignee
日本放送協会
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本放送協会 filed Critical 日本放送協会
Publication of WO2012157767A1 publication Critical patent/WO2012157767A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/81Monomedia components thereof
    • H04N21/8166Monomedia components thereof involving executable data, e.g. software

Definitions

  • the present invention relates to a receiver and a receiving method.
  • This application claims priority based on Japanese Patent Application No. 2011-112750 and Japanese Patent Application No. 2011-112751 for which it applied to Japan on May 19, 2011, and uses the content here.
  • This television broadcast receiving apparatus is intended for a television broadcast receiving apparatus that receives a digital television broadcast and reproduces its video and data broadcast content. Based on the received data broadcast content, a plurality of options can be selected. An image for selecting one of the options is displayed. Then, with any option selected from the displayed image, the Internet address automatically included in the received data broadcast content corresponding to the selected option is used to automatically access the Internet for information. To get. As a result, it is possible to provide a very good television broadcast receiver capable of receiving a large amount of information.
  • Non-Patent Document 1 when referring to content on the Internet using a television broadcast receiving apparatus, whether or not to execute a broadcast extension function in accordance with the security class of the content is determined. Accordingly, it is described that security is ensured by restricting execution of functions on the television broadcast receiving apparatus.
  • the present invention has been made in view of such circumstances, and an object of the present invention is to provide a receiver capable of performing control for restricting execution of an application being executed in the receiver.
  • a receiver executes a security level table that stores application identification information and security level information in association with each other, and executes according to the security level of the application for each API identification information.
  • An execution availability table that stores information on availability in advance in association with the identification information, identification information of the executed application, and security level information related to the identification information of the application When the API is called from the executed application by referring to the table, it is related to the identification information of the called API and the security level information of the application by referring to the execution availability table.
  • the application execution unit that executes the called API and update information of the execution availability table are received from the outside, and the received execution availability table And a table updating unit that updates the execution availability table based on update information.
  • the receiver may further include a table updating unit that receives update information of the execution availability table from outside and updates the execution availability table based on the received update information of the execution availability table.
  • a reception method relates to a step of associating application identification information and security level information in a security level table and storing the application security level for each API identification information.
  • the identification information and storing the identification information of the executed application in advance in association with the identification information, and specifying the identification information of the executed application and the security level associated with the identification information of the application
  • the reception method may further include a step of receiving update information of the execution availability table from outside and a step of updating the execution availability table based on the received update information of the execution availability table.
  • a security level table in which an application ID and a security level are associated with each other, and an execution availability table that defines execution for each API and for each security level of the application are provided.
  • the security level is specified by the security level table, and when the API is called from the application, whether or not execution is possible is specified from the identification information of the API called the security level of the application, and it is called only when it can be executed. Since the API is executed, there is an effect that it is possible to perform control for restricting execution of a predetermined function of an application executed in the receiver. As a result, it is possible to prevent an unexpected failure from occurring.
  • FIG. 1 It is a block diagram which shows the structure of the receiver by 1st embodiment of this invention. It is a figure which shows the person using the broadcast communication cooperation system to which this invention is applied, and its relationship. It is a figure which shows the whole structure of a broadcast communication cooperation system. It is a figure which shows the terminal cooperation model of a broadcast communication cooperation system. The conceptual diagram of the service classification of a broadcast communication cooperation system is shown. It is a figure which shows the example of the text expression of AIT used for a broadcast communication cooperation system. It is a figure which shows the life cycle of the application in a broadcast communication cooperation system. It is a figure which shows the data flow between providers in a broadcast communication cooperation system. It is a figure which shows the flow of the data in the whole broadcast communication cooperation system.
  • FIG. 1 is an overall configuration diagram of a broadcasting / communication cooperation system according to a first embodiment of the present invention. It is a functional block diagram which shows the internal structure of the receiver by the embodiment. It is a block diagram which shows the detailed structure of the application execution control part by the embodiment. It is a block diagram which shows the detailed structure of the presentation control part by the embodiment. It is explanatory drawing which shows the table structure of a security level table. It is explanatory drawing which shows the table structure of an execution availability table. It is a flowchart which shows the processing operation of an application execution part. It is explanatory drawing which shows the modification of an execution availability table. It is a block diagram which shows the structure of the receiver by 2nd embodiment of this invention.
  • FIG. 1 is a diagram illustrating a schematic functional configuration of a receiver 4 according to the present embodiment.
  • the characteristic configuration of the receiver 4 according to the embodiment will be described with reference to FIG.
  • the detailed configuration of the receiver 4 will be described later.
  • the receiver 4 includes a broadcast receiving unit 401, a video control unit 407, a video display unit 408, an audio control unit 409, an audio output unit 410, a communication input / output unit 411, an application execution control unit 412, and an operation input unit 414.
  • the broadcast receiving unit 401 is a tuner that receives a broadcast signal.
  • the video control unit 407 generates a video signal for displaying the broadcast screen or the application screen according to the designated screen display method.
  • the video display unit 408 is a general display, and displays a broadcast and application screen by displaying the video signal output from the video control unit 407.
  • the audio control unit 409 generates an audio signal for outputting the audio to be simultaneously generated according to the instructed audio output method when displaying the broadcast screen or the application screen.
  • the audio output unit 410 is a general speaker, and outputs sound of broadcasting and application by generating sound based on the audio signal output from the audio control unit 409.
  • the communication input / output unit 411 inputs / outputs data through communication via a communication network.
  • the application execution control unit 412 executes an application of the broadcasting / communication cooperation service.
  • the operation input unit 414 is an interface that accepts an operation by a viewer, and includes, for example, a remote controller, a keyboard, and a mouse.
  • the application execution control unit 412 includes an application storage unit 431, an application authentication unit 432, an application management unit 433, an application control unit 434, and an application execution unit 435.
  • the application storage unit 431 stores an application file received by the communication input / output unit 411 via the communication network, or an application file acquired by the broadcast receiving unit 401 from the data broadcast.
  • the application stored in the application storage unit 431 is given identification information that can uniquely identify the application. This identification information is referred to as an application ID.
  • the application file may be stored in the application storage unit 431 in advance at the time of shipment.
  • the application storage unit 431 includes a main storage device and an auxiliary storage device, and the application file is stored in the auxiliary storage device and read out to the main storage device at the time of execution.
  • the application authentication unit 432 verifies the electronic signature added to the application file received by the communication input / output unit 411 via the communication network or the application file (application program) acquired from the data broadcast by the broadcast receiving unit 401. .
  • the application authentication unit 432 decrypts the digitally signed application file using the received public key. As a result, when a predetermined data string is obtained, the application authentication unit 432 determines that the verification of the electronic signature has succeeded. If the verification of the electronic signature is successful, the application ID of this application is also decrypted. If the verification of the electronic signature is successful, the application authentication unit 432 determines that the application is an A (Authorized) application with a high security level. If the verification of the electronic signature is unsuccessful, or the electronic signature is not added. In this case, it is determined that the application is a general application with a low security level. The application authentication unit 432 outputs the determination result to the application management unit 433, and stores the received application file in the application storage unit 431.
  • A Authorized
  • the application management unit 433 stores therein a security level table 4331 that associates application security level (high or low) information output from the application authentication unit 432 with an application ID.
  • the security level table 4331 is updated each time a new application is acquired.
  • the application control unit 434 controls the start and stop of the application in the application execution unit 435 according to the control code for the application bound to the program and the instruction for the application input by the operation input unit 414.
  • the application control unit 434 is bound to the end of the application bound to the program of the channel before the change and the program of the channel after the change. Start the application.
  • the application control unit 434 includes a security management unit 4341 inside.
  • the security management unit 4341 includes an execution availability table 4342 in which execution availability is defined for each API identification information that is identification information of an API (Application Program Interface) executed by the application execution unit 435.
  • the application execution unit 435 includes an API unit 4351.
  • the application execution unit 435 reads the application program of the application 4352 instructed to start from the application storage unit 431 and executes it.
  • the application 4352 operates on the receiver 4, and the application execution unit 435 requests content or requests to execute a service via the communication network.
  • the application execution unit 435 outputs graphic data or a video control instruction to the video control unit 407 or outputs a voice control instruction to the audio control unit 409.
  • the API unit 4351 is an API for using each resource in the receiver 4 when the application execution unit 435 executes the application 4352.
  • the API unit 4351 executes the API, the resource in the receiver 4 can be used from the application program executed by the application execution unit 435.
  • the API unit 4351 inquires of the security management unit 4341 whether execution is possible each time an API is to be executed, and executes the API only when the API can be executed.
  • the broadcast communication cooperation system (broadcast communication integration system, broadcast communication system, transmission / reception system) to which the present invention is applied is, for example, a Hybridcast (registered trademark) (hybrid cast) system, and a broadcast communication cooperation service (Hybridcast (registered trademark)).
  • Service broadcasting / communication integration service, broadcasting / communication service).
  • the broadcasting / communication cooperation service realized by the broadcasting / communication cooperation system to which the present invention is applied links a digital broadcasting service and a communication service using the Internet or the like.
  • a receiver such as a digital television, a personal computer, or a portable terminal displays a display screen (hereinafter, “program display screen”) of a broadcast program (hereinafter also referred to as “program”) transmitted by broadcasting. (Also referred to as a “broadcast screen”), and a display screen of services and contents acquired by communication by the application installed in the receiver (hereinafter referred to as “application screen” and “application display screen”). ) And display simultaneously.
  • FIG. 2 is a diagram showing a person who uses the broadcasting / communication cooperation system and its relationship.
  • a broadcasting station that sends a program accompanied by organization distributes the program to viewers by broadcast radio waves or a communication network.
  • Broadcasting stations provide service providers with metadata related to programs in order to enhance broadcast communication cooperation services.
  • a service provider that provides a broadcasting / communication cooperation service produces and distributes content and applications (hereinafter also referred to as “apps”) for providing the broadcasting / communication cooperation service to viewers.
  • application when simply described as “application”, it refers to an application for providing a broadcasting / communication cooperation service (an application of the broadcasting / communication cooperation service).
  • the content or application producer and distributor need not be the same service provider.
  • a broadcasting station may also serve as a service provider.
  • the service provider can also provide link information to other service providers.
  • the service provider can apply for registration of the application and obtain approval from the system administrator in order to indicate that the application to be provided is official. Approved applications are not restricted in operation on the receiver.
  • An approved application is called an A (Authorized) application
  • an unapproved application is called a general application.
  • the A application is also referred to as an official application, a registered application, an authenticated application, an authorized application, an authorized application, an authorized application, or an A (Authorized) type application.
  • the general application is also referred to as an unofficial application, an unauthenticated application, an unauthorized application, an unauthorized application, a U (Unauthorized) type application, or a U application.
  • the system administrator is an organization that certifies that the application (receiver application) provided to the viewer is the A application (official).
  • the system administrator's decision as to whether or not to approve the applied application depends on the commission from the broadcasting station.
  • an application for performing various settings may be installed in the receiver.
  • the display screen of the application in the receiver may overlap the display screen (video) of the program.
  • the viewer can download or start the application according to his / her will. Further, the viewer can overlap the display screen of the application with the display screen (video) of the program according to his / her intention.
  • FIG. 3 is a diagram illustrating the overall configuration of the broadcast communication cooperation system.
  • the broadcasting / communication cooperation system is configured by functionally adding a “broadcasting station server group”, a “service provider server group”, and a “receiver” to the current broadcasting station equipment using radio waves.
  • Broadcasting stations have broadcasting station facilities. Further, the broadcasting station configures and manages both the broadcasting station server group and the service provider server group.
  • the service provider configures and manages a service provider server group.
  • the system administrator manages and operates the repository server.
  • the receiver manufacturer manufactures and sells the receiver. The viewer has a receiver and enjoys a broadcasting / communication cooperation service.
  • a receiver (Hybridcast (registered trademark) receiver, broadcast receiving communication device) is equipped with a standardized common API (Application Program Interface). Further, the receiver receives broadcasts of the current system such as terrestrial digital broadcast and BS (broadcasting satellite) digital broadcast.
  • the broadcasting station equipment multiplexes a signal for starting a broadcasting / communication cooperation service into a broadcasting wave. The multiplexing method will be described later.
  • the broadcasting station server group manages and distributes content and metadata held by broadcasting stations.
  • the broadcast station server group includes various servers, a data storage unit (DB (database)), and an API, and the broadcast station server group includes a content management server, a viewer management server, a content distribution server, a broadcast A station service server is included.
  • DB data storage unit
  • the content management server that manages content manages programs and metadata that are broadcast content.
  • the content management server includes a program management server that manages a broadcast program or a broadcast program, and a metadata management server that manages metadata related to the program.
  • the metadata indicates, for example, a program title, a program ID, a program summary, performers, staff, broadcast date and time, script, captions, and commentary.
  • the viewer management server manages viewers (users), and the content distribution server distributes content data by communication.
  • the broadcast station service server is a server for the broadcast station to provide a service to a service provider. Services provided by the broadcast station service server include, for example, a social network service operated by a broadcast station and a web log (blog) for each broadcast program.
  • the data storage unit of the broadcasting station server group is composed of a part for storing contents and metadata held by the broadcasting station and a database.
  • the stored data can be accessed only by the service provider that is managing it, and is restricted so that it cannot be accessed by others.
  • the API of the broadcast station server group is an API for providing data in response to a request from the service provider server group.
  • the API is a program that an application calls to receive a service and its execution unit.
  • a service server group managed and operated by a service provider manages and provides applications and contents.
  • the service server group includes a receiver application server, a service server, a content distribution server, a data storage unit (DB (database)), and an API.
  • DB data storage unit
  • the receiver application server is a server that manages the application of the broadcasting / communication cooperation service.
  • the service provider stores, manages, and distributes applications that operate on the receiver. Service providers are composed of groups or individuals.
  • the receiver application server In response to a request from the receiver, the receiver application server notifies the receiver of the storage location of the application file (the application file will be described later) and distributes the application file.
  • the service server is a server that provides a service in response to a request from an application running on the receiver.
  • Examples of the service server include a multilingual subtitle server, a speech speed conversion voice server, a social TV server, a recommendation server, a program review server, and a bookmark server.
  • the content distribution server is a server that provides content in response to a request from an application running on the receiver.
  • Examples of the content distribution server include a VOD (Video On Demand) distribution server, a caption distribution server, and a multi-view distribution server.
  • the data storage unit of the service provider server group is a place for storing content data, metadata, data created by the service provider, viewer data, and application files.
  • the data stored in the data storage unit can be accessed only by the service provider that is managing it, and cannot be accessed by others.
  • the API of the service server group is an API for providing application files, contents, and services in response to requests from applications running on the receiver.
  • the receiver receives and displays the broadcast of the current system, and executes a broadcasting / communication cooperation service.
  • Current broadcasting is satellite broadcasting such as terrestrial digital broadcasting and BS digital broadcasting, and data broadcasting.
  • the receiver is connected to the Internet.
  • the receiver makes an application download request to the service provider server based on the information multiplexed on the received broadcast wave.
  • the application executes an application program included in the downloaded application file, the application operates on the receiver.
  • An application operating on the receiver accesses the service provider server and acquires content.
  • the receiver has a broadcasting / communication cooperation function which is a function necessary for executing a broadcasting / communication cooperation service such as a synchronization function and an application control function. Since the API for the broadcasting / communication cooperation function is shared, it is easy to create an application and the application does not depend on the receiver.
  • the broadcasting / communication cooperation service also incorporates functions for cooperation with devices such as personal computers and portable terminals.
  • Broadcast / communication cooperation functions include broadcast / communication cooperation basic functions and optional functions to be implemented as necessary.
  • the receiver manufacturer implements the broadcasting / communication cooperation basic function in all receivers.
  • the application uses the broadcasting / communication cooperation function through the API.
  • the broadcasting / communication cooperation function operates based on an API described later.
  • the API implemented by the receiver is specified so that the operation of the application is the same without depending on the receiver. Since all applications process the receiver through the API, the application cannot access functions specific to the receiver without going through the API.
  • FIG. 4 is a diagram illustrating a terminal cooperation model of the broadcasting / communication cooperation system.
  • the receiver can provide a service in cooperation with a terminal such as a portable terminal. Examples of terminals to be linked include a personal computer, a mobile phone, a tablet, a smartphone, and a PDA (Personal Digital Assistant).
  • the receiver provides, as an API, a function that can be used by other terminals as a receiver function.
  • An API that provides a function that can be used by other terminals is called a terminal cooperation API.
  • an application running on a mobile terminal can access a broadcasting resource such as acquisition of program information or call a receiver function such as reproduction control by using the terminal cooperation API.
  • the terminal cooperation API is an API for using functions of the receiver by other terminals and applications operating on the terminals.
  • the terminals that cooperate with each other target terminals on a home network (LAN) and terminals accessed through the Internet.
  • LAN home network
  • the definition of the API that provides various operations will be described later.
  • the terminal cooperation API providing process operating on the receiver operates the terminal cooperation API.
  • the terminal cooperation API providing process operates like a kind of daemon process that operates residently.
  • RESTful REST: Representational State Transfer
  • UPnP Universal Plug and Play
  • XMPP eXtensible Messaging and Presence Protocol
  • the receiver also supports a Notification function in which a server on the Internet notifies the receiver of information by pushing.
  • the receiver receives information notified by a push from a server or the like.
  • Some receiver operations may be controlled by the Notification function, and the Notification function is also defined as part of the terminal cooperation API specification.
  • the application model of the broadcasting / communication cooperation system is a model added or changed based on the concept of the application model of DVB-GEM1.2.
  • application life cycle control such as activation is performed in conjunction with broadcast or communication content.
  • the application is activated based on an AIT (Application Information Table) (application information table, application activation information) distributed together with the AV content.
  • AIT Application Information Table
  • a provider of AV content such as a broadcaster can also control a life cycle such as automatic startup and termination of an application.
  • non-linkage the application is started and terminated without being linked to broadcasting or communication content. In this case, the life cycle of the application such as the start and end of the application is controlled only by the viewer.
  • a service means a series of programs that can be broadcasted as part of a schedule organized by a broadcaster, but this concept has been expanded in a broadcasting / communication cooperation system to provide stream-dependent and independent services. Two service types are defined.
  • FIG. 5 shows a conceptual diagram of service types.
  • a related application is started by pseudo-tuning the stream dependent service and the independent service.
  • the stream dependent service is an extension of the service concept in the conventional sense, and is configured by adding an application (or a plurality of applications) operating in conjunction with an AV stream transmitted by broadcasting or communication.
  • An application can be started in conjunction with selection / playback of an AV stream (channel selection in the case of broadcasting).
  • the independent service does not include a video / audio stream, and is configured only by an application (a plurality of applications). When the viewer selects the stand-alone service, the application is activated.
  • There are two methods for starting an application a method of starting an application file acquired on the fly, and a method of starting an application file stored (installed) in a receiver in advance.
  • On-the-fly is a method of acquiring an application file by communication when an application is executed, and is also referred to as a non-install type or a direct execution type.
  • the receiver activates an application program of an application file in the local file system based on the well-known application by AIT described later.
  • the receiver acquires and installs an application file by communication, it rewrites the information in the location hierarchy set in the related AIT (see section 2.5.1) to the location on the local file system. Accordingly, an operation for generating a value for identifying a stand-alone service (required for each AIT unit of the stand-alone service) is required.
  • AIT Application startup information
  • FIG. 6 is a diagram showing an example of a text expression of AIT used in the broadcasting / communication cooperation system.
  • the AIT used in the broadcasting / communication cooperation system is based on the AIT defined by ARIB-J.
  • AIT there are binary representation for transmission in SI (Service Information) table and text representation (AIT File) in XML (eXtensible Markup Language) format.
  • SI Service Information
  • AIT File text representation
  • XML eXtensible Markup Language
  • Known applications that are linked to AV content are sometimes multiplexed with AIT on AV content transmitted by MPEG (Moving Picture Experts Group) -2 TS (Transport Stream) or sent separately with AIT information. .
  • AIT By transmitting AIT in conjunction with AV content, life cycle control such as activation of an application that is linked to a broadcast program or dynamic application that is linked to the progress of the program can be performed at the receiver.
  • Known methods include, for example, (1) ES (Elementary Stream) addition for AIT, (2) Descriptor addition to EIT (Event Information Table), (3) Carousel transmission (4) Acquisition of AIT file by communication, (5) Dynamic transmission of AIT file by communication, and the like.
  • the AIT ES is multiplexed on the broadcast TS in the same manner as in ARIB-J.
  • the AIT is transmitted in a DSM-CC (Digital Storage Media Command and Control) data carousel.
  • DSM-CC Digital Storage Media Command and Control
  • an AIT file is transmitted by a specific module.
  • the component tag and module of the broadcast communication cooperative activation file transmission carousel are fixed. For example, “AA” is set in the component tag, “0000” is set in the module ID, and a type indicating AIT is set in the Type descriptor of the module.
  • the receiver monitors the update of the module, and when the update is detected, rereads the AIT, and executes the control specified by the AIT (application life cycle control).
  • an AIT file prepared separately is acquired simultaneously with the selection of AV content.
  • the AV content to be reproduced (content ID)
  • the information describing application activation information (AIT) are acquired as starting points. It is possible to use the concept of unit content and entry components of server type broadcasting (ARIB TR-B27).
  • control for starting a new application or terminating the active application during playback of AV content is performed by the AIT transmitting by communication.
  • control is performed at a timing that is not assumed in advance, notification by push through communication is performed.
  • the receiver acquires an AIT including activation information of an application that operates independently by communication.
  • Independent applications are obtained from known application repositories. The procedure for obtaining the startup information of each independent application is shown below.
  • FIG. 7 is a diagram illustrating a life cycle of an application.
  • the application state is “Not Loaded”, “Loaded”, “Paused”, “Started”, “Destroyed” (destroyed) according to the application state in ARIB-J. ) ".
  • an application life cycle a series of processes from when an application is loaded and executed until the application is finished.
  • control of transition between the states is called life cycle control.
  • the life cycle control of an application linked to AV content is basically performed through selection of a stream dependent service.
  • the selection of the stream dependent service is made by the viewer.
  • a service is a set of a series of contents including AV contents and applications, and a life cycle such as activation and termination is controlled by a control code included in an AIT sent together with the application.
  • a single service may include a plurality of applications that operate simultaneously.
  • Selection of a service that triggers application activation includes control from an application through a receiver API, control from a navigator as a resident application of a receiver, control of a remote control button in the case of a broadcast service, and the like. .
  • presentation of content (AV content or application) included in the service before and after switching is switched.
  • the applications included in the service before and after the switching are different, the application that was activated before the switching is terminated by the service switching, and a different application can be activated after the switching. Details of these operations will be described later in section 2.4.
  • BML Broadcast Markup Language
  • an API for controlling the start of the broadcast communication cooperation application is added as a BML API.
  • BML is a multimedia coding system defined in ARIB STD B24, and is adopted as a data broadcasting system in the current Japanese terrestrial / BS / CS digital broadcasting.
  • An independent service is a virtual service that includes only an application, and by selecting an independent application, the application is started by acquiring an AIT by the same mechanism as the activation by AIT in Section 2.3.2.1. . However, in the stand-alone service, at least one auto-start application is started.
  • the stand-alone service is selected from, for example, an application launcher.
  • Termination by other applications Using the application termination API executed by the application, other running applications are terminated. In this case, an appropriate security policy for terminating other applications is necessary.
  • the receiver terminates the designated application by the receiver function. For example, a list of applications that are activated by the receiver is displayed, and the designated application is terminated by the viewer's selection.
  • Bound application is ready to be executed when receiving the associated organization service. That is, when the composition service is started by the AIT and the reception of the composition service is finished (when the composition channel being received is changed), the execution is finished. Another application started from the bound application is also handled as a bound application. When the first activated application that is the main book of a series of related bound applications is terminated, the other applications activated thereby are also terminated.
  • the execution of the application is continued even if the received composition service is changed. Since the AIT for starting the application cannot be obtained from the composition service, the start information is obtained by other means (for example, obtaining an AIT File (file) associated with the application using an application launcher, etc.). It is given to the receiver and activated. Another application started from the unbound application is also handled as an unbound application. The application is basically terminated explicitly by the operation of the viewer, but is terminated also when an instruction (KILLALL) for terminating all applications is given by the AIT from the receiving service.
  • KILLALL an instruction
  • An unbound application is not associated with a composition service, but as shown in Section 2.3.2.4, a bound application is associated with a virtual composition service (generated in the receiver when the receiver is started). The same startup processing mechanism can be applied.
  • the method of generating a virtual composition service depends on the implementation of the receiver, and what identification value is given to the composition service depends on the implementation of the receiver. However, if application files are stored in the receiver and can be started from the application launcher at an arbitrary timing, an ID for identifying a virtual organization service or an application file acquisition destination (service provider server or Since the server is described as the acquisition destination in the AIT acquired from the repository, it is necessary to change it so that it is acquired from the storage area in the receiver). Need to be updated.
  • the activation information of all applications is given by the AIT. Acquisition of the application file is instructed by the location information of the application included in the AIT.
  • the location information is described in a hierarchy of “/ ApplicationList / Application / applicationSpecificDescriptor / dvbjDescriptor / location” (XML is described as the contents of the location element).
  • the description of the location information is, for example, “http://192.168.11.37/demo.jar”.
  • the above is an example of acquiring demo.jar (Java (registered trademark) application archive) using the HTTP (Hypertext Transfer Protocol) protocol. The transport protocol to be used and the package format of the application will be described later.
  • the package format of the application depends on the application format (Java (registered trademark) or HTML5).
  • the receiver acquires a series of files (such as a program main body and an image file) necessary for starting the application by acquiring a group of files or entry files.
  • This series of files is an application file.
  • the application file includes a compressed series of files (such as a zip file), a Jar file (Java (registered trademark) execution environment), an entry HTML file (in the case of the HTML5 execution environment), and an entry file defined uniquely. Format is used.
  • the transmission method used when acquiring the application file via the network includes acquisition using the HTTP protocol and acquisition using the FILE protocol.
  • acquisition is performed using the GET method.
  • the designation of the location of the AIT is “http: // ⁇ ”.
  • the location specification of the AIT is set to “file: /// ⁇ ”.
  • descriptors are added to EIT and AIT to control application presentation from the relationship between the application and AV content. Details will be described later in section 4.3.
  • FIG. 8 is a diagram illustrating a data flow between business operators in the broadcast communication cooperation system
  • FIG. 9 is a diagram illustrating a data flow in the entire broadcast communication cooperation system.
  • FIG. 8 between the broadcast station server group and the server for each service of the service provider server group, between the broadcast station server group and the broadcast communication cooperation infrastructure server, and between the broadcast communication cooperation infrastructure server and the service
  • a description will be given of the API definition between the server for each service of the provider server group, the API between the receiver control and the broadcasting / communication cooperation base server, the metadata and the server for each service shown in FIG.
  • FIG. 10 is a diagram illustrating a sequence of a recommendation service.
  • Methods used between the service provider server group and the interface unit of the broadcast station server are “GET”, “POST”, “PUT”, and “DELETE”.
  • An example of the command format is shown below.
  • Parameters include ⁇ broadcast station name ⁇ , ⁇ server name ⁇ , ⁇ content ID ⁇ , ⁇ viewer ID ⁇ , ⁇ review ID ⁇ , ⁇ data to be managed ⁇ , ⁇ sort method ⁇ , ⁇ first item ⁇ , ⁇ Number ⁇ etc.
  • Data to be managed includes content information, user information, user generated content information, device information, and authentication information.
  • Content information includes title, summary, genre, broadcast date / time, broadcast time (scale), video mode, audio mode, caption data, script, performer, music, producer, production company, work, recommended program, video URI, playback It includes data indicating the number of times, CM, time stamp information, and the like.
  • the user information indicates the user's (viewer) name, age, gender, region, number of reviews written, number of comments written, favorites, friend list, playback location (time), playback end location (time), program viewing history, etc.
  • the user generated content information includes data indicating a content ID, a user ID, a review content, a review writing time, a review evaluation, and the like.
  • the device information includes a device ID.
  • the authentication information includes an authentication ID.
  • MPEG-2 Video or H.264 For multiplexing video encoded with H.264 / MPEG-4 Advanced Video Coding (AVC), audio encoded with MPEG-1 Audio Layer II, MPEG-2 Audio AAC, subtitles, etc.
  • AVC MPEG-4 Advanced Video Coding
  • MPEG-1 Audio Layer II MPEG-2 Audio Layer II
  • MPEG-2 Audio AAC MPEG-2 Audio AAC
  • subtitles etc.
  • Transport Stream format MPEG2-TS, MMT (MPEG Media Transport), MP4, etc. can also be used.
  • FIG. 11 is a diagram illustrating a transfer protocol stack.
  • Stream transmission uses RTP (Real-Time Transport Protocol) / UDP (User Datagram Protocol) and HTTP / TCP (Transmission Control Protocol).
  • RTP Real-Time Transport Protocol
  • UDP User Datagram Protocol
  • HTTP / TCP Transmission Control Protocol
  • HTTP / TCP Transmission Control Protocol
  • stream control is performed using HTTP connections, methods, and headers.
  • RTP Real-time Transport Protocol
  • RTSP Real Time Streaming Protocol
  • Multilingual subtitles comply with Timed Text Markup Language (W3C (World Wide Web Consortium)). Note that synchronization is performed separately at the application level. Each corresponding font is downloaded from the server as necessary. For example, a font file is placed on the HTTP payload. In this case, Web Dynamic Fonts and PFR (Portable Font Resource) are used. The font capacity is preferably about 5-35 MB (megabytes).
  • MPEG-2 Audio or PCM (Pulse Code Modulation) (AIFF-C (Audio Interchange File Format Compression)) is used.
  • MPEG-2 Audio the MPEG-2 AAC system defined in ARIB STD-B32 2.4 Edition, Part 2, Section 3.1 is used, and the encoding parameter constraints defined in Chapter 5 are Applied.
  • PCM the method defined in ARIB STD-B24 5.4 version 1st part 2 section 6.2 is used.
  • PCM the system defined in ARIB STD-B24 5.4 version 1st part 2 section 6.4 is used.
  • control code only APR (CR) and APD (LF) are used among the C0 control codes defined in ARIB STD-B24 5.4 version 1 Part 2 Section 7.2.2.1. . Other C0 control codes and C1 control codes are not used.
  • the conversion of character codes is in accordance with ARIB STD-B24 5.4 edition, Part 1, Part 2, Appendix E.
  • BML ARIB STD-B24
  • ARIB-J ARIB STD-B23
  • HTML5 W3C HTML5 Working draft-2011 / Jan / 13
  • the receiver has a function of presenting a BML document that conforms to the terrestrial digital broadcast operation rules (ARIB TR-B14) or the BS digital broadcast operation rules (ARIB TR-B15).
  • the receiver must be able to present data broadcasting services provided by terrestrial digital broadcasting or BS digital broadcasting in accordance with existing standards.
  • the receiver is required only to present BML content distributed by the data carousel method in broadcasting, and BML content provided by the HTTP protocol by communication (TR-B14, Volume 3, Part 2, Section 5.14, TR -B15 Part 1, Part 3, Section 8.14) is not mandatory.
  • browser.startHybridcastApp () and getAITInfo () are specified as broadcasting extended APIs for starting the communication application specified below.
  • Table 2 shows the rules for browser.startHybridcastApp ().
  • browser.startHybridcastApp () is an API for starting a broadcasting / communication cooperation application.
  • Table 3 shows the rules for getAITInfo ().
  • getAITInfo () is an API for acquiring the latest AIT information included in the service being received.
  • HTML5 [3.5.3 HTML5] [3.5.3.1 Description method]
  • the receiver supports HTML5 as a description method of a presentation engine type application provided from communication.
  • the following are supported as JavaScript (registered trademark) APIs.
  • JavaScript registered trademark
  • those being studied by W3C include Working Draft (WD) or Editor's Draft (ED).
  • the API related to the data carousel transmitted by the broadcast wave is not essential.
  • the HTML5 browser of the receiver is JavaScript (registered trademark) processing system, Web Workers (W3C Working Draft 08 Feb. 2011), Widget Interface (W3C Working Draft 3 Feb. 2011), HTML Canvas2D Context (W3C Editor's Draft 28 Feb. 2011) ) Function. Web Workers supports multitasking, Widget Interface supports independent applications, and HTML Canvas 2D Context is necessary to support 2D vector graphics.
  • ARIB-J The receiver supports ARIB-J as a description method of an application execution engine type application provided from communication. Further, DVB Bluebook A153 (GEM Media Synchronization API) is used as a synchronization API between a plurality of streams.
  • GEM Media Synchronization API GEM Media Synchronization API
  • the name space is a character string description rule for specifying the positions of various resources such as video / audio contents, applications, monomedia files, and the like that are handled on the server or in the receiver. Namespace notation for referring to various resources used in section 3.5.2 and after is specified for each classification.
  • the resources include resources on the Internet server, resources on the application cache, and broadcasting resources.
  • the resources on the Internet server include stream resources such as VOD contents, and file resources such as applications and other resources referred to by applications.
  • Broadcast resources include stream resources such as programs being broadcast, past and future programs, and carousel resources such as modules and event messages.
  • the broadcasting / communication cooperation interface includes the following interfaces.
  • getRunningApplications Acquires information on applications being executed.
  • the return value of getRunningApplications includes apps [] and application_id and running_level for each application.
  • apps [] a list of running applications is set.
  • application_id an application ID is set, and is null when the application is a general application (unofficial application).
  • running_level an execution level (authentication result and viewer setting state) is set. From a security point of view, information that can be acquired for other applications should be restricted.
  • queryApplicationInfo Acquires information about the specified application.
  • getProgramInfo Acquires information on the broadcast being received. Return values are tuner_state, network_id, ts_id, orig_ts_id, service_id, event_id, and content_id. In tuner_state, a value indicating the reception state is set.
  • getEPGInfo Acquires various information in the EIT (+ SDT) of the broadcast being received.
  • saveApplicationToCache Saves the application file on the server in the cache.
  • queryApplicationInCache Search for an application file (application program) in the cache.
  • the arguments of queryApplicationInCache () are application_id, getDSMCCModule (), addBroadcastSignalListener (), and getListFromHybridcastMenu ().
  • application_id an application ID issued from the certification authority is set.
  • getDSMCCModule () acquires the specified module from the broadcast wave.
  • addBroadcastSignalListener registers a listener that monitors updates of SI, emergency information, carousel, and event messages.
  • getListFromHybridcastMenu acquires a list of top menu applications.
  • the return values of queryApplicationInCache () are user_apps [], broadcaster_apps [], and vendor_apps [].
  • addApplicationToHybridcastMenu Adds an application to the top menu.
  • getKeyFromBroadcast Acquires key information for limited server access from broadcasting.
  • querySupportedFunction Queries the application browser function. This is used for the purpose of checking whether the function / API is available.
  • the BroadacastSignalListener interface is a listener interface for monitoring SI, emergency information, carousel, and event messages acquired from broadcasting. This interface event also occurs when the associated organization service is changed during bound application execution.
  • the LocalDatabase interface is an interface for holding and managing viewer information in the receiver.
  • the viewer information is information that should not be output to the server side such as personal information, and is minimum information such as a viewer ID and a receiver ID.
  • SynchronizationManager interface As a SynchronizationManager interface, an API similar to DVB Bluebook A153 (GEM Stream Synchronization API) is introduced. Further, the following interface is added as an API.
  • getCurrentSTC Acquires the current STC (System Time Clock) value.
  • STC System Time Clock
  • the system clock (STC) on the receiver side is multiplexed and distributed as a PCR (Program Clock Reference) signal in the MPEG2 transport stream so that the system clock (STC) inside the receiver is transmitted on the transmission side.
  • STC System Time Clock
  • getCurrentPositionInProgram Acquires the elapsed time from the start of the program.
  • delayStreamPresentation Starts delay presentation of the broadcast stream being presented.
  • getCurrentDelay Acquires the delay time amount (from the original presentation time) of the broadcast stream being presented.
  • [3.6.6 SecurityException interface] An interface for exceptions that occur when an application makes function calls and property operations that are prohibited at the current execution level.
  • the SecurityException interface is generated by calling each of the above APIs or by various operations on an object ( ⁇ video> for HTML5 or OO Controller for ARIB-J) that refers to a broadcast.
  • the receiver of the broadcasting / communication cooperation system includes an application launcher as a receiver function.
  • the application launcher is used to start an application stored in the receiver, to select an independent application from a known repository, and to select an application whose control code is “PRESENT” among applications whose start instructions are described by the AIT.
  • FIG. 12 shows an application management model in the broadcasting / communication cooperation system.
  • the “A application” is assured of the operation expected in the specifications of the broadcasting / communication cooperation system.
  • the “A application” is given an ID and signature at the time of registration, and the signature is verified by the secure manager defined in section 2.2 at the receiver, enabling access to all APIs, and program linkage using broadcast resources Service can be performed.
  • the AIT transmitted from the broadcaster enables fine presentation control according to the broadcaster's requirements.
  • the “general application” does not need to be registered in advance, but the operation expected in the specifications of the broadcasting / communication cooperation system is not guaranteed, and the broadcasting-related API cannot be handled from the application. Since “general application” is not assigned an ID and signature, it is difficult to specify individual applications, but it is possible to execute the application with presentation restrictions based on the requirements of the broadcaster.
  • FIG. 13 shows a functional model of the secure manager.
  • the secure manager is a function that comprehensively manages security in the receiver.
  • a application As described above, applications that run on the receiver are roughly classified into two types, “A application” and “general application”, depending on the distribution form of application files. “A application” and “general application” are distinguished according to the presence or absence of an ID and signature as shown in section 4.1, and the API access range in the receiver and the control range from the broadcaster are different. The operation contents of are different.
  • the purpose of the application monitoring / control function is to identify the difference between the types of the A application and the general application, and to reliably control the operation at the time of executing the application.
  • Application authentication The receiver identifies either an A application or a general application for all applications to be executed, and further identifies an ID for an A application.
  • the A application or the general application is distinguished by confirming the presence or absence of a signature attached to the application file (application program). If the application is an A application, the receiver further acquires an application ID described in the signature. Application identification is performed when an application is acquired or activated.
  • Screen presentation control described later in section 4.3.
  • Resource access control The receiver performs access control to APIs such as broadcast resources of the application being executed. When an application tries to access an API, if the application is a general application, the access is restricted by the type of API.
  • screen presentation control is executed based on the type of the A application or the general application and the presentation policy of the selected broadcaster. Details will be described later in section 4.3.
  • (4) Revocation An application revocation function is provided.
  • the receiver has protection functions such as viewer information protection and virus countermeasures.
  • FIG. 14 is a diagram showing the concept of the screen presentation control method.
  • the screen presentation control method is intended to reflect the broadcaster's presentation policy on how to display the communication application on the screen for each broadcast program on the receiver. This is called control.
  • presentation control in units of programs according to composition, presentation control for events occurring in a program such as an earthquake early warning, and presentation control in units of applications are realized.
  • FIG. 15 is a diagram illustrating a basic operation model of screen presentation control.
  • the method of presenting the communication content for the broadcast program which is assumed in advance by the broadcaster, is managed as a presentation rule by the receiver.
  • levels are classified according to the order of superposition and the difference in arrangement, and a table of presentation levels (policy levels) and presentation methods is held in the receiver as presentation rules.
  • the broadcaster multiplexes and transmits the designated presentation level to the broadcast wave, and the receiver collates the presentation level with the presentation rules to determine the presentation method. Thereby, presentation control based on the presentation policy of the broadcaster can be realized.
  • EIT program genre The policy level is determined from the program genre described in the existing EIT content descriptor. For this purpose, the receiver manages a correspondence table between program genres and policy levels.
  • the relationship with the ARIB standard is ARIB STD-B10, Part 2, 6.2.4, Appendix H.
  • Table 4 is a table showing a specific example of the relationship between the program genre and the policy level.
  • the program genre (program_genre) is composed of two stages of “content_nibble_level1” (0x0 to 0xF) representing the major classification and “content_nibble_level2” (0x0 to 0xF) representing the middle classification.
  • the table managed by the receiver covers the genre of the middle category, and defines a policy level value.
  • EIT + New descriptor added to EIT: A new descriptor is added to the event information section of EIT, and policy information is described. The receiver interprets this descriptor and executes a desired process, thereby realizing control according to the policy level for each program.
  • the relationship with the ARIB standard is ARIB TR-B14 (second volume), Part 3 31.3, ARIB STD-B10 Volume 2, 5.2.7.
  • Table 5 is a table showing the structure of the event security descriptor.
  • the event security descriptor shown in the figure is newly defined, and this event security descriptor is stored in the descriptor area in the EIT and transmitted.
  • a policy level policy level
  • an application ID application_identifier
  • a control code application_control_code
  • a priority application_priority
  • protocol identification protocol_id
  • program related flag associated_application_flag
  • policy_level represents a policy level in units of programs.
  • the policy level is a value from 1 to 4.
  • application_identifier () is an identifier for identifying an application.
  • Table 6 shows the structure of application_identifier ().
  • Organization_id represents the organization that created the application and takes a value of 0x00000063 or later.
  • application_id represents a number for identifying an application. application_id is uniquely assigned within the organization identification.
  • Application_control_code specifies the control code that controls the application state. Table 7 shows the definition of the control code.
  • Application_priority indicates the policy level for each application.
  • the policy level for each application indicates the relative priority among the applications announced in the service.
  • the priority is a value from 1 to 4.
  • Protocol_id indicates the protocol for transmitting the application file.
  • Table 8 shows the protocol_id specification.
  • Associated_application_flag indicates whether the application is linked to the program.
  • Table 9 shows the protocol_id specification.
  • AIT table definition and addition of new descriptor (AIT +): AIT is extended to transmit policy information. The receiver interprets this table and executes a desired process, thereby realizing control corresponding to a policy level for an event that occurs at any time.
  • the relationship with the ARIB standard is ARIB STD-B23 Part 2 10.16.
  • Table 10 shows the data structure of AIT.
  • the AIT shown in Table 10 is an extension of the AIT data structure defined by ARIB STD-B23.
  • AIT describes a policy level, an application ID, and a control code.
  • the AIT is transmitted in the section format, and is always transmitted while the event is continuing.
  • the application ID is described in application_identifier (), and the control code is described in application_control_code. These details are the same as those described in (2) EIT extension.
  • a new security policy descriptor is defined and stored in the AIT common descriptor loop for transmission.
  • Table 11 shows the structure of a newly defined security policy descriptor.
  • EWS / EEW Emergency warning broadcasting and emergency earthquake warning
  • the policy level is determined using emergency information transmitted from a broadcasting station. In the receiver, correspondence between emergency information and policy level is assumed in advance. If it is emergency warning broadcast, the emergency flag broadcast start flag of TMCC is monitored. The occurrence and termination of emergency information is detected, and the policy level at that time can be determined.
  • the relationship with the ARIB standard is ARIB STD-B31 3.15 and ARIB-STD-B24 Volume 1, Part 3, Chapter 9.
  • each of the above methods (1) to (4) can be sent simultaneously in parallel. Therefore, it is necessary to determine which method is used to prioritize what is sent and determine the policy level.
  • the priority order is as follows.
  • the receiver can determine the policy level based on this priority order, thereby enabling screen presentation control that prioritizes emergency events based on the broadcaster's intention.
  • FIG. 16 shows an example of screen presentation control according to the policy level.
  • the policy level of the program is “1”
  • both the application screen of the application screen of the A application and the application screen of the general application are permitted to be superimposed on the broadcast screen.
  • the policy level of the program is “2”
  • only the A application is permitted to be superimposed on the broadcast screen, and the application screen of the general application is prohibited from being superimposed on the broadcast screen. Only display of is allowed.
  • the policy level of the program is “3”, the display of both the application screen of the A application and the application screen of the general application is permitted, but superimposition on the broadcast screen is prohibited for all application screens. Only display outside the screen is allowed.
  • the policy level is “4”, only the full screen display of the broadcast screen is permitted.
  • FIG. 17 shows an example of presentation control when receiving an earthquake early warning.
  • the program policy level of program A is “1”
  • the application screen of application A and the application screen of general application are displayed superimposed on the broadcast screen.
  • the receiver determines that the policy level in the time zone in which the earthquake early warning is generated in the broadcast time zone of program A is the policy level “4” of the emergency earthquake early warning. Therefore, even if the receiver is in the broadcast time zone of the program A, the application screen of the A application and the application screen of the general application are superimposed on the broadcast screen in the time zone in which the earthquake early warning is generated. Prohibit alignment.
  • FIG. 18 is an overall configuration diagram of a broadcasting / communication cooperation system according to an embodiment of the present invention.
  • the broadcasting / communication cooperation system of the present embodiment includes a broadcaster apparatus 1 owned by a broadcasting station, a service provider server group 2 held by a service provider, and a repository server 3 held by a system administrator. And a receiver 4 held by the viewer. Although only one receiver 4 is shown in the figure, a plurality of receivers 4 are actually provided.
  • the broadcast provider apparatus 1 includes a broadcast transmission apparatus 11 and a broadcast station server group 12.
  • the broadcast sending apparatus 11 corresponds to the broadcasting station equipment shown in FIG. 3, and is a broadcasting equipment for digital broadcasting composed of a program organization equipment, a program sending equipment, a transmission equipment, and the like.
  • the broadcast transmission apparatus 11 includes a broadcast-related data management unit 111, a signal setting unit 112, and a broadcast transmission unit 113.
  • the broadcast-related data management unit 111 manages program security policy data for each program, application security policy data for the A application, other policy data, and the like.
  • the program security policy data includes policy level data indicating a policy level of the program, an application ID of an application bound to the program, a control code for the application bound to the program, and the like.
  • the application security policy data includes information for identifying a program to which the application is bound, application protocol identification, location information, and the like.
  • the location information indicates the storage location (storage location) of the application, and is, for example, the URL of the receiver application server 21 or the repository server 3 that can download the application.
  • the protocol identification indicates whether the application is transmitted by broadcast or communication. Only the A application is bound to the program.
  • the policy data includes presentation rule data and a policy level table.
  • the presentation rule data is data describing a presentation method for each policy level.
  • the presentation method includes a screen display method and an audio output method.
  • As the screen display method for example, only the broadcast screen (video of the program) is displayed.
  • the application screen video of the application
  • the audio output method include a method of outputting only the sound of the broadcast program, and outputting the sound of the broadcast program and the sound of the A application or the general application independently or in combination.
  • the policy level table is data describing the policy level corresponding to the genre of the program and the policy level of each event. An event is the content of a broadcast that does not necessarily occur in conjunction with a program, such as an emergency warning signal or an earthquake early warning.
  • the signal setting unit 112 sets various data in the broadcast signal transmitted by the broadcast sending unit 113.
  • the signal setting unit 112 sets AIT and program policy level data for a broadcast signal based on program security policy data and application security policy data managed by the broadcast-related data management unit 111.
  • the signal setting unit 112 multiplexes the AIT of the application bound to the program as an independent ES on the broadcast signal (broadcast TS) or sets it in the data carousel.
  • the signal setting unit 112 sets information equivalent to the AIT of the application bound to the program in the EIT.
  • the signal setting unit 112 sets the policy level data of the program to EIT (Table 5) or AIT (Table 11).
  • the signal setting unit 112 sets the application file to a data carousel or the like.
  • the signal setting unit 112 sets the policy data managed by the broadcast-related data management unit 111 to a broadcast signal in a section format, or to an engineering service or a data carousel.
  • the broadcast sending unit 113 transmits a broadcast signal for digital broadcasting.
  • the broadcast signal includes information set by the signal setting unit 112.
  • the broadcast station server group 12 corresponds to the broadcast station server group shown in FIG. 3, and includes a content management server 13, a content distribution server 16, a broadcast station service server 17, and a notification server 18.
  • the content management server 13 includes a program management server 14 and a metadata management server 15.
  • the program management server 14 manages already broadcasted programs and broadcasted programs.
  • the metadata management server 15 manages metadata regarding each program.
  • the metadata includes, for example, program title, program ID, program outline, performer, broadcast date and time, script, caption, and commentary data.
  • the content distribution server 16 is connected to the receiver 4 via the communication network 9 such as the Internet, and distributes content data of the content requested from the receiver 4.
  • the broadcast station service server 17 transmits the content data of the broadcast station service to the service provider server group 2. Examples of broadcasting station services include social network services and blog services.
  • the notification server 18 is connected to the receiver 4 via the communication network 9 and is bound to the program based on the program security policy data and the application security policy data acquired from the broadcast-related data management unit 111 of the broadcast transmission device 11.
  • the application AIT (FIG. 6) and the policy level data of the program are distributed to the receiver 4.
  • the notification server 18 distributes the policy data acquired from the broadcast-related data management unit 111 of the broadcast transmission device 11 to the receiver 4. Note that all or part of the information may not be distributed from the notification server 18 and may be transmitted by the broadcast sending unit 113 of the broadcast sending device 11 using only the broadcast signal.
  • the service provider server group 2 corresponds to the service provider server group shown in FIG. 3 and includes a receiver application server 21, a service server 22, a content distribution server 23, and a notification server 24.
  • the receiver application server 21, service server 22, content distribution server 23, and notification server 24 are connected to the receiver 4 via the communication network 9.
  • the receiver application server 21 manages each application and distributes application files to the receiver 4.
  • the service server 22 is, for example, a multilingual subtitle server, a speech speed conversion voice server, a social TV server, a recommendation server, a bookmark server, and the like, and distributes content data of a service requested from the receiver 4.
  • the content distribution server 23 is, for example, a VOD distribution server, a caption distribution server, or a multi-view distribution server, and distributes content data of content requested from the receiver 4.
  • the notification server 24 transmits the application AIT (FIG. 6) to the receiver 4. In the case of the A application, the notification server 24 may transmit AIT (FIG. 6) based on the program security policy data and application security policy data acquired from the broadcast related data management unit 111 of the broadcast transmission device 11.
  • the repository server 3 corresponds to the repository shown in FIG. 3 and is connected to the receiver 4 via the communication network 9.
  • the repository server 3 performs an electronic signature on an application file (application program) generated by the service provider, and transmits data necessary for authenticating the electronic signature of the application file (application program) to the receiver 4. Further, the repository server 3 transmits data indicating a list of A applications and location information of the A applications to the receiver 4.
  • the repository server 3 may transmit the application file of the A application that is digitally signed to the receiver 4, and the receiver application server 21 receives and receives the application file of the A application that is digitally signed from the repository server 3. You may transmit to the machine 4. Further, the repository server 3 may transmit the AIT of the A application to the receiver 4. Further, the repository server 3 receives the AIT (FIG. 6) of the A application bound to the program based on the program security policy data and the application security policy data received from the broadcast related data management unit 111 of the broadcast transmission device 11. 4 may be transmitted.
  • AIT FIG. 6
  • the receiver 4 corresponds to the receiver shown in FIG. 3, and is a device such as a television receiver, a set top box, a personal computer, or a portable terminal.
  • FIG. 19 is a functional block diagram showing the internal configuration of the receiver 4.
  • the receiver 4 includes a broadcast receiving unit 401, a separating unit 402, a clock 403, a first synchronization buffer 404-1, a second synchronization buffer 404-2, a first decoder 405-1, 2 decoder 405-2, data broadcast execution unit 406, video control unit 407, video display unit 408, audio control unit 409, audio output unit 410, communication input / output unit 411, application execution control unit 412, presentation control unit 413, operation
  • An input unit 414, a channel selection unit 415, a local information storage unit 416, and an external I / F unit 417 are configured.
  • the broadcast receiving unit 401 is a tuner that receives a broadcast signal.
  • the broadcast signal is either a wireless broadcast signal or a wired broadcast signal.
  • a radio broadcast signal is a signal obtained by receiving a broadcast radio wave (ground wave) transmitted by a transmission antenna on the broadcast station side or a satellite wave relayed by a satellite with a reception antenna.
  • the wired broadcast signal is a signal transmitted from the broadcast station side via an optical cable, a coaxial cable, or the like.
  • the broadcast receiving unit 401 receives a broadcast signal, demodulates it, and outputs a broadcast stream (TS).
  • TS broadcast stream
  • the demultiplexing unit 402 is a demultiplexer, which converts a broadcast stream supplied from the broadcast receiving unit 401 into PCR (Program Clock Reference), video data, audio data, subtitle data, data broadcast, PSI (Program Specific Information) / SI (SI). Service Information) and AIT transmitted in an independent elementary stream (ES).
  • the AIT may be included in the data broadcast, or the same content as the AIT may be set in the EIT constituting the SI.
  • the separation unit 402 may separate and output the application file from the broadcast signal.
  • the communication input / output unit 411 inputs and outputs data through communication via the communication network 9.
  • the communication input / output unit 411 outputs the AIT and application file transmitted via the communication network 9 to the application execution control unit 412. Further, the communication input / output unit 411 outputs the policy level data and policy data of the program transmitted via the communication network 9 to the presentation control unit 413.
  • the communication input / output unit 411 communicates content data distributed from the content distribution server 16 and the content distribution server 23 and content data distributed from the service server 22 in accordance with an instruction of an application executed by the application execution control unit 412. The data is received via the network 9 and output to the second synchronization buffer 404-2.
  • the operation input unit 414 is an interface that receives an operation by the viewer, and is, for example, a receiving device that receives information input by the viewer from a remote controller, a mobile phone, a tablet terminal, or the like, a keyboard, a mouse, or the like.
  • the operation input unit 414 outputs media (terrestrial / BS) and channel selection instructions input by the viewer to the channel selection unit 415.
  • the operation input unit 414 outputs instructions for starting and ending the broadcasting / communication cooperation service and instructions for the application to the application execution control unit 412.
  • the channel selection unit 415 controls media and channels received by the broadcast reception unit 401 in accordance with the operation input to the operation input unit 414.
  • the data broadcast execution unit 406 executes the data broadcast application transmitted by the digital broadcast signal, and outputs data (graphic) data of the data broadcast to the video control unit 407.
  • the data broadcast execution unit 406 includes an API for starting an application of the broadcast communication cooperation service. When the data broadcast execution unit 406 executes the data broadcast application and an API for starting the application of the broadcast communication cooperation service is called, the data broadcast execution unit 406 instructs the application execution control unit 412 to start the application. Further, the data broadcast execution unit 406 acquires the AIT and application file transmitted by the data carousel from the data broadcast and outputs them to the application execution control unit 412. Further, the data broadcast execution unit 406 acquires the policy data transmitted by the data carousel from the data broadcast and outputs it to the presentation control unit 413.
  • the application execution control unit 412 executes an application of the broadcasting / communication cooperation service.
  • the application execution control unit 412 instructs the second decoder 405-2 to decode the content data received from the content distribution server 16, the content distribution server 23, or the service server 22 in accordance with the application being executed.
  • the content data includes one or both of video data and audio data.
  • the video data is, for example, a moving image, a still image, text data, or the like.
  • the application execution control unit 412 outputs graphic (video) data and video control instructions to the video control unit 407 and outputs audio data and voice control instructions to the audio control unit 409 according to the application being executed.
  • the clock 403 outputs a timer counter value.
  • the clock 403 adjusts the frequency of the oscillator according to the timer counter value indicated by the PCR, and synchronizes the time with the broadcast transmission side.
  • the first synchronization buffer 404-1 stores video data, audio data, and caption data output from the separation unit 402.
  • a PES Packetized Elementary Stream
  • ES elementary stream
  • TS broadcast stream
  • the PES header includes PTS (Presentation Time Stamp).
  • the first synchronization buffer 404-1 outputs the video data, audio data, and caption data output from the separation unit 402 in units of PES packets according to the instruction of the first decoder 405-1.
  • the second synchronization buffer 404-2 stores the content received by the communication input / output unit 411 and the content data of the service. Alternatively, the second synchronization buffer 404-2 stores video data, audio data, and caption data output from the separation unit 402 in accordance with the viewer's instruction input from the operation input unit 414. The second synchronization buffer 404-2 outputs the stored content data or video data, audio data, and caption data of the program in units of PES packets according to the instruction of the second decoder 405-2.
  • the first decoder 405-1 identifies the PES packet in the first synchronization buffer 404-1 in which the PTS corresponding to the time output from the clock 403 is set, and the video data encoded from the identified PES packet Audio data and subtitle data are read, and the read data are decoded and output.
  • the second decoder 405-2 identifies the content data or the PES packet of the program in the second synchronization buffer 404-2 in which the PTS corresponding to the time output from the clock 403 is set, and from the identified PES packet The encoded video data, audio data, and subtitle data are read, and the read data are decoded and output.
  • the presentation control unit 413 determines the presentation method (screen display method and audio output method) according to the policy level of the selected program or the policy level of the event that is occurring and the presentation rule data.
  • the presentation control unit 413 instructs the video control unit 407 to display the broadcast screen, the application screen of the A application, and the application screen of the general application according to the determined screen display method.
  • the presentation control unit 413 instructs the audio control unit 409 to output the sound based on the broadcast sound data, the sound based on the sound data of the A application, and the sound based on the sound data of the general application according to the determined sound output method. .
  • the video control unit 407 includes a broadcast screen based on the video data and subtitle data of the program output from the first decoder 405-1, and an A application based on the video data of the content data output from the second decoder 405-2,
  • the application screen of the application is displayed on the video display unit 408 according to the screen display method instructed from the presentation control unit 413 or the application execution control unit 412.
  • graphic (video) data is output from the application execution control unit 412 by executing the application
  • the video control unit 407 displays the video according to the screen display method instructed from the presentation control unit 413 or the application execution control unit 412.
  • a display screen based on the data is also displayed on the video display unit 408.
  • the second decoder 405-2 may output video data and subtitle data of other programs.
  • the video display unit 408 is a general display, and displays broadcast and application screens.
  • the video display unit 408 displays an application screen such as a moving image, a still image, text of content data received from the communication network 9, a graphic output from the application execution control unit 412 by executing the application, Alternatively, a video that combines broadcast screens of other programs is displayed.
  • the audio control unit 409 includes the audio based on the audio data of the program output from the first decoder 405-1, the audio of the A application and the general application based on the audio data of the content data output from the second decoder 405-2.
  • the voice based on the voice data output from the application execution control unit 412 by executing the application is output from the voice output unit 410 according to the voice output method instructed by the presentation control unit 413 or the application execution control unit 412.
  • the second decoder 405-2 may output audio data of another program.
  • the audio output unit 410 is a general speaker and outputs broadcast and application audio.
  • the local information storage unit 416 stores various data such as user information.
  • An external interface unit (hereinafter referred to as “external I / F unit”) 417 transmits and receives data to and from the device 8 connected to a home network such as a LAN (Local Area Network).
  • the device 8 is a terminal that operates in cooperation with the receiver 4, and is, for example, a personal computer, a mobile phone, a tablet, a smartphone, or a PDA.
  • the video display unit 408 and the audio output unit 410 are external devices connected to the receiver 4.
  • FIG. 20 is a block diagram illustrating a detailed configuration of the application execution control unit 412.
  • the application execution control unit 412 includes an application storage unit 431, an application authentication unit 432, an application management unit 433, an application control unit 434, an application execution unit 435, a resource access control unit 438, and a resource control unit 439. Prepare.
  • the application storage unit 431 is an application file received by the communication input / output unit 411 via the communication network 9, or an application file acquired from the data broadcast by the data broadcast execution unit 406, or separated from the broadcast signal by the separation unit 402. Store application files.
  • the application file may be stored in the application storage unit 431 in advance at the time of shipment.
  • the application storage unit 431 includes a main storage device and an auxiliary storage device such as a disk.
  • an application file is stored on a disk and read to the main storage device at the time of execution.
  • the application file of the application executed on-the-fly is not stored in the disk but is stored only in the main storage device, and is deleted from the main storage device when the execution is completed.
  • the application authentication unit 432 receives data necessary for authentication of the electronic signature from the repository server 3, and verifies the electronic signature added to the application file (application program) using the received data. For example, the application authentication unit 432 uses the public key received from the repository server 3 to decrypt the application file that has been digitally signed. As a result, when a predetermined data string is obtained, the application authentication unit 432 determines that the verification of the electronic signature has succeeded. When the verification of the electronic signature is successful, the application authentication unit 432 determines that the application is an A application. When the verification of the electronic signature is unsuccessful, or when the electronic signature is not added, the application authentication unit 432 determines that the application is a general application. to decide.
  • the application management unit 433 manages the activation or stop state of the application by the application execution unit 435 and the output status of the activated application.
  • the output status is information indicating whether an image or sound is output from a running application.
  • the application management unit 433 returns the output status of the activated application and a response indicating whether the activated application is an A application or a general application.
  • the application control unit 434 controls the start and stop of the application in the application execution unit 435 according to the control code for the application bound to the program and the instruction for the application input by the operation input unit 414. In addition, the application control unit 434 instructs the application execution unit 435 to start the application that is instructed to start from the data broadcast execution unit 406. When the channel is changed according to the input from the operation input unit 414, the application control unit 434 terminates the application bound to the program of the channel before the change and the application bound to the program of the channel after the change. The application execution unit 435 is instructed to start.
  • the application control unit 434 is equivalent to the application bound to the program and the control code for the bound application as the independent ES of the broadcast signal or the AIT included in the data broadcast and the AIT obtained from the EIT of the broadcast signal. Or from the AIT received from the notification server 18 or the notification server 24 via the communication input / output unit 411. In addition, the application control unit 434 transmits an application file download request with the location information set in the AIT as a destination.
  • the repository server 3 or the receiver application server 21 that has received the download request from the receiver 4 distributes the application file to the receiver 4.
  • the application execution unit 435 includes a receiver API unit 436 and a terminal cooperation API unit 437.
  • the application execution unit 435 reads the application program of the application instructed to start from the application storage unit 431 and executes it.
  • the application execution unit 435 executes the application program
  • the application operates on the receiver 4, and the application execution unit 435 requests content from the content distribution server 16 and the content distribution server 23 via the communication network 9. Or request a service from the service server 22.
  • the application execution unit 435 outputs graphic data and video control instructions to the video control unit 407 and outputs audio data and voice control instructions to the audio control unit 409.
  • the receiver API unit 436 executes a receiver API that is an API for using each resource in the receiver 4 when the application execution unit 435 executes the application.
  • the receiver API unit 436 executes the receiver API, the resources in the receiver 4 can be used from the application program executed by the application execution unit 435.
  • the terminal cooperation API unit 437 is an API that allows the device 8 on the home network that can communicate with the external I / F unit 417 and the device connected via the communication network 9 to use the function of the receiver 4. Execute cooperative API. When the terminal cooperation API unit 437 executes the terminal cooperation API, resources in the receiver 4 can be used from a device 8 connected via the home network or a device connected via the communication network 9.
  • the resource control unit 439 controls access from the receiver API unit 436 and the terminal cooperation API unit 437 to each functional unit that is a resource in the receiver 4.
  • the resource access control unit 438 controls whether access from the receiver API unit 436 and the terminal cooperation API unit 437 to each functional unit in the receiver 4 is permitted.
  • the resource access control unit 438 performs this control according to whether the application that is the caller of each API executed by the receiver API unit 436 or the terminal cooperation API unit 437 is an A application or a general application.
  • FIG. 21 is a block diagram illustrating a detailed configuration of the presentation control unit 413.
  • the presentation control unit 413 includes a policy data management unit 451, a policy data storage unit 452, an event interpretation unit 453, a policy level collation unit 454, an event control unit 455, a program policy storage unit 456, and a policy mediation unit. 457 and a policy level storage unit 458.
  • the policy data storage unit 452 stores policy data including presentation rule data and a policy level table.
  • the policy data management unit 451 manages policy data stored in the policy data storage unit 452.
  • the policy data management unit 451 outputs the policy level table read from the policy data storage unit 452 to the policy level verification unit 454, and outputs the presentation rule data read from the policy data storage unit 452 to the policy arbitration unit 457.
  • the policy data management unit 451 receives the policy data transmitted by broadcasting from the separation unit 402 or the data broadcast execution unit 406, and receives the policy data transmitted by communication from the communication input / output unit 411.
  • the policy data management unit 451 updates the policy data stored in the policy data storage unit 452 with the policy data transmitted by broadcasting or communication.
  • the event interpreter 453 analyzes the broadcast signal received by the broadcast receiver 401, the data broadcast and subtitle data separated by the separator 402, and detects the occurrence or end of the event. When the event interpretation unit 453 detects (interprets) the occurrence or end of an event, the event interpretation unit 453 outputs the event number of the detected event and status data indicating the occurrence or end to the policy level matching unit 454.
  • the policy level checking unit 454 refers to the policy level table to determine (check) the policy level corresponding to the genre of each program indicated by the EIT and the policy level corresponding to the event specified by the event number.
  • the policy level collating unit 454 includes the broadcast start time and broadcast end time data of the program acquired from the SI input from the separating unit 402 and the policy level of the program (hereinafter referred to as “program policy level”). Output to the event control unit 455.
  • program policy level is set to EIT
  • the policy level verification unit 454 sends the program start level and end time data of the program and the program policy level of the program acquired from the EIT to the event control unit 455. Output.
  • the policy level matching unit 454 acquires the program policy level from the AIT
  • the policy level matching unit 454 outputs the acquired program policy level to the policy mediation unit 457. Further, the policy level matching unit 454 outputs the policy level determined in accordance with the event number (hereinafter referred to as “trigger policy level”) to the policy arbitration unit 457.
  • the program policy storage unit 456 stores the program start time and program end time in association with the program policy level.
  • the event control unit 455 writes the program start time and program end time data input from the policy level matching unit 454 and the program policy level in association with each other and writes them in the program policy storage unit 456, and stores them in the program policy storage unit 456. Based on these information, the time for executing the display control is managed.
  • the event control unit 455 refers to the program start time data stored in the program policy storage unit 456 and detects that the execution time is to be notified, the event control unit 455 corresponds to the execution time and the execution time.
  • the program policy level is output to the policy mediation unit 457.
  • the policy level storage unit 458 stores the execution time and program policy level, trigger policy level, and status data input to the policy arbitration unit 457.
  • the policy arbitration unit 457 determines a policy level from the execution time and program policy level input from the event control unit 455 and the trigger policy level input from the policy level collation unit 454.
  • the trigger policy level may be determined as the policy level, and the higher one of the program policy level and the trigger policy level may be determined as the policy level.
  • the policy mediation unit 457 When the program policy level acquired by the AIT is input from the policy level verification unit 454, the policy mediation unit 457 is input from the policy level verification unit 454 rather than the program policy level input from the event control unit 455. Prioritize program policy level. That is, the policy mediation unit 457 determines the policy level from the program policy level obtained from the AIT and the trigger policy level.
  • the policy arbitration unit 457 refers to the presentation rule data, and determines the screen display method and sound based on the determined policy level, information indicating whether the active application acquired from the application management unit 433 is an A application, and the output status. Determine the output method (presentation method).
  • the policy arbitration unit 457 outputs the determined screen display method to the video control unit 407, and outputs the determined audio output method to the audio control unit 409.
  • FIG. 22 is a diagram showing a table structure of the security level table 4331 shown in FIG.
  • the security level table 4331 has a table structure in which the application ID output from the application authentication unit 432 is associated with the security level information and stored. Since the security level information output from the application authentication unit 432 is information indicating that the security level is “high” and the security level is “low”, the application management unit 433 is a natural number in order from the higher security level. And is stored in the security level table 4331. In the example of FIG.
  • the security level of the application whose application ID is “AP01” is “1” indicating that it is “high”, and similarly, the security level of the application whose application ID is “AP02” is “low”. It becomes level “2” indicating this.
  • the security level table 4331 is added each time an application file is stored in the application storage unit 431. When the application file is deleted from the application storage unit 431, the security level of the corresponding application ID is also deleted from the security level table 4331.
  • FIG. 23 is a diagram showing a table structure of the execution availability table 4342 shown in FIG.
  • the execution permission / prohibition table 4342 is previously associated with information indicating whether execution is possible for each identification information (function name) of the API in the API unit 4351 and for each security level (indicated simply as “level” in FIG. 23). Is remembered. For example, an API whose API identification information is “APIAAA” is information (0 or 1) indicating whether or not this API can be executed from an application whose security level is “1” or “2”. Are related. “0” means executable, and “1” means not executable.
  • APIAAAA means that it can be executed from an application having security levels “1” and “2”.
  • APIBBB means that it can be executed from an application having a security level “1”, but cannot be executed from an application having a security level “2”.
  • the application execution unit 435 shown in FIG. 1 executes the application 4352
  • the application execution unit 435 reads out the application file of the instructed application from the application storage unit 431 (step S1).
  • the application ID of the application is specified (step S2).
  • the application execution unit 435 outputs the identified application ID to the application management unit 433, and inquires about the security level corresponding to the application ID.
  • the application management unit 433 refers to the security level table 4331 and specifies the security level associated with the application ID output from the application execution unit 435.
  • the application management unit 433 returns the identified security level to the application execution unit 435 as an inquiry response.
  • the application execution unit 435 acquires this security level and stores it inside (step S3).
  • the application execution unit 435 executes the read application 4352 (step S4). Then, it is determined whether or not the application 4352 has ended (step S5). If it has ended, the execution ends.
  • the application execution unit 435 determines whether or not the API has been called while executing the application 4352 (step S6), and if the API is not executed, the application 4352 continues to be executed (step S4). On the other hand, when the API is called from the application 4352 and the API is ready to be executed, the application execution unit 435 specifies the identification information of the API called from the application 4352, and the identification information of the specified API. Then, the security level of the application 4352 held inside is output to the security management unit 434, and an inquiry is made as to whether or not the application 4352 can execute the API (step S7).
  • the security management unit 4341 refers to the execution enable / disable table 4342, and the API identification information output from the application execution unit 435 and the execution enable / disable information related to the security level (0 or 1). Is identified. Then, the security management unit 434 returns the specified execution availability information to the application execution unit 435 as an inquiry response.
  • the application execution unit 435 determines whether or not the called API can be executed based on the information on whether or not the execution is possible (step S8). If the result of this determination is that execution is possible (if the execution availability information is 0), the application execution unit 435 requests the API unit 4351 to execute the called API. In response, the API unit 4351 executes the requested API (step S9).
  • step S10 the application execution unit 435 repeatedly performs the application execution process until the application 4352 ends.
  • the execution of the API is restricted according to the security level of the application that called the API. Therefore, the control for restricting the execution of the predetermined function of the application executed in the receiver. It is possible to prevent unexpected troubles.
  • FIG. 25 is a diagram showing a modification of the execution availability table 4342 shown in FIG.
  • the difference between the execution availability table 4342 shown in FIG. 25 and the execution availability table 4342 shown in FIG. 23 is that an argument condition is provided.
  • three argument conditions are provided for “APIAAAA”, and two argument conditions are provided for “APIBBB”.
  • the argument condition is to change whether or not to execute depending on the value of the argument when calling the API. For example, in the example shown in FIG. 25, when the APIAA argument satisfies “0> argument”, it is stored that security level 1 is executable (0) and security level 2 is not executable (1). Yes.
  • security level 1 when the argument satisfies “0 ⁇ argument ⁇ X”, both security levels 1 and 2 can be executed (0), and when “X ⁇ argument” is satisfied, security level 1 can be executed (0). It is stored that security level 2 is not executable (1).
  • the security level table associated with the application ID and the security level and the execution availability table that defines execution availability for each API and for each security level of the application are provided.
  • the API is called from the application specified by the security level table, whether or not it can be executed is specified from the identification information of the API called the security level of the application, and the called API is executed only when it can be executed.
  • the application execution unit 435 inquires of the security management unit 4341 whether execution is possible when the API is called.
  • the API itself is the security.
  • the API unit 4351 may be configured to inquire the management unit 4341 whether execution is possible.
  • FIG. 26 is a diagram illustrating a schematic functional configuration of the receiver 40 according to the present embodiment.
  • the receiver 40 of this embodiment is different from the receiver 4 according to the first embodiment only in that a table update unit 4343 is provided in the application execution control unit 412. Therefore, in the configuration of the receiver 40 according to the present embodiment, the same components as those of the receiver 4 according to the first embodiment are denoted by the same reference numerals, and description thereof is omitted.
  • the table update unit 4343 of the receiver 40 will be described.
  • the table update unit 4343 is based on the execution availability table update information received by the communication input / output unit 411 via the communication network or the execution availability table update information acquired by the broadcast reception unit 401 from the data broadcast.
  • the execution propriety table 4342 included in is updated.
  • the execution availability table update information includes information on the execution availability table and version information on the execution availability table.
  • the version information is information for managing the generation of the executability table, and includes, for example, date information when a new executability table is generated.
  • the table update unit 4343 is stored in the server in order to connect to the service provider's server at predetermined time intervals (for example, one week) and check whether the execution availability table is updated.
  • the server The above executable table is downloaded as executable table update information.
  • the table update unit 4343 updates the execution availability table stored in the security management unit 4341 based on the downloaded execution availability table update information. As a result, the execution availability table 4342 and the version information of the execution availability table are updated.
  • the broadcast receiving unit 401 outputs the received update information of the execution availability table to the table update unit 4343 when receiving update information of the execution availability table broadcast by the service provider using the data broadcasting of the broadcasting station.
  • the table update unit 4343 updates the execution availability table stored in the security management unit 4341 based on the update information of the execution availability table output from the broadcast reception unit 401. As a result, the execution availability table 4342 and the version information of the execution availability table are updated.
  • the execution information associated with the application is executed when the application execution unit 435 executes the application by associating the version information of the execution availability table to be referenced with the application file stored in the application storage unit 431.
  • the application may be executable only when the version information of the availability table and the version information of the execution availability table 4342 stored in the security management unit 4341 are compared and matched. By doing in this way, it becomes possible to perform the control which suppresses execution of the application known to generate a malfunction.
  • the table update unit 4341 can update the execution availability table 4342 that defines whether or not APIs can be executed based on the intention of the service provider.
  • the service provider analyzes the cause of the problem and identifies the API that caused the problem.
  • the execution permission / rejection table so as to limit the API execution, it becomes possible to prevent the occurrence of problems, and the service provider can flexibly operate the service. Become.
  • each part with which the receiver 4 and the receiver 40 in 1st and 2nd embodiment mentioned above are provided may implement
  • Each unit included in the receiver 4 and the receiver 40 is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a computer system and executed.
  • Each process included in the process or the reception method may be performed.
  • the “computer system” includes an OS and hardware such as peripheral devices.
  • the “computer system” includes a function of providing information in the form of a so-called web page written in a markup language and a function of displaying the information on a browser.
  • “Recording medium” refers to a storage device having a non-temporary storage function. Examples include, but are not necessarily limited to, a non-portable medium such as a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a non-portable medium such as a hard disk built in a computer system. Absent.
  • the “recording medium” includes a volatile medium such as a DRAM or an SRAM like a volatile memory inside a computer system serving as a server or a client, but is not necessarily limited thereto.
  • the “recording medium” includes a medium that holds a program for a short time, such as a receiving / transmitting device or a transferring device when transmitting a program via a network such as the Internet or a communication line such as a telephone line, It is not necessarily limited to these.
  • the program may be a program for realizing a part of the functions described above, or may be a program that can be realized by combining the functions described above with a program already recorded in a computer system.
  • the present invention can be applied to services that link broadcasting and communication.
  • Broadcast transmission apparatus 11 Broadcast transmission apparatus 111 Broadcast related data management part 112 Signal setting part 113 Broadcast transmission part 12 Broadcasting station server group 13 Content management server 14 Program management server 15 Metadata management server 16 Content distribution server 17 Broadcasting station service server 18 Notification Server 2 Service Provider Server Group 21 Receiver Application Server 22 Service Server 23 Content Distribution Server 24 Notification Server 3 Repository Server 4 Receiver 401 Broadcast Receiving Unit 402 Separating Unit 403 Clock 404-1 First Synchronization Buffer 404-2 Second synchronization buffer 405-1 First decoder 405-2 Second decoder 406 Data broadcast execution unit 407 Video control unit 408 Video display unit 409 Audio control unit 410 Audio output unit 411 Communication input / output Unit 412 application execution control unit 413 presentation control unit 414 operation input unit 415 channel selection unit 416 local information storage unit 417 external I / F unit 431 application storage unit 432 application authentication unit 433 application management unit 4331 security level table 434 application control unit 4341 security Management unit 4342 Executability table 43

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

La présente invention se rapporte à un récepteur comprenant : une table de niveaux de sécurité, qui associe et enregistre des données d'identification et des données relatives à des niveaux de sécurité d'une application ; une table de possibilité d'exécution, qui associe et préenregistre des données de possibilité d'exécution sur la base du niveau de sécurité d'une application pour chaque ensemble de données d'identification d'API par rapport aux dites données d'identification ; et un module d'exécution d'application, qui spécifie des données d'identification d'une application exécutée, qui spécifie des données de niveaux de sécurité associées aux données d'identification de l'application en se référant à la table de niveaux de sécurité, qui se réfère à la table de possibilité d'exécution quand une API est appelée à partir de l'application exécutée, qui spécifie des données de possibilité d'exécution associées aux données d'identification de l'API appelée et à des données de niveau de sécurité de l'application, et qui exécute l'API appelée quand les données de possibilité d'exécution spécifiées sont des données qui indiquent la possibilité d'exécution.
PCT/JP2012/062858 2011-05-19 2012-05-18 Récepteur et procédé de réception WO2012157767A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2011-112750 2011-05-19
JP2011-112751 2011-05-19
JP2011112751 2011-05-19
JP2011112750 2011-05-19

Publications (1)

Publication Number Publication Date
WO2012157767A1 true WO2012157767A1 (fr) 2012-11-22

Family

ID=47177081

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/062858 WO2012157767A1 (fr) 2011-05-19 2012-05-18 Récepteur et procédé de réception

Country Status (1)

Country Link
WO (1) WO2012157767A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013157446A1 (fr) * 2012-04-19 2013-10-24 ソニー株式会社 Dispositif de réception, procédé de réception, dispositif d'émission, procédé d'émission, programme et système de gestion d'applications liées
WO2014045893A1 (fr) * 2012-09-20 2014-03-27 ソニー株式会社 Appareil de réception, procédé de réception, appareil de diffusion, procédé de diffusion, programme et système de commande d'application d'interverrouillage
JP5912175B2 (ja) * 2012-08-21 2016-04-27 ソニー株式会社 情報処理装置、情報処理方法、プログラムおよびサーバ装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007097439A1 (fr) * 2006-02-21 2007-08-30 Nec Corporation Systeme de controle d'execution de programme, procede de controle d'execution, programme informatique de controle d'execution
JP2009147808A (ja) * 2007-12-17 2009-07-02 Nippon Hoso Kyokai <Nhk> 送信装置およびそのプログラム、ならびに、受信装置およびapi実行プログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007097439A1 (fr) * 2006-02-21 2007-08-30 Nec Corporation Systeme de controle d'execution de programme, procede de controle d'execution, programme informatique de controle d'execution
JP2009147808A (ja) * 2007-12-17 2009-07-02 Nippon Hoso Kyokai <Nhk> 送信装置およびそのプログラム、ならびに、受信装置およびapi実行プログラム

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013157446A1 (fr) * 2012-04-19 2013-10-24 ソニー株式会社 Dispositif de réception, procédé de réception, dispositif d'émission, procédé d'émission, programme et système de gestion d'applications liées
EP2709372A1 (fr) * 2012-04-19 2014-03-19 Sony Corporation Dispositif de réception, procédé de réception, dispositif d'émission, procédé d'émission, programme et système de gestion d'applications liées
EP2709372A4 (fr) * 2012-04-19 2015-08-05 Sony Corp Dispositif de réception, procédé de réception, dispositif d'émission, procédé d'émission, programme et système de gestion d'applications liées
US9961409B2 (en) 2012-04-19 2018-05-01 Sony Corporation Reception device, reception method, broadcasting device, broadcasting method, and link application control system
JP5912175B2 (ja) * 2012-08-21 2016-04-27 ソニー株式会社 情報処理装置、情報処理方法、プログラムおよびサーバ装置
JP2016154363A (ja) * 2012-08-21 2016-08-25 ソニー株式会社 情報処理装置、情報処理方法およびプログラム
JP2018148568A (ja) * 2012-08-21 2018-09-20 サターン ライセンシング エルエルシーSaturn Licensing LLC 情報処理装置、情報処理方法およびプログラム
US10390066B2 (en) 2012-08-21 2019-08-20 Saturn Licensing Llc Information processing apparatus, information processing method, program, and server apparatus
WO2014045893A1 (fr) * 2012-09-20 2014-03-27 ソニー株式会社 Appareil de réception, procédé de réception, appareil de diffusion, procédé de diffusion, programme et système de commande d'application d'interverrouillage
JPWO2014045893A1 (ja) * 2012-09-20 2016-08-18 ソニー株式会社 受信装置、および受信方法
US10425699B2 (en) 2012-09-20 2019-09-24 Sony Corporation Controlling execution of an application linked with received contents

Similar Documents

Publication Publication Date Title
JP6271065B2 (ja) 受信機
JP5965723B2 (ja) 受信機
JP5586657B2 (ja) 受信機
JP6018799B2 (ja) 放送通信連携システム
JP2012257232A (ja) 受信機およびプログラム
JP2017216718A (ja) 受信機
JP2013009333A (ja) 受信機及び端末連携システム
WO2012157718A1 (fr) Récepteur et procédé de réception
JP5965722B2 (ja) 受信機
JP5957291B2 (ja) 受信機
WO2012157767A1 (fr) Récepteur et procédé de réception
JP2012257228A (ja) 受信機
JP2013009336A (ja) 受信機
JP5953111B2 (ja) 受信機
JP6002438B2 (ja) 受信機
JP2013009320A (ja) 受信機
JP5586658B2 (ja) 受信機
JP6037656B2 (ja) 受信機
JP6018797B2 (ja) 受信機
JP2013009322A (ja) 受信機及び放送送出装置
JP2012257229A (ja) 受信機
JP2013009342A (ja) 受信機
JP2013009341A (ja) 受信機
JP2013009338A (ja) 受信機
JP2012257227A (ja) 受信機

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12785242

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12785242

Country of ref document: EP

Kind code of ref document: A1