CN101444096B - Encryption device, decryption device, license issuing device, and content data generation method - Google Patents

Encryption device, decryption device, license issuing device, and content data generation method Download PDF

Info

Publication number
CN101444096B
CN101444096B CN2007800174980A CN200780017498A CN101444096B CN 101444096 B CN101444096 B CN 101444096B CN 2007800174980 A CN2007800174980 A CN 2007800174980A CN 200780017498 A CN200780017498 A CN 200780017498A CN 101444096 B CN101444096 B CN 101444096B
Authority
CN
China
Prior art keywords
licence
packet
unit
data
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2007800174980A
Other languages
Chinese (zh)
Other versions
CN101444096A (en
Inventor
杉江周一
清本晋作
柴田达雄
真岛惠吾
木村武史
砂崎俊二
石川清彦
国分秀树
石川浩一
福岛胜
山根毅史
后藤亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kyocera Corp
KDDI Corp
Japan Broadcasting Corp
Original Assignee
Kyocera Corp
Nippon Hoso Kyokai NHK
KDDI Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2006137004A external-priority patent/JP5698425B2/en
Application filed by Kyocera Corp, Nippon Hoso Kyokai NHK, KDDI Corp filed Critical Kyocera Corp
Priority claimed from PCT/JP2007/060060 external-priority patent/WO2007132895A1/en
Publication of CN101444096A publication Critical patent/CN101444096A/en
Application granted granted Critical
Publication of CN101444096B publication Critical patent/CN101444096B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

A plurality of resources such as an image, audio, and data broadcast contained in a content are separately stream-encrypted. A reception side separates the encrypted streams for each of resources and acquires an initialization packet in the encrypted streams. According to the initialization packet, a decryption algorithm is initialized and a decryption key is acquired for decrypting the respective resources.

Description

Encryption device, decryption device, license issuing device and content data generation method
Technical field
The present invention relates to encryption device, decryption device, license issuing device and content data generation method.
The application advocates the priority of No. 2006-137004, the Patent of No. 2006-137002, Patent proposing on May 16th, 2006 and proposition on May 16th, 2006, quotes its content here.
Background technology
In the past, for example put down in writing the service provider system that utilizes broadcast wave and communication line in patent documentation 1.In the conventional art of putting down in writing in patent documentation 1, send content by broadcast wave, and, send by communication line and make the broadcasting decoder device validation signal that effectively plays a role at the built-in broadcasting decoder device of receiver side terminal, thus, at receiver side, according to the broadcasting decoder device validation signal that receives by communication line, the broadcasting decoder device becomes effectively, receives (audiovisual) based on the content of broadcast wave.
; in above-mentioned conventional art; even when the content that is made of a plurality of resources (image, voice, data etc.) is provided with broadcast wave, also only with a broadcasting decoder device validation signal, the broadcasting decoder device of receiver side is become effectively, so various method of service can't be provided.
And as the conventional art about portable terminal, in recent years, practical towards the digital broadcasting of portable terminal.The cipher mode of the program data as towards the digital broadcasting of portable terminal the time, if consider the disposal ability of portable terminal, just think and compare with the general encryption of blocks of data mode of using in the contents distribution of internet etc., it is desirable processing the light traffic encryption mode of load.In the traffic encryption mode, the state consistency of the both sides' of encryption device and decryption device traffic encryption algorithm is indispensable to normal deciphering.
, in digital broadcasting, due to the transmission mistake of broadcast data etc., if the loss of the transmission package of save data stream encryption data has occured, it is inconsistent that the state of the both sides' of encryption device and decryption device traffic encryption algorithm just becomes, and decryption error occurs.
Patent documentation 1: TOHKEMY 2005-159457 communique
Patent documentation 2: No. 3030341 communique of Japan Patent
Patent documentation 3: No. 3455748 communique of Japan Patent
Summary of the invention
The present invention considers that above-mentioned situation completes, and its purpose is, provides when providing with broadcast wave the content that is made of a plurality of resources, and encryption device, decryption device, the license issuing device of various method of service can be provided the user.
The present invention also aims to, provide and to strengthen for the encryption device of the traffic encryption mode of the patience of the loss that transmits the wrong transmission data that cause and decryption device, content data generation method.
In order to solve described problem, the inventive example is as having following each side.
The encryption device that the present invention's 1 relates to, preferred, be that the encryption device of the content that is made of a plurality of resources is provided with broadcast wave, comprising: ciphering unit, with each encryption key, described each resource of cryptographic object is encrypted; The packet generation unit, the packet of enciphered data or the non-encrypted data of described each resource is preserved respectively in generation; Transmitting element sends described packet.
The license issuing device that the present invention's 2 relates to, following license issuing device preferably: for the content that is consisted of by a plurality of resources, with each encryption key, described each resource of cryptographic object is being carried out under the state of encrypting, be provided for by communication line the licence that the encrypt asset when utilizing broadcast wave to provide is decrypted, comprise: memory cell, store described licence; Transmitting element sends the licence in described memory cell; Described licence is constituted by license identifier and decruption key; Described license identifier represents that this licence becomes effective broadcasting area; Each of described decruption key and cryptographic object resource is corresponding and be set up.
The decryption device that the present invention's 3 relates to, following decryption device preferably: for the content that is consisted of by a plurality of resources, by each encryption key, described each resource of cryptographic object is being carried out under the state of encrypting, utilize broadcast wave to provide, comprise: the broadcast reception unit, with broadcast wave receive data bag; The allocation of packets unit, it distributes the packet with enciphered data according to the described packet that has received by the resource difference of cryptographic object; The licence receiving element receives licence by communication line; Decrypting device is decrypted the enciphered data in the packet that distributes by the resource difference of cryptographic object with each decruption key in the described licence that has received.
The decryption device that the present invention's 4 relates to is described decryption device, the licence holding unit that preferably also has store licenses.
The decryption device that the present invention's 5 relates to is described decryption device, preferably also has the deciphering control unit, and should decipher control unit according to the license identifier in licence, controls the deciphering that this licence becomes effective broadcasting area.
The decryption device that the present invention's 6 relates to is described decryption device, preferably also has accumulative element, and this accumulative element accumulates the content that receives with broadcast wave.
The decryption device that the present invention's 7 relates to is described decryption device, preferably also have licence and obtain the unit, and this licence is obtained the unit and is obtained the effective licence of broadcasting area in receiving by communication line.
The decryption device that the present invention's 8 relates to is described decryption device, preferably also has: display unit, and express in display frame and utilize broadcast wave receiving or the predetermined content that receives; Designating unit specifies in the content of expressing in described display frame; Licence is obtained the unit, by communication line obtain with based on licence corresponding to the content of the appointment of described designating unit.
The decryption device that the present invention's 9 relates to is described decryption device, preferably also has: display unit, express the content that accumulates in the interior perhaps described accumulative element that utilizes broadcast wave receiving or be scheduled to receive in display frame; Designating unit specifies in the content of expressing in described display frame; Licence is obtained the unit, by communication line obtain with based on licence corresponding to the content of the appointment of described designating unit.
The decryption device that the present invention's 10 relates to is described decryption device, and is preferred, and described display unit is being expressed having or not of the licence corresponding with the content expressed in described display frame in display frame.
According to above-mentioned various aspects of the present invention, when utilizing broadcast wave that the content that is made of a plurality of resources is provided, can provide various service pattern to the user.
In addition, in order to solve above-mentioned problem, the inventive example is as also having following each side.
The encryption device that the present invention's 11 relates to preferably includes: the initialization package generation unit with the initialization interval of traffic encryption algorithm, generates the initialization package that is kept at the initial value that uses in the initialization of traffic encryption algorithm; Ciphering unit uses the initial value of preserving in described initialization package, and the data stream cipher algorithm is carried out initialization, carries out traffic encryption; The encrypted packets generation unit generates the encrypted packets of preserving these traffic encryption data; Transmitting element sends described initialization package and described encrypted packets.
The encryption device that the present invention's 12 relates to is described encryption device, and is preferred, and described initialization package generation unit uses the initialization interval corresponding with the medium kind of encrypted data.
The encryption device that the present invention's 13 relates to is described encryption device, and is preferred, and a plurality of described ciphering units are set; Described initialization package generation unit is kept at each initial value of described ciphering unit in initialization package.
The encryption device that the present invention's 14 relates to is described encryption device, and preferred, described initialization package and described encrypted packets are all transmission package, and its kind is different.
The decryption device that the present invention's 15 relates to preferably includes: receiving element receives initialization package and encrypted packets; Decrypting device is used the initial value of preserving in described initialization package, and the data stream cipher algorithm is carried out initialization, and the traffic encryption data of preserving in described encrypted packets are decrypted.
The decryption device that the present invention's 16 relates to is described decryption device, and a plurality of described decrypting device preferably are set; Described decrypting device is used the described initial value of appointment, and the described traffic encryption data of appointment are decrypted.
The decryption device that the present invention's 17 relates to is described decryption device, preferably also has the counting unit that the loss number of described encrypted packets is counted; Described decrypting device is carried out the idle running of the described deciphering corresponding with described loss number.
The decryption device that the present invention's 18 relates to is described decryption device, and is preferably also corresponding with described each decrypting device, and the counting unit that the loss number of described encrypted packets is counted is set; Described decrypting device is carried out the idle running of the described deciphering corresponding with described loss number.
The decryption device that the present invention's 19 relates to is described decryption device, and is preferred, and described decrypting device is in the situation that surpass the count range of described counting unit, the idle running of the described deciphering of prevention.
The decryption device that the present invention's 20 relates to is described decryption device, and preferred, described initialization package and described encrypted packets are all transmission package, and its kind is different.
The encryption device that the present invention's 21 relates to, comprise: the initialization package plug-in unit, in the packet string of save data stream content-data, by the processing unit of each data stream contents data, insert the initialization package of having preserved the initial value that uses in the initialization of traffic encryption algorithm; Ciphering unit uses the initial value of preserving in described initialization package, and the data stream cipher algorithm is carried out initialization, carries out the traffic encryption of described data stream contents data; Transmitting element sends encrypted packets and the described initialization package of preserving these encrypted data stream contents data.
The encryption device that the present invention's 22 relates to is described encryption device, and preferred described initialization package plug-in unit inserted described initialization package before the packet of next-door neighbour's preservation reference map picture frame.
The encryption device that the present invention's 23 relates to is described encryption device, and preferred described reference map picture frame is I image or IDR image.
The encryption device that the present invention's 24 relates to is described encryption device, and preferred described initialization package plug-in unit inserted described initialization package before the packet of next-door neighbour's preservation speech frame.
The encryption device that the present invention's 25 relates to is described encryption device, and is preferred, and described initialization package plug-in unit inserted described initialization package before the packet of next-door neighbour's preservation ADTS head.
The encryption device that the present invention's 26 relates to is described encryption device, and preferred described initialization package plug-in unit in the packet string of save data broadcasted content data, by the data unit of each repeated broadcast, inserts described initialization package.
The content data generation method that the present invention's 27 relates to, following content data generation method preferably: use the initial value of preserving in initialization package, to the initialization of data stream cipher algorithm, the data stream contents data are carried out traffic encryption, in the packet string of save data stream content-data, by the processing unit of each data stream contents data, insert the initialization package of having preserved the initial value that uses in the initialization of traffic encryption algorithm.
The content data generation method that the present invention's 28 relates to is described content data generation method, and is preferred, inserts described initialization package preserved the packet of reference map picture frame the next-door neighbour before.
The content data generation method that the present invention's 29 relates to is described content data generation method, and preferred, described reference map picture frame is I image or IDR image.
The content data generation method that the present invention's 30 relates to is described content data generation method, and is preferred, inserts described initialization package preserved the packet of speech frame the next-door neighbour before.
The content data generation method that the present invention's 31 relates to is described content data generation method, and is preferred, inserts described initialization package preserved the packet of ADTS head the next-door neighbour before.
The content data generation method that the present invention's 32 relates to is described content data generation method, and is preferred, in the packet string of having preserved the data broadcast content data, by the data unit of each repeated broadcast, inserts described initialization package.
According to above-mentioned each side of the present invention, can to data stream encryption mode, strengthen for transmitting the wrong patience that waits the loss of the transmission data that cause.
In addition, in order to solve above-mentioned problem, the inventive example is as also having following each side.
The encryption device that the present invention's 33 relates to is described encryption device, and preferred, described ciphering unit for the content that is made of a plurality of resources, is encrypted with each encryption key described each resource to cryptographic object; Described encrypted packets generation unit, the packet of enciphered data or the non-encrypted data of described each resource is preserved respectively in generation; Described transmitting element sends the described packet that described encrypted packets generation unit generates.
The encryption device that the present invention's 34 relates to, it is described encryption device, preferably also have the initialization package generation unit, and this initialization package generation unit generates the initialization package of the initial value that uses in the initialization of save data stream cipher algorithm with the initialization interval of traffic encryption algorithm; Described ciphering unit uses the initial value of preserving in described initialization package, and the data stream cipher algorithm is carried out initialization, carries out traffic encryption.
The encryption device that the present invention's 35 relates to is described encryption device, and is preferred, and described initialization package generation unit uses the initialization interval corresponding with the medium kind of encrypted data.
The encryption device that the present invention's 36 relates to is described encryption device, and is preferred, and a plurality of described ciphering units are set; Described initialization package generation unit is saved in each initial value of described ciphering unit in initialization package.
The encryption device that the present invention's 37 relates to is described encryption device, and preferred, described initialization package and described encrypted packet are all transmission package, and its kind is different.
The present invention's 38 is a kind of broadcast systems, and it utilizes broadcast wave that content is provided, and is preferred, comprise: add compact part, with each encryption key, each content that is made of a plurality of resources is encrypted, generates the packet of enciphered data or the non-encrypted data of preserving respectively described each resource, and send; The licence distribution unit sends the licence that is used for described enciphered data is decrypted by communication line; Decryption part receives described packet, and the packet with described enciphered data is distributed by the resource difference of cryptographic object, uses the described licence that receives by described communication line, and described enciphered data is decrypted; Described licence have license identifier that this licence of expression becomes effective broadcasting area and with the combination of each corresponding decruption key of the described resource of cryptographic object; Described decryption part is decrypted the described enciphered data in the described packet that distributes by the described resource difference of cryptographic object with each the described decruption key in the described licence that receives.
Description of drawings
Fig. 1 means the block diagram of the formation of the broadcast system that one embodiment of the present invention relates to.
Fig. 2 means the block diagram of the formation of encryption device shown in Figure 1 100.
Fig. 3 means the figure of the configuration example of the transmission package (TS packet) that one embodiment of the present invention relates to.
Fig. 4 means the figure of the configuration example of the licence 200 that license issuing device shown in Figure 12 provides.
Fig. 5 means the block diagram of the formation of decryption device shown in Figure 1 300.
Fig. 6 means the figure of configuration example of the display frame 30 of terminal installation shown in Figure 13.
Fig. 7 is the data configuration figure for the broadcast singal of the configuration example of the identifier of the combination of the explanation ciphering process that relates to of one embodiment of the present invention and decrypting process.
Fig. 8 is the data configuration figure for the descriptor example of the configuration example of the identifier of the combination of the explanation ciphering process that relates to of one embodiment of the present invention and decrypting process.
Fig. 9 means the block diagram of the formation of the decryption device that other execution modes of the present invention relate to.
Figure 10 means the block diagram of formation of the encryption device 1100 of the traffic encryption mode that embodiment of the present invention 2 relates to.
Figure 11 means the figure of the configuration example of the initialization package (IV packet) that relates to execution mode.
Figure 12 means the block diagram of formation of the decryption device 1200 of the traffic encryption mode that embodiment of the present invention 2 relates to.
Figure 13 means the block diagram of formation of the decryption device 1220 of the traffic encryption mode that embodiment of the present invention 3 relates to.
Figure 14 means the block diagram of formation of the decryption device 1240 of the traffic encryption mode that embodiment of the present invention 4 relates to.
Figure 15 means the block diagram of formation of the encryption device 1120 of the traffic encryption mode that embodiment of the present invention 5 relates to.
Figure 16 is for the key diagram that the IV packet insert action that embodiment of the present invention 5 relates to is described.
Figure 17 is for the key diagram that the IV packet insert action that embodiment of the present invention 5 relates to is described.
The explanation of symbol:
1-broadcasting station; 2-license issuing device; 3-terminal installation; 4-communication network; 30-display frame; 31-image frame; 32-data broadcast picture; 100-encryption device; 110-add compact part; 111-ciphering process; 120-packet generating unit; 130-sending part; 200-licence; 300-decryption device; 310-broadcast reception section; 320-allocation of packets section; 330-decryption part; 331-decrypting process; 340-licence acceptance division; 350-licence maintaining part; 360-license management section; 370-licence is obtained control part; 600-accumulation section; 1100-encryption device; 1120-encryption device; A 1101-transformation component; 1102-IV packet insertion section; 1103-add compact part; 1104-sending part; 1121-data analysis section; 1200-decryption device; 1220-decryption device; 1240-decryption device; 1201-acceptance division; 1202-allocation of packets section; 1203-IV packet reads in section; 1204-decryption part; 1221-counting check portion; The verification of 1241-counting and decryption part; 1102a-IV packet insertion section; 1130-I image; 1140-IV packet; 1150-ADTS head; 1300-regenerating unit; 1301-image regeneration section; 1302-speech regeneration section; 1303-data broadcast display part.
Embodiment
Execution mode 1
Below, with reference to accompanying drawing, one embodiment of the present invention is described.
Fig. 1 means the block diagram of the formation of the broadcast system that one embodiment of the present invention relates to.In Fig. 1, broadcasting station 1 has encryption device 100.The content that provides with broadcast wave is provided encryption device 100.License issuing device 2 provides the licence that is used for 1 encrypted content that provides with broadcast wave from the broadcasting station is decrypted by communication line.Terminal installation 3 has decryption device 300.Decryption device 300 uses the licence that provides from license issuing device 2 to 1 encrypted content that provides with broadcast wave is decrypted from the broadcasting station.
License issuing device 2 and terminal installation 3 have communication function, are connected with communication networks 4 such as internets.Terminal installation 3 can be fixed terminal, can be also perhaps portable terminal.In the time of portable terminal, be connected with internet etc. by mobile communications network.In addition, terminal installation 3 has the receiving function of broadcast wave.
Fig. 2 means the block diagram of the formation of encryption device shown in Figure 1 100.In Fig. 2, content is made of a plurality of resources.As the kind of resource, such as enumerating image, voice, data etc.Resource in content can be all cryptographic object, perhaps also can have the resource that is not cryptographic object.In the example of Fig. 2, content is made of N resource _ #1~#N, and resource _ #1, #2 are cryptographic objects, thus encrypted, but resource _ #N is not cryptographic object, so do not encrypt.If enumerate concrete example, for the content that is consisted of by image resource, voice resource and data resource, can consider image resource, voice resource are encrypted, the data resource is not encrypted.
Encryption device 100 shown in Figure 2 has the compact part of adding 110, packet generating unit 120 and sending part 130.Add compact part 110 and can have a plurality of ciphering process 111.Each ciphering process 111 use encryption key separately is encrypted the resource of cryptographic object respectively.In the example of Fig. 2, with encryption key _ #1, #2, resource _ #1, the #2 of cryptographic object are encrypted respectively in each ciphering process 111.The enciphered data of each resource is input to packet generating unit 120.In addition, the resource _ #N (non-encrypted data) of non-encrypted object is remained untouched be input to packet generating unit 120.
Packet generating unit 120 generates preserves respectively the enciphered data of each resource or the transmission package of non-encrypted data (TS packet).The configuration example of expression TS packet in Fig. 3.The TS packet of Fig. 3 is according to ISO/IEC13818-1 (MPEG-2 system standard).In Fig. 3, in the data_byte field, when being the cryptographic object resource, storing encrypt data when being non-cryptographic object resource, is preserved non-encrypted data.In addition, the value " 01 " of the value transport_scrambling_control field of the preservation of the transport_scrambling_control field in head expression cryptographic object resource or non-encrypted object resource, " 10 " and " 11 " expression are the cryptographic object resources.The value of transport_scrambling_comtrol field " 00 " expression is non-cryptographic object resource.
In addition, when being the cryptographic object resource, the ciphering process 111 that this resource is encrypted in the value of transport_scrambling_control field " 01 ", " 10 " and " 11 " identification.Therefore, according to value " 01 ", " 10 " and " 11 " of transport_scrambling_control field, can identify 3 ciphering process 111.Here, the decrypting process of ciphering process and decryption device side is paired, but utilizes the value " 01 " of transport_scrambling_control field, the decrypting process that " 10 " and " 11 " specify the decryption device side.In addition, in the situation that use the transport_scrambling_control field, the combination of ciphering process and decrypting process can have 3, but the back is described for the extended method corresponding with the combination of greater number.
Sending part 130 sends the TS packet string that receives from packet generating unit 120.
Fig. 4 means the figure of the configuration example of the licence 200 that license issuing device shown in Figure 12 provides.In Fig. 4, licence 200 is constituted by license identifier (licence ID) and decruption key.Licence ID represents that this licence becomes effective broadcasting area.As broadcasting area, such as by regulations such as airtime, broadcasting channel, content, resources.If enumerate concrete example, just one or more specific resources of the specific content of the specific broadcasting channel of specific airtime or specific broadcasting channel or specific content etc. are considered as broadcasting area.
In licence 200, will be corresponding with each of the decruption key of licence ID combination and cryptographic object resource and arrange.For example in the example of Fig. 2, cryptographic object resource _ #1, #2 are encrypted by decruption key _ #1, #2 respectively.At this moment, corresponding with each of cryptographic object resource _ #1, #2, and decruption key _ #1, #2 are set.
License issuing device 2 has the memory cell of store licenses 200.For example licence 200 data base systems are stored.In addition, license issuing device 2 has the transmitting element that sends the licence 200 in this memory cell.This transmitting element sends licence 200 by 4 pairs of terminal installations of communication network 3.
In addition, license issuing device 2 can be realized by the hardware of special use, perhaps is made of computer systems such as server computers, is used to realize the program of each function of license issuing device 2 by execution, carries out its function.
Fig. 5 means the block diagram of the formation of decryption device shown in Figure 1 300.In Fig. 5, broadcast reception section 310 use broadcast waves receive the TS packets.At this moment, broadcast reception section 310 carries out being operated by the user reception of the broadcasting channel of appointment.
Allocation of packets section 320 distributes the TS packet with enciphered data according to the TS packet of this reception by the resource difference of cryptographic object.For example, in the situation that be the TS packet of Fig. 3, the value of transport_scrambling_control field is that the TS packet of " 01 ", " 10 " and " 11 " is preserved the enciphered data that the resource of cryptographic object is encrypted, but according to value " 01 ", " 10 " and " 11 " of transport_scrambling_control field, specify the decrypting process that this enciphered data is decrypted.
Decryption part 330 can have a plurality of decrypting processes 331.For each decrypting process 331, the identifier with its each difference is set.In each decrypting process 331, according to this identifier, the enciphered data of the cryptographic object resource that input is distributed by allocation of packets section 320.Each decrypting process 331 use are decrypted enciphered data respectively from each decruption key that license management section 360 provides.Each data decryption is regenerated on terminal installation 3.In addition, the regeneration on terminal installation 3 of remaining untouched of non-encrypted data in the TS packet of non-encrypted object resource will be kept at.
Licence acceptance division 340 receives licence 200 by communication network 4 from license issuing device 2.The user obtains with for example license server on the internet becomes the signing of effective licence 200 in desirable broadcasting area, thus, can receive this licence 200 with this terminal installation 3.In addition, licence 200 be paid, free can.
Licence maintaining part 350 store licenses 200.Accordingly, can receive in advance a plurality of licences 200, and storage, so when omitting each audiovisual, obtain the trouble of licence 200.
License management section 360 controls the decryption acts of decryption part 330 according to licence 200.License management section 360 determines that according to the licence ID in licence 200 this licence 200 becomes effective broadcasting area.For example, by identifying information and the licence ID that comprises in the broadcast singal of comparing non-encrypted object, can judge becomes effective broadcasting area.
In addition, according to the machine form of terminal installation 3, for the decrypting process 331 of decryption device 300, need not arrange corresponding with licence 200 all, can only have the decrypting process 331 corresponding with available service.
License management section 360 reads the effective licence 200 of broadcasting area receiving from licence maintaining part 350, and the decruption key in this licence 200 is offered respectively corresponding decrypting process 331.Accordingly, automatically the enciphered data of the deciphering object resource that comprises in this broadcasting area is decrypted.
Licence is obtained control part 370 and is obtained licence 200 by communication network 4.For example licence is obtained the license server on control part 370 access the Internet, obtains the signing of licence 200.In addition, also the license server function can be set in license issuing device 2.Being received by licence acceptance division 340 can be by the signing licence 200 of obtaining of this licence.About obtaining of licence 200, below enumerate 2 examples (situation 1,2), describe.
(situation 1)
License management section 360 is not in the situation that have in licence maintaining part 350 licence to be obtained control part 370 indications obtain the effective licence 200 of this broadcasting area for the effective licence 200 of broadcasting area in receiving.Licence is obtained control part 370 and is obtained indication according to this, and trial obtains for the effective licence 200 of broadcasting area in receiving.Accordingly, can automatically obtain licence 200.
(situation 2)
Be arranged on to express in the display frame of terminal installation 3 with broadcast wave and receiving or the display unit of the predetermined content that receives.For example, in the situation that content has image resource and data resource, in the display frame 30 of the illustrative terminal installation 3 of Fig. 6, show image resource on image frame 31 shows data resource on data broadcast picture 32.At this moment, for example the bottom in image frame 31 shows that expression is receiving with broadcast wave or the mark of the predetermined content that receives, and can express corresponding content.In addition, can be according to the content information in the broadcast singal of non-encrypted object, such as program related information multiplexed in broadcast wave or the identifier of content etc. known the content that is receiving or be scheduled to receive with broadcast wave.
In addition, licence 200 corresponding to the content that also can express in the display frame of expressing in display frame with terminal installation 3 of display unit has or not.For example, the bottom in the image frame 31 of Fig. 6 shows the mark that has or not of expression licence 200, thus, can express having or not of corresponding licence 200.Can by in search licence maintaining part 350, judge having or not of licence 200.
In addition, be provided for specifying in the designating unit of the content of expressing in the display frame of terminal installation 3.
For example, be chosen in the operation keys of terminal installation 3 mark that shows in display frame, can specify thus corresponding content.
Licence is obtained control part 370 and is attempted obtaining of the licence 200 corresponding with the content of this appointment.Accordingly, the user can obtain licence 200 when thinking audiovisual, the desirable content of audiovisual.
As mentioned above, according to present embodiment, in the situation that the content that is made of a plurality of resources (image, voice, data etc.) is provided with broadcast wave, encryption or non-encrypted can be set take resource as unit in the broadcasting station.Accordingly, can provide selectable service take resource as unit, can provide various method of service to the user.
In addition, can set neatly the formation of the decruption key that comprises in licence, so can realize various audiovisual form of content.For example in the movie contents that is consisted of by 1 image resource, 2 voice resources (for example japanese voice and English Phonetics), setting comprises the licence of each decruption key corresponding with image resource and a side's voice resource (for example japanese voice) and comprises licence with each decruption key corresponding to image resource and the opposing party's voice resource (for example English Phonetics), thereby the licence of various patterns is set for a content, thus, can provide various audiovisual form to the user.
In addition, the encryption device 100 that present embodiment relates to and decryption device 300 can be realized by the hardware of special use, perhaps by formations such as memory and CPU (central calculation processing apparatus), carry out the program of the function that is used for each device of realization with CPU, thereby realize this function.
Below, the method for number of the combination (below be called " process group ") of expansion ciphering process and decrypting process is described.
In the method for value identifying group with the transport_scrambling_control field in the head of above-mentioned TS packet shown in Figure 3, can be set to 3 to the process group.And, as the method for the number of expansion process group, for example enumerate the method for the data of utilizing PMT shown in Figure 7 and composition (component) descriptor shown in Figure 8.Each data configuration of Fig. 7 and Fig. 8 is by standard specification " STD-B10 " regulation of ARIB (Association of Radio Industries andBusiness).
Can preserve composition descriptor shown in Figure 8 in descriptor region 2_500 in the data of PMT shown in Figure 7.And, in this composition descriptor undefined regional 510 in preserve identifier.This zone 510 has 4, so can 16 identifiers be set maximum, if 1 means unencrypted identifier, can identify 15 process groups with 15 remaining identifier maximums.
In addition, the composition descriptor is the descriptor that has existed, but also can define new descriptor and use.At this moment, the identifier of number arbitrarily can be set, can further expand the number of process group.
Above, with reference to accompanying drawing, describe embodiments of the present invention 1 in detail, but concrete formation is not limited to present embodiment, also comprises the design alteration of the scope that does not break away from aim of the present invention etc.
For example, also can the accumulative element that accumulate the content that receives with broadcast wave be set at decryption device.Fig. 9 represents the configuration example of this decryption device.In Fig. 9, in decryption device shown in Figure 5 300, also be provided with accumulation section 600.In Fig. 9, accumulation section 600 stores and accumulates the TS packet that is received by broadcast reception section 310.The TS packet is read from accumulation section 600 by allocation of packets section 320, and is different and distribute by the resource of cryptographic object the TS packet with enciphered data.Accordingly, in real time during the content of audiovisual broadcast, can accumulate the content that has received the user, be decrypted and regenerate in time arbitrarily, carry out audiovisual.
In addition, in the decryption device of Fig. 9, also can, display unit and the designating unit of above-mentioned situation 2 are set, obtain the licence corresponding with the content of user's appointment 200.At this moment, display unit express in the display frame of terminal installation 3 receiving with broadcast wave or predetermined receive interior perhaps in accumulation section 600 content of accumulation get final product.
In addition, the present invention can use in various broadcast systems.For example, can use in the digit broadcasting system of portable terminal.Accordingly, when providing with digital broadcasting the content that is consisted of by a plurality of resources, can provide the various method of service corresponding with the feature of portable terminal to the user.
In addition, as the cipher mode of present embodiment, can be the traffic encryption mode, can be also perhaps the encryption of blocks of data mode.
[execution mode 2]
Figure 10 means the block diagram of formation of encryption device 1100 of the traffic encryption mode of embodiment of the present invention 2.
In Figure 10, a transformation component 1101 carries out a conversion of transmission package (TS packet).The TS packet is according to ISO/IEC13818-1 (MPEG-2 system standard).Transformation component 1101 is rewritten the value of the transport_scrambling_control field in the head of TS packets.The value of transport_scrambling_control field " 01 ", " 10 " and " 11 " expression are encrypted.The value of transport_scrambling_control field " 00 " expression is not encrypted.
IV packet insertion section 1102 initialization interval with the traffic encryption algorithm, generate initialization package (IV packet), and the initial value (IV) that uses in the initialization of this initialization package (IV packet) save data stream cipher algorithm.In addition, key ID is preserved in IV packet insertion section 1102 in the IV packet.Key ID has " Current " and " Next " 2 kinds.Key ID " Current " is the identifier of the key in current use.Key ID " Next " is to follow the identifier of the key that uses.The IV packet that has generated is inserted in IV packet insertion section 1102 in the TS packet string of from the beginning transformation component 1101 outputs.
Figure 11 represents the configuration example of the IV packet of present embodiment.In the present embodiment, consist of the IV packet as a kind of of TS packet.In Figure 11, it is the value " 0x889 (16 system) " of IV packet that the PID field in head is preserved expression.In addition, the value of ransport_scrambling_control field is " 00 ".Namely the IV packet is not encrypted.In addition, in this example, the adaptation_field_control field is fixed on " 01 ", and establishing adaptation_field is nothing.
In addition, in Figure 11, the data_byte field preserve IV (iv), key ID " Current " (id_current) and " Next " (id_next).In addition, can preserve a plurality of IV (iv[n]; N is the integer more than 0).In the situation that preserve a plurality of IV, form iv_tsc_flag[n] and iv[n] group.Each iv[n] in each corresponding traffic encryption process, use in the initialization of traffic encryption algorithm.
In addition, can be to each iv[n], the change initialization interval.At this moment, only as initialization iv[n constantly] be kept at the IV packet.With each iv[n] corresponding initialization interval is corresponding with each corresponding traffic encryption process respectively.For example, use the initialization interval corresponding with the medium kind of the data of encrypting.As medium kind, such as enumerating voice, image, data etc.
In addition, in the example of Figure 11, regional with the not use that " 0xff (16 system) " fills in data byte field.In addition, preserve " CyclicRedundancy Check:CRC " that error detection uses (CRC_32) in the data_byte field.In addition, at the receiver side of IV packet, in the result as CRC check, when mistake being detected, abandon this IV packet.
The traffic encryption that adds the TS packet string after compact part 1103 carries out inserting for the IV packet.What become this cryptographic object is that the value of transport_scrambling_control field is the TS packet of " 01 ", " 10 " and " 11 ".In addition, the head about the TS packet is not encrypted.In addition, for the IV packet, the value of transport_scrambling_control field is " 00 ", so be not encrypted.
In this traffic encryption is processed, found IV packet (the PID field value is " 0x889 (16 system) ") if add compact part 1103 in TS packet string, just read IV from the IV packet of this discovery.Then, use this IV that reads, the data stream cipher algorithm is carried out initialization.After namely initialization is carried out to the data stream cipher algorithm in the position of the IV packet in TS packet string, carry out the traffic encryption for the TS packet of the later cryptographic object of this IV packet.
In the initialization of this traffic encryption algorithm, from the IV packet read key ID " Current " (id_current) and " Next " (id_next), prepare the key use in traffic encryption.
In addition, add compact part 1103 and can have a plurality of traffic encryption processes [n].Each traffic encryption process [n] is used respectively corresponding IV (iv[n]), carries out the initialization of traffic encryption algorithm.In addition, each traffic encryption process [n] is according to the value of PID field, the TS packet that differentiation will be encrypted.
Add compact part 1103 the TS packet string of the TS packets that comprise the IV packet and encrypted with from IV packet insertion section 1102 orders when obtaining sending part 1104 is exported.
Sending part 1104 sends the TS packet string of obtaining from adding compact part 1103.
The decryption device of the traffic encryption mode of execution mode 2 then, is described.
Figure 12 means the block diagram of formation of decryption device 1200 of the traffic encryption mode of embodiment of the present invention 2.
In Figure 12, acceptance division 1201 receives the TS packet that sends from encryption device 1100.Acceptance division 1201 carries out correcting processing for error detection and the mistake of the TS packet that has received.
At this moment, about wrong IV packet detected by CRC check, abandon.
Allocation of packets section 1202, the TS packet about after acceptance division 1201 outputs according to the PID field value in head, distributes to each destination.Here, IV packet (the PID field value is " 0x889 (16 system) ") is read in section's 1203 outputs to the IV packet.In addition, encrypted TS packet (value of transport_scrambling_control field " 01 ", " 10 " and " 11 ") is exported to the decryption part corresponding with this field value 1204.In addition, with not encrypted other TS packets, remain untouched from decryption device 1200 outputs.
The IV packet read in section 1203 from the IV packet read IV and key ID " Current " (id_current) and " Next " (id_next).According to this key ID of reading " Current " (id_current) and " Next " (id_next) prepare the key that uses in the deciphering of data flow password.Then, this key of having prepared and IV are exported to decryption part 1204.In addition, when in the situation that preserved a plurality of IV (iv[n]) in the IV packet, each iv[n] to decryption part 1204 outputs with each corresponding data flow decrypting process [n].
Decryption part 1204 is obtained encrypted TS packet from allocation of packets section 1202, carries out the deciphering of data flow password.
In the decryption processing of this data flow password, decryption part 1204 is obtained IV and key if read in section 1203 from the IV packet, just uses this IV to carry out initialization to the data stream cipher algorithm.Then, if completed this initialization, read in from the IV packet key that section 1203 obtains with regard to using, the decryption processing of beginning data flow password.Namely the position of the IV packet in the TS packet string that receives, after the data stream cipher algorithm is carried out initialization, carry out the deciphering for the data flow password of the later encrypted TS packet of this IV packet.
The TS packet that decryption part 1204 has been deciphered to regenerating unit 1300 outputs.
In regenerating unit 1300, carry out the regeneration of decrypted TS packet.In the example of Figure 12, regenerating unit 1300 has image regeneration section 1301, speech regeneration section 1302 and data broadcast display part 1303.Arrange in decryption device 1200 with image regeneration section 1301, speech regeneration section 1302, data broadcast display part 1303 and distinguish corresponding decryption part 1204.In image regeneration section 1301, speech regeneration section 1302, data broadcast display part 1303, carry out respectively from the regeneration of the TS packet of decryption part 1204 outputs of correspondence.In addition, the formation of regenerating unit 1300 shown in Figure 12 is examples, can suitable change medium kind.
According to above-mentioned execution mode 2, by the IV packet, can make the state consistency of the traffic encryption algorithm of the state of traffic encryption algorithm of ciphering process and decrypting process.Therefore, even owing to transmitting mistake etc., encrypted TS loss of packets, the state of temporary encryption process and decrypting process both sides' traffic encryption algorithm becomes inconsistent, when the reception of next IV packet, the state of ciphering process and decrypting process both sides' traffic encryption algorithm also can be consistent, can restart normal deciphering.Accordingly, in the traffic encryption mode, can strengthen for transmitting the wrong patience that waits the loss of the transmission data that cause.
[execution mode 3]
Figure 13 means the block diagram of formation of decryption device 1220 of the traffic encryption mode of embodiment of the present invention 3.In Figure 13, to giving identical symbol with part corresponding to each of Figure 12, description thereof is omitted.In addition, encryption device is identical with execution mode 2, so description thereof is omitted.
In execution mode 3, as shown in figure 13, counting check portion 1221 is set.The part of only having this counting check portion 1221 to relate to is the variation point of comparing with the decryption device 1200 of Figure 12.The loss number of 1221 pairs of encrypted TS packets of counting check portion is counted.
Insert continuity_counter (continuity parameter) in the head of TS packet.By detecting this continuity_counter, can count the loss number of TS packet.The idle running of the deciphering that 1204 indications of 1221 pairs of decryption parts of counting check portion are corresponding with this loss number.Counting check portion 1221 is indicated respectively the counting of loss number and the idle running of deciphering to each decryption part 1204.
Decryption part 1204 is according to the idle running indication of this deciphering, the decryption processing of the data flow that dallies password.In this idle running, under the state of the enciphered data that will not decipher, carry out and the corresponding decryption processing of loss number.
Accordingly, press the quantity corresponding with the loss number of encrypted TS packet, the state of transferring data stream cipher algorithm.Its result, even lose encrypted TS packet, it is inconsistent that the state of ciphering process and decrypting process both sides' traffic encryption algorithm can not become yet, the state of ciphering process and decrypting process both sides' traffic encryption algorithm can continue to be consistent.Accordingly, in the traffic encryption mode, can strengthen for transmitting the wrong patience that waits the loss of the transmission data that cause.
In addition, counting check portion 1221 is in the situation that the loss number surpasses the count range of tally function, the indication of the idle running that is not decrypted.This is because the loss number surpasses in the situation of count range, can't carry out the idle running of correct deciphering.Counting check portion 1221 when loss that can be more than certain intervals continues, is judged as the count range that the loss number surpasses tally function for example according to time information.
In addition, same with execution mode 2 in the situation that the loss number surpasses the count range of tally function, can utilize the IV packet, make the state consistency of ciphering process and decrypting process both sides' traffic encryption algorithm.
[execution mode 4]
Figure 14 means the block diagram of formation of decryption device 1240 of the traffic encryption mode of embodiment of the present invention 4.In this Figure 14, give same-sign to the part corresponding with each one of Figure 12, description thereof is omitted.In addition, encryption device is identical with execution mode 2, and the description thereof will be omitted.
In execution mode 4, as shown in figure 14, the decryption part 1204 of Figure 12 is changed to counting verification and decryption part 1241.The part of only having this counting verification and decryption part 1241 to relate to is the variation point of comparing with the decryption device 1200 of Figure 12.In addition, be with the difference of execution mode 3, the function decentralized configuration of the counting check portion 1221 of Figure 13 to each decryption part.
The loss number of counting verification and 1241 pairs of encrypted TS packets of decryption part is counted, and carries out the idle running of the deciphering corresponding with this loss number.In this idle running, under the state of the enciphered data that will not decipher, carry out the decryption processing with the corresponding quantity of loss number.In addition, in the situation that the loss number has surpassed the count range of tally function, the indication of the idle running that is not decrypted.For example according to time information, when can the loss more than certain intervals continuing, be judged as the count range that the loss number has surpassed tally function.
Accordingly, same with execution mode 3, even lose encrypted TS packet, it is inconsistent that the state of ciphering process and decrypting process both sides' traffic encryption algorithm can not become yet, and the state of ciphering process and decrypting process both sides' traffic encryption algorithm can continue to be consistent.Accordingly, in the traffic encryption mode, can strengthen for transmitting the wrong patience that waits the loss of the transmission data that cause.
In addition, identical with execution mode 2 in the situation that the loss number has surpassed the count range of tally function, can utilize the IV packet, make the state consistency of ciphering process and decrypting process both sides' traffic encryption algorithm.
[execution mode 5]
Figure 15 means the block diagram of formation of encryption device 1120 of the traffic encryption mode of embodiment of the present invention 5.In this Figure 15, to giving identical symbol with part corresponding to each of Figure 10, the description thereof will be omitted.In addition, decryption device also can use the decryption device of above-mentioned execution mode arbitrarily, and the description thereof will be omitted.
In execution mode 5, as shown in figure 15, data analysis section 1121 is set.The part of only having this data analysis section 1121 to relate to is the variation point of comparing with the encryption device 1100 of Figure 10.Data analysis section 1121 analyzes the data stream contents data of preserving in the TS packet.Data analysis section 1121 analyzes by this, holds the processing unit of data stream contents data.The 1121 indication IV packet insertion section 1102a of data analysis section are so that its processing unit by each data stream contents data inserts the IV packet.IV packet insertion section 1102a carries out the insertion of IV packet by the moment of data analysis section 1121 indications.Accordingly, the processing unit by each data stream contents data inserts the IV packet.
Below, the kind of pressing data stream contents is different, describes the IV packet insert action of present embodiment in detail.In addition,, as the example of data stream contents, enumerate picture material, voice content and data broadcast content here.
(picture material)
In the situation that be picture material, insert the IV packet preserved the TS packet of reference map picture frame the next-door neighbour before.For example, in the Image Coding modes such as MPEG-1/2/4, generate 3 kinds of images that are called I image (Intra-Picture), P image (Predictive-Picture), B Picture (Bi-directional Predictive-Picture).Wherein, the I image is the reference map picture frame, is the frame of the benchmark when becoming image decryption.Therefore, in order to carry out normal image decryption, it is important normally transmitting the I image.Therefore, as shown in figure 16, insert IV packet 1140 preserved the TS packet of I image 1130 the next-door neighbour before.Accordingly, the encryption and decryption of I image are being carried out beginning under initialized state to the data stream cipher algorithm, so can stablize the deciphering of the enciphered data of carrying out the I image.Accordingly, can the realization of stable picture material regeneration be contributed.
In addition, in H.264 waiting the Image Coding mode, except above-mentioned 3 kinds of images, also generate the reference map picture frame that is called IDR (Instantaneous Decoder Refresh) image.At this moment, also can insert the IV packet before next-door neighbour IDR frame.
(voice content)
In the situation that be voice content, insert the IV packet preserved the TS packet of speech frame the next-door neighbour before.For example, in digital broadcasting etc., in the frame with the head that is called ADTS (Audio DataTransport Stream), transmit vocoded data.Begin speech frame from this ADTS head, so the benchmark when the ADTS head becomes the deciphering of vocoded data.Therefore, as shown in figure 17, insert IV packet 1140 preserve the TS packet of ADTS 1150 the next-door neighbour before.Accordingly, carried out the initialization of traffic encryption algorithm before next-door neighbour's speech frame, in the encryption and decryption of the data stream cipher algorithm having been carried out beginning speech frame under initialized state, so can stablize the deciphering of the enciphered data of carrying out speech frame.Accordingly, can the realization of stable voice content regeneration be contributed.
(data broadcast content)
In the situation that be data broadcast content, insert the IV packet by the data unit (loop-around data) of each repeated broadcast.Accordingly, carried out the initialization of traffic encryption algorithm before next-door neighbour's loop-around data, in the encryption and decryption of the data stream cipher algorithm having been carried out beginning loop-around data under initialized state, so can stablize the deciphering of the enciphered data of carrying out loop-around data.Accordingly, can the realization of stable data broadcast content regeneration be contributed.
Above, with reference to accompanying drawing, embodiments of the present invention are described, but concrete formation is not limited to present embodiment, also comprises the design alteration of the scope that does not break away from aim of the present invention etc.
For example, above-mentioned execution mode can used in the digit broadcasting system of portable terminal.In this case, in digital broadcasting, even due to transmission mistake of broadcast data etc., the TS loss of packets of save data stream encryption data, the state of the both sides' that broadcasting station side and portable terminal are distolateral traffic encryption algorithm becomes inconsistent, the accepting state that temporarily becomes digital broadcasting becomes unstable, utilize IV packet after this, can make the state consistency of the distolateral both sides' of broadcasting station side and portable terminal traffic encryption algorithm, and make the accepting state of digital broadcasting return to good state.Accordingly, can help towards the quality raising of the digital broadcasting of portable terminal.
In addition, the present invention can use in various broadcast systems and communication system.
Industrial utilizability
According to the present invention, in the situation that utilize broadcast wave that the content that is made of a plurality of resources is provided, can provide various method of service to the user.In addition, according to the present invention, in the traffic encryption mode, can strengthen for transmitting the wrong patience that waits the loss of the transmission data that cause.

Claims (14)

1. an encryption device, provide the content that is made of a plurality of resources with broadcast wave, comprising:
Ciphering unit is encrypted described each resource of cryptographic object with each encryption key;
The packet generation unit, the packet of enciphered data or the non-encrypted data of described each resource is preserved respectively in generation;
The initialization package generation unit generates the initialization package of the initial value that uses in the initialization of save data stream cipher algorithm with the initialization interval of traffic encryption algorithm;
The initialization package plug-in unit in the packet string that the described packet by save data stream content-data consists of, inserts described initialization package by the processing unit of each described data stream contents data; And
Transmitting element, it sends encrypted packets and the described initialization package of preserving the described data stream contents data after encrypting;
Described ciphering unit uses the initial value of preserving in described initialization package, and the data stream cipher algorithm is carried out initialization, and described data stream contents data are carried out traffic encryption.
2. license issuing device, for the content that is consisted of by a plurality of resources, require 1 described encryption device with each encryption key, described each resource of cryptographic object to be carried out under the state of encryption in right to use, be provided for by communication line the licence that the encrypt asset when utilizing broadcast wave to provide is decrypted, comprise:
Memory cell is stored described licence;
Transmitting element sends the licence in described memory cell;
Described licence is constituted by license identifier and decruption key;
Described license identifier represents that this licence becomes effective broadcasting area;
Each of described decruption key and cryptographic object resource is corresponding and be set up.
3. a decryption device, require 1 described encryption device with each encryption key, each resource of cryptographic object to be carried out utilizing broadcast wave that the content that is made of a plurality of resources is provided under the state of encryption in right to use, comprising:
Receiving element receives initialization package and encrypted packets;
The allocation of packets unit, it distributes the described encrypted packets with enciphered data according to the described packet that has received by the resource difference of cryptographic object;
The licence receiving element receives by communication line the licence that license issuing device claimed in claim 2 is issued;
Decrypting device, use the initial value of preserving in described initialization package, the data stream cipher algorithm is carried out initialization, with each described decruption key in the described licence that has received, the described enciphered data in the described packet that distributes by the resource difference of cryptographic object is decrypted.
4. decryption device according to claim 3,
The licence holding unit that also has the described licence of storage.
5. decryption device according to claim 3,
Also have the deciphering control unit, and should decipher control unit according to the described license identifier in described licence, control the deciphering that this licence becomes the described enciphered data that contains in effective broadcasting area.
6. decryption device according to claim 3,
Also have accumulative element, and this accumulative element accumulates the described content that receives with broadcast wave.
7. decryption device according to claim 3,
Also have licence and obtain the unit, and this licence is obtained the unit and obtained the effective described licence of broadcasting area in receiving by communication line.
8. decryption device according to claim 3,
Also have: display unit, express in display frame and utilize broadcast wave receiving or the predetermined described content that receives;
Designating unit specifies in the described content of expressing in described display frame;
Licence is obtained the unit, by communication line obtain with based on described licence corresponding to the described content of the appointment of described designating unit.
9. decryption device according to claim 6,
Also have: display unit, express in display frame utilize broadcast wave receiving or predetermined receive described in the described content that accumulates in perhaps described accumulative element;
Designating unit specifies in the described content of expressing in described display frame;
Licence is obtained the unit, by communication line obtain with based on described licence corresponding to the content of the appointment of described designating unit.
10. decryption device according to claim 8,
Described display unit is being expressed having or not of the described licence corresponding with the content expressed in described display frame in described display frame.
11. encryption device according to claim 1,
Described initialization package generation unit uses the initialization interval corresponding with the medium kind of encrypted data.
12. encryption device according to claim 1,
A plurality of described ciphering units are set;
Described initialization package generation unit is saved in each initial value of described ciphering unit in initialization package.
13. encryption device according to claim 1,
Described initialization package and described encrypted packets are all transmission package, and its kind is different.
14. a broadcast system possesses:
Encryption device claimed in claim 1;
License issuing device claimed in claim 2;
Decryption device claimed in claim 3.
CN2007800174980A 2006-05-16 2007-05-16 Encryption device, decryption device, license issuing device, and content data generation method Expired - Fee Related CN101444096B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP2006137002A JP5042524B2 (en) 2006-05-16 2006-05-16 ENCRYPTION DEVICE, DECRYPTION DEVICE, CONTENT DATA GENERATION METHOD
JP137004/2006 2006-05-16
JP137002/2006 2006-05-16
JP2006137004A JP5698425B2 (en) 2006-05-16 2006-05-16 Decoding device
PCT/JP2007/060060 WO2007132895A1 (en) 2006-05-16 2007-05-16 Encryption device, decryption device, license issuing device, and content data generation method

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201010529724.7A Division CN102035829B (en) 2006-05-16 2007-05-16 Encryption apparatus, decryption apparatus, licensing apparatus and content data generation method

Publications (2)

Publication Number Publication Date
CN101444096A CN101444096A (en) 2009-05-27
CN101444096B true CN101444096B (en) 2013-06-05

Family

ID=38844415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007800174980A Expired - Fee Related CN101444096B (en) 2006-05-16 2007-05-16 Encryption device, decryption device, license issuing device, and content data generation method

Country Status (2)

Country Link
JP (1) JP5042524B2 (en)
CN (1) CN101444096B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8966289B2 (en) * 2010-12-17 2015-02-24 Nxp B.V. Pairing of angle sensor and electronic control unit
US10157282B2 (en) * 2013-12-16 2018-12-18 International Business Machines Corporation Multiband encryption engine and a self testing method thereof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1237843A (en) * 1998-06-02 1999-12-08 日本电气株式会社 System, method, and medium for broadcasting service contents
US6865555B2 (en) * 2001-11-21 2005-03-08 Digeo, Inc. System and method for providing conditional access to digital content

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100610523B1 (en) * 1998-07-13 2006-08-09 소니 가부시끼 가이샤 Program distribution system, program transmission method and conditional access system
JP2003333032A (en) * 2002-05-15 2003-11-21 Oki Electric Ind Co Ltd Encryption processing method and encryption processor
JP2005318041A (en) * 2004-04-27 2005-11-10 Victor Co Of Japan Ltd Stream data transmission apparatus, stream data reception apparatus, and stream data transmission/reception system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1237843A (en) * 1998-06-02 1999-12-08 日本电气株式会社 System, method, and medium for broadcasting service contents
US6865555B2 (en) * 2001-11-21 2005-03-08 Digeo, Inc. System and method for providing conditional access to digital content

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JP特开平9-51520A 1997.02.18

Also Published As

Publication number Publication date
CN101444096A (en) 2009-05-27
JP2007311939A (en) 2007-11-29
JP5042524B2 (en) 2012-10-03

Similar Documents

Publication Publication Date Title
US11102553B2 (en) Systems and methods for secure playback of encrypted elementary bitstreams
CN102035829B (en) Encryption apparatus, decryption apparatus, licensing apparatus and content data generation method
US11552786B2 (en) System and method for authenticating data while minimizing bandwidth
US8165293B2 (en) Method and system providing scrambled content
KR101011521B1 (en) Fine grain rights management of streaming content
US9553725B2 (en) System and method for authenticating data
CN100425020C (en) Method for upgrading software of digital terminal system in DVB system
CN105409234A (en) Systems and methods for performing transport I/O
EP1792436A1 (en) Method of providing conditional access
CN1984312A (en) Method for operating a conditional access system for broadcast applications
KR20070098445A (en) Method and device for authorising conditional access
US20080298580A1 (en) Content delivery server and content delivery system
CN103873895A (en) DVB/IPTV dual-mode interactive business protection system
KR20090128863A (en) Method for security key distribution in broadcast service system and system therefor
CN102648625B (en) Method, device and system for implementing the grouping of broadcast services
CN101171860B (en) Security method and device for managing access to multimedia contents
CN101394297B (en) DRM service implementing method, equipment and system under broadcast environment
CN101444096B (en) Encryption device, decryption device, license issuing device, and content data generation method
US7454618B2 (en) System and methods for transmitting encrypted data with encryption key
CN101500156A (en) Information ciphering, deciphering method and apparatus and information ciphering and deciphering system
CN101651549B (en) Multimedia broadcasting system, method and system for safely playing multimedia broadcasting contents
CN101651509A (en) Terminal and method for securely playing multimedia broadcast content
CN101651508B (en) Secure broadcast method, related secure broadcast system and front end system
CN102595197B (en) Transfer system protection method and device
CN115208569B (en) Encryption and decryption method and device for dynamic key distribution

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130605

Termination date: 20180516

CF01 Termination of patent right due to non-payment of annual fee