JP2002176419A - Right protection method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To protect a copyright of contents stored in a storage medium and each right of broadcast enterprises and users. SOLUTION: In order to protect the copyright of contents that is stored in a storage medium and carried and the right of broadcast enterprises and users, a transmitter side encrypts the contents, set its key to meta data, encrypts the meta data by using a different key, and distributes the encrypted contents and the encrypted meta data as a set. A reception terminal decodes first the encrypted meta data in the encrypted contents and the encrypted meta data received by the terminal, acquires the key for the contents, and stores the key to a key table in the reception terminal where the security is secured. Then, the reception terminal again encrypts the meta data by using the key the same as that of the contents and stores the encrypted contents and the encrypted meta data to an HDD. When viewed contents are selected, the terminal reads the meta data from the HDD, acquires the key from the key table and decodes the meta data. After a view contract, the keys for the contents and the meta data are stored in a personal mobile CA(Conditional Access) module. Then, by using the contents key, the encrypted contents are decodes to allow user to view the contents.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for protecting rights in a data distribution service, and more particularly, to preventing illegal use of data in a system in which digital data distributed via a terrestrial line or a satellite line is stored and used digitally. The right protection method.

[0002]

2. Description of the Related Art In the conventional digital broadcasting, there has been a contract form in which viewing / non-viewing is contracted for each service channel or a program contract in which the program is contracted for each time within the same channel. In existing digital broadcasting, etc.,
In order to purchase the content in each content unit, the user selects, contracts, or determines the desired content after selecting the service, and communicates with the center simultaneously with the contract or determination. By confirming the purchase of each content by real-time communication between the user and the center side, and transmitting the purchase permission data to the contractor after the confirmation, the user can purchase the content. In such an interactive real-time purchase method, sales are performed in content units.

[0003] Regarding encryption, in the digital broadcasting that will begin in the future, since the number of encryption keys that can be used in a network is fixed, it is determined whether or not encryption is performed on a transmission path. In the current transmission method, the content encrypted on the center side is decrypted immediately after reception in the receiving terminal, and then recorded in a storage device or the like. As described above, the encryption of the content at the time of transmission is currently performed only by the primary encryption.

[0004]

However, in the conventional digital broadcasting, it is possible to acquire all the service information within the contract time, but it is difficult to view only the service information selected by the user or obtain only the content. It is.

[0005] In the conventional digital broadcasting service such as CS / BS, the main provision is to provide a contract in which the contract form is channel viewing possible / unavailable or program viewing / unavailability in the same channel. This is because the number of keys used for encryption in digital broadcasting is limited. However, the use of multiple keys not only complicates key management, but also encrypts the content with multiple keys, so that the information necessary to decrypt the data is always transmitted, which is more than the current transmission volume. Information must be transmitted. This is difficult and impractical in small transmission areas. Locking each content that increases daily means that the number of keys approaches infinity, which is also very difficult to manage. Further, since information necessary for real-time decoding is always transmitted, the receiving terminal needs to perform decoding at the time of reception.
nditional Access, conditional access) module). For these reasons, it is almost difficult to encrypt content using a plurality of keys at the same time of the same program in the same channel.

Further, in the conventional receiving terminal, it is impossible to perform encryption again in the receiving terminal after decryption. From this, it is impossible to decrypt the stored content existing in the receiving terminal etc. once and then encrypt it again and store it. If storing it while encrypting the transmission path, it will be treated as an encryption key at the time of storage However, there are many problems such as reliability in encrypting and storing. In addition, when receiving digital broadcasts, information that handles contracts such as viewing / non-viewing can be performed only for each receiving terminal, so if there are multiple users using receiving terminals, the center side will need to establish a contract for each of the multiple users. There are issues such as inability to recognize.

Furthermore, for example, there is a password embedding format such as a digital watermark as a copyright protection system required in the case of transferring the content to a third party, but it is not effective for all data formats. It's just content protection. At present, there is no system that protects both content and content-related information (metadata) as a system.

An object of the present invention is to solve the above problems. For example, the present invention provides encryption, personal authentication,
Protecting the rights of contents by using functions such as metadata and digital watermarking. In particular, metadata and content that store rights information etc. are encrypted on the transmission side, and processing such as re-encryption is performed on the reception side. And protects the content by storing the encrypted data in the HDD. Another object of the present invention is to store a key for encrypting content and metadata in a personal portable CA module after a viewing contract, thereby enabling rights protection even when viewing content on another PDR. And

Further, according to the present invention, metadata is created and divided using a disposable key generated in a receiving terminal, thereby enabling encryption for each content. Another object of the present invention is to provide an individual-specific service by combining a second CA module that can identify an individual.

Further, the present invention does not include the content owner information in the metadata so that the content owner can specify the content owner for the first time upon receipt of the person who has transferred the content. An object of the present invention is to realize a content service intended for transfer to a third party by filling in owner information.

[0011]

According to the present invention, a content is defined by an encrypted content and metadata which is content-related information necessary for viewing the content, and a second CA specifying an individual is defined. Use modules. As a result, it is possible to provide a service to each individual, and also to perform security protection in the delivery of contents for the purpose of transfer to a third party, and to provide a service to transfer to a third party.

Here, metadata is a general term for information other than content, and can be defined as, for example, content control information, content content information, and content-related information. Conceptually, information for controlling the content on the receiving terminal side, for example, information for making a reservation for storing the content (EPG (Electronic Program Guid)
e, electronic program guide), the content name, genre, distribution location, scheduled distribution date and time), usage restriction information (conditions for enabling viewing, age 20 and over, male,
Xx), and information such as encryption keys.

In the present invention, in order to perform encryption for each content, the encrypted content and content-related information (metadata) including information such as a viewing contract form for the content are separated. First, the content is encrypted on the transmission side, and the metadata is transmitted at the same time as the encrypted content. Upon receiving this information, the receiving terminal on the receiving side performs processing such as storage of the encrypted content, decryption of the transmission encryption in the transmission path of the metadata, and encryption with the disposable key generated in the receiving terminal as necessary. Then, all the transmission data is stored. When viewing the stored encrypted content, decrypt the metadata encrypted with the disposable key, embed information such as expiration date, viewing count restriction, copy restriction, information for decrypting the encrypted content, Using the disposable key generated in the receiving terminal again, the metadata 1 and 2 are created and divided based on the metadata. The encrypted content and the metadata 2 are stored as a set on a recording medium or the like of the receiving terminal, and the remaining metadata 1 is written on a user personal identification storage medium such as a CA module.

[0014] The encrypted content and the key of the encrypted metadata are stored in the CA module after the viewing contract. The metadata written to the user specific storage medium is a key of the user personally, and is encrypted in the CA module. When the user views the contract content, since the receiving terminal generates these pieces of information such as search / billing information, the content is reproduced in the receiving terminal based on the viewing contract information. Also, by transmitting the encrypted content from the center side, it is not necessary to encrypt a large amount of content in the receiving terminal, and only the metadata is encrypted. By decoding the information such as the metadata, information necessary for decoding can be obtained. Further, the key is different for each content, but all the keys of the content stored in the storage medium are written in a key table or the like. And the key of the viewing contracted content is CA
Stored in module. Playback of encrypted content is performed using the written key information. However, since a CA module or the like is required only during playback, it is not necessary to always install the content in the receiving terminal, just purchase the content at home. Instead, the content viewing contract can be made outside the home, such as outside. Thus, a contract outside the receiving terminal by carrying the CA module or the like becomes possible. Therefore, a user specific storage medium such as a CA module can be carried. In addition, the encrypted content stored in the receiving terminal is a copy of the encrypted content at the time of viewing by the user, similarly, the encrypted metadata is also copied, and the copied metadata is decrypted and then decrypted. To decrypt and reproduce the copied content. Thus, the encrypted content data is always stored, and the same service can be enjoyed by another CA module at any time. further,
According to the present invention, the CA module is divided into a plurality of CA modules mounted in the receiver and a plurality of portable modules.

[0015]

DESCRIPTION OF THE PREFERRED EMBODIMENTS The description will be made according to the following headings. 1. 1. Overview of rights protection Copyright protection system 3. 3. Cryptographic system Receiving terminal 5. RMP 6. 6. Information used by the receiving terminal (PDR) 7. Receiving terminal (PDR) application View content on devices other than the receiving terminal for which you have subscribed

1. Overview of Protection of Rights (Overview of Service) The comprehensive data distribution service described in the present invention distributes contents to a home using a communication line such as a satellite or a terrestrial line or a media medium such as a removable medium, and performs digital distribution in the home. It is intended to perform storage / copy reproduction as it is. Along with this, a situation may occur in which the rights and copyrights of service providers, copyright owners or users, such as illegal rewriting, reproduction, and copying beyond private use, are infringed. Therefore, it is necessary to protect and manage the rights of copyright holders, broadcasters, viewers, and the like of the content. In the present invention, description will be made assuming data distribution using digital satellite broadcasting as an example.

(Rights Protection) The copyright protection or right protection methods for contents include, for example, the following. (1) encryption to prevent unauthorized rewriting and viewing of information,
(2) Service provider or copyright owner's right to restrict user access to content, and user's personal authentication to protect content viewing right,
(3) metadata, which is a format for storing copyright information or rights information, etc., (4) digital images, videos,
An electronic watermark that embeds information in voice or the like.

FIG. 31 is an explanatory diagram of the protection method, purpose and function. Here, the outline will be described, and the details will be described later (see 2. Copyright protection system). The purpose of the encryption is to prevent unauthorized rewriting of information, unauthorized viewing of information, and the like, and encryption and the like of contents and metadata are assumed as functions thereof. The purpose of personal authentication is firstly to protect the right to restrict user access to the contents of service providers and copyright holders.
It is assumed that the user information restriction of the copyright information and the right information is compared with the personal information. Second, the purpose of personal authentication is to protect the user's content viewing right, and as a function, access to content in accordance with contract information on an individual basis is assumed. Third, there is privacy protection, and as a function thereof, it is assumed that only the person can access personal information. In addition, it is used for various purposes when relating to an individual such as when discriminating an individual. The purpose of the metadata includes the use of copyright information and right information, and the like, and its functions are assumed to be used in combination with the content and to store the copyright information and right information of the content. The purpose of the electronic watermark is to prevent unauthorized use of the content, and the function is assumed to be disabled by the application when the content is used illegally.

(System Overview) FIG. 1 shows an overall configuration diagram of a comprehensive data distribution service according to the present invention. FIG. 32 shows a supplementary explanatory diagram of the overall system configuration. The overall system is broadly divided into a transmitting side 1 for producing and distributing contents, and a receiving side 2 including a receiving terminal and the like.

The transmitting side 1 includes a transmitting center, a key management center,
It has a land line management center, customer management center, distribution management center, etc. The main features of the transmitting side 1 include production and distribution of contents and related information, encryption of contents in consideration of copyrights and rights, key management, and collection and management of information such as viewing history.

The receiving side 2 includes a receiving terminal, a KIOSK terminal, a store, a mobile unit, a mobile phone, and the like as extensions. The main features of the receiving terminal include the provision of a large-capacity storage medium for storing content and related information, the combination of encrypted content and related information and the re-encryption of related information, and the authentication and charging of individual units. Possible. The KIOSK terminal is a terminal for information guidance and services set in a store, a convenience store, a public facility, and the like. The main features are divided into the actions of the sender to the receiver and the actions of the receiver to the sender. And distribution of related information, and distribution of encrypted content, a key of related information, or key information. Further, as a feature of the action from the receiving side to the transmitting side, transmission of billing processing information and transmission of personal information such as a viewing history and a request using a ground line are given.

The transmission path 3 includes a satellite, a terrestrial line, a distribution network, and a mobile phone network as an extension. The main features of the terrestrial line are shown separately for the actions from the sender to the receiver and from the receiver to the sender. The features of the action from the transmitting side to the receiving side include distribution of content and related information, distribution of encrypted content and a key of related information or key information, and the like. As a feature of the action from the receiving side to the transmitting side, transmission of billing processing information using a terrestrial line and transmission of personal information such as a viewing history and a request using the terrestrial line are given.

(Processing in Overall System) A basic encryption system of the overall system in the comprehensive data distribution service shown in the present invention will be described below. First, content and metadata are created and edited in the editing system of the service provider on the sending side, and the content and metadata are transmitted to the key management center using a dedicated line or the like.
The key management center applies encryption (copyright protection encryption) to the content to protect the copyright, manages the key, and transmits the encrypted content and, if necessary, the key to the service provider. I do. The key of the encrypted content may be transmitted to the receiving terminal using a ground line, a satellite line, or the like. The same processing is performed on the metadata. Content and metadata encryption may be performed by the service provider. After that, encryption (conditional reception encryption) is applied to, for example, MPEG-2 TS, which is a transmission form of the content and the metadata, and distributed. The distributed data is received by the receiving terminal on the receiving side, and the receiving terminal decrypts the conditional access code. After that, the content and the metadata are protected by the copyright protection encryption while the large-capacity storage medium (for example, H
DD (described as DD), and decrypted at the time of viewing.

(Viewing) Regarding viewing of contents and the like,
For example, there are real-time viewing and storage-type viewing. Real-time viewing refers to viewing content distributed from a service provider in real time. As a real-time viewing service, an existing broadcasting service for real-time viewing only assuming a receiving terminal without a large-capacity storage medium, and a storage service and server for a real-time service assuming a receiving terminal with a large-capacity storage medium Type broadcasting is assumed. The encryption method of the existing broadcast uses only the conditional access encryption, and the encryption method of the server broadcast uses the conditional access encryption and the copyright protection encryption. What is storage-based viewing?
Refers to viewing content delivered from a service provider after storing it in a large-capacity storage medium.

The following is a description of an encryption format for storing an existing broadcast and a server broadcast. Existing broadcasts are stored with conditional access encryption at the time of transmission, and are stored and decoded by a conditional access descrambler at the time of reproduction. However, some services (personal contracts and the like) may be limited because only the encryption method is used for transmission. In the server type broadcasting, after the conditional access encryption at the time of transmission is decrypted, it is stored in the state of only the copyright protection encryption, and at the time of reproduction, it is decrypted by the copyright protection encryption descrambler.

(Real-time, stored / viewing comparison) FIG.
This shows a comparison between real-time viewing and server-based viewing. This figure shows the processing procedure in the receiving terminal for real-time viewing and stored viewing in the existing broadcast and the server broadcast. This system includes a function including a conditional access encryption descrambler 101, a copyright protection encryption descrambler 103, and a decoder 104 in addition to the receiving unit 100 and the HDD 102, and an RMP (Rights Management & Protection) 105.
, And indicates the copyright and right protection processing function of the content.

In the encryption processing procedure for real-time viewing of existing broadcasting (see the dotted line), the content received by the receiver (PDR) passes through the receiving unit 100, is decrypted by the conditional access encryption descrambler 101, and then is decoded. It becomes possible to view through 104. In the encryption processing procedure for storing and viewing an existing broadcast (see the broken line), the content received by the receiving terminal passes through the receiving unit 100 and is stored in the HDD 102 without passing through the limited reception encryption descrambler 101. At the time of viewing, it is read from the HDD 102, decrypted by the conditional access encryption descrambler 101, and can be viewed through the decoder 104. In real-time viewing of server-type broadcasting (see the solid line), the content received by the PDR is transmitted to the receiving unit 1
00, and is decrypted by the conditional access encryption descrambler 101. Then, the copyright protection cryptographic descrambler 103
, And can be viewed through the decoder 104. In server-based broadcast storage viewing (see 2-point line),
The content received by the PDR passes through the receiving unit 100, and is decrypted by the conditional access
D102. Then, at the time of viewing
2 and a copyright-protected cryptographic descrambler 10
After being decoded at 3, the video is viewed through the decoder 104.

(Storage) Various types of storage in the HDD will be described below. (1) Storage by User Preference One of the features of the comprehensive data distribution service shown in the present invention is to have a storage agent function for efficiently managing a limited storage medium. The storage agent function in the present service is to automatically store, in the HDD, content that matches the user's preference from the distributed content. As long as the capacity of the HDD permits, it is possible to store all contents to be distributed.

Users subscribed to this channel are:
The contents of all the channels can be received by the receiving terminal. The received content is automatically selected based on the user's preference and stored in the HDD. The user performs a keyword search, a genre search, and the like from the content in the HDD, selects the content desired to be viewed, and views the content. This system is designed to charge only for the content selected by the user from the content automatically selected and stored.

FIG. 33 is an explanatory diagram of information necessary for the receiving terminal to judge taste. Processing forms include active processing and autonomous processing of the receiving terminal. In the active processing, the user inputs information (genre, keyword, occupation, hobby, etc.) to the receiving terminal (there is an intention of the user).
On the other hand, in the autonomous processing, user information (viewing history, search history, personal information, etc.) is used (without intention of the user).

(2) Storage by EPG EPG (Electronic Program Guide) is an electronic program guide. The EPG uses the SI information transmitted by the broadcasting station to configure program information on the receiver side and use it as a means for selecting a program. SI (Service Information) is program arrangement information. SI is various information defined for the convenience of program selection. SI is also defined by the Ordinance of the Ministry of Posts and Telecommunications, and its contents are specified as ARIB standards. further,
SI is the PSI of MPEG-2 in addition to the ARIB standard-specific extensions.
Information is also included. It is mainly used for program guide display, program search, and program reservation. After performing operations such as displaying a program guide and searching for a program, it is conceivable to reserve a program (record to the HDD). As information to be displayed by the EPG, information such as a program title, a program subtitle, a broadcast time, a broadcast business name, pay / free, parental status, digital copy availability, and the like are considered to be displayed. SI and metadata are assumed as information sources for creating EPG.

(3) Forced accumulation This is a function of forcibly accumulating contents such as emergency broadcasts and announcements from the transmission side instead of accumulation at the request of the viewer. If the receiving terminal is in a content receivable state (power supply, antenna, etc.), it is a function for storing contents without permission of the viewer in an emergency, such as forced writing and a communication between the viewer and the service provider in advance. The service provider can negotiate the available capacity in the storage medium, and if the capacity is within the range, the service provider can periodically store the content without the permission of the viewer. Under such circumstances, it is conceivable to specify a storage time of the content for the receiving terminal, and to perform time zone designation writing or the like, which is a function for the receiving terminal to store the content based on the specified time.

2. Copyright protection method Each protection method by encryption, personal authentication, and metadata shown in FIG. 31 will be described in detail below. (Encryption, RMP) Processing such as viewing control, storage control, copy control, etc. is necessary to avoid the act of illegally rewriting, reproducing, copying, etc. data beyond personal use, and infringing copyright. Becomes These functions for copyright and rights protection processing of contents are provided by RMP (Rights Manag
ement & Protection). Each item of metadata relating to RMP, which includes encryption for protecting contents from unauthorized rewriting and viewing, personal authentication for controlling access to individual content, and copyright and rights information is described below. .

First, the content encryption method will be described. In order to avoid illegal viewing, copying and rewriting of content, content encryption is essential. The integrated data distribution service described in the present invention is assumed to be a service stored in the HDD in the receiving terminal.
It is necessary to consider the protection of the content in the DD, and it is necessary to encrypt the content. The encryption systems used in this comprehensive data distribution service are a copyright protection encryption system and a conditional access system. The copyright protection encryption method is an encryption method unique to the present comprehensive data distribution service, and encrypts the content itself. The conditional access system is a conditional access system in BS digital broadcasting, and the encryption system uses Multi2 as an example.

The features of the copyright protection encryption system are as follows.
The copyright protection encryption method encrypts the content data itself at the completion of the production of the content, not after assembling the data for distribution, and enables encryption without discrimination of the file format. The encryption unit is a content unit, and the minimum encryption unit is a resource and a stream. Then, it is possible to use a different key for each encryption unit.

Next, the metadata encryption method will be described. In the comprehensive data distribution service described in the present invention, metadata is distributed as a set together with content. In the metadata, in addition to the search information of the content, information necessary for copyright and rights protection is described. Therefore, in order to protect the copyright and the right of the content, it is necessary to encrypt the metadata as well as the content. In this case, it is not always necessary to encrypt all of the metadata. Some systems perform encryption only on information that requires protection (copyright and rights information), and do not perform encryption on information that does not require protection. Conceivable.

(Personal Authentication) As a means for personal authentication, CA
Modules and personal profiles are possible. The CA module is for personal use, and carried by each individual, so that it can be used as an authentication means for the user and the CA module. By setting a personal profile in the PDR, the CA module and the PDR can be authenticated.

First, the CA module will be described.
A CA module is used as means for realizing personal authentication. The conventional (BS / CS digital broadcast) CA module is one for the receiving terminal and fixed. And
Viewing contracts and billing contracts are made by family and group.
For one CA module, a viewing contract and a billing process are performed for each receiving terminal. Therefore, in the integrated data distribution service described in the present invention, two types of CA modules (CAS card and RMP card) are prepared, personal authentication is performed, and a viewing contract and a billing process are performed for each individual. As a specific realization means, the CAS card includes:
A function related to content reception, which is the same function as the conventional CA module, is provided, and an RMP card is provided with functions related to access to stored contents, viewing contracts, billing processing, and the like.

Further, the RMP card is made portable so that it can be carried on an individual basis. From this,
A viewing contract, a billing process, and the like for each individual can be performed. As the CA module, an IC card, smart media, or the like can be considered. Hereinafter, the CA module will be described as an IC card as an example. By adding an additional function such as a credit function to the CA module, it can be extended to new services such as e-commerce.

FIG. 34 is an explanatory diagram of the features of the CAS card and the RMP card. The CAS card is always installed in the receiving terminal, and one card is usually used for each receiving terminal. Therefore, the viewing right unit and the charging unit are family or group units. The purpose of use is the conditional access system, and the billing object is a service or event. Therefore, the viewing contract method is a prior contract. On the other hand, RMP cards are portable, are distributed on an individual basis, and can be carried by individuals. Therefore, the viewing right unit and the charging unit are individual units. However, when a contract is made in advance for each group, the group unit is the viewing right unit and the charging unit. The purpose of use is the use in the entire RMP, and the billable object is content. The viewing contract method at that time uses a method that enables viewing by making a viewing contract.

Next, the personal profile will be described. The receiving terminal is used by a plurality of users. At the receiving terminal, a viewing contract, a billing process, and the like are performed on an individual basis, so that each time the receiving terminal is used, it is necessary to change the usage environment for the user. An area in which information for setting the environment is obtained from the RMP card and stored while using the PDR is called a personal profile. The main processes based on the personal use environment include the determination of the pre-contract channel, the determination of whether the content is viewable by the user (such as age, gender, etc.), the viewing contract process, the billing process, the viewing process, etc. Can be Information used for these processes is obtained from either the RMP card or the personal profile.

When the RMP card is inserted, a personal profile starts up, and information necessary for generating the personal profile is obtained from the RMP card. Based on the information of the personal profile, the environment in the receiving terminal becomes the environment for the RMP card holder. If you remove the RMP card, RM
Information obtained from the P card is deleted from the personal profile. When the user who is not the owner of the receiving terminal uses the receiving terminal, the guest profile, which is a profile for the guest user, starts up and obtains necessary information from the RMP card in the same manner as the personal profile,
Write to guest profile. When the RMP card is removed, the information written in the guest profile is deleted. The same area can be used for the personal profile and the guest profile. Therefore, it is necessary that information necessary for generating a personal profile is written in the RMP card.

(Metadata) First, the information stored in the metadata is roughly divided into rights metadata and search metadata. In the integrated data distribution service described in the present invention, the metadata includes search, billing, content key information, copyright information, and the like. The rights metadata and search metadata are shown below.

First, the rights metadata will be described.
Rights metadata is metadata in which information related to copyrights and rights is described. The information is used for copyright protection. The main items of the rights metadata are shown below.

(1) Information on encryption method This is information including the presence / absence of encryption, the encryption method used, information on a key, and the like, and is information that is partially encrypted. Information such as an encryption method and key information may be rewritten in the RMP. The main items are shown below.・ Content encryption method ・ Metadata encryption method ・ Encryption status ・ Key or key information

(2) Information on Rights Information including information on the copyright of the content, which is fixed at the time of broadcasting and all information is encrypted. The main items are shown below. -Right holder-Right type-Management destination

(3) Contract information (license information) This is information including usage conditions to be presented on the screen at the time of viewing contract, and is information that is fixed at the time of broadcasting and is all encrypted. The main items are shown below.・ Copy permission ・ Storage permission ・ Age restriction ・ Expiration date ・ Charge

(4) Billing information Billing information is information including information necessary for billing processing, and is information that is partially written and completely encrypted at the time of viewing contract. The main items are shown below. -Billing method-Billing status

(5) Personal authentication information Information used when personal authentication is required, such as at the time of viewing contract or storage, and information is written from the RMP card and profile in the RMP and partially encrypted. Information. The main items are shown below.・ User ID ・ Age ・ Gender

(6) Information on Usage Status Information necessary for protecting stored and copied contents. Information that is rewritten every time by user's use. All information is encrypted to protect from data tampering and unauthorized use. Is done. The main items are shown below.・ Cumulative usage time ・ Number of times of use ・ Viewing date and time

(7) Information Related to Storage Information required for storing content and metadata, and is partially rewritten during storage. The main items are shown below.・ Specification of storage location ・ Storage method

Next, search metadata will be described. The search metadata is metadata in which information related to the search is described. The information is used for search processing.
However, depending on the search engine, the information of the rights metadata may be used as the search information. The main items of the search metadata are shown below.

(1) Attribute information of content itself Information for distinguishing from other content and metadata, and is information fixed at the time of broadcasting. The main items are shown below.・ Content ID ・ Content name ・ Paid

(2) Program / Service Attribute Information Information representing a program / service, including information stored in a search table. This information is fixed when broadcasting.
The main items are shown below.・ Program name ・ Channel name ・ Keyword ・ Overview ・ Broadcaster code

3. Encryption System (Encryption System) The encryption system of the comprehensive data distribution service described in the present invention includes a copyright protection encryption system and a conditional access system.
FIG. 3 is an explanatory diagram of the encryption form of the content and metadata encrypted on the transmission side. First, the content,
At the end of the production of the metadata, the content is protected by a key Kk 11 using copyright protection encryption in file or stream units.
Encrypt using 0. The key is embedded in the metadata.
Encrypt using 112. Those encrypted content,
MPEG-2 TS, which is the transmission format of encrypted metadata, is used as the key Ks
Encrypt at 113.

(Key Distribution Method) First, transmission of a video stream will be described. Generally, a video stream is divided into fixed-length data. Header information is added to each block. TSP (Transport Stream Packet)
Is a set of the header and data, and indicates a format of a data packet at the time of transmission. When scrambling (encrypting) with the existing type, the data part is encrypted. ECM
(Entitlement Control Message) is information transmitted in common to the entire user, and is a transmission message of common information including program information and control information. The program information is, for example, information on a program and a key for descrambling, and the control information is, for example, a command for forcibly turning on / off a descrambling function of a decoder.
Since the ECM basically transmits a scramble key of the content, it is transmitted together with the content, and is not information limited to a specific user. Also,
An EMM (Entitlement Management Message) is a transmission message of individual information including a work key for decrypting contract information for each subscriber and common information. The EMM is basically information that is sent only to a specific user in order to send the key and the like of the business contracted by the user. Also, C
A (Conditional Access) system refers to the conditional access system, which includes services (organized channels) and events (programs).
This is a system for controlling the viewing of a program with an encryption key. less than,
The distribution method of the encrypted data and the key in the conditional access system and the copyright protection encryption system will be described.

(Conditional Receiving Method) FIG. 4 shows a method of transmitting encrypted data and a key of the BS transmission line encryption. First, TS, which is a form of transmission of events including content, metadata, etc.
The packet is encrypted with the scramble key Ks. Next, the scramble key Ks is encrypted with the work key Kw1, and a key Ks' is created. The work key Kw1 at this time is a key determined for each broadcaster, and is a key related to whether or not the service can be viewed. Finally, the work key Kw1 is encrypted with the personal key Km1 that is unique for each receiving terminal, and a key Kw1 'is created. The encrypted event data is transmitted using the BS transmission path, the key Ks 'is transmitted using the ECM, and the key Kw1' is transmitted using the EMM. The receiving terminal that has received the encrypted data decrypts the data using the private key Km1 stored in the CA module 1. First, the key Kw1 ′ transmitted by the EMM is changed to the personal key Km1.
To obtain the work key Kw1. Next, Ks ′ transmitted using the ECM is decrypted using the work key Kw1, and a scramble key Ks is obtained. Finally, the encrypted event data transmitted using the BS transmission path is decrypted using the scramble key Ks to obtain a TS packet which is an event transmission form.

(Copyright Protecting Encryption Method) FIG. 5 shows a method of transmitting content and metadata when transmitting the content key Kk using metadata. First, the content is encrypted with the content key Kk. As the content key Kk, a different key can be used for each content. However, it is also possible that some set of service providers or the like is common or all are common. The content key Kk is added to the metadata, and the metadata is added to the work key Kw
Encrypt with 2. As the work key Kw2 at this time, a different key may be used for each set of service providers or the like, or all may be common. Then, it is also possible to use the key Kw1 used in the BS transmission line encryption. Finally, work key K
w2 is a key Kmc that is unique or common to all receiving terminals.
To create a key Kw2 '. The encrypted data and the encrypted data are transmitted using the BS transmission path for the encrypted content and the encrypted metadata, and the key Kw2 'is transmitted using the EMM. The receiving terminal receiving the encrypted data decrypts the data using the key Kmc stored in the receiving terminal. First, E
The key Kw2 ′ transmitted by the MM is decrypted using the key Kmc to obtain a work key Kw2. Next, the encrypted metadata transmitted using the BS transmission path is decrypted using the work key Kw2 to obtain the metadata. Finally, the encrypted content transmitted using the BS transmission path is decrypted by using the content key Kk written in the metadata to obtain the content.

(Encryption processing procedure) The outline of the encryption processing in the present service will be described below. In order to protect the copyright and rights of the content in the storage medium and in the transport,
Encrypt the content, store the key in the metadata,
Encrypt the metadata with a different key and distribute it as encrypted content and an encrypted metadata set. For the encrypted content and the encrypted metadata received by the receiving terminal, first, the encrypted metadata is decrypted, a key Kk of the content is obtained, and the key Kk of the content is stored in a secure key table in the receiving terminal. Next, the metadata is re-encrypted with the same key as the content, and the encrypted content and the encrypted metadata are stored in the HDD. When the viewing content is selected, the metadata is read from the HDD, and the key is obtained from the key table and decrypted. Thereafter, a viewing contract is made, and the content and metadata key are stored in the personal portable CA module. By storing the key in the personal CA module, the content can be viewed on other receiving terminals. After all processes are completed, the encrypted content is decrypted using the content key, and the content can be viewed.

The encryption processing procedure in the entire system will be specifically described below using a flowchart. FIG. 6 is a flowchart showing the encryption procedure on the transmission side, FIG. 7 is a distribution procedure on the transmission side, and FIG. 8 is a flowchart showing the procedure on the reception side.

First, the encryption procedure on the transmitting side in FIG. 6 will be described. First, apply copyright protection encryption. First, the files and streams constituting the content are encrypted with the key Kk in file units or stream units (1).
20). At this time, the files within the content unit use the same key Kk. Then, the key Kk of the encrypted content is stored in the metadata (121), and the metadata is encrypted with the key Kw2 (122). Next, conditional access encryption is applied. MPEG-2 T, a transmission format for content and metadata
It is encoded into S (123), and the payload of the TS packet (TSP) is encrypted with the key Ks (124).

Next, the distribution procedure on the transmitting side in FIG. 7 will be described. The work key Kw2 is encrypted with the key Kmc in advance, and distributed using the EMM as the key Kw2 '(125). Similarly, work key K
w1 is encrypted with the private key Km1 and individually distributed in advance as a key Kw1 'using EMM (126). Then, at broadcast time, key Ks
The encrypted event is distributed (127). Then, the key Ks is encrypted with the work key Kw1 and distributed using the ECM (128).

Next, the procedure on the receiving side shown in FIG. 8 will be described. First, processing of the conditional access system is performed. Card for CAS (CA
Using the private key Km1 in the module 1), the encrypted key Kw1 is decrypted to obtain the key Kw1 (129). And
The encrypted Ks is decrypted with the key Kw1 to obtain the key Ks (13
0). The encrypted event is decrypted with the key Ks to obtain the event (131). Next, processing of the copyright protection encryption method is performed. First, the encrypted Kw2 is decrypted using the private key Kmc stored in the PDR in advance by default, and the key Kw
2 is obtained (132). Private key Kmc is RM by default
Although the key is prepared in the P card (CA module 2), it can be updated by a key management center or the like. Next, the encrypted metadata is decrypted with the key Kw2 (13
3) Obtain the key Kk (134). Then, the metadata is encrypted with the key Kk (135) and stored in the HDD (13).
6). In addition, the encrypted content is stored in the HDD as it is. The key Kk is stored in a key table in the receiver where security is secured. Thereafter, when the user selects the content desired to be viewed, the encrypted metadata is set to H.
The data is read from the DD (137) and decrypted using the key Kk stored in the key table (138). After the viewing contract, the viewing contract information is entered, and part of the metadata (viewing contract information, key Kk, etc.) is stored in the RMP card and, if necessary, in the entire profile (139). The viewing contract information is information related to viewing and contracting of the contents, such as contract content ID, contract date and time, contract conditions, and billing information. When the processing related to the viewing contract and the metadata is completed, the encrypted content is read from the HDD and decrypted using the key Kk (140).

Here, the main features of the content encryption processing are described below. First, the transmission side encrypts the contents using a key Kk and distributes the contents using a copyright protection encryption method. Secondly, the data is stored in the HDD while the copyright protection encryption, which is the same encryption scheme as that applied on the transmission side, is applied. That is,
The encrypted content remains encrypted with the key Kk. Third, when the viewing contract is over, the copyright protection encryption is decrypted using the key Kk.

The features of the metadata encryption process are described below. First, the transmission side encrypts and distributes the data with a key Kw2 which is a work key of the copyright protection encryption method. Since the key Kk of the copyright protection encryption method is written in the metadata, the metadata is encrypted using the work key of the copyright protection encryption method. Second, when received by the receiving terminal, Kw2
Is decrypted, necessary information is extracted, re-encrypted with the content key Kk, and stored in the HDD. The reason that the key Kw2 is not stored in the HDD while being encrypted with the key Kw2 is that the key Kw2 is unique to the broadcaster for a certain period of time, so that there are a plurality of metadata encrypted with the same key. The strength of the key becomes weaker against attacks, and the key Kw2 is changed periodically.Therefore, as long as the metadata exists, it is necessary to retain the past key Kw2 after the change. .

4. Receiving Terminal FIG. 9 shows a basic configuration diagram of the receiving terminal. The receiving terminal is (P
DR) 20, a receiving unit 203 that receives various data such as PSI / SI as content, metadata, and program arrangement information
A DEMUX 204 for returning data multiplexed by the MUX on the transmission side to a series of data before multiplexing, and a large-capacity storage medium (HDD or the like) 205 for storing data such as received content and metadata. And conventional information (BS / CS) that stores information necessary for performing the process related to the conditional access
Digital broadcasting) IC card or CAS card (CA module 1) 2 assuming a chip with the same function
01, an RMP card 202 (CA module 2) for storing information necessary for carrying out processing such as personal authentication and a viewing contract, which is portable with an individual, and a content copyright / right protection function. And the like.

FIG. 10 shows a functional block diagram in the PDR. In the real-time type, the existing broadcast content is received by the reception processing 210 and the conditional access method (CA
S) The code of 211 is decrypted and reproduced in real time. Next, in the case of the storage type, processing of server-type broadcast content will be described. First, the preference application 216 determines the user's preference based on information input via the user interface, viewing history information, and the like. Information input to the palatability application 216 includes, for example, viewing histories such as genres of viewing content, keywords, and the like.
In addition, the input through the user interface includes a hobby, a special skill, and the like. The taste application 216 includes:
User preference information is created from the above information. afterwards,
H that can be accessed after being authenticated from RMP 212
By looking at the EPG table, search table, and the like stored in a part of the area in the DD 213, the user selects content that meets the user's preference. The user preference information is created in a format according to the genre of content and keywords. In creating user preference information,
A word with a large number of appearances has a high priority. Further, the preference application 216 compares the genre or keyword of each EPG information stored in the EPG table with the created user preference information (performs a search),
The matching (fuzzy matching) content is regarded as the content in accordance with the user preference, and the storage reservation is made (the storage reservation is made from the content having the higher priority of the preference). In addition, HDD
The contents 214 and the metadata are inaccessible from the palatability application 216. Meanwhile, HDD
The EPG table 213 and the search table 213 can be accessed from the preference application 216. It is also possible to set a priority for the user's preference, and to preferentially select content having higher priority. As the schedule management, a reservation recording schedule of one or a plurality of contents selected by the preference application 216 or the like is set, and a content ID or metadata ID is assigned to a function of performing the reception process 210 according to the schedule. And information required for reception such as broadcast time. The timing at which the preference application 216 issues a reception request to the reception processing 210 function may be such that information of recording reservation is passed in advance of the broadcast time of the content, or the preference application makes a determination at the broadcast time of the content and issues a recording instruction. It is possible. When the preference application 216 sets a schedule, the manner of setting the schedule changes depending on the number of tuners existing in the PDR. It corresponds to the number of tuners at the same time HDD
Because the number of contents that can be stored in
For example, if there are a plurality of tuners in the PDR, a plurality of contents can be stored at the same time, and it is possible to schedule temporally overlapping contents. The reception processing 210 function performs storage processing of contents and metadata based on the schedule information passed from the preference application 216. First, the RMP 212 obtains the metadata for which the storage instruction is issued according to the schedule, and then determines whether or not the storage can be performed based on information necessary at the time of storage, such as rights information, by decrypting the encrypted metadata. When it is determined that storage is possible, the content of the set is read into the RMP 212 based on the metadata information, and after the metadata is re-encrypted, the content and the metadata are stored in the HDD 214. Thereafter, when the user selects the viewing content, the metadata is first read into the RMP 215, where the viewing contract process, the billing process, and the like are performed. Thereafter, the content is read into the RMP 215 and decrypted by the RMP 215, and then the content is reproduced.

5. RMP (Encryption Process in RMP) FIG. 11 is a diagram showing the configuration of the encryption process in the RMP. As the encryption system in this comprehensive data distribution service, a conditional access system and a copyright protection encryption system are assumed. As an example, an encryption method using a conditional access encryption and a copyright protection encryption and an encryption method using only a copyright protection encryption will be described. When the conditional access encryption and the copyright protection encryption are applied, the content passes through the receiving unit, is decrypted by the conditional access encryption descrambler 250, and is stored in the HDD 251. When the user determines the content to be viewed, the content is decrypted by the copyright protection descrambler 252 and then reproduced by the decoder to allow viewing. In the case of only the copyright protection encryption, the content passes through the receiving unit and is stored in the HDD 251.
Then, when the user decides the viewing content, the content is decrypted by the copyright protection encryption descrambler 252, and then reproduced by the decoder to allow viewing.

(Functions of RMP) Each function in the RMP is shown below. RMP controller, reception control, accumulation control,
Copy control, viewing control, charging control, encryption, decryption, personal authentication control, time management, viewing history control, external device authentication,
Functions such as communication control, search control, Plug-in application authentication control, metadata control, profile control, IC card control, and key control are possible.

FIG. 12 shows a functional configuration diagram in the RMP.
Hereinafter, each function will be described. The RMP controller is a function that controls and manages processing performed inside the RMP. Its main functions are I / F function (decoder, application, control manager, etc.) with the outside of RMP,
Control management of each function inside the MP. The reception control is a function of determining a service type and the like from the acquired PSI / SI and metadata, and selecting a decoding process in the RMP. The main functions are to select the content and metadata acquisition path from PSI / SI, and to select the content and metadata decryption processing from PSI / SI.
For example, information to be added to metadata is generated from PSI / SI.

The accumulation control is a function of controlling the operation of accumulating contents, metadata, and the like generated in the RMP in a storage medium based on metadata and profile information.
The main functions are to determine whether or not a content storage instruction (recording reservation etc.) has been issued based on the information of the entire profile, to determine whether or not the content can be stored based on the metadata information, and to store the content and metadata in the storage medium. And the like. The copy control is a function of controlling a copy request generated by a user request such as a viewing contract based on metadata information. The main function is to determine whether the content can be copied from the metadata information,
k), a copy instruction of the content (Ks), and the like.

The viewing control is a function for controlling the reproduction of the content in the RMP based on the copyright and the right information of the metadata in response to the user's viewing request. The main function is to determine whether the content is accessible to the user by comparing the copyright and right information of the metadata with the personal information of the RMP card, and to compare the copyright and right information of the metadata with the user request information. The determination includes whether the content is viewable by the user, the viewing contract processing of the content, the generation of viewing information and contract information, and the matching between the RMP and the playback application. The billing control is a function of controlling a billing process caused by a viewing contract or the like by selecting contract conditions in metadata and contract conditions selected by a user. The main functions are charging processing and generation of charging information based on contract information.

The encryption function is a function for controlling the encryption of the metadata inside the receiving terminal. The main functions are encryption of metadata and the like. The decryption function is a function for controlling decryption of content and metadata inside the RMP. The main functions are decryption of conditional access encryption and decryption of copyright protection encryption (encrypted content and encrypted metadata).

The personal authentication function is a function for performing authentication between a user, an RMP card, and a personal profile. The main functions are to insert the IC card into the receiving terminal and enter the password to authenticate the user and the RMP card, and to insert the RMP card into the receiving terminal,
The authentication of the MP card and the personal profile and the identification of the user by the password in the personal profile are performed.
The time management is a function for presenting an accurate time (to prevent a user from falsifying time information or the like) in checking an expiration date at the time of content decryption or the like. The main functions are shown below. Based on information such as TOT, time correction and unified management of the current time in the receiving terminal are performed. This eliminates the need for the user to set the date and time, and eliminates the need to provide a user interface for setting the date and time, thereby enabling the user to intentionally change the time information and protect the right regarding the time such as the expiration date. Time information itself such as TOT may be encrypted and distributed.

The viewing history control is a function for generating viewing history and preference information from viewing information stored in a personal profile. The main functions are creation of viewing history information from viewing information of the personal profile, creation of user preference information from viewing history information, and the like. The external device authentication function is a function of identifying a copyright protection level of the external device, an unauthorized device, and the like when the external device is connected for storage, copy, reproduction, and the like. The main function is authentication of the copyright protection function of the external device based on the information in the metadata.

The communication control is a function for controlling the safety of a communication path when transmitting or receiving data relating to copyright or privacy using an external line, such as collection of viewing history and collection of billing information. The main functions are line control such as RMP and modem termination, line control to ensure connection and disconnection of the line, synchronization control for synchronizing transmission and reception, and checking for data errors that may occur during data communication. Transmission control such as error control for correcting an error when it is found, and authentication processing using a public key method. The search control is a function of searching for specified data in the storage medium and reading the data into the RMP. The main functions are search, subscription,
At the time of viewing, storage of the removable medium, or the like, the target content or metadata is read into the RMP from the HDD or the removable medium.

The Plug In application authentication control is as follows.
This function authenticates the application plugged into the PDR and allows only the approved application to access the RMP. The main function is the authentication process of the Plug-in application. Metadata control is a function that controls the extraction of data required when performing various processing such as reception processing and storage processing in RMP for metadata, and storage of information generated at each processing. It is.
The main functions are to extract the information necessary for performing each processing such as storage processing, viewing contract processing, search processing, etc. from the metadata, and to extract the information generated in the reception processing, viewing processing, etc. And division of metadata.

The profile control is to manage the overall profile and the personal profile, to extract data necessary for performing each process in the RMP from the profile, and to store the generated information in the profile (for the EMM2 and the RMP).
(Including a user environment setting in the receiving terminal based on information such as an IC card). The main function is to manage contract information of individual contract and overall contract, personal ID, group ID
And the like, management of viewing history information, and management of schedules such as recording reservations. The IC card control is a function of controlling access to a CAS card and an RMP card in each process. The main function is EM
An instruction to store the information of M1 and ECM1 in the CAS card,
There is an instruction for sweeping the scramble key Ks from the card for personal use and personal authentication based on the personal information of the RMP card. What is key control?
This function controls key generation and key management inside the RMP.
The main function is control of the key table. 6. Information used by the receiving terminal (PDR)

The comprehensive data distribution service shown in the present invention uses a personal portable CA module 2 to provide a concept of an individual such as an individual viewing contract, a billing process, and a KIOSK terminal carrying the CA module 2. It is assumed that the service has a portable concept such as content purchase, payment of fee, transmission of viewing history information, and viewing of content at another receiving terminal. Therefore, there is information to be always stored in the receiving terminal and information to be carried.

Information required for the RMP processing includes metadata, an overall profile, a key table, a CAS card, an RMP card, a search table, and the like. Hereinafter, each of these pieces of information will be described. In addition to the above, PD
There is a concept of a personal profile used to set R in a personal environment, and the information is obtained every time a user inserts an RMP by obtaining necessary information from an RMP card and generating a personal profile. However, it is also possible to obtain necessary information from the RMP card at any time without preparing a personal profile. The PDR fixed information is an entire profile, a key table, a CAS card, a search table, and the like. The information portable from the PDR is an RMP card or the like.

(CAS Card (CA Card 1)) FIG.
FIG. 5 is an explanatory diagram of information that needs to be fixed to the PDR at all times. That is, FIG. 35A shows information newly added in the rights protection system of the present invention, and FIG.
The information used for conditional access in conventional digital broadcasting (BS digital broadcasting serviced in December 2000) is shown below. These are information that is fixedly stored in the receiving terminal. Thus, the CAS card is
In order to store the same information as the IC card for CAS for BS broadcasting,
Stores information related to content reception.

(RMP Card (CA Card 2)) FIG.
FIG. 6 shows an explanatory diagram of information that can be carried from the PDR. This is information stored in a portable RMP card, which is a new concept in the rights protection system of the present invention. As described above, the RMP card is prepared for each user who uses the receiving terminal, and stores personal information, viewing contract information of contracted content, and the like. When the RMP card is inserted into the receiving terminal, necessary information, such as viewing contract information of the content contracted by the group members in the group contract, described in the overall profile is written on the RMP card. Then, in order to make the receiving terminal a personal environment, the necessary information in the RMP card is
Read in MP and expand to personal profile. However, it is also possible to access the RMP card at any time to obtain information without developing the information into a personal profile.

(Metadata) Metadata in which content-related information is described is indispensable in RMP processing. The processing method for the content changes according to the copyright and the right information described in the metadata. The information described in the metadata includes information to be protected by encryption. The details of the metadata are as described above.

(Overall Profile) FIG. 37 is an explanatory diagram of main items and contents of the overall profile. PDR, which is group information that summarizes terminal information relating to the entire user who mainly uses the receiving terminal, information relating to schedules such as content storage reservation and viewing reservation, and individual information.
Setting information and the like are stored.

(Key Table / Search Table) FIG.
FIG. 3 shows an explanatory diagram of contents of a key table and a search table. As shown in FIG. 38 (A), the key table stores information on keys stored and managed in the receiving terminal. A key in it
There are three types for Kw2, Kk, and Kmc. However, since the key Kmc is common to only one or all receiving terminals, only the key itself is stored. The search table is shown in FIG.
As shown in FIG. 8B, information necessary for identifying the storage location of content and metadata in each process is stored. The outline is used as necessary due to problems such as capacity.

(Relationship between RMP Function and Information) FIG.
FIG. 3 shows an example of a relationship diagram between each function of RMP and an information area used at that time. Such a relationship does not always hold, and an exception may occur depending on each processing procedure. For example, the storage control uses metadata and the entire profile, and the viewing control uses metadata,
A personal profile and a CA card 2 (an RMP card) are used.

7. Receiving Terminal (PDR) Application Each application related to PDR will be described below. (Search Application) The search application has a function of assisting in selecting content desired to be viewed from the content stored in the storage device in storage viewing. Information about each content for performing a search process is obtained from a search table and metadata. The content information (content location, metadata location, etc.) selected by the search process is passed to the RMP, which accesses the storage device and reads the data into the RMP. Search target is HDD
It is also possible to obtain and search not only content stored in a storage medium such as, but also content information to be distributed in the future. As an example, it is also possible to obtain information distributed for EPG, search by keyword, title, genre, etc., and make a recording reservation.

(Basic Processing Procedure) FIG. 13 shows a flowchart of the basic processing from reception of content to viewing in the receiving terminal. The processing procedure includes reception processing (S1301), conditional access encryption decryption processing (S1303), storage processing (S1305), search processing (S1307), viewing contract processing (S1309), charging processing (S1311), and metadata processing (S1313). ) And content decryption processing (S1315). For each process below,
This will be described in detail.

(S1301, Reception Processing) FIG. 14 shows the processing procedure of the reception processing, and the relationship between the encryption method at the time of distribution and the encryption form at the time of accumulation. The following cases can be considered as the encryption method of the distributed data. CASE1: Conditional access system + copyright protection encryption system CASE2: Conditional reception system CASE3: Copyright protection encryption system CASE4: No encryption

When the receiving terminal receives the content,
Recognize the encryption form at the time of D accumulation and select the decryption processing procedure in each case. There are two types of encryption at the time of content storage: conditional access method storage, in which the content is stored with the conditional access method applied, copyright protection encryption, in which the content is stored with copyright protection encryption, and encryption. An unencrypted storage that is stored in an unencrypted state is considered.

(S1303, Decryption processing of conditional access encryption) FIG.
FIG. 11 shows a decryption processing procedure of the transmission line encryption. Decoding is performed according to the decoding processing procedure identified by the reception control function. The decryption processing procedure in each case of the encryption method at the time of accumulation is shown below. -Conditional reception method storage: Decryption of conditional access encryption for metadata only-Copyright protection encryption method storage: CASE1: Conditional reception encryption and decryption of both content and metadata CASE3: No processing-Storage without encryption: Both content and metadata Conditional access decryption

(S1305, Storage Processing) FIGS. 16 and 17
Shows the processing procedure of the accumulation processing. In this step, processing from decryption of the transmission path encryption to storage in the HDD is performed. The main processing procedure is shown below. -Metadata decryption 300-Metadata search, part of right information is entered in a search table 301-Key Kk is obtained from metadata 302-Metadata encryption 303

(S1307, Search Processing) FIGS. 18 and 19 show the processing procedure of the search processing. The search process is a process for selecting content to be viewed or stored in a removable medium. The search process is performed by a search application which is an application of the receiving terminal 310, and reading of data from the HDD into the RMP is performed by RMP viewing / listening control 311. The content in the HDD is searched by a user request, and the search result is presented. The content to be presented has two stages depending on the level of detail as follows. According to the information in the search table, the title of the content,
Outline information such as program outlines Detailed information such as detailed contents of programs and fees based on the information of metadata

(S1309, Viewing Contract Processing) FIG. 20 shows the processing procedure of the viewing contract processing. A viewing contract process is performed based on information input and confirmed by the user at the time of the content viewing contract. The contract information 320 of the metadata is presented to the user 320, and it is determined 321 and 322 whether the user can view the content in consideration of the access right, the viewing condition, and the like.

(S1311, Billing Process) FIG. 21 shows the procedure of the billing process. Here, charging processing is performed on the content for which the viewing contract has been made based on the contract information.
The billing information, which is the information of the billing processing result, viewing information, contract information, and viewing contract information that summarizes the billing information are stored in the entire profile 331 if necessary.

(S1313, Metadata Processing) FIG. 22 shows a processing procedure of the metadata processing. Here, after processing related to the contract, such as the viewing contract processing and charging processing, is completed, the viewing contract information that summarizes the information is entered in the metadata,
The metadata is processed. The main processing procedure is shown below. -Enter the viewing contract information in the metadata 340-Store the viewing contract information, Kk, etc. in the RMP card 341-If necessary, encrypt the inside of the RMP card with the key Km2 34
2

(S1315, Content Decoding Process) FIGS. 23 and 24 show the processing procedure of the content decoding process. Here, when viewing the content for which the viewing contract has been made, the encrypted content is decrypted. Content encryption key
Kk is stored in your personal profile. The procedure for obtaining the key Kk and decrypting the content will be described below. Decryption of metadata in HDD with personal profile key Kk generated from RMP card information 350 Determining user restriction 351 Decryption of content in HDD with personal profile Kk 3
52

(Storage in Content Key Transmission Model Using Metadata) FIG. 43 is an explanatory diagram of a processing procedure in a content key transmission method using metadata. FIG. 44 shows a flowchart of a processing procedure in the content key transmission method. Hereinafter, a processing procedure in the content key transmission method using metadata will be described. First, Ks and Kw1 and K stored in CA module 1
The BS transmission line scramble is decoded using m1 (500),
The encrypted content 401 and the encrypted metadata 451 are obtained. In this case, the encrypted metadata 451 includes the content key Kk. Next, the receiving terminal (PDR) 3
Decrypts the metadata 451 using the work key Kw2 stored in the RAM 452 in the encryption / decryption module (503, 453), and performs search processing such as search / charging information described in the metadata. The information to be used is extracted and added to the search table 410 (504). This search table 410 searches for the content 406 in the HDD 4
/ Charging information is described and used when searching. After extracting information used for search processing from the metadata and adding it to the search table, a value Kt generated or prepared in the encryption / decryption module is used as a key Kt 453 (5
06), the metadata once decrypted with Kw2 is re-encrypted 453 with Kt (507), and the metadata 4 encrypted with Kt 4
05 is generated (453). The key Kt is stored in the RAM 452 in the encryption / decryption module. This key Kt is a key generated or prepared in the encryption / decryption module every time the metadata 451 is decrypted before being stored in the HDD 4 and re-encrypted 453. After that, the encrypted content 406 encrypted with the content key Kk and the encrypted metadata 405 encrypted with the key Kt are stored as a set in the HDD 4 (50).
8). Note that a different key may be used for each metadata 414.

(Storage of Content in Removable Medium) FIG. 45 is a flowchart showing a procedure of processing for storing content in a removable medium. Below, HDD4
The processing procedure up to the storage of the content 406 stored in the removable medium 5 will be described. With reference to FIG. 43, a process of storing content in a removable medium will be described.

When a user inputs a keyword or the like, a search process 412 in the HDD 4 is performed based on the information in the search table 410 (520). From the search result, the user selects the stored content 409 (52
0). Then, the metadata 408 for the selected content 409 is copied to a work area in the receiving terminal (PDR) 3. The copied metadata 408 is decrypted 413 using the key Kt (522). Then, after confirming the contract conditions of the selected content 408, the user adds necessary information and determines 415 the accumulation (523). In response to the user's operation to determine the accumulation, the accounting process 416 is performed based on the contract conditions contracted by the user (524). The contract information of the metadata 414 is created from the contract conditions and the result of the charging process (525). Then, the metadata 414
Is separated into metadata 1 and 2 (526). Then, the value Kt ′ generated or prepared in the receiving terminal (PDR) 3 is used as a key.
Kt'418 (527). This key Kt ′ is a key that is generated or prepared in the receiving terminal (PDR) 3 every time the metadata 2 is encrypted before being stored in the removable medium 5, the HDD 4, or the like after the procedure of viewing the content 409. The metadata 2 is encrypted with the key Kt '(528) and stored in the removable medium 5 (529). Next, the key Kt ′ or information about the key is written in the metadata 1. The metadata 1 is stored in the CA module 2 101 using a secure transmission path (531), and the private key Km2 424 stored in the CA module 2 101 is stored.
(530). In this process, a private key is
The Km2 424 is input into the receiving terminal (PDR) 3, and the metadata 1 including the information on the key Kt 'or the key Kt' is encrypted using the private key Km2424 (422, 530).
After that, it is also possible to accumulate (531) in the CA module 2101. As another method, there is a case where the key Kt ′ or the metadata 1 including the information on the key Kt ′ is transmitted to the CA module 2101 via a secure transmission path and stored as it is. Metadata 41
When all the processes related to the encrypted content 4 are completed,
09 is stored in the removable medium 5 (532).
In this way, the information stored on the removable medium is metadata 24 encrypted with the key Kk 'and including the key Kk.
21, the content 427 encrypted with the key Kk.

(Content Viewing) FIG. 46 shows a flowchart of the content viewing processing procedure. FIG.
FIG. 3 shows an explanatory diagram of a flow of data of viewing after storage using metadata. In the following, referring to FIG.
The processing procedure up to viewing the content 408 stored in D4 will be described. In the HDD 4, metadata and encrypted content are recorded in a cipher including a key Kk. When the user inputs a keyword or the like, a search process 412 in the HDD 4 is performed based on the information in the search table 410 (520). From the search result, the user selects the viewing content 409 (540). Then, the metadata 408 for the selected content 409 is copied to a work area in the receiving terminal (PDR) 3.

The metadata is processed as follows. The copied metadata 408 is decrypted 413 using the key Kt (522). Then, after confirming the contract conditions of the selected content 409, the user decides to view 4
15 (541). In response to the operation of the user's viewing decision, the user confirms and bills 4 based on the contract conditions
16 is performed (524). Based on the contract conditions and the result of the charging process, contract information of metadata is created 417 (52).
5). Thereafter, the metadata 414 is separated into metadata 1 and 2 (526). Then, the value Kt ′ generated or prepared in the receiving terminal (PDR) 3 is used as the key Kt ′ (52
7). This key Kt ′ is stored in the removable medium 5 and the HD
Receiving terminal (PDR) every time encryption before storing in D4 etc.
3 is a key generated or prepared within (the key may be different for each metadata 414). Next, the metadata 2 is encrypted 419 with the key Kt '(528) and stored in the HDD (542). Next, the private key Km2 424 is transmitted to the receiving terminal (PDR) using a secure transmission path.
3 and encrypts the key Kt ′ or the metadata 1 including information on the key Kt ′ using the private key Km2 424.
After that (530), it is stored in the CA module 2 101 (531). In this process, the metadata 1 contains the key K
Fill in information about t 'or key Kt'. The metadata 1 is stored in the CA module 2 101 using a secure transmission path (531), and is encrypted 422 using the private key Km2 424 stored in the CA module 2 101 (530). As another method, the key Kt ′ or metadata 1 including information on the key Kt ′ may be transmitted to the CA module 2101 via a secure transmission path and stored as it is. On the other hand, the content is processed as follows. When all the processes related to the metadata 414 are completed, the encrypted content 409 is decrypted 426 using the content key Kk 330 (543), and the viewable content is obtained.

Next, FIG. 48 is an explanatory diagram showing the flow of data for viewing after storage on a removable medium.
This also applies to the viewing processing from the Ream bubble media 5.
Processing similar to the processing for viewing content from the HDD 4 is performed. However, here, the CA module 2 101
Metadata 1 stored in removable media 5
After confirming the agreement with the stored metadata 2 and confirming the contract conditions, the content can be viewed (decoded). The encrypted metadata 1 can be input and decrypted by inputting the private key Km2 424 into the receiving terminal 3 using a secure transmission path. Decrypted metadata
Using the key Kt 'in 1, the encrypted metadata 2 can be decrypted. The encrypted content is decrypted using the content key Kk stored in the metadata 2 and can be viewed.

8. The following describes how to view content on a terminal other than the receiving terminal for which the viewing contract has been made. Regarding the relationship between the viewing target and the movement of the contract content, when the viewing target is a contractor, there may be a case where the contract content is moved or not, and when the viewing target is a third party, there is a case where the contract content moves. . Hereinafter, each case regarding viewing will be described.

(Contractor Viewing) First, a case where a user who has made a viewing contract views contents will be described. FIG. 40 is an explanatory diagram of differences from the above-described basic processing procedure in the internal HDD storage.

Viewing Outside Contracting Terminal by Moving Contracted Content FIG. 25 is an explanatory diagram in the case of contractor viewing with movement of the contracted content. Here, the contracted content,
The case where the content is viewed outside the receiving terminal that has made the viewing contract using the RMP card and the removable medium has been described. FIG.
As in 0 (A), viewing contract processing, metadata processing, storage of removable media, and content decryption are performed.

Viewing Outside Reception Terminal without Moving Content FIG. 26 is an explanatory diagram in the case of viewing a subscriber without moving the contract content. Here, the own receiving terminal RM
A content viewing contract is made using P1, and the content itself is not moved. Only the RMP card for which the viewing contract has been made and the viewing contract information or the content key Kk stored in the RMP card are carried and moved. This shows a case where the content in another receiving terminal RMP2 is viewed. This service is effective only when the same content as the contract content is stored in the destination receiving terminal RMP2. As shown in FIG. 40B, metadata processing and content decryption are performed.

Third-Party Viewing (Gift Service) As a service for viewing a contracted content by a third party other than the contractor outside the receiving terminal, a gift service can be considered. FIG. 28 is a diagram showing the difference between the normal service and the gift service. First,
The gift contract will be described. The gift refers to giving the purchased content to a receiving terminal owned by another person. An IC card is basically owned by an individual and cannot be transferred to another person. Therefore, a system in which a removable medium and an IC card can be viewed as a set cannot be used, and a system that can be realized only by transferring the removable medium alone is required.

FIG. 41 is an explanatory diagram of the difference between the normal contract and the gift contract in the processing target. In the gift contract, the sender performs a viewing contract process, a billing process, and the like. However, the delivery is performed without performing only the owner registration process, and the RMP card that has performed the viewing procedure for the first time after the gift contract is regarded as the owner.
If the owner of the RMP card does not satisfy the right conditions of the content, an error is returned.

Next, the key management and transmission method of the gift contract will be described. FIG. 29 shows a schematic diagram of information stored in a removable medium. The key Kk of the encrypted content is written in the metadata. Since the gift service is a system that consists only of removable media, content and metadata are stored in the same removable media. Therefore, to protect the key Kk,
You need to encrypt the metadata. Since the key of the encrypted metadata cannot be transmitted as it is, the key Key
It is necessary to devise the management and transmission method of the data. Therefore,
The gift key method and the common key method will be described.

FIG. 30 shows information stored in a removable medium. First, the gift key method will be described. In the gift service, a method of not transmitting the key of the encrypted metadata or transmitting only key information related to the key is herein referred to as a gift key method. The information stored in the removable medium, such as key information, required to realize the gift key method is referred to as gift information here.

(1) Gift Key (Unique Key) Method FIG. 42 is an explanatory diagram of the types of gift keys (unique keys).
In this case, as for the gift key, all receiving terminals use the common key as RM.
It is held in P and protected by security.
Since the same gift key is stored in all receiving terminals, the key can be obtained without transmitting the key itself. A unique key common to all receiving terminals ・ Do not enter gift key information in removable media ・ Since it is a unique key common to all receiving terminals, if it can be determined to be gift-contracted content, use the receiving-side gift key Data can be decrypted Several unique keys that are common to all receiving terminals and can be used arbitrarily-Write gift key information on removable media-Removable because all receiving terminals hold the same key If the key information that can recognize the key such as the key ID is entered in the media, the metadata can be decrypted with the gift key on the receiving side. A unique key specified for each service provider and common to all receiving terminals. Enter the gift key information in the media ・ Since all receiving terminals hold the same key, removable media can recognize keys such as key IDs If the information or the service provider name or ID is entered, the metadata can be decrypted with the gift key of the receiving side.The necessary information for each of these methods is, for example, a gift key at the receiving terminal, and a Gift key information (not necessary when using a unique key common to all receiving terminals).

(2) Gift key (arbitrary key) method A key is generated based on one or a plurality of values (initial values) based on a certain algorithm. Since the key generation algorithm is the same for all receiving terminals, the key can be generated on the receiving side by transmitting the initial value of the key generation algorithm without transmitting the key itself. The necessary information in this case is, for example, a key generation algorithm in the receiving terminal, and gift key information (initial value) in the removable medium.

(3) Public key method In this format, a secret key and a public key of each receiving terminal are used to encrypt the key of the encrypted metadata by the public key encryption method of the delivery partner, and the receiving side uses its own key. Decrypt with the private key of
As a method of knowing the public key of the delivery partner, a method of accessing the key management center and knowing the public key of the delivery partner is conceivable besides a method of directly obtaining information from the delivery partner. In this case, the necessary information in the receiving terminal is a secret key, a public key, a public key of a delivery destination, a key management center access site (necessary only when the public key of the delivery partner is known from the key management center). In the center, the public keys of all receiving terminals (necessary only when the public key of the delivery partner is known from the key management center)

(4) Common key method By notifying the distribution partner to the key distribution center, a session key, which is a key dedicated to encrypting the key of the encrypted metadata, is distributed to the receiving terminal owned by the principal and the receiving terminal owned by the distribution partner. Is done. The session key distributed from the center is encrypted by a common key method using a common key of each receiving terminal or a public key method using a public key of each receiving terminal. Using the session key distributed from the center as a common key, the encryption metadata key is encrypted. The recipient decrypts with the session key. In this case, the necessary information includes, for example, a secret key * 1, a public key * 1, a common key with the center * 2, and a key management center access site in the receiving terminal. At the center, the public keys of all receiving terminals *
1, a common key * 2 of all receiving terminals. However, ※
Reference numeral 1 denotes a key required when encrypting the session key by the public key method, and * 2 denotes a key required when the session key is encrypted by the common key method.

(Group Contract Service) Basically, RM
Content viewing and billing using the P card are on an individual basis. However, a service in which a group such as a family is targeted for content viewing and charging is also conceivable. First, the characteristics of the contents of the group contract in the storage of the HDD will be described below.・ Use the group information of the whole profile ・ Enter the viewing contract information of the group contract in the whole profile ・ Use the viewing contract information written in the personal profile when viewing , Fill in the viewing agreement information in a new copy of the master metadata (default)

Next, a processing procedure (example) when the group contract contents are stored in the HDD and the group members view the contents for which the group contract has been made will be described below. S1. Insert IC card A of viewer A into PDR S2. Viewing contract by viewer A S3. Copy master metadata (default) and fill in viewing contract information in overall profile S4. Billing process based on viewing information S5. Part of metadata is stored in IC card A. S6. Insert IC card B of viewer B into PDR. S7. Necessary information such as group information contracted by group members and viewing contract information from overall profile is stored in IC card 1. Storage S8. Obtain necessary information such as viewing contract information from IC card 1 and generate personal profile S9. Viewing selection of viewing-contracted content by viewer B S10. Users who can view from group information of entire profile S11. Watch

Next, a case will be described in which contents for which a group contract has been made are stored in a removable medium, and a group member views the contents, for which the group contract has been made, outside the personally owned receiving terminal. The only change in the processing procedure when storing removable media is the change in storage location. Additional conditions and information when the storage location is changed from HDD to removable media are shown below. That is, there is no particular condition for viewing only by the person who has made the viewing contract. Also,
The conditions for viewing by group members are as follows. -It is necessary to fill in the viewing information in the removable media.-It is necessary to fill in the group members who can view in the removable media.-The master metadata (default) needs to be stored in the removable media.-The key to encrypt the above three information It is necessary to enter key information on a key common to all receiving terminals or on removable media. In this case, necessary information includes, for example,
This is a key common to the receiving terminals, and in the case of a removable medium, it is key information, viewing contract information, master metadata (default), and group information.

(Viewing Contract in Public Environment) As an example of the viewing contract being made outside the receiving terminal, there is a content purchase by a terminal in a public environment such as a KIOSK terminal. Below, KIOS
The following describes the K terminal as an example. The KIOSK terminal can be used by an unspecified user by inserting a personal IC card (RMP card (CA card 2)). The KIOSK terminal stores encrypted content that can be purchased by the user and metadata in which the key of the encrypted content is written.

FIG. 27 shows a processing flow of a viewing contract in a public environment, and the features are described below.・ Contents and metadata are distributed in advance to KIOSK terminals using satellite lines, terrestrial lines, etc. -The user inserts the IC card into the KIOSK terminal (S140
1). Search for viewing contents on the monitor of the KIOSK terminal (S1403). Make a viewing contract for the selected content (S140
5). -A media medium including an IC card and content can be purchased at an additional charge when the user obtains the bring (S1407). If purchased, the IC card becomes a temporary disposable card,
Expiration date can be set.・ KIOSK terminal sends purchase history etc. to the center using the ground line, and customer management ・ Center uses the ground line
Control the KIOSK terminal (delete contents, manage temporary IC cards, manage the number of media media, etc.). A KIOSK terminal installed in a public environment is capable of transmitting billing information, paying a fee, registering viewing contract information, etc., in addition to purchasing content. -The user views the content using an IC card and a media medium with a receiving terminal, a mobile communication device, a portable receiving device, and the like (S1409).

9. Conclusion Some of the features of the present invention are exemplified below.・ Unauthorized rewriting and reproduction of data when distributing contents to homes and storing / copying / reproducing digitally at home using communication lines such as satellites and terrestrial lines or media media such as removable media. In order to avoid infringing copyrights, the rights of service providers, copyright holders or users of copying, etc. that exceed private use, and the rights of copyright holders, broadcasters, viewers, etc. Protect and manage. -The concept of the copyright protection and rights protection processing function of the content shall be RMP (Rights Management & Protection), and the receiving terminal shall have a copyright protection and rights protection function.・ Encryption to prevent unauthorized rewriting and viewing of information for the purpose of copyright protection or rights protection of contents,
The right to restrict user access to the content by the service provider or the copyright owner, personal authentication for protecting the content viewing right by the user, and content-related information (metadata) storing copyright information or rights information, The use of digital watermarks, etc. that embed information in digital images, videos, sounds, etc.

As a content and metadata encryption method, a conditional access method used as encryption of a transmission path and a copyright protection encryption method used for the purpose of copyright protection and right protection of content and metadata are used.・ When storing and viewing, the existing broadcast is stored with the conditional access encryption applied during transmission, and is stored. The conditional access encryption is decrypted during playback. And decrypt the copyright protection code during playback. The content and metadata in the copyright protection encryption method can be encrypted by a transmission facility of a service provider or a facility of a key management center.

The key for the encryption of the content and the metadata in the above-mentioned copyright protection encryption method is managed by a key management center. In the above-mentioned copyright protection encryption method, the content is encrypted using the content key Kk with the copyright protection encryption on the transmission side, and is stored on the reception side with the same encryption method and the same key. In the above copyright protection encryption method, the content key Kk, which is a key for encrypting the content, is stored in metadata and distributed together with the content. In the above copyright protection encryption method, when the content viewing contract is over, the content key Kk is transferred to the personal portable CA.
Store in module.

In the above-mentioned copyright protection encryption method, metadata must be encrypted only for information that requires protection, and information that does not need to be protected is not encrypted. In the above copyright protection encryption method, the metadata is encrypted by the copyright protection encryption on the transmission side, and is decrypted when received by the receiving terminal to extract necessary information and the content key Kk,
It must be newly re-encrypted with the content key Kk. -Set a personal environment information area to set the receiving terminal to a personal environment when using it, and generate a personal environment information area from the personal portable CA module when each user uses the receiving terminal. Obtain the information necessary for, and create a personal environment information area. The information necessary for generating the personal environment information area, the content key Kk, the viewing contract information, and the like are stored in the personal portable CA module.

As a method of storing the information in the large-capacity storage device, the user inputs the preference information, stores the information based on the user preference as the information source of the viewing history information, or uses the EPG using the program information from the SI or metadata as the information source. There must be reserved storage or forced storage in which a service provider forcibly stores data in a large-capacity storage medium in an emergency, a specific time zone, or within a predetermined capacity.・ There are information that should always be stored in the receiving terminal and information that should be carried, and information that is used in the current conditional access system, such as group information that summarizes information of each individual as information that should always be stored. The information to be carried must be information necessary for purchasing content on KIOSK terminals, registering fee paying viewing history information, and viewing content on other receiving terminals. -By storing the viewing history information, the content key Kk, etc. in the personal portable CA module, when the same content as the content for which the viewing contract has been made is stored in another receiving terminal, the viewing contract is not made again. Must be available for viewing.

At the time of a so-called gift contract in which the viewing-contracted content is presented to a third party, the viewing-contracted content, the key information, and the viewing contract information are stored in the removable medium without passing the personal portable CA module. Etc., or encrypt the metadata key storing the content key using a common key method or a public key method, and make it possible to view using only removable media. -In the case of a so-called group contract in which the viewing contract unit and charging unit are set not in the individual unit but in the group unit, an area that summarizes the information of all the groups is set, and the viewing contract information etc. are stored there, so that all the group members can Content that has been subscribed to can be shared.

[0127]

According to the present invention, rights of contents are protected by using functions such as encryption, personal authentication, metadata, and digital watermarking. Is encrypted on the transmitting side, and the receiving side performs processing such as re-encryption and accumulates the encrypted data in the HDD, thereby protecting the right of the content. Further, according to the present invention, by storing the encryption key of the content and the metadata in the personal portable CA module after the viewing contract, the right can be protected even when viewing the content in another PDR.

[Brief description of the drawings]

FIG. 1 is an overall configuration diagram of a comprehensive data distribution service according to the present invention.

FIG. 2 is a comparison between real-time viewing and server-based viewing.

FIG. 3 is an explanatory diagram of a form of encryption of content and metadata encrypted on a transmission side.

FIG. 4 shows a method of transmitting encrypted data and a key of BS transmission line encryption.

FIG. 5 shows a method of transmitting content and metadata when transmitting the content key Kk using metadata.

FIG. 6 is a flowchart showing an encryption procedure on the transmission side.

FIG. 7 is a flowchart showing a distribution procedure on the transmission side.

FIG. 8 is a flowchart showing a procedure on the receiving side.

FIG. 9 is a basic configuration diagram of a receiving terminal.

FIG. 10 is a functional block diagram in a PDR.

FIG. 11 is a configuration diagram of an encryption process in the RMP.

FIG. 12 is a functional configuration diagram in an RMP.

FIG. 13 is a basic processing flowchart from reception of content to viewing in the receiving terminal.

FIG. 14 is an explanatory diagram of a processing procedure of a reception process, and a relationship between an encryption method at the time of distribution and an encryption mode at the time of accumulation;

FIG. 15 is a diagram showing a decryption processing procedure of the transmission line encryption.

FIG. 16 is a diagram showing a storage processing procedure (1/2).

FIG. 17 is a diagram showing an accumulation processing procedure (2/2).

FIG. 18 is a diagram showing a search processing procedure (1/2).

FIG. 19 is a diagram showing a search processing procedure (2/2).

FIG. 20 is a diagram showing a viewing contract processing procedure.

FIG. 21 is a diagram showing a billing process procedure.

FIG. 22 is a view showing a metadata processing procedure.

FIG. 23 is a diagram showing a content decryption procedure (1/2).

FIG. 24 is a diagram showing a content decryption procedure (2/2).

FIG. 25 is an explanatory diagram in the case of contractor viewing with movement of contract content.

FIG. 26 is an explanatory diagram in the case of viewing a contractor without moving the contract content.

FIG. 27 is a processing flow of a viewing contract in a public environment.

FIG. 28 is a diagram showing a difference between a normal service and a gift service.

FIG. 29 is a schematic diagram of information stored in a removable medium.

FIG. 30 shows information stored in a removable medium.

FIG. 31 is an explanatory diagram of a protection method, a purpose, and a function.

FIG. 32 is an overall configuration diagram of a comprehensive data distribution service according to the present invention.

FIG. 33 is an explanatory diagram of information necessary for the receiving terminal to determine preference.

FIG. 34 is an explanatory diagram of features of a CAS card and an RMP card.

FIG. 35 is an explanatory diagram of information that needs to be fixed to the PDR at all times.

FIG. 36 is an explanatory diagram of information that can be carried from the PDR.

FIG. 37 is an explanatory diagram of main items and contents of the entire profile.

FIG. 38 is an explanatory diagram of the contents of a key table and a search table.

FIG. 39 is a relationship diagram of each function of the RMP and an information area used at that time.

FIG. 40 is an explanatory diagram of a difference from a basic processing procedure in storage in a built-in HDD.

FIG. 41 is an explanatory diagram of the difference between the normal contract and the gift contract in the processing target.

FIG. 42 is an explanatory diagram of types of gift keys (unique keys).

FIG. 43 is an explanatory diagram of a processing procedure in a content key transmission method using metadata.

FIG. 44 is a flowchart of a processing procedure in the content key transmission method.

FIG. 45 is a flowchart of a procedure of processing for storing content in a removable medium.

FIG. 46 is a flowchart of a content viewing processing procedure.

FIG. 47 is an explanatory diagram of a flow of data for viewing after storage using metadata.

FIG. 48 is an explanatory diagram showing the flow of data for viewing after storage in a removable medium.

[Explanation of symbols]

100: receiving unit, 101: conditional access encryption descrambler, 102: HDD, 103: copyright protection encryption descrambler, 104: decoder, 110
... Content key Kk, 111 ... Kk is embedded in metadata, 112 ... Kw2, 113 ... Scramble key Ks, 120 ... Content is encrypted with Kk, 121
... Kk is stored in metadata, 122 ... Metadata is encrypted by Kw2, 123 ... Content and metadata are encoded, 124 ... TSP is encrypted by Ks, 125
... Encryption of Kw2 by Kmc and distribution by EMM, 126 ... Kw1
Is encrypted by Km1 and distributed by EMM, 127: events are distributed, 128: Ks is encrypted by Kw1 and distributed by ECM, 129
・ ・ ・ Kw1 acquisition, 130 ・ ・ ・ Ks acquisition, 131 ・ ・ ・ Event acquisition, 132 ・ ・ ・ Kw2 acquisition, 133 ・ ・ ・ Metadata decoding with Kw2, 134 ・ ・ ・ Kk acquisition from metadata, 135 ・..Encryption of metadata with Kk, 136
・ Store contents and metadata in HDD, 137 ...
Read the metadata from the HDD, 138: Decode the metadata with Kk, 139: RM a part of the metadata
Store in P card, decrypt contents with 140 ... Kk,
200: RMP, 201: CAS card, 2
02: RMP card, 210: Reception processing, 2
11 ... CAS, 212 ... RMP, 213 ...
Accessible HDD, 214 ... Inaccessible HD
D, 215: RMP, 250: Limited reception encryption descrambler, 251: HDD, 252: Copyright protection encryption descrambler, 300: Metadata
Decryption by Kw2, 301: Store metadata information in search table, 302: Obtain Kk from metadata, 30
3 ... Encryption of metadata with Kk, 310 ... Display of content information, 311 ... Reading of metadata, 3
20: contract condition display, 321: user restriction judgment, 322: user request judgment, 330 ...
-Billing process, 331: Creation of viewing contract information, 340
..Storing of viewing contract information in metadata, 341... R
Stored in the MP card, 342... If necessary, encrypt the metadata with Km2, 350...
51: Determination of user restriction, 352: Content decryption by Kk.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04N 7/167 H04N 7/08 Z 7/167 Z (72) Inventor Kaoru Konishi Kanda Surugadai, Chiyoda-ku, Tokyo 6-chome F-term (Ref.) 5C053 FA13 FA23 GB01 HA40 KA04 KA05 KA21 KA24 LA06 LA15 5C063 AA01 AB03 AB07 AC01 CA23 CA29 CA36 DA07 DA13 5C064 CA14 CC02 CC04 5J104 AA01 AA12A EA01 EA04 EA17 JA03 MA06 NA03 NA35 NA37 PA05

Claims (12)

[Claims] 1. A received scramble key (Ks) is decrypted using a second private key (Km1) stored in a first module in a receiver, and is encrypted using the scramble key (Ks). A conditional access step of generating an event including content and encrypted metadata; and a copyright protection encryption step for protecting the content and the metadata, wherein the copyright protection encryption step includes a second module or key. Using the first personal key (Km2) recorded in the management center to decrypt the received first encrypted work key (Kw2 ') to generate a first work key (Kw2); Decrypting the encrypted metadata using the encrypted first work key (Kw2) and obtaining a first content key (Kk) included therein; and converting the metadata with the content key (Kk). Encrypting and encrypting metadata Storing encrypted data and encrypted content on a recording medium, reading encrypted metadata from the recording medium and decrypting the content with a content key (Kk), and storing a part of the metadata in a second module. A rights protection method, comprising the steps of: decrypting encrypted content using the obtained first content key (Kk) to generate content. 2. When viewing is selected, a viewing contract process for judging whether the information of the second module satisfies the viewing conditions, a metadata process for storing metadata on a recording medium, and a personal profile 2. The rights protection method according to claim 1, further comprising a contents decrypting process of reading the contracted contents from the recording medium using the information. 3. A storage contract process for determining whether information of the second module satisfies a storage condition when storage is selected, a metadata process for storing metadata in a removable medium, and an encrypted content. 2. A removable media storage process of storing the content in a removable medium, and a content decrypting process of writing information of the second module into a guest profile and reading contracted content from the removable content using the information of the guest profile. Or the right protection method according to 2. 4. The method further includes a metadata process and a content decryption process. In the metadata process, the metadata is separated into first and second metadata, and the first metadata is encrypted with a personal key (Km2). In the second module, the second metadata is encrypted with the disposable key (Kt '), stored in the recording medium, and the contracted content is read from the recording medium using the information of the personal profile. 4. The rights protection method according to claim 1, wherein the content is decrypted according to the first and second metadata. 5. The method further includes a metadata process and a content decryption process. In the metadata process, the metadata is encrypted with a personal key (Km2) and stored in a second module. In the content decryption process, the metadata is encrypted by a second module. And writing the contracted content from the removable content using the information of the guest profile, and decrypting the content in accordance with the metadata and the content. The rights protection method described. 6. The rights protection method according to claim 1, wherein the encryption key of the contents and the metadata in the copyright protection encryption step is managed by a key management center. 7. The method according to claim 1, wherein in the copyright protection encryption step, only metadata that requires protection is encrypted, and information that does not require protection is not encrypted. Rights protection method. 8. A personal environment information area is set in advance to set the inside of the receiving terminal to a personal environment at the time of use, and each user uses the personal portable second module when the receiving terminal is used. 8. The rights protection method according to claim 1, wherein information necessary for generating a personal environment information area is obtained, and a personal environment information area is generated. 9. The information and content key (K) required for generating a personal environment information area in a personal portable second module.
The right protection method according to any one of claims 1 to 8, wherein k) and viewing contract information are stored. 10. The storing step includes storing a user's preference information as a user's preference information input and viewing history information as an information source, and using an electronic program guide using program sequence information and program information from metadata as an information source. Claims characterized by including one or a plurality of accumulation processing of reserved accumulation or forced accumulation in which a service provider forcibly accumulates in a large-capacity storage medium in an emergency or a specific time zone or within a predetermined capacity. 10. The right protection method according to any one of 1 to 9. 11. A gift contract for presenting a viewing-contracted content to a third party, using the viewing-contracted content and key information or a common key or a public key in a removable medium. The rights protection method according to any one of claims 1 to 10, wherein the stored metadata enables the viewing using only removable media. 12. In the case of a group contract for setting a viewing contract unit and a billing unit in a group unit, an area in which information of group members is put together is set, and the viewing contract information is stored therein, so that the group members can view the contract information. The right protection method according to claim 1, wherein the viewing contracted content can be viewed.