JP2010119138A - Receiving device and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a broadcast receiving device and method capable of identifying the source of an unauthorized outflow of a work key. <P>SOLUTION: The broadcast receiving device includes: receiving means that receives broadcast contents encrypted by a first key, an ECM containing n encryption regions obtained by encrypting information, which contains the first key, by using n second keys, and an EMM obtained by encrypting information, which contains at least one of the n second keys, by using a third key uniquely held by the receiving device; EMM decoding means 108 that decodes the EMM by using the held third key and extracts at least one of the n second keys; storage means that stores the second key extracted by the EMM decoding means 108; ECM decoding means 111 that decodes the encryption regions in the ECM by using the second key stored in the storage means and extracts the first key; and a descrambler 106 that decodes the encrypted broadcast contents by using the first key extracted by the ECM decoding means 111. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a receiving apparatus and a receiving method.

  In recent years, digital broadcasting services using communication satellites and broadcasting satellites have been operated. In general, in a satellite broadcasting system, a limited reception service is operated by various methods such as a channel unit, a program unit, and a time unit.

  In the conditional access system, individual contract information corresponding to the contract status of the user is transmitted and set for each receiving device. The individual viewing contract information to be transmitted is called individual information EMM (Entitlement Management Message) data. EMM data to which an ID (Identification) number unique to the receiving device is added is transmitted from the center device to each receiving device as a broadcast signal. Multiplexed and transmitted. The EMM data is generally encrypted using a master key (Km) specific to the receiving device specified between the center device and the receiving device so that the EMM data is not wiretapped.

  The receiving apparatus receives its own EMM data from a unique ID, contract information is stored in the receiving apparatus, and a user can receive a limited reception broadcast service based on the contract information. In addition, in a scramble broadcasting system for copyright protection that does not provide a pay broadcasting service, individual viewer management is not necessarily required, and there may be cases where the level is different depending on the type of receiving device or the manufacturer of the receiving device.

  Also, the program is scrambled and broadcast with a scramble key (Ks), and the program information ECM (Entitlement Control Message) data encrypted with the work key (Kw) common to all receiving apparatuses is multiplexed and transmitted. The receiving device refers to the contract information in the stored individual contract information, decrypts the ECM data using the work key (Kw) in the stored individual contract information, and descrambles the key (Ks ) Can be finally watched.

  However, in such a conditional access system using a secret key, unauthorized exposure of the key greatly affects the entire system due to hacking or the like. For example, a situation may occur in which a master key (Km) is hacked and a receiving device that illegally views using the hacked master key (Km) is distributed to the market. In such a case, there arises a problem that the program can be viewed on all the receiving devices with one contract.

  However, when such a master key (Km) is leaked, if the leaked master key (Km) can be specified, a new EMM is sent to a receiving device other than the receiving device having this master key (Km), and the work key is sent. By updating (Kw), it is possible to prevent this unauthorized receiving apparatus from receiving broadcasts.

  That is, since the master key (Km) has a one-to-one correspondence with the receiving device, it is possible to identify the receiving device that is the source of the outflow from the master key (Km). However, since the work key (Kw) and the scramble key (Ks), which are other keys, are common information that does not include information for specifying the receiving device or the like, the scramble key ( It becomes difficult to specify the outflow source from the data itself of Ks) and the work key (Kw).

JP 2002-16901 A

  As described above, in the scrambled broadcasting system having the triple key structure, there is no individuality, and there is no means for specifying the outflow source when the work key (Kw) that is a key having a long update cycle is illegally leaked. There is.

  It is an object of the present invention to provide a system with a higher security level, which can identify the source of such work key leakage even if it is illegal.

  In order to achieve the above object, the present invention provides broadcast content encrypted with a first key, and n pieces of information obtained by encrypting information including the first key using n second keys. Receiving means for receiving the EMM encrypted using the ECM including the encryption area and the third key that the reception device inherently holds information including at least one of the n second keys, and holding Using the third key to decrypt the EMM and extract at least one of the n second keys, and a memory for storing the second key extracted by the EMM decryption unit Means, an ECM decryption means for decrypting the encrypted area in the ECM using the second key stored in the storage means and extracting the first key, and a first key extracted by the ECM decryption means And a descrambler that decrypts the encrypted broadcast content. To provide a device.

  In addition, the present invention provides a receiving device comprising receiving means for receiving broadcast content, ECM and EMM, EMM decoding means for decoding EMM, ECM decoding means for decoding ECM, and a descrambler for decoding broadcast content. The receiving means uses broadcast content encrypted with the first key and a second key composed of n different keys expressed in a space of n rows × 1 column. The information including one key selected from the ECM including n encrypted areas and the n second keys obtained by encrypting the information including the first key is uniquely given to each receiving apparatus. At least one of the n second keys, and the EMM decrypting means decrypts the EMM with the third key set in itself by the EMM decrypting means. Are extracted and the ECM decoding means A receiving method of decrypting a plurality of encrypted areas using an extracted second key to extract a first key, and using a descrambler to decrypt the broadcast content using the extracted first key provide.

  In the present invention, a work key (Kw) calculated on the transmission side and the reception side and a predetermined calculation table are transformed into individual work keys, and individuality is given to the work keys by calculation using the calculation table. It is possible to identify an outflow source even when an individual work key is illegally leaked.

Block diagram of broadcasting apparatus and receiving apparatus in the first embodiment Example of calculation table on the broadcasting device side in the first embodiment Example of calculation table on receiver side in the first embodiment Configuration example of ECM in the first embodiment Block diagram of broadcasting apparatus and receiving apparatus in the second embodiment Example of the Kw list on the broadcasting device side in the second embodiment Example of Kw list on the receiving apparatus side in the second embodiment Configuration example of ECM in the second embodiment Block diagram of broadcasting apparatus and receiving apparatus in the third embodiment Example of changing receiver allocation in the third embodiment

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram for explaining the configuration of a transmission device and a reception device used in the digital broadcasting system of the present invention.

  The transmission apparatus 101 outputs the scrambler 103 that encrypts the input broadcast content converted into the transport stream (TS) with the scramble key (Ks) that is the first key, and the encrypted broadcast content. Output means (not shown).

  The transmission apparatus 101 has a calculation table 108 that is a first conversion table, calculates a work key (Kw) that is a second key according to the calculation table 108, and is an individual work key that is an n fourth key group. It has the calculation means 109 which produces | generates (Dwi).

  In addition, there is an ECM generating means for encrypting information including the scramble key (Ks) using the individual work key (Kwi) and generating program information ECM including n encrypted areas.

  In addition, EMM generation means 105 that encrypts information including a work key (Kw) using a master key (Kw) that is a third key that is uniquely held by the receiving apparatus and generates individual information EMM is provided. ing.

  These program information and individual information are multiplexed with the broadcast content encrypted by the encryption means and broadcast by the transmission means.

  The work key (Kw) calculating means 109 of the transmitting apparatus 101 performs an operation according to the operation table 108 with the work key (Kw) as an input, and a plurality of individual work keys (Dwi) obtained as a result are input to the ECM generation 110. Entered. In the ECM 110, the scramble key (Ks) is encrypted with a plurality of individual work keys (Dwi), and a plurality of encrypted scramble keys (Ks) are assembled as an ECM. The generated ECM is a transfer stream ( TS) is multiplexed and transmitted.

  The receiving apparatus 102 calculates the broadcast content encrypted with the scramble key (Ks), the work key (Kw) key according to the first conversion table 108, the individual work key (Dwi), the scramble key (Ks) ) Including the program information EMM including the n encrypted areas and the information including the work key (Kw) are uniquely stored in the receiving apparatus. Receiving means (not shown) for receiving individual information encrypted using the master key (Kmi), and decrypting the individual information ECM using the held master key (Kmi) to obtain the work key (Kw) EMM decoding means 108 for extracting is included.

  Also, a calculation means for calculating the work key (Kw) extracted by the EMM decryption means 108 according to the second conversion table 113 and generating at least one individual work key (Dwi) among the n fourth key groups. 112 and an ECM decrypting unit 111 for decrypting one of n encrypted areas in the program information using the individual work key (Dwi) generated by the computing unit 112 and extracting a scramble key (Ks). Have.

  In addition, a descrambler 106 that decrypts the encrypted program content using the scramble key (Ks) extracted by the ECM decryption unit 111 is provided.

  In the receiving apparatus 102, for example, Dw0 is calculated from among a plurality of individual work keys (Dwi) generated by the transmitting apparatus 101 by the Kw calculation 112 using the work key (Kw) obtained by the EMM decryption 108 as input. Obtained as the operation result. This Dw0 is input to the ECM decryption 111, and a single scramble key (Ks) encrypted with this Dw0 is decrypted to obtain a final scramble key (Ks).

  That is, the calculation table 108 of the transmission apparatus 102 is a table for calculating individual work keys (Dwi) for a plurality of receivers, and the calculation table 113 of the reception apparatus 102 is an individual work key (Dwi) assigned to this reception apparatus. ) For calculating one). By doing so, the transmitting apparatus 101 generates a plurality of individual work keys (Dwi) having identification from the work key (Kw) that is one piece of common information, and this individual work key (Dwi) is transmitted to each receiving apparatus. By assigning, the work key (Kw) can be identified for each receiving device, and the receiving device can be specified when the individual work key (Dwi) is illegally leaked.

  Next, the calculation tables 108 and 113 and the work key (Kw) calculation means 109 and 112 will be described in more detail.

FIG. 2 shows an example of the calculation table 108 of the transmission apparatus 101, and also shows the calculation performed by the work key (Kw) calculation 109. At this time, i is the resolution in the spatial direction, and j is the resolution in the time direction. As an example, it is assumed that the table is a 4 × 4 matrix with j = j = 4, and the calculation performed by the Kw calculation means 109 is an exclusive OR of Kw and each Tij. In this case, there are four tables in the spatial direction. For example, when j = 1, Dw11 = T11 XOR Kw
Dw21 = T21 XOR Kw
Dw31 = T31 XOR Kw
Dw41 = T41 XOR Kw
Is calculated and output. This is repeated four times in the j direction, and the process returns to the original.

FIG. 3 is an example of the calculation table 113 and the Kw calculation 112 of the receiving apparatus 102. The calculation table 113 of each receiving device is an arbitrarily selected one of i = 1 to 4 in the calculation table 108 of the transmitting device 101. In this example, the receiver 1 has T11, T12, T33, T44. It is assumed that T13, T42, T33, and T34 are given to the receiver 2. This given table is identification information for Kw, and in receiver 1, Dw11 = T11 XOR Kw
Dw12 = T12 XOR Kw
Dw33 = T33 XOR Kw
Dw44 = T44 XOR Kw
Is calculated and Dw13 = T13 XOR Kw in the receiver 2
Dw42 = T42 XOR Kw
Dw33 = T33 XOR Kw
Dw34 = T34 XOR Kw
Is calculated.

  That is, Dw11, Dw12, Dw33, and Dw44 are always calculated in the receiver 1, and Dw13, Dw42, Dw33, and Dw34 are calculated in the receiver 2, and it is assumed that this individual work key Dw is leaked from the receiver by this value. It is also possible to identify the receiver of the outflow.

  In this example, an example in a 4 × 4 space is shown, but this is not particularly limited, and 8 × 8, 16 × 16. . . By creating a similar table in an n × m space, the resolution can be increased.

  In addition, although the operation is shown as exclusive OR here, it is not particularly limited to this, and other logical operations such as and, or, and four arithmetic operations such as addition, multiplication, etc. are not particularly specified. It is only necessary that the contents of the selected table element match the contents of the table element selected on the receiving side.

  Further, as a table element for performing the Kw calculation, it is possible to use a problem form without limiting to a simple calculation such as “answer the larger of the number of“ 1 ”and the number of 1 of the table element in Kw bits”. .

  In the present invention, a plurality of Dwij are derived in the spatial direction as in the above example. In the ECM generation 110, a plurality of encrypted Ks generated by encrypting Ks using this Dwij is generated. Multiple bundles are output as ECM.

  The configuration of this ECM is shown in FIG. Here, as in FIG. 2, the case of a 4 × 4 matrix will be described as an example.

  Ks encrypted with each Dwij is displayed as E (Ks, Dwij). The ECM generated at every certain time (every j) includes four E (Ks, Dwij). In this case, it is a four-cycle loop. Here, H is header information indicating that this data is ECM data, for example.

The operation of the ECM decoding 111 in the receivers 1 and 2 as shown in FIG. 3 will be described. Dw used in the receiver 1 is Dw11 = T11 XOR Kw
Dw12 = T12 XOR Kw
Dw33 = T33 XOR Kw
Dw44 = T44 XOR Kw
Are generated in the order of E (Ks, Dw11), E (Ks, Dw12), E (Ks, Dw33), E (Ks, Dw44).
The area information is selected and the decoding operation is performed.

Similarly, in the receiver 2, E (Ks, Dw13), E (Ks, Dw42), E (Ks, Dw33), E (Ks, Dw34)
The area information is selected and the decoding operation is performed.

  The identification code in FIG. 4 may be included in the header information, but is separated for convenience of explanation. This identification code indicates, for example, at which timing Dwij the E (Ks, Dwij) stored in one ECM is encrypted. For example, the value of j is encoded and becomes this information. . The receiving device refers to the information of j of Tij, which it has, and this identification code, and uses it to specify Dwij necessary for decoding the received ECM. Further, regarding the information of i, the storage position may be ruled in advance such as 1, 2, 3 from the head, or may be coded in the same way as j to be an identification code. In that case, for example, the position information specified by i can be coded, and the position specified by a certain ij can be made variable.

  As described above, when a work key (Dw in this case) is leaked from a certain receiver by performing calculation for adding a plurality of identification information on the transmission side and giving different table selection patterns to the reception side. If you look at the pattern, you can identify the receiver. Naturally, in the present invention, the ECM cannot be decrypted with the work key (Kw) itself, and unauthorized viewing cannot be performed. Also, if the table pattern and the work key (Kw) flow out to the calculation method, the ECM can be decrypted. In this case, the receiver can be identified from the table pattern, so that table pattern Unauthorized viewing can be prevented by changing.

  Next, a second embodiment will be described. FIG. 5 is a block diagram of the transmitting apparatus 101 and the receiving apparatus 102 for explaining the second embodiment. Elements having the same functions as those of the first embodiment are denoted by the same reference numerals, and the description thereof will be given here. Omitted.

  The broadcast apparatus 101 includes a scrambler 103 that encrypts broadcast content from the Kw list 114 with a first key, an acquisition unit 115 that acquires n × m second key groups, and a first key. An ECM generating unit 110 that encrypts information using n second key groups and generates program information including n encrypted areas, and a receiving device 102 receives information including m second key groups. EMM generation means 105 that individually encrypts and generates individual information using a third key group that is uniquely held, and transmission means that transmits program information, individual information, and broadcast content encrypted by the encryption means ( (Not shown).

  Further, the receiving apparatus 102 stores n encrypted areas obtained by encrypting broadcast content encrypted with the first key and information including the first key using n second key groups. Receiving means (not shown) for receiving the individual information encrypted using the third key group that is uniquely held by the receiving device, including the program information and the information including the m second key groups; , EMM decrypting means 108 for decrypting the individual information using the held third key and extracting m second key groups, and m second key groups extracted by the EMM decrypting means 108 1 of the n encrypted areas in the program information is decrypted using one second key of the m second key group stored in the storage means 107. The ECM decryption unit 111 for extracting the first key and the first key extracted by the ECM decryption unit 111 are used. Te, and a descrambler 106 to decode a program content that has been encrypted.

  The Kw list 114 is a work key (Kw) list table as shown in FIG. 6, for example, and i is a spatial direction and j is a time direction as in the first embodiment. In the Kw selection 115, for example, four Kw in the i direction are sequentially selected in the j direction. In this case, four keys are supplied to the ECM generation 110 (extraction means). In the ECM generation 110, the scramble key (Ks) is encrypted with a plurality of individual work keys (Kwij) input as in the first embodiment, and an ECM as shown in FIG. 8 is generated.

  Here, for example, E (Ks, Kw44) indicates information obtained by encrypting the scramble key (Ks) with Kw44.

  FIG. 7 shows an example of the Kw list on the receiver side, and the work keys (Kw) held by the receivers 1 and 2 are different. In this way, identification information can be added depending on how the work key (Kw) itself is held.

  The relationship between the identification code in FIG. 8 and the Kwij to be used is the same as in the first embodiment, and each receiver can obtain a scramble key (Ks) by decrypting an area that can be solved with its own key.

  As described above, a plurality of work keys (Kw) are prepared, and the method of giving them to each receiver is used as identification information, so that the receiver can be specified when it is illegally leaked.

  For example, when Kw11, Kw12, Kw33, and Kw44 flow out, it can be specified that the receiver giving this pattern is the receiver 1.

  Next, a third embodiment will be described. FIG. 9 is a block diagram of the transmitting apparatus 101 and the receiving apparatus 102 for explaining the third embodiment. Elements having the same functions as those in the first embodiment are given the same numbers, and the explanation is given here. Omitted.

  FIG. 10 is an example of a calculation table on the transmission side, and a matrix of 4 rows × 1 column is shown for ease of explanation, but the same applies to n rows × m columns.

  For example, as shown in the figure, T11 is assigned to receivers A, B, and C, and similarly D, E, and F are assigned to T21. . . . And assigned.

  If the information of Dw11 generated from T11 leaks, it can be understood that it leaked from one of the A, B, and C receivers. When such a situation occurs, the transmission apparatus updates the calculation table, changes the table assignment as shown in the figure, and generates and transmits an EMM to each receiver by the EMM generation 105.

  On the receiver side, the received EMM is decoded by the EMM decoder 108 and the changed calculation table is set as the calculation table 113.

  Next, when Dw51 calculated from the T51 table flows out again, the newly assigned receiver A can be identified.

  As described above, according to the present invention, identification information can be added to a work key, and a scramble system with improved security can be provided.

101: Broadcast apparatus 102: Receiving apparatus 103: Scrambler 106: Descrambler 108: Calculation table 109: Kw calculation means 110: ECM generation means 111: ECM decoding means 112: Kw calculation means 113: Calculation table

Claims (2)

Broadcast content encrypted with a first key, information including the first key, an ECM including n encrypted areas obtained by encrypting information including the first key using n second keys, and the n number of the first contents. Receiving means for receiving an EMM encrypted using a third key that is uniquely held by the receiving device, the information including at least one of the two keys;
EMM decrypting means for decrypting the EMM using the held third key and extracting at least one of the n second keys;
Storage means for storing the second key extracted by the EMM decryption means;
ECM decryption means for decrypting an encrypted area in the ECM using the second key stored in the storage means and extracting the first key;
A receiving apparatus comprising: a descrambler that decrypts the encrypted broadcast content using the first key extracted by the ECM decrypting means. Receiving method of receiving apparatus comprising receiving means for receiving broadcast content, ECM and EMM, EMM decoding means for decoding EMM, ECM decoding means for decoding ECM, and descrambler for decoding broadcast content Because
Broadcast content encrypted with the first key at the receiving means, using the first key using a second key composed of n different keys expressed in a space of n rows × 1 column Information including one key selected from the ECM and the n second keys including the n encrypted areas obtained by encrypting the information including the third information is uniquely given to each receiving device. Receiving the EMM encrypted with each of the keys,
The EMM decrypting means decrypts the EMM with a third key set in itself, and extracts at least one of the n second keys,
The ECM decrypting means decrypts the n encrypted areas in the ECM using the extracted second key to extract the first key,
A receiving method for decrypting the broadcast content using the extracted first key by the descrambler.

Images