JP2000349725A - Broadcast reception device and content use control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To control use of every content by synthesizing first use condition information common to a plurality of pieces of content information and second use condition information which is broadcast in accordance with the plurality of pieces of content information and is common to a plurality of contractors, deciding a use condition on designated content information and controlling the use of corresponding content information. SOLUTION: Priority is given to individual conditions and an order is given to unified content use conditions in accordance with the priority and the contract use condition of the highest priority is set to be a corrected use condition. Since first priority is given to the limit of the number of items, a use possible contract information list is referred to from the limit of the number of times. When use possible contract information satisfying the condition does not exist, the use possible contract information list having the largest number of designation of limit information on the number of times is extracted and the list is similarly generated. The contract condition whose period is the longest is extracted and the corrected content use condition is generated.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to decryption (descrambling) of encrypted (scrambled) broadcast-delivered contents in accordance with contract contents (for example, period, viewing channel, availability of recording and recording), and use or The present invention relates to a contract receiving device and a content use control method for a secondary broadcast service to be used.

[0002]

2. Description of the Related Art Digital broadcasting starts with communication satellites (CS), and as digitalization progresses to cable TV and terrestrial broadcasting, further enhancement of services is expected, and it will play a leading role in broadcasting services in the future. It seems to go.

[0003] The greatest feature of digital broadcasting is that the introduction of information compression technology has improved the use efficiency of the frequency required for program transmission, and has enabled a significant increase in the number of broadcast channels compared to analog broadcasting. That is. Further, since advanced error correction technology can be applied, it is possible to provide a high quality and uniform service.

[0004] In addition, the digitization of broadcasting enables not only broadcasting using images and sounds as in the past, but also broadcasting using characters and data (data broadcasting). Can be distributed by broadcasting, and systems for providing such services are appearing one after another.

[0005] In such a system, when providing a pay-broadcasting service for descrambling or decoding based on the contents of a contract, customer management must be performed in accordance with the contract period. The customer management according to the contract period is, for example, to enable viewing of the program of the contract channel only within the contract period contracted by paying a predetermined fee.

[0006] Further, key information for scrambling or deciphering in the receiving device is provided to only valid viewers (in accordance with the contract channel and contract period) and reliably in order to prevent unauthorized viewing. There is a need.

In this sense, conventionally, a key as shown in FIG.
Conditional reception was performed using the configuration. That is, broadcast
Master key K for each receiving device_MAnd have a subscription
Key of the channel subscribed to the viewer
K_wAnd receiving contract information with master key K_MAnd send with encryption
I do. Here, the work key is a key unique to the channel.
The contract information is the contract period of the channel or the contract
Information such as nothing. Reception contract information is
Received and stored prior to When watching content,
Refer to the information on the subscription to
Encrypted using work key and sent depending on whether or not viewing is possible
Channel key K of the channel _chDecrypt and view
Listen. The channel key is used for the scrambled broadcast con
Used to descramble tents.

As described above, in the conventional digital broadcasting system,
Reception contract information has been used as a means for realizing pay broadcasting. As a result, contract management for each channel can be reliably performed, and digital broadcasting has been established as a business.
However, only reception contracts for each channel can be supported, and it is impossible to manage viewing and listening down to the value of content existing in the same channel. This is problematic, for example, in data broadcasting of PC software or the like premised on secondary use or recording of high-value-added movie content, because recording availability can be specified only on a channel basis.

[0009]

As described above, in the conventional conditional access system, it is difficult to control the use of each content.

The present invention has been made in consideration of the above circumstances, and has as its object to provide a broadcast receiving apparatus and a content use control method that enable use control of each content.

[0011]

SUMMARY OF THE INVENTION The present invention relates to a content use control method for controlling the use of broadcast-delivered content information in accordance with use conditions. The first use condition information common to a plurality of content information included in a channel and the second use condition information common to a plurality of contractors and broadcast corresponding to each content information are integrated. Then, a use condition for the designated content information is determined, and the use of the corresponding content information is controlled based on the determined use condition.

[0012] The present invention (claim 1) provides a means for receiving content information broadcast and distributed using a channel, and a first means for individual subscribers broadcasted corresponding to a channel including a plurality of content information. (E.g., one or a plurality of pieces of content usage information included in the channel reception contract information), and second use condition information (e.g., one of a plurality of subscribers) broadcast corresponding to each piece of content information. For example, a unit that integrates one or a plurality of pieces of content usage information included in the channel transmission contract information to create third usage condition information (for example, an available contract information list) corresponding to the specified content information Controlling the use of the received corresponding content information according to the content usage condition determined based on the created third usage condition information. Characterized by comprising a means for.

[0013] Preferably, the controlling means may include means for controlling secondary use of the content information based on the determined content use condition.

[0014] Preferably, the controlling means is configured to generate license information defining conditions to be used by a secondary usage device that secondary-uses the content information in controlling the usage based on the determined content usage conditions. Means for creating, means for encrypting the content information, a key for decrypting the encrypted content information, means for integrating and encrypting the license information, and the encrypted content Means for transmitting information and the encrypted key and license information to the secondary usage device. By creating the license information linked to the content information in this way, it is possible to control the usage in the secondary use of the content.

[0015] Preferably, when a plurality of content use conditions are created as the third use condition information, the controlling means operates according to a predetermined priority for each restriction item included in each content use condition. By comparing the content use condition included in the third use condition information with the input content use condition desired by the user, the content use condition included in the third use condition information is determined as one. Means may be included.

Preferably, when a plurality of content usage conditions are created as the third usage condition information, the controlling means converts the input user-desired content usage conditions according to a predetermined evaluation function. As a reference, a means may be included that evaluates each of the content usage conditions included in the third usage condition information, thereby determining one content usage condition included in the third usage condition information. In this case, preferably, when a plurality of content use conditions are created as the third use condition information, the plurality of content use conditions are displayed in an order based on an evaluation value by a predetermined evaluation function. Alternatively, the user may be allowed to make a selection or the like.

Preferably, when a plurality of content use conditions are created as the third use condition information, the controlling means presents the plurality of content use conditions and accepts a selection designation from a user. As a result, the content use condition included in the third use condition information is set to 1
It may be possible to include a means for determining the position.

Preferably, the controlling means, if any of the content usage conditions included in the third usage condition information includes the input content usage condition desired by the user, If it is determined that the user-desired content use condition is to be adopted, and there is no content that includes the user-desired content use condition, the user-desired content use condition is adapted to the third use condition information. Alternatively, it may be determined to adopt a modified one.

Preferably, the determined content use condition may be displayed to notify the user.

Preferably, the use restriction items of the content use conditions may include at least one of a condition relating to an expiration date, a condition relating to the number of times of use, and a condition relating to limitation of a device or a model.

[0021] Preferably, when transmitting the content information to a secondary usage device, the control means may include a means for authenticating the secondary usage device. Alternatively, mutual authentication may be performed between the broadcast receiving device and the secondary usage device.

Preferably, the second usage condition information includes:
The broadcast may be included in the same packet as the corresponding content information.

Preferably, the second use condition information includes:
The broadcast may be included in the same packet as the electronic program guide information for the corresponding content information.

Preferably, the determination of the content use condition by the control means may be performed at the time of recording reservation.

[0025] The present invention (claim 13) is a content use control method for controlling the use of content information to be broadcast-distributed according to use conditions, wherein the same channel is broadcast corresponding to each subscriber. , The first usage condition information common to the plurality of content information included in the content information, and the first usage condition information broadcasted corresponding to the individual content information,
It is characterized in that the use condition information is integrated with the second use condition information, the use condition for the designated content information is determined, and the use of the corresponding content information is controlled based on the determined use condition.

The present invention relating to the apparatus is also realized as an invention relating to a method, and the present invention relating to a method is also realized as an invention relating to an apparatus.

According to the present invention, one or a plurality of first usage conditions which a contractor has for a certain channel, and one or a plurality of second usage conditions which are defined for a certain content, , It is possible to realize various conditional access for each pair of the contractor and the content. This makes it possible to control the use of each content in accordance with the value of the content and the like, and it is possible to extend the limited reception to secondary use of the content which has not been sufficiently performed conventionally.

Further, by linking the content use condition to the content in the form of license information and giving it to the secondary use device, the content can be used by the secondary use device.

[0029]

Embodiments of the present invention will be described below with reference to the drawings.

First, explanation of basic matters and definition of words and phrases will be made.

The use of a content by a device / apparatus (referred to as a secondary use apparatus) which is not directly controlled by the broadcast receiving apparatus is called "secondary use". Use of content other than secondary use is referred to as “standard use”. For example, an external device such as a recording device or a PC is subject to secondary use control,
Devices such as television output devices and speakers that are integrated with the broadcast receiver and directly control the broadcast receiver.
Devices (referred to as standard use devices) are not subject to secondary use control (of course, even with the same type of TV output device or speaker, secondary use is not possible unless control of the broadcast receiver is directly attained) Device).

In the present embodiment, as the conditional access performed by the broadcast receiving apparatus, control relating to a standard use apparatus (for example, control based on a channel reception contract regarding whether or not immediate viewing of content being broadcast can be performed) and secondary use apparatus The control for enabling the use of appropriate content in the Internet is taken as an example.

In this embodiment, it is assumed that each user basically subscribes to a program provider (for example, a broadcasting station) on a channel basis. Basically, it is assumed that contract contents (for example, usage conditions) are set for each user and each channel. A broadcast receiver that performs conditional access is installed on the user side who has subscribed to receive at least one channel. Each broadcast receiving device is assigned a unique identifier (called a receiving device ID), and the broadcast receiving device is managed by the “receiving device ID”.

Information indicating the contract status of a certain channel (for example, whether or not there is a contract, use conditions, etc.) is called "channel contract information". The channel contract information is control information that is broadcast from the broadcast station to the broadcast receiving device side to perform conditional access (an appropriate broadcast receiving device performs control for conditional access according to the control information). In the present embodiment, “channel reception contract information” that is set by the original channel reception contract (without content dependency) and that that is set by the intention of the transmission side in accordance with the value and personality of the content (content dependency "With channel transmission contract information"
Are used. The channel reception contract information is set, for example, for each contractor and each channel (commonly set for content included in one channel), and the channel transmission contract information is set, for example, for each channel and each content ( Commonly set for subscribers).

By the way, when the contract status is considered only as to whether or not there is a contract, for example, a channel number is assigned to each channel, and whether the bit corresponding to the channel number is 1 as shown in FIG. A bit string indicating the presence / absence is one form of the channel contract information. Information indicating the presence or absence of the contract for each channel in this manner is called channel development information. If there are n channels in all channels,
The channel development information is n-bit data. In the example of FIG. 2, out of all eight channels, the second, fifth, seventh, and eighth channels are contracted, and the first, third, fourth, and sixth channels are not contracted. ing.

Here, bit information corresponding to a specific channel and indicating the contract state of the channel is referred to as a “contract flag”.
Call. For example, in the channel contract information of FIG.
The contract flag of the first channel is 0, and the contract flag of the second channel is 1.

The contract flag stored in the broadcast receiving apparatus indicates whether or not there is a contract for the corresponding channel. The contract flag included in the information broadcast from the broadcasting station indicates that the corresponding channel has a new contract. (When the contract flag stored in the broadcast receiving device is updated from 0 to 1), and the contract of the corresponding channel is released (the contract flag stored in the broadcast receiving device is changed from 1 to 1). 0), and can be used for notifying whether there is a contract for the corresponding channel (when the contract flag does not change) and the like.

Notification of channel and contract flag (broadcast)
There are various methods other than the above-mentioned method using the channel expansion information. For example, as shown in FIG. 3, there is a method of individually notifying channel contract information using a pair of a channel identifier and its contract flag. In this case, it is possible to broadcast only necessary channels (for example, a newly contracted channel, a canceled channel, a channel for notifying a contract status for confirmation, etc.). In FIG. 3, there is also a method of enumerating a plurality of channel identifiers and collectively reporting the contract status of the plurality of channels. Alternatively, a method of collectively reporting the contract statuses of a plurality of channels using a package identifier indicating a set of a plurality of channel identifiers (information indicating a set of a plurality of channel identifiers included in a certain package identifier is separately broadcast) is also available. is there. Although the present invention can be applied to any form, this embodiment will be described by taking as an example a case where the method shown in FIG. 3 is used.

In this embodiment, the contract status is
In addition to the presence / absence of a contract for each channel, a contract content (for example, use conditions) related to a channel and a contract content (for example, use conditions) for a content are used to realize more advanced conditional access. For this purpose, the channel reception contract information / channel transmission contract information includes, in addition to the contract flag,
Information about the contract contents, for example, the content usage information shown in FIG. 4 is included (note that in the channel transmission contract information,
A configuration without a contract flag may be adopted). The content usage information includes, for example, expiration date information, frequency limit information, and device limitation information as shown in FIG.

In order to prevent falsification of the channel contract information,
The channel contract information is encrypted and broadcast. In addition, in order to prevent disadvantageous acquisition of channel contract information (for example, non-reception or discard of the channel contract information broadcasted for canceling the contract), the channel contract information is encrypted with other information as a set. (So that they are broadcast in sets).

In the present embodiment, the information including the channel reception contract information (regardless of whether a part or all of the information is encrypted) is referred to as “reception contract related information”. Since the channel receiving contract information is integrated with the receiving device ID of the broadcast receiver to which the channel receiving contract information is applied, the receiving contract related information includes the receiving device ID. In addition, the information including the channel transmission contract information (whether or not a part or all of the information is encrypted) is referred to as “program-related information”.
Call.

In the first embodiment, the channel key necessary for decrypting the content to be encrypted and broadcasted is broadcasted by being included in the program-related information (encrypted together with the channel transmission contract information). In the second embodiment, the broadcast is included in the reception contract related information (encrypted together with the channel reception contract information). In the second embodiment, the channel transmission contract information is added to the content (encrypted together with the content) and broadcast. That is, in the second embodiment, the program related information is not used.

The hardware for realizing the conditional access mechanism inside the broadcast receiving apparatus is called a “limited reception chip”. Since the conditional access chip contains confidential information for conditional access inside, it is configured as an integrated LSI so that its internal memory and hardware configuration cannot be easily read, written, or changed from outside. It is assumed that they have a tamper-resistant structure. It is assumed that the memory inside the conditional access chip includes a master key and a device master key. The master key is mainly used for decrypting the channel reception contract information. The master key is
In the first embodiment, it is unique to the broadcast receiving device, and in the second embodiment, it is common to all the broadcast receiving devices. The device master key is a key that is shared between the broadcast receiving device and the secondary use device (for example, a form in which each secondary use device has a device master key determined for each model, and a case where all the secondary use devices are used). A form having a common device master key is conceivable),
It is used to encrypt content transferred from the broadcast receiving device to the secondary usage device. The receiving device ID is
It is assumed that the setting is individually made for each receiving device and is recorded in the nonvolatile memory inside the conditional access chip.

The channels received by the broadcast receiving apparatus according to the present embodiment can be broadly classified into “normal channels” and “contract information channels”. In the normal channel, packets carrying normal broadcast contents are multiplexed and flown. A packet carrying received contract-related information and a packet carrying program-related information flow through the contract information channel. In the contract information channel, each piece of information is not broadcast only when it is changed, but information having the same content is repeatedly broadcast, for example, for a certain period. During operation, the broadcast receiving apparatus of the present embodiment always receives the contract information channel and one or more normal channels as described above.

(First Embodiment) In this embodiment, it is assumed that each broadcast receiving apparatus has an individual master key. Such a method periodically and individually encrypts and transmits reception contract-related information to each broadcast receiving apparatus, and thus transmits a relatively large amount of information for conditional access. Extremely high security, such as a narrow range of damage when breached (such a scheme has been adopted in CS broadcasting and others).

Hereinafter, the broadcast receiving apparatus of the present embodiment will be described.

FIG. 1 shows a configuration example of a broadcast receiving apparatus according to the present embodiment.

As shown in FIG. 1, the broadcast receiving apparatus includes a receiving section 101, an A / D conversion section 102, an error detection / correction section 103, a channel selection section 104, a channel selection interface (I / F) 105, Conditional reception processing unit (conditional reception chip) 106, content use method selection interface (I / F) 107, content use condition display unit 108
Having. The conditional access processing unit 100, that is, the conditional access chip, includes a filter unit 111, a descramble unit 112, a program related information decoding unit 113, a reception contract related information authentication unit 114, a reception contract related information decoding unit 115, a reception contract determination unit 116, use condition determination / modification unit 117, content output control unit 118, channel information input unit 119, standard output unit 120, secondary use output unit 121, master key storage unit 122, receiving device ID storage unit 123, work key storage A unit 124, a channel key storage unit 125, a channel key output unit 126, a reception contract information storage unit 127, and a transmission contract information storage unit 128 are provided, and tamper resistance is given.

Next, the encryption mechanism of this embodiment will be described.

The broadcast contents of this embodiment are protected by a three-stage encryption mechanism as shown in FIG.

[0051] First, as described above, each broadcast receiver has a unique master key K _M.

The work key _{Kw is a} key defined for each channel and common to all broadcast receiving apparatuses. Work key K _w corresponding to a channel, encrypted with the work key identifier with a unique master key K _M to the broadcast receiving apparatus to be transmitted is transmitted together with the reception apparatus ID to be the corresponding channel identifier and object. Alternatively, encrypted with the work key identifier and the corresponding channel identifier master key K _M, it may be transmitted together with the reception apparatus ID of interest. As a result, an encrypted work key to be transmitted exists for each broadcast receiving device and for each channel. Each broadcast receiving device has its own master key K
Decrypting the encrypted work key K _w with _M, in association with the work key identifier and channel identifier.

The channel key _Kch descrambles (decrypts) the scrambled (encrypted) broadcast contents.
And is determined for each channel. Channel key K _ch is encrypted with the channel key identifier corresponding work key K _w, it is broadcast distribution with the work key identifier, and a corresponding channel identifier. Each broadcast receiver decodes the channel key K _{c h} encrypted using a corresponding work key K _w, in association with the channel key identifier and channel identifier.

[0054] broadcast content, using the channel key K _ch is encrypted with mainly shared key encryption method, it is broadcast distribution with the channel key identifier and the channel identifier.

Each broadcast receiving device can decode the broadcast content by using the corresponding channel key _Kch .

Here, it is desirable that the channel key be changed in a short time of, for example, about 10 minutes in order to prevent decryption. If an individual master key is used to transmit this, the amount of transmission becomes enormous. Therefore, the amount of transmission is reduced by using a work key common to all broadcast receiving apparatuses. On the other hand, since it is dangerous to use the same key for the work key in units of months, it is desirable to change the work key in units of one month, for example.
This is encrypted with an individual master key and transmitted. By this mechanism, even if the master key is known, free viewing can be prevented by changing the work key.

As for the distribution of the work key, for example, a form in which the work key is distributed in the channel reception contract information and a form in which the work key packet is distributed are considered (in the present embodiment, the distribution is performed in the channel reception contract information. It shall be).

An example in which detailed conditional reception is realized by integrating channel reception contract information and channel transmission contract information on this conditional access system will be described below. here,
As a detailed example of conditional access, a control method based on conditional access for secondary use of content will be described. Of course, conditional access for the purpose of restricting use in secondary use is an example, and a similar system can be used in a system in which a different use form must be determined for each content.

By the way, since the secondary use of the content includes a use form that can be used repeatedly by recording it on a recording medium, the use form greatly depends on the value of the content. In that sense, since limited reception using only conventional reception contract information can be managed only for each channel, for example, when content of various values flows through a channel, individual control reflecting those values cannot be performed. Was. This problem is particularly conspicuous when outputting to an external device such as a recording device. Conventionally, either copy protection is applied uniformly or unlimited secondary use is permitted. For example, copy protection is applied. There was no conditional access to pay for the channel being recorded at a reasonable price. In the future, the digital broadcasting business will expand and the data broadcasting will be commercialized, and with this, the secondary usage will be advanced and digital recording will be possible, and it will be possible to execute distribution software on PC. In other cases, the problem becomes more serious. In the present embodiment, this problem is to be realized by integrating the channel reception contract information of the contractor and the channel transmission contract information of the content.

First, the channel contract information (channel reception contract information / channel transmission contract information) will be described.

This conditional access system uses the
In the case of controlling the next use, the channel reception contract information (or the contract state indicated by it) includes whether or not there is a contract for the channel and the usage conditions (restriction Content) and the work key K _w of the channel (when the work key is included in the channel reception contract information and delivered). In addition, the channel transmission contract information (or the contract state indicated by the contract information) includes usage conditions for using the content.

FIG. 3 shows an example of the data structure of the channel contract information according to the present embodiment. (A) is the channel reception contract information when the work key is included in the channel reception contract information and delivered. (B) is the channel transmission contract information and the work key when the work key is not included and delivered in the channel reception contract information. This is channel reception contract information.

The channel reception contract information shown in FIG. 3A includes a channel identifier, a contract flag, a work key identifier, a work key, a number of content usage modes, and a sequence of content usage information corresponding to the number of content usage modes.

The “channel identifier” indicates the channel of the broadcast content.

The "contract flag" is bit information indicating the contract state of the channel specified by the channel identifier.

The “work key identifier” is an identifier of a work key to be distributed here.

[0067] "work key" is a work key _{K w} of the channel.

The “number of content usage forms” indicates the number of content usage information included in the present channel contract information.

"Content usage information" indicates information on usage conditions for content.

When the contract flag is 1, the field of the work key identifier and the field of the work key may be made valid (even when the contract flag is 0, FIG. 3A).
If the contract flag is 1, then these fields may be included in the channel reception contract information (if the contract flag is 0, the field will be as shown in FIG. 3B).

In the following, description of the work key will be omitted.

In this embodiment, the content use information is composed of “expiration date information”, “frequency limit information”, and “device limit information” as shown in FIG. The “expiration date information”, “frequency limit information”, and “device limit information” respectively mean a time limit, a frequency limit, and a limitation of a device to which the content can be used. It is described in a prescribed format.

The channel transmission contract information or the channel reception contract information shown in FIG. 3B includes a channel identifier, a contract flag, a number of content usage modes, and a row of content usage information corresponding to the number of content usage modes. Each information is as described above.

Next, various data to be broadcast will be described.

The data received by the broadcast receiving apparatus in the conditional access system of this embodiment includes a content packet, a program-related information packet, and a reception contract-related information packet.

First, the broadcast contents will be described.

FIG. 6 shows an example of the data structure of a content packet.

As shown in FIG. 6, the content packet includes an information identifier, a channel identifier, a channel key identifier, and broadcast contents.

The "information identifier" indicates the type of the packet. Here, an identifier indicating a content packet is described.

The “channel identifier” indicates the channel of the broadcast content.

The "channel key identifier" indicates an identifier of a channel key for decoding the broadcast content.

The “broadcast content” is raw program data, and includes a channel key K _ch specified by a channel key identifier.
Is encrypted.

In this embodiment, all of the information is assumed to be data represented by a fixed length.

Next, the program related information will be described.

FIG. 7 shows an example of the data structure of the program-related information packet.

As shown in FIG. 7, the program-related information packet includes an information identifier, a channel identifier, a work key identifier, a channel key identifier, a channel key, and channel transmission contract information.

The “information identifier” indicates the type of the packet. Here, an identifier indicating that the packet is a program-related information packet is described.

The “channel identifier” indicates which channel the program-related information belongs to.

[0089] "work key identifier" is information indicating whether the program-related information packet is encrypted by any work key K _w.

"Channel key identifier" is an identifier of a channel key described next.

The “channel key” indicates the channel key K _ch used for encrypting the broadcast content of the channel specified by the channel identifier.

[0092] "Channel transmission contract information (Cs _)" is channel contract information describing the usage conditions of the content encrypted with the channel key _Kch .

In the present embodiment, all of the information is data represented by a fixed length, and the range of the channel key identifier, the channel key, and the channel transmission contract information is a work key specified by the work key identifier. Is encrypted.

Here, in the present embodiment, it is assumed that the content broadcast at the same time and the program-related information correspond (the start of the broadcast of the program-related information is slightly different from the start of the broadcast of the corresponding content). If the broadcast of the program-related information and the broadcast of the corresponding content end at the same time,
This includes the case where the start and end of the broadcast of the program-related information slightly precedes the start and end of the broadcast of the corresponding content). Alternatively, a content identifier may be added to each packet to explicitly take correspondence.

Next, the reception contract related information will be described.

FIG. 8 shows an example of the data structure of the reception contract related information packet.

As shown in FIG. 8, the reception contract related information packet includes an information identifier, a reception device ID, channel reception contract information, and an error detection code.

The "information identifier" indicates the type of the packet. Here, an identifier indicating that the packet is a reception contract related information packet is described.

The “receiving device ID” indicates to which broadcast receiving device the receiving contract related information is addressed.

"Channel reception contract information ( _CR)" is channel contract information indicating the contract state of the broadcast receiving apparatus.

The "error detection code" is a code for detecting an error in the channel reception contract information.

In the present embodiment, all of the information is data represented by a fixed length (however, as described above, there is also a form in which the channel reception contract information is variable).
Everything from the channel reception contract information to the error detection code is encrypted with the master key of the receiving device indicated by the receiving device ID.

Hereinafter, the operation of the broadcast receiving apparatus according to the present embodiment will be described.

FIGS. 9 to 12 show an example of the operation procedure of the broadcast receiving apparatus of the present embodiment.

First, it is assumed that a desired channel is selected by the channel selection interface 105 manually by a user operation or automatically by a reservation function or the like. The channel number selected by the channel selection interface 105 is transmitted to the channel selection unit 104 and transmitted from the channel information input unit 119 to the reception contract determination unit 116.

The broadcast wave received by the receiver 101 in step S11 of FIG. 9 is subjected to A / D conversion by the A / D converter 102 to be converted into digital data (step S12). Reconstructed into packets that can be processed internally. Then, the error is detected / corrected by the error detection / correction unit 103 (step S13).

The error-detected / corrected received packet is sent to channel selection section 104, and the broadcast content packet (FIG. 6) is sent to channel selection interface 1
Only those corresponding to the channel selected at 05, and all the program-related information packets (FIG. 7) and the reception contract-related information packets (FIG. 8) are sent to the conditional access processing unit 100.

Thereafter, the processing branches according to the type of the packet.

The filter unit 111 refers to the information identifier of the received packet, and if it is a content packet (step S14), sends this to the descramble unit 112 (steps S17, S18). The descrambling unit 112 to which the content packet has been given starts a process for decrypting the encrypted content.

If the packet is a program-related information packet (step S15), it is sent to the program-related information decoding unit 113 (step S19). The program-related information decoding unit 113 given the program-related information packet starts processing for decoding the channel key and the channel transmission contract information.

If the packet is a reception contract related information packet (step S16), it is sent to the reception contract related information authentication unit 114 (step S20). That is, since the reception contract-related information packet includes a portion encrypted by the master key of the receiving device, it is determined whether or not the packet is addressed to the own device prior to decryption. Receiving contract related information authentication unit 11 given the receiving contract related information packet
In step 4, the receiver ID included in the packet is extracted,
Receiving device ID extracted from receiving device ID storage section 123
By comparing the received contract information packet with the received contract information packet, it is determined whether or not the received contract information packet is addressed to the own device. finish. The receiving contract related information decoding unit 115 to which the receiving contract related information packet addressed to the own apparatus is given starts a process for decoding the channel contract information.

Next, a description will be given of processing relating to a content packet.

The descrambling unit 112 that has received the received content packet performs a process according to the procedure illustrated in FIG.

The content packet sent from the filter unit 111 to the descramble unit 112 sends a channel identifier and a channel key identifier to the channel key output unit 126, and requests output of the channel key (step S31). In response to this request, the channel key output unit 126 sends the channel identifier to the reception contract determination unit 116 and inquires whether the channel key can be output (step S32). In response to the inquiry, the reception contract determination unit 116 extracts the reception contract information of the channel from the reception contract information storage unit 127 (step S3).
3) If the contract flag is 1, a signal indicating permission is given, and if the contract flag is 0, a signal indicating disapproval is sent to the channel key output unit 126 (steps S34 to S37).

In the channel key output section 126, if the judgment result of the transmitted permission is permitted, the channel key holding the channel key identifier of the channel concerned is obtained from the channel key storage section 125, and the channel key is transmitted to the descramble section 111. The content packet is transmitted (step S38), and if not permitted, the process for the content packet is terminated.

Since the content packet has the highest processing frequency among the packets, it takes time to repeat the same processing for each packet. Therefore, it is convenient to perform the following processing. That is, as long as the same channel key of the same channel is used, if the output of the channel key is permitted once, it is convenient to output the channel key without inquiring the reception contract determination unit 116 every time. In fact, the channel key is changed once every few minutes for security reasons, so this has little effect on conditional access.

In response to the output of the channel key _Kch, the descrambling unit 112 decrypts the encrypted part of the content packet (step S39) and sends it to the content output control unit 118 (step S40).

In the content output control section 118, the content use method (for example,
(Including information such as content usage conditions and usage forms) and determine whether the usage method is possible (step S)
41). This determination is performed by the usage condition determination / correction unit 117. This determination processing will be described later in detail.

When the use is permitted by the use condition judging / modifying unit 117, the standard output unit 120, the secondary output and the secondary output are used according to whether the use mode is the standard output (output to the standard use device for standard use) or the secondary use output. The data is output to the use output unit 121 (step S42).

If the use mode is the standard output, the standard output section 120 outputs the content to the standard use device (step S43).

On the other hand, when the usage mode is the secondary usage output, the secondary usage output unit 121 generates license information reflecting the usage mode (step S44), and links the license information to the content to make the secondary usage output. Output to the use device (step S45). As will be described later in detail,
Content and outputs the encrypted by the device master key K _m shared with the secondary use device. Note that the license information generation processing will be described later in detail.

Next, the operation of the use condition judging / modifying unit 117 will be described with reference to the flowcharts shown in FIGS. 11 (judgment processing) and FIG. 12 (modification processing).

FIG. 11 shows an example of a processing procedure of a portion for determining whether or not a content use condition desired by a user can be permitted without modification.

When the content use condition of the channel is input, the use condition determination / correction section 117 acquires the reception contract information of the channel from the reception contract information storage section 127 (step S51).

In the reception contract information storage section 127, the channel reception contract information is stored, for example, in a format as shown in FIG.

The expiration date information indicates the valid expiration date of the content broadcast on the channel. Although the expiration date information in FIG. 13 is described in the format of “year, month, day” for simplicity, it is assumed that it is actually represented by one integer value. Here, if the expiration date information is “−1”, it indicates that there is no restriction on the expiration date, and the expiration date information is “0”.
In the case of, it indicates that the expiration date is not specified and is effective only immediately.

[0127] The number-of-times limit indicates the number of times the content broadcasted on the channel can be used. Also, similarly to the above, "-1" means unlimited (can be used any number of times),
“0” is undesignated and indicates that it is valid only immediately (for example, only viewing is possible during broadcasting).

As for the device limitation information, 0 means that the device is not limited, and 1 means that the device is limited.
Further, the expiration date information, the frequency limit information, and the device limitation information specified in each channel reception contract information represent one contract state with the AND condition. For example,
In the example of FIG. 13, the third contract condition from the top is 2000
This means that any device can be viewed up to 10 times until January 7, 2011.

When the channel reception contract information of the channel is obtained, the number is calculated and stored in the variable CRMAX (step S52).

Similarly, the use condition judging / modifying unit 117
The transmission contract information of the channel is acquired from the transmission contract information storage unit 128 (step S53).

In the transmission contract information storage section 128, the channel transmission contract information is stored, for example, in a format as shown in FIG. The meaning of each information in FIG. 14 is the same as the above-mentioned channel reception contract information.

When the channel transmission contract information of the channel is obtained, the number is calculated and stored in the variable CSMAX (steps S53 and S54).

Next, the channel reception contract information is sequentially checked to find a condition that matches the input content use condition (steps S55 to S59).

For example, if the content usage condition desired by the user is “I want to view without limitation of the number of times and without limitation of the device until June 9, 1999”, in the example of FIG.
It matches the channel subscription information.

If there is a match, similarly,
The channel transmission contract information is sequentially checked to find a condition that matches the input content use condition (step S6).
0 to S64).

If there is a match,
Permit the content use condition (step S6
5).

That is, if there is channel reception contract information and channel transmission contract information that satisfy the content usage condition desired by the user, a signal to permit the content usage condition is transmitted to content output control section 118, and determination is made. The process ends.

On the other hand, if there is no data matching at least one of the channel reception contract information and the channel transmission contract information, a signal indicating rejection is output to the content output control unit 1.
18, the determination processing may be terminated, but in the present embodiment, the content use condition is corrected and the permission is issued.

For example, the content use condition “19
In the example of FIG. 14, since there is no matching channel transmission contract information in the example of FIG. 14, it is not possible to permit the user as it is until June 9, 1999. The process of modifying the usage conditions is performed as follows.

FIG. 12 shows an example of a processing procedure when it is necessary to modify the content use condition.

In this case, first, the channel reception contract information and the channel transmission contract information are integrated to create a list of available contract information (hereinafter, available contract information list) (step S71).

The list of available contract information is, for example, as shown in FIG.
3 and one channel transmission contract condition of the channel transmission contract information shown in FIG. 14 by taking AND conditions of three individual conditions. Is performed for all combinations of the channel reception contract conditions and the channel transmission contract conditions. FIG. 15 shows an example of an available contract information list obtained by integrating the channel reception contract information shown in FIG. 13 and the channel transmission contract information shown in FIG.

Hereinafter, from the available contract information list,
An integration process for extracting a condition closest to a content usage condition desired by the user will be described.

Here, a method is adopted in which priorities are assigned to the individual conditions, priorities are added to the integrated contents use conditions according to the priorities, and the contract use conditions having the highest order are used as the modified use conditions. In addition, it is assumed that the order of priority is “limit of number of times” → “expiration date” → “device limitation”. That is, a search is made for a content that satisfies the input content use condition in this order, and a search is made for a content that is evaluated to be most advantageous.

First, in this example, the number-of-times restriction has the highest priority, so the available contract information list is referred to from the number-of-times restriction (step S72). In the case of the above-mentioned content use condition “unlimited number of times and no limitation of devices until June 9, 1999”, the number of times is unlimited (−1), and therefore, the contents of the available contract information list shown in FIG. It is checked whether or not there is an item for which the number limit is not specified, and if there is, a list is created by extracting them (step S74). In the example of FIG. 15, there is available contract information with an unlimited number of times, and these are taken out and a list as shown in FIG. 16 is created.

If there is no available contract information that satisfies the conditions, the list of available contract information having the largest number of specified number of times limit information is extracted, and a list is created in the same manner. (Step S73).

Next, in this example, since the expiration date has the second highest priority, the extracted list is referred to (step S).
75) Then, a list whose expiration date satisfies the content use condition is extracted from the list (step S77). FIG.
In the case of the example, the second available contract information "1999
Unlimited number of times until June 10th, limited devices ". Of course, a plurality of available contract information may be extracted.

On the other hand, if there is no usable contract information whose validity period satisfies the use condition, the usable contract information having the longest validity period is extracted from the extracted list (step S76).

Finally, a contract condition having the longest period is extracted, and an AND between the contract condition and the input content use condition is created to create a modified content use condition. The content is output to the content use condition display unit 107 (step S78).

In the case of this example, the use condition closest (modified) to the input use condition is the integrated use extracted as the condition desired by the user: “Until June 9, 1999, no limit on the number of times, no device limitation”. From the condition “Unlimited number of times until June 10, 1999, with device limitation”, the condition becomes “Unlimited number of times, with device limitation until June 9, 1999”.
In other words, in this example, where the permission is not obtained under the condition without the device limitation, by performing the correction adding the condition of the device limitation, the permission can be obtained while maximizing the user's desire. Has become.

The content use condition output to the content output control unit 118 is sent to the secondary use output unit 121, and is reflected in license information describing a method of using the content by a process described later.

The content use condition display section 107 displays the input use condition. In the present embodiment, since the desired use condition may be modified, it is important in presenting the use condition to the user.

In the case where a permitted use condition is not obtained, for example, the process may be terminated without permission, or a message prompting the user to change the desired content use condition may be displayed. You may make it.

In this manner, the channel reception contract information and the channel transmission contract information are integrated, and the usage conditions according to the channel reception contract held by the contractor for the channel and the usage conditions for individual contents are obtained. It can be integrated, and various conditional access can be realized for each contractor / content pair. This allows
Conditional reception can be extended to secondary use of content, which has not been sufficiently achieved in the past.

Next, license information for secondary use will be described.

This processing implements the content use conditions as data linked to the content called license information.

FIG. 17 shows an example of the structure of license information.

[0158] As illustrated in FIG. 17, the license information includes a content ID, a content usage rule, is made of the content key _{K c.}

“Content ID” is the secondary usage output unit 1
This is an identifier of the content generated in 21 and has a role to formally link the content and the license information.

The “content use condition” is a condition under which the content with the content ID can be used. In the present embodiment, as shown in FIG. 18, the content use condition is composed of “expiration date”, “use count”, and “device ID”. As in the channel contract information, the expiration date and the number of times of use are represented by -1 for unlimited and 0 for unspecified. Also, the device ID is 0, indicating no device limitation, and 0
Represents a device limit with a value other than, and in the present embodiment,
The device ID other than 0 indicates an ID written inside the device used secondarily.

It is to be noted that the content use condition finally determined in the previous process (the condition first input or modified by the user) is distinguished from the content use condition (FIGS. 17 and 18) in the license information. Therefore, the content usage condition in the license information is referred to as a secondary usage condition.

The secondary usage condition in the license information is generated / determined based on the content usage condition input from content output control section 118.

"Content key Kc _" is the content ID
Is a key for decrypting the content specified by.

[0164] license information is in the range of from the secondary use conditions until the content key has been encrypted by the device master key K _m.

Next, content information for secondary use will be described.

FIG. 19 shows a configuration example of the content information.

[0167] As shown in FIG. 19, the content information is made from the content ID and the content, only a portion of the content is encrypted by the content key K _c.

[0168] In this case, the content key K _c are included in encrypted license information, this is a link of a substantial license information and content. That is, here, it is assumed that the device master key _Km is strictly concealed by the secondary usage device and is not known to the user. Therefore, the content key cannot be obtained without the device master key, and the content key can be obtained by the secondary usage device. Therefore, the content and the license information are described as “license information is required to decrypt the content. Is linked. further,
Since the content key is encrypted together with the secondary usage condition, the secondary usage condition is similarly linked to the content, and if the license information is forged, the content key is also destroyed. It becomes impossible to falsify the secondary usage conditions. In the present embodiment, the content use conditions are reflected in the secondary use in the form of license information.

The secondary usage output unit 121 creates license information and encrypted content for secondary usage based on the license information and the content given from the content output control unit 118.

FIG. 20 shows a configuration example of the secondary usage output unit 121. As shown in FIG. 20, the secondary usage output unit 12
1 is a content input unit 201, a content encryption unit 2
02, content output unit 203, content key generation unit 204, usage condition input unit 205, usage condition generation unit 20
6, a content ID generation unit 207, a license information generation unit 208, a device master key storage unit 209, and a license information output unit 210.

First, the license information creation processing for secondary use will be described.

FIG. 21 shows an example of a procedure for creating license information for secondary use.

First, a content use condition is input from the use condition input unit 205 (step S81). The input content usage condition is immediately used by the usage condition generation unit 206.
Sent to each content ID generating unit 207 to generate the content ID and the content key K _c of the content corresponding to the content usage conditions and requests the content key generation unit 204, respectively and generates (step S
82, S83). Further, the content use condition is referred to (Step S84), and if the content use condition includes the device limitation information, the device ID is obtained from the secondary use device (Step S85).

Next, based on the input content usage conditions (and the device ID when there is device limitation information),
A secondary use condition is created (step S86).

[0175] Next, acquires the device master key K _m from the device master key storage unit 209 (step S87), created secondary usage conditions and content key device master key K
_By encrypting with _m and adding a content ID,
License information is created (step S88).

The management mode of the device master key includes, for example, a mode in which each secondary usage device has a device master key defined for each model (the device master key storage unit 209 stores
A device master key corresponding to each model ID is stored),
A form in which all the secondary usage devices have a common device master key (a common device master key is stored) is conceivable. For example, in step S87, the target secondary usage device is set according to the above-described mode. The device master key corresponding to the model ID of the device or the device master key common to all the secondary usage devices may be obtained. Also, for example, each secondary usage device may have an individually defined device master key.

Lastly, the created license information is output (step S89).

Next, the content encryption processing will be described.

FIG. 22 shows an example of a content encryption processing procedure.

When the content is input from the content input unit 201 (step S91), it is immediately sent to the content encryption unit 202. Content encryption unit 202
Acquires the generated content key from the content key generation unit 204 (step S92), and encrypts the content (step S93). The encrypted content is output from the content output unit 203 (Step S94).

Note that the encrypted content shown in FIG.
And 2 receiving the encrypted license information of FIG.
In the next use device, for example, the device master key K of its own device_m
Decrypts the license information and uses the content usage conditions (Fig. 1
8) and content key K _cTake out the content
The device ID included in the usage condition is 0 or the device I of the own device
D and is included in the content usage conditions.
After verifying that other conditions are met,
Content key K_cTo decrypt and record
Use of predetermined contents such as playback and playback. Secondary use equipment
In order to use the content, the license information
According to the content usage conditions in the report,
Perform a troll. For example, managing expiration dates and usage counts
Do. In addition, the content and its license information,
Enables transfer from one secondary usage device to another secondary usage device
You may.

[0182] By doing so, if the device is not limited, the content can be used by other secondary usage devices.

Further, when the content is output from the standard output unit 120 to the standard use device, if the use involves the accumulation of the content, the use may be handled in the same manner as the secondary use device. In this case, the content use condition (FIG. 17) may be passed without encryption. Also, when performing the authentication procedure between the broadcast receiving device and the secondary usage device, the authentication may be omitted between the broadcast receiving device and the standard usage device.

By doing so, it is possible to integrate the contractor's channel reception contract information and the channel transmission contract information attached to the content, and to realize a detailed usage form by a combination of the contractor and the content usage conditions. it can. In particular, in the present embodiment, a content use condition is created in consideration of a use condition in the secondary use as a use condition, and the content use condition is linked to the content in the form of license information, and used in the secondary use device. Can be realized.

Now, the processing related to the program-related information packet (continuation of B in FIG. 9) will be described below.

In the flow chart showing the flow of the overall processing in FIG. 9, if the received packet is a program-related information packet, it is sent to program-related information decoding section 113 through filter section 111.

FIG. 23 shows an example of the subsequent processing procedure.

In this case, first, the corresponding work key is obtained from the work key storage unit 124 using the channel identifier and the work key identifier added to the packet as keys (step S101). If the corresponding work key does not exist in the work key storage unit 124, the process ends.

If the work key can be obtained, the program-related information is decrypted using the obtained work key (step S102).

[0190] Gets the channel transmission contract information _{C s} from the program-related information decoded (step S103), and stores this together with the channel identifier to transmit the contract information storage unit 128 (step S104). Here, since the channel transmission contract information is changed depending on the broadcast content,
In the present embodiment, in the transmission contract information storage unit 128,
It is assumed that channel transmission contract information having the same channel identifier is always overwritten. Of course, in order to avoid overwriting exactly the same information, it may be compared with the existing channel transmission contract information and overwritten only when the information is not the same.

In the following, a process related to the reception contract related information packet (continuation of C in FIG. 9) will be described.

In the flow chart showing the flow of the overall processing in FIG. 9, if the received information is a received contract related information packet, it is sent to the received contract related information authenticating section 114 through the filter section 111.

FIG. 24 shows an example of the subsequent processing procedure.

In this case, first, the receiving device ID storage unit 12
3 and the receiving device ID included in the receiving contract related information packet (step S111).
To determine whether or not the channel reception contract information is addressed to its own device (step S
112). If the message is not addressed to the own device, the process ends.

[0195] When was of the own reception device acquires the master key K _M which is set individually to the broadcast receiving apparatus from the master key storing unit 122 (step S113),
The encrypted part of the reception contract related information packet is decrypted (step S114).

By acquiring an error detection code from the decoded channel reception contract information and verifying the error detection code, it is possible to confirm that the channel reception contract information is correct.

Here, an error detection code is added and transmitted, and the broadcast receiving apparatus side confirms this by forging an unencrypted receiving apparatus ID in the reception contract related information packet. This is to prevent fake receiving contract related information from being input. The error detection code is derived from the channel reception contract information. When the channel reception contract information is altered while being encrypted and decrypted even if it is forged, the error detection code derived from the obtained channel reception contract information is obtained. It is extremely rare that the code coincides with the error detection code obtained as a result of decoding, so that forgery prevention can be prevented. In fact, if there is no error detection code, by appropriately modifying the encrypted channel reception contract information, there is a high possibility that the decrypted result is better contract information (contract content) than before. The attack is easily successful.

When the error detection code is verified (step S115), the work key K is obtained from the received contract related information packet.
to get the _w and receiving contract information _{C R} (step S116),
Work key storage unit 124, reception contract information storage unit 1
16 (step S117).

Next, some variations of the present embodiment will be described.

<Variation 1> First, variations regarding the type of content use information will be described.

In the above description, the content usage information including the expiration date, the frequency limit, and the device restriction as illustrated in FIG. 4 has been described, but of course, various other usage restrictions may be considered. Can be

As an example, use conditions such as model restrictions can be considered. This is a condition for limiting the use of content to a certain model, for example, by promoting the sales of a specific model by making the broadcast content available only to the device of a specific model, and thereby reducing the broadcast contract fee. And other operations. In addition to such operations, depending on the model, there is a security hole in the management of the use conditions, and the use conditions may not be observed. In such a case, if a model restriction is included in the use condition, the secondary use for such a model can be restricted. In addition, a method of embedding the model ID of the permitted model in the license information in the case where the model is limited is conceivable.

Similarly, it is also possible to include, for example, copy prevention and copy number limitation in the usage conditions. By doing so, the number of times of copying from the secondary usage device can be limited.

<Variation 2> Next, a variation regarding the description method of the channel contract information will be described.

In addition to the method of directly describing information as shown in FIG. 4 (expansion format), the method of expressing the information in a bit string (bit format) assuming that the use condition is restricted as shown in FIG. 25 is used. It is possible. In the channel reception contract information shown in FIG. 25A and the channel transmission contract information shown in FIG. 25B, the expiration date, the number of copies, and the device limitation are listed as the use conditions. "
The conditions are limited to "unrestricted copy permitted, one-time copy permitted, not copy permitted" and "unlimited, restricted". Eighteen conditions that can be represented by these combinations are represented by the corresponding bit being 1. are doing. That is, slightly 18
Channel contract information can be represented by bits of data. If the use conditions are integrated using the channel contract information in such a format and a logical product (AND) for each bit is used, the integrated use conditions can be easily created. The integrated usage condition shown in FIG.
Matches channel transmission contract information.

As a result, the best use condition can be efficiently found even when the use condition is modified. For example,
When integrating the use conditions of "I want to use once without indefinite period and use it without device restrictions" by the priority of copy restriction, expiration date, and device restriction, first, copy once (part in the middle) 6), and if the value is not 0, the expiration date is compared therein. In the example of FIG.
One-time copying is permitted, and those with an unlimited expiration date are searched for, but they do not exist. Therefore, one week having the longest period among the permitted expiration dates is selected. There are two types of devices that can be copied once and have an expiration date of one week, with or without device limitation. In this case, since the user wants to use the device without the device restriction, the device without the device restriction is adopted, and the use of “one-time copying for one week and no device restriction” is determined as the integrated content use condition. be able to.

In this way, the lists as shown in FIGS. 13 to 15 become unnecessary, and a broadcast receiving apparatus having only a small memory area can be realized, and high-speed processing can be performed. Further, the channel contract information is significantly reduced, so that transmission is facilitated. Since the types of contract states are limited as compared with the case of using the lists as shown in FIGS. 13 to 15, it is effective to use both depending on the requirements of the system to be used.

In some systems, the transmission bandwidth of the reception contract related information packet including the channel reception contract information is different from the transmission band of the program related information packet including the channel transmission contract information. May be small. In such a case, a method is conceivable in which information with a smaller transmission amount is described in a bit format, and information with a larger transmission amount is described in an expanded format. In this case, it is necessary to temporarily convert the contract information in the bit format into an expanded format and perform matching, so that in general, it is necessary to perform a process of expressing a different condition description format in a uniform format. Use expressions to integrate in the same way as before. Such a scheme also occurs when the broadcasters of the program-related information packet and the channel reception contract-related information packet are different.

<Variation 3> Next, a variation regarding the integration processing of channel reception contract information and channel transmission contract information will be described.

In the above-described integration processing, each item is prioritized, and a use condition having a higher priority is adopted. However, by defining an evaluation function using each condition as an item, the user can be further improved. It is possible to select a use condition that is close to the desired one.

[0211] In the following, the method using the evaluation function is described in the case where the content usage condition desired by the user is "December 25, 1999".
An example in which “there is no device restriction up to five times until the day” will be described.

FIG. 26 shows an example of a processing procedure in the use condition determination / correction unit 117 in this case. Note that FIG.
The algorithm shown in FIG. 11 replaces the algorithm shown in FIG. 12, and the processing is shifted from the algorithm shown in FIG.

First, the input channel reception contract information and channel transmission contract information are integrated to create an available contract information list as shown in FIG. 15 (step S12).
1).

Next, an evaluation value is calculated for each available contract information in the prepared available contract information list (step S122).

First, there are three basic items: “expiration date”, “frequency limit”, and “device limit”.
A basic evaluation value as shown in FIG. 9 is given (there is a concept that the third evaluation value in FIG. 29 is set to 0).

Further, these basic evaluation values are respectively represented by w
_d , w _t , w _m and replace the evaluation function with f (x) = 10 w _d (x) +5 w _t (x) +2 w
_When defined as _m (x), the evaluation value of each available contract condition is calculated as shown in FIG.

In the case of this example, the highest value (150) among the evaluation values shown in FIG.
The available contract information of "viewable only up to 10 times with device limitation" (second from the bottom in FIG. 30) is selected (step S123). All the available contract information satisfies the above-mentioned desired use conditions except for the device limitation.

By the way, the usable contract information having the next highest evaluation value (140) is “3 by January 7, 2000.
30 can be viewed without device limitation "(first from the bottom in FIG. 30), and only the number of times does not satisfy the desired use condition. These conditions have an evaluation value difference of 10,
From this, it can be understood that the properties of the modified use conditions output by how to take the evaluation function and the basic evaluation value are changed. This is a merit of modifying the use condition using the evaluation function. In other words, this means that the user can automatically correct appropriate use conditions by appropriately setting the evaluation function as he or she likes.

In the above example, the desired use condition specifies a finite number of times. However, if the desired use condition specifies an unlimited number of times, the basic evaluation value shown in FIG. 27 cannot be used as it is. In such a case, a method is conceivable in which the number of uses is calculated as an upper limit that is sufficiently large, for example, 100 times. Of course, whether this upper limit is sufficiently large depends on other conditions such as the expiration date. For this reason, referring to other conditions such as the expiration date and setting the finite number of times to refer to the basic evaluation value when the unlimited number of conditions are specified, it is possible to correct the usage conditions more accurately. To contribute.

In order to select more accurate usage conditions, it is preferable to provide a function for inquiring the user. It is the content usage method selection I / F
106. Here, in addition to inputting the desired use condition of the content, when the desired use condition is not satisfied, the use conditions are rearranged in descending order of the evaluation value and displayed as shown in FIG. Encourage voluntary choices.

FIG. 32 shows an example of the processing procedure in the above case.

First, when the channel receiving contract information and the channel transmitting contract information are input, the use condition judging / modifying section 117 integrates them by the above-mentioned means to create a usable contract information list (step S1). S131).

Subsequently, an evaluation value is calculated for each available contract information in the available contract information list by using the above-mentioned evaluation function (step S132).

Here, the available contract information is rearranged in the descending order of the calculated evaluation value (step S133), and the rearranged list is transmitted to the content use method selection I / F 106 via the content output control unit 118. (Step S134).

The content use method selection I / F 106 outputs a use method selection screen as shown in FIG. 31 on the screen to prompt the user to select a use method. Here, since the evaluation values are displayed in descending order, the user can select a usage mode that is close to desired without displaying the next screen, which is convenient.

It is also possible to output more selectors by specifying conditions that can be clearly omitted and omitting them. In the case of the example of FIG. 31, the third and fourth use conditions correspond thereto, that is, the fourth condition is a limitation on the expiration date of the third condition, and is a wasteful selection condition ( That is, the fourth condition is omitted). These can be determined by comparing conditions, and it is easy to specify if the number of candidates is small.

<Variation 4> Next, a description will be given of a variation of the processing and configuration for creating the license information in the secondary usage output unit 121.

In the above-described embodiment, the license information is handled as digital data separated into contents as illustrated in FIG. However, this cannot be used for use control after analog conversion at the time of output (because license information is separated). That is, in the above-described embodiment, digital recording can be controlled, but analog recording cannot be controlled. Therefore, a method that can perform secondary usage control even after conversion to analog data is important.

On the other hand, in recent years, digital watermarking technology for embedding data in analog data such as images and sounds has attracted attention in recent years (see "Basics of Digital Watermarking" (by K. Matsui, Morikita Publishing, 1998)). . Using this technique, information can be embedded in analog data in an inconspicuous and not easily extracted manner. In other words, when the digital watermarking technology is used, the license information can be embedded in the analog data. Therefore, even if the data becomes analog data, not only can the usage management be performed, but also the license information having no physical separation can be obtained. Management is also easy.

Hereinafter, license management using a digital watermark will be described.

FIG. 33 shows the secondary usage output unit 12 in this case.
1 shows a configuration example. As shown in FIG. 33, the secondary usage output unit 121 includes a content input unit 221, a digital watermark embedding unit 222, a content encryption unit 223, a content output unit 224, a device master key storage unit 225, and a usage condition input unit 226. , A usage condition generation unit 227.

FIG. 34 shows an example of the processing procedure in this case.

First, when a content use condition is input from the use condition input unit 226 (step S141), the content use condition is sent to the use condition generation unit 227. The usage condition generation unit 227
It is determined whether there is a device limitation in the input content use condition (step S142). Here, if there is a device-limited use restriction, the device ID is acquired from the secondary usage device in the same manner as in the case of FIGS.
143), license information is generated in a format as illustrated in FIG. 18 (step S144). If there is no device-limited use restriction, license information is generated as it is (step S144).

Next, the generated license information is sent to the digital watermark generation unit 222, and is embedded in the content input from the content input unit 221 (step S145).
The embedded content is transmitted to the content encryption unit 223.
In, it is encrypted by the device master key _{K m} obtained from the device master key storage unit 209 (step S146, S
147), and output from the content output unit 224 (step S148).

With the above configuration, both the processing and the configuration are simplified. In addition, since the digital watermark is embedded for each image, it takes time, and when the content is reproduced and used by purchasing a new license, the embedded digital watermark is once removed and newly created. A watermark needs to be embedded (this happens because the license information is not separated from the content information). In such a situation, in order to take advantage of each other's good points, a system configuration to operate by deciding whether to reflect it as a digital license or to embed it in an analog layer with a digital watermark according to the type of limited items included in the license is also considered. Can be

<Variation 5> Next, the device reliability of the secondary usage device will be described.

In the present embodiment, even if the content use condition is output in the form of license information, it is meaningless if the secondary use device does not adhere to it. This is also true for normal device connection.

In view of this point, the international standard IEEE 1394 concerning connection between digital devices which has been studied in recent years introduces an authentication protocol. The IEEE 1394 standard provides protection mechanisms for input and output between digital devices, and standardizes copy protection on buses and connection cables over which they are transferred.

Therefore, in the present embodiment, a method of connecting the broadcast receiving device and the secondary usage device with an IEEE 1394 bus and using the above authentication protocol is also conceivable.

Hereinafter, a connection line used for data transfer between devices, such as a bus and a connection cable, is particularly referred to as a “connection line”.

[0241] Conventionally, encrypted data recorded on a DVD or the like is copy-protected in the sense that raw data cannot be directly read from the DVD. It is output as raw data to an external device (such as a TV). In this case, if the raw data is captured on the connection line, the copy protection is easily broken. Therefore, from the standpoint of protecting contents even on a connection line, IEEE 1394 realizes copy protection on a connection line by encrypting and transferring contents using an encryption key mutually agreed between connected devices. It is a copy protection standard.

However, no matter how much copy protection is performed on the communication path, it is meaningless if the encrypted content is decrypted because of an inadequate design of the output device and the content can be stored in a raw state. . Therefore, it is determined whether or not the model of the partner device is included in the invalid device list (revocation list) obtained separately, and if it is included, the output is rejected. If it is not included, output the challenge data to the other device to confirm that the connected device is really the model, and use information that only the model can know,
Have the challenge data digitally signed,
They are sent back and the signature is verified to perform authentication.

However, since it is not realistic that one device holds the public keys of all the models, the public keys are actually obtained from the connected devices. However, while the public key is also a verification key for the signature, there is a fact that a public key / private key pair can be generated relatively easily, so a machine of another model sends a public key by imitating the model. There is a method of breaking protection. For this reason, each model creates a pair of public and private keys at the time of release,
An authentication method is adopted in which a public key is indicated to a management organization defined by EE1394, a digital certificate is issued, and the digital certificate is transmitted. The digital certificate is digitally signed with the private key of the management organization, and the corresponding public key is included in all devices in advance.By authenticating the digital certificate including the public key, It can be determined whether the public key is correct.

The digital signature creation can be roughly divided into a method using public key encryption and a method using common key encryption. The former takes longer processing time than the latter, but since it is more secure, A model with high computational power (mainly a stationary type) and the latter are inferior in security, but can be executed on a model with low processing power, and therefore are applied to a model with low computational power (mainly a portable type). After authentication, a key exchange protocol is executed based on information (for example, a public key) commonly known to each other to exchange keys, and the contents are encrypted and transferred using the keys.

When IEEE 1394 is used, transfer between devices in the present embodiment must also conform to IEEE 1394. In this sense, they can be shared, and what is required in this embodiment is the device authentication part. That is,
As described above, even if the secondary usage is restricted in the present embodiment, if the secondary usage device does not execute it or can be prevented from being executed by simple modification, the device of the model is Should not be used secondarily. However, even in this case, since the copy protection may operate normally, it is desirable to distribute the invalid device list separately from IEEE1394.
For this purpose, it is effective to define a packet exclusively and transmit it by broadcasting. Further, IEEE139 the content key _{K c} which defines as an encryption key of the content above
It may be a shared key generated by four protocols.
In that case, IEEE139 on the secondary use output unit 121 of the present embodiment is encrypted by the content key _{K c} to create
There is no need to further encrypt with the transfer key defined in 4,
Processing can be omitted.

[0246] The following describes the content output control section 118 when the above-described authentication process is introduced.

FIG. 35 shows a configuration example of the content output control section 118 in this case. As shown in FIG. 35, the content output control unit 118 includes a usage condition input unit 301,
An output determination unit 302, a device authentication unit 303, and a usage information output unit 304 are included.

FIG. 36 shows an example of the processing procedure in this case.

[0249] Content usage conditions are input from usage condition input section 391 of content output control section 118 (step S151), and output determination section 302 determines output of the content. The actual output determination is performed by the use condition determining / correcting unit 117.

Here, it is not available (step S15
2) If the correction is not possible (step S153), an output of non-permission is output to the secondary usage output unit 121 (step S154), and the process is terminated.

In other cases, the desired or modified usage conditions are obtained (steps S152 and S15).
3, S155), the output determination unit 302 determines whether the content can be output based on the result of device authentication of the device authentication unit 303 described later (step S1).
56) If the output is permitted, the content use condition is output from the use condition output unit 304 to the secondary use output unit 121 (step S157). If the output is not permitted, a signal indicating that the use is not permitted is output to the secondary use output unit 121 (step S154).

On the other hand, the device authentication unit 303 authenticates the secondary usage device from the broadcast receiving device from the time when the content usage condition is input, independently of the above process (step S158).

In the authentication, first, the model ID is transmitted from the secondary usage device.
Is output, and whether or not the secondary usage device of the model ID is a secure device is determined inside the receiving device.
This is performed with reference to the revocation list showing the list of D. Here, if it is determined that the model is safe, it is checked whether the connected model is a model having the ID. For this confirmation, a digital signature technique is used.

For the digital signature technology, for example, the following forms can be considered. First, the broadcast receiving apparatus sends a message selected at random to the secondary use apparatus, and has the message returned by encrypting using secret information that only the secondary use apparatus having the ID can know. Then, by decrypting and verifying the returned ciphertext using the corresponding key of the broadcast receiving apparatus, it is possible to authenticate that the secondary usage apparatus having the ID is connected.

Here, if the user is not authenticated (step S1)
59) A signal indicating that the secondary usage device has not been authenticated is output to the secondary usage output unit, and the process ends (step S161).
If the authentication is successful, the same process is performed from the secondary usage device side (step S160), and the broadcast receiving device receives the random message sent from the secondary usage device side using the authentication secret key of the receiving device. Encrypt and send. As a result, if the receiving device is authenticated by the secondary usage device (step S163), a signal indicating that the output of the usage condition may be permitted is transmitted to the output determination unit 302. If not,
A signal indicating that the broadcast receiving apparatus has been unauthenticated is sent to the secondary use output unit 121 (step S162), and the process ends.

Further, at the time of authentication, a configuration in which the receiving device only authenticates the secondary usage device can be considered. In general, authentication is a process that requires a long processing time, so that processing is halved in only one direction. In addition, in the sense that the broadcast receiving apparatus can decrypt data transmitted from the broadcast station using the secret data, it can be considered that the broadcast receiver has already been authenticated by the broadcast station.

<Variation 6> In the description so far, the channel transmission contract information is broadcasted simultaneously with the corresponding content. However, the channel transmission contract information may be transmitted, for example, by EPG (Electronic Pro
The program may be included in a program guide (electronic program guide) and broadcast in advance.

In the following, an embodiment will be described in which channel transmission contract information is broadcasted in advance and the content use condition can be determined prior to the broadcast of the content, in which the content use condition is determined at the time of recording reservation. .

FIG. 37 shows a configuration example of a broadcast receiving apparatus having a recording reservation function. The present broadcast receiving apparatus is basically the same as the configuration in FIG. 1, and thus only different points will be described.

FIG. 38 shows an example of the structure of electronic program guide information including channel transmission contract information.

As shown in FIG. 7, the electronic program guide information packet includes an information identifier, a channel identifier, a content identifier, channel transmission contract information, and program information. Information identifier, channel identifier, content identifier,
The channel transmission contract information is the same as before. The program information is information on the corresponding content, for example,
Information such as a title, broadcast start date and time, broadcast end date and time, genre, and performer. The electronic program guide information is broadcast on a contract channel, for example. The electronic program guide information packet is not encrypted.

The channel transmission contract information may be included in the program-related information packet, or may be broadcast only in the electronic program guide information packet.

[0263] Also, here, a content packet and
A content identifier is added to a packet including other channel transmission contract information (a packet including information corresponding to content).

In FIG. 37, when an electronic program guide information packet is received, the program information and each identifier are passed from the filter unit 111 to the content use method selection I / F 106 via the program related information decoding unit 113. The content is stored in the content usage method selection I / F 106. The channel transmission contract information and each identifier are stored in the transmission contract information storage unit 128.

For example, when the user makes a recording reservation, the user inputs desired content usage conditions in addition to the usual operations such as program designation and recording destination. Thereafter, determination and correction of the content use conditions are performed in the same manner as in the processing described above, and finally the content use conditions for the content are determined.

At this time or at an appropriate timing thereafter, license information is created.

Next, the content usage method selection I / F10
6. Monitor the broadcast start time of the content reserved for recording, or monitor whether the identifier of the content has been received, and monitor the broadcast start time (or a certain time before the broadcast start time).
, Or when the identifier of the content is received, the recording is started. That is, the content is encrypted, and the encrypted content and the license information are transmitted to the recording device.

[0268] Thereafter, the recording device uses the content in accordance with the given license information.

<Variation 7> Next, a method for compressing channel reception contract information will be described.

In the above, the description has been made on the assumption that the channel and the channel reception contract information correspond one-to-one. In this case, however, the channel reception contract information which may be relatively large in size is described. Since the delivery is performed for each channel, the transmission amount of the channel reception contract information depends on the relationship between the number of subscribers, the number of channels, the size of the channel reception contract information, the distribution frequency, and the transmission band of the communication path. May squeeze the transmission band of the communication path.

Therefore, a method for transmitting common channel contract information to a plurality of channels will be described below.

By the way, in the case of CS broadcasting having a large number of channels, for example, in most cases, several types of packages (sets of a plurality of channels) are provided and contracts are made in units of the packages.

Here, assuming that the system is adapted to such a system, a case where a package identifier is introduced instead of the channel identifier in FIG. 3 will be described as an example.

A package is a set of a plurality of channels, and a package identifier is an identifier for identifying a package.

Further, it is assumed that package definition information describing which channel is included in the package of the package identifier is separately transmitted. However, here, for simplicity of description, a bit string as shown in FIG. 2 is used as a package identifier. In this case, the channel corresponding to the bit position where 1 stands in the bit string (in FIG. 2, 2
Channel 5, channel 7, channel 7, and channel 8) mean channels included in the package.

[0276] By doing so, channel reception contract information of a plurality of channels can be transmitted collectively, which is effective from the viewpoint of reducing the amount of transmission. Of course, even in such a system, it is possible to transmit individual channel subscription information for each channel, because
Of the 8 bits, only the bit corresponding to the channel is 1
What should I do?

In the process of changing the package identifier to be introduced, the reception contract related information decoding unit shown in FIG. 1 replaces the part stored in the reception contract information storage unit with the channel identifier and the channel reception contract information as a set. Interpret the identifier and convert it into a description format for each channel,
What is necessary is just to change so that it may be stored in the receiving contract information storage unit.

When the package identifier is introduced,
Correspondence with the work key becomes a problem. In this case, channels included in the same package have the same work key,
Assuming that the work key is different for each channel as described above, there is a method in which the work key of the channel corresponding to the individual contractor is encrypted with the master key of the broadcast receiver of the contractor and transmitted separately according to the contract. Conceivable.

(Second Embodiment) The processing related to the secondary use of the broadcast receiving apparatus of this embodiment, the processing for each information, and the like are basically the same as those of the first embodiment. The following description focuses on points or points to be added.

In the first embodiment, a system is assumed in which each broadcast receiving device has an individual master key, but in the present embodiment, a description will be given assuming a system in which all receiving devices have a common master key. . In such a conditional access system, there is no need to individually encrypt and transmit the contract information to each receiving device, so that there is an advantage that the amount of limited reception transmission can be reduced. Further, in the present embodiment, countermeasures are taken against security when the master key is broken by using forgery prevention technology such as digital signature.

In the first embodiment, a three-stage key configuration as shown in FIG. 5 is adopted. In the present embodiment, a two-stage key configuration as shown in FIG. adopt. That is, encrypted and transmitted by a common master key K _M channel key K _ch and channel reception contract information to all of the receiving device. The broadcast content is decrypted using the transmitted channel key.

Hereinafter, an example will be described in which control for secondary use is realized as conditional access by integrating channel reception contract information and channel transmission contract information on the conditional access system in the same manner as in the first embodiment.

In the first embodiment, the broadcast receiving apparatus receives a content packet (FIG. 6), a program-related information packet (FIG. 7), and a reception contract-related information packet (FIG. 8). In response to the above, the broadcast receiving apparatus receives a content packet as shown in FIG. 40 and a reception contract related information packet as shown in FIG.

A content packet is shown in FIG.
Information identifier, channel identifier, channel key identification
Bespoke channel transmission contract information C_sFrom broadcast content
Broadcast content from the channel transmission contract information
Up to the channel key K _chIs encrypted. What
The meaning and role of each piece of information are the same as in the first embodiment.
Therefore, the description is omitted here.

[0285] Unlike the first embodiment, in the present embodiment, channel transmission contract information is included in a content packet. This is inevitably due to the two-stage key structure, but has the advantage that it is easy to configure the system because the content and the channel transmission contract information of the content are physically linked.

As shown in FIG. 41, the received contract related information packet includes an information identifier, a master key identifier, a channel identifier, a channel key identifier, a channel key, the number of contract information n, n pieces of contract information, It consists of a signature, and the part from the channel identifier to the digital signature is encrypted with the master key.

[0287] The digital signature is a digital signature relating to the number n of contract information and the parts from contract information 1 to contract information n. The digital signature is for preventing forgery of the contract information, and has a property that if one bit of the contract information is changed, the digital signature cannot be verified. Furthermore, in order to create a digital signature, it is necessary to know a secret key that exists only on the broadcast station side. For this reason, forgery of contract information can be prevented by adding a digital signature.

Here, as shown in FIG. 42, the "contract information" comprises a receiving device ID and channel receiving contract information, and represents channel receiving contract information corresponding to the receiving device ID.

The meanings and roles of the other information included in the reception contract related information are the same as those in the first embodiment, and a description thereof will be omitted.

FIG. 43 shows a configuration example of a broadcast receiving apparatus according to the present embodiment.

As shown in FIG. 43, the present broadcast receiving apparatus includes a receiving section 101, an A / D conversion section 102, an error detection / correction section 103, a channel selection section 104, a channel selection interface (I / F) 105, Conditional reception processing unit (conditional reception chip) 106, content use method selection interface (I / F) 107, content use condition display unit 108
Having. In the conditional access processing unit 100, that is, the conditional access chip, the filter unit 111, the descramble unit 112, the reception contract related information authentication unit 114, the reception contract related information decoding unit 115, the reception contract determination unit 116, the use condition determination / correction Unit 117, content output control unit 118, channel information input unit 119, standard output unit 120, secondary usage output unit 121, master key storage unit 122, receiving device ID storage unit 123, channel key storage unit 125, channel key output unit 126, a reception contract information storage unit 127, a transmission contract information storage unit 128, and a transmission contract information extraction unit 129, and are provided with tamper resistance.

Hereinafter, the operation of the broadcast receiving apparatus according to the present embodiment will be described.

FIG. 44 to FIG. 46 show an example of the operation procedure of the broadcast receiving apparatus of the present embodiment.

After receiving the broadcast wave (step S201), the broadcast receiving apparatus of this embodiment performs A / D conversion to convert it into digital data (step S202), and performs error detection and error correction (step S202). S203), if the packet is a content packet based on the information identifier in the packet in the filter unit 111 (step S204),
With reference to the channel identifier, it is determined whether or not the content is a viewing channel (step S205). If the content is a viewing channel, the content is transmitted to the descrambling unit 112 (step S206). If not, the process for the packet ends. If it is a received contract related information packet (step S207), it is transmitted to the contract related information (step S208).

Next, the processing of the content packet of the viewing channel will be described in detail with reference to the flowchart of FIG.

When the content packet is transmitted to the descrambling unit 1
12, the descrambling unit 112 requests the channel key output unit 126 to output a channel key (step S211). Channel key output unit 126
Then, the channel identifier is input to the reception contract determination unit 116, the channel reception contract information of the channel is acquired from the reception contract information storage unit 127, and when the contract flag is 1, the output permission signal of the channel key is transmitted. Output, and if it is 0, an output non-permission signal of the channel key is output (steps S212 to S217). When the channel key output disapproval signal is input, the channel key output unit 126 ends the processing for the packet.

When a channel key output permission signal is input to channel key output section 126, channel key output section 126 sends the channel identifier and the channel key identifier to channel key storage section 125, acquires the channel key, and descrambles the channel key. The content is sent to the unit 112 (step S218), and the descrambling unit 112 descrambles the content (step S219).

The transmission contract information extracting unit 129 determines whether or not the descrambled content includes the channel transmission contract information by using the information identifier (step S22).
0), if included, acquire channel transmission contract information and store it in transmission contract information storage section 128 (step S)
221).

Next, the content is sent to the content output control section 118, and the content usage information is checked for the content in the same manner as in the first embodiment (step S222). As a result of the check, if the use is not permitted, the use permission is displayed on the content use condition display unit 107, and the process is terminated. If permitted, whether it is standard output along with the usage form and content
The output is output to the standard output unit 120 and the secondary use output unit 121, respectively, depending on whether the output is the next use output (step S223).

When the license information is output to the secondary usage output unit 121, license information and content corresponding to the license information are generated by the same processing as in the first embodiment (step S22).
4) Output to the secondary usage device (step S225),
The process ends.

Next, the processing of the reception contract related information packet will be described in detail with reference to the flowchart of FIG.

When the receiving contract related information is input to the receiving contract related information decoding unit 114, the receiving contract related information decoding unit 114
In to the master key identifier as a key, obtains the master key K _M from the master key storing unit 122 (step S23
1), decrypt the encrypted part (step S232). A channel key, a channel identifier, and a channel key identifier are extracted from the decrypted reception contract related information (step S23).
3) and store it in the channel key storage unit 125 (step S234).

Next, the part from the contract information number n to the digital signature is sent to the received contract information authentication unit 115.

The receiving contract information authenticating section 115 extracts the contract information number n and substitutes it into a variable MAX. Subsequently, the contract information is successively referred to, and the receiving device ID included in the contract information is compared with the receiving device ID in the receiving device ID storage unit 123 (steps S236 to S239). If they match, the digital signature is verified (step S240). , S241), and stores the corresponding channel received contract information _{C R} to receive the contract information storage unit 127 (step S242). If there is no contract information that matches the receiving device ID of the own receiving device, or if the digital signature cannot be verified, the process ends at that point.

The variations shown in the first embodiment can be applied to the present embodiment.

In the present embodiment, a portion of the processing function that does not need to be chipped (for example, a portion related to a user interface) can be realized by using software. Further, such a processing function part is for causing a computer to execute predetermined means (or for causing a computer to function as predetermined means, or for causing a computer to realize predetermined functions).
The present invention can also be implemented as a computer-readable recording medium on which a program is recorded.

The present invention is not limited to the above-described embodiments, but can be implemented with various modifications within the technical scope.

[0308]

According to the present invention, one or more first usage conditions which a subscriber has for a certain channel,
By integrating one or a plurality of second usage conditions defined for a certain content, various conditional access can be realized for each pair of a contractor and the content. This makes it possible to control usage of each content according to the value of the content, etc.
Conditional reception can be extended to secondary use of content, which has not been sufficiently achieved in the past.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration example of a broadcast receiving apparatus according to an embodiment of the present invention.

FIG. 2 is a diagram showing an example of channel development information.

FIG. 3 is a diagram showing an example of a data structure of channel contract information.

FIG. 4 is a diagram showing an example of a data structure of content use information.

FIG. 5 is a diagram for explaining a broadcast content encryption mechanism;

FIG. 6 is a diagram showing an example of a data structure of a broadcast content packet.

FIG. 7 is a diagram showing an example of a data structure of a program-related information packet.

FIG. 8 is a diagram showing an example of a data structure of a reception contract related information packet.

FIG. 9 is an exemplary flowchart illustrating an example of an overall processing procedure from reception of a broadcast to processing according to the content of a packet in the broadcast receiving apparatus according to the embodiment.

FIG. 10 is a flowchart illustrating an example of a processing procedure for a broadcast content packet;

FIG. 11 is a flowchart illustrating an example of a processing procedure in a use condition determining / modifying unit;

FIG. 12 is a flowchart illustrating an example of a processing procedure in a use condition determining / modifying unit.

FIG. 13 is a diagram showing an example of content use conditions in channel reception contract information.

FIG. 14 is a diagram showing an example of content usage conditions in channel transmission contract information.

FIG. 15 shows an example of an available contract information list.

FIG. 16 is a diagram showing an example of an extraction result list

FIG. 17 is a diagram showing an example of a data structure of license information.

FIG. 18 is a diagram showing an example of a content use condition.

FIG. 19 is a diagram showing an example of a data structure of encrypted content passed from a broadcast receiving device to a secondary usage device.

FIG. 20 is a diagram illustrating an example of an internal configuration of a secondary usage output unit.

FIG. 21 is a flowchart illustrating an example of a processing procedure for creating license information;

FIG. 22 is a flowchart illustrating an example of a processing procedure for encrypting content;

FIG. 23 is a flowchart showing an example of a processing procedure for a program-related information packet;

FIG. 24 is a flowchart illustrating an example of a processing procedure for reception contract related information;

FIG. 25 is a diagram showing another expression form of the content use condition.

FIG. 26 is a flowchart showing another example of the processing procedure in the use condition determining / correcting unit.

FIG. 27 is a diagram illustrating an example of a basic evaluation value for an expiration date.

FIG. 28 is a diagram showing an example of a basic evaluation value with respect to the number-of-times restriction.

FIG. 29 is a diagram showing an example of a basic evaluation value for a device limitation.

FIG. 30 is a diagram showing another example of an available contract information list.

FIG. 31 shows an example of an available contract information selection screen.

FIG. 32 is a flowchart showing still another example of the processing procedure in the use condition determining / correcting unit.

FIG. 33 is a diagram showing another example of the internal configuration of the secondary usage output unit.

FIG. 34 is a flowchart illustrating an example of a processing procedure in a secondary usage output unit;

FIG. 35 is a diagram showing an example of an internal configuration of a content output control unit.

FIG. 36 is a flowchart illustrating an example of a processing procedure in a content output control unit;

FIG. 37 is a diagram showing another configuration example of the broadcast receiving apparatus according to the embodiment.

FIG. 38 is a view showing an example of the structure of electronic program guide information including channel transmission contract information;

FIG. 39 is a view for explaining an encryption mechanism of broadcast content;

FIG. 40 is a diagram showing another data structure of a broadcast content packet.

FIG. 41 is a diagram showing another example of the data structure of a reception contract related information packet.

FIG. 42 is a diagram showing a data structure example of contract information.

FIG. 43 is a view showing still another configuration example of the broadcast receiving device according to the embodiment;

FIG. 44 is an exemplary flowchart showing an example of the overall processing procedure from reception of a broadcast to processing according to the content of a packet in the broadcast receiving apparatus according to the embodiment.

FIG. 45 is a flowchart showing an example of a processing procedure for a broadcast content packet;

FIG. 46 is a flowchart showing an example of a processing procedure for reception contract related information;

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 101 ... Receiving part 102 ... A / D conversion part 103 ... Error detection / correction part 104 ... Channel selection part 105 ... Channel selection interface 106 ... Conditional reception processing part (conditional reception chip) 107 ... Content use method selection interface 108 ... Content use Condition display unit 111 filter unit 112 descramble unit 113 program-related information decoding unit 114 reception contract-related information authentication unit 115 reception contract-related information decoding unit 116 reception contract determination unit 117 usage condition determination / correction unit 118 ... Content output control unit 119 ... Channel information input unit 120 ... Standard output unit 121 ... Secondary use output unit 122 ... Master key storage unit 123 ... Receiving device ID storage unit 124 ... Work key storage unit 125 ... Channel key storage unit 126 ... Channel key output unit 127: Received contract information storage 128 transmission contract information storage unit 129 transmission contract information extraction unit 201, 221 content input unit 202, 223 content encryption unit 203, 224 content output unit 204 content key generation unit 205, 226, 301 usage conditions Input units 206 and 227 use condition generation unit 207 content ID generation unit 208 license information generation unit 209 and 225 device master key storage unit 210 license information output unit 222 digital watermark embedding unit 302 output determination unit 303 Device authentication unit 304 ... Usage information output unit

Continued on the front page (51) Int.Cl. ⁷ Identification code FI Theme coat II (Reference) H04N 7/16 H04L 9/00 601E 685 F-term (Reference) 5C025 CB08 DA01 DA05 5C064 BA01 BB05 BB07 BC06 BC20 BD09 BD14 5J104 AA01 BA03 DA03 EA01 EA06 NA02 PA05 5K061 AA00 AA12 BB17 BB19 DD00 FF00 FF01 JJ03 JJ07

Claims (13)

[Claims] A means for receiving content information broadcasted using a channel; first use condition information for each subscriber, which is broadcast corresponding to a channel including a plurality of content information; Means for integrating the second use condition information broadcast corresponding to the content information and common to a plurality of contractors to create third use condition information corresponding to the designated content information; Means for controlling use of the received corresponding content information in accordance with the content use condition determined based on the created third use condition information. 2. The apparatus according to claim 1, wherein said controlling means includes means for controlling secondary use of the content information based on the determined content use condition.
A broadcast receiving apparatus according to claim 1. 3. The control means creates license information defining conditions to be used by a secondary usage device that secondary uses the content information in controlling the usage based on the determined content usage conditions. Means for encrypting the content information; a key for decrypting the encrypted content information; and a means for integrating and encrypting the license information; and the encrypted content information. The broadcast receiving apparatus according to claim 1, further comprising: a unit that transmits the encrypted key and the license information to the secondary usage apparatus. 4. The control means according to claim 1, wherein, when a plurality of content use conditions are created as said third use condition information, said controlling means sets the priority according to a predetermined priority for each restriction item included in each content use condition. Means for determining a single content use condition included in the third use condition information by comparing the content use condition included in the third use condition information with the input user desired content use condition 4. The method according to claim 1, wherein
The broadcast receiving device according to any one of the above. 5. The control means according to claim 3, wherein when a plurality of content use conditions are created as said third use condition information, said control means determines the input user-desired content use condition according to a predetermined evaluation function. And a means for evaluating each of the content use conditions included in the third use condition information to determine one content use condition included in the third use condition information. Item 4. The broadcast receiving device according to any one of Items 1 to 3. 6. The control means, when a plurality of content use conditions are created as the third use condition information, presents the plurality of content use conditions and accepts a selection designation from a user. 4. The apparatus according to claim 1, further comprising: means for determining one content use condition included in said third use condition information.
The broadcast receiving device according to the paragraph. 7. The control means according to claim 1, wherein said content use condition contained in said third use condition information includes a content use condition desired by the user, said content use condition being included in said third use condition information. When it is determined that the desired content use condition is adopted and there is no content that includes the user's desired content use condition, the user's desired content use condition is adapted to the third use condition information. The broadcast receiving apparatus according to any one of claims 1 to 6, wherein it is determined to adopt the corrected one. 8. A condition relating to an expiration date, a condition relating to the number of times of use,
The broadcast receiving apparatus according to any one of claims 1 to 7, further comprising at least one of conditions relating to restriction of a device or a model. 9. The apparatus according to claim 1, wherein said controlling means includes means for authenticating the secondary usage device when transmitting the content information to the secondary usage device.
Or broadcast receiver. 10. The broadcast receiving apparatus according to claim 1, wherein the second usage condition information is included in the same packet as the corresponding content information and broadcast. 11. The broadcast receiving apparatus according to claim 1, wherein the second usage condition information is broadcasted while being included in the same packet as the electronic program guide information for the corresponding content information. . 12. The broadcast receiving apparatus according to claim 11, wherein the determination of the content use condition by said control means is performed at the time of recording reservation. 13. A content use control method for controlling the use of content information to be broadcast-distributed in accordance with use conditions, comprising a plurality of content information included in the same channel and broadcasted for each subscriber. The first use condition information common to the plurality of subscribers and the second use condition information common to a plurality of subscribers and broadcasted in correspondence with each piece of content information are integrated to obtain the designated content information. A content use control method, comprising determining use conditions and controlling use of the corresponding content information based on the set use conditions.