JP2009027681A - Transmission apparatus, reception apparatus and transmission/reception apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To achieve compatibility between content protection depending on a framework for limited reception of MPEG-2 broadcasting and content protection using an authority object such as OMA DRM. <P>SOLUTION: A transmission apparatus transmits therefrom a first encrypted digital video bit stream (3) protected by first authority information of PMT and key information in ECM/EMM and a second encrypted digital video bit stream (29) protected by an authority object containing second authority information and key information and ECM/EMM storing authority object identification information. In a reception apparatus, the first encrypted digital video bit stream is decrypted by the first authority information of PMT information and key information contained in ECM/EMM, and a first encrypted digital video bit stream (62) is decrypted by authority information and key contained in ECM/EMM storing the authority object identified by the authority object identification information. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a transmission apparatus, a reception apparatus, and a transmission / reception apparatus related to content distribution and broadcasting including digital audio video information.

  FIG. 8 is a block diagram showing a configuration of a transmission / reception apparatus having a transmission apparatus and a reception apparatus in a conventional example. In the conventional transmission apparatus 1500 shown in FIG. 8, a digital video bitstream 1 that conforms to MPEG-2 video (ISO / IEC13818-2) to be transmitted is input to the encryption means 1504. The encryption unit 1504 receives the key 1503 from the ECM / EMM generation unit 1501. The ECM / EMM generation unit 1501 in the conventional example includes ECM / EMM information 1502 and a key 1503 configured by ECM (Entirement Control Message) that is common information including conditional access information and EMM (Entlement Management Message) that is individual information. To extract. The encryption unit 1504 encrypts the digital video bitstream 1 using the key 1503 and outputs the encrypted digital video bitstream 1505 to the multiplexing unit 1506. Multiplexing means 1506 multiplexes the encrypted digital video bitstream 1505 and ECM / EMM information 1502 into MPEG-2 TS (Transport Stream) and outputs multiplexed information 1507. Modulating means 1508 modulates multiplexing information 1507 by OFDM (Orthogonal Frequency Multiplexing Modulation), and transmitting apparatus 1500 transmits generated modulated signal 1509 to receiving apparatus 1600.

  In conventional receiving apparatus 1600, demodulation means 1601 demodulates modulated signal 1509 and outputs multiplexed information 1602. Separation means 1603 outputs ECM / EMM information 1604 and encrypted digital video bitstream 1607 from multiplexed information 1602. The ECM / EMM extraction unit 1605 extracts key information 1606 from the separated ECM / EMM information 1604 and supplies the key information 1606 to the decryption unit 1608. The decryption means 1608 decrypts the encrypted digital video bitstream 1607 using the key information 1606, and generates an output digital video bitstream 1609.

In the conventional transmission apparatus 1500 shown in FIG. 8, the digital video bitstream 1 is encrypted by the encryption unit 1504 using the key 1503, and an encrypted digital video bitstream 1505 is generated and sent to the multiplexing unit 1506. .
Further, in the conventional ECM / EMM generation means 1501, common information ECM including information on whether or not to view a program and a key 1503, individual information EMM including information for decrypting the ECM and reception contract information are provided. ECM / EMM information 1502 is generated and sent to the multiplexing means 1506. The encrypted digital video bit stream 1505 and the ECM / EMM information 1502 are multiplexed by the multiplexing unit 1506 and input to the modulation unit 1508 as multiplexed information 1507. The modulation unit 1508 performs OFDM modulation to generate a modulated signal 1509 and outputs it.

On the other hand, in conventional receiving apparatus 1600, demodulation means 1601 demodulates modulated signal 1509 and outputs multiplexed information 1602. The separation unit 1603 extracts the demodulated ECM / EMM information 1604 and the demodulated encrypted digital video bitstream 1607 from the demodulated multiplexed information 1602. The ECM / EMM extraction unit 1605 extracts key information 1606 from the separated ECM / EMM information 1604 and supplies it to the decryption unit 1608. The decrypting means 1608 decrypts the encrypted digital video bitstream 1607 using the key information 1606 and outputs an output digital video bitstream 1609.
Toshiko Yoneya, two others, “Restricted Reception System for Digital Broadcasting”, Toshiba Review Vol. 55, no. 12 (2000), p. 26-29

The conventional transmission / reception apparatus described in the background art is limited to a range used in digital broadcasting based on ECM / EMM. However, in OMA (Open Mobile Alliance) DRM, which is expected to be used for mobile phones and IP (Internet Protocol) transmission, rights object information including rights information and key information together with encrypted content in the ISO 14496-12 file format format. Is a file. Therefore, the rights object as used in OMA DRM cannot be transmitted by the digital broadcasting described in the background art, and compatibility between the two cannot be realized.
In view of the above-described problems, an object of the present invention is to provide a transmission device, a reception device, and a transmission / reception device that realize compatibility between a protection mechanism based on ECM / EMM and a protection mechanism based on a rights object. .

In order to solve the above-described problems and achieve the object, a transmission apparatus according to a first aspect of the present invention includes:
First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
First right information generating means for generating first right information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating a rights object for identifying the rights object;
A third key is generated and a first EMM (Entirement Management Message) including the generated third key, the rights object, the rights object identification information, and the receiving device identification information is generated and encrypted to generate a first key. First EMM generating means for generating EMM information of
First ECM generation that generates a first ECM (Entirement Control Message) including the first key, and generates the first ECM information by encrypting the generated first ECM with the third key. Means,
Multiplexing means for multiplexing the first ECM information, the first EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And.

A transmission apparatus according to a second aspect of the present invention includes: a first encryption unit that encrypts input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
First right information generating means for generating first right information;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A second EMM generating unit that generates and encrypts the third key, the reception device identification information, and the second EMM, and generates second EMM information;
Generating a second ECM including the first key, the rights object, and the rights object identification information, and generating the second ECM information by encrypting the generated second ECM with the third key; Second ECM generation means for
Multiplexing means for multiplexing the second ECM information, the second EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And.

A receiving apparatus according to a third aspect of the present invention separates input multiplexed information, and encrypts the first ECM information, the encrypted first EMM information, the first encrypted information, and the first encrypted information. Separating means for outputting the encrypted information and the PMT information of 2;
First EMM decryption means for extracting receiving device identification information, a rights object, and a third key from the first EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First ECM decryption means for decrypting the first ECM from the first ECM information using the third key and outputting the first key;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
Second decryption means for decrypting the second encrypted information using the second key based on the second right information.

A receiving apparatus according to a fourth aspect of the present invention separates input multiplexed information, and performs encrypted second ECM information, encrypted second EMM information, first encrypted information, and first encrypted information. Separating means for outputting the encrypted information and the PMT information of 2;
Second EMM decryption means for extracting receiving device identification information and a third key from the second EMM information;
Second ECM decryption means for decrypting a second ECM from the second ECM information using the third key to extract a rights object and a first key;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
Second decryption means for decrypting the second encrypted information using the second key based on the second right information.

A transmission / reception device according to a fifth aspect of the present invention is a transmission / reception device comprising a transmission device and a reception device,
The transmitter is
First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
First right information generating means for generating first right information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A third key is generated and a first EMM (Entirement Management Message) including the generated third key, the rights object, the rights object identification information, and the receiving device identification information is generated and encrypted to generate a first key. First EMM generating means for generating EMM information of
First ECM generation that generates a first ECM (Entirement Control Message) including the first key, and generates the first ECM information by encrypting the generated first ECM with the third key. Means,
Multiplexing means for multiplexing the first ECM information, the first EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And having
The receiving device is:
Separation of separating input multiplexed information and outputting encrypted first ECM information, encrypted first EMM information, first encrypted information, second encrypted information, and PMT information Means,
First EMM decryption means for extracting receiving device identification information, a rights object, and a third key from the first EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First ECM decryption means for decrypting the first ECM from the first ECM information using the third key and outputting the first key;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
Second decryption means for decrypting the second encrypted information using the second key based on the second right information.

A transmission / reception device according to a sixth aspect of the present invention is a transmission / reception device including a transmission device and a reception device,
The transmitter is
First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
First right information generating means for generating first right information;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A second EMM generating unit that generates and encrypts the third key, the reception device identification information, and the second EMM, and generates second EMM information;
Generating a second ECM including the first key, the rights object, and the rights object identification information, and generating the second ECM information by encrypting the generated second ECM with the third key; Second ECM generation means for
Multiplexing means for multiplexing the second ECM information, the second EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And having
The receiving device is:
Separation of separating input multiplexed information and outputting encrypted second ECM information, encrypted second EMM information, first encrypted information, second encrypted information, and PMT information Means,
Second EMM decryption means for extracting receiving device identification information and a third key from the second EMM information;
Second ECM decryption means for decrypting a second ECM from the second ECM information using the third key to extract a rights object and a first key;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
Second decryption means for decrypting the second encrypted information using the second key based on the second right information.

According to a seventh aspect of the present invention, there is provided a transmitting apparatus that includes: a first encryption unit that encrypts input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A third EMM generating means for generating a third EMM information by generating and encrypting a third EMM (Entirement Management Message) including the rights object, the rights object identification information, and the receiving device identification information;
A third ECM generation that generates a third ECM (Entirement Control Message) including the first key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
And multiplexing means for multiplexing the third ECM information, the third EMM information, and the first encrypted information to output multiplexed information.

According to an eighth aspect of the present invention, there is provided a transmitting apparatus that includes a first encryption unit that encrypts input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
A fourth EMM generating means for generating a fourth EMM information by generating and encrypting a fourth EMM (Entirement Management Message) including the receiving device identification information;
A third ECM generation that generates a third ECM (Entirement Control Message) including the first key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
Multiplexing means for multiplexing the third ECM information, the fourth EMM information, and the first encrypted information to output multiplexed information;
First authentication means for authenticating a destination to which the rights object is sent;
And first communication means for transmitting and receiving the right object as well as transmitting and receiving authentication information of the first authentication means.

A transmission device according to a ninth aspect of the present invention comprises: a first encryption unit that encrypts input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
A first right information generating means for generating first right information; a second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Fifth EMM generating means for generating fifth EMM information by generating and encrypting a fifth EMM (Entirement Management Message) including the receiving device identification information and the second key;
A third ECM generation that generates a third ECM (Entirement Control Message) including the second key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
Multiplexing means for multiplexing the third ECM information, the fifth EMM information, the first encrypted information, and the first right information to output multiplexed information;
First authentication means for authenticating a destination to which the rights object is sent;
And first communication means for transmitting and receiving the right object as well as transmitting and receiving authentication information of the first authentication means.

A receiving apparatus according to a tenth aspect of the present invention separates input multiplexed information and outputs encrypted third ECM information, encrypted third EMM information, and first encrypted information Separating means to
Third EMM decryption means for extracting receiving device identification information and rights object from the third EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
And third decryption means for decrypting the first encrypted information using the first key based on the second right information.

A receiving apparatus according to an eleventh aspect of the present invention separates input multiplexed information, and obtains encrypted fourth ECM information, encrypted fourth EMM information, and first encrypted information. Separating means for outputting;
Fourth EMM decoding means for extracting receiving device identification information from the fourth EMM information;
A second authentication means for authenticating the other party receiving the rights object;
Second communication means for transmitting and receiving authentication information of the second authentication means and receiving the rights object;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Fourth ECM decryption means for decrypting the fourth ECM from the fourth ECM information using the second key and outputting the first key;
And third decryption means for decrypting the first encrypted information using the first key based on the second right information.

A receiving apparatus according to a twelfth aspect of the present invention separates input multiplexed information, and obtains encrypted third ECM information, encrypted third EMM information, and first encrypted information. Separating means for outputting;
Third EMM decryption means for extracting receiving device identification information and rights object from the third EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
Third decryption means for decrypting the first encrypted information using the first key based on the second right information;
First output means for outputting the input multiplexed information and the rights object.

A receiving apparatus according to a thirteenth aspect of the present invention separates input multiplexed information, and encrypts third ECM information, encrypted fifth EMM information, first encrypted information, and PMT. Separating means for outputting information;
Fifth EMM decryption means for extracting receiving device identification information and a second key from the fifth EMM information;
First rights information extraction means for extracting first rights information from the PMT information;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
Second output means for outputting the input multiplexed information.

A transmitter / receiver according to a fourteenth aspect of the present invention is a transmitter / receiver comprising a transmitter, a receiver, and an external device,
The transmitting device encrypts input digital information with a first key to generate first encrypted information; and
Second key generating means for generating a second key;
A first right information generating means for generating first right information; a second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Fifth EMM generating means for generating fifth EMM information by generating and encrypting a fifth EMM (Entirement Management Message) including the receiving device identification information and the second key;
A third ECM generation that generates a third ECM (Entirement Control Message) including the second key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
Multiplexing means for multiplexing the third ECM information, the fifth EMM information, the first encrypted information, and the first right information to output multiplexed information;
First authentication means for authenticating a destination to which the rights object is sent;
First communication means for sending and receiving the authentication information of the first authentication means and transmitting the rights object;
The receiving device separates the input multiplexed information and outputs the encrypted third ECM information, the encrypted fifth EMM information, the first encrypted information, and the PMT information; ,
Fourth EMM decryption means for extracting receiving device identification information and a second key from the fifth EMM information;
First rights information extraction means for extracting first rights information from the PMT information;
Fifth ECM decryption means for decrypting the fifth ECM from the fifth ECM information using the second key and outputting the first key;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And second output means for outputting the input multiplexed information.
The external device includes a third authentication unit that performs authentication of a destination that receives the rights object;
Third communication means for transmitting / receiving authentication information of the third authentication means and receiving the rights object;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
Second decryption means for decrypting the first encrypted information using the first key based on the second right information.

  In the transmission device, the reception device, and the transmission / reception device according to the present invention, an unprecedented special case of realizing compatibility between the protection mechanism by ECM / EMM and the protection mechanism by rights object as used in OMA DRM. It has the effect of.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of a transmission device, a reception device, and a transmission / reception device according to the present invention will be described with reference to FIGS.

(Embodiment 1)
FIG. 1 is a block diagram showing a configuration of a transmission / reception apparatus including transmission apparatus 100 and reception apparatus 200 according to Embodiment 1 of the present invention.
The transmission apparatus 100 according to Embodiment 1 shown in FIG. 1 is a video server operated by an operator, for example, and a digital video bitstream 1 as input digital information is obtained by using a first key 5 in a first encryption unit 2. The first encrypted digital video bitstream 3 which is the first encrypted information is generated. The generated first encrypted digital video bitstream 3 is sent to the multiplexing means 30. The digital video bitstream 1 is encrypted by the second encryption unit 28 using the second key 11 to generate a second encrypted digital video bitstream 29 that is second encryption information. The Then, the generated second encrypted digital video bit stream 29 is sent to the multiplexing means 30.
The transmission apparatus according to the first embodiment further generates first ECM generation means 6 for extracting and generating the first key 5 and the encrypted first ECM information 7, and first right information 9. First right information generation means 8, second key generation means 10 for generating second key 11, second right information generation means 12 for generating second right information 13, and rights object 15 Rights object generating means 14 for generating, rights object identification information generating means 16 for generating rights object identification information 17, encrypted first EMM information 19 including rights object 15 and rights object identification information 17, and third A first EMM generating means 18 for generating a key 20 of the first and a modulating means 32 for modulating the first multiplexed information 31 from the multiplexing means 30 by OFDM (Orthogonal Frequency Multiplexing Modulation). It has been.

  On the other hand, the receiving device 200 is a consumer set-top box, and the demodulating means 49 demodulates the received first modulated signal 33 and supplies the first multiplexed information 50 to the separating means 51. Separating means 51 includes first EMM information 52, first ECM information 55, PMT (Program Map Table) information 59, and first encrypted digital which is first encrypted information from first multiplexed information 50. The video bit stream 62 and the second encrypted digital video bit stream 79 which is the second encryption information are separated. In addition, the receiving device 200 is supplied with the first EMM decrypting unit 53 to which the first EMM information 52 is input and the third key 54 extracted by the first EMM decrypting unit 53. The first ECM decrypting means 57 for extracting the right object 71 and the rights object separating means 72 for receiving the rights object 71 from the first EMM decrypting means 53 and separating the second key 73 and the second rights information data 76 from each other. And second encryption based on the second right information decrypting means 77 for extracting the second right information 78 from the second right information data 76, the second key 73 and the second right information 78. A second decoding unit 80 for decoding the digital video bitstream 79 and outputting a second digital video bitstream 81; and a first right information extracting unit for extracting the first right information 61 from the PMT information 59 0 and the first encrypted digital video bitstream 62 that has been separated are decrypted based on the first key 58 and the first right information 61, and the first digital video bitstream 64 is output. Decoding means 63 is provided.

In the transmission apparatus 100 shown in FIG. 1, the digital video bitstream 1 as input digital information is encrypted by the first encryption unit 2 using the first key 5 generated by the first ECM generation unit 6. And output as the first encrypted digital video bitstream 3.
Table 1 shows the structure of the first ECM generated by the first ECM generation means 6. As shown in Table 1, in the first ECM, an ECM is stored following the ECM section header. The ECM is composed of a fixed part and a variable part. The fixed part stores the first key 5 following the protocol number and the business entity identification information.

The first ECM information 7 is generated by encrypting the first ECM with the third key 20 generated by the first EMM generation means 18, and sent to the multiplexing means 30.
The first right information generation means 8 generates first right information 9 and sends it to the multiplexing means 30. The multiplexing means 30 multiplexes the first right information 9 by storing it in PMT (Program Map Table) information. The first right information 9 is copy control information CCI (Copy Control Information), which performs copy control by 2 bits, and includes information on copy free, one generation copy, copy no more, and copy prohibition. In this case, since the first right information 9 is multiplexed with the PMT, it is in a clear text format and is not protected.

  On the other hand, the digital video bitstream 1 is encrypted by the second encryption unit 28 using the second key 11 generated by the second key generation unit 10, and the second encrypted digital video bitstream 29 is encrypted. Is output as The second key 11 is sent to the rights object generating means 14. The second right information generation unit 12 generates the second right information 13 and sends it to the right object generation unit 14. It is assumed that the second right information 13 is described in XML (extensible Markup Language). The rights object generation means 14 generates rights object information 15 including the second key 11 and the second rights information 13 and sends it to the first EMM generation means 18.

  Rights object identification information 17 indicating a rights object is generated by the rights object identification information generation means 16 and added to the first EMM generation means 18. The first EMM generation means 18 encrypts the first EMM including the rights object identification information 17 and the rights object 15 to generate first EMM information 19 and sends it to the multiplexing means 30. The second right information 13 is encrypted and protected as a part of the first EMM.

Table 2 shows the structure of the first EMM. As shown in Table 2, in the first EMM, data of EMM1 to EMMn is stored following the EMM section header. The EMM 1 is divided into a fixed part and a variable part. In the fixed part, the card ID (receiving device identification information) of the receiving device 200 that is the receiving contract information, the byte length of the related information, the protocol number, and the entity identification information that is a code for identifying the entity on the conditional access broadcast operation The update number, which is a number that increases when updating, and expiration date information are stored. Descriptor “EncKey descriptor” is described in the variable part, and the third key is stored. In addition, a descriptor “RO descriptor” corresponding to the rights object identification information 17 is described, and then a rights object including the second key and the second rights information is described. The receiving apparatus 200 can know that the rights object exists if the descriptor “RO descriptor” is described in the variable section.
CRC (Cyclic Redundancy Code) is a check code.

  The multiplexing unit 30 stores the first encrypted digital video bitstream 3, the second encrypted digital video bitstream 29, the first ECM information 7, the first EMM information 19, and the first right information 9. After multiplexing, the first multiplexed information 31 is supplied to the modulation means 32. The modulation means 32 performs orthogonal frequency multiplexing on the first multiplexed information 31 and outputs a first modulated signal 33 to the receiving device 200.

  On the other hand, in the receiving apparatus 200, the received first modulated signal 33 is demodulated by the demodulating means 49 and the first multiplexed information 50 is output. Separating means 51, from the demodulated first multiplexed information 50, first EMM information 52, first ECM information 55, PMT information 59, first encrypted digital video bitstream 62, The second encrypted digital video bitstream 79 is separated. The first right information extraction unit 60 extracts the first right information 61 from the PMT information 59 and supplies it to the first decryption unit 63.

  The first EMM information 52 is added to the first EMM decoding means 53. The first EMM decoding means 53 is a business ID which is a code for identifying the business ID on the card ID (receiving device identification information), related information byte length, protocol number, and conditional access broadcast operation of the receiving device 200 shown in Table 2. The body identification information, the update number that is incremented when updating, and the expiration date information are extracted, the variable part descriptor “EncKey descriptor” in the structure of the first EMM is detected, and the subsequent third key 54 is Extracted and added to the first ECM decoding means 57. The first ECM decrypting means 57 decrypts the encrypted first ECM information 55 using the third key 54 and outputs the first key 58.

The first decryption means 63 decrypts the first encrypted digital video bitstream 62 using the first key 58 and the first right information 61 and outputs it as the first digital video bitstream 64.
Further, the first EMM decrypting means 53 detects the variable part descriptor “RO descriptor”, extracts the rights object 71 and supplies it to the rights object separating means 72. In this case, since it is in the descriptor format, even if “RO descriptor” is not present, the first EMM decoding means 53 processes only “EncKey descriptor”, so that no malfunction occurs.

The rights object separation means 72 extracts the second key 73 and supplies it to the second decryption means 80, extracts the second rights information data 76 and supplies it to the second rights information decryption means 77. The second right information decrypting means 77 decrypts the second right information 78 from the second right information data 76 expressed in XML, extracts it, and supplies it to the second decrypting means 80.
The second decryption means 80 decrypts the second encrypted digital video bitstream 79 using the second key 73 and the second right information 78 and outputs a second digital video bitstream 81.

  As described above, in the receiving apparatus 200, the decryption of the first encrypted digital video bitstream 62 using the first rights information 61 stored in the PMT and the key information included in the ECM / EMM, and the rights object identification It is possible to achieve both decryption of the second encrypted digital video bitstream 79 using the rights information and key included in the ECM / EMM including the rights object 71 identified by the information. For this reason, in the transmission / reception apparatus according to the first embodiment of the present invention, the compatibility between content protection based on the ECM / EMM framework and content protection using rights objects such as OMA DRM is provided for individual protection of the receiving apparatus. It can be realized as a mechanism.

(Embodiment 2)
FIG. 2 is a block diagram showing a configuration of a transmission / reception apparatus including transmission apparatus 300 and reception apparatus 400 according to the second embodiment of the present invention. In FIG. 2, components having the same functions and configurations as those of the transmitting / receiving apparatus of the first embodiment are denoted by the same reference numerals, and the description of the first embodiment is used for the description. The transmission / reception apparatus according to the second embodiment differs greatly from the transmission / reception apparatus according to the first embodiment in that the second ECM generation means 21 and the second EMM generation means 23 in the transmission apparatus 300 and the second in the reception apparatus 400 are the same. This is the configuration of the EMM decoding means 67 and the second ECM decoding means 69.

  In the transmitting apparatus 300 in the transmitting / receiving apparatus according to the second embodiment, the second EMM generating means 23 generates the third key 20 and the encrypted second EMM information 24, and uses the third key 20 as the second key. The data is supplied to the ECM generation means 21 and the second EMM information 24 is supplied to the multiplexing means 30. The second ECM generation means 21 receives the rights object 15 and the third key 20 and generates the first key 5 and the encrypted second ECM information 22. The multiplexing means 30 generates the second multiplexing information 34 and supplies it to the modulation means 32. In the modulation means 32, the multiplexed information 34 is modulated to generate a second modulated signal 36 and transmitted to the receiving device 400.

  On the other hand, in receiving apparatus 400 in the transmitting / receiving apparatus of the second embodiment, received second modulated signal 36 is demodulated by demodulating means 49, and demodulated second multiplexed information 65 is input to separating means 51. . The demultiplexing means 51 uses the demodulated second multiplexed information 65 to PMT (Program Map Table) information 59, the first encrypted digital video bit stream 62, the second encrypted digital video bit stream 79, and the second The EMM information 66 and the second ECM information 68 are extracted and separated. The second EMM information 66 separated by the separation means 51 is sent to the second EMM decryption means 67, and the third key 54 is extracted. The third key 54 extracted by the second EMM decryption means 67 is sent to the second ECM decryption means 69 together with the second ECM information 68, and the first key 58 and the rights object 71 are extracted.

  In the transmission apparatus 300 shown in FIG. 2, the digital video bit stream 1 as input digital information is transmitted by the first encryption unit 2 using the first key 5 generated by the second ECM generation unit 21. It is encrypted and output as a first encrypted digital video bitstream 3.

  The second key 11 is generated by the second key generation means 10 and sent to the rights object generation means 14 and the second encryption means 28. The second right information generation unit 12 generates the second right information 13 and supplies it to the right object generation unit 14. The rights object generation means 14 generates a rights object 15 including the second key 11 and the second rights information 13 and supplies the rights object 15 to the second ECM generation means 21.

Rights object identification information 17 indicating the rights object 15 is generated by the rights object identification information generation means 16 and added to the second ECM generation means 21.
Table 3 shows the structure of the second ECM generated by the second ECM generation means 21. As shown in Table 3, in the second ECM, the ECM is stored following the ECM section header. The ECM is composed of a fixed part and a variable part. The fixed part stores the first key 5 following the protocol number and the business entity identification information.

  In the variable part, “RO descriptor” corresponding to the rights object identification information 17 is described, and thereafter, the rights object 15 including the second key 11 and the second rights information 13 is described. In the receiving apparatus 400, if “RO descriptor” is described in the variable section, it can be known that the rights object exists. Since the rights object 15 is stored in the ECM, which is common information, unlike the first embodiment, the rights object 15 is stored as common information.

  The second ECM generation means 21 encrypts the second ECM including the rights object 15 and the rights object identification information 17 with the third key 20 generated by the second EMM generation means 23, ECM information 22 is generated. The generated second ECM information 22 is sent to the multiplexing means 30.

  The second key 11 generated by the second key generation means 10 is sent to the second encryption means 28 and used for encryption of the digital video bitstream 1. The digital video bitstream 1 encrypted by the second encryption unit 28 is sent to the multiplexing unit 30 as a second encrypted digital video bitstream 29.

  Table 4 shows the structure of the second EMM. As shown in Table 4, in the second EMM, data of EMM1 to EMMn is stored following the EMM section header. The EMM 1 is divided into a fixed part and a variable part. The fixed unit is a receiving device 400 card ID (receiving device identification information) that is reception contract information, a byte length of related information, a protocol number, and business entity identification information that is a code for identifying a business entity for conditional access broadcasting operation, An update number, which is a number that increases when the individual information is updated, and expiration date information of the individual information are stored. In the variable part, “EncKey descriptor” is described, and then the third key is stored.

  The first right information generating unit 8 generates the first right information 9 and supplies it to the multiplexing unit 30. The multiplexing means 30 multiplexes the first right information 9 on the PMT. Here, the first right information 9 is copy control information CCI (Copy Control Information), which performs copy control by 2 bits, and includes information on copy free, one generation copy, copy no more, and copy prohibition.

  The multiplexing means 30 stores the first encrypted digital video bitstream 3, the second encrypted digital video bitstream 29, the second ECM information 22, the second EMM information 24, and the first right information 9. The second multiplexed information 34 is generated by multiplexing, and the generated second multiplexed information 34 is supplied to the modulation means 32. The modulation means 32 performs orthogonal frequency multiplexing on the second multiplexed information 34 and outputs a second modulated signal 36.

  On the other hand, in the receiving apparatus 400, the received second modulated signal 36 is demodulated by the demodulating means 49, and the second multiplexed information 65 is generated. The generated second multiplexing information 65 is input to the separating means 51. The separating means 51 extracts the first encrypted digital video bit stream 62, the second encrypted digital video bit stream 79, the PMT information 59, the second EMM from the demodulated second multiplexed information 65. The information 66 and the second ECM information 68 are separated from each other. The second EMM information 66 is sent to the second EMM decoding means 67. The second EMM decoding means 67 is a business ID which is a code for identifying the business ID on the card ID (receiving device identification information) of the receiving device 400 shown in Table 4, the byte length of the related information, the protocol number, and the conditional access broadcast operation. The body identification information, the update number that is incremented when updating, and the expiration date information are extracted, and the variable part “EncKey descriptor” in the structure of the second EMM is detected, and then the third key 54 is extracted. Then, it is sent to the second ECM decoding means 69.

The second ECM decrypting means 69 decrypts the encrypted second ECM information 68 by using the third key 54 to obtain the second ECM, and the first key 58 is converted into the first decrypting means. Send to 63.
The second ECM decryption means 69 detects “RO descriptor” in the variable part in the structure of the second ECM shown in Table 3, extracts the right object 71 and adds it to the right object separation means 72.

The rights object separation means 72 extracts the third key 73 and sends it to the second decryption means 80, extracts the second rights information data 76, and sends it to the second rights information decryption means 77. The second right information decrypting unit 77 extracts the second right information 78 and supplies it to the second decrypting unit 80.
The second decryption means 80 decrypts the second encrypted digital video bitstream 79 by using the third key 73 and the second right information 78 and outputs a second digital video bitstream 81.

  As described above, the receiving apparatus 400 decrypts the first encrypted digital video bitstream 62 using the first right information 61 stored in the PMT and the key information included in the ECM / EMM, and the right object identification. It is possible to achieve both decryption of the second encrypted digital video bitstream 79 using the rights information and key included in the ECM / EMM including the rights object 71 identified by the information. Therefore, in the transmission / reception apparatus according to the second embodiment of the present invention, compatibility between content protection based on the ECM / EMM framework and content protection using rights objects such as OMA DRM is realized as a common service mechanism. be able to.

In the first embodiment and the second embodiment, it is obvious that the same holds true even if the already encrypted rights object is used.
In the first and second embodiments, the case of a digital video bit stream has been described, but it is obvious that the same holds true for a digital audio bit stream.
In the first embodiment and the second embodiment, the case where the first digital video bit stream and the second digital video bit stream are mixed has been described. However, in the case where only the second digital video bit stream exists. It is clear that

(Embodiment 3)
FIG. 3 is a block diagram showing a configuration of a transmission / reception apparatus having transmission apparatus 500 and reception apparatus 600 according to Embodiment 3 of the present invention. In FIG. 3, components having substantially the same functions and configurations as those of the transmission / reception apparatus in each of the above-described embodiments are denoted by the same reference numerals, and the description thereof uses the description of the corresponding embodiment. Detailed description is omitted in the third embodiment.
In the transmission apparatus 500 of Embodiment 3 shown in FIG. 3, the digital video bitstream 1 as input digital information is encrypted by the first encryption means 2 using the first key 5 and the first A first encrypted digital video bitstream 3 that is encrypted information is generated. The generated first encrypted digital video bitstream 3 is sent to the multiplexing means 30.

  The transmission apparatus according to the third embodiment further includes a third ECM generation unit 506 that generates the first key 5 and the encrypted third ECM information 507, and a second key that generates the second key 11. Key generation means 10, second rights information generation means 12 for generating second rights information 13, rights object generation means 14 for generating rights object 15, rights object 15 and rights object identification information 17. Third EMM generating means 518 for generating the encrypted third encrypted EMM information 519, and modulating means 32 for modulating the third multiplexed information 531 from the multiplexing means 30 by OFDM (Orthogonal Frequency Multiplexing Modulation). And are provided.

  On the other hand, in the receiving device 600, the demodulating means 49 demodulates the received third modulated signal 533 and supplies the third multiplexed information 650 to the separating means 51. The separation means 51 separates the third EMM information 652, the third ECM information 655, and the first encrypted digital video bitstream 62 from the demodulated third multiplexed information 650. The receiving device 600 receives the third EMM decryption unit 653 to which the third EMM information 652 is input, and the rights object 671 from the third EMM decryption unit 653 to receive the second key 73 and the second key 73. Right object separation means 72 that separates the second right information data 76, third ECM decryption means 657 that is supplied with the second key 73 separated by the right object separation means 72 and extracts the first key 58, The second right information decrypting means 77 for extracting the second right information 78 from the second right information data 76, the separated first encrypted digital video bitstream 62, the first key 58 and the second Third decoding means 663 for decoding based on the right information 78 and outputting the first digital video bitstream 64 is provided.

In the transmission apparatus 500 shown in FIG. 3, the digital video bitstream 1 as input digital information is encrypted by the first encryption unit 2 using the first key 5 generated by the third ECM generation unit 506. And sent to the multiplexing means 30 as the first encrypted digital video bitstream 3.
The structure of the third ECM generated by the third ECM generation unit 506 is the same as that in Table 1.
The third ECM information 507 is generated by encrypting the third ECM with the second key 11 generated by the second key generation unit 10 and sent to the multiplexing unit 30.

  On the other hand, the second key 11 generated by the second key generation means 10 is sent to the rights object generation means 14. The second right information generation unit 12 generates the second right information 13 and sends it to the right object generation unit 14. It is assumed that the second right information 13 is described in XML (extensible Markup Language). The rights object generation means 14 generates rights object information 15 including the second key 11 and the second rights information 13 and sends it to the third EMM generation means 518.

  The third EMM generation means 518 encrypts the third EMM including the rights object 15 to generate third EMM information 519 and sends it to the multiplexing means 30. The second right information 13 is encrypted and protected as a part of the first EMM.

Table 5 shows the structure of the third EMM. As shown in Table 5, the third EMM has a variable part configuration different from that of the first EMM shown in Table 2, and the variable part includes a descriptor “RO corresponding to the rights object identification information 17. “descriptor” is described, and thereafter, a rights object including a second key and second rights information is described. In the receiving apparatus 600, if the descriptor “RO descriptor” is described in the variable part, it can be known that the rights object exists.
CRC (Cyclic Redundancy Code) is a check code.

  The multiplexing unit 30 multiplexes the first encrypted digital video bitstream 3, the third ECM information 507, and the third EMM information 519 and supplies the third multiplexed information 531 to the modulation unit 32. . The modulation means 32 performs orthogonal frequency multiplexing on the first multiplexed information 531 and outputs a third modulated signal 533 to the receiving device 600.

  On the other hand, in the receiving apparatus 600, the received third modulated signal 533 is demodulated by the demodulating means 49, and the third multiplexed information 650 is output. The separation means 51 separates the third EMM information 652, the third ECM information 655, and the first encrypted digital video bitstream 62 from the demodulated third multiplexed information 650.

  The third EMM information 652 is added to the third EMM decoding means 653. The third EMM decoding means 653 is a code for identifying the card ID (receiving device identification information) of the receiving device 600 shown in Table 5, the byte length of the related information, the protocol number, and the entity for the conditional access broadcast operation. The entity identification information, the update number that is incremented when updating, and the expiration date information are extracted, and the variable object descriptor “RO descriptor” in the third EMM structure is detected to extract the rights object 671. The rights object separation means 72 is supplied.

  The rights object separation means 72 extracts the second key 73 and supplies it to the third ECM combination means 657, extracts the second rights information data 76, and supplies it to the second rights information decryption means 77. The third ECM decryption means 657 extracts the third ECM by decrypting with the second key 73 and supplies the first key 58 to the third decryption means 663. The second right information decrypting means 77 decrypts the second right information 78 from the second right information data 76, extracts it, and supplies it to the third decrypting means 663.

The third decryption means 663 decrypts the first encrypted digital video bitstream 62 using the first key 58 and the second right information 78, and outputs it as the first digital video bitstream 64.
As described above, the receiving apparatus 600 can realize the decryption of the first encrypted digital video bitstream 62 using the rights information and the key included in the ECM / EMM including the rights object 671. Therefore, the transmission / reception apparatus according to the third embodiment of the present invention can be realized as a protection mechanism using a content protection mechanism using rights objects such as ECM / EMM and OMA DRM.

(Embodiment 4)
FIG. 4 is a block diagram showing a configuration of a transmission / reception apparatus including transmission apparatus 700 and reception apparatus 800 according to the fourth embodiment of the present invention. In FIG. 4, components having substantially the same functions and configurations as those of the transmission / reception apparatus in each of the above-described embodiments are denoted by the same reference numerals, and the description thereof uses the description of the corresponding embodiment. In the fourth embodiment, detailed description is omitted.
In the transmission apparatus 700 according to the fourth embodiment shown in FIG. 4, the digital video bitstream 1 that is input digital information is encrypted by the first encryption means 2 using the first key 5, and the first A first encrypted digital video bitstream 3 that is encrypted information is generated. The generated first encrypted digital video bitstream 3 is sent to the multiplexing means 30.

  The transmission apparatus 700 according to the fourth embodiment further includes a third ECM generation unit 506 that generates the first key 5 and the encrypted third ECM information 507, and a second key 11 that generates the second key 11. 2 key generation means 10, second right information generation means 12 that generates the second right information 13, rights object generation means 14 that generates the right object 15, and encrypted fourth EMM information 719. EMM generation means 718 for generating the data, modulation means 32 for modulating the fourth multiplexing information 731 from the multiplexing means 30 by OFDM (Orthogonal Frequency Multiplexing Modulation), and authentication of the destination to which the rights object 15 is sent And a first communication unit 734 that transmits / receives the authentication information of the first authentication unit 736 and transmits the rights object 15.

  On the other hand, in the receiving apparatus 800, the demodulating means 49 demodulates the received fourth modulated signal 733 and supplies the fourth multiplexed information 850 to the separating means 51. The separation means 51 separates the fourth EMM information 852, the third ECM information 655, and the first encrypted digital video bitstream 62 that is the first encrypted information from the fourth multiplexed information 850. In addition, the receiving device 800 receives the right object 871 from the fourth EMM decryption unit 853 to which the fourth EMM information 852 is input and the second communication unit 870 to input the second key 73 and the second key. Rights object separation means 72 that separates the rights information data 76, fourth ECM decryption means 857 that is supplied with the second key 73 and extracts the first key 58, and second rights information data 76 to the second A second right information decrypting means 77 for extracting the right information 78, and the first encrypted digital video bitstream 62 separated from the first right information 78 based on the first key 58 and the second right information 78, Third decryption means 663 that outputs the first digital video bitstream 64, second authentication means 873 that receives the rights object and authenticates the counterpart, and second authentication means 8 It transmits and receives third authentication information with the second communication means 870 for receiving a rights object, is provided. In addition, communication information 735 is sent between the first communication unit 734 and the second communication unit 870. The communication information 735 may be via radio waves like a wired internet, a wireless internet or a portable terminal.

  In the transmission apparatus 700 shown in FIG. 4, the digital video bitstream 1 as input digital information is encrypted by the first encryption means 2 using the first key 5 generated by the third ECM generation means 506. And output as the first encrypted digital video bitstream 3.

The structure of the third ECM generated by the third ECM generation unit 506 is the same as that in Table 1 described above.
The third ECM information 507 is generated by encrypting the third ECM with the second key 11 generated by the second key generation unit 10 and sent to the multiplexing unit 30.

  On the other hand, the second key 11 generated by the second key generation means 10 is sent to the rights object generation means 14. The second right information generation unit 12 generates the second right information 13 and sends it to the right object generation unit 14. It is assumed that the second right information 13 is described in XML (extensible Markup Language). The rights object generation means 14 generates rights object information 15 including the second key 11 and the second rights information 13 and sends it to the first communication means 734. The first communication means 734 modulates the rights object 15 and outputs it as communication information 735.

The fourth EMM generation means 718 encrypts the fourth EMM to generate fourth EMM information 719 and sends it to the multiplexing means 30.
Table 6 shows the structure of the fourth EMM. As shown in Table 6, the fourth EMM is different in the configuration of the variable part from the structure of the first EMM shown in Table 5 above, and the descriptor “RO descriptor” and the rights object are added to the variable part. Not included. CRC (Cyclic Redundancy Code) is a check code.

  The multiplexing unit 30 multiplexes the first encrypted digital video bitstream 3, the third ECM information 507, and the fourth EMM information 719, and supplies the fourth multiplexed information 731 to the modulation unit 32. . The modulation means 32 performs orthogonal frequency multiplexing on the fourth multiplexed information 731 and outputs a fourth modulated signal 733 to the receiving device 800.

  On the other hand, in the receiving apparatus 800, the received fourth modulated signal 733 is demodulated by the demodulating means 49, and the fourth multiplexed information 850 is output. The separating means 51 separates the fourth EMM information 852, the third ECM information 655, and the first encrypted digital video bitstream 62 from the demodulated fourth multiplexed information 850.

  The fourth EMM information 852 is added to the fourth EMM decoding means 853. The fourth EMM decoding means 853 is a business ID which is a code identifying the business ID on the card ID (receiving device identification information), related information byte length, protocol number, and conditional access broadcast operation of the receiving device 800 shown in Table 6. The body identification information, the update number that is incremented when updating, and the expiration date information are extracted.

  The second authentication unit 873 issues an authentication request to the first authentication unit 736 via the second communication unit 870 and the first communication unit 734. The first authentication means 736 and the second authentication means 873 confirm the validity through the request and response, and after the validity is confirmed, the first communication means 734 sends the rights object 15 to the second communication means 870. The second communication means 870 sends the received rights object 871 to the rights object separation means 72.

  The rights object separation means 72 extracts the second key 73 and supplies it to the fourth ECM combination means 857, extracts the second rights information data 76, and supplies it to the second rights information decryption means 77. The second right information decrypting means 77 decrypts the second right information 78 from the second right information data 76, extracts it, and supplies it to the third decrypting means 663.

  The third decryption means 663 decrypts the first encrypted digital video bitstream 62 using the first key 58 and the second right information 78, and outputs it as the first digital video bitstream 64.

  As described above, the receiving apparatus 800 can realize the decryption of the first encrypted digital video bitstream 62 using the rights object 871 and the key included in the ECM / EMM. For this reason, in the transmission / reception apparatus according to the fourth embodiment of the present invention, a content protection mechanism is used in which a rights object such as ECM / EMM and OMA DRM is transmitted on a separate line from fourth modulation signal 733. It can be realized as a protection mechanism. As a result, the content can be temporarily stored in the receiving device 800, and at the time of use, the rights object can be received from the transmitting device 700, which provides a great convenience when a mobile terminal is used as the receiving device 800. To do.

(Embodiment 5)
FIG. 5 is a block diagram showing a configuration of a transmission / reception device having transmission device 500, reception device 900, and external device 674 according to Embodiment 5 of the present invention, and reception device 900 and external device 674 constitute a home network. ing. In FIG. 5, components having substantially the same functions and configurations as those of the transmission / reception apparatus in each of the above-described embodiments are denoted by the same reference numerals, and the description thereof is implemented by using the description of the corresponding embodiment. Detailed description is omitted in Embodiment 5.

The transmission apparatus 500 of Embodiment 5 shown in FIG. 5 has the same configuration as the transmission apparatus 500 of Embodiment 3 of the present invention.
On the other hand, receiving apparatus 900 is basically the same as that of Embodiment 3 of the present invention, except that first receiving means 672 is provided. The first output means 672 sends the third multiplexing information 650 to the external device 674 as the first output signal 673. The external device 674 is a mobile terminal such as a mobile phone or a mobile video player. The first output signal 673 may be physically wired such as Ethernet (registered trademark) or wireless such as “802.11b”.

  As described above, the receiving apparatus 900 realizes the decryption of the first encrypted digital video bitstream 62 by using the rights information and the key included in the ECM / EMM including the rights object 671 identified by the rights object identification information. be able to. In addition, content can be output to the external device 674 by a content protection mechanism using rights objects such as ECM / EMM and OMA DRM.

(Embodiment 6)
FIG. 6 is a block diagram showing a configuration of a transmission / reception apparatus including transmission apparatus 1000, reception apparatus 1100, and external apparatus 1200 according to the sixth embodiment of the present invention. In FIG. 6, components having substantially the same functions and configurations as those of the transmission / reception apparatus in each of the above-described embodiments are denoted by the same reference numerals, and the description thereof is implemented by using the description of the corresponding embodiment. In the sixth embodiment, detailed description is omitted.
In the transmission apparatus 1000 according to the sixth embodiment shown in FIG. 6, the digital video bitstream 1 as input digital information is encrypted by the first encryption unit 2 using the first key 5 and the first A first encrypted digital video bitstream 3 that is encrypted information is generated. The generated first encrypted digital video bitstream 3 is sent to the multiplexing means 30.

  The transmission apparatus 1000 according to the sixth embodiment further includes a third ECM generation unit 506 that generates the first key 5 and the encrypted third ECM information 507, and a second key 11 that generates the second key 11. 2 key generation means 10, second right information generation means 12 for generating second right information 13, rights object generation means 14 for generating rights object 15, and encrypted fifth EMM information 1019. The fifth EMM generation means 1018 for generating the first right information generation means 8 for generating the first right information 9 and the fourth multiplexed information 1031 from the multiplexing means 30 are OFDM (orthogonal frequency multiplexing). Modulation means 32 that modulates the signal and outputs a fifth modulated signal 1033.

  On the other hand, in the receiving apparatus 1100, the demodulating means 49 demodulates the received fifth modulated signal 1033 and supplies the fifth multiplexed information 1150 to the separating means 51. The separating means 51 includes the fifth multiplexed information 1150, the fifth EMM information 1152, the third ECM information 655, the PMT (Program Map Table) information 59, and the first encryption information. The encrypted digital video bit stream 62 is separated from each other. In addition, the receiving device 1100 is supplied with the fifth EMM decryption unit 1153 to which the fifth EMM information 1152 is input, and the third ECM decryption unit 657 that is supplied with the second key 73 and extracts the first key 58. A first right information extraction means 60 for extracting first right information 61 from PMT (Program Map Table) information 59; a first encrypted digital video bitstream 62 that is separated as a first key 58; First decoding means 63 for decoding based on the first right information 61 and outputting a first digital video bitstream 64; second output means 1101 for receiving fifth multiplexed information 1150; , Is provided. The second output means 1101 outputs a second output signal 1102, and this signal transmission may be physically wired such as Ethernet (registered trademark) or wireless such as “802.11b”. A part of the home network is configured together with the receiving apparatus 1100.

  The external device 1200 is, for example, a mobile phone, a mobile video player, or an in-vehicle terminal, and its configuration is shown in FIG. FIG. 7 is a block diagram showing the configuration of the external device 1200 according to the sixth embodiment. The external device 1200 receives the fifth multiplexed information 1150 from the second output unit 1101 of the receiving device 1100 as the second output signal 1102 and the rights object information from the first communication unit 734 of the transmitting device 1000. 15 is received as a communication signal 735. As shown in FIG. 7, the external apparatus 1200 includes a first input unit 1249, a separation unit 51, a second decryption unit 80, a third ECM decryption unit 657, a third communication unit 1270, and a third authentication unit. 1273, rights object separation means 72, and second rights information decoding means 77.

In the transmission apparatus 1000 shown in FIG. 6, the digital video bitstream 1 as input digital information is encrypted by the first encryption unit 2 using the first key 5 generated by the third ECM generation unit 506. And output as the first encrypted digital video bitstream 3.
The structure of the third ECM generated by the third ECM generation unit 506 is the same as that in Table 1 described above. The third ECM information 507 is generated by encrypting the third ECM with the second key 11 generated by the second key generation unit 10 and sent to the multiplexing unit 30.

  On the other hand, the second key 11 generated by the second key generation means 10 is sent to the rights object generation means 14. The second right information generation unit 12 generates the second right information 13 and sends it to the right object generation unit 14. It is assumed that the second right information 13 is described in XML (extensible Markup Language). The rights object generation means 14 generates a rights object 15 including the second key 11 and the second rights information 13 and sends it to the first communication means 734. The first communication means 734 modulates the rights object 15 and outputs it as communication information 735.

The fifth EMM generation means 1018 encrypts the fifth EMM to generate fifth EMM information 1019 and sends it to the multiplexing means 30.
Table 7 shows the structure of the fifth EMM. As shown in Table 7, the fifth EMM has the descriptor “EncKey descriptor” and the second key in the variable part. CRC (Cyclic Redundancy Code) is a check code.

  The multiplexing unit 30 multiplexes the first encrypted digital video bitstream 3, the third ECM information 507, and the fifth EMM information 1019, and supplies the fifth multiplexed information 1031 to the modulation unit 32. The modulation unit 32 performs orthogonal frequency multiplexing modulation on the fifth multiplexed information 1031 and outputs a fifth modulated signal 1033 to the receiving apparatus 1100.

  On the other hand, in the receiving apparatus 1100, the received fifth modulated signal 1033 is demodulated by the demodulating means 49, and the fifth multiplexed information 1150 is output. The demultiplexing means 51 includes demodulated fifth multiplexed information 1150 to fifth EMM information 1152, third ECM information 655, PMT (Program Map Table) information 59, and first encrypted digital video bits. The stream 62 is separated.

  The fifth EMM information 1152 is added to the fifth EMM decoding means 1153. The fifth EMM decoding means 1153 is a business ID which is a code for identifying the business ID on the card ID (reception device identification information), related information byte length, protocol number, and conditional access broadcast operation of the reception device 1100 shown in Table 7. The body identification information, the update number that is incremented when updating, and the expiration date information are extracted.

The fifth EMM decryption unit 1153 extracts the second key 73 and supplies it to the third ECM decryption unit 657, and the third ECM decryption unit 657 extracts the first key 58 and extracts the first key 58. 63.
The first decryption means 63 decrypts the first encrypted digital video bitstream 62 using the first key 58 and the first right information 61 and outputs it as the first digital video bitstream 64.

The second output unit 1101 outputs the fifth multiplexed information 1150 to the external device 1200 as the second output signal 1102.
In the external device 1200, the first input unit 1249 receives the fifth multiplexed information 1150 as the second output signal 1102 from the receiving device 1100, and receives the signal as the sixth multiplexed information 1250 to the separating unit 51. Supply. The separating means 51 separates the sixth multiplexed information 1250 into the third ECM information 655 and the second encrypted digital video bitstream 79, and the second encrypted digital video bitstream 79 as the second decrypting means. Output to 80.

  The third authentication unit 1273 of the external device 1200 performs authentication with the first authentication unit 736 of the transmission device 1000 via the third communication unit 1270 and the first communication unit 734 of the transmission device 1000. After the establishment, the rights object 15 is received, and the rights object separation means 72 separates the second rights object 76. The second rights object 76 is decrypted by the second rights information decrypting means 77, and the decrypted second rights information 78 is output to the second decrypting means 80. Further, the third ECM decrypting means 657 decrypts the third ECM information 655 by using the second key 73 and extracts the first key 58. The extracted first key 58 is supplied to the second decryption means 80.

  Based on the second right information 78, the second decryption means 80 decrypts the second encrypted digital video bit stream 79 with the first key 58 and outputs a second digital video bit stream 81.

  As described above, in the transmission / reception apparatus according to the sixth embodiment, the decryption of the first encrypted digital video bitstream 3 using the key included in the ECM / EMM can be realized. Since the rights object 15 includes rights different from the first rights information, in the external device 1200 such as a portable terminal, the receiving device 1100 permitted by the first rights information 9 newly acquired from the operator side. Decryption based on permission different from decryption in the above can be performed. As a result, the content is temporarily stored in the receiving device 1100, for example, a set top box, and transferred to the external device 1200, for example, a portable terminal or an in-vehicle terminal via the wireless LAN, and the external device 1200 uses the content. At the time, it is possible to receive the rights object from the transmission apparatus 1000 via radio waves, for example. Therefore, the transmission / reception apparatus according to the sixth embodiment is configured to be able to provide exceptional convenience.

  The present invention is particularly useful in the case of using together with copyright management using a protection mechanism using rights objects such as OMA DRM in digital broadcasting using a protection mechanism using ECM / EMM.

It is a block diagram which shows the structure of the transmission / reception apparatus which has a transmission device of Embodiment 1 which concerns on this invention, and a reception device. It is a block diagram which shows the structure of the transmitter / receiver which has the transmitter of Embodiment 2 which concerns on this invention, and a receiver. It is a block diagram which shows the structure of the transmission / reception apparatus which has a transmission device of Embodiment 3 which concerns on this invention, and a receiving device. It is a block diagram which shows the structure of the transmitter / receiver which has the transmitter of Embodiment 4 which concerns on this invention, and a receiver. It is a block diagram which shows the structure of the transmitter / receiver which has the transmitter of Embodiment 5 which concerns on this invention, a receiver, and an external device. It is a block diagram which shows the structure of the transmitter / receiver which has the transmitter of Embodiment 6 which concerns on this invention, a receiver, and an external device. FIG. 20 is a block diagram illustrating a configuration of an external device in a sixth embodiment. It is a block diagram which shows the structure of the conventional transmission / reception apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Digital video bit stream 2 1st encryption means 5 1st key 6 1st ECM generation means 8 1st right information generation means 10 2nd key generation means 11 2nd key 12 2nd right information Generation means 14 Rights object generation means 16 Rights object identification information generation means 18 First EMM generation means 20 Third key 21 Second ECM generation means 23 Second EMM generation means 28 Second encryption means 30 Multiplexing Means 32 Modulating means 49 Demodulating means 51 Separating means 53 First EMM decrypting means 54 Third key 57 First ECM decrypting means 58 First key 60 First right information extracting means 63 First decrypting means 67 First 2 EMM decryption means 69 Second ECM decryption means 72 Rights object separation means 73 Third key 77 Second right information decryption means 80 Second decryption No. 506 Third ECM generation means 518 Third EMM generation means 653 Third EMM decoding means 657 Third ECM decoding means 672 First output means 718 Fourth EMM generation means 734 First communication means 736 1st authentication means 853 4th EMM decryption means 857 4th ECM decryption means 870 2nd communication means 873 2nd authentication means 1018 5th EMM generation means 1101 2nd output means 1153 5th EMM decryption Means 1200 External device

Claims (14)

First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
First right information generating means for generating first right information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A third key is generated and a first EMM (Entirement Management Message) including the generated third key, the rights object, the rights object identification information, and the receiving device identification information is generated and encrypted to generate a first key. First EMM generating means for generating EMM information of
First ECM generation that generates a first ECM (Entirement Control Message) including the first key, and generates the first ECM information by encrypting the generated first ECM with the third key. Means,
Multiplexing means for multiplexing the first ECM information, the first EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And a transmission apparatus. First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
First right information generating means for generating first right information;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A second EMM generating unit that generates and encrypts the third key, the reception device identification information, and the second EMM, and generates second EMM information;
Generating a second ECM including the first key, the rights object, and the rights object identification information, and generating the second ECM information by encrypting the generated second ECM with the third key; Second ECM generation means for
Multiplexing means for multiplexing the second ECM information, the second EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And a transmission apparatus. Separation of separating input multiplexed information and outputting encrypted first ECM information, encrypted first EMM information, first encrypted information, second encrypted information, and PMT information Means,
First EMM decryption means for extracting receiving device identification information, a rights object, and a third key from the first EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First ECM decryption means for decrypting the first ECM from the first ECM information using the third key and outputting the first key;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And a second decryption unit configured to decrypt the second encrypted information using the second key based on the second right information. Separation of separating input multiplexed information and outputting encrypted second ECM information, encrypted second EMM information, first encrypted information, second encrypted information, and PMT information Means,
Second EMM decryption means for extracting receiving device identification information and a third key from the second EMM information;
Second ECM decryption means for decrypting a second ECM from the second ECM information using the third key to extract a rights object and a first key;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And a second decryption unit configured to decrypt the second encrypted information using the second key based on the second right information. A transmission / reception device comprising a transmission device and a reception device,
The transmitter is
First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
First right information generating means for generating first right information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A third key is generated and a first EMM (Entirement Management Message) including the generated third key, the rights object, the rights object identification information, and the receiving device identification information is generated and encrypted to generate a first key. First EMM generating means for generating EMM information of
First ECM generation that generates a first ECM (Entirement Control Message) including the first key, and generates the first ECM information by encrypting the generated first ECM with the third key. Means,
Multiplexing means for multiplexing the first ECM information, the first EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And having
The receiving device is:
Separation of separating input multiplexed information and outputting encrypted first ECM information, encrypted first EMM information, first encrypted information, second encrypted information, and PMT information Means,
First EMM decryption means for extracting receiving device identification information, a rights object, and a third key from the first EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First ECM decryption means for decrypting the first ECM from the first ECM information using the third key and outputting the first key;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And a second decryption unit configured to decrypt the second encrypted information using the second key based on the second right information. A transmission / reception device comprising a transmission device and a reception device,
The transmitter is
First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
First right information generating means for generating first right information;
Second encryption means for encrypting the input digital information with the second key to generate second encrypted information;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating a rights object for identifying the rights object;
A second EMM generating unit that generates and encrypts the third key, the reception device identification information, and the second EMM, and generates second EMM information;
Generating a second ECM including the first key, the rights object, and the rights object identification information, and generating the second ECM information by encrypting the generated second ECM with the third key; Second ECM generation means for
Multiplexing means for multiplexing the second ECM information, the second EMM information, the first encrypted information, the second encrypted information, and the first right information to output multiplexed information And having
The receiving device is:
Separation of separating input multiplexed information and outputting encrypted second ECM information, encrypted second EMM information, first encrypted information, second encrypted information, and PMT information Means,
Second EMM decryption means for extracting receiving device identification information and a third key from the second EMM information;
Second ECM decryption means for decrypting a second ECM from the second ECM information using the third key to extract a rights object and a first key;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
First rights information extraction means for extracting first rights information from the PMT information;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And a second decryption unit configured to decrypt the second encrypted information using the second key based on the second right information. First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Rights object identification information generating means for generating rights object identification information for identifying the rights object;
A third EMM generating means for generating a third EMM information by generating and encrypting a third EMM (Entirement Management Message) including the rights object, the rights object identification information, and the receiving device identification information;
A third ECM generation that generates a third ECM (Entirement Control Message) including the first key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
A transmission apparatus comprising: multiplexing means for multiplexing the third ECM information, the third EMM information, and the first encrypted information to output multiplexed information. First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
Second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
A fourth EMM generating means for generating a fourth EMM information by generating and encrypting a fourth EMM (Entirement Management Message) including the receiving device identification information;
A third ECM generation that generates a third ECM (Entirement Control Message) including the first key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
Multiplexing means for multiplexing the third ECM information, the fourth EMM information, and the first encrypted information to output multiplexed information;
First authentication means for authenticating a destination to which the rights object is sent;
A transmission apparatus comprising: first communication means for transmitting / receiving authentication information of the first authentication means and transmitting the rights object. First encryption means for encrypting input digital information with a first key to generate first encrypted information;
Second key generating means for generating a second key;
A first right information generating means for generating first right information; a second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Fifth EMM generating means for generating fifth EMM information by generating and encrypting a fifth EMM (Entirement Management Message) including the receiving device identification information and the second key;
A third ECM generation that generates a third ECM (Entirement Control Message) including the second key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
Multiplexing means for multiplexing the third ECM information, the fifth EMM information, the first encrypted information, and the first right information to output multiplexed information;
First authentication means for authenticating a destination to which the rights object is sent;
A transmission apparatus comprising: first communication means for transmitting / receiving authentication information of the first authentication means and transmitting the rights object. Separation means for separating the input multiplexed information and outputting the encrypted third ECM information, the encrypted third EMM information, and the first encrypted information;
Third EMM decryption means for extracting receiving device identification information and rights object from the third EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
And a third decryption unit configured to decrypt the first encrypted information using the first key based on the second right information. Separating means for separating the input multiplexed information and outputting the encrypted fourth ECM information, the encrypted fourth EMM information, and the first encrypted information;
Fourth EMM decoding means for extracting receiving device identification information from the fourth EMM information;
A second authentication means for authenticating the other party receiving the rights object;
Second communication means for transmitting and receiving authentication information of the second authentication means and receiving the rights object;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Fourth ECM decryption means for decrypting the fourth ECM from the fourth ECM information using the second key and outputting the first key;
And a third decryption unit configured to decrypt the first encrypted information using the first key based on the second right information. Separating means for separating the input multiplexed information and outputting the encrypted third ECM information, the encrypted third EMM information, and the first encrypted information;
Third EMM decryption means for extracting receiving device identification information and rights object from the third EMM information;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
Third decryption means for decrypting the first encrypted information using the first key based on the second right information;
A receiving device comprising: first output means for outputting the input multiplexed information and the rights object. Separating means for separating the input multiplexed information and outputting the encrypted third ECM information, the encrypted fifth EMM information, the first encrypted information, and the PMT information;
Fifth EMM decryption means for extracting receiving device identification information and a second key from the fifth EMM information;
First rights information extraction means for extracting first rights information from the PMT information;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And a second output means for outputting the input multiplexed information. A transmission / reception device comprising a transmission device, a reception device, and an external device,
The transmitting device encrypts input digital information with a first key to generate first encrypted information; and
Second key generating means for generating a second key;
A first right information generating means for generating first right information; a second right information generating means for generating second right information;
A rights object generating means for generating a rights object including the second rights information and the second key;
Fifth EMM generating means for generating fifth EMM information by generating and encrypting a fifth EMM (Entirement Management Message) including the receiving device identification information and the second key;
A third ECM generation that generates a third ECM (Entirement Control Message) including the second key and encrypts the generated third ECM with the second key to generate third ECM information. Means,
Multiplexing means for multiplexing the third ECM information, the fifth EMM information, the first encrypted information, and the first right information to output multiplexed information;
First authentication means for authenticating a destination to which the rights object is sent;
First communication means for sending and receiving the authentication information of the first authentication means and transmitting the rights object;
The receiving device separates the input multiplexed information and outputs the encrypted third ECM information, the encrypted fifth EMM information, the first encrypted information, and the PMT information; ,
Fourth EMM decryption means for extracting receiving device identification information and a second key from the fifth EMM information;
First rights information extraction means for extracting first rights information from the PMT information;
Fifth ECM decryption means for decrypting the fifth ECM from the fifth ECM information using the second key and outputting the first key;
First decryption means for decrypting the first encrypted information using the first key based on the first right information;
And second output means for outputting the input multiplexed information.
The external device includes a third authentication unit that performs authentication of a destination that receives the rights object;
Third communication means for transmitting / receiving authentication information of the third authentication means and receiving the rights object;
Rights object separation means for extracting a second key and second rights information data from the rights object;
Second right information decoding means for extracting second right information from the second right information data;
Third ECM decryption means for decrypting a third ECM from the third ECM information using the second key and outputting a first key;
And a second decryption unit configured to decrypt the first encrypted information using the first key based on the second right information.

Images