JPH03179839A - Encrypted digital broadcasting equipment - Google Patents

Abstract

PURPOSE:To decode the cryptography for a specific contracted device individually and safely by the remote control at the sender side by using an identification code so as to specify a receiver and applying ciphering and decoding to information of a key table or the like requiring to decode individual contract programs while applying individual remote control. CONSTITUTION:The equipment is provided with a cryptographic key generating means 2 generating plural cryptographic keys and respective index number of the key and a cryptographic key selection means 20 outputting one of generated cryptographic key and its index number. Moreover, a 1st cryptographic means 6 converting a plain sentence into a cryptographic sentence under the selected cryptographic key and a storage means 4 storing each identification code of one or plural receivers allowing the decoding are provided. Furthermore, a 2nd cryptographic means 5 ciphering the plural cryptographic key and their index numbers and generating a transmission key table under the identification code and a data transmission means 7 sending at least the cryptographic sentence and the index number of the cryptographic key used for ciphering are provided. Thus, the privacy call processing and ciphering with high safety without signal deterioration are applied and the operation of specific channel and specific receivers is controlled remotely from the sender side in response to the content of contract.

Description

DETAILED DESCRIPTION OF THE INVENTION Field of Industrial Application The present invention relates to an encrypted digital broadcasting device that can be used in a paid CATV (cable television system) or a paid satellite broadcasting system.

BACKGROUND OF THE INVENTION Conventional paid broadcasting systems include those that use a specific format that is not disclosed to the public, and those that use privacy to prevent unauthorized viewing. Analog data privacy involves processing the baseband signal using a conversion means, and then using an inverse conversion circuit in the receiving equipment to restore the original signal. For example, there is a method of inverting the video synchronization signal from time to time.

Problems to be Solved by the Invention However, in such conventional technology, the secret algorithm is easy to steal, and it is relatively easy to stealth the viewing. Additionally, there are problems such as signal deterioration due to confidential information. Furthermore, it has been difficult to realize a function of transmitting a specific signal from the transmitting side to remotely control the operation of individual receivers.

In view of this problem, the present invention performs highly secure polarization and encryption without signal deterioration in paid digital broadcasting, and transmits the functional operation of a specific channel or specific receiving device according to the contract details. The purpose of the present invention is to provide an encrypted digital broadcasting device that can be used in a system that can be remotely controlled from the side.

Means for Solving the Problems In order to solve the above conventional problems, an encrypted digital broadcasting device of the present invention includes an encrypted key generating means for generating a plurality of encrypted keys and an index number of each of the encrypted keys, an encryption key selection device that outputs one of the encryption keys created by the key generation device and its index number; a first encryption device that converts plaintext into ciphertext under the encryption key selected by the encryption key selection device; storage means for storing an identification code of each of the one or more receiving devices that permit decoding; and a second storage means for encrypting the plurality of encryption keys and their index numbers under the identification code to generate a transmission key table. and data sending means for sending at least the cipher text and the index number of the encryption key used for the encryption.

According to the above-described structure, the present invention prepares a plurality of encryption keys with index numbers for use in encrypting plaintext, and sends these data to each individual receiving device identified by an identification code. It is sent after being encrypted with each identification code. The plaintext is encrypted with an encryption key selected from a plurality of encryption keys, and sent together with the index number of this encryption key.

EXAMPLE Hereinafter, an example of the present invention will be described with reference to the drawings. The figure shows blocks of an encrypted digital broadcasting device according to an embodiment of the present invention and blocks of an encrypted digital broadcasting receiving device suitable for receiving broadcasts from the encrypted digital broadcasting device of the present invention.

In FIG. 1, 1 is a plaintext input terminal, 2 is an encryption key generation means, 20 is an encryption key selection means, 3 is a first identification code storage means, 4 is a second identification code storage means, and 5 is a second identification code storage means. 2 an encryption means, 6 a first encryption means, 7 a data sending means, 8
is an encrypted digital broadcasting device which combines the above-described plaintext input terminal 1 with data sending means 81 and encryption key selection means 20.

Further, 9 is a transmission cable, 11 is a data receiving means, 12
13 is a first identification code ROM; 14 is a match detection means; 13 is a first identification code ROM;
15 is a second identification code ROM, 15 is a second decoding means,
16 is a decryption key storage means, 21 is a decryption key selection means, 17 is a first decryption means, 18 is a plaintext output terminal, and 19 is a plaintext output terminal 181 from the data receiving means 11 described above, and a decryption key selection means. This is an encrypted digital broadcast receiving device that decodes 21.

The operations of the encrypted digital broadcasting device and the encrypted digital broadcasting receiving device of this embodiment configured as described above will be described below in order from the outline of the system.

The encrypted digital broadcasting device 8 is connected to a plurality of encrypted digital broadcasting receiving devices via a transmission cable 9. The encrypted digital broadcast receiving device 19 shown in the figure is one of them. An individual identification code is set in the encrypted digital broadcast receiving device 19 at the time of manufacturing and shipping the device. First identification code ROM13 and second identification code R
OM14 corresponds to this. The identification code is created by the organization that manages the system. When a contract is signed between the device user or contractor and the system administrator, the new contract details are written into the data file and updated. The encrypted digital broadcasting device 8 stores the latest contract content data of all subscribers in the first identification code storage means 3 and the second identification code storage means 4 so that the data can be accessed. The program input to the plain text input terminal 1 is encrypted by the first encryption means 6 and sent out and broadcast from the data sending means 7.

Instead of broadcasting the encryption key used by the first encryption means 6, the index number of the encryption key selected by the encryption key selection means 20 is broadcast from the data sending means 7 together with the program. A key table representing the correspondence between all index numbers and encryption keys is created by the encryption key generation means 2. The key table created by the encryption key generation means 2 is used by the encryption key selection means 20 and the second encryption means 5.
supply to. The encryption key selection means 2o selects one index number from the key table and supplies this index number to the data transmission means 7, and also refers to the key table and selects the encryption key corresponding to the index number from therein. It is output to the first encryption means 6. Using this encryption key, the first encryption means 6 encrypts the plaintext input from the plaintext input terminal 1 to create a ciphertext and supplies it to the data sending means 7. Among them, the index number button and the encryption key selected by the encryption key selection means 20 are changed every moment, about several times per second, using random numbers to prevent unauthorized viewing. The key table created by the encryption key generating means 2 is also updated, but the frequency is small.

In the encrypted digital broadcast receiving device 19, it is necessary to prepare a key table before broadcasting a program.

The key table is delivered only to the equipment covered by the contract. Since it would be uneconomical to occupy a different route, carrier wave, or channel for this delivery, the same channel as the program is time-division multiplexed and delivered. Furthermore, if the key table is known to a third party, there is a risk of illegal eavesdropping, so security must be ensured during delivery. Furthermore, in order to safely deliver different key tables according to different contracts for each device only to the target device, different encryption is performed for each individual device. This encryption will be explained below.

The identification code for each encrypted digital broadcast receiving device is set to include a first identification code for identifying the device and a second identification code used as an encryption key. button,
The second identification code is uniquely determined by the system administrator in association with the first identification code, but is created in such a way that the first identification code is not necessarily determined from the second identification code.

The first identification code and the second identification code are stored in the first identification code storage means 3 and the second identification code storage means 4, respectively, as data of all subscribers.

Encryption of the key code for each individual device for safe delivery is performed using the second identification code retrieved from the second identification code storage means 4.
This is carried out by using the identification code of the second encryption means 5 as an encryption key. The table created in this way is called a transmission key table. Therefore, even if the key tables are the same, the second
If the identification codes are different, the encrypted transmission key table will be different for each device. The transmission key table is created sequentially for all contracted devices. Using these data, the key table is delivered to one contracted device by packing the first identification code and the transmission key table and sending it to the data sending means 7 along with other data.
This is done by sending it from . When the key table has been delivered to one contracted device, the next contracted device is delivered sequentially to Syria M, and the key table is delivered to all the contracted devices without delay. Delivery is repeated repeatedly, taking into account transmission errors and receiving equipment that is not powered on.

The ciphertext, index number, first identification code, and transmission key table described above are input to the data sending means 7 in relation to each other in time series or in data format. The data sending means 7 converts these data into a format suitable for modulation, carries them on a PSK-modulated VHF band carrier wave, and outputs them to the transmission cable 9. The transmission cable 9 performs linking, relaying, and distribution depending on the scale of the system, and is connected to the end user's encrypted digital broadcast receiving device. The encrypted digital μ broadcast receiving device 19 is one of them.
It is one.

In the encrypted digital broadcast receiving device 19, the data receiving means 11 receives multiplexed data through the transmission cable 9. The received multiplexed data is output from the data receiving means 11 according to its contents. The first identification code extracted from the multiplexed data and the data in the first identification code ROM1s individually assigned to the receiving device in advance are detected by the coincidence detection means 12.
Matched by If they match as a result of the comparison, the transmission key table extracted from the data received by the data receiving means 11 is decrypted by the second decryption means 16 using the data of the second identification code ROM 14 as the decryption key, and the data is decrypted. The key table is stored in the decryption key storage means 16. thus,
The reception of the delivered key table is completed. The stored decrypted key table is supplied to the decryption key selection means 21.

The first identification code extracted from the multiplexed data and the data in the first identification code ROM 13 are matched by the coincidence detection means 12.
As a result of the comparison, if there is a mismatch, the received data in the key table is discarded and storage in the decryption key storage means 16 is prohibited, assuming that the pack data is data for another receiving device.

In this case, reception of the key table is incomplete, but since the key table is delivered repeatedly in sequence, the device waits for its own first identification code to be sent next.

On the other hand, the index number of the encryption key extracted from the received multiplexed data is supplied to the decryption key selection means 21, and the decryption key storage means 1
The first decryption means 1 refers to the decrypted key table input from 6 and selects the decryption key with the index number from there
Output to 7.

In addition, the ciphertext extracted from the received multiplexed data is
The first decryption means 17 decrypts the data using the decryption key inputted from the decryption key selection means 21, and outputs the plaintext to the plaintext output terminal 18. In this way, the decryption of the receiving device with which the contract is valid is performed, the program is correctly decrypted, and the service is provided.

If the reception of the delivered key table is incomplete, it waits for its own first identification code to be sent, and then, when the reception of the key table is completed, the regular service is performed by the above-mentioned operation. .

Even at the time of broadcasting the program, if the reception of the key key delivered to the button is not completed, even if the index number is received, the corresponding decryption key is unknown, so the first decryption means 1
7, the received encrypted text is illegally decrypted or not decrypted at all, so the output of the output terminal 18 is different from the plain text, and the program operates in such a way that the user cannot receive the program service. In such cases, mute the output.

Therefore, the program service may be stopped in various cases as follows.

(7) In the case of an uncontracted device, the first identification code of the receiving device is not broadcast, so the device does not operate.

(b) If the device is a contracted device and the program or channel is not subscribed to, the part of the key table used for the program has not been delivered, so it will not operate only for that program or channel.

(1) If the contract period has passed and the contract has not been renewed, the broadcasting of the first identification code is stopped or incorrect data is delivered to the key table, so that the operation of the receiving device stops.

(2) In the case of unauthorized eavesdropping equipment, it is impossible to steal the key table from the broadcast data (transmission key table), so eavesdropping cannot be performed.

(b) If the key table is illegally obtained using an unauthorized eavesdropping device, the key table will be updated after a predetermined period of time, and the eavesdropping operation will stop after that.

ψ) Illegal eavesdropping device with first identification code R
If the OM button and second identification code ROM are illegally copied from a legitimate contracted device, the eavesdropping device will become a clone of the contracted device, but the second identification code ROM must be replaced during periodic inspections, etc. If you do the maintenance of
After that, the eavesdropping operation will stop.

In the embodiments described above, the first identification code ROM and the second identification code ROM are independent configuration means, but there is no point in saying that it would be better to integrate them as an equivalent identification code ROM.

Furthermore, the second identification code may be substituted with the result of a predetermined calculation using the first identification code as a parameter. In this case, the encrypted digital broadcast receiving device 19:
Instead of the second identification code ROM 14, the data of the first identification code ROM 13 may be input, predetermined calculations may be performed, and the data may be supplied to the second decoding means 15.

Effects of the Invention As is clear from the above description, the present invention provides that an encrypted digital broadcasting device and an encrypted digital broadcasting receiving device share an identification code, and that the receiver can identify the device using the identification code and remotely control the device individually. Since the configuration is configured to encrypt and decrypt information such as key tables required to decrypt individual contracted programs using identification codes, specific contracted devices can be individually and securely decrypted using remote control on the transmitting side. can do.

For example, it is possible to realize an excellent encrypted digital broadcasting device that can be used for CATV pay digital broadcasting, satellite pay broadcasting, and pay broadcasting that utilizes vacant terrestrial channels.

In particular, since the encryption key can be switched randomly and frequently, even if temporary data is illegally decrypted by eavesdropping on the transmitted text, it is almost impossible to continue decrypting it. The effect is that his ability to tell secrets is extremely high.

In addition, the key table required for decrypting legitimate contracted equipment is encrypted with a different identification code for each individual equipment and delivered as a transmission key tape p, so the transmission key table is different for each individual equipment. Become.

Therefore, even if this was stolen, it would be almost impossible to decipher it because the encryption algorithm is unknown. In other words, it is possible to deliver the key table to each individual encrypted digital broadcast receiving device, and the key table can be delivered extremely safely.

Unfortunately, since the encryption is done digitally, there is absolutely no deterioration in the characteristics of the decoded signal.

[Brief explanation of drawings]

The drawing is a block diagram of an encrypted digital broadcasting device and an encrypted digital broadcasting receiving device according to an embodiment of the present invention. 1...Plaintext input terminal, 2...Encryption key generation means, 20...Encryption key selection means, 3......
- first identification code storage means, 4... second identification code storage means, 5... second encryption means,
6...First encryption means, 7...Data transmission means, 8...Encrypted digital broadcasting device, 9
...Transmission cable, 11... Data receiving means, 12... Coincidence detection means, 13...
...First identification code ROM, 14...Second identification code ROM, 15...Second decryption means, 16...Decryption key storage means, 21・・・・・・
Decryption key selection means, 17...tenth decryption means,
18... Plaintext output end, 19... Encrypted digital broadcast receiving device.

Claims (2)

[Claims] (1) Encryption key generation means for generating a plurality of encryption keys and index numbers of the respective encryption keys; and encryption key selection means for outputting one of the encryption keys created by the encryption key generation means and its index number; , first encryption means for converting plaintext into ciphertext under the encryption key selected by the encryption key selection means; storage means for storing identification codes of each of the one or more receiving devices that permit decryption; a second encryption means for generating a transmission key table by encrypting the plurality of encryption keys and their index numbers under the identification code; and at least a ciphertext and an index number of the encryption key used for encryption. An encrypted digital broadcasting device equipped with a data sending means. (2) The cryptographic digital device according to claim 1, wherein the data transmission means transmits at least a ciphertext, an index number of a cryptographic key used for encryption, an identification code, and a transmission key table. Broadcasting equipment.